Accounting Info Systems W/lab

Accounting Info Systems w/Lab

Week 3 Writing Assignment

Professor: Douglas Letsch

7/26/2015

When it comes to security control, most companies are incapable of protecting data, and others are adequately reliable of protecting their data. As a result, if a company is neglectful of security controls they should be held accountable to the fullest. However, if they are taking the proper steps in security control then they should not be held reliable for losses stained in a successful attack made on their Accounting Information System (AIS) by outside sources. Most of the time why there is a successful attack on the AIS by an outside source is because companies’ fails to review both the internal and external audits so that they might gain an understanding of the company threats to the AIS security.

Accounting information system has many sources of threats, such as an employee accidently made an entry of bad data or they might gain access to an unauthorized computer and limit access to authorized users. The unauthorized user now possesses company sensitive files, like Social Security numbers, salary information, credit card numbers, and so on. Thus, AIS data should be encrypted, and access to the system should be surveyed along with tracing every employee’s system activity. According to Investopedia, “AIS needs internal controls that protect it from computer viruses, hackers and other internal and external threats to network security (Fontinelle, 2015).” Furthermore, it must be protected from natural disasters and power surges that can cause data loss (Fontinelle, 2015).

Now, companies should follow the laws and regulations to safeguard their AIS from threats. Fontinelle states that quality, reliability, and security are the key components of the effective AIS software. Therefore, managers rely on the information it outputs to make decisions for the company, and they need high-quality information to make sound decisions (Fontinelle, 2015). If the company is not taking, the adequate steps to protect AIS data, then they are allowing the system to be susceptible to outside hackers and unauthorized employees that can cause the company thousands of dollars. Companies may also jeopardize their credibility and reputation as a respectable company who have the public trust upon honesty once hackers and employees gain access to their files.

Threats to AIS are imminent because there are plenty of computers available to the public that it imposes threats to the network and some network have low security that it is easy for the perpetrators to hack the system. Companies’ internal control should consist of preventive control, detective controls, and corrective control, which these three controls work hand in hand. For instance, Preventive controls deter problems before they arise. Examples include hiring qualified personnel, segregating employee duties, and controlling physical access to assets and information. Detective controls discover problems that are not prevented. Examples include duplicate checking of calculations and preparing bank reconciliations and monthly trial balances. Corrective controls identify and correct problems as well as correct and recover from the resulting errors. Examples include maintaining backup copies of files, correcting data entry errors, and resubmitting transactions for subsequent processing (Romney 185).

Likewise, companies that do not adequately protect their data should be held liable for losses sustained to outside attacks on their accounting information systems. This is