Core concepts of accounting information systems 13 by simkin norman chapter 14
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (1.08 MB, 48 trang )
Prepared by Paula Funkhouser
University of Nevada, Reno
Core Concepts of Accounting Information Systems, 13th Edition
Mark G. Simkin ● Jacob M. Rose ● Carolyn S. Norman
Computer Controls
for Organizations and
Accounting
Information Systems
Chapter 14
1
Chapter 14:
Computer Controls for Organizations and
Accounting Information Systems
• Introduction
• Enterprise Level Controls
• General Controls for Information Technology
• Application Controls for Transaction Processing
2
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Enterprise Level Controls
• Consistent policies and procedures
• Management’s risk assessment process
• Centralized processing and controls
• Controls to monitor results of operations
3
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Enterprise Level Controls
• Controls to monitor the internal audit function, the audit
committee, and self-assessment programs
• Period-end financial reporting process
• Board-approved policies that address significant business
control and risk management practices
4
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Risk Assessment and Security
Policies
5
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Integrated Security
for the Organization
• Physical Security
–
Measures used to protect its facilities, resources, or proprietary data stored on physical media
• Logical Security
–
Limit access to system and information to authorized individuals
• Integrated Security
–
–
Combines physical and logical elements
Supported by comprehensive security policy
6
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Physical and Logical Security
7
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
General Controls for Information
Technology
• Access to Data, Hardware, and Software
• Protection of Systems and Data with Personnel Policies
• Protection of Systems and Data with Technology and
Facilities
8
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
General Controls for
Information Technology
• IT general controls apply to all information systems
• Major Objectives
–
Access to programs and data is limited to authorized users
–
Data and systems protected from change, theft, and loss
–
Computer programs are authorized, tested, and approved before usage
9
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Access to Data, Hardware, and
Software
• Utilization of strong passwords
–
8 or more characters in length…..or longer
–
Different types of characters
–
Letters, numbers, symbols
• Biometric identification
–
Distinctive user physical characteristics
–
Voice patterns, fingerprints, facial patterns, retina prints, body odor
10
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Security for Wireless Technology
• Utilization of wireless local area networks
• Virtual Private Network (VPN)
–
Allows remote access to entity resources
• Data Encryption
–
Data converted into a scrambled format
–
Converted back to meaningful format following transmission
11
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Data Encryption
12
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Controls for Networks
• Control Problems
–
Electronic eavesdropping
–
Hardware or software malfunctions
–
Errors in data transmission
• Control Procedures
–
Checkpoint control procedure
–
Routing verification procedures
–
Message acknowledgment procedures
13
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Controls for Personal Computers
•
•
•
•
Take an inventory of personal computers
Identify applications utilized by each personal computer
Classify computers according to risks and exposures
Enhance physical security
14
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Additional Controls for Laptops
15
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Personnel Policies to
Protect Systems and Data
• Separation of Duties
–
Separate Accounting and Information Processing from Other Subsystems
–
Separate Responsibilities within IT Environment
• Use of Computer Accounts
–
Each employee has password protected account
–
Biometric identification
16
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Separation of Duties
17
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Division of Responsibility in IT
Environment
18
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Division of Responsibility in IT
Environment
19
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Personnel Policies
• Identifying Suspicious Behavior
–
Protect against fraudulent employee actions
–
Observation of suspicious behavior
–
Highest percentage of fraud involved employees in the accounting department
–
Must safeguard files from intentional and unintentional errors
20
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Safeguarding Computer Files
21
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
File Security Controls
22
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Business Continuity Planning
• Definition
–
Comprehensive approach to ensuring normal operations despite interruptions
• Components
–
Disaster Recovery
–
Fault Tolerant Systems
–
Backup
23
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Disaster Recovery
• Definition
–
Process and procedures
–
Following disruptive event
• Summary of Types of Sites
–
Hot Site
–
Flying-Start Site
–
Cold Site
24
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Fault Tolerant Systems
• Definition
–
Used to deal with computer errors
–
Ensure functional system with accurate and complete data (redundancy)
• Major Approaches
–
Consensus-based protocols
–
Watchdog processor
–
Utilize disk mirroring or rollback processing
25
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
