Title | Threats to AIS |
---|---|
Author | Kathryn Wrightsman |
Course | Introduction to Accounting Information Systems |
Institution | Ohio State University |
Pages | 9 |
File Size | 142.8 KB |
File Type | |
Total Downloads | 18 |
Total Views | 155 |
Cynthia Turner...
11/01/2016
Threats to AIS Natural and political disasters Software errors and equipment malfunctions Unintentional acts o Greatest risk
Intentional acts (computer crimes)
Sabotage- intentional act where the intent is to destroy a system or
some of its components Cyber thieves have stolen more than1 trillion worth of intellectual property worldwide greatest transfer of wealth in history Fraud- gaining an unfair advantage over another person
1) a false statement, representation or disclosure 2) A material fact, which induces a person to act
3) 4) 5)
A intent to deceive A justifiable reliance A injury or loss suffered by the victim 5% annual revenue loss to fraud, over 2.9 trillion yearly global 85% of perpetrators have never been charged/convicted
white collar criminals- business people who commit fraud
resort to trickery or cunning involve a violation of trust or confidence
corruption- dishonest conduct by those in power that involves actions
that are illegitimate, immoral or incompatible with ethical standards bribery, bid rigging investment fraud- misrepresenting or leaving out facts in order to promote an investment that promises fantastic profits with little or no risk ponzi scheme and securities fraud
Misappropriation of assets- theft of company assets by employees Absence of internal controls or failure to enforce Fraudulent financial reporting- intentional or reckless conduct,
whether by act or omission, that results in materially misleading financial statements SAS 99- The Auditors Responsibility to Detect Fraud Understand fraud Discuss the risks of material fraudulent misstatements Obtain information
Identify, assess, and respond to risks Evaluate the results of their audit tests
Document and communicate findings
Incorporate a technology focus
The fraud triangle- pressure, an opportunity, and rationalization Pressure- persons incentive or motive for committing fraud o Employee Fraud Financial Emotional
Lifestyle o Financial Statement Fraud Management characteristics Industry conditions Financial
Opportunity- condition or situation that allows a person or organization to commit and conceal a dishonest act and convert it to personal gain . Allows perpetrator to o Commit the fraud o Conceal the fraud – keeping accounting equation in balance, etc
Lapping- stealing customer payments to cover up theft of other customers payments Check kiting-creating cash using the lag between the
time a check is deposited and the time it clears the bank o Convert the theft or misrepresentation to personal gain
Rationalization- the excuse that fraud perpetrators use to justify their o o o
illegal behavior Justification Attitude Lack of personal integrity
11/01/2016
Why threats to AIS are increasing
Information is available to an unprecedented # of workers Information on distributed networks is hard to control Customers and suppliers have access to each other’s systems and data Companies view loss of data as a distant threat Productivity and cost pressures take precedent
Threat- any potential adverse occurrence or unwanted event that could injure the AIS or the organization Exposure/impact- the potential dollar loss should a particular threat become a reality Likelihood- the probability that a threat will come to pass Internal Controls- the processes and procedures implemented to provide reasonable assurance that control objectives are met Permeates operating activities and is an integral part of
management activities Perform 3 functions Preventive control- controls that deter problems before they arise Detective controls- controls designed to discover control
problems that were not prevented Corrective controls- controls that identify and correct problems as
well as correct and recover from the resulting errors 2 categories general controls- make sure an organizations control environment is stable and well managed o security, IT infrastructure, and software acquisition,
development and maintenance controls application controls- prevent, detect, and correct transaction errors and fraud in application programs
o concerned with accuracy, completeness, validity, and authorization of the data captured/entered/processed/stored/transmitted
4 levers of control
1) belief system- help employees understand mission 2) Boundary system- help employees act ethically 3) Diagnostic control system – measures, monitors, and compares
actual company progress to budgets and performance goals 4) interactive control system- helps managers to focus subordinates attention on key strategic issues and to be more involved in their decisions Foreign Corrupt Practices Act 1977- passed to prevent companies from bribing foreign officials to obtain business. Also required all publicly owned corporations maintain a system of internal accounting controls Sarbanes Oxley Act 2002- prevent financial statement fraud, make financial reports more transparent, provide protection to investors, strengthen internal controls at public companies, and punish executives who fraud Public companies and their auditors PCAOB to control auditing profession – sets and controls auditing,
quality control, ethics, independence, and other auditing standards New rules for auditors Section 404- internal controls
Control Objectives for Information and Related Technology-
COBIT Allows management to benchmark the security and control
practices of IT environments Allows users of IT services to be assured that adequate security and
control exist Allows auditors to substantiate their internal control opinions and advise on IT security and control matters
COBIT 5 framework describes best practices for the effective
governance and management of IT 1) meeting stakeholder needs- customize business processes and procedures to create value 2) Cover the enterprise end to end – 3) Apply a single, integrated framework 4) Enable a holistic approach- effective governance and management of all IT functions in the company 5) Separating Governance from management governance- create value by optimizing the use of organizational resources to produce benefits in a manner that effectively addresses risk o evaluate stakeholder needs to identify objectives o provide management with direction by prioritizing o monitor managements performance
management- planning, building, running, and monitoring the activities and processes used to pursue the objectives established by the board of directors o Plan- align, plan organize o Build- build acquire, implement o Run- Deliver, service, support o Monitor- monitor, evaluate, and assess
COSO’s Internal control framework-accepted as the authority on
internal controls and is incorporated into policies, rules, and regulations used to control business activities Defines internal controls and provides guidance for evaluating and
enhancing internal control systems 5 components o control environment o risk assessment o control activities
o information and communication o monitoring
COSO’s Enterprise Risk Management Framework- improves risk
management process by expanding COSO’s Internal Control Each of the 8 risk and control elements applies to each of the four
objectives Objectives = strategic, operations, reporting, compliance
Risks= objective setting, event identification, risk assessement, risk response, control activities, information and communication, monitoring
Segregation of Duties – no single employee be given too much
responsibility over business transactions or processes Segregation of accounting duties- separating the accounting functions of the organization, custody, and recording to minimize an employee’s ability to commit fraud o Authorization – approving transactions/decisions o Recording- preparing source documents, entering data into computer systems, maintaining ledgers o Custody- handling cash, tools, inventory
Segregation of systems duties System administration Network management Security management Change management
Users Systems Analysis
Programming Computer Operations
Information system library Data control
11/01/2016 ...