Learning objectives
To be aware of the threats to computer accounting.
To learn the controls for computer accounting.
To understand the security requirements to be incorporated in system design.
To learn about maintaining system integrity.
8 trang |
Chia sẻ: thuychi11 | Lượt xem: 438 | Lượt tải: 0
Bạn đang xem nội dung tài liệu Kế toán, kiểm toán - Accounting information systems and security, để tải tài liệu về máy bạn click vào nút DOWNLOAD ở trên
Accounting information systems and securityLearning objectivesTo be aware of the threats to computer accounting.To learn the controls for computer accounting.To understand the security requirements to be incorporated in system design.To learn about maintaining system integrity.key termsaccess controlaudit trailcheck digitcomputer fraudcomputer hackingdata validationecho checksembezzlementfraudhash total information system controlsinternal controllappingmisappropriationparity checksrisksabotageviruswormThreats (or risks) to computer accountingFraudulent manipulation(e.g. manipulation of input data, data theft)SabotageViruses and wormsFraud (e.g. transaction fraud)LappingComputer fraud(e.g. data entry fraud, program fraud, operations fraud, database management fraud)Computer hackingSystem security - internal controls in computer accountingAccounting controls:put in place to safeguard records of the organisationAdministrative controls:policies and procedures for all personnel to enhance operational efficiencySystem security - internal controls in computer accountingControls by function:preventive controls detective controls corrective controls Controls by scope:general controlsapplication controlsControl activitiesAdministrative procedures management establishes to meet internal control objectives:authorisation of transactionssegregation of dutiesadequate documentation and recordingcontrol of assets and recordschecks on performanceRisk assessmentRisk assessments are necessary to form disaster recovery plans and mitigate the majority of risksSteps in risk assessment: identify potential risk and estimate potential lossesidentify possible controls and their costsdetermine the cost-benefit effectivenessSecurity and integrity of informationAccess to systems: limited to authorised and responsible personnelSecurity of data:ensure software is properly safeguarded against unauthorised accessSecurity backupsAudit trail:allowing any transaction to be traced from source to final destination