- Do you believe businesses rely too much on administrators to configure the security protocols in programs like SAP, rather than look for security in the entire network? Explain
- What is the relevance of only being able to have one posting period open at a time for real time financial postings? What does this prevent from happening?
- Consider the list of financial and accounting controls discussed in class. Rank them. Which to you believe is the most important, the least. Why?
- You’ve used various computer systems in your lifetime, career. System security is complex and often maligned as cumbersome, difficult, bureaucratic, etc. Have you seen these problems in your experience? Explain
Nathan A. Van Cleave says
1. Do you believe businesses rely too much on administrators to configure the security protocols in programs like SAP, rather than look for security in the entire network? Explain
If organizations rely too much on application level controls within SAP and not place enough reliance on IT general controls, there is a heightened risk of data integrity issues. So even if the SAP role based access and authorization protocols are in place, if the underlying IT functions support processes like network and interface security are inadequate, it may render those authorization and segregation of duties useless or easily bypassed.
Nathan A. Van Cleave says
2. What is the relevance of only being able to have one posting period open at a time for real time financial postings? What does this prevent from happening?
It is a sensible control to have in place. If the the system is set up in such a way as to allow multiple posting periods to be opened simultaneously, it opens up the potential for increased errors. If only one posting period is open for real time financial postings, then there is not possibility of a malicious or erroneous posting to an incorrect period.
James T. Foggie says
Nathan.
Thanks for mentioning the point about reducing the possibilities of errors and erroneous data entry. I went directly to area of restricting/mitigating redundant work. Preventing errors is equally as important for sure.
Nathan A. Van Cleave says
3. Consider the list of financial and accounting controls discussed in class. Rank them. Which to you believe is the most important, the least. Why?
I don’t think there is one control more important than the other; rather, a comprehensive, robust control framework is what organizations should implement and place reliance on to prevent the financial and accounting issues discussed.
Enterprise Oversight/Governance
Written Standards and Controls (Compliance)
Training
Incident Management
Risk Assessment/Management
Communications
Discipline and Enforcement
Management Monitoring
Independent Business Monitoring
Independent Assurance
Pascal Allison says
Nathan, great point of equal importance of controls. If they were treated with importance, one control weakness could lead another which could create the same problem if not greater problem for a system or organization. It is very vibrant to treat all control equally. Risk is risk. Control is control.
Nathan A. Van Cleave says
4. You’ve used various computer systems in your lifetime, career. System security is complex and often maligned as cumbersome, difficult, bureaucratic, etc. Have you seen these problems in your experience? Explain
I’ve experienced cumbersome and bureaucratic system controls in both large and small companies. In the small company, it was a matter of the “IT Director” over managing or locking down system features like, browser access. In this case all employees had restricted access to Internet browsers unless there was an approved and documented rationale as why on Earth an employee would actually need to use the Internet to do their jobs. In some cases, sure, there was no rationale, but in other functions, like HR, that regularly need access to information, it was a hindrance. Overall, it’s just a senseless control/policy and completely builds the wrong kind of culture.
I think in larger companies the wider the net of controls there are. But I think the same rule applies, protect as much as possible without impeding people’s ability to effectively and efficiently do their jobs. I know recently, we had a network wide update to our endpoint protection that caused severe performance issues on a large number of machines. I’m sure the intent is to obviously to protect computers and the network from threats, and we likely part of a standard process to update or apply a patch.
Heiang Cheung says
Yeah, I agree that companies need to protect as much as possible without impeding people’s ability to do their job. This happened to me a couple of times where they would take access to a module away from me not knowing that I need it to do my job. Then I would have to talk to my manager to give me access to the module.
Mengqiao Liu says
Thank you for sharing the experience of system controls. Since I have never experienced the cumbersome and bureaucratic system controls, I can imagine unable to do the tasks without access permission.
Mahugnon B. Sohou says
Great point. I agree with you. Companies need to implement security measures that will not intefere with people’s Jobs.. I can imagine not being able to properly do your work because you are restricted access to certain modules. This can be quite difficult to deal with.
Nauman Shah says
1. Do you believe businesses rely too much on administrators to configure the security protocols in programs like SAP, rather than look for security in the entire network? Explain
Network security and application security are two completely different things, with a different purpose and expertise required to administer the two. For instance, network security professionals can make the network secure to prevent the hackers from hacking into the network and ultimately the application if it’s on the same network. However if role based access controls are not implemented, there is a risk of unauthorized changes happening in the system, regardless of how secure the network is.
Nauman Shah says
2. What is the relevance of only being able to have one posting period open at a time for real time financial postings? What does this prevent from happening?
Having one posting period open at a time reduces the likelihood of posting to the wrong period. More importantly it prevents fraud from happening, as users are unable to post entries to a closed period or future period.
Heiang Cheung says
Yeah, I agree because it stops people from going back and posting entries to cover stuff up.
Mahugnon B. Sohou says
I agree with you. Having one posting period open at a time reduces errors like the likelihood of posting to the wrong period and also prevents frauds. I developed the same idea in my post earlier.
Tamekia P. says
1. Do you believe businesses rely too much on administrators to configure the security protocols in programs like SAP, rather than look for security in the entire network? Explain
Business rely too much on administrators to configure security protocols because they assume that the system has been designed to address the risk. It is possible to configure security controls for the entire network but that would not appropriately address all of the risks. If the risks being addressed relate to the network being comprised then enough isn’t being done to mitigate issues within the company. The business should ensure that they are implementing the necessary blocks to reduce fraud such as segregation of duties or using tolerance groups.
James T. Foggie says
Tamekia,
Great points made in your post. Basically, what you describe is security in layers. Yes, there are system security challenges as well as business related security challenges. A healthy blend of system admin and business manager input into control designs is always a good thing.
Scott Radaszkiewicz says
I agree Tamekia, I think too often in business, management places a false sense of security in technology and believe the system will eliminate fraud. But they fail to realize that an improperly configured system is just as dangerous as a malicious employee! There must be a real understanding of what the system capable of doing and align that to the companies security needs.
Tamekia P. says
2. What is the relevance of only being able to have one posting period open at a time for real time financial postings? What does this prevent from happening?
The relevance of being able to have only one posting period open is to avoid errors. If there is only one period open then it is less likely that something would be incorrectly posted to the wrong periods.
Derrick A. Gyamfi says
Tameika,
Very well and simply put, I think with the implementation of a lot of financial controls, the underlying line is simply to avoid errors and reduce the risks of human mistakes.
Tamekia P. says
2. What is the relevance of only being able to have one posting period open at a time for real time financial postings? What does this prevent from happening?
The relevance of having only one posting period open is to prevent fraud. By having multiple posting periods open, people could post in future periods in the hopes of manipulating the results.
Tamekia P. says
3. Consider the list of financial and accounting controls discussed in class. Rank them. Which to you believe is the most important, the least. Why?
From most important to least: Segregation of Duties, Account Determination, Reconciliation, and Document Parking. Segregation of Duties is the most important to avoid users from circumventing the system and creating fictitious transactions. If the appropriate SoD controls are not in place, then the other controls are potentially less effective. Document parking is the least important because there are other controls that would mitigate the risk including establishing tolerance groups.
Tamekia P. says
4. You’ve used various computer systems in your lifetime, career. System security is complex and often maligned as cumbersome, difficult, bureaucratic, etc. Have you seen these problems in your experience? Explain
System security has a bad reputation related to its inconvenience. Required security protocols that didn’t impact the user experience would be appreciated. If there is a way to have security measures run in the background on a standard schedule then people would be less likely to complain about the issues.
Folake Stella Alabede says
2. What is the relevance of only being able to have one posting period open at a time for real time financial postings? What does this prevent from happening?
The Posting Period Variants in SAP is used to control which accounting period is open for postings and ensuring that closed period remain balanced and reconciled.
In order to minimize the possibility of user error and to maximize the efficiency of the General Ledger posting process, the number of accounting periods that are open at a time should be as limited as possible.
Folake Stella Alabede says
4. You’ve used various computer systems in your lifetime, career. System security is complex and often maligned as cumbersome, difficult, bureaucratic, etc. Have you seen these problems in your experience? Explain
Yes, and in some jobs it’s much harder and cumbersome than some others. For example, I’ve worked at an organization where you can only get by with the minimum resources required to do your job (i.e, no access to yahoo, no access to gmail, no access to youtube etc).
For another organization, we got access through Citrix. Citrix is a virtual desktop, and the Citrix receiver allows IT to centrally manage and update in one motion, as opposed to maintaining several different packages. So while logged in to Citrix, even though we didn’t have access to some applications/website which was needed to perform our job requirements, all we had to do was go out of the virtual desktop (citrix) to get the information we needed, which is kinda considerate.
But considering all the current vulnerabilities and threats, i feel organizations have equated cumbersome, difficult etc to meaning that they have a secure security system, which is not always the case
James T. Foggie says
Stella,
Thanks for sharing… great illustration of cumbersome experiences with respect to system security. Companies indeed have major challenges when it comes to protecting information assets. The Citrix environment you describe seems like a typical arrangement to mitigate certain risk associated access to data.
Although Cirtix can be an improvement to some alternatives, it can be viewed as cumbersome as well to some employees depending on the level of access and authorization needed to perform tasks of a job.
Mahugnon B. Sohou says
1. Do you believe businesses rely too much on administrators to configure the security protocols in programs like SAP, rather than look for security in the entire network? Explain
Businesses rely too much on administrators to configure security protocols within SAP and not enough on security in the entire network, because there is this assumption that the system was designed taking into consideration the risks and therefore would appropriately address them. Even if role based access controls are implemented in SAP, There is still a risk of the data being changed and therefore losing integrity, if the IT functions support processes are not adequate.
Mahugnon B. Sohou says
2. What is the relevance of only being able to have one posting period open at a time for real time financial postings? What does this prevent from happening?
It is an important control to have. Allowing multiple posting periods would create the potential for increased errors. It reduces the likelihood of something being incorrectly posted to the wrong period and it helps in preventing frauds by preventing users from posting entries to a closed period. Having multiple posting periods open, would allow people to post in future periods.
Mahugnon B. Sohou says
3. Consider the list of financial and accounting controls discussed in class. Rank them. Which to you believe is the most important, the least. Why?
Form my point of view the financial and accounting controls ranked from most important to least important would depend on the firm. But generally speaking we could classify them in this order Segragation of duty to avoid one person havinh total control over the system, and avoiding unauthorized access, and make suspicious changes to transactions. The controls to determine accountability for each processes like log reviews would be the next one, to know who is responsible for what action. Documentation would be the least important.
James T. Foggie says
1. Do you believe businesses rely too much on administrators to configure the security protocols in programs like SAP, rather than look for security in the entire network? Explain
I believe organizations are getting wiser as time evolves. More and more companies are strategically planning to “protect their perimeters” in an attempt to further mitigate their risk exposure. That being said, network security has become more a part of corporate objectives because it directly impacts the business objectives of the organization.
I do not believe organizations are relying too much on sys admins; these subject matter experts (SMEs) are required when implementing an instance of SAP. Effective controls within any ERP are vital to the desired end results of the system. Sys admins can ensure that controls configured properly within the tool. This does not mean that finance SMEs cannot participate in the configuration process… actually, I would encourage finance team members to have a say in the configuration planning. Having a representative from finance attend the SAP configuration planning meetings would ensure that the sys admin
understands all of the business requirements of the tool so that it (SAP instance) is configured in a way that makes the controls most effective.
James T. Foggie says
2. What is the relevance of only being able to have one posting period open at a time for real time financial postings? What does this prevent from happening?
By ensuring one posting period open at a time, balance is maintained across the closed periods will the open period updated.This maintains the integrity of the data (figures) within all financial reporting within an organization.
James T. Foggie says
3. Consider the list of financial and accounting controls discussed in class. Rank them. Which to you believe is the most important, the least. Why?
When reviewing controls, I will discuss and rank the ‘ISC framework in the ERP environment’ controls listed on the slide we have discussed all semester. Here below is my ranking of controls (most important – to -least important):
(1) Authorizations & access protections (Confidentiality, Integrity)
– I ranked this control highest in importance because it involves mitigating risks that are associated with 2/3 of the CIA triangle.
(2) Entity level control
– I associate ‘entity level’ controls with securing the perimeter of the entity. “The Entity” could be referring to “the network”, “the application”, “the database” …
(3) IT General controls (change management, operation, security)
– These controls are important because they too lend themselves to the assurance of confidentiality, integrity, and availability of data.
The remaining controls listed are important but I feel the ones listed above rank higher due to their criticality with respect to the impact of risk that exist in the absence of the controls.
(4) Manual & Semi-automated business process controls
(5) Automated application controls
(6) Automated testing and monitoring of business processes, KPIs etc.
Heiang Cheung says
Hey James,
I agree that (1) Authorizations & access protections would be the most important and I thought of this as segregation of duties because if you only allow access to a person to do their particular job than they can’t do something else that they are not supposed to do.
Xiaozhou Yu says
Hi, James
Thanks for sharing your thoughts, this is a reasonable ranking, thanks for your detailed explanation. I also think segregation of duties is an important control for both finance and accounting, actually for all process within the organization. I believe, it is a fundamental control and support all other controls as well as operation.
James T. Foggie says
4.You’ve used various computer systems in your lifetime, career. System security is complex and often maligned as cumbersome, difficult, bureaucratic, etc. Have you seen these problems in your experience? Explain
System Security controls have come a long way! I would venture to say, that in many cases, system security has been stream-lined to make the controls (1) more user-friendly, while (2) becoming more efficient and effective. Let’s take user access controls as an example. Years ago, access controls used to be stand-alone simply because there were no other methods for securing systems and data. So, that meant users had to login into multiple systems in order to access tools and data needed to perform their job responsibilities. In the current IT environment, the advent of Single Sign-On (SSO) processes allow for more centralized user access control, while easing the user-experience for end-users. This is just one example of how IT system security has evolved over time.
Akiyah Baugh says
Hi James,
I agree system security has come a long way. SSO is very convenient when it’s working. There have been occasions where I update my password and my password is temporarily out of sync due to a system lag which causes me to get locked out of the system. However, that only happens once every six months. 🙂
Scott Radaszkiewicz says
James, I agree SSO has changed the way security is structured in a department. But that SSO has also increased the need to protect that one user login and password. If that one account gets out, someone has access to all of the resources for that account. I think that’s why you have seen such a proliferation of secondary authentication access, such as bio metrics.
Folake Stella Alabede says
1. Do you believe businesses rely too much on administrators to configure the security protocols in programs like SAP, rather than look for security in the entire network? Explain
I believe sometimes business rely too much on administrators to configure the security protocols. But ideally, it should be configuring the security in the entire network. For some organizations, I observed that business and IT sit together to check which aspect of the organizations business is critical and impacts financial statements, and they tend to design security protocols around that, sometimes with a high, medium or low risk rating., so instead of configuring the security protocols around specific programs, they configure it around critical business on the entire network
Mahugnon B. Sohou says
4. You’ve used various computer systems in your lifetime, career. System security is complex and often maligned as cumbersome, difficult, bureaucratic, etc. Have you seen these problems in your experience? Explain
Yes I have experience bureaucratic system controls in a company I interned. It is more difficult on some jobs than others. Some organization I have been with will strickly provide you with the minimum required to do your job, and no access to any extra things outside of that range. But considering all the current vulnerabilities and threats,Today many organizations see difficult cumbersome secure security as being secured reliable due to sometimes there inconvenience to users, but it is not always true. With the right amount of cyber security knowledge there are ways to bypass these security measures. system, which is not always the case.
Derrick A. Gyamfi says
Casid,
I do agree that the complexity of a system security varies by the organization. This is also extremely important depending on the extent of PII data held by the organization. I think the more classified the data held by the organization, the more laws and regulations the organization will have to comply by resulting in an increase in the complexity and nuisance of system security.
Folake Stella Alabede says
3. Consider the list of financial and accounting controls discussed in class. Rank them. Which to you believe is the most important, the least. Why?
I think we always get this question about what control is the most important vs the least important, and again, I believe it’s a ripple effect, each of the financial and accounting controls are important in their own capacity, but even the so called “least important” control might cause a misstatement
Akiyah Baugh says
Do you believe businesses rely too much on administrators to configure the security protocols in programs like SAP, rather than look for security in the entire network? Explain
I think it depends on the business. I don’t believe all businesses rely too much on administrators to configure the security protocols in programs like SAP. I think businesses spend a lot of time, money, and resources securing the network infrastructure to protect the system from outside attacks. I actually think more time should be spent on securely the system from internal attacks (from the employees)
Robert Conard says
1. I think inn general businesses do rely too much on administrators to create the necessary controls to mitigate risk. Since much of the risk can occur at the user level, it is important for those members to be aware of the program’s risk factors. Using training and educational guides for program users, there will likely be a corresponding increase in risk mitigation.
Akiyah Baugh says
What is the relevance of only being able to have one posting period open at a time for real time financial postings? What does this prevent from happening?
Having one posting period open at a time will lessen the risk of erroneous data being entered by mistake into the wrong calendar period. Having more than one posting period open can lead to recording data in the wrong posting period or give employees an opportunity to commit fraud by changing transactions from the previous month.
Robert Conard says
2. Having one posting period gives financial professionals a more definite period to be making changes and entries. Giving more than one period can open up risk for double posts or further misstatements.
Akiyah Baugh says
Consider the list of financial and accounting controls discussed in class. Rank them. Which to you believe is the most important, the least. Why?
Access controls, Segregation of Duties, Reconciliation, other controls, and Document Parking
I believe having the proper Access Controls in place is important to lessen the risk of fraud. The proper access controls go hand in hand with separation of duties. If a user is not authorized to access a certain part of the system and positional responsibilities have been properly delegated a company not only reduces the risk of fraud but of human error as well.
While I listed Document parking as last, I do believe it is important. However, I would rather spend more time have the proper controls in place to reduce the number of incomplete documents.
Heiang Cheung says
1. Do you believe businesses rely too much on administrators to configure the security protocols in programs like SAP, rather than look for security in the entire network? Explain
At least at the company I work at now, we don’t rely that much on administrators to configure the security protocols because if we did then there would be some risk to it. We know people make mistakes so there could be times that the administrators allow access to someone that not supposed to have access. You need to look at security in the entire network like putting in place segregation of duties to be able to have a defense in depth way of looking at security.
Heiang Cheung says
2. What is the relevance of only being able to have one posting period open at a time for real time financial postings? What does this prevent from happening?
The relevance of keeping one posting period open at a time is to make sure things are not posted in the wrong month/ periods. This prevents people from backdating entries and posting in the wrong period, which would be bad if you have to reissue financials. This also keeps things neat and accurate when you’re doing your monthly close process. When all the entries are done you close the period and if there is a need to make an adjustment you’ll just have to post it to the next open period.
Heiang Cheung says
3. Consider the list of financial and accounting controls discussed in class. Rank them. Which to you believe is the most important, the least. Why?
I would have to say segregation of duties has to be the most important control because if one person has access to do everything or multiple processes than they could commit fraud with no roadblocks. All the other controls are supplemental because it helps deter fraud. For example, oversight, policies, and procedure only give a guideline of what to do and what not to do. The employees don’t really have to follow those policies.
Heiang Cheung says
4. You’ve used various computer systems in your lifetime, career. System security is complex and often maligned as cumbersome, difficult, bureaucratic, etc. Have you seen these problems in your experience? Explain
I would have to say I haven’t really seen that much since I basically been with the same company since I graduated but there was a time where my manager blocked browser access to outside site but then we couldn’t do some of our job function like getting the bank statements from the bank website. This was also only for our department for some reason. Youtube and all social media site are blocked for all employees but sometimes you see ISM staff using youtube for personal use. Also, Wi-FI is only granted to the IT staff unless you know them they won’t give you the password for it.
Mengqiao Liu says
1. Do you believe businesses rely too much on administrators to configure the security protocols in programs like SAP, rather than look for security in the entire network? Explain
The security protocols should rely on the business goals in the organization, instead of looking for security in the entire network, the security protocols should be configured by experienced administrators. However, the organization can learn from the instances in the entire network to improve their security protocols.
Mengqiao Liu says
2. What is the relevance of only being able to have one posting period open at a time for real time financial postings? What does this prevent from happening?
Having one posting period open at a time can force the accountant/bookkeeper to finish all transactions only at this period. If having all posting period open for real time, the accountant/bookkeeper will not have the pressure to finish all the transactions at the exact period, which would lead to fraud or errors happen.
Mengqiao Liu says
3. Consider the list of financial and accounting controls discussed in class. Rank them. Which to you believe is the most important, the least. Why?
The controls are document parking control, reconciliation control, account determination control, and foreign currencies control, etc. I think each of the control is important and should have them in place. Occasional accounting reconciliations can ensure that balances in your accounting system match up with balances in accounts held by other entities, including banks, suppliers and credit customers. For example, a bank reconciliation involves comparing cash balances and records of deposits and receipts between your accounting system and bank statements. Differences between these types of complementary accounts can reveal errors or discrepancies in your own accounts, or the errors may originate with the other entities.
Mengqiao Liu says
4. You’ve used various computer systems in your lifetime, career. System security is complex and often maligned as cumbersome, difficult, bureaucratic, etc. Have you seen these problems in your experience? Explain
System security covers a lot of territories: locking the server and telecommunications rooms, locking the machine, protecting the login accounts with strong passwords, using file protection and adhering to a regular backup schedule to keep data from being destroyed, encrypting network communications lines, and using special shields to keep electromagnetic emanations. However, I have no chance to see these problems above in my experience.
Scott Radaszkiewicz says
Question 1: Do you believe businesses rely too much on administrators to configure the security protocols in programs like SAP, rather than look for security in the entire network? Explain
In my experience, I have seen a mix of this in my career. I have seen where the higher ups, set the security and dictate what the security picture should look like. I have seen where this becomes a problem, because those making the decisions don’t truly understand the technical aspects of the security picture. Also, I have seen the opposite. Where the computer guys are left to set the security, without fully understanding the complexity of the accounting system. I think there needs to be a good relationship between upper management and the technical staff to truly understand the system needs and the security requirements. Because I have also seen the opposite of security. Where no one collaborates on what is needed, and everything is left wide open on the system. All users can access all functions and resources. This is a true recipe for disaster.
Robert Conard says
3. It is difficult to rank controls when they all generally prevent similar risks. Compliance governance, authorizations, training, adjustments all play a role in preventing misstatements relating to the finance field. Other controls like segregation of duties and checks on entries help to prevent intentional damage caused by risk and fraud.
Heiang Cheung says
Hey Robert,
I agree that it’s hard ranking controls because all the controls work together to make things safer. In a lot of the courses in the program, we learn about defense in depth and without one control than something compromise.
Scott Radaszkiewicz says
Question 2: What is the relevance of only being able to have one posting period open at a time for real time financial postings? What does this prevent from happening?
If multiple posting periods are open at one them, then you can change the financial picture of that period at anytime. Let’s say we run on a calendar year for our posting period, so December 31st ends the fiscal year/posting period. Once it’s closed, it’s closed. We know the financial picture from that period. If that period is left open, and transactions can be made to that period once closed (or never closed), then the financial picture for that period can change. This, obviously, is not a good thing.
Scott Radaszkiewicz says
Question 3: Consider the list of financial and accounting controls discussed in class. Rank them. Which to you believe is the most important, the least. Why?
So many controls, we could write a book. I’ll try to narrow it down. Segregation of duties, to me, is the most important control to have in place. You can have every other control setup and in place correctly, but if one person is doing all of the work, and there are no checks and balances in place, then the other controls are useless. One person could be entering and approving purchase orders, and any control to avoid fraud would be circumvented, since the same person is doing all of the work. Conversely, while I think all controls are important, there are some that, if not enabled, could cause less harm. For instance, some automation controls are great to have in place, but if left out of the control equation would not do as much harm. An example is having a validation check on the price of an item you’re selling. Yes, it’s great to have the system warn if you try to sell an item for too much or too little, but if a larger control, segregation of duties, is in place, this error could be noticed and accounted for.
Scott Radaszkiewicz says
Question 4: You’ve used various computer systems in your lifetime, career. System security is complex and often maligned as cumbersome, difficult, bureaucratic, etc. Have you seen these problems in your experience? Explain
I was doing some consulting work for a company. They were having some issues with their system, more technical, and it was basically some equipment was failing. Anyway, when I was there troubleshooting, I found some very interesting configurations. The accounting system was run on Unix. They had no real technical support staff, it was a small office, about 35 employees and they contracted out most of their technical work. During my troubleshooting role, I noticed that more than half of the Unix users on the system had Root level (administrator) access rights to the system. I had discussed this with the owner of the company. The story was short and simple. An outside consultant had setup the Unix server. Instead of paying the consultant to manage users when needed, it was decided that Bob (name changed to protect the innocent) from accounting would just go in and copy the one user account and create the new users needed. So, Bob, not really knowing what he was doing, just copied the existing user with full access and created all the new users needed. Funny, interesting, and scary.
Robert Conard says
4. Yes, at the law firm always saw the vetting process as an extremely cumbersome phase. One coworker was essentially responsible for collecting the information on clients which ranged from PII to asset information. With thousands of records gathered up to that point I wondered how one could keep their sanity navigating those clients one by one and remembering corresponding notes as to what work that had in progress with us. But, at the time, that was the technology available and it was the safest way to store that sensitive information.
Mahugnon B. Sohou says
Great point. I agree with you. Companies need to implement security measures that will not intefere with people’s Jobs.. I can imagine not being able to properly do your work because you are restricted access to certain modules. This can be quite difficult to deal with.
Xiaozhou Yu says
1. Do you believe businesses rely too much on administrators to configure the security protocols in programs like SAP, rather than look for security in the entire network? Explain
I think it depends on the nature of the business. If it’s a technology, they don’t need to rely on administrators only, and employees should understand the functions and configurations. However, if the company doesn’t have a technology focus and only have couple IT people support the IT functions, they could be the administrators and they are the only ones can work on the configuration of the security protocols.
Xiaozhou Yu says
2. What is the relevance of only being able to have one posting period open at a time for real time financial postings? What does this prevent from happening?
One posting period is an effective control for finance. It ultimately prevents the record and post errors if there are multiple posting periods. The financial record can be collected all the time and work continuously on errors detecting, then they can be ready for posting, and the records will be easy to manage and verify.
Xiaozhou Yu says
3. Consider the list of financial and accounting controls discussed in class. Rank them. Which to you believe is the most important, the least. Why?
I think SOD is an important control for both accounting and finance, this is directly related to the process efficiency, and have impact on overall process. Another one I think should have key focus is the account determination, both finance and accounting have function of account recording. For example, credit and debit account post process for accounting, the G/L account post for finance. This is also a very often mistake seen in finance and accounting.
Xiaozhou Yu says
4. You’ve used various computer systems in your lifetime, career. System security is complex and often maligned as cumbersome, difficult, bureaucratic, etc. Have you seen these problems in your experience? Explain
System security and issues happened underneath our daily use of technology. People are unaware of this until the problems occur and have impact on many other aspects or functions they need. By that time, it might be hard to detect the root cause, when many thing messes up. There was one time, my computer crashed, and I couldn’t figure out where the problem was. I thought it could be software issue, file issue, or system compatibility stuff, and it finally turned to be the security problem when a malware was inserted without any notice, I could say how much information I lost or got exposed, it cannot be measure, and it ultimately impacted my use of computer. Imagine if that malware was perfect on its function and wont influence any technology functions, how long it would take for me to find it?
Pascal Allison says
1. Do you believe businesses rely too much on administrators to configure the security protocols in programs like SAP, rather than look for security in the entire network? Explain
Businesses rely too much on administrators to configure the security protocols in programs like SAP, rather than look for security in the entire network. Administrators are more concern with the entire system, not knowing the details of security in programs within the system. Thus, businesses rely more on administrators for security protocols in programs like SAP are in place and effective. Business functionalities and IT must be aligned for business goals and successes. Businesses, in general, will prioritize those security and programs they are familiar with. More besides, they will focus on the entire system security, and let the administrator handles the specific and detail of unique program and system.
2. What is the relevance of only being able to have one posting period open at a time for real-time financial postings? What does this prevent from happening?
One posting period open at a time for real-time financial posting is relevance in that it allows controls. It allows easy monitoring, error identification, and correction, etc. It controls the manipulation and misrepresentation of reports. Another thing would be a correction of data without confusion and prolongation. All posting error (accidental or intentional) identified in one period can be corrected easily.
3. Consider the list of financial and accounting controls discussed in class. Rank them. Which to you believe is the most important, the least? Why?
Controls are important at different levels, yet important equally in general. The impact could be different if not observed, but each control is equally important.
Ranking these controls is next to closing the front door but opening the back door of a supposed to be a secure apartment. Controls should be treated with equal importance even though the impact could be different. That is because the breach of one control exposes other areas.
If I must list in term of ranks, I could go with:
• Access control – you must access a system to affect it.
• Segregation of duties – you could have access to a system, if you do not have all the rights, it limits the impact you cause.
• Period reconciliation – reconciling accounts is important, as it helps determine overages and shortage before they become material.
• Document parking – is as important as other controls but I got it here because all of the other controls have to in place or to occur for documentation.
4. You’ve used various computer systems in your lifetime, career. System security is complex and often maligned as cumbersome, difficult, bureaucratic, etc. Have you seen these problems in your experience? Explain
I have seen system security been a problem. At a bank the administrator had oversight of the system malfunctioning, then he unilaterally restricted users’ access. That began a standing order where employees were not allowed to access a function unless approved, that stalled processes, and a lot of customers were dissatisfied with the process.
No one teller could start and complete any transaction above 200.00. The supervisor had to approve that transaction for completion. It was logical, but unnecessary for the process.
Derrick A. Gyamfi says
IT has become an important part of modern life due to its important functions such as transmitting information as well as storing and analyzing information. Network and computer systems administrators help organizations and individuals with computer networks and systems by helping them share and store information through the Internet and computer databases. I do not think business rely too much on administrators to configure security protocols in programs like SAP rather than look for security in the entire network. This is because after performing a cost-benefit analysis, it is sometimes easier to have a network administrator perform these tasks than making a more than attempting to secure the entire network. The role of a network and computer systems administrator is to work on an organization’s computer system by designing, installing, and supporting it. They are responsible for installing and maintaining network hardware and software while also analyzing any problems that can affect the availability to users.
Derrick A. Gyamfi says
It is very important to have one posting period at a time for real-time financial postings. This is because:
• It enables the accountant to generate accurate and consistent financial statements.
• It helps in early identification of any accounting and bank related issues rather than at the end of the year.
• Identifying missed and wrong posted entries throughout the year will lead to fewer adjustments at the year-end, saving time and money on compilations, reviews, and audits
Moreover, not having one posting period may cause significant errors in the financial records and financial statements, as well as allow irregularities and frauds to exist and continue throughout the year without notice
Derrick A. Gyamfi says
I rely on computers to do homework, work and create or store useful information. Therefore, it is important for the information on my computer to be stored and kept properly. It is also extremely important for the computers I use to be protected data loss, misuse, and abuse. Sometimes this security gets in the way of me trying to do my work. This happens in different ways, from my computer restarting as a result of an update and me losing files to having to wait almost 3 hours for a security scan of all the files on my computer. I absolutely agree that system security can sometimes be complex and often maligned as cumbersome, difficult, bureaucratic.