GROUP 1

BALID, MICHELLE C.
GONZAGA, ALLEN MARIE
D.
GARCIA, AJOREI JOSHUA Y.
INOCENO, MELGREY N.

ACCOUNTING INFORMATION SYSTEM

INTERNAL CONTROL
A process that is subject to improvement.
Necessarily involves people in the
organization that requires discussion during
design, implementation and evaluation.
Designed to provide reasonable assurance. It
should not, and probably cannot, be designed
to provide absolute assurance of anything.
Provides reasonable assurance in a few
common areas, such as operations, financial
reporting and human behavior. It is here to
help ensure that no one steals from the
company and everyone follows the rules.
 PURPOSES OF INTERNAL CONTROL

Safeguarding assets

Ensuring financial statement reliability

Promoting operational efficiency

Encouraging compliance with

managements directives
IMPORTANCE OF INTERNAL CONTROL
RISKS
A part of everyday life
Brown (2001) takes a very practical view
toward the management of risk.
BROWNS TAXONOMY OF RISK

1. FINANCIAL RISK related to monetary

activities
MARKET RISK refers to changes in
companys stock prices, investment
values, and interest rates.
CREDIT RISK associated with
customers unwillingness or inability to
pay amounts owed to the organization.
LIQUIDITY RISK possibility that a
company will not have sufficient cash
and near-cash assets available to meet
BROWNS TAXONOMY OF
RISK
2. OPERATIONAL RISK concern the people, assets
and technologies used to create value for the
organizations customers
SYSTEMS RISK relates directly to IT

HUMAN ERROR RISK recognizes the possibility

that people in the organization may make

mistakes

3. HAZARD RISK directors and officers liability.

They are accused of mismanagement by
shareholders, government agencies or employees.
BROWNS TAXONOMY OF
RISK
4. STRATEGIC RISKS relates to the entitys
decision-making process at the senior
management and the board of directors level.
LEGAL AND REGULATORY RISK concerned

with the chance that those parties might

break laws that result in financial, legal, or
operational sanctions.
BUSINESS STRATEGY RISK comprises poor

decision making related to a companys

basis for competing in its market.
IMPORTANCE OF IDENTIFYING RISKS
COSOS INTERNAL CONTROL

Comprises the:
Institute of Management Accountants

(IMA)
American Institute of Certified Public

Accountant (AICPA)
American Accounting Association (AAA)

Institute of Internal Auditors (IIA)

Financial Executives Institute (FIE)

INTERRELATED COMPONENTS FOR EFFECTIVE
INTERNAL CONTROL

Control Environment
Risk Assessment
Control Activities
Information and
Communication
Monitoring
COMPUTER CRIME

With individuals becoming more than

simply computer literate and the
emergence of the Internet as a tool for
global information exchange, accounting
information systems and the information
they store and process will increasingly
fall victim to computer crime and fraud.
CARTERS TAXONOMY FOR COMPUTER
CRIMES (1995)

Target targets the system or its data. The

objective is to impact the confidentiality,
availability and integrity of data stored
Instrumentality uses the computer to further a
criminal end. The computer is used to create a
crime
Incidental the use of the computer simplifies
the criminal actions and may make the crime
more difficult to trace
Associated technological growth essentially
creates new crime targets and new ways of
reaching victims
BUSINESS RISKS AND THREATS
TO IS
Fraud any illegal act for which
knowledge of computer technology is
used to commit the offense. Also called
People Fraud

Error losses vary on where the error

originated and the time it may take to
identify and correct it

Disclosure of Confidential Information

can have major impacts on an
BUSINESS RISKS AND
THREATS TO IS
Service Interruption and Delays can
bring an organization to a standstill
Accidental Service Interruption caused
by someone shutting down the wrong
machine
Willful Neglect due to outdated
antivirus software
Malicious Service Interruption caused
by a hacker launching a denial of service
attack against an organizations Web
site
BUSINESS RISKS AND
THREATS TO IS
Intrusions main objective is to gain
access to a network or a system by
bypassing security controls or
exploiting a lack of adequate
controls
Information Theft targets the

organizations most precious asset:

information
Information Manifulation can occur

at virtually any stage of information

BUSINESS RISKS AND
THREATS TO IS
Malicious Software can take many different
forms: a virus, a worm or a Trojan horse
Denial-of-Service Attacks prevent computer
systems and networks from functioning in
accordance with their intended purpose
Web Site Defacements - a form of digital
graffiti where intruders modify pages on the
site in order to leave their mark, send a
message or mock the organization
Extortion often the result of the computer
being the object of a crime
PERPETRATORS OF COMPUTER CRIME

Script Kiddies a young, inexperienced

hacker who uses tools and scripts
written by others for the purpose of
attacking systems
Hacker refers to someone who invades
an information system for malicious
purposes
Cyber-criminals hackers driven by
financial gain
Organized Crime has expanded part of
its operations into this new era
PERPETRATORS OF COMPUTER CRIME

Corporate Spies have begun taking

advantage of this by turning to computer
intrusion techniques to gather the info
they desire
Terrorists could seriously disrupt power
grids, telecom, transportations and
others
Insiders represent the largest threat to
a companys information systems and
underlying computer infrastructure
INFORMATION SECURITY

protection of data in a system

against unauthorized disclosure,
modification, or destruction, and
protection of the computer system
itself against unauthorized use
BASIC PRINCIPLES OF INFORMATION
SECURITY

Confidentiality exists when data are

held in confidence and are protected
from unauthorized disclosure
Data integrity state that exists when
data stored in an IS are the same as
those in the source documents
Availability achieved when the required
data can be obtained within the required
time frame