- Do you believe businesses rely too much on administrators to configure the security protocols in programs like SAP, rather than look for security in the entire network? Explain
- What is the relevance of only being able to have one posting period open at a time for real time financial postings? What does this prevent from happening?
- Consider the list of financial and accounting controls discussed in class. Rank them. Which to you believe is the most important, the least. Why?
- You’ve used various computer systems in your lifetime, career. System security is complex and often maligned as cumbersome, difficult, bureaucratic, etc. Have you seen these problems in your experience? Explain
Imran Jordan Kharabsheh says
1. I do believe that businesses have been making the mistake of focusing too much on individualized security protocols associated with their relevant programs such as SAP. Companies I have seen will more often than not shirk on the security details associated with the overall network environment of a company. By not paying a sufficient amount of attention to the overall network environment’s security, the company is put at more risk from outside threats. It could also lead to an increased threat of information being stolen as it leaves the company’s primary network to be stored elsewhere.
2. The ability to only modify ongoing financial postings plays an important role in maintaining compliance and, ultimately, building trust among company stakeholders. By not allowing people to go back and change previous financial postings, the company is preventing the risk of someone compromising the integrity of their financial data and potentially ruining future forecasts and ruining the company’s image of transparency. This can have devastating effects on the financial and reputational fronts if word were to get out.
3. If I were to rank the financial and accounting controls we learned in class based off of importance , I would definitely rank segregation of duties, implementation of a parking policy, and reconciliation among the most important. The controls I felt are less important, albeit not by much, are actively maintained foreign currency management and Guidelines that support the workflow. Do not misunderstand, however, as these can be interchangeable based on the circumstances of a company. For example, foreign currency management would be more relevant to companies that conduct business on an international scale, which is why I ranked it lower on priority. I chose Segregation of duties, parking policy, and financial reconciliation as the most important due to the inherent need for these in any company no matter the size or market of operation.
4. I, personally, do not see it as such, but I attribute that to my affinity with technology and my generation’s overall experience with ever-growing technology throughout our lifetime. I relate people who call this work difficult and bureaucratic to older people trying to cope and learn new technology and can’t comprehend how younger people can learn to use it so easily. Managing systems securities, being its own field of study now, requires extensive training and a passion, making it a hot item on the job market due to the scarcity of people trained in this new-age skill. So while others might see it as troublesome, I and many others who enjoy the field of study find it quite interesting to learn and tinker with.
Penghui Ai says
Hi Jordan, your answers are very interesting, For question 4, I totally agree with that our generation has more experience with the technology throughout our lifetime, so we are more aware of the importance of the system security.
Yuan Liu says
I totally agree with the answer for the second question. There is no trust and experience between two companies at the beginning of coordination. there should be a rule to make sure both side provider and customer agree to protect their own profit. The rule make sure there should not be any change from the accounting history. If there is any problem, such as fraud or vulnerability. It is convenient to find detail of problem to easier to track vulnerability.
Deepa Kuppuswamy says
1. Based on my understanding I would say that it is a good practice to have a strong security protocols at application level like SAP or in any similar systems and it good to invest time and effort by administrators in configuring strong security protocols because with the increased threats and vulnerabilities in network security layer this would act like an added additional fence in building strong security layer. Network security threats are becoming increasingly sophisticated and seem to multiply by the day, resulting in endless headaches for IT administrators. So I believe it is key for administrators to constantly evaluate current security measures at both system and network level to identify any shortcomings that may be exposing the company to risk.
2. When multiple posting periods are open at the same time it would favor committing financial statement fraud as seen in some of the accounting frauds like Enron, Satyam etc. Sometimes these errors might be intentional or unintentional like omitting the transactions to record, recording in wrong books, or wrong account or wrong totaling or premature revenue recognition and so on. Hence, it is important to keep only one posting period open at a time.
3. I guess financial and accounting controls are equally important in order to gain reasonable assurance regarding the achievement of objectives and in running a successful business. We cannot really rank unless we know which business sector the company is running on.
Rouying Tang says
Hello Kuppuswamy, thank you for your sharing. I do agree with you on the example about the potential accounting fraud caused by the failure of commiting the restriction on posting regarding on the period.
Penghui Ai says
1. I believe that businesses rely too much on administrators to configure the security protocols in programs like SAP, rather than look for security in the entire network. The security protocol itself is a great guideline for business to follow, but the business environment is different for each business. In addition, the security protocols in programs like SAP might focus on the security in the program instead of the entire network. Therefore, the business will still have vulnerabilities in their network if they just configure the security protocols.
2. Only being able to have one posting period open at a time for real-time financial postings is to make sure all accounts in books and system are on the same page, which is easy to audit. In addition, it decreases the risk of people makes changes on those financial data, so the integrity of information is prevented by this term.
3. Based on the list of financial and accounting controls discussed in class, I rank them from most important to least important, which are: document parking, transaction data timing, reconciliation, critical master data, account determination, and foreign currencies. I think the document parking is the most important because it will be continued eroding the validity of data if the company does not control this risk area, and it is to difficult to make assertions on whether the transaction actually exist?
4. I did experienced system security issue once when I was in elementary school. That was my first computer which I remembered that the system is Windows XP. Every elementary students’ first purpose to have a computer is to play games, so am I. While playing a game for a period, I started realizing that there was a helper called “plug-in” of the game that can help player growing faster in the game. Therefore, I start to search a free plug-in and download on a website. The file I download contained a virus, and my computer was affected because I do not have any anti-virus software on my computer. This is the only experience that I have trouble with system security. After that, I am aware of everything I download and have a anti-virus software on my computer, which prevents me from system security problem.
Haitao Huang says
Hi Ai,
Great explanation for each question. For the first question, I believe that traditional security has depended on network border sentries, such as appliance firewalls, proxies, centralized virus scanners, and even IDS/IPS/IDP solutions, to provide security for all of the interior nodes of a network. This is no longer considered best business practice because threats exist from within as well as without. A network is only as secure as its weakest element.
Rouying Tang says
1. Do you believe businesses rely too much on administrators to configure the security protocols in programs like SAP, rather than look for security in the entire network? Explain
I believe the network security and application security are equally important located at different level from the whole business architecture. So I believe relaying too much on administrators to configure the security protocols does be a common phenomenon for businesses. A separated attentions on overall network environment is equally needed. For example, the hacking techniques include social engineering are designed to overcome the applicational level of securities.
2. What is the relevance of only being able to have one posting period open at a time for real time financial postings? What does this prevent from happening?
The restriction on one posting period open at a time for real time financial postings can prevent the errors to make the postings on wrong period. It can protect the postings in the pervious period not to be rewrote or changed which can assure the accuracy, occurrence of the management assertions.
3. Consider the list of financial and accounting controls discussed in class. Rank them. Which to you believe is the most important, the least. Why?
I think it would depend on the scare and industry of the company. For example, the segregation of the duties are very important. However, in some start up companies, the number of employees limited the conduct of this controls, so other compensational controls must be in place to prevent frauds.
4. You’ve used various computer systems in your lifetime, career. System security is complex and often maligned as cumbersome, difficult, bureaucratic, etc. Have you seen these problems in your experience? Explain
Yes, I did experience against humanity designs. An very common example is that the input windows exceed the screen, so you can’t read what you have putted in(not the password.). besides, the combination of two systems also cause many problems.
Besides, lack of instructions on the systems are also horrible. I have a friend works on Marriott in China. Since the Marriot/ SPG merger, their systems are also connected. She is the only manager but also struggle on the new systems because no training are provided and even the guider books are in English.
Haitao Huang says
1. I don’t agree that business relies too much on administrators to configure the security protocols in programs like SAP, rather than look for security in the entire network because the endpoint security is an important component in the network and systems security. Endpoint security is a concept that each individual device or application must maintain local security whether or not its network or telecommunications channels also provide security. It is clear that any weakness in a network, whether on the border, on a server, or on a client, presents a risk to all elements within the organization. A system or network is only as secure as its weakest element. Even with secured communication protocols, it is still possible for abuse, misuse, oversight, or malicious action to occur across the network because it originated at an endpoint. All aspects of security from one end to the other, often called end-to-end security, must be addressed. Any unsecured point will be discovered eventually and abused.
2. Posting period means that the system will allow users to post documents and make changes to the documents in a specific time period. Posting period variant is used to control which accounting period is open for posting. The individual posting periods correspond to a calendar month and usually, at any one time, only one posting period may be open. Allowing only one posting period open at a time ensure the real-time display of business transactions in reporting. Proper implementation of the posting period prevents unauthorized posting or changes are being made to the previous records.
3. I think the organizational security policy is the most important control among all the financial and accounting controls that we’ve discussed in the class. An organizational security policy defines the scope of security needed by the organization and discusses the assets that require protection and the extent to which security solutions should go to provide the necessary protection. The security policy is used to assign responsibilities, define roles, specify audit requirements, outline enforcement processes, indicate compliance requirements, and define acceptable risk levels.
4. One of the most important things to consider when implementing system security is to find the balance between performance and security. For example, If I want to protect my privacy when surfing the Internet, I would turn off several functions that are extremely convenient for daily use in my browser, such as disabling cookies, disallowing websites to track my browsing traffic, and disabling the browser to keep browsing information. Although disabling those functions offer a little bit more protection to my privacy, it makes the browser extremely difficult to use. For example, I need to manually enter username and password every time when I need to log in a website since I disable the function that allows the browser to memorize such information.
Deepa Kuppuswamy says
I really appreciate the way you structured your answer for each question and the new discussion points that you have laid out. It made me to deep dive and learn about End to End security, network weakness, posting period variant. I guess end-point security is very important in any corporate environment as each device with a remote connection to the network creates a potential entry point for security threats and there is an increased threat to corporate network when multiple devices are connected remotely.
Peiran Liu says
1. In my opinion, relying on administrators are much better than looking for securities in the entire network. First of all, administrators are mostly well trained, so that they are much more reliable than the rest of the network. Also, if there are more and more people involved, the chance being fraud will also increased.
2. For focusing on only ongoing business for the company. This prevent duplication from happening.
3. There are mainly five kinds of controls and the ranking may vary between different companies. But for the most important part, in my opinion, should always be Transaction Data Timing. The ‘real-time’ routine transactions and manual non-routine transactions are both very important for the its own kind of control focus.
4, I have no security issue while I am using a Mac, but I had some security issue when I was using a PC. The main problem I was facing was that applications seem always have authorizations to control my PC, as I didn’t give them and the chance being controlled by other PC has also showed as I didn’t have any notifications once I contact the support for some remote help.
Deepa Kuppuswamy says
From my opinion, I guess network and system security should be viewed with equal importance because network security is very important nowadays as there is an increased cyber threats to company when company’s endpoints like smartphones, PC’s IoT devices and laptops are connect to company’s network remotely. Combination of hardware and software provides multiple layers of security to defend the network against various threats.
Yuan Liu says
I do not think companies or organizations rely too much on administrators to configure the security protocols in programs, rather than look for security in the entire network,,because there would be limited resource in the business to check its operation security. No matter what kind of business, there could be limited human resource and operation fund. The company or organization should try their best to use them more effective and efficient, which means IT auditors need to use limited resource to find if there is any fraud or vulnerability in the company operation system. I think using administrators application should be the most reasonable option with low cost and high effective performance, because the administrators application such as SAP system has been developed for a long time, which means they system is reliable and stable running to audit company operation system. The company do not need to invest on creation of another system. In lots of beginning business, the budget of system security check is really limited or even there is no budget for that, so it is the only choice to use administrators application.
2. The relevance of only being able to have one posting period open at a time for real time financial postings is that there should be no change of accounting history before the trading transaction finished between two business,. This rule is good for building reliable relationship between two businesses, because there is no trust at the first coordination between two business. There should be a rule to protect both sides of transaction, provider and customer. If there is any issue during the process of order to cash, both side of business can check detail through the accounting history. In addition, the rule is good for reputation protection. if there is any problem, company can show the history without any changes to clear its reputation.
3. Cost controls relate to the appropriateness of business expenditures and can be accounted for on an enterprise level or at the project level (or both), this relates primarily to the efficiency with which cash is spent. Are you getting the best pricing on things you purchase, are materials and labor being used in the most efficient and profitable manner. Financial controls refer to the ability of a business to ensure that cash is being spent on business expenses. Also, known as Internal Controls. Essentially financial controls are in place to ensure that company funds are not taken for non business expenditures. I think both of them are same important in the company in the internal control. Cost control focus on the price and financial control focus on the financial activity. Both of them are essential for company’s operation security.
4. My experience about difficult use computer operation system is VISITA. I was in high school and first time to use computer. The system was easy to use and understand based on advanced graphic user interface. However, the system really rely on the hardware performance, such as CPU and memory. My computer is not strong enough to run the system. so there was always suddenly shut down on my screen and I need to restart many times.