RISKS AND CONTROLS IN COMPUTER-BASED MATCHING (STUDY OBJECTIVE 6, continued)
SECURITY AND CONFIDENTIALITY RISKS
Applying automated matching processes means that people do not perform the matching and authorizing functions, because these take place within the system. Therefore, unauthorized access to the system increases the danger of fraudulent or fictitious payments. Someone who gains unauthorized access to the system's ordering and matching functions can insert fictitious vendors and invoices, and thus receive fraudulent payment. This risk can be lessened by authenticating users and limiting the access of authorized users. Passwords and user IDs should be used for any employee accessing the system. If the dollar amounts involved are extremely large or the data are sensitive, the use of biometrics, security tokens, or smart cards might be necessary to improve the strength of user authentication. In addition, authority tables should be established to limit access of authorized users to those subsystems necessary to their jobs. For example, a user who logs in to enter invoices should not be allowed to order goods. Computer logs should be maintained in order to have a complete record of users and their histories of use. The computer log will allow monitoring and identification of unauthorized accesses or uses.
PROCESSING INTEGRITY RISKS
Since the system authorizes payment of invoices, it is critical to ensure that it is programmed to correctly accomplish this matching. Errors in ...
Get Accounting Information Systems: The Processes and Controls, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
