...16 May 2011 Standards and Legal Issues By Thomas Groshong An audit of the Electronic Health Record (EHR) system reveals a lack of basic policies and standards to protect EHR data from misuse, abuse or theft. The He a l t h I n s u r a n c e P o r t a b i l i t y a n d Accountability Act (HIPAA) require protection of EHR data and basic security guidance to adequately safeguard this data from threats of misuse and/or t h e f t . T h o m a s J . S m e d i n g h o f f q u o t e s H P A A l a w 42 USC Section 1320d-2(d)(2) t h a t establishes three basic security principles “maintain reasonable and appropriate administrative, technical, and physical safeguard”. (Smedinghoff, T. (2008)) A r e a s o n a b l e a t t e m p t to provide safeguards and follow excepted standards for security can be found in the HIPAA Security Guidance, National Institute of Standards and Technologies (NIST) documents, and the SANS Institute policies. The security goal is to provide confidentiality, integrity, and availability of EHR i n f o r m a t i o n . (Smedinghoff, T. (2008)) The policies created below are to address weaknesses in the current system and provide direction on how to meet industry standards and legal requirements. A. Create three organizational policy statements: HIPAA suggests a three prone approach; physical security, technical security, and administrative security. This document will cover...
Words: 1128 - Pages: 5
...16 May 2011 Standards and Legal Issues By Thomas Groshong An audit of the Electronic Health Record (EHR) system reveals a lack of basic policies and standards to protect EHR data from misuse, abuse or theft. The He a l t h I n s u r a n c e P o r t a b i l i t y a n d Accountability Act (HIPAA) require protection of EHR data and basic security guidance to adequately safeguard this data from threats of misuse and/or t h e f t . T h o m a s J . S m e d i n g h o f f q u o t e s H P A A l a w 42 USC Section 1320d-2(d)(2) t h a t establishes three basic security principles “maintain reasonable and appropriate administrative, technical, and physical safeguard”. (Smedinghoff, T. (2008)) A r e a s o n a b l e a t t e m p t to provide safeguards and follow excepted standards for security can be found in the HIPAA Security Guidance, National Institute of Standards and Technologies (NIST) documents, and the SANS Institute policies. The security goal is to provide confidentiality, integrity, and availability of EHR i n f o r m a t i o n . (Smedinghoff, T. (2008)) The policies created below are to address weaknesses in the current system and provide direction on how to meet industry standards and legal requirements. A. Create three organizational policy statements: HIPAA suggests a three prone approach; physical security, technical security, and administrative security. This document will cover organizational policies for each of the three categories based on best practices...
Words: 1128 - Pages: 5
...Case Studies of Cybercrime and Its Impact on Marketing Activity and Shareholder Value Katherine T. Smith Department of Marketing Texas A&M University 4112 TAMU College Station, TX 77843-4112 Tel: 979-845-1062 Fax: 979-862-2811 Email: Ksmith@mays.tamu.edu L. Murphy Smith, CPA* Mays Business School Texas A&M University 4353 TAMU College Station, TX 77843-4353 Phone: 979-845-3108 Fax: 979-845-0028 Email: Lmsmith@tamu.edu Jacob L. Smith Grace Bible Church College Station, TX 77845 JacobSmith@grace-bible.org *Corresponding author Forthcoming in Academy of Marketing Studies Journal Electronic copy available at: http://ssrn.com/abstract=1724815 CASE STUDIES OF CYBERCRIME AND ITS IMPACT ON MARKETING ACTIVITY AND SHAREHOLDER VALUE Katherine T. Smith, Texas A&M University L. Murphy Smith, Texas A&M University Jacob L. Smith, Grace Bible Church ABSTRACT Cybercrime, also called e-crime, costs publicly traded companies billions of dollars annually in stolen assets and lost business. Cybercrime can totally disrupt a company’s marketing activities. Further, when a company falls prey to cyber criminals, this may cause customers to worry about the security of their business transactions with the company. As a result, a company can lose future business if it is perceived to be vulnerable to cybercrime. Such vulnerability can lead to a decrease in the market value of the company, due to legitimate concerns of financial analysts, investors, and creditors. This study examines...
Words: 6032 - Pages: 25
...------------------------------------------------- ------------------------------------------------- ------------------------------------------------- ------------------------------------------------- ------------------------------------------------- ------------------------------------------------- ------------------------------------------------- ------------------------------------------------- Dr. Randy Brown Annotated Biographies Oreku, G. S., & Li, J. (2009). End user authentication (EUA) model and password for security. Journal of Organizational and End User Computing, 21(2), 28-43. Retrieved from http://search.proquest.com.proxy1.ncu.edu/docview/199920202?accountid=28180 This article proposes an End User Authentication flexibility model to form a set of services that will constitute a flexible authentication model for a modern computing systems or infrastructure. This method would provide multiple authentications that will enable suppliers access a particular network system with varying levels of guarantee. It describes a simple three level ticket system used by clients and servers to achieve prevention of...
Words: 2303 - Pages: 10
...Forensic Accounting in Practice Twana Bethea BUS 508 May 21, 2013 Dr. Phyllis Praise Abstract Forensic Accounting is the application of the skills and training of a chartered accountant to disputes and investigations. Fraud is usually hidden in the accounting systems of organizations and that’s where forensic accountants play a critical role. Forensic accountants are contacted by companies when they need to figure out where a fraud was committed in their company. The accountants interview witnesses, analyze evidence such as email traffic between all parties involved. They will also freeze bank accounts if needed. They are hired to find out what happen and who was involved. If the case goes to trial they can be called to testify. The key skill of the forensic accountant is communicating complex financial transaction or data in a concise manner using images, graphs and languages that can be easily understood by non-accountants, the judiciary, and juries. With the growing complexity of business related investigations, Forensic Accounting professionals are increasing and the need is as well for investigations of business and financial issues. Forensic Accounting Practices Forensic Accounting has been in exist for many years, today there have been an increase in the need for this type of profession. Forensic accounting is the practice of integration of accounting, auditing and investigative skills. The accountings provide a court with an accounting analysis on the basis...
Words: 1442 - Pages: 6
...Abstract In combination between my experiences and life learning knowledge in a discussion topic of defining forensic accounting; I will be sharing with you my life knowledge in key specific areas within the fraud examination. I will also discuss my views of what is forensic accounting and its importance of this field. In addition; I will be delving in my definition of the fraud triangle and how I would utilize it in today cases. Going forward, I will explain the importance of the fraud triangle in fraud examination cases as well as I will give an explanation on my belief of how the fraud examination has an inevitable part today and along with how it works at the same point in time. I will finalize this discussion with the requirements needed to become a forensic accountant in the present state of Florida that I reside in. Definition of Forensic Accounting Forensic, a word that ignites the search for clues to find the perpetrator 's intent and truth in a criminal case. In the topic of forensic accounting, it brought to my attention of a T.V. show that I have recently watched a few nights ago. The show was called Forensic Files on the HLN network. The particular case was about on how investigators of a police department were working on a murder case. They were working with different specialized groups of examiners, doctors and specialists to help solve how the death of a man occurred. During the investigation...
Words: 1761 - Pages: 8
... Missouri 64105 United States (816)943-7310 (816)943-7300 2/6/2013 LJB COMPANY 1100 Main St Kansas City, Missouri 64105 United States (816)943-7310 (816)943-7300 2/6/2013 Internal control is measures adopted within an organization to safeguard its assets, enhance the reliability of accounting records, increase efficiency of operations, and ensure compliance with laws and regulations (Kimmel, Weygandt, Kieso, 2009). This document analyzes both LJB Company strengths and weaknesses and provides recommendation on internal control measures. Internal control is measures adopted within an organization to safeguard its assets, enhance the reliability of accounting records, increase efficiency of operations, and ensure compliance with laws and regulations (Kimmel, Weygandt, Kieso, 2009). This document analyzes both LJB Company strengths and weaknesses and provides recommendation on internal control measures. TABLE OF CONTENTS Introduction * Overview of Internal Controls * Importance of Internal Controls * The Sarbanes-Oxley Act of 2002 (SOX) Components of Internal Controls * A control environment * Risk assessment * Control activities * Information and communication * Monitoring Principles of Internal Control Activities * Establishment of responsibility * Segregation of duties * Documentation procedures * Physical controls * Independent internal verification * Human resource controls Good Internal Controls by...
Words: 1887 - Pages: 8
...Today’s Risk of Fraud: Forensic Accountants Help Protect Identity Theft Megan Laughman Financial Accounting Theory Michael Miller 4/7/15 Abstract The purpose of this study is to explore the recent cyber breaches that have occurred within companies throughout the United States and to look at the different ways these cyber breaches could have been prevented. The research also examines the need for forensic accountants within the business field, as they are able to help protect a company’s credibility and reputation. The study looks at the different internal controls a forensic accountant can incorporate into a company to help prevent cyber breaches and fraud from taking place. The results of the research provide confirmation that forensic accountants are essential in every company in order to help prevent and detour cyber breaches and fraud. Table of Contents Introduction……………………………………………………………………………………4 Literature Review………………………………………………………………………………7 Data Analysis........................................................................................................................…...14 Results and Conclusion…………………………………………………………………………17 References………………………………………………………………………………………19 Today’s Risk of Fraud: Forensic Accountants Help Protect Identity Theft Introduction Technology today is more advanced than it ever has been and almost everyone this day and age owns a computer, tablet, or smart phone. Most Americans utilize their computers, tablets...
Words: 4916 - Pages: 20
...Case Study: LJB Company Internal Control Recommendations There are two primary goals of internal controls. The first is to safeguard its assets from employee theft, robbery, and unauthorized use. The second goal is to enhance the accuracy and reliability of its accounting records. This is done by reducing the risk of errors and fraudulent activities in the accounting process. Public companies are now required by regulations Sarbanes-Oxley Act of 2002 (SOX) among them to formalize control procedures in writing. Privately held companies and other organizations also have an interest in the benefits that result from formalizing and documenting their internal control procedures. Companies must develop sound principles of control over financial reporting and continually assess that the controls are working. The new rules require management to disclose to the public any material weakness identified by management. The report must also state that the company’s independent public accountant who audited the financial statements included in the annual report has attested to and reported on management’s evaluation of internal control over financial reporting. This new attestation requirement under Section 404 expands the scope of the accounting firm’s audit procedures beyond the work required solely to render an opinion on the financial statements (1). Without adequate controls to ensure the proper recording of transactions, the resulting financial data may become unreliable and undermine...
Words: 1465 - Pages: 6
...Kudler Fine Foods relies on Accounting Information System (AIS) for its daily business operations. Due to the complexity of the business today, Kudler needs to understand the potential risks and how to mitigate them by applying internal controls to the AIS. This paper will discuss the risks and internal controls of Kudler’s AIS. The Risks to Kudler’s AIS Risk represents the possibility of a loss or harm to an organization (Raval & Fichadia, 2007, p.29). In developing effective AIS, risks should be analyzed and identified to protect the company’s assets and to promote operational efficiency. Kudler’s AIS uses four systems. They are Accounts Payable (AP), Accounts Receivable (AR), Inventory, and Payroll systems. These four systems have potential risks that may arise due to separation of duties conflict, unauthorized access, and human errors. At Kudler, the AP system is designed as an automated system. The potential risks to the system are the accuracy of the invoices’ approval and the segregation of duties conflict in adding or changing and approving vendors’ details. The sales process at Kudler involves payment by cash and credit. Even though the AR system is designed as an automated system, potential risk occurs when separation of duty conflicts exist in receiving and depositing the cash. The Inventory system at Kudler is also designed as an automated system. The potential risks are unauthorized modification of inventory level, separation...
Words: 1138 - Pages: 5
...need to install processes and controls to ensure that honest people are hired. When candidates are going through our interview process they will need to be thoroughly vetted on the accuracy of their work history, education, and stated accomplishments. In addition to the standard practiced of contacting references provided by the candidate, these referenced individuals will be asked to provide additional references. The result of checking references provided by the initial reference will in many instances allow for greater insight into the true character of the candidate. The Director of Human Resources should investigate the potential of having a pre-employment Business Ethics Assessment completed and evaluated for each potential new employee. The assessment will measure each candidate for knowledge of the application of ethical principles in various workplace situations, such as...
Words: 2662 - Pages: 11
...Tan Pham CSIA 303 Information Security White Paper Professor Gupta Information Security White Paper The internet and its technology have brought many advantages and disadvantages for information system of businesses, whether public or private. There is no denying that the business world will move further and further into the cyber world, where information are available just by a click of a finger. No matter how large of a scale a business is, private restaurant or large Banking Corporation, the truth is every single one of these business is at risk. Risk of losing trade secret and risk of losing employee’s confidential data are some of a few risks that a business must address. These risks originally come from sources calls vulnerabilities and threats. Vulnerabilities in plain definition are weaknesses of an information system. These weaknesses later can be translated and exploited by attackers, insider or outsider. These attackers are generally can be seen as threats. Businesses must find solutions to mitigate these threats by eliminating vulnerabilities of their system in order to reduce risk of their information and information system. Information security addresses the three following components: confidentiality, integrity and availability, which are the main goal for business toward protecting their information and information system. Confidentiality is basically to ensure no confidential data...
Words: 1157 - Pages: 5
...prevent fraud and theft within the business. The follow proposal will list the types of controls that are needed and reason for the controls. Finance One of the things that cannot be overlooked when it comes to controls is finance. Finance is the lifeblood of an organization. Without proper controls and functionality and control, a company’s finances can be out of distorted and may cause a business to possibly go under and close for business. One of the things that a business can do with controlling its finances is to have more than one person of management sign off on orders that have to do with financial transactions. An example of this would be a work or purchase order. This is something that should be controlled and documented by more than one person of management. The last thing that upper management wants to see is a mess of finances where one individual may end up taking too much control and could very well not be aware of the right amount of inventory they could be purchasing where there may not be a need. A second person can look over the order themselves and may have the ability to intervene and consider other action before the order takes place, or go ahead and approve the order. With the approval of orders, there also needs to be a documented amount of paper trail when it comes to finances. Many companies handle this practice different but to be proficient, there should be forms and understanding between the employee and upper management...
Words: 2205 - Pages: 9
...The internet and its technology have brought many advantages and disadvantages for information system of businesses, whether public or private. There is no denying that the business world will move further and further into the cyber world, where information are available just by a click of a finger. No matter how large of a scale a business is, private restaurant or large Banking Corporation, the truth is every single one of these business is at risk. Risk of losing trade secret and risk of losing employee’s confidential data are some of a few risks that a business must address. These risks originally come from sources calls vulnerabilities and threats. Vulnerabilities in plain definition are weaknesses of an information system. These weaknesses later can be translated and exploited by attackers, insider or outsider. These attackers are generally can be seen as threats. Businesses must find solutions to mitigate these threats by eliminating vulnerabilities of their system in order to reduce risk of their information and information system. Information security addresses the three following components: confidentiality, integrity and availability, which are the main goal for business toward protecting their information and information system. Confidentiality is basically to ensure no confidential data, such as customers’ data or trade secret, are acquired by unauthorized users. Example of large corporation such as Apple Inc. addresses the issue of confidentiality very seriously...
Words: 1132 - Pages: 5
...Accounting Information Systems CHAPTER 6 CONTROL AND ACCOUNTING INFORMATION SYSTEMS SUGGESTED ANSWERS TO DISCUSSION QUESTIONS 6.1 a. The "internal environment" refers to the tone or culture of a company and helps determine how risk consciousness employees are. It is the foundation for all other ERM components, providing discipline and structure. It is essentially the same thing as the control environment in the internal control framework. The internal environment also refers to management's attitude toward internal control, and how that attitude is reflected in the organization's control policies and procedures. At Springer's, several deficiencies in the control environment are apparent 1. Management authority is concentrated in three family members, so there are few, if any, checks and balances on their behavior. In addition, several other relatives and friends of the family are on the payroll. Since the company has a "near monopoly" on the business in the Bozeman area, there are few competitive constraints that might otherwise restrain prices, wages, and other business practices. Lines of authority and responsibility are loosely defined within the company, which would make it difficult to identify who might be responsible for any particular problem or decision. Management may have engaged in "creative accounting" to make its financial performance look better, which suggests a management philosophy that could encourage unethical behavior among employees. 2. 3. 4...
Words: 6258 - Pages: 26
