Accounting Information Systems and Controls for Human Error

Question: Discuss about theAccounting Information Systems and Controls for Human Error. Answer: Data Input The problems related to the use of manual data entry producers have been discussed. Too much cost incurred for the procedure due to the fact that the company has to provide money to the people who are working for the company in the process of data entry into the data base. Human error can arise at any moment for due to any mistyping, grammar error and punctuation (Raghupati Raghupati 2014). Due to the large volume of data all, the entered data cannot be checked again after the process has been completed. The process is time consuming, as the data is large in number and the time-required for the processing pf data is long. Humans are not fast enough for the assessment of large amount of data. The last problem can be for the error based on misinterpretation of the data that has been provided to the human for the data entry (Takeuchi et al. 2014). Different humans thin about a single data differently and thus the interpretation of the data can be different. The person who is inserting the data can interpret the data in a different manner and the datacan be inserted wrongly. Processing of Patient Records Security breaches can threaten the privacy protocol of the patient of the hospital due to the inclusion of confidential personal information as well as health related information. When the details of such patients are made public without the consent of the patient then the data can be said to be breached (Boulos et al. 2014). The problems can threaten the life of the patient, as the person who has the hold of the details will be able to clear out their bank details. Any kind of online digital format of data storage has the probability of a high risk factor in the form of data breaches. The use of security measures like firewall, antimalware and antivirus software and the use of intrusion detection software to be installed in the servers of the hospitals. To implement specific policies regarding the use of the servers for the maintenance of patient health records. This also helps in the maintenance of the privacy of the patient (Benchimol et al. 2015). To maintain this server employee s has to provide the employees of the hospitals with credentials, which needs to be shared during the accessing of the data. The security officer has to be employed by the hospital keep a track of the user who are logging into the system. Data Enquiry Data enquiry is a way of knowing personal information about an individual whose records are already been saved into the database and should be made by only an authorized person. In general unauthorized might try to access the information related to the patient and exposing medical information related to the patients could be serious act of lost of privacy (Hussain et al. 2016). The hospital management should build a strong authentication system in manner to track the authority and relation of the individual asking about the details of the patient and thereafter only, the management should provide details about the patient. Buffer Overflows It has been discovered in hacking circles, which uses input into the poorly implemented and pure harmless application that is made by intention and typically this input are made with the administrator or root privileges. Technically, it can be said that the buffer overflow attack is a way of harming the files through the inputs that has been longer than the programmer intentions related to the memory allocation system of the computers (Zeng, Chou Liu 2015). It can be said that the best defense for mitigating such threat is to write an unexplainable code or program that cannot be exploitable for any user. There should be call of safe string functions only during the execution or memory allocation for any data. While programming it should be noted that sprintf and strcpy functions should not be used in the overall programming. Few of the programming languages focuses on the more secure code, but it can also be noticed that they allows unsafe structure that could provide an unauthorize d user to access the data and information saved into the database of the system. SQL Injection It can be described as the Structured Query Language that has become a popular technique for the hackers to get access to the data or prevent the users from accessing the data. Until now, it has been used against PBS, LinkedIn, CIA, Yahoo, Sony Pictures, and Microsoft. Technically, it can be described as a command-and-control language for the databases like Oracle, MySQL, and Microsoft (Rahman et al. 2017). SQL server that has been already used on the back end of the data management system and web applications relating to the behavior and content of many websites has been built on the data into the server of the database. Using web application firewall, limiting the database privileges with the help of the context, avoiding user input while construction of the SQL, Eliminating the database capabilities those are unnecessary, suppressing errors, continuously monitoring SQL statements from the database-connected applications. Explained above objectives can be helpful measures and proce ss of mitigation of the SQL attacks and could play vital role in securing the privacy of the data that has been stored in the database. Cross-Site Scripting (XSS) It is one of the most common vulnerabilities that could be found in the wordPress plug-ins through a significant margin. These vulnerabilities are very easy to write and that much easy to recognize. For example writing PHP code in a WordPress Plug-in, can be a intrusion and could be described as the XSS vulnerability. However, a mass destruction can be made using such simple codes as an intruder might find a way to make the user exploit an XSS vulnerability and via this he or she could load their java script using the same vulnerability coding (Gupta Gupta 2016). PHP AntiXSS, xssprotect, xss_clean.php filter, XSS HTML Filter, HTML Purifier are some of the open source libraries that could be helpful in preventing XSS (Cross Site Scripting) attacks and protect the system and database from any of such intrusions. Introduction In this new world of technology cloud computing is playing vital role in enhancing the way of using information technologies. The purpose of this report is to provide a brief description on the cloud accounting that are being used and could be used within the organization for maintaining financial operations. This report put emphasis on cloud accounting and related benefits that are promoting it towards trending application or technology. Every coin has two faces, similarly there are certain risks related to the cyber security that has been also pointed out in this report. However, there are certain measures that could help in mitigating these risks that is also described in this report. Cloud Accounting It had been described to the similar self-install, on-premises, and traditional accounting software that can be helpful in the process of enabling the user to host the accounting software on a remote server. The process is very much similar to the process of Software as a Service (SaaS). This can be implemented in the business deployment model of cloud computing (Lakew et al. 2014). Data is returned to the user through cloud storage where it used to process the data first. The functions incorporated within the application users are allowed to access the software applications from anywhere via connecting to the internet or any other network that is being provided by the cloud service providers (Silva et al. 2013). It replaces the necessity of installing the software onto the desktop, maintains and manages the operational data and information along with the storage, and updates. Benefits of Cloud Accounting There are many benefits of cloud software among which some of the benefits are listed below: In real-time, it could be helpful in providing a clear overview of the current financial situation of the organization. It can be easily corporate within multi users providing online access to the data and information with the advisors and team. Other benefits can be described as the service providers that could save time for the users and ensures addition of new objectives (Drimiti Matei 2014). This makes the users to be relied on the third party that also eliminates the extra effort that was to be made for managing and maintain the application software. Every operation runs online that results in no extra effort for the user to backed up everything and install as everything is being managed online. It could also be helpful in eliminating installation of accounting software in manner to manage the operational data as it provides a single platform to perform all the related activities. New features are added as per the needs and feedback of the users with instant availability and fr ee update (Cleary Quinn 2016). One of the most important benefits is that, it could be helpful in reducing the upfront business costs. It provides various services such as maintenance, server failures management issues, system administration costs, version upgrades and many more. The third parties, who are the Cloud service providers, are handling these services. Cyber Security Risk in Cloud Accounting Despite of all the benefits stated above, there are various cyber risks in Cloud accounting and could affect the data and information saved in the Cloud. Data saved in the Cloud or in the internet are vulnerable to cyber attacks as intruders could get access to the data and could be able to expose them (Ko Choo 2015). Malicious virus attack is one of the concerning topic related to the cloud accounting in which an intruder could get access to inject malicious coding into the system and harm the organization in many ways. Data breach is another important topic that is affecting or can be said harming all the cloud services and internet services in which a hacker or intruder breaches the server and get access to the data stored in the server. An unauthorized user or intruder in manner to block the access of data exchange between the service provider and service consumers could also introduce Ransomware attacks. Security of the cloud server could be breached by certain coding attempts made by the unauthorized user that could give access to the intruder (Fernandes et al. 2014). Exposing data to an unauthorized user could lead to several issues related to the security and privacy of the individuals or the organization whose data is being saved into the internet. Measures to Mitigate Cyber Security Risk Very first objective for any organization is to crosscheck whether the security policies implemented for the security of data and information by the third party (Cloud service providers) complying with the organizational data security or not. The cyber security of the cloud service provider should meet the expectations of the organization (Chou 2013). Training and educating the users about how to keep their credentials protected and safe could also help in minimizing these threats to the extent level. Data encryption can be stated as the best precaution from resisting unauthorized users to access the data and manipulate them. Cloud service providers are able to provide 24x7 services but they should provide the security staff on-site 24x7x365. Intrusion detection system can be another approach towards detecting the intrusion and stop them at the highest priority. Anti-virus, updated firewalls and original operating systems could also be helpful in resisting the users to enter the data base and access the data. Concern should be given to the credentials (password), it should be strong with alphabets, numbers and symbols (Suresh Gupta 2017). Generally, auto generated password and password change on regular basis could be most emphasizing approach. Conclusion Based on the above report it can be concluded that Cloud accounting is a greatest approach towards replacing traditional accounting software and providing best services. Cloud accounting is helpful in providing 24x7 services and data accessibility from anywhere via connecting to the network that could alternatively reflect on the overall revenue. However, there are certain issues related to the implementation and application of cloud accounting software among which cyber security is the greatest concern. This paper discussed the related cyber security risks with certain preventive measures that could be helpful in enhancing the information security of the system. References Benchimol, E.I., Smeeth, L., Guttmann, A., Harron, K., Moher, D., Petersen, I., Srensen, H.T., von Elm, E., Langan, S.M. and RECORD Working Committee, 2015. The REporting of studies Conducted using Observational Routinely-collected health Data (RECORD) statement.PLoS medicine,12(10), p.e1001885. Boulos, M.N.K., Brewer, A.C., Karimkhani, C., Buller, D.B. and Dellavalle, R.P., 2014. Mobile medical and health apps: state of the art, concerns, regulatory control and certification.Online journal of public health informatics,5(3), p.229. Cleary, P. and Quinn, M., 2016. Intellectual capital and business performance: An exploratory study of the impact of cloud-based accounting and finance infrastructure.Journal of Intellectual Capital,17(2), pp.255-278 Dimitriu, O. and Matei, M., 2014. A new paradigm for accounting through cloud computing.Procedia Economics and Finance,15, pp.840-846. Fernandes, D.A., Soares, L.F., Gomes, J.V., Freire, M.M. and Incio, P.R., 2014. Security issues in cloud environments: a survey.International Journal of Information Security,13(2), pp.113-170. Fernandes, D.A., Soares, L.F., Gomes, J.V., Freire, M.M. and Incio, P.R., 2014. Security issues in cloud environments: a survey.International Journal of Information Security,13(2), pp.113-170. Gupta, S. and Gupta, B.B., 2016. XSS-SAFE: a server-side approach to detect and mitigate cross-site scripting (XSS) attacks in JavaScript code.Arabian Journal for Science and Engineering,41(3), pp.897-920. Hussain, J.A., White, I.R., Langan, D., Johnson, M.J., Currow, D.C., Torgerson, D.J. and Bland, M., 2016. Missing data in randomized controlled trials testing palliative interventions pose a significant risk of bias and loss of power: a systematic review and meta-analyses.Journal of clinical epidemiology,74, pp.57-65. Ko, R. and Choo, R., 2015.The Cloud Security Ecosystem: Technical, Legal, Business and Management Issues. Syngress. Lakew, E.B., Xu, L., Hernndez-Rodrguez, F., Elmroth, E. and Pahl, C., 2014, September. A synchronization mechanism for cloud accounting systems. InCloud and Autonomic Computing (ICCAC), 2014 International Conference on(pp. 111-120). IEEE. Raghupathi, W. and Raghupathi, V., 2014. Big data analytics in healthcare: promise and potential.Health information science and systems,2(1), p.3. Rahman, T.F.A., Buja, A.G., Abd, K. and Ali, F.M., 2017. SQL Injection Attack Scanner Using Boyer-Moore String Matching Algorithm.JCP,12(2), pp.183-189. Silva, F.A., Neto, P., Garcia, V., Trinta, F. and Assad, R., 2013, May. Accounting federated clouds based on the jitcloud platform. InCluster, Cloud and Grid Computing (CCGrid), 2013 13th IEEE/ACM International Symposium on(pp. 186-187). IEEE. Suresh, N. and Gupta, M., 2017. Impact of Technology Innovation: A Study on Cloud Risk Mitigation.Information Technology Risk Management and Compliance in Modern Organizations, p.229. Takeuchi, H., Miyata, H., Gotoh, M., Kitagawa, Y., Baba, H., Kimura, W., Tomita, N., Nakagoe, T., Shimada, M., Sugihara, K. and Mori, M., 2014. A risk model for esophagectomy using data of 5354 patients included in a Japanese nationwide web-based database.Annals of surgery,260(2), pp.259-266. Takeuchi, H., Miyata, H., Gotoh, M., Kitagawa, Y., Baba, H., Kimura, W., Tomita, N., Nakagoe, T., Shimada, M., Sugihara, K. and Mori, M., 2014. A risk model for esophagectomy using data of 5354 patients included in a Japanese nationwide web-based database.Annals of surgery,260(2), pp.259-266. Zeng, Q., Zhao, M. and Liu, P., 2015, June. Heaptherapy: An efficient end-to-end solution against heap buffer overflows. InDependable Systems and Networks (DSN), 2015 45th Annual IEEE/IFIP International Conference on(pp. 485-496). IEEE.