A framework for online internal controls - Essay Example

A frame work for online internal controls Summary of the article The web based tools and the internet facilitate many useful activities of a business that influence customer and suppliers relationship. Need for online control has risen to help guide online based transactions because security is of concern. Current profusion of online controls like encryption, digital certificates, digital signatures, virtual private networks has created difficulty in understanding objective of online controls. To enable auditors and accountants understand the objective and purpose of internal online control, it gets categorized on the frameworks of Committee of Sponsoring Organization (COSO). A conceptual framework becomes developed based on the objective of internal internet control, and this was useful to the managers. Transfer of data without modification while in transit becomes data integrity while data confidentiality is the inability of unauthorized persons to access data. Encryption, communication protocols, security algorithms become employed to ensure data security and confidentiality. Non-repudiation is requiring covering problems of post Facto denial. It proof that an electronic document becomes sent and received by only the intended persons. Mutual authentication of identity involves verification of identities of transacting parties. After authentication, the user and the machine get identified and get allowed computer system access. This becomes authorization (Deshmukh 4473). Online internal controls become classified on the COSO framework, and this classification is useful for accountants and auditors. The conceptual framework is logic because all its four dimensions can be achieved. Online transactions must comply with the three transaction act. Authorizations of the parties involved in a business transaction get achieved through passwords, digital signatures and certificates, virtual private networks. All these security measures have proved to be effective. These two classifications have enabled us to understand the purpose and objective of online internal control without understanding the knowledge of the technical part (Deshmukh 4474). What are the online internal controls? Based on the COSO, internal controls are a system of balances and checks that keep the business moving according to owners wish while protecting the assets of the business. Different organizations like ISACA, COSO, AICPA, have defined internal controls and its components differently. Committee of Sponsoring Organizations acknowledges the control environment as the foundation of internal control because it gets concerned with the people aspect. The control environment has elements like human resource polices and procedures, management philosophy and operating style, management commitment to ethics. All business face risk and risk management involve analyzing this risk and taking proactive actions to prevent them from happening. Security policy is the online equivalent of the control environment and risk prevention. Security policy becomes designed for the whole information system, and the process is multidisciplinary (Deshmukh 4476). To ensure that management’s directives get carried out, there are polices and procedures that become commonly referred as control activities. Online equivalent of control activities involves perimeter security, infrastructure security, and message content security. Message information security deals with message security as it travels over the internet, extranets, and intranet. Infrastructure security deals with protection of the organization IT infrastructure. Control activities become carried out through passwords, firewall, and digital certificates network ant intrusion techniques. It is the security policy of an organization that deals with information and communication issues. It delineates ways of communication such as pagers, alerts, reports. Comments regarding the article Internal controls should be monitored regularly to assure they are functioning as expected by management. Online monitoring becomes carried out by automated software tools and the human inspection and observation to some extent. The conceptual frame work for internal control becomes based on the aim of online internal control. Technical, human, legal, and audit are the four basic dimensions of internal control that have become used to forge the conceptual framework (Deshmukh 4477). Online control objectives are validity of transactions, authorization, and mutual authentication of identity, end to end data integrity, and non-repudiation, audibility, and confidentiality of transactions. Legal status of an online transaction defines the validity of a transaction. Uniform Electronic Transaction Act, Uniform Computer Information Transactions Act, and Electronic Signatures in National Global and Commerce Acts are the three primary acts that govern electronic based transactions. For the essence of proper funds management, the transaction should show auditability. This prevents fraud because the transactions become validated, properly recorded and controlled (Deshmukh 4478). . Works Cited Deshmukh, Ashutosh. "A Framework for Online Internal Controls." Association for Information Systems 31 December 2004: 7. Read More