Page 424 - Introduction to Business
P. 424
398 PART 4 Accounting
These objectives were originally taken from Statements on Auditing Standards
No. 1 (SAS No. 1), Section 320.28, and were incorporated in Section 13(b) of the 1934
Act. Consequently, the management and employees of a public company may be
civilly and criminally liable under the federal securities laws for failing to maintain
a sufficient internal control structure.
Computer Security of Accounting Information
From watching movies and television shows, you might think that the greatest
threat to computer security is intentional sabotage or unauthorized access to data
or equipment. For most organizations this is simply not reality. There are five basic
threats to security.
Natural disasters
Dishonest employees
Disgruntled employees
Persons external to the organization
Unintentional errors and omissions
The extent to which each of these threats is actually realized is shown in Exhibit 11.8.
EXHIBIT 11.8 Unintentional errors and omissions cause the great majority of
the problems concerning computer security. Errors and omissions
Threats to Computer Security of are particularly prevalent in systems of sloppy design, implementa-
Accounting Information
tion, and operation. On the other hand, if the systems development
External persons 5% process is done properly, errors and omissions will be minimized.
An effective internal control structure is an integral part of any reli-
Natural disaster 8%
able information system.
Disgruntled A key to computer security and the success of any control
employees 10%
structure is the people of the organization. Systems development
Dishonest Human is most effective when the users are involved and most likely to fail
employees 10% errors 67% when they are not. To develop effective computer security, man-
agement should consider the following positive steps:
1. Design controls and security techniques to ensure that all access
to and use of the information system can be traced back to the
user.
2. Restrict access by users to the parts of the system directly related to
their jobs.
3. Conduct periodic security training.
4. Assign an individual or committee to administer system security in an inde-
pendent manner.
5. Clearly communicate and consistently enforce security policies and procedures.
A primary motive for a well-designed set of internal controls is to support the
fiscal management capabilities of the firm’s officers and employees. Inadequate
internal controls can severely hinder the fiscal management capabilities of officers
and employees and place them in a position where they may be unduly tempted to
become engaged in questionable activities and accounting practices. Chaotic
accounting and fiscal management conditions resulting from inadequate controls
place officers and employees under unnecessary conditions of stress. This can be
expected to impair their mental well-being and task effectiveness. Assuming that
officers and employees are honest, strong controls should be provided to guard
them from suspicion and false accusations.
Copyright 2010 Cengage Learning, Inc. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part.
