Beruflich Dokumente
Kultur Dokumente
with
reference
to
increasing
http://mpra.ub.uni-muenchen.de/28874/1/MPRA_paper_28874.pdf
http://www.cluteinstitute.com/ojs/index.php/RBIS/article/viewFile/5507/5592
http://www.revistaie.ase.ro/content/68/08%20-%20Brandas,%20Stirbu,
%20Didraga.pdf
file:///C:/Users/472008/Downloads/Tesco%20Paperf.pdf
http://globalbizresearch.org/files/gjcra_igekolapo-akanfe_odetayo-tajudeen-a19824.pdf
http://www.theguardian.com/technology/2015/feb/09/internet-of-things-securityrisks-appliances-passwords
http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5916986
http://smallbusiness.chron.com/internal-controls-accounting-information-systems66659.html
http://pubsonline.informs.org/doi/pdf/10.1287/isre.1110.0371
http://mpra.ub.uni-muenchen.de/28874/1/MPRA_paper_28874.pdf
http://wps.prenhall.com/bp_romney_ais_11/86/22157/5672322.cw/index.html
http://www.ukessays.com/essays/bus
iness/risks-and-threats-of-accounting-information-system.php
Mihalache, A. (n.d.). Risk
Infrastructure. SSRN Journal.
Analysis
of
Accounting
Information
System
Different forms of corporate activity are exposed to different to different risk so must
have specified precautionary activities.
Information systems would for examples would requires precautionary management
technologies in the form of
1. Internal control activities fraud detection activities( moderate/strong form
precautionary activity)
2. Computer based virus management
In a corporate accounting information systems context there are two primary sources
of risk and three associated sources of risk
1. Event based risk that is risk associated with particular event or a group of
events and subsidiary primary source.
2. Resource/asset based risk that is risk associated with a particular
event/activity with the possession and or use of a resource/asset or group of
resources/assets.
Secondary sources of risk associated information systems context
1. Authorised internal employee or external agent based risk risk of possible
loss that may result from either unintentional mistake/oversight or
premeditated intentional or deliberate error, theft or acts of violence.
2. Unauthorised persons based risk risk of loss that may result from possible
breaches of security or violence resulting I theft misappropriation of assets,
informations or identity.
False billing
Phishing
Financial funds fraud
Advance fees fraud
Identity theft
Cyber terrorism
Unintentional errors
deliberate errors
unintentional loss of assets
theft of assets
breaches of security
acts of violence
natural disasters
cyber terrorism
2.
3.
4.
5.
types of controls
Preventive
Corrective
Detective
Computer crime
Computer crime can be defined as
Managing cyber risks in an interconnected world Key findings from The Global State
of Information Security Survey 2015
The annual survey of more than 9,700 security, IT, and business executives found
that the total number of security incidents detected by respondents climbed to 42.8
million this year, an increase of 48% over 2013. Thats the equivalent of 117,339
incoming attacks per day, every day. Taking a longer view, our survey data shows
that the compound annual growth rate (CAGR) of detected security incidents has
increased 66% year-over-year since 2009.
Assaults on major retailers reached epic levels in the past year, resulting in the theft
of hundreds of millions of customer payment card records, a rash of litigation, and a
rush to adopt a new payment card standard in the US. In the UK, payroll information
and bank account numbers of 100,000 employees of a supermarket chain were
stolen by a company insider and published online.3
Huge heists of consumer data were also reported in South Korea, where 105 million
payment card accounts were exposed in a security breach.4 And in Verden,
Germany, city officials announced the theft of 18 million e-mail addresses,
passwords, and other information.5
We also saw increases in attacks on connected consumer devices such as baby
monitors, home thermostats, and televisions that comprise the Internet of Things,
a nascent ecosystem of devices that interconnect information, operational, and
consumer technologies. These Internet-connected devices are vulnerable to attack
because they lack fundamental security safeguards, a point verified by a recent HP
Fortify on Demand study.
HP reviewed 10 of the most commonly used connected devices and found that 70%
contain serious vulnerabilities. 13
some of the threats and risks to the firm's accounting information system are down
to both internal and external forces and also categories as natural or human
causes.In most cases these risks and threats to the accounting information system
can be attributed to internal sources and are caused by human beings and not
natural. A good example is the accidental entry of bad data by the employees. In this
instance the various members of the employees may be attributed to causing risks
of huge losses by their carelessness in entering data to the system
Find out more from UK Essays here: http://www.ukessays.com/essays/business/risksand-threats-of-accounting-information-system.php#ixzz3YT0QQgbU
The intentional entry of bad data by employees is another human nature of risks to
the accounting information system. This is attributed to fraudulent and malicious
employees who might harbor thoughts of sabotaging the accountant or to embezzle
the retail shop. This risk can be attributed to demoralized staff and would eventually
pose a challenge to the accounting systems as the accounts are bound not to
balance regardless of the inventory system being used by the electronics retail shop.
This is treated as a crime and is a form of computer fraud which calls for the
prosecution of the culprits.
Accidental destruction of data by employees is another frequent human nature type
of risk and a threat to the accounting information system. This occurs when an
employee accidental deletes or distorts data in the accounting system leading to the
complete destruction of such data hence can no longer be relied on to make
economic decisions. This could occur rarely in the electronics retail shop in the UK
because most of the staffs are well versed in the operations of the accounting
information system. This calls for continuous training of new employees every year
to make them skilled to avoid accidental destruction of data. Furthermore, the
presence of a back up data system minimizes to risks and threats posed by the
accidental destruction of data by employees.
Intentional destruction of data by employees is another threat faced by system
accountant in the electronic retail shop. This might occur rarely as it is subject to
unethical behavior and embezzlement which can be eliminated at the recruitment
process of the employees and subsequent ethical standards in the organization.
(Abu-Musa, A. A. 2003)
The unauthorized access to the data and/or system by employees is also a risk and
threat to the accounting information system. This would rarely happen in many
organizations especially the electronic retail shop. When it does it could be as a
result of insecure password systems.
The unauthorized access to the data and/or system by outsiders is the other risks of
human nature although it is attributed to external forces. This risk increases with the
use of electronic services such as e-business and electronic fund transfers and is as a
result of hackers. This risk to the accounting information system increases with the
advent of information technology.
Employees' sharing of passwords can be a source of risk and threat to the
accounting information system. This is a very common threat because over time
most employees become friends and hence would not hesitate to share passwords
with their colleagues although it is prohibited. This would increase the risks
associated with theft and improper transactions as one password can be used by
several people to access data which is restricted and could furthermore, lead to
exposure of trade secrets to rivals.
Natural disasters are also viewed as potential risks and threats to the accounting
information system. Such disasters are infrequent in occurrence but are devastating
which they do. Examples are thosecaused by fire, water, wind, power outages,
lightning and earthquakes which lead to the destruction of computer facilities.
Disasters of human origin on the other hand which can pose a risk and threat to
accounting information system include fires, floods and explosions. Furthermore,
man-made disasters could be accounted to intentional or accidental human actions.
Most of the intentional acts which are a threat to the accounting information system
are crimes ranging from fraud, theft, embezzlement, extortion, larceny to mischief.
(Wood, C. ; Banks, W. 1993)
The introduction (entry) of computer viruses to the systems is one of the most
vicious threats to the accounting information system in the present times. This risk
and threat which is caused by humans can be carried out by both internal and or
external members of an organization. This occurs as a result of hacking and the
subsequent introduction of viruses or worms which are able to interfere with the
program code of the accounting information system. Such viruses and executable
programs could be attached to e-mails and other files during the process of
electronic transactions. An example in the electronics retail shop is where a potential
customer sends an enquiry to the system with attached viruses which when opened
distorts the accounting system program hence destroying the system. This is
possible when anti-virus utility programs are not installed; are not be updated on a
regular basis to enable it detect newer viruses. This also could occur when anti-virus
software is not set to automatically scan computer files when the system is first
turned on. The employees also might not be trained well to scan any external media
they introduce to the system on their daily operations.
This essay is an example of a student's work
Disclaimer
Suppression or destruction of output is also a threat to the operations of an
accounting information system. This is whereby employees who are suspected of
corrupt mal- practices in the organization enter the system and destroyed any traces
of their illegal activity leading to the destruction of the output.
The creation of fictitious or incorrect output is another internal generated risk and
threat to the accounting information system. This would occur rarely when periodic
checks and monitoring are done. This is also as a result of unethical employees who
would want to cover up some ills or to benefit from some perceived outputs. An
example in the electronic retail store is when a line manager wants to get a pay raise
or promotion and hence create fictitious output which shows that he exceeded
targets yet in reality it is a mirage.
Theft of data or information from the accounting system is also a big threat to the
security of the accounting information system. This occurrence is rare in many
organizations but could be prone in industries with intense competition. This is
because such intense rivals would go to great lengths to steal data and information
from the rivals in order to gain a competitive edge. An example of this threat is when
the competitors of the electronic retail store employ hackers to steal accounting
information which can be employed to beat them in the electronic markets.
The presence of unauthorized copying of output is the other threat to the security of
the accounting information system. This can be used by corrupt official to carry out
insider trading as unpublished accounting information can be copied and used to
spur own trading in the company's shares.
Unauthorized document visibility of the company's information may be another
threat to the security of accounting information systems. This is often low is many
organizations due to stringent measures to control visibility. When it happens it is
characterized by display on monitors and printed papers and could threaten the
public image of an organization.
The unauthorized printing and distribution of data or information is a human nature
threat and risk to the security of the accounting information system. This is whereby
some part or all of the accounting information are printed or distributed without due
authorization resulting in such information falling on the wrong hands hence posing a
threat to the operations of the organization. For example in the case of the electrical
appliances store some junior staff might print future budget predictions wit out the
authority of his supervisor hence compromising the security of the company's
budget information.
Directing prints and distributed information to people not entitled to receive is also a
threat to the security of the accounting information system and could lead to bad
reputation as the customers and other stakeholders involved with a firm lose trust.
This is down to carelessness and lack of thoroughness by the employees and it could
involve the distribution of invoices and other confidential documents to the wrong
recipients. An example of this threat in the electronics retail store is when employees
mail invoices to the incorrect addresses leading to distribution of information to
people who are not entitled to receive.
Instances where sensitive documents are handled by non-security cleared personnel
for shredding is also a threat to the security of the accounting information system.
Although technology has reduced paper use in accounts, there are still few instances
of its use. The destruction or shredding of such paper calls for security, thus when
such documents are handled by non-security personnel is becomes a risk to the
accounting information system.
Interception of data transmissions is also a major security threat to accounting
information systems which is of a human nature and is credited to external forces to
the organization. This occurs were competitors and other criminal elements breach
the information system such that they are able to intercept data transmission before
reaching the recipients. E-mail for instance could be intercepted by hackers when
they figure out a computers IP address.
As part of the second answer of the solutions, is acknowledging that security of the
electronic information especially in the retail chain has become a critical concern for
the success of the accounting department. This calls for a concerted effort by
scholars, managers, accountants and auditors to be aware of the emerging threats
thus put in place security measures in order to keep safe the accounting information
systems. In order to safeguard proprietary and personal information is a big
challenge in today's digital technology and calls for a lot of integrity on the part of
the employees and also putting in place a secure accounting information system.
The implementation of an effective information system calls for the provision of
reasonable assurance so that the accounting information system is able to produce
relevant and reliable information to meet both internal and external reporting needs.
Whether a security system exists or not the internal control must be a top priority.
The policies and procedures should always require the maintenance of records that
accurately detail and fairly reflect transactions and the dispositions of assets; this
provide reasonable assurance that transactions are being recorded properly; also
ensure that receipts and expenditures are made only in accordance with proper
authorization; and finally provide reasonable assurance regarding the prevention or
timely detection of unauthorized acquisition, the use, or the disposition of assets that
could have a material effect on the company's financial statements.
The most crucial steps that need to be undertaken to secure the accounting system
from risks and threats is to identify, implement, and monitoring some of the basic
system requirements and custom sustainable solutions for both general and unique
security challenges are associated with unbounded electronic enterprise with a
technologically rich environment. These would mainly involve policies and
procedures related to the security of e-mail passwords and usage, installation of
antivirus and antispyware solutions, secure firewalls, authorized access, the
authentication, separation of duties, privacy, encryption, digital signatures and
certificates, non-repudiation, data integrity, storage, backup files and tapes, and
other emerging threats and technologies. More importantly, the establishment of the
right tone at the top management with respect to privacy and security, and as well
as the hiring of vigilant, ethical employees, would be essential in securing our
accounting information system against dangerous threats.
A control procedure or mechanism that can be employed to solve the risks and
threats to the accounting information of the retail electronics could be the use of
system privileges and the layers of password protection. This would cover the
network environment, the operating system for all users, together with its own flaws.
This shows that the company will be facing potential threats almost every side, such
as the abuse of power by the system personnel, frequent unauthorized personnel
carrying out operations and further illegal access outside the system.
Accounting software that needs to be put in place must have relatively
complete authority to approve and have maximum password protection, be able to
give full play to its role, allows accountants to publish information in the same time,
the better protection of the accounting system. It is essential that it does the
following: be able to protect computer equipment, to prevent designated personnel
from operating all manner of illegal computer and financial software to ensure the
security of the machine's program and data; permit the designated machine
operator to work on the operation of accounting software, the content and also
permissions, the password to in line with the strict management of operation, have
regular change of the operator's password ; the password is meant to limit the
operating authority, the operator checks the identity of a defense, be able to
manage each person's password, and ensure the security of the whole system.
(Haugen, S; Selin, R. 1999), This measure would be able to prevent any unauthorized
personnel from operating the accounting software, accounting personnel in
preventing unauthorized use of software; in order for the operator to leave machine
should prompt him to perform the appropriate accounting software command exit,
this ensures that the defense does not lose its role in the password, and will thus
give the opportunity to stay independent of personnel to operate. This process when
done in the retail company according to the actual situation of units, save on security
of the operating records, the records of the operator operating time, the operation
content, and software in the log management as compared to the process of carrying
out log audit.
If the company was to suffer from issues related to its ICT such as failure of online
payments; failure of IT services/processes or a disruption of power for any number of
reasons. There is a high risk of any of these events occurring so measures need to be
put in place to limit the financial cost it would have on a business. The Disaster
contingency and recovery planning can provide a cohesive plan of procedures to be
implemented in order to limit the impact of the hazard. It does this my minimising
the overall impact of any adverse incident and ensuring the business continues with
its daily operations to the best of its capability.
The DCRP consist of a prevention and recovery protocol. The prevention protocol
would consist of a DCM system which would retain the necessary changes in the firm
to initiate the DCRP. The disaster contingency backup procedure would maintain the
safe storage of companys assets and information.
After the event a recovery protocol would be initiated where a disaster contingency
emergency protocol designed to provide procedures and protocols to be followed
during and after an event.
In order for this to be successful the company must possess a thorough
understanding of the businesses past and future predicaments. This will help make
the DCRP more effective and limit the loss Company A makes as a result of lost
sales.