Decisions of managers heavily rely upon the effective information systems (Srinivas and Gopisetti, 2012). Accounting Information Systems contain confidential data of the company; this information can be accessed by the outside sources through a successful Accounting Information System attack. Management is the top on the priority list, being held responsible for security of the Accounting Information systems, because the establishment and maintaining of these Accounting Information Systems resides under them. No doubt, that information security is the technical subject but the responsibility of the security is the top management's issue.
Accounting Information Systems
Decisions of managers heavily rely upon the effective information systems (Srinivas and Gopisetti, 2012). Accounting Information Systems contain confidential data of the company; this information can be accessed by the outside sources through a successful Accounting Information System attack. Management is the top on the priority list, being held responsible for security of the Accounting Information systems, because the establishment and maintaining of these Accounting Information Systems resides under them. No doubt, that information security is the technical subject but the responsibility of the security is the top management's issue.
It is the responsibility of the senior management and accountants of the firm to work in cooperation with IT department and enforce adequate security measures to prevent the accounting systems. A considerable amount of budget and time should be allocated for securing and controlling these systems so that there are fewer chances of attacks from outsiders.
The problem is that the management considers Accounting Information Systems as a onetime expense, which is a wrong approach. These systems need regular updating and maintenance by IT managers in coordination with the firms' senior management. Managements that do not consider this issue seriously and try to reduce expenses by not updating the systems, suffer from AIS attacks.
The liability is usually on the party who acted in negligence that can be either the IT department or the senior management. Therefore, firm's management should be held liable for the losses, as it is solely responsible for selection and application of internal controls to prevent accounting system from outside sources and other risks attached to it.
2.
Senior Management, Accountants and IT Managers are responsible not only for establishing but also for maintaining the internal controls. They should discuss and plan together the program upgrading, changes, operations and security control so that the confidential information in the Accounting Information System remains secure.
If the senior management was inform about, the threats and it did not approve the budget for improving and upgrading the Information Technology Security and Control System, than it should pay for the losses incurred by the company. However, if the IT senior managers confirmed that the Accounting Information System was secure and considered it a challenge for someone to get access to the confidential data, than the IT, team should be blamed and should pay for the losses incurred by the company due to outsider attack.
Sometimes, the losses incurred are by leak of information need thorough investigations. For instance, consider case of an employee, who recently resigned from the organization and joined the competitors' firm. It is the responsibility of the HR to inform the IT personal regarding his departure so that all the access provided to the employee is ceased. If the HR forgets to inform the IT personal or if the IT Personal forgets to cease the employee's access than the losses incurred will be beard by the responsible IT person.
3.
The greatest financial loss bear by the business security systems is caused by the viruses or unauthorized access to information. Attacks made by insiders are very common but those done by outsiders are taken more seriously and also publicized (Mukherjee and Heberlein, 1994). The Federal Government plays an important role in the protection of its citizen's private information that resides in their systems. Due to increased system attacks and breaches, government attention is drawn towards actions to be taken against those who are involved in system crimes (Knapp, Marshall, Rainer and Morrow, 2006).
The Federal Government of USA has come up with several Acts after the advent of Information Technology, that help in deciding who should be held responsible for the losses and what should be the punishments and remedies.
The Foreign Corrupt Practices Act 1977 and Sarbanes-Oxley (SOX) Act of 2002 have also laid legal implications on the management for the responsibility of these systems. The section 4o4 of SOX made compulsory for the management to maintain effective controls of all the information systems including the Accounting Information Systems.
4.
An outsider can harm the Accounting Information System of the company through several ways. For instance, he can provide the confidential information of the company's employees or customers to the competitors. He can also hijack the system or send a virus to the system that kills all the components of the system. Losses made can be recovered or not, depends upon the intensity of the loss the enemy has caused to the company.
You’re 87% through this paper. Sign up to read the full paper.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.