COMPUTERIZED ACCOUNTING INFORMATION SYSTEM ADOPTION AMONG ...
audit in Computerized accounting system
-
Upload
jean-remollino -
Category
Documents
-
view
224 -
download
0
Transcript of audit in Computerized accounting system
-
8/13/2019 audit in Computerized accounting system
1/21
Encryption
It is the conversion of data into a secret code forstorage in databases and transmission overnetworks.
The sender uses an encryption algorithm toconvert the original message into a codedequivalent. And decoded it back
Caesar Cipher earliest encryption method
-
8/13/2019 audit in Computerized accounting system
2/21
2 fundamental components
Keymathematical value selected
Algorithm- the simple procedure of shifting eachletter in a cleartext message the number of positionsindicated by the key value.
Ex. +3 shift each letter three places to the right
A in clear text would be represented as letter D inciphertext message.
Modern day encryption algorithm- more complex andencryption keys are 40-128 bits in length.
-
8/13/2019 audit in Computerized accounting system
3/21
Plain: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Cipher: XYZABCDEFGHIJKLMNOPQRSTUVW
When encrypting, a person looks up each letter of
the message in the "plain" line and writes down the
corresponding letter in the "cipher" line. Decipheringis done in reverse, with a right shift of 3.
Ciphertext: QEB NRFZH YOLTK CLU GRJMP LSBO QEBIXWV ALD
Plaintext: the quick brown fox jumps over the lazy dog
-
8/13/2019 audit in Computerized accounting system
4/21
2 Commonly Used Methods of Encryption
Private Key Encryption Data Encryption Standard (DES)
Uses a single key known to both sender and thereceiver of the message
Public Key Encryption
Uses two different keys:
one for encoding the message and the other for
decoding
-
8/13/2019 audit in Computerized accounting system
5/21
Data Encryption Standard Technique
Cleartext
MessageEncryption
Program
Key
CiphertextCommunications
System
Communications
SystemCiphertextEncryptionProgram
Cleartext
Message
SENDER
RECEIVER
KeyExtensionuse double encryption
-
8/13/2019 audit in Computerized accounting system
6/21
Digital Certificates/ Digital Signatures
Digital Certificates is an attachment to anelectronic message used for security purposes
- to verify that a user sending a message is who heor she claims to be.
- to provide the receiver with a means to encode areply.
Most widely used DC- X.509
-
8/13/2019 audit in Computerized accounting system
7/21
Send an encrypted message
internetCertificate Authority
decode verifies send
-
8/13/2019 audit in Computerized accounting system
8/21
-
8/13/2019 audit in Computerized accounting system
9/21
Business Recovery Plan-known as DRP
-effective control in e-commerce firms
Incident Response Plan-a similar technique
- prepare and plan for such event and if it
occurs then processes can be handledwithout pressure.
-
8/13/2019 audit in Computerized accounting system
10/21
Controlling Exposures from EquipmentFailure
Line Errors
Echo Check
Involves returning of messages by the receiver tothe sender
Parity Check
Incorporates an extra bit (parity bit) into thestructure of a bit string when it is created or
transmitted
Most common problem
The noise on communication lines are consist
random signals
-
8/13/2019 audit in Computerized accounting system
11/21
Vertical and Horizontal ParityUsing Odd Parity
1 0 1 1 0 0 0
0 0 0 0 0 0 01 1 1 1 1 0 0
0 0 0 0 0 1 1
0 0 0 0 0 1 1
1 0 1 0 1 1 1
1 1 1 0 1 0 0
0 0 1 0 0 1 1
1 1 0 1 0 1 1
0
10
1
1
0
1
0
0
VERTICAL PARITY
BIT
HORIZONTALPARITY BIT
BIT
STRUCTURE
OF
CHARACTER
BLOCK OF DATA END OFMESSAGE
START OFMESSAGE
-
8/13/2019 audit in Computerized accounting system
12/21
Audit Objectives
Verify the security and integrity of the electroniccommerce transactions by determining thatcontrols
1.) can detect and correct message loss due toequipment failure,
2.) can prevent and detect illegal access bothinternally and from the internet, and
3.) will render useless any data that are successfullycaptured by a perpetrator
-
8/13/2019 audit in Computerized accounting system
13/21
Audit Objectives
Verify that backup procedures are sufficient topreserve the integrity and physical security of thedatabases and other files connected to the network.
Determine that .
all EDI transactions are authorized, validated, and incompliance with the trading partner agreement;
no unauthorized organization accessed database records;
authorized trading partners have access only to approved
data and adequate controls are in place to ensure a complete audit
trail of all EDI transactions
-
8/13/2019 audit in Computerized accounting system
14/21
Verify that backup is performed routinely
and frequently facilitate the recovery of
lost, destroyed and corrupted data Production databases should be copied
at regular intervals
Verify that automatic backup procedures
are in place and are functioning, copiesare stored off-site
Back up control for Networks
-
8/13/2019 audit in Computerized accounting system
15/21
Any unauthorized trading partner transactions are
rejected by the VAN before they reach the vendorsystem
Before being converted, the translation software can
validate the TPs ID and password against a validation
file in the firms database
Before processing, the TPs application software canvalidated the transaction by referencing the valid
customer and vendor files.
TRANSACTION VALIDATION
To guard against unauthorized access, each company
must establish valid vendor and customer files
User authority tables can also be established.
Access Control
-
8/13/2019 audit in Computerized accounting system
16/21
Test of Validation Controls Review agreements with the VAN facility to validate transactions
and ensure that information is complete and correct Examine the organizations valid trading partner file for accuracy
and completeness.
Test of Access Controls Verify control adequacy in 3 ways
Determine that access is limited to authorized employees only
Reconcile the terms of the trading partners agreement against
the access privileges stated in the database authority table The auditor should simulate access by a sample of TP and
attempt to violate access privileges
-
8/13/2019 audit in Computerized accounting system
17/21
The auditor should verify that EDIsystem produces a transaction log
that tracks transaction through all
stages of processing.
Test of Audit Trail Controls
-
8/13/2019 audit in Computerized accounting system
18/21
-
8/13/2019 audit in Computerized accounting system
19/21
Verify the encryption process by transmitting a test message
and examining the contents at various points along the
channel between the sending and receiving locations
Review the adequacy of the firewall in achieving the proper
balance between control and convenience based on the
organizations business objectives and potential risks
-
8/13/2019 audit in Computerized accounting system
20/21
Criteria for Assessing the FirewallEffectiveness
Flexibility Proxy services Filtering
Segregation of
systemsAudit tools
Probe for
weaknesses
Review password
controlprocedures
-
8/13/2019 audit in Computerized accounting system
21/21