AIS Attacks and Failures: Who to Blame Essay

Accounting information systems is a computer based database that stores, collects, and processes the financial data of the organization. The AIS system is then backed up by the organizations centralized database. When the AIS system is attacked by outside sources the responsibility falls to the organization if the proper controls are not in place but if the proper controls are in place the fault should fall on the shoulders of the criminal committing the attack or failures of the organization to put in place an effective accounting information system that is not prone to failure.

There are several different types of threats that can be posed to the accounting information systems of an organization and when ignored can create grave damage to the organization. One threat to the AIS of the organization is the threat of the unauthorized user. Organization needs to have strict controls on who has access to computers that relate to the information system of the organization t prevent loss or to prevent damage. Unauthorized users can also come in the form of hackers that find back doors into the company’s AIS in order to steal sensitive information or to wreak havoc with the information systems.

It is essential in the new Information Age for the management is knowledgeable on the AIS and the needed security measures to protect this system. Software systems and centralized databases containing the sensitive of an organization have become the norm in society. Because this information includes the private information of the organization and the consumer, the organization has a responsibility to have the necessary security measures in place to stop attacks as well as have the necessary expertise to provide an effective response in the event of the AIS system failing.

The management should be held responsible for ensuring the necessary steps are taken to prevent attack and in ensuring the system is effective but only the criminal should be held liable for any financial loss. In the new Information Age businesses have installed sophisticated security measures to protect AIS systems to ensure there is no loss or attacks and are training staff to better control these systems. However, criminals use many different methods and ploys to attack private information systems.

The Sarbanes-Oxley Act mandates management to establish and maintain adequate controls regarding financial reporting and assessing the effectiveness of those controls (Stolz, 2011). The management has a legal obligation to protect private and financial information but tech savvy criminals find ways around these systems in order to conduct frauds, attacks, or thefts. The use of Internet technologies has substantially increased the vulnerability of information systems (Beard, 2007).

When a criminal is responsible for an attack against an AIS system they should be responsible for paying for any damages or any financial loss that occurs. When loss of private information comes from a failure of the management to implement the necessary controls the fault should fall to the organization. Financial loss that occurs to the organization based on the failures of management is an expense that will have to be incurred by the organization but if the loss happens to customers or business partners of the organization, the organization will be responsible for covering these losses.

When customers entrust their private information to an organization or an organization relies on the management to implement effective controls to protect AIS systems it is the responsibility of the management to establish and maintain a system of effective internal controls. Management is responsible for ensuring the appropriate security software is in place and assessing internal controls to ensure there are no gaps in the security. These responsibilities are not just what is expected of the manager by the organization but also what is expected by law.

Based on the Sarbanes-Oxley Act of 2002 (SOX) management has important legal responsibilities to management. The Sarbanes-Oxley Act of 2002 is designed to ensure that records are properly maintained and the information that is reported is a fair record. Next the law ensures that the organization can provide reasonable assurance that financial transactions are properly secured and the appropriate control are in place and the necessary prevention measure to prevent intrusion into these systems.

Management is also required to have the necessary auditing standards in place to protect the financial assets of stakeholders. When an organization is responsible for storing the private financial information of the customer, employee, stockholder, etc. and fails to take the necessary precautions the federal government should step in and hold the organization responsible for their failure to secure sensitive information.

The SEC is responsible for enforcing the Sarbanes-Oxley Act of 2002. The act finds that senior executives should take individual responsibility concerning accuracy of reporting that can result in specific forfeitures of benefits and civil penalties for non-compliance (Stults, 2004). The act does not, however, hold the senior executive responsible for attacks or failures of the AIS but instead defines the expected code of behavior or organizational management.