Q1. Why Do We Need to Secure Our AIS Systems?

As you can imagine, there are many reasons we must take a proactive approach to secure our AIS applications. By far, the primary reason for securing an AIS lies its inherent nature. The AIS serves as the official library for primary books of record of the firm's financial history. Critical and important facts regarding the firm's financial picture can be found here. The AIS, like a library, allows authorized users to locate current and historical information about the firm's financial picture. System users, drawing on AIS-related tools, can search to locate information regarding customers and vendors or other aspects of the firm. Unlike the library, the AIS will require users to have the appropriate authorization to access vendors and the firm's overall fiscal status.

Some of these AIS-related tools include standard reports that reside within the AIS or the ability to extract data into familiar products like Microsoft Access and Microsoft Excel. Because the AIS is our library, we must ensure that the information stored in it is protected and preserved for history. Take a look at two most famous libraries, the Library of Congress and the National Archives. Both of these institutions contain important information regarding the United States that has been preserved and protected for years. The National Archives is listed as the official recorder-keeper for the United States, and the Library of Congress is listed as the largest library in the world. And unlike what was depicted in the movie National Treasure, information stored at these institutions is well-protected.

The second reason why firms must secure their AIS applications is because of regulatory compliance. Government agencies such as the SEC and IRS, combined with accounting guidelines from FASB and GAAP, require firms to take necessary precautions to protect their accounting systems, or face the consequences of non-compliance.

The final reason why firms must secure their AIS applications is very simplebecause it makes sense to do so. Imagine that you won $500,000 (after taxes) in a lottery and you invested the proceeds in a new home that cost $500,000. What measures would you take to secure and protect your home? Although many would invest in some sort of alarm system to protect their home from burglary and fire, everyone would definitely purchase some insurance to cover the home in case of damage and/or loss. We do this because it makes sense to do so (or if we are financing our home, we have to do it per mortgage requirements). Now, let's change the picture to the purchase of an AIS application that costs $500,000. The firm will invest some resources (financial and nonfinancial) to protect and preserve this investment.

As mentioned above, AIS systems face threats each and every day. These threats range from environmental threats like natural and political disasters to technological threats like hardware/software failures to human threats such as unintentional errors by users, fraudulent activities, and sabotage activities. Firms must be ready to face any combination of these threats, because they can pop up without warning.

Q2. what is and how important the Adequate Training of internal control

Users of accounting information systems must be properly trained in how to use the system. As we described above, mistakes can occur, and the best way to prevent mistakes is to make sure everyone is properly trained. In some cases, you will want to make sure that some users are cross-trained on specific functions so that when someone is out (due to illness, vacation, or termination), transactions can continue to be processed in the system. Imagine if you were a customer trying to get a credit refund processed and the customer service representative told you that they cannot because the person who does this is out on vacation.

Q3. what is and how important Conducting a System Audit

If you have taken (or are currently taking) an auditing course, you understand the importance of audits. Audits allow us to ensure that discrepancies do not exist within the areas that being audited. Whether it is something as complex as reviewing the financial statements of a firm or something as simple as a bank statement, audits are effective tools for analyzing documents. We can take the same approach when analyzing our AIS applications, because we need to look past documents to the systems themselves. This can be done by conducting system audits. System audits will allow you to determine what, if any, potential weaknesses exist in the system. Weaknesses are resolved through a risk-mitigation strategy to ensure that they are addressed before something happens. System audits require that you have a clear understanding of not only accounting, but technology as well. Because many of you have taken several upper-level accounting courses, you will need to expand your technology knowledge by taking some upper-level technology and accounting courses, such as the following:

• Courses that focus on management information systems (MIS)
• Courses that focus on auditing AIS/IT systems
• Courses that focus on computer fraud
• Courses that focus on the system development life cycle (SDLC)

Users should treat passwords the same way as they treat their personal data, as they would protect their Social Security number.