1 / 25

Advanced Accounting Information Systems

Advanced Accounting Information Systems. Day 19 Control and Security Frameworks October 7, 2009. announcements. Assignment 3 Game plan Identify potential misclassified minutes Calculate rates by first identifying most recent contracts (i.e. max(Startdate)

damian-lott
Download Presentation

Advanced Accounting Information Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Advanced Accounting Information Systems Day 19 Control and Security Frameworks October 7, 2009

  2. announcements Assignment 3 Game plan Identify potential misclassified minutes Calculate rates by first identifying most recent contracts (i.e. max(Startdate) Separate into flexible and fixed plans Calculate minutes Calculate charges per flexible Calculate charges per fixed Combine calculated charges per flexible and fixed (UNION) Compare calculated to InvoiceLine charges

  3. announcements Assignment 4 Merger/acquisition due diligence – significantly shorter time frame What are the due diligence / audit objectives? Some of the due diligence work is already done Identified due diligence objectives (See Figure 3) Started with prior audit procedures (see Figure 3) No manufacturing costs since Threadchic is a retailer

  4. announcements Assignment 4 Existence procedure Verify Threadchic paid for all purchases in a timely manner join invoice and payment table using outer join to identify any invoices that were not paid yet Verify inventory consistent with sales For all items, sales price is 100 percent markup over cost except for marked down items with no sale in the last 21 days. List cost, lastSalesPrice, and calculate salesToCost to determine if each item markup is 100 percent

  5. announcements Assignment 4 Completeness procedure Verify inclusion of all purchases in inventory Match purchases to inventory on SKU to find purchases with no entry in inventoryMaster.QOH Match purchases to counted inventory on SKU to find purchases with no entry in inventoryCount.obsvQOH Remember – inventoryMaster is Threadchic’s records inventoryCount – contains number counted by the auditors

  6. Objectives Understand risks faced by information assets Comprehend relationship between risk and asset vulnerabilities Understand nature and types of threats faced by the asset Understand objectives of control and security of information assets and how these objectives are interrelated Understand the building blocks of control (and security) frameworks for information systems Apply a controls framework to a financial accounting system

  7. Hot Dog Cart Case What business objectives do you expect your new employee to achieve? What operational and financial risks do you face with allowing an employee to run your hot dog cart?

  8. Hot Dog Cart Case How can the problem of lack of segregation of duties be addressed when you are away from the business?

  9. Hot Dog Cart Case What controls could you develop to mitigate (notice I did NOT say completely eliminate) the operational and financial risks identified above while achieving your business objectives?

  10. Hot Dog Cart Case How can we organize the controls identified above to ensure that our business objective is achieved?

  11. Questions for Wednesday Identify two control frameworks discussed in our textbook and determine if either framework would be useful if you were considering expanding your hot dog cart business

  12. Purpose of internal control framework

  13. Information Assets

  14. Information Assets

  15. Threat Probability of an attack on an information asset

  16. Countermeasures Designed to minimize or eliminate the risks stemming from vulnerabilities To design countermeasures

  17. Definition of internal control Procedures designed by management to provide reasonable assurance regarding achievement of specific objectives Classification of internal controls General vs application Detective, preventive, or corrective

  18. Definition of Information Security Protection from harm Being able to depend on the information system Two categories Physical security Logical security

  19. Four objectives of internal controls

  20. Information Security Objectives

  21. Frameworks for control and security

  22. COBIT control objectives Acquire and develop applications and system software Acquire technology infrastructure Develop and maintain policies and procedures Install and test application software and technology infrastructure Manage change Define and manage service levels Manage third-party services Ensure systems security Manage the configuration Manage problems and incidents Manage data Manage operations

  23. ISO 17799 Ten categories or sections Security policy Security organization Asset classification and control Personnel security Physical and environmental security Computer and operations management System access control System development and maintenance Compliance

  24. COSO Control environment Risk assessment Control activities Information and communication Monitoring

  25. Questions for Friday / Monday Identify at least one difference between systems availability and business continuity Why is disaster recovery planning important? Is disaster recovery planning cost beneficial?

More Related