Professional Documents
Culture Documents
Accounts Management
Name
Institution
ACCOUNTS MANAGEMENT 2
Accounts Management
Account management is one of the most crucial aspects of every business. The accounts
bear various essential data, which always determine multiple elements of the company.
Therefore, the maintenance and auditing of such accounts are crucial in ensuring that the correct
data and information is provided in the systems. Again, it is also vital to audit such systems as
they aid in fraud detection and control, for instance, in scenarios whereby data of some departed
employees are still within the account systems. The leading management should always act in
the prompt in ensuring that the resources required in supporting the accounting operations and
monitoring processes are available. Similarly, for the accounts’ information system to be
effective, it requires various security and management strategies are crucial in ensuring that the
systems are up to date (Kim & Solomon 2016). Some of the strategies that can aid in the
implementation of the standard processes to ensure the effectiveness of the accounts include
incorporating principles such as least privilege, separation of duties, need to know, and the
Least privilege
One of the best strategies that can be used in the assessment of current accounts
management and implementation of the standards process is the use of the "least privilege." For
the accounts of departed employees to be within the company, imply that the systems are quite
flawed. Hence, various measures are required to be put in place to mitigate and occurrences of
unwanted issues such as fraud. These could be caused by the access of accounts by many
ACCOUNTS MANAGEMENT 3
individuals who end up tampering with the data, as the systems are accessible to everyone. The
least privilege principle entails the concept and practice of restriction of access of various
accounts and various computing processes to the only top persons or resources required in
carrying out the legitimate routines (Kim & Solomon 2016). In this note, this act as a security
measure whereby risks that could have otherwise hit the organization through the provision of
wrong data are thwarted. These risks typically turn out to be very costly and harmful to
individuals and the company at large. Therefore, the least privilege would be quite applicable in
this case, as it aids in ensuring that users are only granted permission of access depending on
their level of duties (Gordon 2015). This, in one way, acts to limit access and therefore ensuring
that unauthorized individuals do not access, add, and process bogus the information they should
not.
Similarly, weak control of the accounts could allow an individual to put a retired
employees detail and even creating chances of "ghost workers” whereby their salaries are
channeled to other individuals. The use of this principle will allow for risk reduction of attackers
by either gaining control of the critical account information systems and sensitive data by
compromising a low level-user account (Miller 2016). Thus, it aids in further compromising of
Separation of Duties
carry out the particular duty on his or her own without any external assistance. To ensure that the
security of the accounts systems is not compromised, the separation for duties principle would as
well be quite useful. The separation of duties entails that an individual refrains from the aspect of
assigning one person a responsibility or having only one individual take custody and acquisition
ACCOUNTS MANAGEMENT 4
differentiated from duties. In such a case, the separation of responsibilities acts to prevent the
creation and the approval of the individual's work (Kim & Solomon 2016). In accounting, this
act as one of the effective methods of dealing with fraud management since the information will
also have to be verified by others; thus, an individual cannot add and process the financial data of
a departed employee. This ensures that in cases of fraud, a collusion cannot occur between more
than individuals can as they have incompatible responsibilities (Albrecht et al. 2011).
It also ensures that there is the usual control of accounts as well as split knowledge about
various information and data about the employee (Gordon, 2015). Implementing dual control as
one of the security measures about the accounts ensures that more than one individual carries out
a process or transaction. In the split aspect, it ensures that one individual does not have access to
both and hence minimizing chances of any fraud (Albrecht et al. 2011). For instance, when
dealing with payrolls, one person could compile the gross and net pays of the payroll while
another verifies the names and calculations. In this way, it keeps the payroll clerk from
increasing the pay of some employees, as well as creating and paying fake or departed
employees. Again, this would ensure that the authorization of a transaction is separated from its
processing (Hall 2012). The separation, in this case, is crucial as it assures that the correct
Need to Know
The fact that various individuals, more so in the top management, have the right to know
certain information provides a high risk to the accounts information. These individuals, at any
given point, always do have access to the account details, yet they have no sole duty or assigned
responsibility for the accounts processes. When individuals have separate responsibilities, it
ACCOUNTS MANAGEMENT 5
implies the fact that they do not have full access to the various tasks being performed. In such a
case for one to access certain aspects, they need to be granted access to obtain the information.
Thus, the need to know concept entails the concept of precluding people from accessing
information that they do not require when performing their duties (Kim & Solomon 2016).
Utilizing this concept aids in the process of plummeting probabilities of inappropriate handling
of data or even incorrect issue of information. A clear illustration of this principle would be, for
instance, despite the CIO having the mandate to view a financial overview of the first quarter of
the year, the CFO could decide that the CIO does not necessarily have to be aware of the
information and hence chooses to restrict access. Thus the providing the required information
only based on “need to know” about is critical as it only contains the intended people the
opportunity to access the data only when the need arises. In this way, it controls information
from falling in the wrong hands; thus, a lot of misappropriation and interference with crucial
aspects within the accounts information systems cannot occur (Hall, 2012). Hence restricting the
access of the account details leads to specific individuals aids in having cases of departed
When individuals stay within an organization for quite an extended period, they usually
get used to the internal system controls. They are acquainted with every day running of the
accounts systems within the organization and even might end up keeping track of various
occurrences. For instance, that individual has full knowledge about the details of a certain
employees. For example, they might have a thorough understanding of sacked employees and
retired employees. Therefore incorporating such people in the systems would be more
comfortable in carrying out an absolute fraud. Again, individuals might as well collaborate in
ACCOUNTS MANAGEMENT 6
carrying out a fraud since they have vital details of the account information (Kim & Solomon
2016). However, when changes are made more so between departments, an individual begins
learning a very new environment in which they do not have the history of the employee in theta
department, and hence, compromising the accounts systems and details becomes difficult. One
way of achieving this is job rotation. In this case, the chances of several employees colluding to
Account management acts as one of the most crucial aspects. Thus, the various activities
related to the multiple processes require much surveillance in controlling elements such as
misinformation, frauds, and interference with the accounts systems. This can be achieved by
limiting access to the accounts of various individuals. Through such only, the intended people
are in apposition to carryout nay transactions hence preventing compromise from external
interferences. Through the separation of duties, the access to various process and information is
not obligated to one individual and therefore reducing cases such as having departed employees
within the systems. Similarly, embracing the "need to know" and changing personnel within the
References
Albrecht, W. S., Albrecht, C. O., Albrecht, C. C., & Zimbelman, M. F. (2011). Fraud
Gordon, A. (2015). Official (ISC) 2 Guide to the CISSP CBK. Auerbach Publications.
Kim, D., & Solomon, M. G. (2016). Fundamentals of information systems security. Jones &
Bartlett Learning.
Miller, M. (2016). What Is Least Privilege & Why Do You Need It? | BeyondTrust [Web log