1 / 6

Module 2 Segregation of Duties Case Study Individual Assignment

Module 2 Segregation of Duties Case Study Individual Assignment. Accounting Information Systems. Primary Learning Objectives. Investigating how the SAP system assigns authorizations to users Understand how to implement segregation of duties controls

hank
Download Presentation

Module 2 Segregation of Duties Case Study Individual Assignment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Module 2Segregation of Duties Case StudyIndividual Assignment Accounting Information Systems

  2. Primary Learning Objectives • Investigating how the SAP system assigns authorizations to users • Understand how to implement segregation of duties controls • Begin to understand the role of risk assessment in implementing controls • Applying the principles of segregation of duties to a case study • Determining how segregation of duties can be applied to a computerized system Accounting Information Systems

  3. Segregation of Duties • Segregation of duties is one of the strongest controls within an accounting system • The following duties should be segregated: • Authorizing the transaction • Recording the transaction • Custody of assets involved in the transaction • Independent verification and reconciliation of the transactions Accounting Information Systems

  4. Risk Analysis • All control assessments, including the segregation of duties, should be based on the analysis of risks • Control should then be applied in order to mitigate those risks • Risks have two components • Threats • Vunerabilities – • Wikidefines vulnerability as the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. • ENISAdefinesvulnerability as the existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event [G.11] compromising the security of the computer system, network, application, or protocol involved. Accounting Information Systems

  5. Steps Involved in the Case • The case deals with the revenue cycle (sales to cash business process) of a hypothetical company • The case consists of four parts • Examine how the SAP system assigns authorizations to users – completed outside of class. • Risk assessment – analyze the threats to the company‘s revenue cycle • Allocate tasks to employees to properly segregate duties • Develop an authorization matrix for segregating duties on a computerized system Accounting Information Systems

  6. Steps Involved in the Case • The case is divided into four parts. • The first three parts deal with assessing risk, assigning tasks to achieve proper segregation of duties, and completing a matrix to assign authorizations in a computerized environment. • The fourth part must be done outside of class, as we have been warned SAP writes all the authorizations to the archive log. A class as small as 40 students has crashed the entire instance. • This part deals with investigating how SAP sets up authorizations for users. Accounting Information Systems

More Related