Accounting Information Systems

 ERP Configurations

 are client-server based
 can typically run on many operating system

platforms

 Centralized database

 stores information about each data
item just once

 makes it immediately available to
all the various functions

 Application interfaces

 a best-of-breed approach
 extended application interfaces

 Internet portals

 Are gateways to other web sites
 enhance communication and

productivity among employees,
customers, partners, and suppliers

 An ERP typically integrates

 financial functions,
 human resource functions,
 manufacturing functions, and
 sales and distribution functions.

Costs Benefits

 Hardware  Reduction in inventory
 Software investment
 Training
 Improvement in asset
 Technical management
 Business processes
 Improved decision-making
 Data conversion  Resolution of data
 Interfaces and
redundancy
customization and integrity problems
 Professional services  Increase in flexibility and
 Reassigned employees responsiveness
 Software maintenance  Improved customer service
 Software upgrades and satisfaction
 Global and supply chain
integration

Organizations have many choices when selecting AIS software:

Entry-Level Small–Medium Business

 Simply Accounting (SMB)

 Peachtree Sage ACCPAC Advantage

 QuickBooks Series

 Microsoft Small Business Sage MAS 90
Accounting MAS 200

High-End Enterprise Resource Macola ES
Planning (ERP) Cougar Mountain

 SAP NetSuite
 PeopleSoft Microsoft Dynamics GP

 J.D. Edwards

 Oracle

Organizations have many choices when selecting AIS software:

Special Industry Small–Medium Enterprise

 Peachtree Nonprofit (SME)

 Cougar Mountain Fund Sage MAS 500
(NFP) e by Epicor

 AccuBuild (construction) Lawson

 Everest POS (retail) Microsoft Dynamics AX

 Phoenix (insurance) mySAP All-in-One

Custom-Built

 Operating on cloud
 Don’t use sever or hardware for collection
 Maintenance fixed cost
 Working everywhere
 Convenience

 Example Software
 SAP on cloud
 Express on cloud
 PEAK (Thai software) Operation system online and on

cloud etc………..

Such as accounting program online
and on cloud

 โปรแกรมบญั ชี ออนไลน์ ทช่ี ่วยใหธ้ ุรกจิ เตบิ โตมากกว่า | PEAK (peakaccount.com)
 โปรแกรมบญั ชี ออนไลน์ สาหรบั นกั ธุรกจิ ยุคใหม่ (flowaccount.com)
 ระบบ ERP แบบ Cloud 1,700 บาท/เดอื น ทดลองฟรี | Ecount ERP
 โปรแกรมบญั ชอี อนไลน์ SMEMOVE || โปรแกรมสาเรจ็ รูปทดลองใชฟ้ รี
 ระบบจดั การรา้ นคา้ ออนไลนค์ รบวงจร ทางเลอื กใหมข่ องธุรกิจออนไลน์ | Ginee
 Bplus Mini ERP On Cloud (businessplus.co.th)

Chapter 6

Computer Crime, Ethics, and Privacy

-Introduction
-Computer Crime, Abuse, and Fraud
-Examples of Computer Crimes
-Mitigating Computer Crime and Fraud
-Ethical Issues, Privacy, and Identity Theft

Computer Crime & Abuse
the Difference

Computer crime involves the manipulation of a computer
or computer data, to dishonestly

◦ obtain money, acquire property, or get some other
advantage of value, or to cause a loss.

Computer abuse is when someone’s computer is used or
accessed

◦ a mischievous manner with a motive of revenge or
challenge

◦ is punishable in extreme cases

FEDERAL LEGISLATION

The Computer Fraud and Abuse Act (CFAA) of 1986
which was amended in 1994 and 1996
 -Defines computer fraud as an illegal act for which
computer technology is essential for its perpetration,
investigation, or prosecution.
 -Defines seven fraudulent acts, the first
three are described as misappropriation
of assets and the last four as “other” crimes

CFAA Fraudulent Acts

•-Unauthorized theft, use, access,
modification, copying, or destruction of
software or data.
•-Theft of money by altering computer
records or the theft of computer time.
•-Intent to illegally obtain information or
tangible Property through the use of
computers.

CFAA Fraudulent Acts

Use or the conspiracy to use computer
resources to commit a felony.

Theft, vandalism, destruction of computer
hardware.

Trafficking in passwords or other login
information for accessing a computer.

Extortion that uses a computer system
as a target.

Importance for Accountants

Importance of computer crime and abuse
to accountants
– because AISs

– help control an organization’s financial
resources are favored targets of disgruntled
employees seeking financial gain or seeking
revenge

Importance for Accountants

because they are responsible for

◦ designing,
◦ implementing, and
◦ monitoring the control procedures for AISs.

because firms suffer millions of dollars in
computer-related losses

◦ due to viruses,
◦ unauthorized access, and
◦ denial of service attacks

Methods Used by Criminals

Hackers
– people who break into the computer files of

others for fun or personal gain.
Shoulder surfing
– stealing calling credit numbers at public phones
Password controls
– limiting computer access to bona fide users

Computer Viruses

Computer virus is a program
 that disrupts normal data processing and
 that can usually replicate itself onto other files, computer systems

or networks.
Boot-sector viruses
 hide in the boot sectors of a disk
 are accessed there by the operating system

every time the system is booted.
Worm viruses
 replicate themselves until the user runs

out of memory or disk space.

Computer Virus Programs

Trojan Horse programs
 reside in legitimate copies of

computer programs.
Logic Bomb programs
 remain dormant until the computer

system encounters a specific condition.
A virus may be stored in an applet, which is a small
program stored on a WWW server.

Thwarting Computer Viruses

-Firewalls which limit external access to
the computer.
-Antivirus software.
-Antivirus control procedures.

Methods for Thwarting Computer
Abuse

Enlist top management support
Increase employee awareness and education
Conduct Security Inventory and protect passwords
Implement controls
Identify computer criminals

Look at technical backgrounds,
morals, and gender and age

Computers and Ethical Behavior

Ethics
◦ a set of moral principles or values
◦ governing an organization as well as individuals

Ethical behavior
◦ making choices and judgments that are morally
proper and then acting accordingly.

Ethical Issues

 Honesty
 Protecting Computer Systems
 Protecting Confidential Information
 Social Responsibility
 Rights of Privacy
 Acceptable Use of Computer

Hardware and Software.

Encouraging Ethical Behavior

– Use job promotions and other benefits to
reward those employees who act responsibly.

– Encourage employees to join professional organizations
with codes of conduct such as Codes of Conduct and
Good Practice for Certified Computer Professional.

Computers and Privacy Issues

• Company policies with respect to privacy issues

• Privacy policy should include

owho owns the computer
ofor what purposes can the computer be used
owhat uses are authorized or prohibited
odisposal of computers

Chapter 7

Introduction to Internal Control Systems

• Introduction
• Internal Control Systems

• Definition
• Framework

• Preventive, Detective, and Corrective Controls
• Control Activities within an Internal Control System
• Cost-Benefit Concept for Developing Controls

Introduction

An organization’s financial resources can
be protected from loss, waste, or theft by

• developing an internal control system
• implementing it within its AIS

An internal control system

• ensures reliable data processing
• promotes operational efficiency

Internal Control

It aims to achieve four main objectives:

• to safeguard assets
• to check the accuracy and reliability of accounting data
• to promote operational efficiency
• to encourage adherence to prescribed managerial

policies

Internal Control

Describes the policies, plans, and procedures
implemented by a firm to protect its assets.

• people involved include:

• board of directors
• management
• other personnel

• provides reasonable assurance of:

• effectiveness and efficiency,
• reliability of financial reporting, and
• compliance with applicable laws

and regulations

Objectives of the Internal Control
Structure

The objectives of the Control Structure are:

• Safeguarding assets
• Checking the accuracy and reliability

of accounting data

• Promoting operational efficiency
• Encouraging adherence to

prescribed managerial policies

Background Information
on Internal Controls

The key laws, professional guidance, and reports that
focus on internal controls are:

• Foreign Corrupt Practices Act 1977
• Treadway Commission Report 1977
• SAS No. 55 1988
• Committee of Sponsoring Organizations (COSO) Report

1992 SAS No. 78 1995

• Control Objectives for Business and IT (COBIT) 1995
• Information Federation for Information Processing 2001

Background of Internal Controls

• Results of The Committee of Sponsoring Organizations

(COSO) in 2017

• defines internal control and describes its components
• presents criteria to evaluate internal control systems
• provides guidance for public reporting on internal

controls

• offers materials to evaluate an internal control system

Components of Internal Control According to
the 2017 COSO Report

• Control Environment
• Risk Assessment
• Control Activities
• Information and

Communication

• Monitoring

The Control Environment

The Control Environment

• establishes the tone of a company,
• influences the control awareness of the employees.

Factors included within the control environment are:

Integrity, ethical values and competence of employees
Management philosophy and operating style
Assignment of authority and responsibility
The attention and direction provided by the
board of directors

Risk Assessment

Risk assessment involves
• recognition that every organization faces

risks to its success

• recognition that the sources are internal and external
• identification, analysis and action

to achieve the company’s goals

• use of cost-benefit analysis

Control Activities

Control activities:

• are the policies and procedures that ensure
• management directives are carried out,
• protection of the assets of the firm

• include a combination of
• manual controls
• automated controls.

Control Activities

• Can be categorized as
• approvals
• authorizations
• verifications
• reconciliations
• reviews of operating performance
• segregation of duties

Information and Communication

Management’s responsibility to make sure the
accounting system,

• collects
• measures
• processes
• communicates to individuals inside and outside

the firm

Information and Communication

Communication helps personnel
understand their roles and responsibilities to internal
control by the use of:

• policies and procedures manuals
• training sessions for new employees
• refreshers training for continuing employees

Monitoring

Monitoring

• is the process that assesses the quality

of internal control performance over time

• involves evaluating the design and

operation of controls on a timely basis,

• initiating corrective action when specific controls

are not functioning properly.

Subsidiary2017 COSO Enterprise Risk
Business UnitManagement Framework

Division Internal Environment
Objective Setting
Event Identification
Risk Assessment
Risk Response

Control Activities
Information & Communication

Monitoring

2017 Framework added elements
COSO

• Objective setting
• Event identification
• Risk response

Objective Setting

Enterprise’s objectives are viewed from these four
perspectives:

• Strategic; high level goals and mission
• Operations; day to day goals
• Reporting; internal and external
• Compliance; with laws and regulations

Control Procedures Analysis

Control Procedures can be classified as

• Preventive Controls

• to prevent some potential problem from

occurring when an activity is performed

• Detective Controls –

• alert us when preventive controls have failed

• Corrective controls

• to remedy problems discovered through

detective controls

Control Activities

Within an Internal Control System are
the following features

• a good Audit Trail
• sound personnel policies and competent employees
• separation of duties
• physical protection of assets
• internal reviews of controls by internal audit

subsystem

• Timely Performance Reports

Cost-Benefit Concept for
Developing Controls

A cost-benefit analysis

• should be conducted to make sure that the benefits

of planned controls exceed the cost of implementing
them in the system

• controls are considered cost-effective when their

anticipated benefits exceed their anticipated costs

• an ideal control is a control procedure that reduces

to practically zero the risk of an undetected error or
irregularity.

Cost Benefit Analysis

The benefits of additional control procedures

• result from risk of loss reductions.
• should include a measure of loss

• the exposure (potential loss associated with a control

problem) and

• risk (probability that the control problem will occur).

• are calculated as

• Expected loss = risk X exposure

CHAPTER 8

COMPUTER CONTROLS FOR
ACCOUNTING INFORMATION SYSTEMS

INFORMATION TECHNOLOGY GENERAL CONTROLS
• SECURITY FOR WIRELESS TECHNOLOGY
• CONTROLS FOR HARDWIRED NETWORK SYSTEMS
• SECURITY AND CONTROLS FOR MICROCOMPUTERS
• IT CONTROL OBJECTIVES FOR SARBANES-OXLEY
APPLICATION CONTROLS FOR TRANSACTION PROCESSING
• INPUT, PROCESSING, AND OUTPUT CONTROLS

INTRODUCTION

INTERNAL CONTROL SYSTEMS WITH FOCUS ON

• SPECIFIC SECURITY IN ORGANIZATIONS
• CONTROL PROCEDURES TO ENSURE

• EFFECTIVE USE OF RESOURCES
• EFFICIENT UTILIZATION OF RESOURCES

PRIMARY CHALLENGES ASSOCIATED WITH
CONNECTIVITY

• PROTECTION OF SENSITIVE DATA AND INFORMATION

• STORED OR
• TRANSFERRED

• PROVIDING APPROPRIATE SECURITY AND CONTROL
PROCEDURES

GENERAL CONTROLS FOR
ORGANIZATIONS

DEVELOPING AN APPROPRIATE SECURITY POLICY INVOLVES

• IDENTIFYING AND EVALUATING ASSETS
• IDENTIFYING THREATS
• ASSESSING RISK
• ASSIGNING RESPONSIBILITIES
• ESTABLISHING SECURITY POLICIES PLATFORMS
• IMPLEMENTING ACROSS THE ORGANIZATION
• MANAGING THE SECURITY PROGRAM