Accounting Information Systems
Decisions of managers heavily rely upon the effective information systems (Srinivas and Gopisetti, 2012). Accounting Information Systems contain confidential data of the company; this information can be accessed by the outside sources through a successful Accounting Information System attack. Management is the top on the priority list, being held responsible for security of the Accounting Information systems, because the establishment and maintaining of these Accounting Information Systems resides under them. No doubt, that information security is the technical subject but the responsibility of the security is the top management's issue.
It is the responsibility of the senior management and accountants of the firm to work in cooperation with IT department and enforce adequate security measures to prevent the accounting systems. A considerable amount of budget and time should be allocated for securing and controlling these systems so that there are fewer chances of attacks from outsiders.
The problem is that the management considers Accounting Information Systems as a onetime expense, which is a wrong approach. These systems need regular updating and maintenance by IT managers in coordination with the firms' senior management. Managements that do not consider this issue seriously and try to reduce expenses by not updating the systems, suffer from AIS attacks.
The liability is usually on the party who acted in negligence that can be either the IT department...
Therefore, firm's management should be held liable for the losses, as it is solely responsible for selection and application of internal controls to prevent accounting system from outside sources and other risks attached to it.
2.
Senior Management, Accountants and IT Managers are responsible not only for establishing but also for maintaining the internal controls. They should discuss and plan together the program upgrading, changes, operations and security control so that the confidential information in the Accounting Information System remains secure.
If the senior management was inform about, the threats and it did not approve the budget for improving and upgrading the Information Technology Security and Control System, than it should pay for the losses incurred by the company. However, if the IT senior managers confirmed that the Accounting Information System was secure and considered it a challenge for someone to get access to the confidential data, than the IT, team should be blamed and should pay for the losses incurred by the company due to outsider attack.
Sometimes, the losses incurred are by leak of information need thorough investigations. For instance, consider case of an employee, who recently resigned from the organization and joined the competitors' firm. It is the responsibility of the HR to inform the IT personal regarding his departure so that all the access provided to the employee is ceased. If the HR forgets to inform the IT…
