Accounting information systems contain confidential and private information that can become compromised if left unprotected. Unauthorized use of an accounting system can be disastrous, risking loss of information, bad data input and misuse of confidential information. Security of accounting systems is a priority in many firms.
It is interesting to note that security of accounting information is a top management responsibility, not really just a bookkeeping or IT problem. Section 404 of the Sarbanes-Oxley Act (SOX) made it mandatory for management to maintain internal controls over financial reporting, and that includes accounting systems, which generate numbers for the reports.
The risks with accounting systems are real, from booking fake transactions to having someone steal a backup tape with all financial information on it. Examples of risks:
- Theft of social security numbers from employees and contractors
- Payments to fake vendors
- Data deletion/loss
- Damage to backup tapes
- Theft of servers or computers
Security measures are also known as controls, and they can be preventive, to prevent risks, or detective, to identify problems after the fact. Once risks are identified, the controls can be set up to protect the system. Some security measures are:
- Frequent password changes
- Encryption of data
- Monthly supervisor review of vendor reports
- Safe and protected server and computer environment
- Safe and protected off-site archiving of backup tapes