Accounting information systems 12th SIMKIN and norman chapter 10
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (625.44 KB, 54 trang )
Chapter 10:
Computer Controls for Organizations and
Accounting Information Systems
Introduction
Enterprise Level Controls
General Controls for Information Technology
Application Controls for Transaction Processing
Chapter
10-1
Enterprise Level Controls
Consistent policies and procedures
Management’s risk assessment process
Centralized processing and controls
Controls to monitor results of operations
Chapter
10-2
Enterprise Level Controls
Controls to monitor the internal audit function, the audit committee, and self-assessment programs
Period-end financial reporting process
Board-approved policies that address significant business control and risk management practices
Chapter
10-3
Risk Assessment and
Security Policies
Chapter
10-4
Integrated Security for
the Organization
Physical Security
Measures used to protect its facilities, resources, or proprietary data stored on physical media
Logical Security
Limit access to system and information to authorized individuals
Integrated Security
Combines physical and logical elements
Supported by comprehensive security policy
Chapter
10-5
Physical and Logical Security
Chapter
10-6
General Controls for
Information Technology
Access to Data, Hardware, and Software
Protection of Systems and Data with Personnel Policies
Protection of Systems and Data with Technology and Facilities
Chapter
10-7
General Controls for
Information Technology
IT general controls apply to all information systems
Major Objectives
Access to programs and data is limited to authorized users
Data and systems protected from change, theft, and loss
Computer programs are authorized, tested, and approved before usage
Chapter
10-8
Access to Data, Hardware,
and Software
Utilization of strong passwords
8 or more characters in length…..or longer
Different types of characters
Letters, numbers, symbols
Biometric identification
Distinctive user physical characteristics
Voice patterns, fingerprints, facial patterns, retina prints
Chapter
10-9
Security for Wireless Technology
Utilization of wireless local area networks
Virtual Private Network (VPN)
Allows remote access to entity resources
Data Encryption
Data converted into a scrambled format
Converted back to meaningful format following transmission
Chapter
10-10
Data Encryption
Chapter
10-11
Controls for Networks
Control Problems
Electronic eavesdropping
Hardware or software malfunctions
Errors in data transmission
Control Procedures
Checkpoint control procedure
Routing verification procedures
Message acknowledgment procedures
Chapter
10-12
Controls for Personal Computers
Take an inventory of personal computers
Identify applications utilized by each personal computer
Classify computers according to risks and exposures
Enhance physical security
Chapter
10-13
Additional Controls for Laptops
Chapter
10-14
Personnel Policies
Separation of Duties
Separate Accounting and Information Processing from Other Subsystems
Separate Responsibilities within IT Environment
Use of Computer Accounts
Each employee has password protected account
Biometric identification
Chapter
10-15
Separation of Duties
Chapter
10-16
Division of Responsibility in
IT Environment
Chapter
10-17
Division of Responsibility in
IT Environment
Chapter
10-18
Personnel Policies
Identifying Suspicious Behavior
Protect against fraudulent employee actions
Observation of suspicious behavior
Highest percentage of fraud involved employees in the accounting department
Must safeguard files from intentional and unintentional errors
Chapter
10-19
Safeguarding Computer Files
Chapter
10-20
File Security Controls
Chapter
10-21
Business Continuity Planning
Definition
Comprehensive approach to ensuring normal operations despite interruptions
Components
Disaster Recovery
Fault Tolerant Systems
Backup
Chapter
10-22
Disaster Recovery
Definition
Process and procedures
Following disruptive event
Summary of Types of Sites
Hot Site
Flying-Start Site
Cold Site
Chapter
10-23
Fault Tolerant Systems
Definition
Used to deal with computer errors
Ensure functional system with accurate and complete data (redundancy)
Major Approaches
Consensus-based protocols
Watchdog processor
Utilize disk mirroring or rollback processing
Chapter
10-24
Backup
Batch processing
Risk
of losing data before, during, and after
processing
Grandfather-parent-child procedure
Types of Backups
Hot
backup
Cold Backup
Electronic Vaulting
Chapter
10-25
