Professional Documents
Culture Documents
Chapter 7
Control and Accounting Information Systems
The information security officer and operations staff are responsible for ensuring that control
procedures are followed.
➢ Controls are much more effective when placed in the system at it is built, rather than as
afterthought.
➢ As a result, managers need to involve system analysts, designers, and end users when
designing computer-based control system.
|Page1
➢ An employee should not be in a position to commit and conceal fraud.
Segregation of duties include:
1) Segregation of accounting duties
➢ Effective segregation of accounting duties is achieved when the following functions are
separated:
Notice that, if one person performs two of these functions, problems can arise.
Authority and responsibility should be divided clearly among the following functions:
1) System administration. Systems administrators make sure all information system
components operate smoothly and efficiently.
2) Network management. Network managers ensure that devices are linked to
organization’s internal and external networks and that those networks operate properly.
3) Security management. Security management makes sure that systems are secure and
protected from internal and external threats.
4) Change management. Change management is the process of making sure changes are
made smoothly and efficiently and do not negatively affect systems reliability, security,
confidentiality, integrity, and availability.
5) Users. users record transactions, authorize data to be processed, and use system output.
6) Systems analysis. Systems analysts help users determine their information needs and
design systems to meet those needs.
|Page2
7) Programming. Programmers take the analysts’ design and develop, code, and test
computer programs.
8) Computer operations. Computer operators run software on the company’s computers.
They ensure that:
Data are input properly, data are processed correctly, and the needed output is produced.
|Page3
[4]Changes Management Controls;
➢ Organizations modify existing systems to reflect new business practices and to take
advantages of IT advancements.
➢ Those in charge of changes should make sure they do not introduce errors and facilitate
fraud.
[5]Design and Use of Documents and Records
➢ The proper design and use of electronic and paper documents and records help ensure the
accurate and complete recording of all relevant transaction data.
Their form and content should be:
As simple as possible,
Minimize errors, and
Facilitate review and validation.
[6]Safeguard Assets, Records, and Data
➢ A company must protect its cash and physical assets as well as its information.
It is important to:
a) Create and enforce appropriate policies and procedures. All too often, policies and
procedures are created but not enforced.
b) Maintain accurate records for all assets. Periodically reconcile the recorded amounts of
company assets to physical counts of those assets.
c) Restrict access to assets. Restricting access to storage areas protects inventories and
equipment.
d) Protect records and documents. Fireproof storage areas, looked filing cabinets, backup
files, and off-site storage protect records and documents.
|Page4