Threat and treatment for fair value accounting and accounting information system.
1. Introduction to threats to accounting information system and fair value accounting:
Threats as clear from the word signifies the harm that a person or an organization is expected to get from the other person or an organization. Actually the risks on the life and survival of both the person and the organization is called threat. An accounting information system is developed in the businesses to stay in touch with latest reports including the company’s financial situation. The accounting information standards are fixed through out the United States and fixed by the International Accounting people society namely AICPA (American Institute of Certified public accountants) and as per the International accounting standards. Any person practicing against the pre-defined standards is liable to pay penalty and loose his/her accounting profession forever.
In the May 2007, the U.S. Department of Homeland Security or DHS developed a familiar color code security alert system. Red signal for threat at national security, blue for guarded threat and green for low threat. These color signals are developed as a wake of the recent scandals at Eron, Tyco and Worldcom. Similar is the case with the threats to the financial reporting system.
By fair value accounting the attempt is made to figure out the true picture of the inside material of the firm. On March 5, 2008, an issue in the Wall Street Journal discussed the matter. Thirty years ago there were no accounting rules and principles prevailing in the society. No accounting principle was more accepted than the assets are worth, what they really cost. The owners buy many long-term assets, which they do not intend to sell or have any need to sell. The real assets reflect the economic reality or assets, which may need to be sold in the normal course of operating the business. Thus making no sense for the assets to be held till the maturity. In many cases the only market prices available are distressed sellers, which is regularly shorted by the investment professionals from time to time. These values are not real values and the marking to these prices causes unnecessary volatility and contractions in the capital, which restricts the ability of financial institutions to operate and grow.
Different kinds of risk levels to the accounting information system and fair accounting practices:
2. There are mainly two kinds of risk levels to signify the serious attacks possible on the financial reporting system, financial market and economy. The first one with the red color code has its features including the misappropriation and diversion of the scarce resources like time and money. The confidence of the investor is also shaken up. The management becomes pessimist about the future of the company. The government at that trouble time responds with costly regulations and increased oversight in accounting profession.
The second kind of risk level signification is in the blue color code. Its features includes the need of arising strong corporate governance and information security in utilizing scare resources to increase shareholders wealth and to get back their faith in the company. The need arises for the financial decisions to become more accurate, transparent and timely. The report published in the end of financial year should be trustworthy and consist of truth and nothing but the truth.
Threats to the Accounting Information systems and fair accounting practices:
The accounting information systems and fair accounting practices face threat from a variety of sources. In case these sources are ignored than they can even destroy the relevance and reliability of financial information. Thus the stakeholders may reach a poor and not so reliable decision. There are nearly top five concerns about the accounting information system as identified by a 2006 AICPA survey. The survey report include the followings.
1. During the data collection, the data collected should be valid, complete and free from material errors. Thus it becomes important to establish security controls at the time of data collection. Masquerading (pretending to be an authorized user) and secondly piggybacking (tapping into telecommunications lines) should be avoided as it can seriously effect the validation of the data collected.
2. At the time of data processing, altering a program’s logic to process the data incorrectly can prove to be a big threat. Moreover creating illegal programs, accessing or deleting files, destroying or corrupting a program’s logic through viruses etc all represents the threats at time of data processing. A back up files should be made so as to retrieve the save the data from getting lost.
3. The third threat is the inadequate information security system. This can result in manipulation, alteration of accounting records, fact and figures etc.
3. Thus the third threat to the accounting system can result in altering, deleting, corrupting, destroying or even stealing data from the database. This happens when an unauthorized access happens in the data base management system. Thus a proper system should be developed to avoid such problems and help proper disposal of information safely.
4. The fourth threat comes from the information technology that is Internet. With the heavy use of Internet, the chances increase for data being getting stolen by the hacker. Thus only getting the benefit of Internet should be the first goal of any organization, as it helps in flourishing business activities. And as far the security reasons are concerned the computers with accounting information should be connected with Internet. This will help the organization to save its data from the hackers and save its personal accounting information getting uncovered and disseminated.
5. False data supplied to the accounting system is the fifth threat. The data supplied should be from the responsible hands to the responsible hands. This will ensure the identification of mistake doing person.
Therefore steps should be taken to avoid threats by following the implications below.
Implications for the Management:
The responsibility for establishing and maintaining an effective accounting system resides with the management. Thus an effective internal control to help the proper and safe movement of accounting information system is sole responsibility of the management. Thus the management responsibility includes the followings.
1. Documentation the accounting information.
2. Testing the feasibility of the accounting information.
3. Keeping a look at the computer operations and program changes.
4. Appropriate application level control, so as to ensure the financial information generated from an organization’s information system can be relied upon at any point of time.
5. Evaluate and monitor the accounting information and the system itself.
6. Written assessment of the internal controls is also required to given by the management.
7. Preparation of financial statement for external purpose in accordance with the GAAP.
As per the Foreign Corrupt Practice Act of 1977 and the Sarbanes-Oxley (SOX) Act of 2002, the management is legally responsible for any of the corrupt activities happening in the accounting system. According to the act the accounting record should be reasonably detailed accurately displayed and should fairly reflect the transactions and dispositions of the assets of the registrant. Along with that the transactions should be as per the generally accepted accounting principles.
Inadequate documentation of the design of controls over relevant assertion related to significant accounts and disclosures is a deficiency considered on the part of the company’s internal control system and the management is held responsible for that.
COSO, COBIT, ISO and Systrust have provided full frameworks and principles for documentation controls.
Implications for the Accountants and the Auditors:
Accountants and Auditors should have the knowledge of all security threats. Therefore they should use appropriate control techniques so as to protect their own information systems and along with that advise the businesses about the security risks possible. These Accountant and Auditors are actually the users, managers, designers and evaluators of the accounting information and accounting principles. Thus they are mandated by the SOX, that every independent financial and audit report should be and accountant and auditor attested report. Specific notification of the defects or drawbacks in the report should be included in that report.
Not only that the Auditors are also facing problems from the recent statement of Auditing Standards (SAS). There has been a set of directions issued in the SAS 94 and SAS 104-111, by the AICPA’s auditing standard board. It includes establishing standards and providing guidance concerning the auditor’s assessment of the risk of material risk management due to fraud or error in the financial audit.
5. Auditors are also required to gain a better understanding and improve linkage between various audit procedures performed in response to these risks.
SAS 94 specifically requires auditors to consider the effects of Internet and computers on the internal control and audit evidences. SAS 94 has even generated guidelines on collecting sufficient, competent evidence and identifying circumstances, when the system must be accessed, so as to evaluate control and risks. SAS 94 clarifies the controls needed to ensure that recurring and non-recurring entries are authorized, complete and correctly recorded. It also identifies the potential benefits from Information technology regarding the effectiveness of internal controls, including consistent application of business rules and performance of complex calculations.
Thus professional development in documenting internal control, compliance and the impact of Information technology is the key implication for accountants and auditors.
Implications for Academics:
Academics including the accounting colleges, schools and universities are those who are making future accounting professionals. They are the one who can teach the new upcoming accounting professionals to learn about information security, assurance and compliance applications, business continuity planning, IT governance, privacy management, application and data integration, spyware detection and removal.
A good manager, accountant, auditor to address, continuing threats comes from Academics. The Academics like the teachers of accounts, Management Information System, Information technology and related business topics should work together for a definite goal. Their work should be in the way to teach the future professionals different methods and skills to develop different abilities in them so that they have the knowledge and efficiency to become a perfect professional. This can be done by integration of security topics and techniques in the accounting curricular.
Therefore these academics are required to demonstrate the following.
1. Knowledge of accounting security,
2. Skills to manage these security issues,
3. Ethics that can helps the new aspirants to understand business environment,
4. Make risk assessment,
5. Evaluate internal controls, and
6. Implement effective and efficient security measures.
Thus informing students regarding changing contents and growth of professional certification requirements is important. Along with that a conceptual understanding of the inter-relationship of internal control, information security, financial reporting is a also needed to be taught.
Accounting information system faces a number of threats in various forms. Various implications to the Accountants, Auditors, Management and Academia has been issued so that these threats can be dematerialized and they do not adversely affect the working of accounting information system.
The wall street Journal. (May Edition).