Scribd
Upload
17 views26 pages

Information Systems Control - AIS

Uploaded by

niemerggibaga
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
17 views26 pages

Information Systems Control - AIS

Uploaded by

niemerggibaga
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

ACCOUNTING INFORMATION SYSTEM

Information
Systems
Control
Overview
Introduction
Classification of Controls
Security Controls
Confidentiality Controls
Privacy Controls
Processing Integrity Controls
Availability Controls
Introduction
Today's businesses rely heavily on information
systems for operations, decision-making, and
financial reporting. Secure and reliable
information systems are crucial for protecting
assets, preventing fraud, and ensuring
compliance with regulations.
Introduction
A breakdown in information systems control can
lead to data breaches, financial losses,
reputational damage, and legal consequences.
Information Systems Control encompasses a
wide range of measures designed to prevent,
detect and correct security threats and
vulnerabilities.
Security Controls
These controls confine access to
the system and its data to
authorized users, while also
providing protection from any
number of system attack by
outside parties
Process in Developing Security Controls

ASSESSMENT Acquire & Monitor the


Develop System
Controls Once the monitoring
Assess whether
Management then system is installed, the
to accept
authorizes the management shall
information
expenditure of evaluate whether
systems risk with
funds to acquire or changes need to be
no further action
build the tools made to the existing
or to impose
controls or call for the
control to needed to install the
imposition of new
mitigate the risk indicated controls
controls
Preventive Controls

These controls are designed to keep


unauthorized access from occuring. They
are proactive measures designed to
safeguard the integrity and accuracy of
financial data
Types of Preventive Security
Cultural Reinforcement
Management must create and maintain a
strong culture of security awareness, so
that employees are more likely to follow
established system security policies
Employee Training
Employees need to have a clear
understanding of safe computer usage
practices such as not opening email
attachments from unknown sources
Types of Preventive Security
Authenticate Access
Verify the identity of a user, so that only
appropriate users, gain access to he AIS.

Authorize Access
Restricting users access to specific parts of
an AIS, as well as carefully defining the
actions they are allowed to take within
those areas.
Detective Controls

in case and attacker is able to circumvent


the preventive security Controls, an
organization needs to also have detective
Controls which identify the presence of
intruder
Preventive Security Controls
Install Logs
An access log can be used to investigate a
log information and to trace an attacker's
action within the system

Install Intrusion Detection System


It is a software that monitors a network for
malicious activity or policy abuses by
comparing actual network traffic to a
baseline set of rules.
Corrective Controls

This is a measure that usually require


human intervention

Formal Response Team


Patch Management System
Confidentiality Controls
Confidentiality controls are crucial
for protecting sensitive financial
and accounting data within an
organization. These controls aim to
prevent unauthorized access, use,
disclosure, or modification of
information.
Confidentiality Controls
Destroy Targeted Media
When sensitive documents have been
targeted for disposal, shred them prior to
putting them in the trash.

Encrypt Data
it is a method by which data are converted
from a readable form to an encoded
version that ca only be read by someone
having access to a decryption key.
Confidentiality Controls
Implement Data Loss Prevention Software
It detects and blocks attempts to move
designated confidential data out of a
network

Implement Digital Watermarking


it is a marker covertly embedded in a
document or file to spot copyright
infringement by third parties.
Confidentiality Controls
Lock up Documents
When confidential information is only
available on paper, store it in a secure
location

Minimize Screen Access


Configure all computers to switch to
screen saver mode after few minutes of
non-use so that sensitive information is not
displayed in screens
Privacy Controls
Privacy controls focus on
protecting personal information
within accounting systems,
ensuring that individuals' data is
handled responsibly and securely.
Generally Accepted Privacy Principles

1. Management
2. Notice
3. Choice & Consent
4. Collection
5. Use, Retention & Disposal
Generally Accepted Privacy Principles

6. Access
7. Disclosure to Third Parties
8. Security for Privacy
9. Quality
10. Monitoring & Enforcement
Privacy Controls
This ensures the accuracy,
completeness, and validity of data
during processing within an
accounting information system.
These controls aim to prevent
errors, fraud, and data corruption,
ultimately maintaining the
reliability of financial information.
General Categories of Control
Input Controls
Input controls are a crucial part of
accounting information systems (AIS) as
they ensure the accuracy, completeness,
and validity of data entered into the
system.
Processing Control
An organization should have a sufficient
number of controls to ensure that it's
system process data correctly
General Categories of Control
Output Controls
A firm should monitor the information
being generated by a system to ensure
that output is reasonable.
Availability Controls
Availability controls in accounting
information systems (AIS) focus on
ensuring that the system is
accessible and operational when
needed. This means preventing
downtime and ensuring that data
and applications are available to
authorized users.
Controls to Reduce Risk of System Downtime

1. Use multiple backups


2. Use redundant components
3. Protect data centers
4. Impose operator training
5. Develop a disaster recovery plan
Bachelor of Science in Accountancy 2

Members:

ABEJUELA, Kierl
GIBAGA, Niemer
HABITAN, Brian Andrei

THANK YOU!

You might also like