The objectives of the report are to investigate the perceived threats of computerized accounting information systems (CAIS) and to discuss how the impact of these threats can be reduced. The report covers the 19 perceived threats of CAIS, preventive controls, detective controls, corrective controls and auditors’ attestation of internal controls. Examples of controls given are authentication, authorization, physical access control, host and application hardening, encryption, training, log analysis, intrusion detection system (IDS), security testing, computer emergency response team (CERT), the role of Chief Security Officer (CSO) and patch management. The types of analysis used in the report are historical and qualitative analysis.
The most important and significant findings are that the perceived threats of CAIS can generally be categorized into 19 threats and the impact of all these threats can be reduced through the application of effective and unique preventive, detective, corrective controls particular to a business organization and auditors’ attestation of internal control.
1. Introduction
The report is written to investigate the perceived threats of computerized accounting information systems (CAIS) and to discuss how these threats can be reduced. In doing so, there are a number of limitations encountered including the lack of recent research in the area of perceived threats to CAIS and its corresponding solutions to the problems in Australia. In general, the report lists the 19 perceived threats of CAIS and the fastest growing threats among these 19 threats, covers the discussion of preventive controls, detective controls and corrective controls which includes authentication, authorization, physical access control, host and application hardening, encryption, training, log analysis, intrusion detection system (IDS), security testing, computer emergency response team (CERT), the role of Chief Security Officer (CSO), patch management and
References: Considine, B, Razeed, A, Lee, M, Speer, D & Collier, P 2008, Accounting Information Systems: Understanding Business Processes, 2nd edition, John Wiley & Sons, Milton, Qld, pp. 277-319. Hall, J.A 2004, Accounting Information Systems, 4th edition, Thomson South-Western, Ohio, USA, pp. 764-852. Jones, F.L & Rama, D.V 2006, Accounting Information Systems: A Business Process Approach, 2nd edition, Thomson South-Western, Ohio, USA, pp. 103-136. Leung, P, Coram, P, Cooper, BJ & Richardson, P 2009, Modern Auditing & Assurance Services, 4th edition, John Wiley & Sons, Milton, Qld, pp. 314-315. Loch, K.D, Houston, H.C & Warkentin, M.E 1992, ‘Threats to Information Systems: Today’s Reality, Yesterday’s Understanding’, MIS Quarterly, vol. 18, no. 2, pp. 173-186. Romney, M.B & Steinbart, P.J 2006, Accounting Information Systems, 10th edition, Pearson Education Inc, New Jersey, USA, pp. 236-268. Beard, D & Wen, H.J 2007, ‘Reducing the Threat Levels for Accounting Information Systems’, The CPA Journal, May 2007, viewed 8 April 2010, pp. 1-9, .