StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Auditing Information System: Security Management and Control - Assignment Example

Cite this document
Summary
This assignment "Auditing Information System: Security Management and Control" explores the studied of the first chapters in the course of Auditing Information System. These chapters are based on a management security system, internal control, security, and control assessment. …
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER97.7% of users find it useful
Auditing Information System: Security Management and Control
Read Text Preview

Extract of sample "Auditing Information System: Security Management and Control"

Auditing Information System of Affiliation Auditing Information System This paper explores the studied of the first chapters in the course of Auditing Information System at Nova Southeastern University, these chapters are based on management security system, internal control, security and control assessment. The answers for this assignment are based on the material covered in the class and the research conducted on online (Internet) and offline (non-Internet). Keywords: accurate, authorization, changes, computer, development, program, security, system Assignment 1 Chapter 1 -Problem 5, Page 30 A. The purpose of each of the four controls, are as follow: 1- Authorization of transactions: this control is required to satisfactorily protect the company or entity assets against of any fraudulent or improper transactions. This control helps to a point to apply a validation and internal control. A conventional system of transaction authorization permits the use of a company’s resources basing on the goals and objectives of the management team. Transactions must be carried out in line with the terms of their broad or particular authorizations, but under the scrutiny of trustworthy personnel, who, in addition to being responsible, acts within the limits of the prescribed authority. 2- Complete and accurate record keeping is essential as it serves to ensure that expeditious and accurate accounting of all transactions or rather economic activities are done. Companies have the role of maintaining books of accounts that are not only detailed, but also indicate accurate transactions as well as dispositions of the company’s assets. In addition, keeping proper records are indispensable in so far as preparing financial statements that conform to GAAP standards is concerned. Physical controls entail all efforts to keep the assets, documents and records of a company away from dangers of destruction, loss or manipulation through alteration. 3- Internal verification describes the independent assessment of the accuracy and correctitude of work(s) done by another party. It involves a further review of the accounts for the assets relative to existing assets at specified periods. B. & C. Applications of the Controls: Violation/Remedy Okdale went ahead to transact the long-term securities by simply basing on the approval of the president rather than the approval of the entire board of directors. This action was in violation of the authorization protocol. As a remedy, there is need to employ a strategized formalized procedures. This is in addition to the company’s by-laws. Under such set of conditions, it is apparent that Okdale would not have sold the securities without the approval of the board of directors. The dividend and interest checks from Okdale are received by the treasurer who directly forwards to the accounting department. There is no record or entry that is made on the cash receipts book. As such, it is impossible to determine the receipt and deposition of all interest checks and dividend. Such action clearly contravenes the rule of complete and accurate record keeping. As a remedy to the problem, all checks should be forwarded to the group that normally opens stamps and logs incoming checks, and the checks should be recorded in the cash receipts book at the time of receipt. . (Otley, 1999)The interest and dividend checks (entries) should be reconciled by the accounting department to the monthly broker’s statements. These statements should be kept on file to assure that all checks have been received, deposited, and accounted for. The balance in the accounts as of the end of the month closely approximated the amounts shown on the broker’s statements. This is a violation of the complete and accurate records procedure and the internal verification procedure. Remedy- The accounting department must undertake the reconciliation of the differences and implement appropriate procedures to assure that the accounts and the brokerage statements are reconciled monthly. The treasurer has the authority to buy and sell securities, receives revenue, and makes journal entries related to securities. This is a violation of the authorization procedure. Remedy- Strengthen internal control so that the treasurer does not have conflicting duties. (Otley, 1999) Access to short-term securities is unrestricted in the accounting department. This is a violation of the physical controls procedure. Remedy- The short-term securities should be placed in a restricted facility such as a bank safe deposit box or a company safe. Access to short-term securities should be limited to a few responsible personnel and two people should be present each time the securities are accessed. Additionally, a log-book should be maintained to record any disposition of securities. Chapter 2- Problem 1, Page 63 Some of the control weaknesses present and the proper recommendation for correcting each of them are: EDP system should be out of bounds of the company’s staff. Programmers and support system personnel are the only people allowed to access the system but only when they are conducting maintenance services (Otley, 1999). The supervisor in charge of the operators of the EDP system should have unrestricted accessibility to the computer room. The roles of maintenance should be distinct from those of management and operations (Barth, et al, 2008). The task of reconciling the EDP log should be done by computer operations supervisor or any other independent employee (Barth, et al, 2008). EDP system documentation should be enhanced to include programs, flowcharts, and operator instructions. (Otley, 1999) An EDP master price list file should be used to record the prices automatically for every invoice. Processing controls, such as completeness tests, validation tests, and reasonableness tests, should be put in place to assure that errors in the input records are detected when processing occurs. Control totals, hash totals, and record counts should be implemented to ensure the accuracy of all EDP data and to prevent errors from going unnoticed or being improperly tallied. (Vaivio, 2008) The numerical sequence of shipping notices should be checked by the EDP system and any missing number should appear on summary control totals that are reviewed The EDP system operators’ supervisor. Billing and cash collections should made separate from accounts receivable. (BARTH, Chapter 3-Problem 9, Page 127 BBC Inc. is initiating a top down implementation of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework. The COSO framework will enable BBC to establish a firm corporate strategy for rick management, internal control and fraud deterrence. The necessity of a trickle down implementation creates a unique circumstance that BBC’s management must engage and solve in a fluid transition. The introduction of the COSO framework will require BBC to integrate a corporate wide computer information system that by nature will create a number of potentially hazardous security and control issues that must be resolved prior to system implementation date. The COSO Enterprise Risk Management Framework expands on BBC’s internal control, providing a more robust and extensive focus on the broader subject of enterprise risk management. While it is not intended to and does not replace the internal control framework companies such as BBC will utilize the new capacity of the framework to move toward a fuller risk management process which by nature will be more stable and secure for management. Security BBC should conduct workshops and seminars to enlighten the employees of the corporation on how to use the system. Amongst the training items are the policies and procedures that the users need to know as well as virus risks and effective measures to counter them. Updating the virus definitions should be conducted as frequent as possible by the administrator. For instance, it is recommended for the process to be done on a daily basis rather than on a weekly basis. In the event a user enters password incorrectly for a three times (subsequently), the system should autonomously disallow in further attempts. This is a security measure to prevent suspicious individuals from trying to access accounts that belong to other users (Otley, 1999). In case such a scenario takes place, the system should log the attempt and notify the administrator of the system on the date and time the suspicious activity took place. Further, Otley (1999) recommends that passwords should be reframed at least two times every year. A system whose password is changed regularly tends to be more secure than that whose password fairly remains the same. Also, it is important to incorporate software that rejects ‘weak’ passwords. This would compel the user to provide passwords that are much more secure. Event monitoring should be employed especially during the auditing trail of the system. This feature allows the system to keep records of the user including name, information regarding the tasks carried out, and the specific periods they logged into the system. Another person, preferably a high rank manager, should have the authority to access the event log. This is crucial as it would deter irresponsible system administrator from conspiring to hide fraudulent activities involving the computer system. Appropriate fire extinguishing equipment should be installed to take care of eventualities such as fire. For instance, automatic fire extinguishing systems that dispense fire suppressant gases should be used in place of water extinguishers. This is because the latter has the ability of destroying the computers. Systems Development Computer monitoring and maintenance should only be designated to specific person(s). This individual(s) will take full responsibility of the purchasing and installation of software on company computers. Also, for the sake of reliability and compatibility, these software should be purchased from a single provider. Program Changes The administrator of the system should not be part and parcel of the original computer programming and set-up as they will be updating the system when required. In addition, such an administrator should be kept away from any knowledge relating to making and hiding illegal changes. An account of all the changes made on the system should be safely kept. The development of a systemic process can aid in mitigating problems that could jeopardize the entire system. References Otley, D. (1999). Performance Management: A Framework for Management Control Systems research. Management Accounting Research, 10(4), 363-382. Vaivio, J. (02/2008). Qualitative Management Accounting Research: Rationale, Pitfalls and Potential. Qualitative Research in Accounting and Management, 5(1), 64-86. BARTH, M. B., LANDSMAN, W., & LANG, M. (2008). International Accounting Standards and Accounting Quality. Journal of Accounting Research, 46(3), 467-498. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Auditing Information System: Security Management and Control Assignment - 1, n.d.)
Auditing Information System: Security Management and Control Assignment - 1. Retrieved from https://studentshare.org/management/1613389-modify-all-the-wordsanswers-for-the-3-following-problems
(Auditing Information System: Security Management and Control Assignment - 1)
Auditing Information System: Security Management and Control Assignment - 1. https://studentshare.org/management/1613389-modify-all-the-wordsanswers-for-the-3-following-problems.
“Auditing Information System: Security Management and Control Assignment - 1”, n.d. https://studentshare.org/management/1613389-modify-all-the-wordsanswers-for-the-3-following-problems.
  • Cited: 0 times

CHECK THESE SAMPLES OF Auditing Information System: Security Management and Control

Security Audits

It lets management understand and analysis the current weaknesses in the system of the control and make key suggestions to improve these controls (2001).... Internal audits can be beneficial as they catch management's attention in critical business issues (2001).... Moreover, one cannot diminish the fact that internal audits clearly give positive reassurance to management when controls are operating in an effective manner (2001).... Lastly, internal auditing can give management an early notice of risk and potential problems that can be addressed before any harm is conjured....
2 Pages (500 words) Essay

Successful Security Management

The statement ‘Successful security management in any organizational context must be driven by an agenda to enhance the financial viability of the organization' is based on the fact that risk is all pervasive and therefore,… Risk is not completely unavoidable in a business organization and security planning is essential to create secure environment.... Perception of risk at various levels Since security is a mission to protect the people, property and the business, an integrated approach in policy making is essential for successful security management....
11 Pages (2750 words) Research Paper

Managing and Auditing in IT Controls

In the essay “Managing and Auditing in IT Controls” the author submits his recommendations on IT controls for management and auditing.... Being that this organization has not been having CIO or any protocols regarding computer use, additional IT controls are very vital in the management and auditing process.... hellip; The author states that one of the control systems which I recommend is known as It General control....
2 Pages (500 words) Essay

Analysis of Database Security

The paper "Analysis of Database security " describes that Nathan Aaron states that most people value database security since they ensure that the data is secured, confidential, and maintains its integrity.... He gives an example citing that lack of a proper security system in most cases leads to losses.... hellip; Aaron concludes that security is very crucial for all databases stored as they ensure that data remains secured and only the right people are able to access it whenever they need it....
11 Pages (2750 words) Annotated Bibliography

The Role of Information Security Policy

Employees play a major role in maintaining information system security.... Information systems security policies are the central repository that protects the assets of an organization by addressing threats.... This has made many organizations… Therefore, an Information Systems security strategy ensures effective procedures as well as assists for information security across the whole organization.... The size and nature of firm normally influences Regardless of all these, the essence for a security policy on information systems is unquestionable....
4 Pages (1000 words) Essay

System Security Planning: the Configuration of the System

A host-based intrusion detection system (HIDS), which collects data via endpoint security management systems.... This paper will look at some security measures considered incorporated in a system security plan.... The system security plan is important for any organization.... The security plan will ensure the information system of a particular organization is well preserved.... The security plan addresses the policies, goals, and objectives of the organization's security program and documents the process for making changes to the information system....
5 Pages (1250 words) Research Paper

Security Awareness Training Plan for MEMATECH Solutions Limited

Moreover, the proposed identity management and security awareness training plan would also suggest a set of effective ways of applying patches and fixes to MEMATECH along with various exercises associated with improving auditing and maintaining the security of the overall systems as well as communication networks within the organization.... In this regard, the data management and controlling measures associated with the user system would be instructed to deploy a security lock, which can ensure to protect data from the external threats....
6 Pages (1500 words) Case Study

Financial Institution Auditing Techniques and Compliance Laws

This coursework "Financial Institution Auditing Techniques and Compliance Laws" focuses on Financial institutions that comply with several regulations that ensure the protection of their client's private information and be able to detect any risk of occurrence of identity theft or fraud.... Compliance with the privacy requirement of the Gramm-Leach-Bliley Act is imposed on the financial information's which are involved in activities of financial nature such as lending, investing, brokering or servicing loans, career counseling, stock exchange dealers among others in the same line of service....
10 Pages (2500 words) Coursework
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us