Accounting Assignment 2: Hacking the AIS Student’s name: Lecturer’s name: Date of Submission:

The business transactions are entered and documented in accounting systems. The accounting system records could be launched and kept up through both modernized and manual record keeping. The mechanized systems and the manual systems both have their particular peculiarities, the manual systems are costly as far as expense and time are concerned, however, they are useful for understanding of the underlying guideline of accounting, and the controls like isolation of obligations might be connected to the manual accounting systems. The electronic accounting systems, rather than the manual accounting systems are quick regarding the speed. The automated system does not commit the math errors in light of the fact that the information is simply needed to be entered in the first step, the alternate steps like keeping up ledgers and accounts is performed from the prior information that is already documented, and the possibilities of resulting mistakes are more improbable.(Peavler, 2014)

The automated systems are quicker not regarding making estimations, yet they are speedier in the way they recover thealready stored data. The automated systems are utilized by the majority of the advanced association, these systems have the complex dangers, and the most potential danger is the danger of hacking. As the information is simply needed to be entered in the introductory stage, the handling of the information is performed in a midway kept up system, the right to gain entrance to the systems implies the complete access to the information of the organization. Hence, the administration of the organization must take measures to moderate the danger of hacking the accounting information systems. An average control measures incorporate the nature’s domain, hazard evaluation, information, and correspondence, control exercises and observing. (Okoye and Tennyson, 2012) The historical backdrop of the organization for the hacking and extortion can foresee the disadvantage in the system, and accordingly the control environment of the organization can give the rules to actualizing any progressions or the control measures. The assessment of risk is applicable to the way of the business and the way of the transactions should likewise be archived, and the pertinent corporate influence skeleton must be actualized to guarantee the compelling working of the organization and its systems.

The organization administration has a lawful obligation to ensure the benefits, including the informational stakes, the illustration of which is the unapproved divulgence of money related information, however the assurance is not constrained to the unapproved gets to, yet the organization likewise has the obligation regarding control, harm, and exposure for information. The hacking of the accounting information system can bring about the harm, control and the loss of information, the organization will be unable to keep up the records of the business transactions, and the organization may be liable for the lawful results. Hence, the center obligation in keeping the danger of misrepresentation and unapproved access is held by the organization itself. (PR Newswire, 2014)

The money bureau of the organization has the obligation regarding misrepresentation location and avoidance; and in this classification, hacking is the most potential risk for the organization; the purpose behind hacking may be mechanical surveillance, and the information of items and monetary position could be gotten to by the contenders, which brings about debilitated position of the organization (PR Newswire, 2014). The accounting capacity is kept up by the division of accountants and accounting, it need to manage the threats of security, for this reason the inward controls are proposed by the money office, and the proposal from the review could be taken to actualize the successful measures for the avoidance of the misrepresentation.

The hacking of the system could be either ponder or unintentional. The conscious access may be from the contenders, the stakeholders to the organization, or the administration supplier. The reason for hacking in intentional unapproved access to the information security system is to get the learning of the prescient offer costs in future, the substance equation of any item or the control of any information to submit misrepresentation or to give spread to any current extortion. The risk appraisal ought to be made at each one level and the result of the unapproved must be evaluated. The IT division must work as a team with the information security administration supplier, and the administration supplier must be deliberately chosen to keep any disaster in future. The choice of the administration supplier must be made as per the agreeability of the administration supplier with the corporate legislation, rules, and the significant system up degree and authorizing must be observed and assessed consistently. The lapse of permitting if the administration supplier may open the system to the security dangers and in addition it lessens the viability of the system.

The risks on account of outsider increments and the administration supplier can likewise submit the hack, and can control it receipts and may exaggerate the. The organizations need to depend on the outside administration suppliers or the outsider when off the rack programming is not suitable for the business due to the size or intricacy of the business. . On account of outsourcing, the business settle the obligation by contracting an information base manager, the database methodology empowers the firm to make the individual in charge of the information administration and security, and this is the database chairman, which holds a definitive obligation (Canes, 2014). For dealing with the undertakings identified with participation between the organization and the outsider, the system executive is considered in charge of guaranteeing the safe state of the system. The system chairman have the charge over the inward system i.e. the centralization of the inside machine systems of the organization, furthermore the outside system, which is the connecting of the organization with the outer world through web.

The risk of fraud, error, or hacking are high in those organizations where the code of ethics or internal controls are not correctly applied (Turner & Weickgenannt, 2008). The internal controls are necessary and for this purpose, there must be application controls over the accounting software as well as the physical assets should also be safeguarded against the unauthorized access. The accounting information must be documented against the source document and must be externally verified in case of any discrepancy. The sequence of the discrepancy can predict the potential risk, and the existing hacking of the system. The internal controls implement the systematic nature of controls on the software.

The information security relates to the protection of information against the loss damage or disclosure, and the purpose of information security is to reduce the business risks related to the damage of information (Gertz, 2003). The information security helps the business in preventing the assets, and this is the information, which is reflected in the financial information, the hacking of this information can manipulate the data, and hence the financial information will not be of true and fair nature. The hacking can be detected through the statistical analysis of the information and evidencing the information against evidences like the initial invoice or the hard copies of the source documents. The other purpose of hacking is more dangerous, which is the espionage of the information for industrial usage. This intrusion cannot be detected through the statistical analysis, as the purpose of this is not to manipulate the information, but to copy the information for the competitive advantage, and when it is undetected, it is more dangerous than the manipulation of data in regards to the system security.

The three recommendationsfor businesses to secure their systems and assets from hackers are presented below:

Password controls should be provided to executives

The internal controls and the application controls can help in diminishing the risk of hacking. Hacking is the unapproved access and it might be because of physical access to the machine system, taking of the watchword and the remote access. The IT office, the accounting division, and the reporters of the accounting information administration supplier must out viable controls over the right to gain entrance to the system. The systems and information are powerless in admiration of hacking and unapproved access, in this manner it obliges a systematic methodology for securing the information, which is focused around the risk evaluation and controls set up to relieve risks. (California Office of Privacy Protection, 2012)  The right to gain entrance to the machine ought to be controlled by applying progressive passwords, and the risk ought to be dispersed for keeping the control of information and for this reason, the reinforcements must be kept up. The information can’t be singularly harmed from the hacking, yet it can likewise be harmed from any natural occurrence, for example, fire or surge, so this measure secures both the unapproved get to and hacking of the information.

Authorized access should be provided to the staff and members

The right to gain entrance to the information must be secure and the authorities ought to be permitted. The right to gain entrance of the information by a representative at the remote portable computer can open genuine risks to the information. The worker with remote access will give an opportunity to the complimentary dangers identified with his/ her system, and this risk will be added to the organization’s risk notwithstanding the particular risk to the specific representative getting to the information. (California Office of Privacy Protection, 2012)

Application controls should be added to enhance the security

The right to gain entrance to the systems and particularly the remote access ought to be approved, the systems ought to be in agreeability with the regulations and models, and the test of which ought to be frequently led; the systems ought to incorporate antivirus programming and gatecrasher recognition system. The application controls usage must be assessed routinely for guaranteeing the working of the system to counteract against any accounting hack. The accounting hack will bring about the taking or the loss of information, which could be brought on by an infection or pernicious programming. Notwithstanding the inner controls, the identification system must be set up to remove any vindictive programming or infection, and the wellsprings of these risks must be surveyed to keep the hack. (California Office of Privacy Protection, 2012)

References:

California Office of Privacy Protection, (2012), “Recommended Practice on Notice of Security

Breach Involving Personal Information”. Retrieved from:

http://oag.ca.gov/sites/all/files/agweb/pdfs/privacy/recom_breach_prac.pdf

Canes M., (2014), “Integrity and Reliability= Trustworthy Accounting ”. Retrieved from:

            http://www.bluelinkerp.com/newsroom/whitepapers/IntegrityReliability-Trustworthy                     Accounting_whitepaper.asp

Peavler R., (2014), “What Are Accounting Information Systems And What Are The Different

Types?” Retrieved from:http://bizfinance.about.com/od/accountingandcash/f/what-are-accounting-information-systems.htm

Okoye E. and Tennyson O., (2012), “Impact of Computerised Accounting System on External

Auidit Functions”. Retrieved from:

http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2022095