Risks and threats of accounting information system

The field of accounting information systems ( AIS ) has witnessed many alterations in the recent yesteryear, announcing the alterations from paper-based diaries and legers to holding a strictly automated, and paperless systems. However, the migration from paper to computing machine has non been without its troubles. Advancement in engineering has been accompanied by a new security issue. This essay sheds new visible radiation on the sensed menaces to AIS security hazards. It specifically seeks to measure the type and nature of both the hazards and the security menaces to the company 's accounting information system, with respect to a systems comptroller of a big established UK based Retail Company specialising in the sale of family electrical contraptions.

( Davis, C. E. 1996 )As a system comptroller of the electrical retail store in the UK some of the menaces and hazards to the house 's accounting information system are down to both internal and external forces and besides classs as natural or human causes.In most instances these hazards and menaces to the accounting information system can be attributed to internal beginnings and are caused by human existences and non natural. A good illustration is the inadvertent entry of bad informations by the employees.

In this case the assorted members of the employees may be attributed to doing hazards of immense losingss by their sloppiness in come ining informations to the system. A instance in point which is relevant to the instance is when the clerks stationed at the sale mercantile establishments fail to capture the right monetary values while posting the sale of electronic contraptions. This is bound to be repeated on assorted occasions in the twelvemonth taking to unaccounted losingss as a consequence of girl poster.The knowing entry of bad informations by employees is another human nature of hazards to the accounting information system. This is attributed to fraudulent and malicious employees who might harbour ideas of undermining the comptroller or to defalcate the retail store.

This hazard can be attributed to demoralised staff and would finally present a challenge to the accounting systems as the histories are bound non to equilibrate regardless of the stock list system being used by the electronics retail store. This is treated as a offense and is a signifier of computing machine fraud which calls for the prosecution of the perpetrators.Accidental devastation of informations by employees is another frequent human nature type of hazard and a menace to the accounting information system. This occurs when an employee inadvertent deletes or distorts informations in the accounting system taking to the complete devastation of such informations hence can no longer be relied on to do economic determinations.

This could happen seldom in the electronics retail store in the UK because most of the staffs are good versed in the operations of the accounting information system. This calls for uninterrupted preparation of new employees every twelvemonth to do them skilled to avoid inadvertent devastation of informations. Furthermore, the presence of a back up information system minimizes to hazards and menaces posed by the inadvertent devastation of informations by employees.Intentional devastation of informations by employees is another menace faced by system comptroller in the electronic retail store.

This might happen seldom as it is capable to unethical behaviour and peculation which can be eliminated at the enlisting procedure of the employees and subsequent ethical criterions in the organisation. ( Abu-Musa, A. A. 2003 )The unauthorised entree to the informations and/or system by employees is besides a hazard and menace to the accounting information system. This would seldom go on in many organisations particularly the electronic retail store. When it does it could be as a consequence of insecure watchword systems.

The unauthorised entree to the informations and/or system by foreigners is the other hazards of human nature although it is attributed to external forces. This hazard increases with the usage of electronic services such as e-business and electronic fund transportations and is as a consequence of hackers. This hazard to the accounting information system increases with the coming of information engineering.Employees ' sharing of watchwords can be a beginning of hazard and menace to the accounting information system.

This is a really common menace because over clip most employees become friends and hence would non waver to portion watchwords with their co-workers although it is prohibited. This would increase the hazards associated with larceny and improper minutess as one watchword can be used by several people to entree informations which is restricted and could furthermore, take to exposure of trade secrets to challengers.Natural catastrophes are besides viewed as possible hazards and menaces to the accounting information system. Such catastrophes are infrequent in happening but are lay waste toing which they do.

Examples are thosecaused by fire, H2O, air current, power outages, lightning and temblors which lead to the devastation of computing machine installations.Catastrophes of human beginning on the other manus which can present a hazard and menace to accounting information system include fires, inundations and detonations. Furthermore, semisynthetic catastrophes could be accounted to intentional or inadvertent human actions. Most of the knowing Acts of the Apostless which are a menace to the accounting information system are offenses runing from fraud, larceny, peculation, extortion, theft to mischievousness. ( Wood, C. & A ; Acirc ; ; Banks, W.

1993 )The debut ( entry ) of computing machine viruses to the systems is one of the most barbarous menaces to the accounting information system in the present times. This hazard and menace which is caused by worlds can be carried out by both internal and or external members of an organisation. This occurs as a consequence of hacking and the subsequent debut of viruses or worms which are able to interfere with the plan codification of the accounting information system. Such viruses and feasible plans could be attached to electronic mails and other files during the procedure of electronic minutess. An illustration in the electronics retail store is where a possible client sends an question to the system with affiliated viruses which when opened distorts the accounting system plan hence destructing the system. This is possible when anti-virus public-service corporation plans are non installed ; are non be updated on a regular footing to enable it observe newer viruses.

This besides could happen when anti-virus package is non set to automatically scan computing machine files when the system is foremost turned on. The employees besides might non be trained good to scan any external media they introduce to the system on their day-to-day operations.Suppression or devastation of end product is besides a menace to the operations of an accounting information system. This is whereby employees who are suspected of corrupt mal- patterns in the organisation enter the system and destroyed any hints of their illegal activity taking to the devastation of the end product.

The creative activity of fabricated or wrong end product is another internal generated hazard and menace to the accounting information system. This would happen seldom when periodic cheques and monitoring are done. This is besides as a consequence of unethical employees who would desire to cover up some ailments or to profit from some perceived end products. An illustration in the electronic retail shop is when a line director wants to acquire a wage rise or publicity and hence create fabricated end product which shows that he exceeded marks yet in world it is a mirage.Larceny of informations or information from the accounting system is besides a large menace to the security of the accounting information system.

This happening is rare in many organisations but could be prone in industries with intense competition. This is because such intense challengers would travel to great lengths to steal informations and information from the challengers in order to derive a competitory border. An illustration of this menace is when the rivals of the electronic retail shop employ hackers to steal accounting information which can be employed to crush them in the electronic markets.The presence of unauthorised copying of end product is the other menace to the security of the accounting information system. This can be used by corrupt functionary to transport out insider trading as unpublished accounting information can be copied and used to spur ain trading in the company 's portions.Unauthorized document visibleness of the company 's information may be another menace to the security of accounting information systems.

This is frequently low is many organisations due to rigorous steps to command visibleness. When it happens it is characterized by show on proctors and printed documents and could endanger the public image of an organisation.The unauthorised printing and distribution of informations or information is a human nature menace and hazard to the security of the accounting information system. This is whereby some portion or all of the accounting information are printed or distributed without due mandate ensuing in such information falling on the incorrect custodies therefore presenting a menace to the operations of the organisation.

For illustration in the instance of the electrical contraptions store some junior staff might publish future budget anticipations wit out the authorization of his supervisor hence compromising the security of the company 's budget information.Directing prints and distributed information to people non entitled to have is besides a menace to the security of the accounting information system and could take to bad repute as the clients and other stakeholders involved with a house lose trust. This is down to carelessness and deficiency of thoroughness by the employees and it could affect the distribution of bills and other confidential paperss to the incorrect receivers. An illustration of this menace in the electronics retail shop is when employees mail bills to the incorrect addresses taking to distribution of information to people who are non entitled to have.

Cases where sensitive paperss are handled by non-security cleared forces for shredding is besides a menace to the security of the accounting information system. Although engineering has reduced paper usage in histories, there are still few cases of its usage. The devastation or tear uping of such paper calls for security, therefore when such paperss are handled by non-security forces is becomes a hazard to the accounting information system.Interception of informations transmittals is besides a major security menace to accounting information systems which is of a human nature and is credited to external forces to the organisation. This occurs were rivals and other condemnable elements breach the information system such that they are able to stop informations transmittal before making the receivers. Electronic mail for case could be intercepted by hackers when they figure out a computing machines IP reference.

As portion of the 2nd reply of the solutions, is admiting that security of the electronic information particularly in the retail concatenation has become a critical concern for the success of the accounting section. This calls for a conjunct attempt by bookmans, directors, comptrollers and hearers to be cognizant of the emerging menaces therefore put in topographic point security steps in order to maintain safe the accounting information systems. In order to safeguard proprietorship and personal information is a large challenge in today 's digital engineering and calls for a batch of unity on the portion of the employees and besides seting in topographic point a secure accounting information system. The execution of an effectual information system calls for the proviso of sensible confidence so that the accounting information system is able to bring forth relevant and dependable information to run into both internal and external coverage demands.Whether a security system exists or non the internal control must be a top precedence.

The policies and processs should ever necessitate the care of records that accurately detail and reasonably reflect minutess and the temperaments of assets ; this provide sensible confidence that minutess are being recorded decently ; besides guarantee that grosss and outgos are made merely in conformity with proper mandate ; and eventually supply sensible confidence sing the bar or timely sensing of unauthorised acquisition, the usage, or the temperament of assets that could hold a material consequence on the company 's fiscal statements.The most important stairss that need to be undertaken to procure the accounting system from hazards and menaces is to place, implement, and supervising some of the basic system demands and usage sustainable solutions for both general and alone security challenges are associated with boundless electronic endeavor with a technologically rich environment. These would chiefly affect policies and processs related to the security of e-mail watchwords and use, installing of antivirus and antispyware solutions, secure firewalls, authorised entree, the hallmark, separation of responsibilities, privateness, encoding, digital signatures and certifications, non-repudiation, informations unity, storage, backup files and tapes, and other emerging menaces and engineerings. More significantly, the constitution of the right tone at the top direction with regard to privateness and security, and every bit good as the hiring of vigilant, ethical employees, would be indispensable in procuring our accounting information system against unsafe menaces.

A control process or mechanism that can be employed to work out the hazards and menaces to the accounting information of the retail electronics could be the usage of system privileges and the beds of watchword protection. This would cover the web environment, the operating system for all users, together with its ain defects. This shows that the company will be confronting possible menaces about every side, such as the maltreatment of power by the system forces, frequent unauthorised forces transporting out operations and farther illegal entree outside the system.Accounting package that needs to be put in topographic point must hold & amp ; Acirc ; comparatively complete authorization to O.

K. and hold maximal watchword protection, be able to give full drama to its function, allows comptrollers to print information in the same clip, the better protection of the accounting system. It is indispensable that it does the followers: be able to protect computing machine equipment, to forestall designated forces from runing all mode of illegal computing machine and fiscal package to guarantee the security of the machine 's plan and informations ; allow the designated machine operator to work on the operation of accounting package, the content and besides permissions, the watchword to in line with the rigorous direction of operation, have regular alteration of the operator 's watchword ; the watchword is meant to restrict the operating authorization, the operator checks the individuality of a defence, be able to pull off each individual 's watchword, and guarantee the security of the whole system. ( Haugen, S ; Selin, R. 1999 ) , This step would be able to forestall any unauthorised forces from runing the accounting package, accounting forces in forestalling unauthorised usage of package ; in order for the operator to go forth machine should motivate him to execute the appropriate accounting package bid issue, this ensures that the defence does non lose its function in the watchword, and will therefore give the chance to remain independent of forces to run.

This procedure when done in the retail company harmonizing to the existent state of affairs of units, save on security of the operating records, the records of the operator operating clip, the operation content, and package in the log direction as compared to the procedure of transporting out log audit.