Advanced Accounting Information Systems. Day 19 Control and Security Frameworks October 7, 2009. announcements. Assignment 3 Game plan Identify potential misclassified minutes Calculate rates by first identifying most recent contracts (i.e. max(Startdate)
Advanced Accounting Information Systems
Control and Security Frameworks
October 7, 2009
Identify potential misclassified minutes
Calculate rates by first identifying most recent contracts (i.e. max(Startdate)
Separate into flexible and fixed plans
Calculate charges per flexible
Calculate charges per fixed
Combine calculated charges per flexible and fixed (UNION)
Compare calculated to InvoiceLine charges
Merger/acquisition due diligence – significantly shorter time frame
What are the due diligence / audit objectives?
Some of the due diligence work is already done
Identified due diligence objectives (See Figure 3)
Started with prior audit procedures (see Figure 3)
No manufacturing costs since Threadchic is a retailer
Verify Threadchic paid for all purchases in a timely manner
join invoice and payment table using outer join to identify any invoices that were not paid yet
Verify inventory consistent with sales
For all items, sales price is 100 percent markup over cost except for marked down items with no sale in the last 21 days. List cost, lastSalesPrice, and calculate salesToCost to determine if each item markup is 100 percent
Verify inclusion of all purchases in inventory
Match purchases to inventory on SKU to find purchases with no entry in inventoryMaster.QOH
Match purchases to counted inventory on SKU to find purchases with no entry in inventoryCount.obsvQOH
Remember – inventoryMaster is Threadchic’s records
inventoryCount – contains number counted by the auditors
Understand risks faced by information assets
Comprehend relationship between risk and asset vulnerabilities
Understand nature and types of threats faced by the asset
Understand objectives of control and security of information assets and how these objectives are interrelated
Understand the building blocks of control (and security) frameworks for information systems
Apply a controls framework to a financial accounting system
What business objectives do you expect your new employee to achieve?
What operational and financial risks do you face with allowing an employee to run your hot dog cart?
How can the problem of lack of segregation of duties be addressed when you are away from the business?
What controls could you develop to mitigate (notice I did NOT say completely eliminate) the operational and financial risks identified above while achieving your business objectives?
How can we organize the controls identified above to ensure that our business objective is achieved?
Identify two control frameworks discussed in our textbook and determine if either framework would be useful if you were considering expanding your hot dog cart business
Probability of an attack on an information asset
Designed to minimize or eliminate the risks stemming from vulnerabilities
To design countermeasures
Procedures designed by management to provide reasonable assurance regarding achievement of specific objectives
Classification of internal controls
General vs application
Detective, preventive, or corrective
Protection from harm
Being able to depend on the information system
Acquire and develop applications and system software
Acquire technology infrastructure
Develop and maintain policies and procedures
Install and test application software and technology infrastructure
Define and manage service levels
Manage third-party services
Ensure systems security
Manage the configuration
Manage problems and incidents
Ten categories or sections
Asset classification and control
Physical and environmental security
Computer and operations management
System access control
System development and maintenance
Information and communication
Identify at least one difference between systems availability and business continuity
Why is disaster recovery planning important?
Is disaster recovery planning cost beneficial?