Chapter 10: Computer Controls for Organizations and Accounting Information Systems Introduction Enterprise Level Controls General Controls for Information Technology Application Controls for Transaction Processing Chapter 10-1 Enterprise Level Controls Consistent policies and procedures Management’s risk assessment process Centralized processing and controls Controls to monitor results of operations Chapter 10-2 Enterprise Level Controls Controls to monitor the internal audit function, the audit committee, and self-assessment programs Period-end financial reporting process Board-approved policies that address significant business control and risk management practices Chapter 10-3 Risk Assessment and Security Policies Chapter 10-4 Integrated Security for the Organization Physical Security  Measures used to protect its facilities, resources, or proprietary data stored on physical media Logical Security  Limit access to system and information to authorized individuals Integrated Security  Combines physical and logical elements  Supported by comprehensive security policy Chapter 10-5 Physical and Logical Security Chapter 10-6 General Controls for Information Technology Access to Data, Hardware, and Software Protection of Systems and Data with Personnel Policies Protection of Systems and Data with Technology and Facilities Chapter 10-7 General Controls for Information Technology IT general controls apply to all information systems Major Objectives  Access to programs and data is limited to authorized users  Data and systems protected from change, theft, and loss  Computer programs are authorized, tested, and approved before usage Chapter 10-8 Access to Data, Hardware, and Software Utilization of strong passwords  or more characters in length… or longer  Different types of characters  Letters, numbers, symbols Biometric identification  Distinctive user physical characteristics  Voice patterns, fingerprints, facial patterns, retina prints Chapter 10-9 Security for Wireless Technology Utilization of wireless local area networks Virtual Private Network (VPN)  Allows remote access to entity resources Data Encryption  Data converted into a scrambled format  Converted back to meaningful format following transmission Chapter 10-10 Edit Tests Chapter 10-40 Edit Tests Chapter 10-41 Additional Input Controls Validity Test  Transactions matched with master data files  Transactions lacking a match are rejected Check-Digit Control Procedure Chapter 10-42 Processing Controls Purpose  Focus on manipulation of accounting data  Contribute to a good audit trail Two Types  Control totals  Data manipulation controls Chapter 10-43 Audit Trail Chapter 10-44 Control Totals Common Processing Control Procedures  Batch control total  Financial control total  Nonfinancial control total  Record count  Hash total Chapter 10-45 Data Manipulation Controls Data Processing  Following validation of input data  Data manipulated to produce decision-useful information Processing Control Procedures  Software Documentation  Error-Testing Compiler  Utilization of Test Data Chapter 10-46 Output Controls Purpose  Ensure validity  Ensure accuracy  Ensure completeness Major Types  Validating Processing Results  Regulating Distribution and Use of Printed Output Chapter 10-47 Output Controls Validating Processing Results  Preparation of activity listings  Provide detailed listings of changes to master files Regulating Distribution and Use of Printed Output  Forms control  Pre-numbered forms  Authorized distribution list Chapter 10-48 Study Break #4 A is a security appliance that runs behind a firewall and allows remote users to access entity resources by using wireless, handheld devices A Data encryption B WAN C Checkpoint D VPN Chapter 10-49 Study Break #4 - Answer A is a security appliance that runs behind a firewall and allows remote users to access entity resources by using wireless, handheld devices A Data encryption B WAN C Checkpoint D VPN Chapter 10-50 Study Break #5 Organizations use controls to prevent, detect, and correct errors and irregularities in transactions that are processed A Specific B General C Application D Input Chapter 10-51 Study Break #5 - Answer Organizations use controls to prevent, detect, and correct errors and irregularities in transactions that are processed A Specific B General C Application D Input Chapter 10-52 Copyright Copyright 2012 John Wiley & Sons, Inc All rights reserved Reproduction or translation of this work beyond that permitted in Section 117 of the 1976 United States Copyright Act without the express written permission of the copyright owner is unlawful Request for further information should be addressed to the Permissions Department, John Wiley & Sons, Inc The purchaser may make backup copies for his/her own use only and not for distribution or resale The Publisher assumes no responsibility for errors, omissions, or damages, caused by the use of these programs or from the use of the information contained herein Chapter 10-53 Chapter 10 Chapter 10-54 ... Security Chapter 10- 6 General Controls for Information Technology Access to Data, Hardware, and Software Protection of Systems and Data with Personnel Policies Protection of Systems and Data... physical security Chapter 10- 13 Additional Controls for Laptops Chapter 10- 14 Personnel Policies Separation of Duties  Separate Accounting and Information Processing from Other Subsystems  Separate... identification Chapter 10- 15 Separation of Duties Chapter 10- 16 Division of Responsibility in IT Environment Chapter 10- 17 Division of Responsibility in IT Environment Chapter 10- 18 Personnel