L e a r n I n g o b j e c t I v e s
Download 1.2 Mb. View original pdf
|
| Monitor the project. Companies should establish formal procedures for measuring and reporting a project’s status. The best approach is to divide the project into manageable tasks, assign responsibility for each task, and meet at least monthly to review progress and assess quality. CHANGE MANAGEMENT CONTROLS Organizations modify existing systems to reflect new business practices and to take advantage of IT advancements. Those in charge of changes should make sure they do not introduce errors and facilitate fraud. Behavioral aspects of change are discussed in Chapter 20 and change management controls are discussed in Chapter DESIGN AND USE OF DOCUMENTS AND RECORDS The proper design and use of electronic and paper documents and records help ensure the accurate and complete recording of all relevant transaction data. Their form and content should be as simple as possible, minimize errors, and facilitate review and verification. Documents that initiate a transaction should contain a space for authorizations. Those that transfer assets need a space for the receiving party’s signature. Documents should be sequentially prenumbered so each can be accounted for. An audit trail facilitates tracing individual transactions through the system, correcting errors, and verifying system output. Document, form, and screen design are discussed in Chapter SAFEGUARD ASSETS, RECORDS, AND DATA A company must protect its cash and physical assets as well as its information. Are- porter for Reuters noticed that Intentia, a Swedish software developer, released its first- and second-quarter earnings reports on websites with nearly identical web addresses. He guessed the third-quarter web address, found their unreleased numbers, and ran a story on the disappointing results. Intentia filed criminal hacking charges, but they were dismissed. The Swedish Stock Exchange censured Intentia for not protecting its financial information. Employees area much greater security risk than outsiders are. They are better able to hide their illegal acts, because they know system weakness better. Almost 50% of companies report that insiders access data without the proper authorization. A software engineer at America Online was charged with selling 92 million email addresses he illegally obtained using another employee’s identity (ID) and password. An Internet gambling business bought the names and used them to increase company earnings by $10,000 to $20,000 a day. The data theft was not uncovered fora year, until an anonymous tipster informed authorities that the gambling business was reselling the names to spammers selling herbal male enhancement products. Employees also cause unintentional threats, such as accidentally deleting company data, opening virus-laden email attachments, or trying to fix hardware or software without the appropriate expertise. These can result in crashed networks and hardware and software malfunctions as well as corrupt data. postimplementation review - Review, performed after anew system has been operating fora brief period, to ensure that it meets its planned objectives. systems integrator - An outside party hired to manage a company s systems development effort. CHAPTER 7 CONTROL AND ACCOUNTING INFORMATION SYSTEMS Chapters 8 through 10 discuss computer-based controls that help safeguard assets. In addition, it is important to Download 1.2 Mb. Share with your friends:
|