Core concepts of accounting information systems 13 by simkin norman chapter 14

Norman Computer Controls for Organizations and Accounting Information Systems Chapter 14... Chapter 14: Accounting Information Systems • Introduction • Enterprise Level Controls • Gener

Trang 1

Prepared by Paula Funkhouser University of Nevada, Reno

Core Concepts of Accounting Information Systems, 13th Edition

Mark G Simkin ● Jacob M Rose ● Carolyn S Norman

Computer Controls for Organizations and

Accounting Information Systems

Chapter 14

Trang 2

Chapter 14:

Accounting Information Systems

• Introduction

• Enterprise Level Controls

• General Controls for Information Technology

• Application Controls for Transaction Processing

Trang 3

Enterprise Level Controls

• Consistent policies and procedures

• Management’s risk assessment process

• Centralized processing and controls

• Controls to monitor results of operations

Trang 4

Enterprise Level Controls

• Controls to monitor the internal audit function, the audit

committee, and self-assessment programs

• Period-end financial reporting process

• Board-approved policies that address significant business

control and risk management practices

Trang 5

Risk Assessment and Security

Policies

Trang 6

– Combines physical and logical elements

– Supported by comprehensive security policy

Trang 7

Physical and Logical Security

Trang 8

General Controls for Information Technology

• Access to Data, Hardware, and Software

• Protection of Systems and Data with Personnel Policies

• Protection of Systems and Data with Technology and

Facilities

Trang 9

General Controls for

Information Technology

• IT general controls apply to all information systems

• Major Objectives

– Access to programs and data is limited to authorized users

– Data and systems protected from change, theft, and loss

– Computer programs are authorized, tested, and approved before usage

Trang 10

Access to Data, Hardware, and

Software

• Utilization of strong passwords

– 8 or more characters in length… or longer

– Different types of characters

– Letters, numbers, symbols

• Biometric identification

– Distinctive user physical characteristics

– Voice patterns, fingerprints, facial patterns, retina prints, body odor

Trang 11

Security for Wireless Technology

• Utilization of wireless local area networks

• Virtual Private Network (VPN)

– Allows remote access to entity resources

• Data Encryption

– Data converted into a scrambled format

– Converted back to meaningful format following transmission

Trang 12

Data Encryption

Trang 13

Controls for Networks

• Control Problems

– Electronic eavesdropping

– Hardware or software malfunctions

– Errors in data transmission

• Control Procedures

– Checkpoint control procedure

– Routing verification procedures

– Message acknowledgment procedures

Trang 14

Controls for Personal Computers

• Take an inventory of personal computers

• Identify applications utilized by each personal computer

• Classify computers according to risks and exposures

• Enhance physical security

Trang 15

Additional Controls for Laptops

Trang 16

– Separate Accounting and Information Processing from Other Subsystems

– Separate Responsibilities within IT Environment

• Use of Computer Accounts

– Each employee has password protected account

– Biometric identification

Trang 17

Separation of Duties

Trang 18

Division of Responsibility in IT

Environment

Trang 19

Division of Responsibility in IT

Environment

Trang 20

Personnel Policies

• Identifying Suspicious Behavior

– Protect against fraudulent employee actions

– Observation of suspicious behavior

– Highest percentage of fraud involved employees in the accounting department

– Must safeguard files from intentional and unintentional errors

Trang 21

Safeguarding Computer Files

Trang 22

File Security Controls

Trang 23

Business Continuity Planning

Trang 24

Disaster Recovery

• Definition

– Process and procedures

– Following disruptive event

• Summary of Types of Sites

– Hot Site

– Flying-Start Site

– Cold Site

Trang 25

Fault Tolerant Systems

• Definition

– Used to deal with computer errors

– Ensure functional system with accurate and complete data (redundancy)

Trang 27

Batch Processing

Trang 28

Computer Facility Controls

• Locate Data Processing Centers in Safe Places

– Protect from the public

– Protect from natural disasters (flood, earthquake)

• Limit Employee Access

– Security Badges (color-coded with pictures)

– Man Trap

• Buy Insurance

Trang 29

A _ is a comprehensive plan that helps protect the enterprise from internal and external threats.

Trang 30

A _ site is a disaster recovery site that includes a computer system similar to the one the company regularly uses, software, and up-to-date data so the company can resume full data

processing operations within seconds or minutes.

Trang 31

Fault-tolerant systems are designed to tolerate computer errors and are built on the concept of _.

Trang 32

– Embedded in business process applications

– Prevent, detect, and correct errors and irregularities

• Application Controls

– Input Controls

– Processing Controls

– Output Controls

Trang 35

• Point-of-sale devices (POS)

• Preprinted recording forms

Trang 36

Preprinted Recording Form

Trang 37

– Examine selected fields of input data

– Rejects data not meeting preestablished standards of quality

Trang 38

Edit Tests

Trang 39

Edit Tests

Trang 40

Additional Input Controls

• Validity Test

– Transactions matched with master data files

– Transactions lacking a match are rejected

• Check-Digit Control Procedure

Trang 41

Processing Controls

• Purpose

– Focus on manipulation of accounting data

– Contribute to a good audit trail

• Two Types

– Control totals

– Data manipulation controls

Trang 42

Audit Trail

Trang 43

Control Totals

• Common Processing Control Procedures

– Batch control total

– Financial control total

– Nonfinancial control total

– Record count

– Hash total

Trang 44

Data Manipulation Controls

• Data Processing

– Following validation of input data

– Data manipulated to produce decision-useful information

• Processing Control Procedures

– Software Documentation

– Error-Testing Compiler

– Utilization of Test Data

Trang 45

– Validating Processing Results

– Regulating Distribution and Use of Printed Output

Trang 46

Output Controls

• Validating Processing Results

– Preparation of activity listings

– Provide detailed listings of changes to master files

• Regulating Distribution and Use of Printed Output

– Forms control

– Pre-numbered forms

– Authorized distribution list

Trang 47

A is a security appliance that runs behind a firewall and allows remote users to access entity resources by using wireless, handheld devices.

Trang 48

Organizations use controls to prevent, detect, and correct errors and irregularities in transactions that are processed.

Định dạng
Số trang	48
Dung lượng	2,03 MB