“Does ‘cloud computing’ present additional internal control issues beyond those encountered in traditional computing?” Unaware of what is meant by “cloud computing,” this writer, after some research on the subject matter, believes that the answer to this question is YES, “cloud computing” does present additional internal control issues beyond the internal controls encountered in traditional computing. This question is answered from the viewpoint of a client company that has transferred its data to a cloud. It seems that there will always be a need for internal controls; however, where those controls are located is dependent upon the type of network infrastructure a company uses. When compared to traditional computing, cloud computing seems to have the opposite effect on internal controls of the client company: there is actually a decrease or elimination of internal controls for the company.
Internal controls are processes designed by companies to ensure the security, accuracy, and completeness of its financial and accounting data. These processes are put in place by the company to ensure adherence to its policies and plans while also protecting its valuable data from unauthorized access. A majority of companies, whether or not they know it, have some form internal control system in place. One area in particular that will most likely entail having internal controls is a company’s information network as the security of the network is the primary objective. Without these controls in place, a company allows itself to become vulnerable to network intrusion and possible data manipulation.
Traditionally, a company will have dedicated servers and other hardware located somewhere within their organization that comprise the infr...
... middle of paper ...
...
At the World Congress on Engineering 2011 conference in London, U.K., it was noted that the issue of security matters for cloud computing requires revising (Pinto et al., 2011). As mentioned earlier, when going to a cloud network any internal control system is essentially transferred to the service provider. As such, Pinto et al. (2011) explains about the “existence of a new entity called a cloud security manager” whose responsibility it is to keep documentation of client access to the cloud as well as third party processing. To put it differently, the duties of the cloud security manager will be to manage the overall cloud system by instituting an internal control matrix.
To ensure the security of a client’s data, the cloud security manager must follow the control matrix in order to monitor the activities that are transpiring around the cloud network.
Internal controls is defined as a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance
Internal controls are in place to protect entities against theft from dishonest workers and outside predators. They are also an accurate series of checks and balances and are in place to find discrepancies.
Without such controls it would be difficult for most business organizations like Trinity Industries with numerous locations, operations, and processes to prepare timely and accurate financial reports. Since no control system can guarantee that financial statements will not contain material errors or misstatements, an effective internal control system can reduce the risk of misstatements. Internal Controls should therefore be designed and implemented with the risk of fraud in mind and tailored to the circumstances of the company. In the case of Trinity part of the SOX project was to identify key process, by interviewing organizational members to understand how the processes and controls worked within the company, and who was responsible. With guidance from PCAOB AS No.5 they identified the gaps of controls and took steps to close them.
In conclusion, internal controls include separation of duties, assignment of responsibilities, third-party verification and the use of mechanical and physical controls. In and of themselves, these tactics stop and prevent much abuse of the bookkeeping and accounting systems. The addition of Sarbanes-Oxley requirements in 2002 require that a company enact internal controls and assign responsibility of the control system to executives and directors, further providing insurance that financial reporting is accurate. Without this insurance that reports are accurate, company stock will fall and investors will be lost. Even with intrinsic limitations, the positive aspects of good internal controls far outweigh the negative implications. Good internal controls equal accurate financial records and future company success.
What is internal control? According to University of Phoenix, Axia College Internal Control and Cash (2009), internal control is all of the related methods and measures adopted within an organization to safeguard its assets and enhance the accuracy and reliability of its accounting records. The primary reasons for internal control are help companies protect their investments and merchandise against theft from everyone, including employees and to make sure that the accounting is done correctly and truthfully.
In turn, the internal controls within a company may be interpreted as the outcome of their risk management procedure established during the ‘planning and budgeting’ process. Lanen, Anderson, & Maher (2014, p. 471) state that “internal controls provide management with reasonable assurance that their company’s assets are protected and the company’s accounting is reliable”. For instance, one procedure that management would have in place that would safeguard the resources of the company is separation of duties. To elaborate, with a strong separation of duties in place within a company, each activity that occurs within the company is fulfilled by more than one individual. As such, this would decrease the likelihood that a sole person would be able to successfully steal or manipulate the company resources in some fashion. In addition, the procedure prevents one person from overseeing all of the operations occurring within one activity, which may prove to be overwhelming. Thus, if an employee is unable to handle a certain aspect of a required duty in a particular activity, then it will be assigned to someone who is qualified (i.e. more
Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what
Internal controls are increasingly a crucial part of any business large or small. Controls serve two purposes according to financial accounting chapter eight; they safeguard assets and enhance the accuracy and reliability of accounting records. Expanding on that concept internal controls are put in place as a result of activities that have occurred in the past and are an effort to protect internal and external users. Internal controls safeguard company assets by outlining fair and efficient regulations in an effort to prevent theft. Regulations designed to establish responsibility, segregation of duties, and accountability protect investors, management, and the public. The result of a financial outrage and catastrophes of WorldCom, Enron, Tyco, Hollinger, and Tyco necessitated the need for better regulation and control leading to the creation of the Sarbanes Oxley Act (SOX).
Since the implementation of SOX, companies are required to establish effective and efficient internal controls in order to be in compliance with the SEC requirements (Jahmani & Dowling, 2015, p. 129). According to COSO internal control is defined as “a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of the following objectives: 1. Reliability of financial reporting, 2. Compliance with laws and other regulations, 3. Efficiency and effectiveness of business operations, and 4. Protection of property” (Kanagaretnam et al., 2014, p. 30 & Kapic, 2013, p. 63). Additionally, Kapic notes internal controls contain policy and procedures that assist the company and management with smooth operations of all daily business
Companies must have “Internal Control” to maintain principles and limitations. Internal controls are in place to help with securing the company from theft, robbery, and unauthorized use and enhancing the corrected and reliability of its accounting records by minimizing errors and making sure that are no unknown patterns in the accounting process. All U.S. corporations are required to have an adequate system of internal control because of the Sarbanes-Oxley Act of 2002 or the companies will be subject to fines and company officers may be imprisoned that do
Internal controls are the controls and preventive measures that a business should consider adopting in order to prevent and mitigate cash losses from dishonest schemes by employees, customers, and other parties it deals with. Every business should institute and enforce internal controls that are effective in preventing fraud.
In a local environment, access to the network machines is readily available, two examples of which are switches and routers. Access to all of the traffic passing through the network and analysis can be laboured as a part of gathering as much data as possible. When using the cloud, even the CSP (Cloud Services Provider) does not have that kind of data, because it must not log all the traffic passing through the network, since users’ data is confidential and CSP can’t record, store, and analyse it. The CSP might only apply the IDS (Intrusion Detection System) or PDS (Intrusion Prevention System) solution to the network, which is only analysing traffic for malicious behaviour and alerting the provider of such activity.
These five components are universally listed as the building blocks of an effective internal control system. Control environment is in general the environment that management creates with their actions, their attitudes and by leading by example. A clear focus on integrity, an honest commitment to discrepancy investigation and complete diligence in creating a system in which employees are able to complete their job duties and responsibilities. Risk assessment involves recognizing areas within the organization that have the greatest risk of inaccuracies or threat of loss. The greatest risks should receive the greatest amount of effort and monitoring. Monitoring and reviewing is an internal control procedure that should be implemented on a regular basis, giving management a clear picture of current requirements. Verifying that the appropriate procedures are in place and are being implemented accurately and efficiently is significant to the integrity of the system itself. Finally, control activities, these activities are what essentially occurs within the system, the actual processes and
Cloud computing facilitates sharing of computing and storage resources with the aim of reducing computing expenses in organizations. Moreover, cloud computing facilitates information sharing among individuals within a cloud. Despite being advantageous, data stored in a cloud is usually prone to hacking and other security issues. This paper addresses the various mitigation measures that organizations are using to ensure that data stored in the cloud is secure.
In fulfilling its responsibilities for the integrity of financial information, management maintains and relies on the Company’s system of internal control. This system is based on an organizational structure that efficiently delegates responsibilities and ensures the selection and training of qualified personnel. Management believes that to date, the internal control system of the Company has provided reasonable assurance that material errors or irregularities have been prevented or detected and corrected