Debriefing particularly focusing on “the role of debriefing In simulation based learning’. Quickly before I begin, could you raise your hand if you have taken part in a debrief post….
Companies AIS and Their Defending
Companies Should not be Held Liable for Losses Sustained in a Successful Attack Made on Their AIS by Outside Sources. ACCT451 2013 I argue against the statement” Companies should not be held liable for losses sustained in a successful attack made on their AIS by outside sources. ” There are several reasons for my contention. The Accounting Information Systems has been used by businesses to improve their recording, processing, and reporting of accounting information.
At the same time it is the responsibility of the companies to adequately protect their information systems from outside sources. Since, the company benefits and consequently profits from the use of accounting information system, it should bear the losses that arise from attacks on the accounting information system. The argument in favor of the contention is that the accounting information system not only processes financial transactions to provide internal reports to managers but also does external reporting to outside parties such as stockowners, government and lenders.
Since, it is essential that the accounting information system should be accessed by outsiders the system is particularly vulnerable to outside attacks (1). Still the onus of the security of its accounting information system clearly lies with the company and not with anyone else. It is a part of the business risk of a company. Consider the following example, a company maintains five distribution centers throughout the country. Each of these distribution centers may be attacked by robbers and looted. Who bears the loss?
It is part of the business risk. The company cannot refuse to bear the losses. Similarly, if a company truck carrying goods to or from the company premises is attacked by robbers and is plundered, the company is responsible for the loss. It is another matter that the company may take out an insurance and the insurance company makes good the losses. However, the fact remains that the company pays premium for insurance and had there been no insurance, the company would have been forced to pay for the losses (2).
The current accounting information systems bring tremendous benefits to companies. These generate several types of useful reports for the company, the company does not have to employ clerks to manually process accounting data, with a touch of a button information is generated, there are tremendous savings in costs, there is automatic payment and generation of important accounting documents, and there is efficiency in processing information. These benefits reduce costs for the companies and improve efficiency but come at a cost.
One of the elements of the cost is that the accounting information system may be attacked from outside sources. Since the company enjoys these benefits, it must suffer the costs ( loss because of outside attack). A firm whose warehouses get destroyed by hurricanes do not absolve themselves of their losses because the hurricane is an outside source. Similarly, during war the premises of a firm may get bombed or hit by a missile, yet the company has to bear the loss (3). If an accounting information system is hit by outside sources there is a danger of fraud, virus attacks, or hackers.
These risks have to be borne by the business as a part of its normal business risks. Further it is the responsibility of the company to maintain the highest level of security for its accounting information system. The physical security should be fool proof, authentication system should be the most advanced, virus protection should be the latest, and backup should be done at a safe place outside the premises. Such measures are required to ensure that attacks on the accounting information system like identity theft and loss of irreplaceable data do not take place.
There are some institutions that are particularly vulnerable to outside attacks. For instance, the banks are vulnerable to outside attacks where the attackers seek to pilfer money using confidential information. In such cases, higher levels of authentication, and information security should be used. The fact that banks and financial institutions provide accounting information system based services, is a source of profits, these institutions are responsible for losses sustained by them (4).
One of the most important features of most accounting information systems is the controls over the system and the security measures that the company implements If the company is not held responsible for the losses sustained by it because of outside attacks the company will avoid its responsibility for controls and security. It is also important that the quality of software used, the backup of data, and the people who are authorized to access the accounting information system are checked and tested.
If the company is not held responsible for losses because of outside attacks the company will become lax in its essential functions related to the accounting information system. References: (1)Accounting Information Systems, Ulric J. Gelinas, Richard B. Dull E8 Cengage Learning, 2009 (2)Accounting Information Systems James A. Hall E6, Cengage Learning, 2008 (3)Accounting Information Systems Marshall B. Romney, Paul John Steinbart E10, Prentice Hall, 2005 (4)Information System Management, Ankita Bansal, Gyan Publishing House, 2002