Some companies can give their suppliers and customers access to their databases. But this access must be limited only for some kind of transactions for security reasons. For example companies don’t give access to their human resources data. This kind of sensitive data may fall into the hands of competitors. Giving limited access to suppliers or customers to the company’s database provide some benefits for both sides.
Financial reports are used in decision making. Managers can get related data about the company by relational DBMS query languages. Financial reports can be easily prepared for any time period managers want to examine. 5. 5 These activities do not change the contents of the database and, therefore, are not modeled as events in REA diagram. These activities are neither economic exchanges nor commitments.
Economic exchanges are the value chain activities that directly affect the quantity of resources. Commitments represent promises to engage in future economic exchanges. The REA data model treats activities as events, which fall into on of two categories, economic exchange or commitments. 6. 1 7. 6 This is a typical example for segregation of duties.
By dividing responsibility for different employees, you try to control their activities. Effective segregation of duties should make it difficult for an employee to steal cash. But if these two employees work together, they can steal easily. If they are in collusion, it’s very hard to detect the fraud. 8. 2 a) To combat with threats, companies implement effective segregation of duties.
Authority and responsibility must be clearly divided. For an adequate segregation of duties, companies ensure that the people, who deal with information system, are qualified and well trained. This means they cost much, but their cost is too little versus their benefit. b) Data protection procedures contain all kinds of control and security systems. Security is only a part of an organization or company.
But company is more important than security. If you try to lower cost of security in order to earn more money you may loose more than you think to earn. The benefits of data protection procedures always exceed their costs. c) Logical access is the ability to gain access to company data.
Data is the key word here. Only authorized people must do any kind of access to important data. This control is very expensive including, biometric identification devices, identifying unique physical characteristics such as voice, retina, body odor… etc. But they are very effective in controlling access to important data.
d) Input validation routines are programs that check the integrity of input data as the data are entered into the system. This control is cheaper than others. And its benefit exceeds its cost. 9. 9 Hackers built the Internet. They have the power of knowledge.
And their power motives them for hacking. But I think hacking is a crime. You may have the power but does not have the right to enter my borders or my special files. 10.
4 She was able to conceal the embezzlement for so long because she stayed under 2% error limit. Internal auditors should not have discovered this fraud earlier. And she was the assistant of finance director, not a regular employee, and she stayed in limits. But after finding out the cancellation of her daughter’s bill, auditors have discovered the other main fraud.