Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 2 Segregation of Duties Case Study Individual Assignment

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Module 2 Segregation of Duties Case Study Individual Assignment"— Presentation transcript:

1 Module 2 Segregation of Duties Case Study Individual Assignment
Accounting Information Systems

2 Primary Learning Objectives
Investigating how the SAP system assigns authorizations to users Understand how to implement segregation of duties controls Begin to understand the role of risk assessment in implementing controls Applying the principles of segregation of duties to a case study Determining how segregation of duties can be applied to a computerized system Accounting Information Systems

3 Accounting Information Systems
Segregation of Duties Segregation of duties is one of the strongest controls within an accounting system The following duties should be segregated: Authorizing the transaction Recording the transaction Custody of assets involved in the transaction Independent verification and reconciliation of the transactions Accounting Information Systems

4 Accounting Information Systems
Risk Analysis All control assessments, including the segregation of duties, should be based on the analysis of risks Control should then be applied in order to mitigate those risks Risks have two components Threats Vunerabilities – Wiki defines vulnerability as the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. ENISA defines vulnerability as the existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event [G.11] compromising the security of the computer system, network, application, or protocol involved. Accounting Information Systems

5 Steps Involved in the Case
The case deals with the revenue cycle (sales to cash business process) of a hypothetical company The case consists of four parts Examine how the SAP system assigns authorizations to users – completed outside of class. Risk assessment – analyze the threats to the company‘s revenue cycle Allocate tasks to employees to properly segregate duties Develop an authorization matrix for segregating duties on a computerized system Accounting Information Systems

6 Steps Involved in the Case
The case is divided into four parts. The first three parts deal with assessing risk, assigning tasks to achieve proper segregation of duties, and completing a matrix to assign authorizations in a computerized environment. The fourth part must be done outside of class, as we have been warned SAP writes all the authorizations to the archive log. A class as small as 40 students has crashed the entire instance. This part deals with investigating how SAP sets up authorizations for users. Accounting Information Systems

Download ppt "Module 2 Segregation of Duties Case Study Individual Assignment"

Similar presentations

An Internal Control Overview

An Internal Control Overview
Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.

Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems

Control and Accounting Information Systems
© 2009 by SAP AG. All rights reserved. / SAP University Alliances Page 1 Primary Learning Objectives Use the SAP system to experience the steps in a typical.

© 2009 by SAP AG. All rights reserved. / SAP University Alliances Page 1 Primary Learning Objectives Use the SAP system to experience the steps in a typical.
Auditing Concepts.

Auditing Concepts.
Learning Objectives LO1 Explain the key risks of misstatement in production and payroll processes. LO2 Outline the production process: typical transactions,

Learning Objectives LO1 Explain the key risks of misstatement in production and payroll processes. LO2 Outline the production process: typical transactions,
Auditing Computer Systems

Auditing Computer Systems
The Islamic University of Gaza

The Islamic University of Gaza
Learning Objectives LO1 Distinguish between management and auditor’s responsibilities regarding an auditee organization’s internal controls. LO2 Explain.

Learning Objectives LO1 Distinguish between management and auditor’s responsibilities regarding an auditee organization’s internal controls. LO2 Explain.
7-1 FRAUD, INTERNAL CONTROL, AND CASH Financial Accounting, Sixth Edition 7.

7-1 FRAUD, INTERNAL CONTROL, AND CASH Financial Accounting, Sixth Edition 7.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES

Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES
Internal Control Structure. Learning Objectives l To understand the components of an organization’s internal control structure l To know the objectives.

Internal Control Structure. Learning Objectives l To understand the components of an organization’s internal control structure l To know the objectives.
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS

IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS
9 - 1 What is the purpose of an ICS? l First, what is it?? Policies and procedures established to provide reasonable assurance that the entities specific.

9 - 1 What is the purpose of an ICS? l First, what is it?? Policies and procedures established to provide reasonable assurance that the entities specific.
Internal Control Pertemuan 05 s.d 06 Matakuliah: F0712 / Lab Sistem Informasi Akuntansi Tahun: 2007.

Internal Control Pertemuan 05 s.d 06 Matakuliah: F0712 / Lab Sistem Informasi Akuntansi Tahun: 2007.

Similar presentations

Ads by Google