A disaster recovery plan (DRP) is a documented process or set of procedures to recover and protect a business IT infrastructure in the event of a disaster. Such plan, ordinarily documented in written form, specifies procedures an organization is to follow in the event of a disaster. For more details visit http://www.helpwithassignment.com/accounting-assignment-help
A disaster recovery plan (DRP) is a documented process or set of procedures to recover and protect a business IT infrastructure in the event of a disaster. Such plan, ordinarily documented in written form, specifies procedures an organization is to follow in the event of a disaster. For more details visit http://www.helpwithassignment.com/accounting-assignment-help
A disaster recovery plan (DRP) is a documented process or set of procedures to recover and protect a business IT infrastructure in the event of a disaster. Such plan, ordinarily documented in written form, specifies procedures an organization is to follow in the event of a disaster. For more details visit http://www.helpwithassignment.com/accounting-assignment-help
Prepared by: Dr. Savanid (Nui) Vatanasakdakul 1 Aims of a computerised accounting information systems General and application controls Limitations of controls Threats to internal controls 2 2 3 Identify 3 advantages of computerised application controls. 4 ____________________________________________ ____________________________________________ ____________________________________________ ____________________________________________ ____________________________________________ ____________________________________________ __________________________________________ 3 5 Consistent execution, authorisation, and application Enforce Completeness More difficult to avoid More timely and efficient to execute More timely reporting and feedback!! etc Proper authorisation such as authoring valid transaction Proper record such as input and output accuracy Completeness Timeliness 6 4 General Control Policies/procedures relating to many applications Support the effective operation of application controls Application Control Manual or automated Operate within a business process / application Relate to the initiation, recording, reporting and processing of events Deal with the aims of occurrence, authorisation, completeness and accuracy 7 Some risks apply across a number of areas of the organisation. To address these risks we have GENERAL CONTROLS. General controls effect the overall information system. General controls are established with the aim of providing reasonable assurance that the internal control objectives are achieved. These controls effect all applications Seen as pervasive these controls will apply across almost all of the information systems in an organisation. Support the effective operation of application controls 8 5 9 Organisational Separation of duties Design, programming, operations, data entry, custody of documentation Policies and procedures Recruitment Termination Access To computer facilities To data files Authorised users Hardware Monitor and detect failures Systems Development User involvement Authorisation Documentation Access to systems software restricted Data protection Telecommunications Transmission / encryption techniques Other Disaster recovery Backup/Off site storage Physical controls Segregation of duties User access System development procedures User awareness of risks Data storage procedures 10 6 Users record transactions, authorize data to be processed, and use system output. Systems analysis helps users determine their information needs and then design an information system to meet those needs. Programming take the design provided by system analysts and creates an information system by writing the computer programs. Computer operations run the software on the companys computer. They ensure that data is input properly and correctly processed and the right output is produced. Database administration maintain and manage corporate databases and files. 11 Systems administration ensure that the different parts of an information system operate smoothly and efficiently. Network management ensure that all applicable devices are linked to the organisations internal and external networks and that the networks operate continuously and properly. Change management manage all changes to an organisations information system to ensure they are made smoothly and efficiently and to prevent errors and fraud. 12 7 Change management the person (usually a developer) who makes the IS change should be different from the person who makes the change available to users the process of making changes available to all users is usually called migration into production Why do we need to segregate these functions? 13 Wireless technology Virtual private networks Wired Networks Electronic eavesdropping Routing verification procedures Message acknowledgement procedures Microcomputers What unique risks do microcomputers present to an organisation? Location of computing facility Restrict employee access The use of Biometrics 14 8 Separation of duties Accounting from other sub-systems Responsibilities within IT Programming Data management Design / Analysis Testing Within a process Authorisation, Execution, Custody, Recording Computer accounts / Logins / Access controls 15 Fault tolerant / Built in redundancies Disk mirroring Backups Hierarchically performed Where to store backup data? How often to backup? Uninterruptible power supply 16 9 17 DRP refers to the strategy an organisation will put into action in the event of a disaster that disrupts normal operations. The aim is business continuity, i.e. to resume operations as soon as possible with minimal loss or disruption to data and information. This plan describes procedures to be followed in the case of an emergency as well as the role of each member of the disaster recovery team. 18 DRP Considers: Natural disasters Deliberate malicious acts Accidental destructive acts DRP Usually covers: Staff Employees Customers Suppliers Other Stakeholders Physical resources Buildings Equipments Cash Information resources Data Information 10 19 Temporary Site Hot site Cold site Staffing Evacuating threatened staff Enabling staff to operate in DRP mode Staff need to know their roles Restore relationships As organisations become integrated the information asset is increasing in importance Controls over specific systems/business processes Relate to the initiation, recording, reporting and processing of events Provide reasonable assurance that the events occurring in a system/process are authorised and recorded, and are processed completely, accurately and on a timely basis and that resources in that system are protected. Examples of systems/processes in an organisation: Sales system, Accounts receivable system, Purchases system, Payments system, Payroll, Financial Reporting, Inventory 20 11 Authorisation Is the person authorised to execute the transaction? Eg: Approvals for a large sale to proceed Recording Input Validity Is the data of the correct format/type? Does the data represent a valid event? Input Accuracy Is all data entered correct? Completeness Has all data about an event been recorded? Transaction level Have all events been recorded? Business process level Timeliness Is data captured, processed, stored and available as required by the needs of the business process? 21 Classification based on the stage in the process at which the control occurs Input controls Designed to ensure data entering the system is valid, complete and accurate Process controls Detect errors and irregularities in the processing of data Output controls Protect the outputs of a system 22 12 Observation, Recording and Transcription Feedback mechanism Eg: Customer reviews and signs sales form Dual observation Eg: Approval from a supervisor, more than one employee in execution of sale Pre-designed forms Pre-numbered Layout of forms How does a pre-designed form help? 23 Edit Tests Check validity and accuracy after data has been input Test of content Numeric, Alphabetic, Alphanumeric Test of reasonableness Is the input within a specified range of values Eg Hours worked per week is between 0 and 60 Test of sign (+ive, -ive) Test of completeness Test of sequence Has every document been input? Eg Cheques Requires pre-numbered source documents Test of consistency Check digit calculation Eg: Credit Card calculate security number from card number Card Number 1234 5678 9012 3456 Security Number: 687 24 13 Controls for the manipulation of data once it has been input. Batch control totals Record counts Sequence checks Run to run totals Which aims do they achieve? Reliable financial reporting Accuracy of data processing / updates Completeness of data processing / updates 25 26 Sale occurs and invoice prepared I nvoice 001 I nvoice 002 I nvoice 003 I nvoice 004 I nvoice 005 I nvoice 006 I nvoice 007 SALES DEPT DATA ENTRY CLERK I nvoice 001 I nvoice 002 I nvoice 003 I nvoice 004 I nvoice 005 I nvoice 007 Missing I nvoice 006 Invoices entered Checks for gaps in the sequence of pre- numbered documents and alerts Clerk of missing documents COMPUTER The sequence check has identified that I nvoice 006 has not been entered we do not have completeness. 14 The computer takes the daily credit sales data and updates the accounts receivable master balances. The new balance for the accounts receivable should equal the opening balance + credit sales 27 28 Credit Sales A/R Calculate check total Update Accts Receivable Compare totals COMPUTER SALES PERSON Sales Order Order Details Capture sales 15 29 They include: Financial control total Hash total Record count 30 16 Validation of process results Activity listings Distribution and Use Who is able to access the outputs? Where are the outputs printed to? Has the relevant user got all of the output 31 Judgement error Unexpected transaction Collusion Management override Weak internal controls Conflicting signals 32 17 Management incompetence External factors such as natural disasters Fraud Regulatory environment Information technology such as viruses, email attacks 33 34 Blair, B and Boyce, G, 2006 (Eds), Accounting Information Systems with Social and Organisational Perspectives, John Wiley, Milton Turner, L. & Weickgenannt, A. (2009) Accounting Information Systems: Controls and Processes, Wiley I wish to acknowledge Dr. Chadi Aouns input and material that were incorporated into the lecture slides as well as the supplementary material and sources provided by John Wiley publishers.