Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 10: Computer Controls for Organizations and Accounting Information Systems

Published byKristopher Mason Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 10: Computer Controls for Organizations and Accounting Information Systems"— Presentation transcript:

1

2 Chapter 10: Computer Controls for Organizations and Accounting Information Systems
Introduction Enterprise Level Controls General Controls for Information Technology Application Controls for Transaction Processing

3 Enterprise Level Controls
Consistent policies and procedures Management’s risk assessment process Centralized processing and controls Controls to monitor results of operations

4 Enterprise Level Controls
Controls to monitor the internal audit function, the audit committee, and self-assessment programs Period-end financial reporting process Board-approved policies that address significant business control and risk management practices

5 Risk Assessment and Security Policies

6 Integrated Security for the Organization
Physical Security Measures used to protect its facilities, resources, or proprietary data stored on physical media Logical Security Limit access to system and information to authorized individuals Administrative – Policies, procedures, standards, and guidelines.

7 Physical and Logical Security

8 General Controls for Information Technology
Access to Data, Hardware, and Software Protection of Systems and Data with Personnel Policies Protection of Systems and Data with Technology and Facilities

9 General Controls for Information Technology
IT general controls apply to all information systems Major Objectives Access to programs and data is limited to authorized users Data and systems protected from change, theft, and loss Computer programs are authorized, tested, and approved before usage

10 Access to Data, Hardware, and Software
Utilization of strong passwords 8 or more characters in length…..or longer Different types of characters Letters, numbers, symbols Biometric identification Distinctive user physical characteristics Voice patterns, fingerprints, facial patterns, retina prints

11 Security for Wireless Technology
Utilization of wireless local area networks Virtual Private Network (VPN) Allows remote access to entity resources Data Encryption Data converted into a scrambled format Converted back to meaningful format following transmission

12 Controls for Networks Control Problems Control Procedures
Electronic eavesdropping Hardware or software malfunctions Errors in data transmission Control Procedures Checkpoint control procedure Routing verification procedures Message acknowledgment procedures

13 Controls for Personal Computers
Take an inventory of personal computers Identify applications utilized by each personal computer Classify computers according to risks and exposures Enhance physical security

14 Additional Controls for Laptops

15 Personnel Policies Separation of Duties Use of Computer Accounts
Separate Accounting and Information Processing from Other Subsystems Separate Responsibilities within IT Environment Use of Computer Accounts Each employee has password protected account Biometric identification

16 Separation of Duties

17 Division of Responsibility in IT Environment

18 Division of Responsibility in IT Environment

19 Personnel Policies Identifying Suspicious Behavior
Protect against fraudulent employee actions Observation of suspicious behavior Highest percentage of fraud involved employees in the accounting department Must safeguard files from intentional and unintentional errors

20 Safeguarding Computer Files

21 File Security Controls

22 Business Continuity Planning
Definition Comprehensive approach to ensuring normal operations despite interruptions Components Disaster Recovery Fault Tolerant Systems Backup

23 Disaster Recovery Definition Summary of Types of Sites
Process and procedures Following disruptive event Summary of Types of Sites Hot Site Flying-Start Site Cold Site

24 Fault Tolerant Systems
Definition Used to deal with computer errors Ensure functional system with accurate and complete data (redundancy) Major Approaches Consensus-based protocols Watchdog processor Utilize disk mirroring or rollback processing

25 Backup Batch processing Types of Backups
Risk of losing data before, during, and after processing Grandfather-parent-child procedure Types of Backups Hot backup Cold Backup Electronic Vaulting

26 Computer Facility Controls
Locate Data Processing Centers in Safe Places Protect from the public Protect from natural disasters (flood, earthquake) Limit Employee Access Security Badges (color-coded with pictures) Man Trap Buy Insurance

27 Study Break #1 A _______ is a comprehensive plan that helps protect the enterprise from internal and external threats. Firewall Security policy Risk assessment VPN

28 Study Break #3 Fault-tolerant systems are designed to tolerate computer errors and are built on the concept of _________. Redundancy COBIT COSO Integrated security

29 Application Controls for Transaction Processing
Purpose Embedded in business process applications Prevent, detect, and correct errors and irregularities Application Controls Input Controls Processing Controls Output Controls

30 Application Controls for Transaction Processing

31 Input Controls Purpose Categories Ensure validity Ensure accuracy
Ensure completeness Categories Observation, recording, and transcription of data Edit tests Additional input controls

32 Observation, Recording, and Transcription of Data
Confirmation mechanism Dual observation Point-of-sale devices (POS) Preprinted recording forms

33 Preprinted Recording Form

34 Edit Tests Input Validation Routines (Edit Programs) Edit Tests
Programs or subroutines Check validity and accuracy of input data Edit Tests Examine selected fields of input data Rejects data not meeting preestablished standards of quality

35 Edit Tests

36 Edit Tests

37 Additional Input Controls
Validity Test Transactions matched with master data files Transactions lacking a match are rejected Check-Digit Control Procedure

38 Processing Controls Purpose Two Types
Focus on manipulation of accounting data Contribute to a good audit trail Two Types Control totals Data manipulation controls

39 Audit Trail

40 Control Totals Common Processing Control Procedures
Batch control total Financial control total Nonfinancial control total Record count Hash total

41 Data Manipulation Controls
Data Processing Following validation of input data Data manipulated to produce decision-useful information Processing Control Procedures Software Documentation Error-Testing Compiler Utilization of Test Data

42 Output Controls Purpose Major Types Ensure validity Ensure accuracy
Ensure completeness Major Types Validating Processing Results Regulating Distribution and Use of Printed Output

43 Output Controls Validating Processing Results
Preparation of activity listings Provide detailed listings of changes to master files Regulating Distribution and Use of Printed Output Forms control Pre-numbered forms Authorized distribution list

44 Study Break #5 Organizations use ______ controls to prevent, detect, and correct errors and irregularities in transactions that are processed. Specific General Application Input

45 Triangles of Information Security
Why We Do It (Fraud) How We Prevent It

46 Fraud Triangle

47 CIA Triangle

Download ppt "Chapter 10: Computer Controls for Organizations and Accounting Information Systems"

Similar presentations

Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
General Ledger and Reporting System

General Ledger and Reporting System
Core Concepts of ACCOUNTING INFORMATION SYSTEMS Moscove, Simkin & Bagranoff John Wiley & Sons, Inc. Developed by: S. Bhattacharya, Ph.D. Florida Atlantic.

Core Concepts of ACCOUNTING INFORMATION SYSTEMS Moscove, Simkin & Bagranoff John Wiley & Sons, Inc. Developed by: S. Bhattacharya, Ph.D. Florida Atlantic.
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
การควบคุมในระบบบัญชีที่ใช้คอมพิวเตอร์

การควบคุมในระบบบัญชีที่ใช้คอมพิวเตอร์
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.

Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
Auditing Computer Systems

Auditing Computer Systems
9 - 1 Computer-Based Information Systems Control.

9 - 1 Computer-Based Information Systems Control.
The Islamic University of Gaza

The Islamic University of Gaza
Chapter 14 System Controls. A Quote “The factory of the future will have only two employees, a man and a dog. The man will be there to feed the dog. The.

Chapter 14 System Controls. A Quote “The factory of the future will have only two employees, a man and a dog. The man will be there to feed the dog. The.
THE AUDITING OF INFORMATION SYSTEMS

THE AUDITING OF INFORMATION SYSTEMS
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
1 Output Controls Ensure that system output is not lost, misdirected, or corrupted and that privacy is not violated. Exposures of this sort can cause serious.

1 Output Controls Ensure that system output is not lost, misdirected, or corrupted and that privacy is not violated. Exposures of this sort can cause serious.
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.

Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
Processing Integrity and Availability Controls

Processing Integrity and Availability Controls
Chapter 9 Computer Controls for Accounting Information Systems

Chapter 9 Computer Controls for Accounting Information Systems

Similar presentations

Ads by Google