Acc200 Accounting Information Systems For Assessment Answers

Assume you are the systems accountant of a large established retail company specialising in the sale of household electrical appliances. With specific reference to the company's accounting information system, critically evaluate the need for computer-based information systems control in such a company’s business environment and explain the Four security management control procedures that you would seek to establish and employ within the company to ensure security and correctness of the input data.

Answer

Security management controls in an Accounting Information System 

Critical Evaluation of the need for computer based information system in a retail corporation

Introduction

Accounting information system is essentially a framework that a business utilizes in order to collect, store, handle, process, recover and report financial data so that the same can be used by professional accountants, business consultants, managers, business market analyst, auditors, regulators and many other agencies. The current study elucidates in detail about the requirement of computer based information system in the retail business of household electrical appliances.

Computer based information system has several applications in the retail industry. Computer based information system can help in systematic utilization and management of technology and people for management of the overall information flow. There is a need for implementation of computer based information system in order to assimilate payment, business transaction and inventory system that in turn can enhance operations and lessen the cost by averting duplicate entries (Peppard & Ward, 2016). The system can help in tracking inventory and effectively respond to requests of the customers swiftly and subsequently improve service, expand base of the customers and augment profit. This computer based system can also help in accessing data effortlessly and recognize opportunities to enhance waste reduction, recycling materials, and selecting environment friendly packaging system (Sousa & Oz, 2014). Also, computerised information system also assists in safeguards and makes certain adherence to diverse legal limitations on product pricing, promotional activities as well as other policies.

Retail security management are normally within the reach and access of the public that in turn makes them very difficult to secure. The retail system are essentially largely dispersed and these systems connect to various networks that include in-store, as well as corporate and ever more the internet. In essence, there is need for computer based security control systems for protecting customer credit card data as well as personal identifiable information as per privacy regulations. There is also need to manage baseline configuration drift as retail systems sometimes deviate from the authorized baseline for example, introduction of novel codes, changes in configuration, specific baseline drift and many others that can weaken the security. Unlike different high value endpoints of traditional system shielded with security layers, retail systems are cery much accessible by frauds and malicious insiders. In addition to this, there are many retailers who lack the connectivity and proper maintenance. In essence, in today’s retail management there is lack of connectivity, service models as well as bandwidth that can receive different updates of malware signatures file. As such, remote retail stores also have lack of technical experts that are capable of identifying, detecting and at the same time repairing the identified problem.

Propose 1

Name of the control: Higher amount of investments in the cyber security efforts of the company and implementation of the data security standard. As such, the management of the retail firm can take into consideration implementation of the data management control as their value can prove to be useful in the upcoming period (Sousa & Oz, 2014).

Description of the control:

Organizations essentially store data as it has value and the reasons for strong the data can develop certain concerns. As the data has certain value, the same should not be made available to anyone and everyone (Sousa & Oz, 2014). Therefore, access to data needs to be controlled. Primarily due to shared nature of data, implementing access control is difficult. However, passwords and encryption can help in undertaking control.

There are many business concerns who have realised that it is essential to protect data from getting compromised. As such, this has led to 67% enhancement in cyber security expenses in the retail sector during the year 2014 to 2015 as per reports of PwC (Peppard & Ward, 2016). Basically, in association to this, the company can now think about implementing various standards as well as guidelines for securing different payment systems and at the same time regulating different third parties. In the present case, the management of the retail firm operating in electrical appliances can consider PCI data security standard. This can help in building and maintaining a secure network by installation and maintenance of firewall configuration for protecting data of card holder. This also requires non-usage of vendor supplied defaults for specific system passwords. This system also requires protecting card holder data by protecting stored data on holder of card and encrypting transmission of cardholder. Furthermore, this system requires maintenance of a vulnerability management program by using and at the same time regularly updating antivirus software or else program and developing as well as maintaining different secure payments systems and applications. In addition to this, this system also involves implementing strong measures for controlling access. Moreover, data security also requires maintenance of an information security policy that can help in addressing information security for diverse personnel (Smith & Binti Puasa, 2016). It is also important to regularly monitor and test different networks in order to check all the accesses to specific network resources as well as data on card holder.

Possibilities to AIS if the control is not done

The loss of information regarding the customers of the retailer might pose difficulties to the retailer. The failure of the management to implement the control can lead to loss of customer data that in turn can lead to breach if privacy laws. This in turn leads to fraud as well as information theft. The retailer of the household electrical appliances might consider assessment of vendor, third party partners as well as professionals as data violation can also be attributed to different third party partners (Galliers & Leidner, 2014).

Propose 2

Name of the control: The management of the retail firm can consider implementation of integrity control that involves system integrity, policy compliance as well as change control for retail systems

Description of the control:

The integrity control mechanism can help in maintenance of the integrity of the overall system of POS, specific koiosks as well as other embedded systems by means of permitting only approved code to run and only approved alterations to be made. As such, this small footprint and at the same time low overhead solution helps in delivering implement security by automatically generating a white list of approved codes on a specific embedded system (Apostolou et al., 2014). It is unlike an antivirus protection system and this whitelist helps in providing malware protection mechanisms without the need of specific updates. This system essentially carries this out by delivering protection to memory for different binaries on this particular system—irrespective of the vendor. However, once the whitelist is generated and activated, this system is thereafter locked down to specific authorized baseline. This means that no other program or else code outside the endorsed set can operate or run and ensures no unauthorized alterations can be carried out. Therefore, the rational approach is to operate both antivirus as well as whitelisting that in turn deliver layered security guard when diverse systems have plentiful resources of computing.

This control system is said to provide security from different known as well as unknown threats with protection of memory and elimination of dependence on different updates of antivirus (Worrell et al., 2013). This control measure involves controlling the software that is installed for assisting in the process of maintenance of consistent state, acquire operational effectiveness by permitting only the requisite programs to implement. Again, this control can help in reducing the entire patching frequency in order to minimize diverse outages and lessen the overall support costs. Furthermore, the compliance involves enforcement of software change policy for attainment of higher level of control, prevention of out of policy alterations for faster time to recovery and tracking file integrity for diverse compliance necessities. As such qualified security assessors help in identification of complicated implementation of white listing abilities in integrity control as a compensating control for different viruses in order to enhance security and assist in ensuring PCI conformity. This solution can deliver complementary protection for diverse retail instruments, particularly antivirus and work on white listing can help in tuning performance (Islam et al., 2017).

Possibilities to AIS if the control is not done

The computer based information system can help in providing security and non-execution of the same can lead to security threats of the retail business, increase dependence on updates of antivirus.

Propose 3:

Name of the control: The management of the retail firm can consider implementation of internal control in a computer based information system that essentially follow a structure presented in SAS 78.

Description of the control:

This system involves authorization of business transactions. The internal control in particularly a computer based system adheres to the notions presented in the SAS 78 and has different broad objectives. The internal control is expected to safeguard all the assets as well as resources of the corporation. In addition to this, the system can help in making it certain that system presents accurate as well as reliable accounting information along with records (Adenike & Michael, 2016). Furthermore, this can help in promoting efficiency in the operations of the corporation and to measure conformation with prescribed policies as well as procedures of the management.

This refers to the fact that the computer mainly authorizes different transactions by sticking to the steps that are naturally built in the programs and this can be done without any trouble if the controls over specific programs are adequate. There needs to segregation or proper classification of the duties and the concern as regards the segregation of functionalities leads to the system development procedure. Again, the tasks and operations of development of program, maintenance of program also need to be adequately separated in order to ensure that no improper and unauthorised alterations can be carried out. It is also important to carry out supervision in a CBIS setting (Bodnar & Hopwood, 2013). The difference between the manual and the computer based system is very much apparent. Essentially the paper gets reduced and the audit trail also needs to be undertaken into the mechanised system. Thereafter, controlling access is also very important as records of the business can exist.

Possibilities to AIS if the control is not done

Failure of the management to implement internal control in particularly computer based information system might possibly lead to inadequate control over financial reporting of the firm. in this connection it can be said that failure of internal control in a CBIS setting can also dorect the way towards material weaknesses (Simkin et al., 2014). Subsequently, the considerable deficiencies or else material weaknesses in the CBIS based internal control might perhaps adversely affect the overall evaluation of the management and attestation report presented by the auditors as regards the effectiveness of the internal control over financial assertions of the firm. Thus, the management of the corporation fail to generate accurate and timely financial assertions and face the need to restate the pecuniary results. As a consequence, the price of the common stock also gets negatively affected and companies fail to maintain compliance with the listing requirements of the stock exchange (Ismail & King, 2014).

Propose 4

Name of the control: The management of the firm can consider implementation of the operating system and computer centre security maintenance that can help in maintaining operating system security.

Description of the control:

Operating system control can be considered as a factor that can help in explaining the crucial role of the entire operating system and the manner in which it can get threatened. The primary objective of ensuring operating system control is to maintain operating system security. This refers to maintaining focus on access on operating system, resources that can accessed and what needful can be done. Some of the key components of the operating system control include ensuring familiarity with log in procedures along with user id as well as passwords. Thereafter, it is important to access different tokens as well as internal information that can be utilized for improvement of actions (Hassan et al., 2017). Again, access control is also very important that shows who can undertake a specific activity. In addition to this, there are also discretionary controls that provide users diverse distributed systems particular powers.

It is important to mention here that operating system is highly threatened and endangered by accident as well as intent. However, intentional threats mainly comprise of programs that are intentionally destructive. In essence, the techniques for controlling operating system requires maintaining the SAS 78 controls and implementing ways of controlling access privileges, control of passwords counting several options (Gelinas et al., 2011). In addition to this, the control mechanism also includes controlling malicious as well as destructive programs.

Again, the management of the firm can consider implementation of the computer center controls that are necessarily preventive in nature and includes planning for disaster recovery that is generally corrective. Essentially, the planning for recovery also needs to happen before the occurrence of the disaster. As such, several approaches towards planning for disaster can be presented and tested beforehand. In this regard, it is important to pay attention to identification of diverse critical applications. This system is supposed to assist the corporation to meet their objectives (Hall, 2012).

Possibilities to AIS if the control is not done

Failure of the management to implement operating system control might lead to failure of audit trail controls. In addition to this, the management might fail to understand various trail objectives, face difficulty in implementing audit trails and tolerance controls. In case if the control measures are not undertaken, then the corporation might face the problem of breach of computer security and inadequate management of technical disaster (Romney & Steinbart, 2012).

Conclusion

In conclusion, it can be hereby mentioned that the current study helps in understanding exclusive features as well as characteristics of the CBIS environment that in turn can be taken into consideration for attainment of different control objectives. In addition to this, the present study assists in the process of identification of specific threats to the entire operating system and the corresponding techniques that can be utilized for the purpose of minimization of the overall possibility of real exposures. The integrity control also assists in the process of enforcement of control by means of software that in turns support the maintenance of consistent state, gain operational efficacy by permitting required programs and reducing patching frequency to minimize different outages and lessen costs of support. The computer based internal control can help in protection of data privacy from diverse authorized access as well as exposure, enforce string access control, secure information and present accurate pecuniary information to the management. Furthermore, it also helps in becoming familiar with diverse techniques that can be utilized for controlling access to the database and help in understanding the overall character of operations in a CBIS environment and assists in becoming familiar with diverse controls necessary for regulating systems development as well as maintenance actions. Additionally, this study assists in becoming familiar with specific controls as well as precautions necessary for ensuring the overall security of a corporation’s computer facilities and the recovery alternatives that are available in management of disaster. It be thus be mentioned that in retail business, cautiously implemented measures of security visibly benefit the firm’s bottom line. However, retail security as well as prevention of loss also covers a wider applicability. Essentially, the main issue is that retail corporations however lack the proficiency as well as resources essential to carry out comprehensive security analysis and this directs towards weaknesses security plans of the firm. Solutions to retail security need to span different systems that can address security issues by retail security drivers.

References 

Adenike, A. T., & Michael, A. A. (2016). Effect of Accounting Information System Adoption on Accounting Activities in Manufacturing Industries in Nigeria.

Apostolou, B., Dorminey, J. W., Hassell, J. M., & Rebele, J. E. (2014). A summary and analysis of education research in accounting information systems (AIS). Journal of Accounting Education, 32(2), 99-112.

Bodnar, G. H., & Hopwood, W. S. (2013). Accounting Information Systems: Pearson New International Edition. Pearson Higher Ed.

Galliers, R. D., & Leidner, D. E. (Eds.). (2014). Strategic information management: challenges and strategies in managing information systems. Routledge.

Gelinas, U. J., Dull, R. B., & Wheeler, P. (2011). Accounting information systems. Cengage learning.

Hall, J. A. (2012). Accounting information systems. Cengage Learning.

Hassan, H., Nasir, M. H. M., & Khairudin, N. (2017). Accounting Information Systems. In SHS Web of Conferences (Vol. 34). EDP Sciences.

Islam, S., Jiang, R., Poston, R. S., Gal, G., Phillips, P., & Stafford, T. F. (2017). The Role of Accounting and Professional Associations in IT Security Auditing.

Ismail, N. A., & King, M. (2014). Factors influencing the alignment of accounting information systems in small and medium sized Malaysian manufacturing firms. Journal of Information Systems and Small Business, 1(1-2), 1-20.

Peppard, J., & Ward, J. (2016). The strategic management of information systems: Building a digital strategy. John Wiley & Sons.

Romney, M. B., & Steinbart, P. J. (2012). Accounting information systems. Boston: Pearson.

Simkin, M. G., Norman, C. S., & Rose, J. M. (2014). Core concepts of accounting information systems. John Wiley & Sons.

Smith, J., & Binti Puasa, S. (2016, February). Critical factors of accounting information systems (AIS) effectiveness: a qualitative study of the Malaysian federal government. In British Accounting & Finance Association Annual Conference 2016.

Sousa, K., & Oz, E. (2014). Management information systems. Nelson Education.

Worrell, J., Wasko, M., & Johnston, A. (2013). Social network analysis in accounting information systems research. International Journal of Accounting Information Systems, 14(2), 127-137.