Aricle about Accounting Information System Free Essay Example from StudyTiger

|CH 8: Authentication: Process of verifying the identity of the person or device attempting to access the | |system. The objective is to ensure that only legitimate users can access the system. Three different | |credentials are PINs(password), ID badge, or biometrics.

Authorization: Process of restricting access of | |authenticated users to specific portions of the system and limiting what actions they are permitted to | |perform. Access control matrix: shows that access controls of each user or device in your company to see | |who have what privileges.Best Practice of Passwords: Must have at least 8 characters in length, must have| |multiple character types (upper-lower case, numbers, and special characters), Randomness (not be words | |found in dictionary), and changed frequently (every 30 for sensitive of 90 for most users). Physical | |Access Controls: Only have one unlocked door during business hours (none after hours), safe lock all | |devices (computers, phones, and PDA devices), and physical access controls must be cost-effective. Access | |to the wiring used in the org’s LANs needs to be restricted in order to prevent wiretapping.Firewall: | |behind the border router (connects an orgs information system to the internet), and is either a | |special-purpose hardware device or software running on a general-purpose computer.

The demiliarized is a | |seperate network that permits controlled access from the internet to selected resources, such as the | |organizarion’s e-commerce Web server. Intrusion Prevention System: Monitors patterns in the traffic flow, | |rather than only inspecting individual packets, to identify and automatically block attacks.Examining | |pattern traffic is often the only way to identify undesirable activity. Intrusion Detection System | |consists of a set of sensors and a central monitoring unit that create logs of network traffic that was | |permitted to pass the firewall and then analyze those logs for signs of attempted or successful | |intrusions.

The difference between the two is that the IPS only produces a warning alert when it detects a| |suspicious pattern of network traffic, whereas the IDS not only issues an alert but also automatically | |takes steps to stop a suspected attack.Preventive controls that deter problems before they arise. | |Effective preventive controls include hiring qualified accounting personnel; appropriately segregating | |employee duties; and effectively controlling physical access to assets, facilities, and information | |Detective controls enhance security by monitoring the effectiveness of preventive controls and detecting | |incidents in which preventive controls have been successfully circumvented. Corrective are procedures that| |correct problems that have occurred.Social Engineering: Attackers will often try to use the information | |obtained during their initial reconnaissance to trick an unsuspecting employee into granting them access. | | | | | |CH 9: Encryption: The process of transforming normal content, called plaintext, into unreadable gibberish,| |called ciphertext.

This is a type of preventive control. Public key to encryption is widely distributed | |and available to everyone. Decryption reverses this process, transforming ciphertext back into plaintext. | |Hashing: The process that takes plaintext of any length and transform it into a short code called a hash.

| |Digital Signatures: A hash of a document or file that is encrypted using the document creator’s private | |key. This provides proof about two important issues: 1. That a copy of a document or file has not been | |altered 2.Who created the original version of a digital document or file.

Digital certificate: An | |electronic document that contains an entity’s public key and certifies the identity of the owner of that | |particular public key. It is issued by certificate authority. Thus, digital certificates function like the| |digital equivalent of a driver’s license or passport. It can also be the very sign logo on certain website| |to show that this is a trusted site.

Virtual Private Networks: Encrypting information while it transverses| |the Internet creates a VPN.It provides the functionality of a privately owned secure network without the | |associated costs of leased telephone lines, satellites, and other communication equipment. Private | |communication channels, often referred to as tunnels, which are accessible only to those parties | |possessing that appropriate encryption and decryption keys. | | | |CH 10: Field Check determines whether the characters in a field are of the proper type. Sign Check | |determines whether the data in a field have the appropriate arithmetic sign.Limit Check tests a numerical| |amount against a fixed value.

Range Check tests whether a numerical amount falls between predetermined | |whether all required data items have been entered. A Completeness Check on each input record determines | |whether all required data items have been entered. Validity Check compares the ID code or account number | |in transaction data with similar data in the master file to verify that the account exists. Reasonableness| |Test determines the correctness of the logical relationship between two data items.

Batch Totals | |summarizes important values for a batch of input records. The following are three commonly used batch | |totals: 1. Financial totals sums a field that contains monetary values, such as the total dollar amount of | |all sales for a batch of sales transactions 2. Hash total sums a nonfinancial numeric field, such as the | |total of the quantity ordered field in a batch of sales transactions 3.

Record count is the number of | |records in a batch. Processing Controls: 1.File Labels ensure correct and most current file is being | |updated 2. Batch Total Recalculation compares calculated batch total after processing to input totals | |3. Cross-Footing and Zero Balance Tests compute totals using multiple methods to ensure the same results | |4. Concurrent Update locks records or fields when they are being updated so multiple users are not updating| |at the same time.

Output Controls: 1. Management Review verifies reasonableness, completeness, and if | |routed to intended individual 2.Reconciliation: All transactions and other system updates should be | |reconciled to control reports, file status/update reports, or other control mechanisms. In additions, | |general ledger accounts should be reconciled to subsidiary account totals on a regular basis. Also, | |database totals should periodically be reconciled with data maintained outside the system. (Match employee| |files in payroll to that in the HR department to see if any fake names were created.

3.Data Transmission | |Controls: Check sums is a hash of file transmitted, comparison made of hash before and after transmission. | |Parity checking is a bit added to each character transmitted, the characters can then be verified for | |accuracy. Data Backup Procedures: 1. Incremental Backup involves copying only the data items that have | |changed since the last partial backup.

This produces a set of incremental backup files, each containing | |the results of one day’s transactions 2. Differential Backup copies all changes made since the last full | |backup.Thus, each new differential backup file contains the cumulative effects of all activity since the | |last full backup. Daily differential backups take longer than incremental backups. Disaster Recovery Plan | |outlines the procedures to restore an organization’s IT functions in the event that its data center is | |destroyed by a natural disaster or act of terrorism.

Cold site is the first option, which is an empty | |building that is prewired for necessary telephone and internet access, plus a contract with one or more | |vendors to provide all necessary equipment with a specified period of time.Hot site is the second option,| |which is a facility that is not only prewired for telephone and Internet access but also contains all the | |computing and office equipment the org needs to perform its essential business activities. (shorter RTO | |time that cold site) Business Continuity Plan specifies how to resume not only IT operations, but all | |business processes, including relocation to new offices and hiring temp replacements, in the event that a | |major calamity destroys not only an org’s data center but also its main headquarters.Having a DRP and BCP| |can mean the difference between sustaining a major catastrophe and going out of business.

Cloud computing | |typically utilizes banks of redundant servers in multiple locations, thereby reducing the risk that a | |single catastrophe could result in system downtime and the loss of all data. However if the public cloud | |goes out of business, it will be difficult to retrieve any information. Change control is the formal | |process used to ensure that modifications to hardware, software or processes do not reduce system | |reliability. |CH 7: Internal Control: The process implemented to prove reasonable assurance that the following control | |objectives are achieved: 1. Safeguard assets: prevent or detect their unauthorized acquisition, use, or | |disposition.

2. Maintain records in sufficient detail to report company assets accurately and fairly | |3. Provide accurate and reliable information 4. prepare financial reports in accordance with established | |criteria 5. Promote and improve operational efficiency 6. Encourage adherence to prescribed managerial | |policies 7.

Comply with applicable laws and regulations. Internal controls perform three important | |functions: 1. Preventive controls (most important) defer problems before they arise. Examples include | |hiring qualified personnel, segregating employee duties, and controlling physical access to assets and | |information 2. Detective controls discover problems that are not prevented.

Examples include duplicate | |checking of calculations and preparing bank reconciliations and monthly trial balances 3.Corrective | |controls identify and correct problems as well as correct and recover from the resulting errors. Examples | |include maintaining backup copies of files, correcting data entry errors, and resubmitting transactions | |for subsequent processing. Segregation of duties: No one employee should be given too much responsibility | |1. Authorization:Approving transactions and decisions 2. Recording:Preparaing source documents; entering | |data into online systems; maintaining journals, ledgers, files or databases; and preparing reconciliations| |and performance reports 3.

Custody:Handling cash, tools, inventory, or fixed assets; receiving incoming | |customer checks; writing checks. SOX 2002:Designed to prevent financial statement fraud, make financial | |reports more transparent, protect investors, strengthen internal controls, and punish executives who | |perpetrate fraud 1. Created PCAOB to control the auditing profession 2. New Auditing Rules: Partners must | |rotate periodically and prohibits auditors from performing certain nonaudit services, such as information | |systems design and implementation 3.New Roles for Audit Committee: Must be part of board of directors and | |be independent, one member must be a financial expert and oversees external auditors .

The audit committee| |is responsible for financial reporting, regulatory compliance, internal control, and hiring and overseeing| |internal and external auditors4. New Rules for Management: Financial statements and disclosures are fairly | |presented, were reviewed by management, and are not misleading; the auditors were told about all material | |internal control weak-ness and fraud 5.New Internal Control Requirements: Management is responsible for | |establishing and maintaining an adequate internal control system. COBIT: consolidates control standards | |from 36 different sources into a single framework that allows 1. Management to benchmark security and | |control practices of IT environments 2.

Users to be assured that adequate IT security and control exist | |3. Auditors to substantiate their internal control opinions and to advise on IT security and control | |matters. COBIT Framework addresses: 1. Business objectives 2. IT resources 3. IT processes.

COSO - authority | |on internal controls and is incorporated into policies, rules, and regulations used to control business | |activities. Five components of the IC framework: 1. Control environment 2. Control activities 3. Risk | |assessment 4. Information and communication 5.

Monitoring. COSO Enterprise Risk Management: second control | |framework developed by COSO. It is the process the board of directors and management use to set strategy, | |identify events that may affect the entity, assess and manage risk, and provide reasonable assurance that | |the company achieves its objectives and goals. | | |CH 11: Auditing: The systematic process of obtaining and evaluating evidence regarding assertions about | |economic actions and events in order to determine how well they correspond with established criteria.

| |Internal auditing is an independent, objective assurance and consulting activity designed to add value and| |improve organizational effectiveness and efficiency, including assisting in the design and implementation | |of an AIS.Audit Process: 1. Audit Planning 2. Collection of Audit Evidence 3.

Evaluation of Audit Evidence | |4. Communication of Audit Results. Audit Plan: Why, when, how and whom. Work targeted to area with greatest| |risk: Inherent is the chance of risk in the absence of controls Control: is the risk a misstatement will | |not be caught by the internal control system Detection is the chance that a misstatement will not by | |caught by auditors or their procedures.

Collections of Audit Evidence: Review of documentation to | |understand how a particular process or internal control sytem is supposed to function; Physical | |examination of the quality and/or condition of tangible assets, such as equipment and inventory; Vouching | |for validity of a transaction by exmaining supporting document; Analytical review of relationships and | |trends among information to detect items that should be further investigated Evaluation of Audit Evidence:| |Does evidence support favorable or unfavorable conclusion?It is material (How significant is the impact | |of the evidence)? Reasonable Assurance (some risk remains that the audit conclusion is incorrect) | |Communication of Audit Conclusion: Written report summarizing audit finding and recommendations to | |management, the audit committee, the board of directors and other appropriate parties. Types of Audits: | |1. Financial examines the reliability and integrity of financial transactions, accounting records, and | |financial statements 2.Information System reviews the controls of an AIS to access compliance with | |internal control policies and procedures and effectiveness in safeguarding assets 3. Operational is | |concerned with economical and efficient use of resources and the accomplishments of established goals and | |objectives 4. Compliance determines whether entities are complying with applicable laws, regulations, | |policies and procedures.

Risk-based Audit: 1. Determine the threats (fraud and errors) facing the company. |Accidental or intentional abuse and damage to which the system is exposed 2. Identify the control | |procedures that prevent, detect, or correct the threats. These are all the controls that management has | |put into place and that auditors should review and test, to minimize the threats 3. Evaluate control | |procedures using two ways, a system review (are control procedures in place) and tests of controls (are | |existing controls working) 4.

Evaluate control weaknesses to determine their effect on the nature, timing | |or extent of auditing procedures. The minimum number of samples to be selected for IT control is only 1. | |CAATS(audit software) uses auditor-supplied specifications to generate a program that performs audit | |functions, thereby automating or simplying the audit process | | | |SA 2: Physical access controls- 1.Alternate power sources 2. Flood Management 3. Data backup 4.

Fences are | |physical barrier to deter casual trespassers5. Human Guards to watch doors etc. 6. Physical Locks 7.

Fire | |Suppression systems 8. Biometrics 9. Location of assets 10. Man traps 11. Alarm systems 12. Steel cages | |around wiring system to prevent wiretapping Logical Access Controls – 1.

firewall or screening router that | |makes pass/block decisions based upon the type of traffic, origin, and destination 2. n application that | |first authenticates a user by requiring a user ID and password before permitting the user to access the | |application 3. Authentication, Authorization | | | |Preventive Controls: Training, user access controls (authentication and authorization), physical access | |controls (locks, guards, etc. ), Network access controls (firewalls, intrusion prevention systems, etc. ), | |Device and software hardening controls (configuration options).

Detective Controls: Log analysis, | |intrusion detection system, security testing and audits, and managerial reports. Corrective Controls: | |Computer incident response teams (CIRT), Chief information security officer (CISO), and patch management. | | | | | | | | | | |

Sorry, but downloading text is forbidden on this website. If you need this or any other sample, we can send it to you via email. Please, specify your valid email address

Thank you! How about make it original at only $13.90/page?

HAVEN’T FOUND YOUR TOPIC?

Sorry, but downloading text is forbidden on this website.
If you need this or any other sample, we can send it to you via email.
Please, specify your valid email address

Thank you!
How about make it original at only $13.90/page?