Security of Accounting Information System (AIS) has never been as important as it is now in the history of business. One thing that is sure is that if you don’t take care of your Accounting Information System, others will take care of it for you. The only difference is that you will definitely not like the way that the financial information of your company will be handled.
The business exposure of not securing your AIS is very severe because of the integrated nature of modern day accounting. The advent of the Enterprise Resource Planning (ERP) is a major breakthrough that revolution-alized the face of information system management in businesses. Business managers and decision makers constantly raise the bar for their quest for instant accounting information and other information to help them make prompt and effective decision in the light of ever increasing competition.
Companies are gradually moving from the use of traditional accounting software to engaging the services of cloud accounting vendors all in the bid to maximise profit. The net effect of this move is increased need for securing the accounting information system.
You might at this point be saying “wait a minute, is he taking AIS to be a computerised system?” well, in as much as AIS is distinct from computerised processing system, the line between accounting information system and computerised processing is hard to see now. Hence, the tips on how to protect your AIS as discussed in this article will apply mainly to securing AIS that is computer based.
TIPS ON HOW TO SECURE YOUR ACCOUNTING SYSTEM INFORMATION
In this section of this article, information system security as it applies to securing AIS will be discussed. The discussion will take two approaches- physical and logical approach to ensuring the safety of financial information of an organization. Regardless of the approach to securing your accounting information system that you have taken, the first step that must be taken is to take inventory of your financial information that needs security and then classify them according to the impact that it might have on a business when breached.
Depending on the degree of sensitivity and criticality of AIS component in meeting both commercial and non commercial needs of a business, the inventory of financial information can include:
- Location of information
- Owner of information
- Value of information
- Security and risk profile of information
PHYSICAL APPROACH TO SECURING AIS
Physical security of infrastructures is the first caveat of information system security. You don’t expect to be safe when you have no form of physical security in place. Servers that contain your financial information must be kept in a physically safe place with proper physical access control implemented. Security cameras (cctvs) should be effectively used in physical security of computer infrastructure.
LOGICAL APPROACH TO SECURING AIS
Remote access to business and accounting information by executives is one highest single source of threat to the security of AIS of any business entity. Security software that has the capability of; firewalls, intrusion detection, intrusion prevention and access control list should be deployed when possible. This can only be done when a cost-benefit analysis of the project has been evaluated.
Business case analysis and capital budgeting processes are some handy tools that can be used to achieve this. Another component of logical security issue that needs to be considered is the use of quality and regularly updated antivirus, antispyware and antimalware software to regularly scan the computer system that houses the financial information of an organization.
SIGNIFICANCE AND IMPORTANCE OF SECURING ACCOUNTING INFORMATION SYSTEM
In this information superhighway era that we now live in, businesses are made more vulnerable to business failures that are related to information leakage due to compromise in technology. Technology as a business enabler can also be a destructive tool if not managed properly. Take electronic banking as an example, the aim of internet banking is to promote efficiency in banking but, black hat hackers and other malicious users of technology constantly exploit technological flaws to discredit the numerous benefits of business technology. Securing the accounting database of your organization ensures the following:
- Smooth running of the business
- Ensure continued availability of critical business information
- Ensure the integrity of information stored in computers
- Increased efficiency
- Enhanced reputation of the business
- Improved profitability
- Adherence to privacy laws and regulations
If one of the long-term objectives of your business is to excel in the long term, then securing your accounting information system will be treated as a strategic business needs.
CRITICAL SUCCESS FACTOR OF ACCOUNTING INFORMATION SYSTEMS SECURITY
In practice as an information systems auditing consultant, I have come across numerous cases where managers and employees sees information system security as exclusively the function of the IT department. The main reason for this ugly situation to still exist in businesses is the fact that senior management of most companies fail to recognise their vital role in establishing and promoting sound information security management structure. For the most desired security of accounting information system to be achieved, it must gain full top management support.