Professional Documents
Culture Documents
CHAPTER I
INTRODUCTION
Functions of an information system. An information system contains information about an organization and its surrounding
environment.
1. Hardware
The term hardware refers to machinery. This category includes the computer
itself, which is often referred to as the central processing unit (CPU), and all
of its support equipments. Among the support equipments are input and
output devices, storage devices and communications devices.
2. Software
The term software refers to computer programs and the manuals (if any) that
support them. Computer programs are machine-readable instructions that
direct the circuitry within the hardware parts of the CBIS to function in ways
that produce useful information from data. Programs are generally stored on
some input / output medium-often a disk or tape.
3. People
Every CBIS needs people if it is to be useful. Often the most over-looked
element of the CBIS is the people: probably the components that most
influence the success or failure of information system.
4. Data
Data are facts that are used by program to produce useful information. Like
programs, data are generally stored in machine-readable from on disk or tape
until the computer needs them.
4
5. Procedures
Procedures are the policies that govern the operation of a computer system.
"Procedures are to people what software is to hardware" is a common analogy
that is used to illustrate the role of procedures in a CBIS.
6. Telecommunication
Telecommunication is the transmission of messages over significant distances
for the purpose of communication.
5
CHAPTER II
THEORY
The operating systems is the computer’s control program that allow users
and their applications to share and access common computer resources. The
computer resources are such as processors, main memory, databases, and printers.
Nowadays, more computer resources being shared by an ever-expanding user
community, operating systems security becomes an important control issue. Not
only that but also as an accountant, we need to recognize the operating system’s
role in the overall control picture to properly assess the risks that threaten the
accounting system.
Based on James Hall, the operating systems perform three main tasks.
First, it translates high-level languages, such as COBOL, FORTRAN, BASIC,
and SQL, into the machine-level language that the computer can execute. Second,
the operating system allocates computer resources to users, work-groups, and
applications. This includes assigning memory work space (partitions) to
applications and authorizing access to terminals, telecommunications links,
databases, and printers. Third, the operation system manages the task of job
10
1
F.M. Stepczyk, “Requirements for Secure Operating Systems,” Data
Security and Data Processing, Vol. 5; Study Result: TRW Systems, Inc.
(New York: IBM Corporation, 1974): 25-73
11
a. Log On Procedure
Log-on procedure is the operating system’s first line of defense against
unauthorized access which use the user IDs and passwords. You should be
familiar with user IDs and passwords.
b. Access token
After log-on, the operating system creates an access token that internal
information used to approve actions.
2. Password controls
A password is a secret word or string of characters that is used for
authentication, to prove identity or gain access to a resource (example: an
access code is a type of password).
repairing the damage. Malicious and destructive program are responsible for
millions of dollars of corporate losses annually.
a. Keystroke Monitoring
Keystroke monitoring is the computer equivalent of a telephone wiretap.
Keystroke monitoring involves recording both the user’s keystroke and the
system’s responses. This form of log may be used after the fact to
reconstruct the detailed of an event or as a real-time control to prevent
unauthorized intrusion.
b. Event Monitoring
Event monitoring summarized key activities related to systems resources.
They are: Event logs typically record the IDs of all users accessing the
systems, the time and duration of a user’s session, programs that were
executed during the session and the files, databases, printers, and other
resources accessed.
b. Reconstructing Events
Audit trail analysis can be used to reconstruct the steps that led to events
such as systems failure, or security violations by individuals. Knowledge
of the conditions that existed at the time of a system failure can be used to
assign responsibility and to avoid similar situations.
c. Personal Accountability
An audit log can serve as a detective control to assign personal
accountability for actions taken such as abuse of authority. For example,
consider an accounts receivable clerk with authority to access customer
record.
James Hall mention that fault tolerance is the ability of the systems to
continue operation when part of the systems fails due to hardware failure,
application programs error, or operator error. Implementing fault tolerance
control ensures that there is no single point of potential system failure. Total
failure can occur only in the event of the failure of multiple components.
- Multiprocessing
The simultaneous use of two or more processors improves throughput
under normal operation. During a processor failure, the redundant
processors balance the workload and provide complete backup.
Organizations store data because it has value and will be useful in the
future. These reasons for storing data create some concerns. If it has value, it
should not be available to just anyone. The access should be controlled. If it will
be useful or needed in the future, it must be available and backups must be
2
A. Hall, James. Accounting Information System, 4th Edition, Thomson
South-Western, 2004
17
assured. Control over data management fall into two general categories: access
controls and backup controls.
1. Access Controls
Access control is a system which enables an authority to control access to
areas and resources in a given physical facility or computer-based information
system. An access control system, within the field of physical security, is
generally seen as the second layer in the security of a physical structure.
Because of the “shared” nature of database management systems, access
control becomes an issue in this setting. Risks to corporate databases include
corruption, theft, misuse, and destruction of data. These threats originate from
both unauthorized intruders and authorized users who exceed their access
privileges. Several databases control features that reduce these risks are
explained below:
a. User views
The databases administrator (DBA) typically is responsible for defining
user views. The user view (subschema) is a subset of the total databases
that defines the user’s data domain and restricts his or her access to
databases accordingly. The auditor is concerned that such access privileges
are commensurate with the users’ legitimate.
3
James A. Hall, Accounting Information Systems, 6th edition
18
c. User-defined procedures
A user-defined procedure allows the user to create a personal security
program or routine to provide more positive user identification than a
password can.
d. Data encryption
Data encryption uses an algorithm to scramble selected data, thus making
it unreadable to an intruder “browsing” the database. Many database
systems use encryption procedures to protect highly sensitive data, such as
product formulas, personnel pay rates, password files, and certain financial
data. For protect the store data, encryption is used for protecting data that
are transmitted across networks.
e. Biometric devices
The use of biometric devices is the ultimate in user authentication
procedures, which measure various personal characteristics such as
19
2. Backup Controls
If the other controls fail, an organization still must function. Most database
systems use a backup system to recover the data from some disaster like
corruption by malicious acts from external hackers, disgruntled employees,
disk failure, program errors, fires, flood, and earthquakes. This system
provides four backup and recovery features, which are:
a. Backup
Backup feature makes a periodic backup of the entire database which is an
automatic procedure that should be performed at least once day and then
the backup copy should be stored in a secure remote area.
c. Checkpoint feature
The checkpoint facility suspends all data processing while the system
reconciles the transaction log and the databases change log against the
database.
d. Recovery module
The recovery module uses the logs and backup files to restart the system
after a failure.
20
In this approach, the programmer who codes the original programs also
maintains new systems development during the maintenance phase of Systems
Development Life Cycle (SDLC). This approach promotes two potential
problems which are inadequate documentation and program fraud. When a
system is poorly documented, it is difficult to interpret, test, and debug. So,
the programmers who understand the system have to maintain it. Then, when
the original programmer of a system also has maintenance responsibility, the
potential for fraud is increased. Because, program fraud involve making
unauthorized changes to program modules for the purpose of committing an
illegal act.
6. User test and acceptance procedures; if the test team is satisfied that the system
meets its stated requirements, the system can be formally accepted by the user
department(s).
Controlling Systems Maintenance Activities
4
James A. Hall, Accounting Information Systems, 6th edition
24
In the figure above, shows the source program library without control.
This arrangement has the potential to create two serious forms exposure:
To avoid these things, we must know how to control it. And the ways to
control will be explained in this section by present computer center controls that
help create a secure environment. Whatever if the company has already invested
much money in controls, but if the disasters or that bad events come, who can
control it again? So what the company must do to prepare its self for these events?
All of these questions will be explained in this section too by present the Disaster
Recovery Plan (DRP).
Controls:
26
occur in computer hardware, and also the risk of circuit damage from
static electricity is increased when humidity drops.
e. Fire Suppression, Fire is the most reason for the company why cannot
continue its business. Because if the company suffer a fire event, it
means that the company loss its critical records, such as accounts
receivable. If this data is loss, the company will not know again who
have credits and when the maturity is. To avoid or reduce the
possibility, some of the major features can be implemented by the
company, they are:5
Automatic and manual alarms should be placed in strategic
locations around the installation. These alarms should be
connected to permanently staff firefighting stations.
There must be an automatic fire extinguishing system that
dispenses the appropriate type of suppressant (carbon dioxide)
for the location. For example, spraying water and certain
chemicals on a computer can do as much damage as the fire.
There should be manual fire extinguishers placed at strategic
locations.
The building should be of sound construction to withstand
water damage caused by fire suppression equipment.
Fire exits should be clearly marked and illuminated during a
fire.
f. Power supply, Although this equipment is expensive but this
equipment is really useful for the company to has, because this
equipment can stabilize the voltage regulators, surge protectors,
generators and batteries. Many companies that do not use power
supply will have common problems, which are the computer center
operations disrupted, total power failures, brownouts, power
fluctuations and frequency variations.
Disaster Recovery Plan (DRP)
5
James A. Hall, Accounting Information Systems, 6th edition
28
6
DRP is a comprehensive statement of all actions to be taken
before, during, and after a disaster, along with documented, tested
procedures that will ensure the continuity of operations. Many ways that
can be adopted to do a DRP, they are:
Providing Second-Site Backup:
a) The Empty Shell is an agreement where the company buys or leases
a building and remodels it into a computer site. In the event of
disaster, the shell is available and ready to receive whatever the
hardware users need to run essential systems.
b) The Recovery Operation Center is a completely equipped site, very
costly because ROC service give an extra services to their clients
who pay an annual fee for access rights, such as technical services
and the backup data center typically shared among many
companies.
c) Internally Provided Backup, the company that has multiple data
should be has the self-reliance by creating excess capacity. The
facility is equipped with high-capacity storage devices and all
transactions are processed in the real time along fiber-optic cables
to remote backup facility.
Identifying Critical Applications
In making DRP, the company must identify first, what
applications that have priorities places (short-term survival) and
what’re not. Many items can affect cash flow position if they are not
included in priorities places, for example:7 Customer sales and service,
Fulfillment of legal obligations, account receivable maintenance and
collection, production and distribution decisions, purchasing
functions, communications between branches or agencies, and public
relations.
6
James A. Hall, Accounting Information Systems, 6th edition
7
James A. Hall, Accounting Information Systems, 6th edition
29
But for applications priorities, they can change follow the time,
so the DRP must be updated to reflect new developments and identify
critical applications.
Performing Backup and Off-Site Storage Procedures
Database, master files and transaction files should be copied
daily to tape or disks and secured off-site. The company also should
backup documentations, supplies and source documents.
Creating a Disaster Recovery Team
To have a good DRP and timely for recovering from a disaster,
it must have a great DRP team. The team members should be experts
in their areas and have assigned tasks.
Testing DRP
The test of DRP is very important and should be performed
periodically. Tests measures of the preparedness of personnel and
identify omissions or bottlenecks in the plan.
Threats:
30
Controls:
8
James A. Hall, Accounting Information Systems, 6th edition
31
protected subnet.
Figure 2.2 Dual-Homed Systems
32
3. Encryption
9
http://www.us-cert.gov/cas/tips/ST04-015.html
33
And next, there is Public Key Encryption. This method uses two
different keys, which is one for encoding messages and the other for decoding
message. The recipient has a private key used for decoding that is kept secret.
But public key is for encoding and published for everyone to use. Receivers
never need to share private keys with the senders, thus reducing the likelihood
that they fall into the hands of an intruder. The most trusted public key
encryption is RSA (Rivest-Shamir-Adleman). This method is, however,
computationally intensive and much slower than DES encryption. Sometimes,
both DES and RSA are used together in what is called digital envelope.
4. Digital Signatures
5. Digital Certificate
Sometimes, the intruder in the company can change the order of the
message, duplicate the message or delete the message without anyone know
about that. So to avoid this, the company can implement one system that
called Message Sequence Numbering. This system gives the number of each
message and it also sequential.
7. Message Transaction Log
In message transaction log, all the outgoing and ingoing messages
must be recorded in this system because it can record the user ID, the time of
the access, and the terminal location or even the phone number which the
access originated, so the intruder cannot log in to the system with “trial and
error” way because it record anything that have been happened.
8. Request-Response Technique
In request-response technique, it controls the message from the sender
and the response from the receiver. Why this technique is useful? Because
sometimes the intruder can interrupt or delay the message from the sender
and the receiver doesn’t know about this event.
9. Call-Back Devices
A call-back device requires the dial-in user to enter a password and be
identified. After that the system can stop the connection for a while to check
the authentication, when the system have already known about the
caller(authorized), the call-back device can start a new connection by dialing
the caller’s number.
10. Line Errors
The most common problem why the data communications can loss the
data due to line error is. This line error can happen because of the noise,
which is the signal random that can interfere with the signal of the message
when it reaches at a certain level and the result of this noise is the bit structure
of the message can be corrupted. There are 2 common techniques to detect
and correct these data errors before they are processed:
37
Echo Check is the acts that the receiver of the message sends back the
message to the sender. The sender can compare the message that he/she
receives again with a stored copy of original.
Parity Check incorporates an extra bit (the parity bit) into the structure of a
bit string when it is created or transmitted.10
11. Backup Control for Networks
Every company that uses network should be back up its data because
in enterprise-level network can be very large and include multiple server
level. If the data has already backup by the company, it can eliminate the
probability of the missing data because of the disaster or unwanted event,
such as fire, flood, etc.
10
James A. Hall, Accounting Information Systems, 6th edition
38
http://www.google.co.id/imglanding?q=tps
%20edi&imgurl=http://www.cybertext.com/images/tps_edi.gif&imgrefurl=https://www.cybertext.com/books/primer
/chapters/ch2.htm&usg=__RINb4kXBndK7pbrywypuZoZjZsI=&h=429&w=530&sz=13&hl=id&itbs=1&tbnid=9mr
03P7L280msM:&tbnh=107&tbnw=132&prev=/images%3Fq%3Dtps%2Bedi%26hl%3Did%26gbv%3D2%26tbs
%3Disch:1&gbv=2&tbs=isch:1&start=0
But, even the human intervention is not included in EDI system, but it
doesn’t mean the problem will not exist. For example, make sure the transactions
are authorized and valid, preventing the unauthorized person to access the data
files, and also maintaining an audit trail. There 3 ways to accomplish the three
above:
39
Personal computer likes PC provide many functions for the users but
also provide minimal security for stored data and programs. For example, the
user saves the data or the programs in the microcomputer, and it is unsecured
from unauthorized people to access it, or manipulate it or even destruction.
Thus, the auditor must ensure that the data in the personal computer are saved
and also ensure the integrity of the data from the computer criminal.
To prevent this, the user of the company can use a system that called
“Disk Lock”. Disk Lock is an application to hide the existing data in Flash
Disk and also lock the access to the Flash Disk. To be able to access the Flash
Disk is needed passwords. It also avoid the viruses that exploit the auto run
function and also as an early prevention against the virus because it provided
the scan functions to file foreign or viruses that hide inside the root directory
of Flash Disk.
For Inadequate Segregation of Duties
In particularly, many companies hire the employees without detail
explanation about their job. For example, one employee can do multiple jobs,
such as recording purchase transaction, sales transaction, and cash receipts
and cash disbursements. If this is happen, the fraud will exist so high, it will
support the opportunity to do the fraud, and if the employee under pressure,
he/she can do the fraud very easily because the internal control is weak and it
also supported with rationalization.
To avoid this, the company must encourage the internal control by
segregation of duties. Segregation of Duties (SoD) separates roles and
responsibilities to ensure that an individual cannot process a transaction from
initiation through to reporting without the involvement of others and thereby
SoD reduces the risk of fraud or error to an acceptable level.
Inadequate Backup Procedures
Disk failure is the most reason for the company which is not using
back up for its data and programs and it is usually happen in the lower level
user in the PC environment that have not adequate experience and training.
Some common backup approaches are outlined below:
41
12
James A. Hall, Accounting Information Systems, 6th edition
42
APPLICATION CONTROLS
Application controls deals with the specific areas, such as payroll and
account receivables. That’s why, application controls have three board categories,
which are: Input, Process and Output controls.
Input Controls
Input controls attempt to ensure the transactions that are inputted in the
system are valid, accurate and complete. But how to make sure the input controls
are implemented in best, these are the classes of input controls:
Single transposition error occurs when two adjacent digits are reserved;
example 32111 is recorded as 23111. Multiple transposition error occurs when
nonadjacent are transposed, example 32114 is recorded as 34121.
Control:
1. Take the first seven digits of the ISSN (the check digit is the eighth and
last digit): 0 3 1 7 8 4 7
2. Take the weighting factors associated with each digit : 8 7 6 5 4 3 2
3. Multiply each digit in turn by its weighting factor: 0 21 6 35 32 12 14
4. Add these numbers together: 0+21+6+35+32+12+14 = 120
5. Divide this sum by the modulus 11: 120:11 =10 remainder 10
6. Subtracts the remainder from 11: 11-10 = 1
44
7. Add the remainder, which is the check digit, to the extreme right (low
order) position of the base number of the ISSN: 0317-8471
If the remainder is 10, substitute an upper case X in the check digit position. If
there is no remainder, put a zero in the check digit position. It should be noted
that the check digit is an essential and inseparable part of the ISSN.
Batch controls
The main objectives why the company should use batch controls
because the batch control is useful to reconcile the output with the originally
input that entered into the system. In batch control, the system requires the
same type of input can be collected together first and after that input them
into the systems and control it throughout the processing. Two documents are
used to accomplish this task. First, a batch transmittal sheet and a batch
control log.
In batch transmittal sheet captures many relevant data like as below,
an unique batch number, transaction code (for example the data is about sales
order), date, the user, prepared by, record count, control total (the sum of the
dollar value in the financial field) and hash total (the total of a unique
nonfinancial field for example the total of SO number).
The transmittal sheet is very useful to ensure the batch record is this
sheet is also used to assess the integrity of the batch during processing. After
processing, the output results are distributed to the control clerk in order to
reconcile and make sure the batch is right and distributed it to the user. But
before that, the control clerk must to update the batch control log.
Validation controls
Validation control is useful to detect the fraud when the data is
inputted before they are processed. Input validation controls are seen at all
three levels of the data hierarchy:
1. Field (attribute) interrogation
2. Record interrogation
45
3. File interrogation
- Missing data checks, If the value in the field is missing or blank, the
validation program will detect this as an error.
- Numeric-alphabetic data checks, for example the validation program will
detect an error if the account number of the customer number is consisting
of alphabetic data.
- Zero-value checks, used to verify that the certain field contains of the zero
value. Because some programs requires zero value in the mathematical
operation. If the control does not detect a zero value, it may automatically
replace a zero value in the field.
- Limit checks, this system can control the field that contain a value exceed
the authorized limit.
- Range checks, this system just control about the upper and lower limits of
the data in the field. For example, the payroll field is between 5 and 15. If
the payroll is entered more than 15, the system will detect this.
- Validity checks, this system is compare the actual values in the field with
the acceptable values, example in the cash disbursement systems, the
fraudulent usually does a payment to nonexistent vendor, and to prevent
this, the company can make list of valid vendor. If the fraudulent makes
payment not with the appropriate vendor number in the cash disbursement
with the valid vendor list in the validation program, the validation program
will detect this as an error and cannot make a payment.
- Check digits, this system identifies about the keystroke errors in the field.
- Sign check, this is check about the sign of the recorded transaction. The
sign is correct for every account or not.
- Sequence check, used to determine if a record is out of order. The
transaction files that are stored must be in the same order with the master
files when the batch system is done.
File Interrogation, this control ensure the correct file is being processed by the
system. This is a particular control because it focuses in the master file that
contain of permanent data about the company. The test will be explained as
below:
- Internal label check, internal check label is useful when the external label
is incorrect to create the correct stored data. Because the external label is
made manually and it is very prone occur the error. For example, when the
user create the stored data and make a wrong label outside the data, after
that the user wants to retrieve the data again, it will process the wrong
data. So to prevent this, the company can use internal label to check the
appropriate label for data. When the user process the wrong data with the
wrong external label, the system will give a notification that the data is not
suitable with the label and it will stop the process.
- An expiration date check, this system can give a notification to the user
whether the data is expired or not before replace it with the newer. For
example for backup system, when the user backup the newest data in the
master file, usually the user will replace it with the older one in order to
provide a free space for the new one.
Input error correction
When the error is detected, it must be corrected to prevent the further
error. There are three common techniques to do this:
1. Immediate correction, when the user find unusual relationship within the
data or the keystroke error, the user can directly correct that at the same
time when the user detects that error.
47
2. Create an error file, when the user find unusual relationship within the
data or the keystroke error, the user give a flag sign in each data that are
detected as an error. After the validation procedure is finish, the user can
removed all of the flags data and put it in one file or quarantine it until
they can investigated.
3. Reject the batch, it occur when the user find the total sales order (hash
total) in the transmittal sheet is not compatible with the sales order in the
data input procedures. The user can cancel or reject the batch and
investigated why it can happen and resolve it and the last resubmit it
again.
Processing Controls
48
Run-to-run Controls
Run-to-run controls are used in the batch process; it is ensure that all
the process when to do the batch is run well and completely. Run-to-run
control can be done by this: Recalculated control totals (recalculated all the
field that have been done in the batch to ensure all are correct), transaction
codes (it is just compare the codes that have been processed in the batch are
same with the codes in the control records), Sequence checks (because all the
transaction records in the batch must be restored to the master file, it must be
in the sequence to ensure that the batch record is properly sorting took place).
Output Controls
Output controls are very important to ensure all the outputs of the
transactions are free from the misdirected, lost or corrupted. How to ensure that?
These are the control:
sensitive data before he/she burst the output. To prevent this, the company
can use supervision control.
- Waste
The aborted report or the output data that have been affected by the
ink, the user usually throw it away to the trash can, and the computer
criminal may search the careless disposed output in there and read the
sensitive data for example the firm’s market research or even the trade
secrets.
To prevent these acts, all the disposed output must be passed
through a paper shredder.
- Data Control
Normally, the data clerk will check all the batch control to ensure
all the output will free from illegible and missing data and also record the
recipients of the report in the data control batch control log.
- Report Distribution
In report distribution, it is very risky from lost, stolen, or
misdirected in transit to the user if there is not in good control. These are
techniques to control the report distribution:
1. The report may store in the secure mailbox and just the user that has
the key can open it.
2. At distribution and sign for the report, the user may appear in person.
3. The report may send to the user by special courier or security officer.
- End-User Controls
The report that has already in the hand user should be reexamined
to ensure the report are free of error and after the retention date has passed,
reports should be destroyed by the shredder.
Controlling Real-Time Systems Output
This method can eliminated the intermediaries’ fraud like in the batch
system output because the data output is direct send to the user’s computer
screen, terminal or printer, but the primary error in the real-time system
51
– Business objectives
To satisfy business objectives, information must conform to certain criteria
referred to as “business requirements for information.”
The criteria are divided into seven distinct yet overlapping categories that map
into COBIT objectives:
1. Effectiveness: the information must be relevant and timely.
2. Efficiency: the information must be produced in a cost-effective
manner.
3. Confidentiality: sensitive information must be protected from
unauthorized disclosure.
4. Integrity: the information must be accurate, complete, and valid.
5. Availability: the information must be available whenever needed.
6. Compliance with legal requirements: control must ensure
compliance with internal policies and with external legal and
regulatory requirements.
7. Reliability: management must have access to appropriate information
needed to conduct daily activities and to exercise its fiduciary and
governance responsibilities.
53
Source: http://www.glovia.com/html/news/newsletter/02_04/feature.asp
COSO focuses on broader, in general how to make sure the internal control in the
company has been implemented by the company.
Columns at the top represent the four types of objectives that management
must meet to achieve company goals.
– Strategic objectives
– Operations objectives
– Reporting objectives
– Compliance objectives
Columns on the right represent the company’s units:
– Entire company
– Division
– Business unit
– Subsidiary
55
– Risk assessment
The organization must be aware of and deal with the risks it faces. It must set
objectives for its diverse activities and establish mechanisms to identify,
analyze, and manage the related risks.
– Information and communication
Surrounding the control activities are information and communication systems
that enable the organization to capture and exchange the information needed to
conduct, manage, and control its operations.
– Monitoring
The entire process must be monitored and modified as necessary so the system
can react dynamically and change as conditions warrants.
Key methods of monitoring performance include:
• Perform ERM evaluation
• Implement effective supervision
• Use responsibility accounting
• Monitor system activities
• Track purchased software
• Conduct periodic audits
• Employ a computer security officer, a Chief Compliance Officer, and security
consultants
• Engage forensic specialists
• Install fraud detection software
• Implement a fraud hotline
57
CHAPTER III
CASE - DATABASE ENCRYPTION IN ORACLE9i
CHAPTER IV
o Control activities
o Risk assessment
o Information and communication
o Monitoring