Information Systems in Accounting and Finance - Case Study Example

of the of the 17 August Introduction A Rapid change in information technology has widespread the user friendliness in computer systems. The desire of organizations to implement state of the art computers systems to accomplish critical tasks has been an achievement. Accounting Information System is vital for all organizations. Every organization needs to maintain the AIS. Information technology has advanced enormously in recent years, accountants, auditors and academicians are only considered when they meet the same level of intelligence. They design, operate, and control the AIS. They instruct business from the prevention of a business loss. (Beard et al, 2007). A comprehensive definition is available on www.pcmag.com which states that,” The human and machine resources within an organization that are responsible for collecting and processing the daily transactions and preparing financial reports”. These systems enable organizations to achieve paperless operations of critical accounting operations. On the other hand, this technology has also created threats and security risks which need to be countered. The technology is developed and implemented faster rather than the advancement in leadership practices. It has not been combined with the similar development of the employees understanding, proficiency, attentiveness and compliance. When operating AIS, erroneous reports can be found regarding incorrect financial data, violation of internal control, theft, sabotage etc. The organizations must be fully aware of the security breaches and need to prevent them from happening. 2 Critical Evaluation of AIS Some of the gripping investigations and research is conducted in this area. The researchers conducted a research on threats of a management information system. They analyzed on microcomputers, mainframe computers and network components. They listed 12 security threats which incorporate natural disaster, a typo from an employee resulting in feeding of incorrect data, inadequate control over the media, un authorized access of the MIS from the hackers are ranked among the top security threats.(Loch et al.1992). The results claimed the experts that the biggest threats come within the organization. 2.1 The threats created within the organization due to Improper documentation of purchasing system Payments to the vendors are paid without supporting documents Purchase requisitions are missing Prices charged for some items are usually high than normal 2.2 Identification of threats related to AIS are: 2.2.1 Un Authorized system access The financial documents can be accessed by unauthorized access. This threat may occur within or outside the organization network. If the systems are vulnerable to network with no security policies or firewall protection, the files can be edited, or copied. Unauthorized system access can damage the organizations financial data in various ways. The files can be deleted or modified. 2.2.2 Choosing an inappropriate technology This problem occurs when the existing network and systems of the organization are not able to cope with the current requirements. The AIS is not able to work efficiently due to heavy traffic on the network. Old switches do not support error control. They are not compatible to transfer large files because they do not support full duplex mode of transfer. The systems utilize a lot of time to complete a task due to defective specifications. 2.2.3 Tapping into data transmission The data transmission from the AIS can be interrupted by creating another session of the same data transfer to the unknown destination. 2.2.4 Loss of data integrity This usually occurs when there is no control on access mechanism. Everyone is accessing the AIS resulting in incorrect feeding, altering, accessing of data. 2.2.5 Incomplete Transaction Incomplete transaction occurs when the AIS is out of data, incomplete, or out of context. This threat links to the incorrect feeding of data. 2.2.6 System Failure System failure involves a fault in the corruption of system software or application software due to various reasons. For software instability, viruses are the leading cause. Hardware failure also falls in the category of system failure. 2.2.7 Incompatible Systems This issue relates to the incompatibility of the system hardware or software with the organizations workstations for connecting to the AIS. 2.3 Unintentional Threats Accidents caused by human carelessness Innocent errors of omissions Misplaced or lost data Logical errors Systems that do not meet company’s requirements 2.4 Intentional Threats Sabotage Computer Fraud Embezzlement These threats occur in the organization due to an increasing number of client / server access given to inadequate users. This means that the access of workstations and server is granted to impulsive number of employees. The local area network is distributed within the organization and is tougher to monitor or control. The mechanism of communication via a wide area network is allowing the inbound workers of the organization to communicate with the outside workers. They both have access to each other’s system making confidentiality a concern. 3 Physical Network layout The biggest mistake organizations make, when designing the physical layout of the network, they expose the “mission critical” system including database, application server to the Internet. The systems are more vulnerable because they are on the same network. 4 Physical Security Physical security is an important aspect to secure critical data, applications and servers. The security breach in server may not only provide loss for one time only, but it may lead to backdoors for taking control of the critical data for years to come. A small hacking patch can be installed for communicating with the server and giving hacker privileges to stay connected. Hardware equipment for example, hard drives can be stolen from the servers resulting in a substantial loss due to “mission critical” data, upcoming policies and milestones of the organization being handed over to the competitors. 5 Control Procedures & Strategies 5.1 Internal Organizational control A comprehensive definition is available on the WWW.Wikipedia.com which states that” internal control is defined as a process effected by an organizations structure, work and authority flows, people and management information systems, designed to help the organization accomplish specific goals or objectives. It is a means by which an organizations resources are directed, monitored, and measured”. Certain controls needs to be in control when running AIS to ensure employees are completing their tasks and the system runs properly. Internal management control lays a foundation to achieve an error less environment and maintained AIS. It is the responsibility of management to maintain internal organizational control. Implementation is conducted to reduce errors; irregularities. It is personnel oriented and designed to help employees to achieve organization goals. The unintentional and intentional acts of the employees can be minimized by controlling internal management procedures. 6 Virus Prevention The prevention from viruses can be prevented by anti-virus software and firewalls. Device based anti-virus and firewalls devices provide ultimate protection against viruses and threats from the Internet. These devices require virus definition files and IOS from the Internet to update the virus engine on regular basis. This prevents the network and the AIS in a secure way. The device does not have an operating system which is more likely to be corrupted or may suffer from a hardware failure. Unauthorized access, tapping into data transmission, loss of data integrity and loss of transaction issue are controlled by implementing firewalls and device based anti-virus solutions. 7 Physical Network layout The Network layout of the organization in AIS environment must be separated. Virtual Local Area Network should be implemented to divide the flow of data from the servers and the clients within the organization. The VLAN provides better security and protection along with logical IP addresses and Gateways. The switches and routers must support VLAN functionality and features for implementation. 7.1 VLAN VLAN also knows as virtual local area networks. To understand better what is VLAN? An information definition is given on WWW.webopedia.com which says “network of computers that behave as if they are connected to the same wire even though they may actually be physically located on different segments of a LAN.” If the organizations containing large number of network nodes, the deployment of VLAN is beneficial. 8 Physical Security Physical security is a fundamental aspect to secure critical data, applications and servers. The security breach in server may not only provide loss for one time only, but it may open backdoors for taking control of the critical data for years to come. A small hacking patch can be installed on the server to stay connected with the hacker. Hardware resources for example, hard drives can be stolen from the servers resulting in a significant depletion due to mission critical data, financial data, upcoming policies reports and milestones of the organization being handed over to the competitors. 9 Prevention from" DDOS” Prevention from DDOS can be easily prevented by routers and switches which contain anti DDOS mechanism. There are various network products which prevents from TCP-based attacks, UDP-based attacks, HTTP attacks, Botnet, zombie attacks, SIP (VoIP) attacks, and DNS attacks. The IP transit router of the organization directly connects to the Internet must support anti DDOS features for handling these attacks when occurs. 10 Prevention from Physical Security Physical security is the most valuable aspect for the AIS. Alarm systems, video and audio surveillance, needs to be installed in a data center or the server room of the organization. Bio metric identification cards can provide access to the authorized staff only to enter. Physical security of network devices is also critical. A steel box serves as a protection box attached on a ceiling or a wall with a lock. 11 Backup Procedures For running a successful business in terms of AIS, Downtime of applications is not the organization wants. AIS is “mission critical” server containing all the financial data of the organization. AIS server must be equipped with a backup server. The data on each server must be mirrored to avoid issues which may arise replacing the servers on down times. The inventory would contain backup network equipment including switches and routers. 12 Conclusion By evaluating the AIS, there are numerous issues within the organization domain as well as the outside domain. The best practices are to minimize the issues within the organization initially by internal control procedures. Denial of service attacks results in a complete system failure and must be prevented to ensure the availability of the AIS. Nowadays network devices are capable enough to cope with these attacks. Other threats can be minimized by implementing adequate network design, firewalls, device based antivirus, surveillance cameras and biometric cards. Backup procedures must also be followed for backing up the financial data on a daily basis with relevant data duplication technology. References Beard, Deborah, and H. Joseph Wen. "Reducing the Threat Levels for Accounting Information Systems." CPA Journal 77.5 (2007): 34-42. Computers & Applied Sciences Complete. EBSCO. Web. 18 Aug. 2010. All, By. "AIS Definition from PC Magazine Encyclopedia." Technology Product Reviews, News, Prices & Downloads | PCMag.com | PC Magazine. Web. 18 Aug. 2010. . Mehta, Manjari, and Beena George. "Security in Todays E World." Security Models Revisited (2001). Web. 17 Aug. 2010. . Objectives, By Setting. "Internal Control." Wikipedia, the Free Encyclopedia. Web. 18 Aug. 2010. . What Is VLAN? - A Word Definition From the Webopedia Computer Dictionary."Webopedia: Online Computer Dictionary for Computer and Internet Terms and Definitions. Web. 18 Aug. 2010. Read More