The objectives of the report are to investigate the perceived threats of computerized accounting information systems (CAIS) and to discuss how the impact of these threats can be reduced. The report covers the 19 perceived threats of CAIS, preventive controls, detective controls, corrective controls and auditors’ attestation of internal controls. Examples of controls given are authentication, authorization, physical access control, host and application hardening, encryption, training, log analysis, intrusion detection system (IDS), security testing, computer emergency response team (CERT), the role of Chief Security Officer (CSO) and patch management. The types of analysis used in the report are historical and qualitative analysis.
The most important and significant findings are that the perceived threats of CAIS can generally be categorized into 19 threats and the impact of all these threats can be reduced through the application of effective and unique preventive, detective, corrective controls particular to a business organization and auditors’ attestation of internal control.
The report is written to investigate the perceived threats of computerized accounting information systems (CAIS) and to discuss how these threats can be reduced. In doing so, there are a number of limitations encountered including the lack of recent research in the area of perceived threats to CAIS and its corresponding solutions to the problems in Australia. In general, the report lists the 19 perceived threats of CAIS and the fastest growing threats among these 19 threats, covers the discussion of preventive controls, detective controls and corrective controls which includes authentication, authorization, physical access control, host and application hardening, encryption, training, log analysis, intrusion detection system (IDS), security testing, computer emergency response team (CERT), the role of Chief Security Officer (CSO), patch management and covers the discussion of auditors’ attestation of internal control.
2. The perceived threats of CAIS
Computerized accounting information systems (CAIS) have become the essential tools for conducting business as well as for bringing those in charge to account e.g. General Purpose Financial Report. Without the internet, they are already exposed to risks that may compromise the relevance and reliability of financial information, affecting the decisions made by various stakeholders. With the advent and advancement of internet, CAIS face additional threats that need to be addressed by not only auditors and IT personnel but also management and accountants (Beard & Wen 2007).
One important study in this area has identified 19 perceived threats or risks of CAIS: accidental entry of bad data by employees, intentional entry of bad data by employees, accidental destruction of data by employees, intentional destruction of data by employees, unauthorized access to the data and/or system by employees, unauthorized access to the data and/or system by outsiders, employees’ sharing passwords, natural disasters, disasters of human origin, introduction of computer viruses to the system, suppression or destruction of output, creation of fictitious or incorrect output, theft of data or information, unauthorized copying of output, unauthorized document visibility, unauthorized printing and distribution of data or information, directing prints and distributed information to people not entitled to receive, sensitive documents are handed down to non-security cleared personnel for shredding and interception of data transmission (Loch, Houston & Warkentin 1992).
Internal control can be classified according to its purpose: preventive, detective and corrective controls. Preventive control is designed to prevent security incidents from happening. Detective control is device, technique and/or procedure to detect harm and security breaches in a timely manner whereas corrective control...
References: Considine, B, Razeed, A, Lee, M, Speer, D & Collier, P 2008, Accounting Information Systems: Understanding Business Processes, 2nd edition, John Wiley & Sons, Milton, Qld, pp. 277-319.
Hall, J.A 2004, Accounting Information Systems, 4th edition, Thomson South-Western, Ohio, USA, pp. 764-852.
Jones, F.L & Rama, D.V 2006, Accounting Information Systems: A Business Process Approach, 2nd edition, Thomson South-Western, Ohio, USA, pp. 103-136.
Leung, P, Coram, P, Cooper, BJ & Richardson, P 2009, Modern Auditing & Assurance Services, 4th edition, John Wiley & Sons, Milton, Qld, pp. 314-315.
Loch, K.D, Houston, H.C & Warkentin, M.E 1992, ‘Threats to Information Systems: Today’s Reality, Yesterday’s Understanding’, MIS Quarterly, vol. 18, no. 2, pp. 173-186.
Romney, M.B & Steinbart, P.J 2006, Accounting Information Systems, 10th edition, Pearson Education Inc, New Jersey, USA, pp. 236-268.
Beard, D & Wen, H.J 2007, ‘Reducing the Threat Levels for Accounting Information Systems’, The CPA Journal, May 2007, viewed 8 April 2010, pp. 1-9, .
Please join StudyMode to read the full document