Chapter 10-1Chapter 10: Computer Controls for Organizations and Accounting Information Systems Introduction Enterprise Level Controls General Controls for Information Technology Applic
Trang 1Chapter 10-1
Chapter 10:
Computer Controls for Organizations and
Accounting Information Systems
Introduction
Enterprise Level Controls
General Controls for Information Technology
Application Controls for Transaction Processing
Trang 2Chapter 10-2
Enterprise Level Controls
Consistent policies and procedures
Management’s risk assessment process
Centralized processing and controls
Controls to monitor results of operations
Trang 3Chapter 10-3
Enterprise Level Controls
Controls to monitor the internal audit function, the audit committee, and self-assessment programs
Period-end financial reporting process
Board-approved policies that address significant business control and risk management practices
Trang 4Chapter 10-4
Risk Assessment and
Security Policies
Trang 5Chapter 10-5
Integrated Security for
Combines physical and logical elements
Supported by comprehensive security policy
Trang 6Chapter 10-6
Physical and Logical Security
Trang 7Chapter 10-7
General Controls for Information Technology
Access to Data, Hardware, and Software
Protection of Systems and Data with Personnel Policies
Protection of Systems and Data with Technology and Facilities
Trang 8Chapter 10-8
General Controls for Information Technology
IT general controls apply to all information systems
Major Objectives
Access to programs and data is limited to authorized users
Data and systems protected from change, theft, and loss
Computer programs are authorized, tested, and approved before usage
Trang 9Chapter 10-9
Access to Data, Hardware,
and Software
Utilization of strong passwords
8 or more characters in length… or longer
Different types of characters
Letters, numbers, symbols
Biometric identification
Distinctive user physical characteristics
Voice patterns, fingerprints, facial patterns, retina prints
Trang 10Chapter 10-10
Security for Wireless Technology
Utilization of wireless local area networks
Virtual Private Network (VPN)
Allows remote access to entity resources
Data Encryption
Data converted into a scrambled format
Converted back to meaningful format following transmission
Trang 11Chapter 10-11
Data Encryption
Trang 12Chapter 10-12
Controls for Networks
Control Problems
Electronic eavesdropping
Hardware or software malfunctions
Errors in data transmission
Control Procedures
Checkpoint control procedure
Routing verification procedures
Message acknowledgment procedures
Trang 13Chapter 10-13
Controls for Personal Computers
Take an inventory of personal computers
Identify applications utilized by each personal computer
Classify computers according to risks and exposures
Enhance physical security
Trang 14Chapter 10-14
Additional Controls for Laptops
Trang 15Chapter 10-15
Personnel Policies
Separation of Duties
Separate Accounting and Information Processing from Other Subsystems
Separate Responsibilities within IT Environment
Use of Computer Accounts
Each employee has password protected account
Biometric identification
Trang 16Chapter 10-16
Separation of Duties
Trang 17Chapter 10-17
Division of Responsibility in
IT Environment
Trang 18Chapter 10-18
Division of Responsibility in
IT Environment
Trang 19Chapter 10-19
Personnel Policies
Identifying Suspicious Behavior
Protect against fraudulent employee actions
Observation of suspicious behavior
Highest percentage of fraud involved employees in the accounting department
Must safeguard files from intentional and unintentional errors
Trang 20Chapter 10-20
Safeguarding Computer Files
Trang 21Chapter 10-21
File Security Controls
Trang 22Chapter 10-22
Business Continuity Planning
Trang 23Chapter 10-23
Disaster Recovery
Definition
Process and procedures
Following disruptive event
Summary of Types of Sites
Hot Site
Flying-Start Site
Cold Site
Trang 24Chapter 10-24
Fault Tolerant Systems
Definition
Used to deal with computer errors
Ensure functional system with accurate and complete data (redundancy)
Trang 25Chapter 10-25
Trang 26Chapter 10-26
Batch Processing
Trang 27Chapter 10-27
Computer Facility Controls
Locate Data Processing Centers in Safe Places
Protect from the public
Protect from natural disasters (flood, earthquake)
Limit Employee Access
Security Badges (color-coded with pictures)
Man Trap
Buy Insurance
Trang 28Chapter 10-28
A _ is a comprehensive plan that helps protect the
enterprise from internal and external threats.
Trang 29Chapter 10-29
A _ is a comprehensive plan that helps protect the
enterprise from internal and external threats.
Trang 30Chapter 10-30
A _ site is a disaster recovery site that includes a computer system similar to the one the company regularly uses, software, and up-to-date data so the company can resume full data
processing operations within seconds or minutes.
Trang 31Chapter 10-31
A _ site is a disaster recovery site that includes a computer system similar to the one the company regularly uses, software, and up-to-date data so the company can resume full data
processing operations within seconds or minutes.
Trang 32Chapter 10-32
Fault-tolerant systems are designed to tolerate computer errors and are built on the concept of _.
Trang 33Chapter 10-33
Fault-tolerant systems are designed to tolerate computer errors and are built on the concept of _.
Trang 34Chapter 10-34
Application Controls for Transaction Processing
Purpose
Embedded in business process applications
Prevent, detect, and correct errors and irregularities
Application Controls
Input Controls
Processing Controls
Output Controls
Trang 35Chapter 10-35
Application Controls
for Transaction Processing
Trang 36Chapter 10-36
Trang 37Chapter 10-37
Observation, Recording,
and Transcription of Data
Confirmation mechanism
Dual observation
Point-of-sale devices (POS)
Preprinted recording forms
Trang 38Chapter 10-38
Preprinted Recording Form
Trang 39Chapter 10-39
Examine selected fields of input data
Rejects data not meeting preestablished standards of quality
Trang 40Chapter 10-40
Edit Tests
Trang 41Chapter 10-41
Edit Tests
Trang 42Chapter 10-42
Additional Input Controls
Validity Test
Transactions matched with master data files
Transactions lacking a match are rejected
Check-Digit Control Procedure
Trang 43Chapter 10-43
Processing Controls
Purpose
Focus on manipulation of accounting data
Contribute to a good audit trail
Two Types
Control totals
Data manipulation controls
Trang 44Chapter 10-44
Audit Trail
Trang 45Chapter 10-45
Control Totals
Common Processing Control Procedures
Batch control total
Financial control total
Nonfinancial control total
Record count
Hash total
Trang 46Chapter 10-46
Data Manipulation Controls
Data Processing
Following validation of input data
Data manipulated to produce decision-useful information
Processing Control Procedures
Software Documentation
Error-Testing Compiler
Utilization of Test Data
Trang 47Chapter 10-47
Validating Processing Results
Regulating Distribution and Use of Printed Output
Trang 48Chapter 10-48
Output Controls
Validating Processing Results
Preparation of activity listings
Provide detailed listings of changes to master files
Regulating Distribution and Use of Printed Output
Forms control
Pre-numbered forms
Authorized distribution list
Trang 49Chapter 10-49
A is a security appliance that runs behind a firewall
and allows remote users to access entity resources by using
wireless, handheld devices.
Trang 50Chapter 10-50
A is a security appliance that runs behind a firewall
and allows remote users to access entity resources by using
wireless, handheld devices.
Trang 51Chapter 10-51
Organizations use controls to prevent, detect, and
correct errors and irregularities in transactions that are
Trang 52Chapter 10-52
Organizations use controls to prevent, detect, and
correct errors and irregularities in transactions that are
Trang 53Chapter 10-53
Copyright
Copyright 2012 John Wiley & Sons, Inc All rights reserved
Reproduction or translation of this work beyond that permitted in
Section 117 of the 1976 United States Copyright Act without the
express written permission of the copyright owner is unlawful
Request for further information should be addressed to the
Permissions Department, John Wiley & Sons, Inc The purchaser
may make backup copies for his/her own use only and not for
distribution or resale The Publisher assumes no responsibility for errors, omissions, or damages, caused by the use of these programs or from the
use of the information contained herein.
Trang 54Chapter 10-54
Chapter 10