"This new text reflects Bill Kinney's experience on the special committee of assurance services, The Elliot Committee. The book is not designed to train students to be auditors. Instead, it has a strategic orientation and is intended for future managers, bankers, investment bankers, analysts, investors, IT consultants, and practicing CPAs. It is unique in that it builds upon related courses in finance, strategy, operations management, information technology, and financial and managerial accounting. There are two broad objectives of the book: 1. To introduce business students to the use of auditors and internal control to run a business better by lowering the costs of capital, production and distribution. 2. To assist accounting students by integrating their knowledge of financial and managerial accounting, information technology, and business strategy with the role of professional assurers." --Publisher description.

​This book contains a collection of research papers on accounting information systems including their strategic role in decision processes, within and between companies. An accounting system is a complex system composed of a mix of strictly interrelated elements such as data, information, human resources, IT tool, accounting models and procedures. Accounting information systems are often considered the instrument by default for accounting automation. This book aims to sketch a clear picture of the current state of AIS research, including design, acceptance and reliance, value-added decision making, interorganizational links, and process improvements. The contributions in this volume emphasize that AIS has grown into a powerful strategic tool. The book provides evidence for this observation by examining a wide range of current issues ranging from theory development in AIS to practical applications of accounting information systems. In particular it focuses on themes of growing interest in the realm of XBRL and Financial Reporting, Management Information Systems, IT/IS Audit and IT/IS Compliance. The book will be of interest to financial and managerial accountants and IT/IS practitioners, including information systems managers and consultants.

This is the first joint working conference between the IFIP Working Groups 11. 1 and 11. 5. We hope this joint conference will promote collaboration among researchers who focus on the security management issues and those who are interested in integrity and control of information systems. Indeed, as management at any level may be increasingly held answerable for the reliable and secure operation of the information systems and services in their respective organizations in the same manner as they are for financial aspects of the enterprise, there is an increasing need for ensuring proper standards of integrity and control in information systems in order to ensure that data, software and, ultimately, the business processes are complete, adequate and valid for intended functionality and expectations of the owner (i. e. the user organization). As organizers, we would like to thank the members of the international program committee for their review work during the paper selection process. We would also like to thank the authors of the invited papers, who added valuable contribution to this first joint working conference. Paul Dowland X. Sean Wang December 2005 Contents Preface vii Session 1 - Security Standards Information Security Standards: Adoption Drivers (Invited Paper) 1 JEAN-NOEL EZINGEARD AND DAVID BIRCHALL Data Quality Dimensions for Information Systems Security: A Theorectical Exposition (Invited Paper) 21 GURVIRENDER TEJAY, GURPREET DHILLON, AND AMITA GOYAL CHIN From XML to RDF: Syntax, Semantics, Security, and Integrity (Invited Paper) 41 C. FARKAS, V. GowADiA, A. JAIN, AND D.

Policymakers and program managers are continually seeking ways to improve accountability in achieving an entity's mission. A key factor in improving accountability in achieving an entity's mission is to implement an effective internal control system. An effective internal control system helps an entity adapt to shifting environments, evolving demands, changing risks, and new priorities. As programs change and entities strive to improve operational processes and implement new technology, management continually evaluates its internal control system so that it is effective and updated when necessary. Section 3512 (c) and (d) of Title 31 of the United States Code (commonly known as the Federal Managers' Financial Integrity Act (FMFIA)) requires the Comptroller General to issue standards for internal control in the federal government.

The Complete Guide to Cybersecurity Risks and Controls presents the fundamental concepts of information and communication technology (ICT) governance and control. In this book, you will learn how to create a working, practical control structure that will ensure the ongoing, day-to-day trustworthiness of ICT systems and data. The book explains how to establish systematic control functions and timely reporting procedures within a standard organizational framework and how to build auditable trust into the routine assurance of ICT operations. The book is based on the belief that ICT operation is a strategic governance issue rather than a technical concern. With the exponential growth of security breaches and the increasing dependency on external business partners to achieve organizational success, the effective use of ICT governance and enterprise-wide frameworks to guide the implementation of integrated security controls are critical in order to mitigate data theft. Surprisingly, many organizations do not have formal processes or policies to protect their assets from internal or external threats. The ICT governance and control process establishes a complete and correct set of managerial and technical control behaviors that ensures reliable monitoring and control of ICT operations. The body of knowledge for doing that is explained in this text. This body of knowledge process applies to all operational aspects of ICT responsibilities ranging from upper management policy making and planning, all the way down to basic technology operation.

The book provides the complete strategic understanding requisite to allow a person to create and use the RMF process recommendations for risk management. This will be the case both for applications of the RMF in corporate training situations, as well as for any individual who wants to obtain specialized knowledge in organizational risk management. It is an all-purpose roadmap of sorts aimed at the practical understanding and implementation of the risk management process as a standard entity. It will enable an "application" of the risk management process as well as the fundamental elements of control formulation within an applied context.

An entertaining introduction to a very serious and complex issue Internal control is no longer the exclusive domain of highly trained accountants on the internal auditing staff. Corporate boards, CEOs, and employees at virtually every level are now seen as responsible for designing, implementing, and monitoring these controls; few, however, have the training and background needed to fulfill this complex responsibility. Through the entertaining story of a manager's visit to the Caribbean, Internal Control: A Manager's Journey illustrates how control can be managed throughout an organization. In each chapter, Operations Manager Bill Reynolds learns the key concepts and techniques of internal control and discovers how to design, document, install, and monitor an innovative, efficient internal control policy. He discovers that effective internal control is based on risk assessment and should encourage innovation. He also learns important techniques for preventing, detecting, and correcting fraud. This unconventional, extraordinarily useful guide is peppered with practical examples and workable solutions that can be used to institute improved control and accountability in any company of any size. It's the ultimate resource for CEOs, CFOs, operations managers, and anyone involved in the design, implementation, review, or reporting of internal controls.