| dc.description.abstract | This paper has aimed to analyze the contribution of internal controls and information technology to the mitigation of compliance risks of accounting information. This is a descriptive study, with qualitative approach, realized as a case study, including questionnaires and interviews operationally integrated with the frameworks of COSO and COBIT controls and with the presented theoretical foundation. The application of the survey is in the corporate environment of a public railway system. The main findings evidence the importance of information technology in a corporate environment and the mitigation of technology risk was identified as the main challenge of the organization to guarantee compliance of its information. Technology risk is directed to the necessity of upgrading the computerized system considering the corporate environment and the applicable legislation. Rework, additional controls, processes bureaucratization, and the necessity to centralize the control of the individual are reflections of the maturity of internal control and information technology in the organization. Segregation of functions appeared as an important tool of control to information compliance, and the routines, even not completely formalized, are clearly defined. It was possible to conclude that information compliance is assured by the internal controls established at the operational level of the organization because the tools, which support information technology, do not serve completely the business process. Therefore, the necessity of an integrated management of strategic and operational risks was identified in order to improve the mitigation of the compliance risks of information. | en |
