Accounting in computer systems

AIN1501

Unit 6

Big data

1 Introduction

-We are indeed in one of the fastest-changing technology phases in human history.

-The world’s most valuable resource is no longer oil, but data.

-Big Data is a term for a collection of data which is so large that it becomes difficult to
store and process using traditional databases and data-processing applications

-It describes data sets so large and varied they are beyond the capability of traditional
data processing -Companies are experiencing a rapid growth in the volume of data.

-This data is sourced from different areas of the business, for example, transactional
data and access to trillions of bytes of information about customers, vendors,
employees, operational and productive process.

-Big Data often also includes more than simply financial information and can involve
other organisational data (both internal and external), which is often unstructured.

-Data that inputs into Big Data systems can include social network traffic, web server
logs, traffic

flow information, satellite imagery, streamed audio content, banking transactions,

web page histories and content, government documentation, GPS tracking, telemetry
from vehicles, and financial market data.

2 The shift to Big Data

2.1 Traditionally, businesses gathered structured information on relevant issues from a

variety of sources and placed them into a database, or data warehouse.

-As the world is increasingly moving towards digitisation (and especially through the
growth of the internet), almost all information relating to the organisation and its
environment can be stored electronically.

- The amount of unstructured data generated by electronic interactions has increased

significantly, through e-mails, online shopping, text messages, social media sites as
well as various electronic devices which gather and transmit data.

-The amount of data which businesses must store and interrogate has increased at an
exponential rate, requiring new tools and techniques to make the most of them.

- Leveraging this resource for visualisation, structure and support, optimal decision-
making has become a commercialised privilege for many companies.
-Visualisation tools like Power Bi and SAP Lumira have become a well-used tool
amongst companies with substantial data lakes (systems of repository of data stored
in its natural or raw format) that want to sort and visualise it in an easy and
understandable way.

-This includes the amount of personal data available to and used by organisations.

-In this regard, the privacy, sensitivity and security of data are significant
considerations in modern

business.

-In the context of the organisation, privacy refers to all information that is considered
confidential and in need of protection from public disclosure.

-The Protection of Personal Information Act (POPIA) provides for a general prohibition
on the processing of special personal information.

-Special personal information includes information relating to the health, political

persuasion, race or ethnic origin, or criminal behaviour of the data subject. POPIA will
be dealt with in learning unit 15.

The features of Big Data

• Volume – this refers to the significant amount of data that the organisation needs to
store and process.

• Variety – Big Data can come from numerous sources. Bv. users’ browser and search
histories, viewing habits and purchase histories.

• Velocity – data is likely to change on a regular basis and needs to be continually

updated.

• Veracity (truthfulness) – it is vital that the organisation gathers data that is accurate.
Failure to do so will make analysis meaningless.

2.2 Sources of Big Data

-Big Data comes in two main forms, namely, structured and unstructured.

-Structured data is deliberately produced and collected for a specific purpose and
therefore exhibits a clear, deliberate structure.

-For instance, feedback data when people are requested to rate a service or product.

-Unstructured data is captured passively, without a clear purpose.

-Social media posts and “likes” are an example of this.

-Its format is highly variable and non-standard.

-Every two years, the volume and variety of computer-generated data double, and
most of it originates from unstructured (because it is raw) data such as e-mails,
Twitter, Facebook, posts, and images.
- Using Big Data enables companies to gain insight into customer preferences and
purchasing behaviour, affording them an enormous advantage when customising
products and services, specific to the respective individual.

-Industrial Big Data uses the same phenomenon as ordinary big data, but data is
generated by

industrial machines and requires a stronger computing power

-the principal sources of these two forms of data are classified as follows:

• Human-sourced data – billions of data points are produced every day from social
media, text messages, web browsing, e-mails, and so forth.

• Machine-generated data – smart technologies and the Internet of Things are a

growing source of data.

Sensors built into all aspects of modern technology, log and upload data constantly.
Home assistants, smart meters, TV boxes and cars are a small selection of items
producing machine-generated data.

• Processed data – Traditional data, held on databases of businesses and

organisations recording customers, transactions and company assets.

• Open data – Publicly available data stemming from sources such as governments,
the public sector, and national statistics agencies.

2.3 Benefits of Big Data

Big Data benefits the organisation in various ways, including:

• Driving innovation by reducing the time taken to answer key business questions,
thus speeding up decision-making.

• Gaining competitive advantage by identifying trends or information that have not

been identified by rivals.

• Improving productivity by identifying waste and inefficiency or identifying

improvements to working procedures.

A recent study by Bain & Co (2013) suggested that, of 400 large companies, those
that had adopted Big Data analytics have gained a significant market advantage.

2.4 Big Data problems

-Extra challenges arise because of the huge volume of data and information that need
to be protected, the variety of sources, types of information and the speed with which
it is updated.

-Making use of it can be challenging, but also making sure that it is accessible,
trustworthy and private can become very costly

-As mentioned before, one of the difficulties with Big Data is the ability to convert it
touseful information.
- To help with this, several new open-source platforms have emerged to help
organisations make sense of Big Data, such as Hadoop and Cassandra, though these
may be difficult to integrate with existing data warehouses.

-New roles and careers are also emerging in business, such as “data scientists” (data
analysts), whose role is to help the organisation derive meaning from the data it
stores.

-However, due to the rapidly changing nature of Big Data analysis, there is a shortage
of skills and support for these systems.

-It is important to realise that just because something CAN be measured, this does not
mean it should be.

-There is a risk that valuable time and money will be spent measuring relationships
and information that has no value for the organisation.

- The organisation needs to consider how to keep its data secure from viruses and
hackers.

-This stimulates the question of whether the organisation actually owns the data on
individuals it has

collected.

-There may be legal (data protection) and privacy issues if it holds large amounts of
data on potential customers

3 Data analytics

-Analytics is defined as something that is used to describe statistical and

mathematical data analysis, that clusters, segments, scores, and predicts which
scenarios are not likely to happen

- Various software can be used to conduct analysis of Big Data, which could increase
efficiency in jobs.

-The presence of various advanced technologies like Big Data, 3D printing, drones,
virtual reality, and the Internet of Things can benefit work and people.

- In the pre-technology era when humans worked manually, people gradually started
looking for data, receiving data (inputs), albeit limited and few, and processing them
into information.

-But now, with the existence of the internet where one can connect many objects and
devices, companies can receive large amounts of data (Big Data), and machines do
not require human performance to complete a lot of work in a limited time

-Thus, data analytics is the process of collecting, organising and analysing large sets
of data (Big Data) to discover patterns and other information which an organisation
can use to inform future decisions.
the data analysis process includes the following:

• Data collection – Organisations have access to greater quantities of data available

from various internal and external sources.

• Organisation of data – Once the data has been captured, it needs to be organised
and stored for future use, often using data warehousing facilities.

• Data analysis – Data-mining software uses statistical algorithms to discover

correlations and patterns to create useful information.

-Understanding the potential value of data and its significance to an organisation

presents a real opportunity to gain unique insight.

-This can be used to improve competitive position and potentially gain competitive
advantage over rivals.

-an organisation can realise the following benefits from effective data analytics:

• Fresh insight and understanding – Seeing underlying patterns through the intelligent
use of data can give insight into how a business operates and reveal issues that
management may not have known existed.

• Performance improvement – Data, processed and sorted into relevant management

information in real time, can lead to significant operational gains and improved
decision-making and resource utilisation.

• Market segmentation and customisation – Refining customer groups into ever more
specific segments and understanding the wants and needs of those groups can lead to
increased personalisation and customisation of products and services.

• Decision-making – Real-time information that is relevant can lead to faster decisions

and decisive advantage over competitors.

• Innovation – Existing products can be improved from understanding the features and
elements that customers enjoy and use. This can also lead to the development of new
products.

• Risk management – Risk management and control are vital in the effective running
of any organisation. The use of data can enhance all stages of the risk management
process.

4 Role of accounting profession

-Big Data techniques are not as widely used by professional accountants as in other
related fields.

- Modern engagements in the accounting profession often imply reviewing clients by

means of Big Data in order to remain competitive and relevant.

- In a Big Data environment, the professional accountant has the potential to perform
more advanced
projections analysis

-Forming a standardised view of the accountant led organisations to form a consensus

that the role of management accountants was to conduct financial analysis, file
reports, and gather information.

- However, they lacked real influence over business decisions and strategy

-The management accounting role has been researched in several different settings in
the last century.

-Academic professionals share the same opinion when it comes to transformation in

the role of management accountants (MAs).

-The time for bean counters has passed. Management accountants are perceived as a
strategic partner with influence in decision-making. In this regard, the prominent view
of MAs having a binary role as either “bean counter” or “business partner” – in some
cases switching between these two – is ignoring the possibility of incoherent role
development within different contexts .

-MAs’ role in production is evolving – they have different backgrounds, skills and
mindsets. This new form is labelled as an adaptive form, because they no longer
belong to either group, but rather just adapt to different contexts.

-Thus, the role of MAs will eventually look different based on the production
environment (PE).

-They will no longer be labelled according to a binary role, but will rather be defined by
the work they do. MAs in these settings are no longer just conducting analyses; they
are contributing as designers and developers of dashboards.

-This emphasises the effective utilisation of MAs so that they can reach the desired
goal of optimisation and cost reduction

5 Summary

-the amount of data which businesses must store and interrogate has increased at an
exponential rate, requiring new tools and techniques to make the most of them.

-In this regard, understanding the potential value of data and its significance to an
organisation presents a real opportunity to gain unique insight.

- This can be used to improve competitive position and potentially gain competitive
advantage

over rivals.

-Big Data techniques in the accounting profession are not as widely used by
professional accountants as in other related fields.

-Modern engagements in the accounting profession often imply reviewing clients using
Big Data in order to remain competitive and relevant in the market.

-In a Big Data environment, the professional accountant has the potential to perform
more advanced projections analysis.
-Big Data often also entails more than simply financial information and can involve
other organisational data (both internal and external), which is often unstructured.

-various software can be used to conduct analyses of Big Data, which could increase
job efficiency. Advanced technologies (e.g., Big Data, 3D printing, drones, virtual
reality, the Internet of Things) can help the work environment and people in their
activities.

LEARNING UNIT 11

ACCOUNTING IN TECHNOLOGY

1 Introduction

2 Blockchain

2.1 Benefits of a blockchain

2.2 Features of a blockchain

2.3 Typical stages in a blockchain transaction

2.4 The relevance of blockchain technology to finance professionals

3 Fourth Industrial Revolution

3.1 Understanding of CPS

3.2 Emergence and navigating the industrial revolutions

3.3 Features of the Fourth Industrial Revolution

3.4 4IR and new jobs

3.5 Major areas of concern

3.6 Role of higher education institutions (HE) in the era of 4IR

3.7 Skills level of public accountants in the digitalised economy

4 Enterprise systems

4.1 What is an ERP?

4.2 Why companies buy an ERP system

4.3 Application of an ERP system

4.4 Advantages and disadvantages of an ERP system

4.5 Role of accountants

5 SAP

6 Relationship between SAP and ERP software

6.1 Management accounting changes for companies using SAP

7 Oracle
7.1 Oracle Database

7.2 Managing the Oracle Database

7.3 Database application development features

7.4 Optimisation of Oracle system

7.5 Pastel

8 E-commerce and digitalisation

8.1 E-commerce

8.2 The main e-commerce categories

8.3 Action points for e-commerce

8.4 Advantages and disadvantages of e-commerce

8.5 Digitalisation

8.6 Applying digitalisation in enterprises and redefining business models

8.7 Fast-tracking of digitalisation by Covid-19

8.8 Barriers in the adoption of emerging technologies

8.9 Areas of technology that will thrive post the pandemic

8.10 Solutions

9 Current trends

9.1 Artificial intelligence (AI)

9.2 Cloud and mobile computing

10 Cryptocurrencies

11 Summary

1 Introduction

-Society is becoming more dependent upon computer and communications

technology.

-Many would argue that we have left the industrial age behind, and the information
age has taken over

2 Blockchain

-A blockchain has been described as a decentralised, distributed and public digital

ledger that is used to record transactions across many computers so that the record
cannot be altered retroactively without the alteration of all subsequent blocks and the
consensus of the network.
-Alternatively, it has been defined by the Bank of England as a technology that allows
people who do not know each other to trust a shared record of events

-It is used in cryptocurrency such as bitcoin. In blockchain, transactions are basically

publicly stored to form a shared ledger and verification

2.1 Benefits of a blockchain

-The main benefit of blockchain is security. In the digital era, cybersecurity is a key risk

associated with the use of IT systems and the internet.

-This is because traditional systems have been “closed”, and so modifications to data
have been carried out by just one party.

-If the system is hacked, there is little control over such modification to prevent it from
happening

2.2 Features of a blockchain

key features of a blockchain:

• In a blockchain system, transactions are recorded by a number of participants using

a network which operates via the internet.

-The same records are maintained by a number of different parties; as a transaction is

entered, it is

recorded by not just two parties, but instead by all of the parties that make up the
overall chain.

-This can happen because all the records in the blockchain are publicly available and
distributed to everyone that is part of that network.

• When a transaction takes place (e.g., between a buyer and a seller), the details of
that deal are recorded by everyone – the value, the time, the date and the details of
those parties involved.

-All the ledgers that make up the blockchain are updated in the same way, and it
takes the agreement of all participants in the chain to update their ledgers for the
transaction to be accepted.

• The process of verifying the transaction is carried out by computers; it is effectively

the computers which make up the network that audit the transaction.

-If all the computers review the transaction and verify that the details are correct, the
systems of all participants in the blockchain have updated records.

-The computers work together to ensure that each transaction is valid before it is
added to the blockchain.

-This decentralised network of computers ensures that a single system cannot add
new blocks to the chain.

• When a new block is added to a blockchain, it is linked to the previous block using a
cryptographic hash generated from the contents of the previous block.
-This ensures that the chain is never broken and that each block is permanently
recorded.

-It is intentionally difficult to alter past transactions in the blockchain because all the
subsequent blocks must be altered first.

• It is this control aspect of blockchain technology which addresses the main concern
of cybersecurity.

-If anyone should attempt to interfere with a transaction, it will be rejected by those
network parties making up the blockchain whose role it is to verify the transaction.

-If just one party disagrees, the transaction will not be recorded.

2.3 Typical stages in a blockchain transaction

1.Transaction is requested.

2. A block is created as digital representation of the transaction.

3. The block is sent to every node in the network (distributed ledger).

4. The nodes validate the authenticity of the transaction.

5. The nodes receive a reward or the proof of work, such as bitcoin

6.The completed authorised block is added to the chain.

2.4 The relevance of blockchain technology to finance professionals

-Much of the accountancy profession is concerned with ascertaining or measuring

rights and obligations over property, or planning how best to allocate financial
resources.

-For accountants, using blockchain provides clarity over ownership of assets and
existence of obligations and can dramatically improve efficiency. Ultimately,
blockchain provides an unalterable, transparent record of all accountancy-related
data.

-Examples of how blockchain can enhance the accounting profession include the

following :

• Reducing the costs of maintaining and reconciling ledgers

• Providing absolute certainty over the ownership and history of assets, the existence
of obligations and the measurement of amounts owed to a business and owed by a
business

• Helping accountants gain clarity over available resources

• Freeing up resources to concentrate on planning and valuation, rather than record-

keeping.
3 Fourth Industrial Revolution

-The phrase Fourth Industrial Revolution (4IR) is defined as the advent of a “cyber-
physical system” (CPS) involving entirely new capabilities of people and machines.

-While these capabilities are reliant on the technologies and infrastructure of the Third
Industrial Revolution (3IR), 4IR represents entirely new ways in which technology
becomes embedded in societies and even our human bodies.

-Examples include genome editing, new forms of machine intelligence, breakthrough

materials and approaches to governance that rely on cryptographic methods such as
blockmail

-Thus, the 4IR is the age that represents revolutionary changes to everything and
describes the phenomenon as it aptly applies to both the technical shift of the Second
Machine Age (2MA) and how people will live in it.

-In the 2MA, the technological progress in digital hardware, software and networks is
about automation of knowledge.

-It is underpinned by

(a) exponential growth of Moore’s law yielding a new regime of computing,

(b) the digitalisation of everything, and

(c) the emergence of an infinite number of combinational possibilities for innovation of

the two. In this regard, transition is profound, and the pace is massive amounts of
data being collected

-Therefore, the 4IR can be generalised as ‘‘a rapid and major change in an economy,
driven by a shift in the methods and types of work undertaken’’.

-It is a new phase where the fusion of several technologies is not only automating
production, but also knowledge.

-Thus, the changes that are occurring, are happening now because humans have
finally developed the computing capacity to store massive amounts of data which in
turn enable machine learning.

-The outcome of this is the development of the Cyber-Physical System (CPS), which
emerged in Germany around 2000.

-In 2016, the 4IR officially sounded an alarm that labour costs were about to be
disrupted and the way we live and work would be permanently altered by the
introduction of CPS

3.1 Understanding of CPS

-The term “cyber-physical system” was coined in 2006 by the US National Science
Foundation (USNSC), with the hosting of several workshops on artificial intelligence
(AI) and robotics.
-CPSs are physical and engineered systems where operations are monitored,
coordinated, controlled and integrated by a computing and communication core.

-How we live and work is transformed by CPS and other new technologies such as 3D-
printing, the Internet of Things, blockchain and artificial intelligence.

- Just as the internet transformed how humans interact with one another, CPS
transforms how we

interact with the physical world around us.

3.2 Emergence and navigating the industrial revolutions

-Technologies emerged and are emerging that affect our lives in ways that are
unimaginable

-The First Industrial Revolution (4IR) occurred roughly between 1760 and 1830.

-Characterised by the generation of steam, the development of craft industries and

mechanical production equipment, it fundamentally changed the basis of the
economy of the time for many countries.

-It entailed a shift from our reliance on animals, human effort and biomass as primary
source of energy to the use of fossil fuels and mechanical power.

-Furthermore, it constituted a shift from rural, agricultural life to urban, industrialised

societies.

-The Second Industrial Revolution (2IR) took place from 1870 to 1914, thus between
the end of the 19th century and the first two decades of the 20th century.

-It was characterised by the division of labour, the generation of electricity, and mass
production.

- It brought major breakthroughs in the form of electricity distribution, both wireless

and wired communication, and new forms of power generation.

-This saw the growth of vast corporations and a wave of globalisation.

-Third Industrial Revolution (3IR): It began in the 1950s with the development of digital
systems, communication, and rapid advances in computing power, which have
enabled new ways of generating, processing and sharing information.

- It also emerged with the development of Information Technology (IT) and electronics,
which enabled more efficient production.

-In 1969, it manifested as electronics, IT, automation, and production.

- It saw a move from mechanical and analogue technology to the digital technology of
today and is known as the Digital Revolution.

- Developments and improvements in communications, computers and the

introduction of the internet were some of the key drivers of this period of rapid
change. We are now in the Fourth Industrial Revolution (4IR).

3.3 Features of the Fourth Industrial Revolution

Each industrial revolution above impacted society in their own specific way. The
characteristics predicted to define the 4IR include:

• Fusion – cyber and physical systems will continue to fuse, becoming increasingly
autonomous

• Employment – robotics, automation and digitisation are predicted to make many

jobs redundant or fundamentally different to today

• Artificial intelligence and machine learning – improved computing speed and

optimised supply chains enable products to be customised more easily and more
cheaply

• Machine-led manufacturing – the shift from machines helping workers manufacture,

to workers helping machines, will accelerate

• Improved asset management – benefits to the natural world through more efficient
use of natural assets, a shift to renewables, innovations in recycling, coupled with
digitisation, are anticipated to benefit the natural world.

3.4 4IR and new jobs

-The most discussed issue is the potential for 4IR to increase unemployment, and thus
drive inequality.

-Many of the new jobs that will exist even ten years from now cannot be predicted or
imagined yet. However, it is predicted that the well-paying jobs are expected to
involve creativity, data analytics and cybersecurity, as there is dearth of talent in this
area.

- What is known is that the skills needed to take full advantage of the automation
economy are different from those that have been emphasised by higher education
(HE) institutions in the past.

- According to the World Economic Forum (WEF) “Future of Jobs” report, the top ten
skills that will be needed in order of priority by employers by 2020 are:

a. complex problem-solving

b. critical thinking

c. creativity

d. people management

e. coordinating with others

f. emotional intelligence

g. judgment and decision-making

h. service orientation

i. negotiation

j. cognitive flexibility
-Active listening and quality control, which were the skills identified as needed in
2015, are no longer needed and were replaced by cognitive flexibility and emotional
intelligence in 2020. This is because, as work becomes automated, it will also become
much more fluid, needing employees to be agile and able to jump between very
different types of tasks and contexts

3.5 Major areas of concern

These are inequality, security and identity

• Inequality: The richest 1% of the population now owns half of all household wealth,
according to Credit Suisse’s Global Wealth Report of 2015. Oxfam’s new report
presents an even more dramatic concentration of assets, finding that 62 individuals
controlled more assets than the poorer 3.6 billion people combined, or half of the
world’s population.

-On the eve of the World Economic Forum, Sanders and Price 2018) revealed that
Australia’s richest 1% owned 23% of the country’s wealth. In the previous year, the
figure had risen to 22%, more than the bottom 70% combined.

• Security: Increasing inequality does not only affect production, mental health and
trust, but also creates security concerns for both citizens and states.

-The Forum’s Global Risks Report 2016 highlighted that a hyperconnected world, when
combined with rising inequality, could lead to fragmented segregation and social
unrest (Davis, 2016).

-This mix of factors creates the conditions for violent extremism and other security
threats enabled by power-shifting to non-state actors.

-The combination of a digital world with emerging technologies is creating new “battle
spaces” and expanding access to lethal technologies.

-This makes it harder to govern and negotiate among states to ensure peace.

• Identity, voice and community: As reflected above, 4IR is the first where the tools of
technology can become literally embedded within us and even purposefully change
who we are at the level of our genetic make-up.

-It is important that the emerging technologies of the 4IR increase diversity and the
potential for

collaboration rather than driving polarisation.

-Emerging technologies, particularly in the biological realm, are also raising new
questions about what it means to be human.

3.6 Role of higher education institutions (HE) in the era of 4IR

-the importance of interdisciplinarity is emphasised throughout, as learners of all ages

must meet the challenges of the automation economy with creativity and curiosity,
automation being a tangible reality for anyone in higher education.
-Among others, the following key observations were made:

a. Today’s learners of all ages are faced with major challenges in demographics,
population (both growing and shrinking), global health, literacy inequality, climate
change, nuclear proliferation and much more.

-Thus, as they leave university, the 4IR world makes significantly different demands on
them than

have previously existed.

b. The design, construction and verification of CPS pose a multitude of technological

challenges, that must be addressed by a cross-disciplinary community of researchers
and educators.

c.

d. Information transfer is no longer the sole purview of institutions of higher

education.

Everyone is now responsible for lifelong learning and upskilling as the skills that will
carry one through as the content will always be changing.

-To develop theseskills, learning must go way beyond information transfer.

-Although traditional undergraduate, graduate and research education will remain

important to society, space must be created for adult learners to continue their
learning as well.

e. In collaboration with governments and industry, HE must prepare lifelong

learnerstogether.

f. Whatever was promised before by completing an HE degree, is not promised any

longer.

g. Neither a high school or undergraduate education, nor a master’s degree or a PHD

is enough.

h. Nearly everyone will work with AI; this means, what one majored in will not
determine one’s job or career. The content and a deep understanding of it matters,
but it is also about what one can do with it.

i. The information transferred through the traditional lecture and test format does not
get the student up very high in cognitive capacity ranks of higher-order thinking.

-Therefore, education is a mechanism that must propose learning that serves to

interact with the context that demands certain skills to be efficient.

- Thus far, the change in HE has been considered inadequate, although some
institutions are trying to adapt.

-As classified by Bloom’s taxonomy of higher learning, remembering, understanding,

applying, analysis, evaluating and creativity are six levels of learning and knowing

-Ultimately, university systems are responsible for training the accounting

professionals in the development of new skills of the new accountant and auditors.
-This requires the innovation and updates that respond to the 4IR, without neglecting
the social and ethical responsibilities of anti-corruption

3.7 Skills level of public accountants in the digitalised economy

-According to Stablings (2020), accounting and data processing are intertwined, but
the development of concepts that adequately reflect the changing situation is
delayed.

-During the last two decades, institutions have focused on integrated internal data
processing and receiving data from or transference to other institutions using
communication infrastructure. Now, the focus is on uploading data – fixed paper
documents – to computer media without using the keyboard, because this task
requires a lot of staff time and diligence.

-The use of computer version devices and elements of AI allows automation

accounting data input processes.

-A study conducted by Gómez Méndez and Janampa Acuña (2020), intended to find
whether public accountants are qualified to face the 4IR and analyse the professional
skills of accounting to provide services in the digitalised economic entities in Peru,
reached the following conclusions:

a. Although the 4IR does not replace public accountants, they do require new skills.

b. Accounting practice, which is a science that accountants cannot escape, is not

immune to the changes of globalisation and digital internalisation.

-Thus, for chartered accountants (CAs), the arrival of the 4IR poses a dilemma
common to the profession.

c. Accountants (accounting and auditing professionals) are (in reality) not prepared to
take on and not ready to face the challenges of the 4IR.

-They seem to fail in critical thinking, analysis and solving complex problems.

d. Skills that continue to grow in importance towards 2022 include analytical thinking,
innovation, active learning and learning strategies, as well as human skills such as
creativity, originality and initiative.

e. The accounting profession must expand its horizons and open itself to the
internalisation of financial markets and the advances of ICT and big data, which are
required to meet the demands of business organisations and users of information.

-The users of information and big data and users of information topics are covered
comprehensively in learning units 1 and 6, respectively).

4 Enterprise systems

-These are accounting information systems (AIS). According to Klaus, Rosemann and
Gable (2000), enterprise systems are commercial software packages that enable
integration of transactions-oriented data and business process throughout an
organisation.
-They include enterprise resource planning (ERP), software and related packages, such
as advanced planning and scheduling sales force automation, and product
configuration.

4.1 What is an ERP?

-Many organisations prefer to use one computer system that can be used throughout
the organisation by integrating all the functions.

-Thus, ERP is that system integrating management information through the

management of the flow of data across the entire enterprise

-In this regard, it integrates the data gathering and data processes of departments
and functions into one singIe system of integrated applications. It handles the vital
operations of the entire organisation and often includes some functions of the
strategic and technical level of the organisation as well.

-Examples of an ERP are SAP and Oracle .These will be dealt with below.

4.2 Why companies buy an ERP system

- companies acquire the system because of the following:

a. The application of ERP systems improves the performance of an organisation in its

daily operations by addressing inefficiency of institutional processes.

-Through automating business processes, operational efficiency is enhanced, and

access to information eased.

b. To simplify the management and operations of large-scale companies that have

grown organically or through acquisition, where this involves multiple currencies,
offices or business areas.

c. To replace or upgrade an outdated, unwanted or ineffective existing ERP system.

- This can involve improved information management through the promotion of access
to information, reducing duplication and improving predictive capabilities.

d. ERP deals with many complex and overlapping business problems.

-Most organisations expect to receive trade benefits through ERP implementation.

-One of these benefits is to achieve the financial goals of the company through
productivity gains and efficiency resulting from business process automation.

4.3 Application of an ERP system

-AIS are fundamental for the recording of accounting transactions and for the
preparation of financial statements, as required by the legislation governing financial
accounting.

-Thus, the application of ERP has contributed to numerous changes in accounting

information systems in the modern era of networked computing.

-The most significant are:

a. Elimination of routine tasks of accountants, since the tasks that were once
performed by accountants are now performed by computers. In fact, they are aimed
at serious tasks such as analysis and performance measurement.

b. Although the application can imply the loss of some basic traditional accounting
skills, the requirements that are set before the accountants, are not reduced in scope
and complexity.

-Operational management possesses require a lot more accounting knowledge, which

confirms the necessary decentralisation of that knowledge.

-Additionally, the management is responsible for its own activities.

-A large part of routine accounting tasks are done centrally and automatically, while
the coordination and preparation of various operational reports are entrusted to the
ERP.

-Some of the traditional accounting tasks are transferred to other employees in the
enterprise, the most important being the issue of adequate high-quality information
support to management owing to ERP.

-On the basis of advanced technology, the so-called centres of excellence arise, that
is, the teams of specialists who perform more demanding tasks, such as statutory
(financial) and tax reporting, including internal audit.

-Also refer to learning unit 2 on the accounting information system implementation in

an ERP environment and decision-making.

The following diagram explains an ERP system . Draw iittttt.

4.4 Advantages and disadvantages of an ERP system

They are presented in the following table:

4.5 Role of accountants

-With the rise of implementation of ERP at the end of the 20th century and the
beginning of the 21st, public accountants have an imperative to develop new skills
and competencies to manage information systems.

- They must be broadly knowledgeable about digital data and achieve the valid
evaluation of the overdose of digital information.

-Increasingly, their work is becoming more complex. The more demanding role of
accountants implies high analytical ability of data interpretation, a broad knowledge
of the business and information technology, a willingness for teamwork, strategic
thinking, communication and interpersonal skills as well as the ability of ethical
evaluation and decision-making.

-On the other hand, management accountants are required to have a much higher
level of knowledge of multidisciplinary tasks

5 SAP

-As mentioned above in defining what an ERP is, through a single, comprehensive ERP
system, many companies have introduced new systems that help in upgrading and
managing their daily business, reserves, and processes, and linking the sections.

- Many companies specialise in building these systems.

-The most famous such company is SAP, which produced a product that bears its
name (SAP). The SAP program, which began in 1972, was developed initially by three
German programmers working for

International Business Machinery (IBM).

-Its main activity is to produce management programs that help enterprises improve
their businesses and connect them into one system.

-The objective was to ensure its coherence and efficiency without having to use
several software systems from different companies, which are expensive and most
often purchased by the largest companies.

-SAP has evolved the software until it has become a comprehensive program for all
sections of a company, whether small, medium or large.

-The applications in SAP are called modules and they are connected, but usually one
can buy one module or more separately according to one’s needs. It is now one of the
latest companies that provide practical business solutions (

6 Relationship between SAP and ERP software

-SAP was found to be one of the best, the most popular and the most widely accepted
ERP software in a study conducted in Serbia. However, results showed the following:
a. b. c. The process of implementation of SAP and its initial phases, is complex, and
more attention is devoted to configuring the basic modules.
-In one of enterprises surveyed, the implementation process itself has lasted for more
than 18 months and has still not ended. This resulted in simultaneously using both
SAP and the old software solution. Thus, a longer time necessary for the full
implementation of SAP can be conducted in a subsequent appearance of expected
effects.

-A time gap was identified between the moment of the implementation of the system
and the first positive effects less involved with data entry, thus allowing them to
undertake more analysis – as non-financial information is more extensive.

6.1 Management accounting changes for companies using SAP

-The role of management accountants has changed significantly.

- A study was done by Malinic and Mirjana (2012), in relation to how management
accounting changed under the influence of ERP in industrial enterprise, given the
intensive application of ERP systems for the companies using SAP.

-It was concluded that SAP reduces the time required for the traditional tasks of
management accounting, while increasing the time required for the activities of data
analysis, performance measurement and subtle strategic reporting.

-Although SAP does impact the management accounting, that impact is relatively
modest in relation to the expectations.

-Thus, there is no strong causal relationship between implementation of SAP and

changes in practice of management accounting.

-That is, the stabilising effect on management accounting is more widespread.

7 Oracle

-Since Oracle database is a popular product, its performance will impact many
applications in information systems.

-With the development of computer network and database technology, information

management has become the core of many enterprises, while database is all business
foundation; its importance is self- evident.

-Oracle is a relational database, attempting to stay the world leader and maintain the
biggest market share.

-But, in the early days in China, although a large relational database, generally only
large enterprises were able to use it.

-Along with the shared SQL, a multithread server system structure was introduced.

-This greatly reduced Oracle resource usage and increased Oracle compatibility and
processing ability, on a low- grade soft hardware platform with fewer resources to use.
According to Greenwald,

Stackowiak, and Stern (2013), over the past approximately 30 years, Oracle grew from
being one of many vendors that developed and sold a database product to being
widely recognised as the database market leader.
- In Oracle, the term “database” refers to the physical storage of information, and the
term “instance” refers to the software executing on the server that provides access to
information in the database and the resources that software uses.

- Oracle includes many features that make the database easier to manage.

-Although early products were typical of a startup company, the Oracle Database grew
such that its technical capabilities are now often viewed as the most advanced in the
industry.

- The foundation of Oracle’s database Server is known as Oracle Database 12c”.

7.1 Oracle Database 12c

-Oracle releases new versions of the flagships database every three to five years.

-With each database release, Oracle has improved the scalability, functionality, and
manageability of the database.

-New releases typically follow themes and introduce a significant number of features.

-In recent releases, these themes are indicated in the product version’s naming.
Typically, the terms “Oracle” and “database” are used when describing them. In 2012,
Oracle Database 12c appeared to be used somewhat interchangeably as it included all
the features of previous versions. It was released in 2013 and introduced a number of
deployments. Today, enterprise Manager 12c continues to be a framework used for
managing the database (Greenwald, Stackowiak, and Stern, 2013).

7.2 Managing the Oracle Database

-Manageability and rapid provisions features are especially useful in the private and
public cloud computing environment, where hardware infrastructure and the database
are delivered as a service over a network, building upon capability introduced in
previous releases.

-There are three fundamental types of physical files that make up an Oracle database.

-They are:

• Control file

• Data file

• Redo log files

-Oracle also offers an Application Server and Fusion Middleware business intelligence
tools and business applications (the e-business suite, PeopleSoft, JD Edwards, Siebel,
Hyperion and Fusion, among others).

7.3 Database application development features

-Oracle database is typically used to store and retrieve data through applications.

-All versions of the Oracle database include language and interfaces that enable
programmers to access and manipulate the data in the database.
- Database programming features usually interest developers who create Oracle-
based applications to be sold commercially, or Information Technology organisations
building applications unique to their business.

- Data in Oracle can be accessed using SQL/XML, XQuery, and WebDev.

- Programs deployed within the database can be written in PL/SQL and Java

7.4 Optimisation of Oracle system

-Optimising the Oracle system is becoming more and more important

-as blockchain-based application and research into, for instance, cryptocurrency

increase, an Oracle problem to bring external data in the blockchain is emerging.

-Among the methods to solve the Oracle problem, a method of configuring practice-
based transport layer support (TLS), and existing internet infrastructure have been
proposed. However, these methods have the disadvantage of not supporting privacy
protection for external data, and limitations in configuring the process of a smart
contract based on external data verification for automation.

7.5 Pastel

-Sage Pastel accounting software is the preferred choice for many businesses.

- The accounting payroll ERP and business solutions allow for effortless daily financial
management. This will enable customers to go “beyond accounting” and focus on
business.

8 E-commerce and digitalisation

-In years to come, we will look at 2020 as the moment that changed everything.

-Nowhere else has such unprecedented and unforeseen growth occurred as in the
digital and e- commerce sectors amid the Covid-19 crisis.

-While most sectors experienced slowing. economic activity, Covid-19 has led to a
surge in e-commerce and accelerated digital transformation.

-As lockdown became the new normal, business and consumers increasingly “went
digital”, providing and purchasing more goods and services online, raising e-
commerce’s share of global retail trade from 14% in 2019 to about 17% in 2020.

-These and other findings are showcased in a new report, Covid-19 and E- commerce:
A Global Review, by UNCTAD and e-Trade, for all partners, reflecting powerful global
and regional industry transformation recorded throughout 2020. At an event to
release the report, UN General Assembly President, Bozkir, said that that the trend
towards e-commerce was likely to continue throughout the recovery from Covid-

-Thus, we need to recognise the challenges and take steps to support governments
and citizens as they continue to embrace new ways of working.
-Since the outbreak of the pandemic, all e-Trade partners have worked together to
raise awareness of the e- commerce opportunities and risks emerging during the
crisis.

-They also identified ways in which businesses in developing countries could overcome
the challenges.

-In this regard, the Covid-19 repository launched in the fall of 2019 and e-commerce
report are the initiatives’ latest collective efforts to build a sustainable digital future

8.1 E-commerce

-Electronic commerce, also known as e-commerce, is the online business process of

selling, buying, delivering, servicing and paying for products and services over
computer networks such as the WWW or the internet.

-The objective of e-commerce is to add and expand revenue streams, enhance

relationships with customers and business partners and improve efficiency using
computer networks.

-It is important to remember that although the largest part of e-commerce is

conducted entirely electronically, some part will entail manual interaction, as a service
that has to be rendered or a product that is sold, must be physically transported and
delivered to a customer.

-Driven by e-commerce’s capabilities to empower clients, many companies are

moving from the traditional push business model, where manufacturers, suppliers,
distributors and marketers have most of the power, to a customer-driven pull model

8.2 The main e-commerce categories

-e-commerce can be divided in five main categories, differentiated according to the

participants.

• Business-to-business (B2B): Both participants in the electronic transaction are

organisations, for example when a wholesaler sells to a retailer.

-Depending on the e-commerce interface provided by the wholesaler, possibly through

its extranet, the retailer will be able to place orders, track the delivery of the orders,
search for new products and so on, all online.

• Business-to-consumer (B2C): This is one of the better-known e-commerce categories

and involves an organisation selling its product or service directly to the public. You, a
Unisa student, can for example electronically order and pay for your prescribed
textbooks using www.kalahari.net or www.vanschaik.com.

-The business Van Schaik Bookstore sells textbooks, the product, directly to you, the
Unisa student as customer. bidorbuy (www.bidorbuy.co.za) is another well-known
example, where the sellers are often businesses, but a C2C site as well.

• Consumer-to-consumer (C2C): C2C is an online version of the classified pages of a

newspaper, where consumers can sell their products or services directly to other
consumers.

-Gumtree and Junkmail are good examples of C2C e-commerce sites.

• Consumer-to-business (C2B): This is a less well-known and used category, where a
consumer can post his request for a product or service online, indicating the details
for the product or service needed, that is, amount available, delivery dates and other
specifications.

-Organisations can then review the consumer’s requirements and bid on the project.

- Based on the bids, the consumer can then select the organisation that delivers the
product or service.

• E-government: This allows governments to transact with organisations, their

citizens, and other governments. For example, SARS e-filing can be used by
organisations and citizens to file their

tax returns and make payments to SARS.

-South African citizens can enquire about their ID book, passport and permit
application status and can verify their marital and ID status by using the Department
of Home Affairs website

8.3 Action points for e-commerce

They are:

a. Governments need to prioritise national digital readiness so that more local

businesses can become producers of digital economy, and not just consumers.

b. Building an enabling e-commerce ecosystem requires changes in public policy and

business practices to improve the digital and trading infrastructures, facilitate digital
payments and establish appropriate legal and regulatory frameworks for online
transactions and security.

c. The approach should be holistic. Policies should not be made in silos.

d. To capture value form digital trade, entrepreneurship must become central focus.

-This requires faster digitalisation for smaller businesses and more attention to digital
entrepreneurship, including reskilling, especially of women.

e. Countries also need better capabilities to capture and harness data and stronger
regulatory frameworks for creating and capturing value in the digital economy

f. The international community needs to find new, bold and smart ways to work with
governments and the private sector to leverage these opportunities.

According to Bozkir, the digital divide which was real long before Covid-19, is a
challenge which can be removed through our collective efforts and international
support

8.4 Advantages and disadvantages of e-commerce

8.5 Digitalisation

-Digitalisation refers to the technical process of converting analogue or traditional

paper-based tasks or processes to digital form so that computers can help in
accessing, storing and transmitting information.

-By contrast, it refers to sociotechnical process of leveraging digitalised products or

systems to develop new organisational procedures, business models or commercial
offerings. Thus, it denotes partially or fully converting elements of firm value-chain
activities and business models to using emergent digital technologies

-broad concepts of digital disruption, forms the basis of understanding the concepts of
applying digitalisation and what to consider towards being digitalised, especially post
Covid-19, which is seen as the great accelerator of digitalisation.

8.6 Applying digitalisation in enterprises and redefining business models

-A business model (BM) is a function that maps business enterprise to its customers
and/or stakeholders.

-The success of a business idea depends significantly on the comprehensive

development, durability, and mapping of the parameters of the applied BM.

-It is evident that a successful BM is strongly linked to rigorously scrutinised

andestablished BMs.

-Anticipating the significance of the interactions among the established BMs in certain
newer BMs for better value to customers, Framework was coined and developed
 -As digitalisation is redefining products and BMs worldwide, evidence abound in the
construction industry as a sector that is slow to its adoption.

-While digitalisation tools have been applied in modifying processes or procedures in

the global north, a larger percentage of the sector in the global south is yet to be
disrupted.

-For indigenous firms to join rapid transformation, the interrelationships between

digitalisation and building information modelling was studied.

-Results revealed production task and goal attainment, information or communication

technologies, workforce, innovation, learning and knowledge management as well as
conflict and dispute resolution as the prevalent cultural orientation.

-The availability of resources to communicate, interact and collaborate digitally and

leadership to organise and coordinate digitally, are the top two strategic capabilities.

-On strategy, firms need support from institutions or government on policies that will
cushion the effect of the provisions of resources for transformation

8.7 Fast-tracking of digitalisation by Covid-19

-Inspired by a burgeoning of scholarly interest in the role of digitalisation in the Covid-

19 pandemic, Amankwah-Amoah et al (2021) conducted a study on how it was driving
and constraining the digitalisation of business around the globe.

-They established that it is the “great accelerator” in fast-tracking the existing global
trend towards embracing modern emerging technologies, ushering in transformation
in lifestyle, work pattern, and

business strategy.

-Thus, it has evolved to be a “catalyst” for the adoption and increasing use of
digitalisation in work organisations and the office, alongside presenting foreseen and
unforeseen opportunities, challenges and costs, leading to positive feedback.

-Whilst digitalisation may bring new opportunities, the process imparts risks that may
be hard to mitigate or prepare for.

8.8 Barriers in the adoption of emerging technologies

-The adoption of emerging technologies may be hindered by vested external interest,

nostalgia, and employer opportunism, as well as negative effects on employee well-
being that undermine productivity, work-life balance, and future of work.

-Despite the importance and effects of digitalisation, coupled with emergent research
on implications

of the pandemic, and the proliferation of accounts on Covid-19’s likely impact,

scholarly work exploring the challenges confronting firms and their workers in
transitioning to digital technologies in the wake of this new environment challenge is
only emerging.

-Psychological barriers to the adoption of these emerging technologies are hampering

the efforts of firms and their decision-makers to embrace digital platforms.
-With digitalisation, the stakes are high.

8.9 Areas of technology that will thrive post the pandemic

four areas that are set to boom post the pandemic:

a. Data-enabling healthcare initiatives will increase: With the right privacy links in
place, the resulting massive increase in healthcare data represents an opportunity for
various data and artificial intelligence (AI).

Specialists will develop useful solutions that will help reduce risks of contagion and
relieve consumer anxiety, while also providing reassurance to help them cope with
these difficult times.

As consumers focus much more on their health, testing is the order of the day,
whether for Covid-19 or other medical conditions.

b. Scalable digital business models (BMs) will start replacing product-focused

operations: As covid-19 pressurises the global supply chains of companies such as
Best Buy, Wayfair, Nike and Gap, companies will increasingly start to build resilience
in their businesses with complementary product-focused models with scalable and
stable digital alternatives.

-This might include business diversifying from their core offer to sell data and AI assets
to third parties. For example, supermarkets such as Walmart already sell point-of-sales
data to brands who use

it to ensure adequate stock of products in their warehouse and to promote real- time
availability of their product in grocery stores. Beyond retail, we can expect the digital-
enabled sharing economy to accelerate into B2B much more rapidly as businesses
face urgent pressure to find smart and quick ways to slash costs and monetise
existing assets.

c. E-commerce will experience a renaissance: Due to self-isolation, consumers who

normally visit physical stores are increasingly shopping online. Consequently, e-
commerce is booming, especially when it comes to tinned goods, pasta, health and
sanitary products.

The uptake in e-commerce will become permanent if people remain wary of mingling
in real life and increasingly replace shop visits with online purchases.

Some logistics platforms are already revamping their concepts to match the new
market circumstances by enabling retailers to home-deliver fast.

d.Digital collaboration and entertainment tools should see an upsurge in valuation: as

companies rapidly and, in some cases, also permanently move towards remote
working, the market for digital collaboration tools such as Microsoft Teams, Google
Hangouts and Zoom is likely to grow exponentially.

-Hand in hand with this, we are already seeing a growing demand for digital media
and entertainment, including gaming, social media, news, video- streaming and
books, as people seek to relieve boredom and fill time previously taken up with
travelling and socialising face to face (Ruokonen, 2020). PwC (2020) and Dimelgani
(2021) estimated that AR and VR applications have a potential to
deliver a £1,4 trillion boost to the global economy by 2030.

8.10 Solutions

-In sectors that are less impacted by the pandemic, businesses need to fundamentally
rethink what creates value, what is important right now, and in the future, and what
role digital innovation can play in making new things happen.

-Companies which stay human and customer focused and manage to quickly innovate
new digital businesses to solve problems created by the new condition, are best
placed to seize any nascent opportunities.

-Right now, it is essential for businesses to create and maintain a strong and
pervasive digital culture. As work becomes increasingly remote, leadership styles,
mindsets, habits and ways of working matter now more than ever.

-Winning cultures encompass trust in people, transparency of work, caring for others
as well as continuous learning.

-Nurturing these important values during difficult times will ensure that firms retain
their digital talent, get things done and continue to thrive.

9 Current trends

9.1 Artificial intelligence (AI)

-Although artificial intelligence techniques such as machine learning are not new, and
the pace of change is fast, widespread adoption in business and accounting is still in.
relatively early stages. Increasingly, we are seeing systems that are producing outputs
that far exceed the accuracy and consistency of those produced by humans. In the
short to medium term, AI brings many opportunities for finance professionals to
improve their efficiency, provide more insight and deliver more value to businesses.

-In the longer term, AI brings opportunities for much more radical change, as systems
increasingly carry out decision-making tasks currently done by humans AI, no doubt,
will contribute to substantial improvements across all areas of accounting, equipping
those in finance with powerful new capabilities, as well as leading to the automation
of many tasks and decisions.

Examples include:

• using machine learning to code accounting entries and improve on the accuracy of
rules-based approaches, enabling greater automation of processes

• improving fraud detection through more sophisticated, machine learning models of

“normal” activities and better prediction of fraudulent activities

• using machine learning-based predictive models to forecast revenues

• improving access to, and analysis of, unstructured data, such as contracts and e-
Mails.

-Despite the opportunities that AI brings, it must be remembered that it does not
replicate human intelligence.
-The strengths and limits of this different form of intelligence must be recognised, and
we need to build an understanding of the best ways for humans and computers to
work together.

9.2 Cloud and mobile computing

-Cloud and mobile computing is computing based on the internet.

-It avoids the needs for software, applications, servers and services stored on physical
computers.

-Instead, it stores these with cloud service providers who store these things on the
internet and

grant access to authorised users.

Benefits of cloud and mobile computing

• Store and share data – cloud services can often store more data than traditional,
local physical drives, and the data can be shared more easily (regardless of physical
location).

• On-demand self-service – customers and users can gain access to technology on

demand. For example, every time you download an app from iTunes or the PlayStore,
you are downloading it from a cloud service where it is stored

-A simple example of how cloud and mobile computing might be of use to finance
professionals, can be seen in the budgeting process.

-Any organisation which has a number of different locations (such as a multinational

company), has historically experienced difficulties and time delays in constructing
budgets which require input from

people in different places.

-Cloud computing means that budget templates can be worked on simultaneously by

many people, without them having to be in the same location

10 Cryptocurrencies

-Blockchain has the potential to deal with some unique sets of requirements like
confidentiality and immutability and can therefore be deployed in many areas other
than cryptocurrency.

-Bitcoin is a digital currency that was introduced in 2009. Other cryptocurrencies exist,
such as Ethereum, Cardano, XRP and Solana.

-Cryptocurrencies are being developed at a heightened and intensified rate, with

decentralised finance(DeFi) and non-fungible tokens (NFS) being the latest additions
to the crypto market.

-Bitcoin is the oldest cryptocurrency.

-There is no physical version of bitcoin; all bitcoin transactions take place over the
internet.
-Unlike traditional currencies, bitcoin is decentralised, meaning it is not controlled by a
single bank or government.

-Instead, bitcoin uses a peer-to-peer (P2P) payment network made up of users with
bitcoin

Accounts.

-Bitcoin acquisition can be done using a bitcoin exchange such as LUNO, or

ALTCOINTRADER in South Africa. Coinbase and Binance are the most popular crypto
exchanges in the world.

-These exchanges allow users to exchange rands for bitcoins.

-Bitcoin mining involves setting up a computer system to solve maths problems

generated by the bitcoin network.

-As a bitcoin miner solves these complex problems, bitcoins are credited to the miner.

-The network is designed to generate increasingly more complex maths problems,

which ensures that new bitcoins are generated at a consistent rate.

-When a user obtains bitcoins, the balance is stored in a secure “wallet” that is
encrypted using password protection.

-When a bitcoin transaction takes place, the ownership of the bitcoins is updated in
the network on all ledgers, and the balance in the relevant wallets updated
accordingly

-Digital collaboration and entertainment tools are to see an upsurge in valuation as

one of the areas of technology that will thrive post Covid-19.

11 Summary

-In this learning unit, you learnt that we are living in a digital age, where, among
others, the digital adoption, the new way of living and use of new technologies have
been accelerated by the Covid-19 pandemic.

-We also speculated that things will not be the same and provided you with areas of
technology that are predicted to thrive post the pandemic.

-We thus provided you with the concept of digital r/evolution by creating a better
understanding of concepts such as blockchain, 4IR, enterprise systems, SAP,
Oracle,pastel, e-commerce and digitalisation.

-Other new concepts that are currently trending were also introduced to you, such as
artificial intelligence, cryptocurrencies, cloud and mobile computing.
Unit 12

Components of communication network

1 Introduction

-A communication network, also referred to as a computer network or a network,

consists of two or more computers and/or devices linked to one another by
communication media, which facilitate communication among these connected
computers and/or devices.

-The purpose of a network is to allow users to share resources, data and information,
and to facilitate communication. In this learning unit, we will be looking at why
communication / computer networks are used, as well as the various components of
computer / communication networks that enable communication between the devices
connected to the network

2 Purpose of Communication Networks

Communication / computer networks are used for various purposes:

 Facilitating communication: Networks enable people to communicate efficiently

and easily via e-mail, instant messaging, telephone, video calls, and video
conferencing.
 Sharing hardware: Networks enable computers connected to the network to
access and use hardware resources on the network, such as printing a
document on a shared network printer.
 Sharing files, data, and information: Networks enable authorised users to access
data and information stored on other computers in the network. The ability to
provide access to data and information on shared storage devices is an
important feature of many networks.
 Sharing software: Networks enable users to run application programs on remote
computers
 Information preservation: Backups of information are shared and stored in
multiple locations for easy recovery if information is lost or corrupted in the case
of a system failure or as part of disaster recovery.

3 Components of Communication / Computer Networks

-Components of communication / computer networks include both the hardware and

the software needed to enable computer systems to communicate with one another.

-Refer to learning unit 4 to revise your understanding. In communication / computer

networks, a node
is a connection point. A physical network node is an active electronic device that is
connected to a network, which is capable of sending, receiving or forwarding
information over a communication medium

3.1 Communication media or channels

-Communication media or channels enable signals to move from one point to another.

-These communication media or channels are either cables or antennae that transmit
signals from one location to another.

-Communication media can also be split between wired and wireless transmission

3.1.1 Wired transmission

-Wires and cabIes are media through which information can move from one network
device

to another.

-The type of cable chosen for a network is related to the network’s

configuration(topology), protocol and size.

-Common wired mediums include

(i) twisted pair wire,

(ii) coaxial cable, and

(iii) fibre optics.

3.1.2 Wireless transmission

-With wireless transmission, signals are broadcast as electromagnetic waves through

free air space.

-Wireless signals are transmitted by a transmitter and received by a receiver.

-Wireless systems may be inexpensive because no wires need to be installed to

transmit the signal.

-Wireless transmissions are, however, susceptible to both electromagnetic

interference and physical interference.

Common wireless media include the following:

1. Microwave transmission

-Microwave transmissions are high-frequency signals sent through the air using earth-
based transmitters and receivers.

2. Satellite transmission

-Satellites use microwave radio to transmit information and are capable of

transmitting voice, data and TV signals.

3.2 Radio transmission

-Radio transmissions are signals of electromagnetic waves, which can travel through
certain obstructions such as walls.

-Radio transmissions can be used to transmit voice and data, with both wireless LANs
and cellular phones using radio technology

 Infrared transmission

-Signals in the form of light waves are transmitted through the air between devices,
requiring line of sight for transmitting within short distances of less than a few
hundred metres

Specific hardware needed for communication

-Networking hardware includes network interface cards, network cables or

communication mediums, switches and hubs, routers, modems, firewalls and other
related hardware needed for communication within a network.

1.A network interface card (or network adapter) provides a physical connection
between the computer and the network cable or communication medium.

2.The communication medium or channel, as described in the previous section,

enables signals to move between locations.

3.A switch or hub is a device that provides a central connection point for cables from
workstations, servers and peripherals.

-Switches are usually active, which means that they electrically amplify the signal as it
moves from one device to another.

4.A router translates information and allows communication from one network to
another.

-Routers choose the best path to transmit a signal, based on the destination address
and origin.

5.Firewalls are the most important part of a network with respect to security.

-Firewalls can be either hardware or software. A network system implementing a

firewall does not need human interaction for data transfer monitoring, as automated
processes to reject access requests from unsafe sources and to allow actions from
recognised sources, can be set up.

-With the increase in cyberattacks to steal data, plant viruses, and so on, firewalls play
a very important role in network security.

-Owing to improvements in wireless technology performance and technology

becoming more cost effective, current trends are to move from a wired to a wireless
networking environment.

-As discussed above, a wireless router is a router that includes the functions of a
wireless access point and a network switch.
-Such devices allow access to the internet or a computer network without the need for
a wired connection.

4 Dealing with Computer Network Intrusion

-In this era of digital revolution, and the Internet of Things (IoT), technologies have
removed the digital barriers and accentuate the seamless exchange of data and
information among ubiquitous systems.

-Therefore, the challenge of information theft, privacy, and confidentiality of data and
information on the internet has become a major dilemma for many users of several
online platforms

-The wireless technologies that are used to carry out public and personal
communication are vulnerable to various types of attacks, where attackers can access
signal to listen in or to cause damage on wireless networks

-Network intrusion detection systems are a viable approach to curb the menace of
information theft and other data security threats on the internet

-According to Duan, Wei, Fan, Yu & Hu (2020), Wi-Fi has been widely deployed to
facilitate home, office, or even stadium-scale wireless access to the internet, and will
be an essential part of future wireless networks through being integrated with 5G
cellular networks.

-However, security threats are still a big concern for Wi-Fi due to the open- share
nature of the wireless medium and the easy access to Wi-Fi intrusion tools.

-Therefore, these systems play a critical role in identifying attacks experienced in

order to apply further methods.

-computer networks are exposed to cyber-related attacks due to common usage of the
internet.

-As hackers become more prevalent and savvier, additional tools to help protect
network environment

are needed.

-A key research issue in securing networks is detecting intrusion. In 2008, Azad Tariq
Bin stated that it helps to recognise unauthorised usage and attack as a measure to
ensure network security.

- Intrusion detection is a strategy that is defined as the ability to monitor and react to
computer misuse.

-Many hardware and software products in the market provide various levels of
intrusion detection.

4.1 Intrusion detection technologies

-several monitoring systems such as Intrusion Detection systems (IDS), Intrusion

Prevention Systems (IPS), which are also called Intrusion, Detection, and Prevention
Systems (IDPS), have been proposed and implemented. IDPS technology can be used
to monitor and analyse signals for any infiltration to prevent interception or other
malicious intrusion.
-Consequently, several IDSs were proposed by researchers.

-Over the years, various works were evaluated on different databases for detecting
illicit or abnormal behaviour using IDS.

-This culminated in proposing various approaches to determine the most effective

features to enhance the efficiency of IDSs.

-Methods include machine learning-based (ML), Bayesian-based algorithms, and

Markov neural network, among others

- This work was used to develop new and sophisticated detection and prevention
methods based on and managed by combining smart techniques, including machine
learning, data mining, and game theory, using risk analysis and assessment
techniques.

-Their role is thus assisting wireless networks to remain secure and aiding system
administrators to effectively monitor their systems

-As new attacks emerge daily, IDSs play a key role in identifying possible attacks to
the system and giving proper responses

-This makes intrusion detection an indispensable part of a security system.

-IDSs should adapt to these new attacks and attack strategies, and continually
improve.

5 Summary

-Communication / computer networks allow communication and the sharing of

resources (including hardware, files, data and information), and enable software
sharing and information preservation.

-The components of communication networks include communication media, specific

hardware, data communication protocols, as well as software.

-The next learning unit deals with network configurations, including network
topologies and geographical scope. Distributed processing, client server systems and
cloud computing will also be discussed.

Unit 13

Network Configurations

1 Introduction

2 Communication Network Configuration

2.1 Network topologies

2.2 Geographical Scope

 2.3 Selecting a suitable Network Configuration

3 Distributed Processing

4 Client Server Systems

5 Cloud Computing

6 Summary

1 Introduction

-Networks can be classified and configured in various ways depending on the size of
the network, the distance/area of network coverage, as well as the media to be used.

-network topologies and geographical scope and also touch on distributed processing,
client server systems and cloud computing

2 Communication Network Configuration

Networks may be classified according to a wide variety of characteristics.

2.1 Network topologies

In computer networking, a topology refers to the shape or layout of connected

devices. A topology is a network’s physical layout or virtual shape or structure.

The five most common types of network topology are the following:

 Bus topology:

All devices are connected to a central communication cable, called the bus or
backbone

 Ring topology:

All devices are connected to one another in the shape of a circle or a ring, thus each
device is connected directly to two other devices, one on either side.

-Communication signals travel through the ring in the same direction, either clockwise
or anti-clockwise

 Star topology:

-All devices are connected to a central switch, hub, or router.

-Devices communicate across the network by sending data through the switch. This is
the most common type of topology, especially for home networks

 Tree topology:

-A tree topology is a hybrid, integrating multiple star topologies, connected onto a

linear bus backbone.

-A star/bus hybrid approach supports the future growth of a network

 Mesh topology:

-Devices are connected, with many redundant connections between network devices.
- A mesh network in which every device connects to all the others, is called a full
mesh

2.2 Geographical Scope

-Networks can also be categorised according to their geographical scope.

-Geographical scope refers to the distance or coverage area of the network, as well as
the communication media or channels connecting the whole network together.

Examples of different network methods include the following:

I. Personal area network

-A personal area network (PAN) is a network that connects different information

technology devices around an individual person.

-PANs generally cover a range of less than ten meters.

-PANs may include wired and wireless devices.

- Wired devices usually connect using USB or FireWire connections, while wireless
devices can connect via Bluetooth or Wi-Fi technologies

II. Local area network

-A local area network (LAN) is a network that connects different computers and
devices within a relatively small area.

-Examples include small office and home networks confined to one building or closely
positioned buildings

-Organisations connect their computers in local area networks (LANs), enabling them
to share data (for example, via e-mail) and devices (such as printers)

-Wireless LANs (WLAN) are LANs that use wireless technologies instead of wires and
cables to connect computers and devices in the network

III. Metropolitan area network

-A metropolitan area network (MAN) is a network that is larger than a LAN but smaller
than a WAN, usually spanning a medium-sized area such as a large campus or a city

IV. Wide area network

-A wide area network (WAN) is used to connect LANs, so that computer users in one
location can communicate with computer users in another location

-WANs are a network that covers a large area, such as networks linking across
metropolitan, regional, or international borders.

-The internet is the largest example of a WAN, which is made up of numerous smaller
networks

V. Virtual private network

-A virtual private network (VPN) is a computer network that uses public networks to
connect nodes.

-Networks are created by using the internet as the medium for communicating data.

-VPNs use encryption and other security systems to ensure that only authorised users
can access the network and that the data is not intercepted

2.3 Selecting a suitable Network Configuration

-Selecting the correct network configuration will require an understanding of the

networking and information system needs of the organisation.

-In selecting a suitable network configuration, the following factors should be

considered:

 Area of coverage or distance between nodes

-The geographic scope should be considered, as LANs will probably be used to connect
office computers and devices to a network.

-The need to connect offices in different cities or countries also needs to be

considered, as this will lead to long-distance communication.

 Data communication volume and speed

-The amount of data expected to be communicated within a network needs to be

considered, as well as the speed at which the organisation requires the data to be
communicated.

-This will influence the specific topology chosen, as well as the data communication
media or channels.

 Security

-Access to the internet may lead to security risks, for example, hackers may access an
organisation’s database; hence, applicable security measures should be implemented.

 Hardware and software compatibility

-The various hardware (including the communication mediums) and software used in
the network should be compatible, enabling all nodes in the network to communicate
with ease

3 Distributed Processing

-In a computer-networking environment, computers connected to the network may

access and use the resources provided by the other computers and devices on the
network.

-Distributed processing refers to multiple remote computer systems linked together,

where processing is distributed to more than one of these computers.

-Distributed processing allows computers to work together in processing information

or in performing tasks, or allows workstations to utilise powerful servers to enable
more efficient and faster task processing
4 Client Server Systems

-In a client or server network architecture, certain powerful computer systems provide
a specific service or perform a specific task.

- These computer systems are called servers.

-Computers, called clients in this setting, which are connected to the network, have
access to the resources provided by the servers.

-Clients then request the services provided by the servers connected to the network.

-These servers have operating system software installed that manages the network
activities.

-As discussed in learning unit 5 that dealt with computer hardware, there are various
types of servers, including database servers, file servers, transaction servers and web
servers

5 Cloud Computing

-Cloud computing is defined as the delivery of on-demand computing resources –

everything from applications to data centres – over the internet

-These computing resources and services are provided on demand by the applicable
data centre.

-This means that users do not need the required hardware or applications to perform
the specific tasks since the computing is done by the service provider who sends the
required results to the user.

-Therefore, any user with an internet connection can access the cloud and the services
it provides.

-The service provider carries out all the maintenance and development needed to
provide the

applications and services.

-Examples include online backup services, social networking services and web-based
e-mail such as Hotmail and Gmail

-The basic idea and application of cloud computing sees users log in to an account in
order to access, manage and process files and software via remote servers hosted on
the internet.

- This replaces the traditional method of owning and running software locally on a
computer or networked server.

two main types of cloud setups:

 Public cloud hosted by a third-party company.

 Specialist companies sell their cloud computing services to anyone over the
public internet who wishes to purchase them.
 Private cloud sees IT services provided over a private infrastructure, typically for
the use of a single organisation. They are usually managed internally.

cloud computing has driven the following changes in the structure and working of the
finance function:

1.Collaboration – File sharing and version control issues are minimised. Services such
as a Google drive, for instance, allow multiple collaborators to update documents in
real time.

2.Flexible working – Full access to all files and documents anywhere with an internet
connection has facilitated increased flexibility to work patterns and arrangements.

3.Increased security – Cloud service providers understand and acknowledge that the
security of data, especially financial data, is critical to their success.

4.Up to date – Continually up-to-date software helps to ensure compliance with

regulations such as GDPR.

5.Easier integration – Cloud-based accounting software can easily link with other
cloud-based software such as customer relationship management (CRM), allowing an
integrated approach to business in a cost-effective way when compared with
traditional software solutions.

5.1 Features of cloud computing

ADVANTAGES DISADVANTAGES
6 Summary

-data communication networks, specifically how networks are classified.

- This includes networks classified according to their topologies as well as their

geographical scope.

-Other concepts were also briefly explained, including distributed processing,

client/server systems and cloud computing.

Unit 14

The internet,intranet and extranet

1 Introduction

2 The Internet and how it works

2.1 How the internet works

3 Internet Applications

3.1 The world wide web (WWW)

3.2 E-mail and instant messaging

4 Intranets and Extranets

5 Internet of Things

6 Summary

1 Introduction

-The internet is a global network of computer networks, which supports

communication and the sharing of data and offers vast amounts of information
through a variety of applications (services and tools).

2 The Internet and how it works

-The internet is a network that connects millions of networks, big and small, across the
globe.

-The internet includes academic, corporate, government, public and private computer
networks, and is the world's largest network.

2.1 How the internet works

-An internet service provider (ISP) is a company that provides access to the internet to
individual people and organisations. Examples include Cell C, MTN, Telkom and
Vodacom.

-The providers are already connected to the internet and provide a path or
connections for individuals to access
-The internet uses the standard Internet Protocol (IP) technology to link different
networks together.

-An IP is a communication standard or rules that define the way computers

communicate and exchange data and enables two networks to be connected, and an
IP address is a unique number used to identify computers on the internet.

-The Domain Name System (DNS) was developed to allow the use of easier-to-
remember domain names, instead of IP addresses, to locate computers on the
internet.

- Domain names consist of words and letters. Domain names consist of two parts. The
first part names the host computer or organisation that registered the domain name
(also known as the second-level domain or SLD), where the second part identifies the
top-level domain (TLD).

-TLDs identify the type or nature of the organisation using the address. The TLD
includes

• .com commerce a organisations

• .gov governments

• .org non-profit organisations

• .ac or .edu academic or educational institutions

• .net networking organisations

• .int international organisations

Country code TLDs also exist. They appear to the right of the TLD, and include for
example:

• .za South Africa

• .au Australia

• .uk the United Kingdom

• .us the United States

-A Uniform Resource Locator (URL) is a unique address assigned to each computer

connected to the internet, which identifies the computer to other hosts.

-A URL consists of the following parts: the scheme name, commonly called
“protocol”,followed by a colon. Depending on the scheme, a domain name or,
alternatively, an IP address follows

3 Internet Applications

-Although many people think the internet and the World Wide Web (WWW) are the
same thing, they are not.

-The WWW is one of the many applications of the internet.

-The WWW and e-mail and are some examples of internet applications that will be
discussed.

3.1 The world wide web (WWW)

-The WWW, also simply known as the Web, is one of the services that run on the
internet.

-It is a collection of interconnected documents and other resources, linked by

hyperlinks and URLs.

-The Web is an application running on the internet.

-A web browser may be used to view websites.

-To view a web page on the WWW, oneusually begins by typing the URL of the web
page into a web browser.

-Another way of doing so is to follow a hyperlink to the web page. In this regard, the
web browser

sends a series of communication messages to retrieve and display the web page.

-The web browser translates HTML so that the internet user is able to read the web
page

3.2 E-mail and instant messaging

-E-mail or electronic mail is a method of exchanging messages digitally over computer

networks between users.

- E-mail is also one of the services that operate across the internet or other computer
networks.

-Documents can be attached to e-mail messages, allowing files to be transferred

between users via the e-mail protocol

-An even faster, instant method of communicating by using text is instant

messaging(IM).

-Using a computer or mobile device like a cell phone, a person can send text
messages and get immediate answers if the other person is online.

-The advantages of instant messaging are that it is faster if the other person is
available online, and you do not have to click through the same number of steps, as
you need to, with e-mail.

-A well-known instant messaging provider is the WhatsApp messaging app

-Using the internet as a research tool.The WWW can be compared to a library to which
users donate documents; however, in the absence of a classification system, it is
difficult to find information.

-Search engines are web search tools that searches the web for keywords.
-Google is one of the most popular internet search engines freely available on the
web.

-Examples of information available on the web for research include journals,

encyclopedias, dictionaries, government reports, calendars, indexes, statistical
reports, research reports, books, manuals, manuscripts, video material, geographic
maps, unpublished material, previously published textbooks and interactive
communication

4 Intranets and Extranets

-In the current business environment, organisations have to be able to communicate

more effectively, both internally with their employees and externally with their trading
partners and customers.

-An intranet is an internal or private network that is under the control of a single
organisation.

-Intranets use IP standards and tools such as web browsers and file transfer
applications, allowing employees to gain access to the organisation’s information,
making internal communication easier and less expensive.

-Only computers or users connected to the intranet can access the information
available.

-Typical applications include electronic telephone directories, e-mail addresses,

employee benefits information, internal job openings and much more.

-Employees find surfing their organisational intranet easy compared to surfing the
internet

-An extranet is a private network that connects more than one organisation.

-It links selected information and resources on an organisation’s intranet with trusted
customers, suppliers, or business partners.

-The purpose is to increase efficiency and reduce costs. For example, an automobile
manufacturer has hundreds of suppliers for the parts that go into making a car.

-By having access to car production schedules, suppliers can schedule and deliver
parts as they are needed at the assembly plants.

-In this way, operational efficiency is maintained by both the manufacturer and
suppliers

-Secure intranet and extranet access applications usually require the use of firewalls,
user authentication, message encryption and the use of VPNs.

5 Internet of Things

-The Internet of Things (IoT) can be described as the interconnection, via the internet,
of computing devices embedded in everyday objects, enabling them to send and
receive data.
-It is expected that, by 2030, there will be over one trillion “connected” devices, all
with multiple sensors, generating constant data about how devices are used and
performing

- The Internet of Things (IoT) is greatly enhancing the creation of and access to data
and producing ever-increasing transparency

-The Internet of Things is considered a network of smart devices with inbuilt sensors
and internet connectivity.

-They collect and transmit data constantly and are an increasingly significant element
of Big Data.

-The ability to make virtually any asset a business owns and operate a “smart” asset
by building in some relevant sensors and internet connectivity, can lead to some very
useful data.

-It should facilitate better business planning and resource allocation, and will help to
optimise processes, minimise expenditure and give advanced warning of potential
issues

-The growth in the Internet of Things, often termed “smart technology”, is fueled by
improvements in broadband connectivity and the development of 4G communication
networks.

-As governments look to roll out the next-generation 5G networks, connectivity will be
improved further.

-As people and businesses are increasingly comfortable with the idea and operation of
this smart technology, it is anticipated that the Internet of Things will continue grow,
becoming increasingly

central to how we live and work as new and innovative applications for the technology
emerge all the time

6 Summary

-the internet: how it works, as well as various internet applications, including the
WWW and e-mail.

-You were also introduced to concepts such as intranet, extranet, and Internet of
Things.
Unit 15

Threats, risks,controls,privacy ethics and governance

1 Introduction

2 Vulnerability, Threat, Exposure and Risks

3 Risk of Security Vulnerabilities

4 Information Security Management Systems (ISMS)

5 Cyber Risks of Social Media to Organisations

6 Cyber Risks of Cloud and Mobile Computing

7 Threats to an Information System

7.1 Cybercriminal tools on networks and /or computers

8 Controls

8.1 General controls

8.2 Application controls

8.3 Controls classified by function

8.4 Preventive controls

8.5 Detective controls

8.6 Corrective controls

9 Potential Threats and Controls

10 Business Continuity and Disaster Recovery

11 Privacy

12 Protection of Personal Information

12.1 Processing of personal information

12.2 Conditions of lawful processing of personal information

12.3 Social Implications

13 Ethics

13.1 Ethics and the individual professional accountant

14. Understanding Ethics in the Accounting Profession

 14.1 Accountants and ethics

14.2 Forensic accountants and ethics

14.3 Perceptions on ethics between teaching accountants, accounting students,

and

accountants

14.4 Basic principles for auditors’ ethics

14.5 The effect of electronic information technology (IT) systems and the
auditors’ ethics on audit quality

15 Governance

15.1 Corporate governance and the financial crisis

15.2 Objectives and importance of corporate governance

15.3 Information and technology

15.4 Role of accountants in good corporate governance

15.5 Advantages of a company following good corporate governance principles

16 Summary

1 Introduction

-The purpose of this learning unit is firstly to create an understanding of the common
risks and threats faced by an information system.

-Thereafter, the importance of implementing appropriate and effective computer

controls, including

information technology governance to address these threats, will be explained.

-Concerns regarding privacy and ethics in a computerised information system will be

raised and possible measures to alleviate these concerns discussed.

-In the previous learning unit, we looked at internet, intranet, extranet, as well as
Internet of Things.

2 Vulnerability, Threat, Exposure and Risks

-it is important to understand that although the terms vulnerability, threat, exposure
and risk are often used interchangeably, they all have different meanings.

-Vulnerability refers to a security weakness or flaw in the information system that

creates an opportunity for an attack on confidentiality, integrity and availability of the
information (CIA triad).

-The potential exists that vulnerabilities might be exploited, either intentionally or

accidentally. This potential is known as a threat.
-The existence of vulnerabilities in the system exposes the organisation to financial
losses and can be expressed as a function of the financial impact and the probability
that these events will occur.

-A risk can be explained as the likelihood of an attack on information assurance

occurring, that is, the probability of the vulnerability being exploited, and can
therefore be quantified.

-Risk is seen as some combination of a threat, exploiting some vulnerability, that

could cause harm to an asset.

-Cyber risk is a focus area for organisations.

- It is the risk of financial loss, disruption, or damage to an organisation caused by

issues with the

information technology systems they use

-Risk of Security Vulnerabilities

-Being aware of the vulnerabilities that could create problems for an organisation is
one thing, but being aware of the implications of the vulnerabilities is also vital.

-vulnerabilities can be classified as either technical, proceduralor physical.

• Technical deficiencies include issues like defects in the software being used, or not
using appropriate protection (such as encryption) correctly.

• Procedural deficiencies are either IT related (for example, system configuration

mistakes or not keeping software security patches up to date) or user related (for
example, not complying with company guidelines on changing passwords or using
passwords that are too simple).

• Physical occurrences, where a physical event, like a fire or flood, causes damage to
the information technology system.

-Whatever the reason for the vulnerability, its exploitation can lead to costly problems
for the organisation involved.

4 Information Security Management Systems (ISMS)

-The International Organisation for Standardisation (ISO) produced standard ISO27001

which concerns information security management systems.

-It serves as a framework that focuses on all aspects of an organisation’s information

risk management processes.

-The standard was also developed to provide a model for establishing, implementing,
operating, monitoring, reviewing, maintaining and improving an information security
management system.

-The key principle behind the standard, in line with the American Institute of Certified
Public Accountants (AICPA) approach, is to ensure a proactive rather than reactive
approach to cybersecurity risk management.
-Given the high regard for ISO standards, a lot of larger organisations require B2B
partners to be ISO27001 compliant or to be progressing towards compliance before
they will do business with them; this a is further risk mitigation

5 Cyber Risks of Social Media to Organisations

-As always, with opportunity there also risks.

-Some of the risks presented by social media include:

 Human error – a mistake by an employee could range from being hacked after
clicking on fraudulent links on their work computer, to making inappropriate
comments on social media (either through their personal account, or if they
have access to it, via the company account).
 Productivity – while there are clearly positives to be gained from social media, if
employees can access social media at work, it can disrupt their work and reduce
the operational efficiency of the company.
 Data protection – regulatory requirements are increasing around how companies
gather, use and store data about their customers. Firms need to make sure they
have secure networks, and they comply with all legislation.
 Hacking – as with any computer program, a hacker may try to infiltrate social
media accounts for malicious reasons, or use social media accounts to harvest
data to assist with a social engineering attack, like phishing or a business e-mail
compromise attack.
 Reputation – any mistakes a company makes on social media (such as an
inappropriate post made by a staff member), could have a negative impact on
the brand of the organisation and result in lost customers, sales or even
employees.
 Inactivity – as maintaining an online presence becomes increasingly important,
not using social media or not keeping existing accounts up to date, could be as
damaging as using it badly.
 Costs – in theory, using social media costs nothing, but to use it well, and
control the accompanying risks, could cost a significant amount. Also, any fines
from non-compliance with regulations could also be significant.

6 Cyber Risks of Cloud and Mobile Computing

The following are the risks:

• Reliance on the service provider: as with any outsourcing decision, relying on the
cloud service provider means that any failings at the service provider could be more
problematic without backup plans for bringing services back in-house.

-There are not only issues with the trust and security required from the service
provider; it also needs to be considered whether the provider’s services are suitable
for the tasks required;

-whether the technology is advanced enough to give adequate competitiveness;

- whether the service provider will continue as a going concern;

-whether the service provider can ensure continuity in the light of external events
such as system failure;

-whether initial prices will be maintained, and so forth

• Regulatory risks: data security is often highly regulated in terms of what can be
stored, who can access it, how long it can be stored for, and how it can be used.

-Organisations will be reliant on cloud service providers for this compliance.

-This may become a problem if the service provider is based in a different jurisdiction
with different regulations and rules

• Unauthorised access of business and customer data: this can come in two forms.

-Firstly, the cloud service provider is more likely to be a target of hacking than the
individual small businesses that use it.

-If the service provider is targeted, all users suffer, even if they were not individual
targets themselves. -Secondly, providing business and customer data to an
outsourced service provider means that the data can be accessed by that service
provider’s staff.

- It will also be important that the service provider does not share this data with
unauthorised users such as other users of that service provider’s services

7 Threats to an Information System

-Most organisations use an information system to process financial and operational

data.

- Various threats may exist in such an environment because of system flaws. For
example, due to human error, revenue may be overstated in an instance where an
invoice amount is captured as R40 000,00 instead of R4 000,00.

-However, the spotlight in this section will fall on potential threats in a computerised
information system rather than a manual information system.

-As explained earlier, threats exist because of certain vulnerabilities. These threats
can be caused by nature, for example natural disasters, the environment, such as
power failures, or human error.

7.1 Cybercriminal tools on networks and /or computers

-Hacking is the gaining of unauthorised access to a computer system.

-It might be a deliberate attempt to gain access to an organisation’s systems and files
to obtain
information or to alter data (perhaps fraudulently).

-Once hackers have gained access to the system, there are several damaging options
available to them.

-For example, they may:

• gain access to the file that holds all the user ID codes, passwords and authorisations

• discover the method used for generating or authorising passwords

• interfere with the access control system, to provide the hacker with open access to
the system

• obtain information which is of potential use to a competitor organisation

• obtain, enter, or alter data for a fraudulent purpose

• cause data corruption by the introduction of unauthorised computer programs and

processing on to the system (computer viruses)

• alter or delete files.

-“Hackers” is a broad term, but there are different types of hackers, defined according
to their reason for hacking. Regardless of their reason, they all require a certain level
of skill

• Unethical hackers: these are the stereotypical hackers that hack with malicious
intent.

-They typically break into secure systems and networks to steal data, destroy it or
perhaps just modify it.

-Critically, it is all done withoutthe company’s permission.

• Ethical hackers usually hack with the company’s permission.

-They are trying to help the company understand what an unethical hacker may try to
do so it can protect the computer network.

- Some people describe the ethical hacker as a security expert.

-IP spoofing means to forge the source IP address, thereby concealing the actual IP
address and making it appear to be the IP address of a trusted or authorised source.

-This enables the cybercriminal to remain anonymous while carrying out criminal
activities.

-For example, by using IP spoofing, a criminal can send a fake sales order to an
organisation, which seemingly comes from a legitimate client.

-This organisation might then manufacture and deliver goods that were never ordered,
thereby incurring unnecessary costs.

-Computer forgery takes place when advanced computer technology and programs
are used to forge documents, for example official letterheads, matric certificates,
degrees, and identity documents. -These forged documents are then used to commit
fraud.
- Computer fraud can be defined as any fraudulent activity where a computer,
computer system, or network is used to unlawfully take, alter, or use information or
computer programs.

-Examples of computer fraud include altering accounting transaction data to conceal

unauthorised, fraudulent transactions or deliberate altering of a computer program’s
logic to calculate interest incorrectly for the benefit of the computer fraudster.

-Computer-related scams are a subsection of computer fraud and usually offer too-
good-to-be-true deals, requiring sensitive personal information from the victim or
money to be paid into the cybercriminal’s bank account.

-For example, the victim is informed, via e-mail, that he has won a large amount of
money in a foreign lottery and that the money will be paid out after the receipt of an
amount of money for administration fees.

-Malware is the term used for malicious software, regardless of the intended purpose.

-It can do any number of things, ranging from the stealing of credentials, other
information or money to the general wreaking of havoc, or denial of service.

-There are various ways to execute malware, including:

• Ransomware is designed to prevent a business from accessing its data, information

or a whole computer system until a specified amount of money is paid.

• Botnets are networks of private computers that are infected with a malware and
controlled by a “botnet agent” designed to follow the attacker’sinstructions without
the knowledge of the owner of the computer

• Trojans are named after the Trojan horse in an ancient Greek story where a wooden
horse was allowed into the city as it was deemed harmless, but which concealed
soldiers inside, ready to attack the city.

-This type of malware does a very similar thing: it pretends to be a useful piece of
software whilst secretly releasing malware into the system, usually with the capability
to be controlled by the attacker from a different location (known as a remote-access
Trojan or RAT).

-Once on the system, it can then prevent access to the system (ransomware), infect
the system damaging and destroying files, or act as spyware.

-Trojans refer to malicious software designed to destroy and interrupt business

operation and information through illegal access and use

• A computer virus is a program or programming code that replicates or copies itself

repeatedly without the user’s knowledge or consent. Viruses spread via attachments
to e-mails and downloaded files or are copied to a USB flash drive.

• A worm is also a self-replicating program or program code but differs from a virus in
the sense that it does not need to be attached to an existing program.

-These copies are sent via the computer network to other computers in the network.
• A logic bomb is an intentionally inserted program code that will set off a malicious
function (for example, delete or corrupt data or files) when triggered under certain
conditions.

-A rootkit is a tool that grants an attacker continuous full access to a computer while
hiding its presence.

-A well-written rootkit can rewrite a computer’s login script, which will then accept the
cybercriminal’s login even if the user or administrator tries to change it.

-Spyware is, as the name says, software that “spies” on a user.

-The spyware program will secretly transmit personal information or web browsing
habits to a cybercriminal.

-The user is typically unaware of this invasion of privacy.

-Advertisements rooted in a software package, which typically display as a pop-up

message, are known as adware.

- The purpose of adware is to generate web traffic and obtain e-mail addresses.

-A blended threat is a combination of different malware used to exploit the

vulnerabilities in a system.

-Identity theft occurs when personal information is acquired and used fraudulently
without the owner’s knowledge or consent, for example, targeting tourists during a
world sport event to steal their identity documents or passports.

-Identity theft is not limited to natural persons but also entails the theft of an
organisation’s identity.

-Identity theft is used to obtain goods and services fraudulently, such as withdrawing
money from the victim’s bank account, blackmail, terrorism, illegal migration, and so
on.

- Criminals steal a person’s identity by stealing e-mails, going through garbage,

wallets and handbags, spyware, and so forth.

-Other methods used include social engineering, shoulder surfing and phishing.

-Social engineering means to study the user’s social networking profile or chat rooms
to get clues on what the user’s password might be, as people usually use something
familiar as their password, for example, the name of a loved one or a pet, a favourite
musician or writer.

-Shoulder surfing refers to shadowing the targeted user to “accidentally” see or hear
the password.

-Phishing literally means to “fish” for sensitive personal information, such as

usernames, passwords, online-banking login details, and credit card details.

-Phishing misleads the victim into thinking that electronic correspondence has been
sent by a trustworthy source, for example, a financial institution, thereby luring the
victim to a spoofed (fraudulent) website.
-At this spoofed website, the victim is requested to divulge sensitive personal
information.

-Both the e-mail and the spoofed website usually appear to be those of legitimate
organisations.

- It is important to train users to be aware of the danger of phishing attacks.

-A denial-of-service (DoS) attack overwhelms a system’s resources so that it cannot

respond to service requests.

-A distributed-denial-of-service (DDoS) attack is also an attack on a system’s

resources, but it is launched from a large number of other host machines that have
already been infected by malicious software controlled by the attacker

-Injection with SQL (Structured Query Language) has become a common issue with
database-driven websites.

-It occurs when the attacker uses an unprotected input box on the company’s website
to execute a SQL query to the database via the input data from the client to server.

- A successful SQL injection can read sensitive data from the company’s database,
modify (insert, update or delete) database data, execute administration operations
(such as shutdown) on the database, recover thecontent of a given file, and, in some
cases, issue commands to the operating system

-Cross-site scripting attacks (XSS attacks) occur when a victim is attacked when

-they visit another organisation’s website.

-The attacker uses the third-party web resources to run scripts in the victim’s web
browser or scriptable application.

-Specifically, the attacker injects malicious code (often associated with JavaScript) into
a website’s database.

-When the victim requests a page from the website, the website transmits the page,
with the attacker’s code as part of the HTML body, to the victim’s browser, which
executes the malicious script. -For example, it might send the victim’s cookie to the
attacker’s server, and the attacker can extract it and use it for session hijacking

-Buffer overflow attack – A buffer overflow occurs when a system cannot store as
much information as it has been sent and consequently starts to overwrite existing
content.

- A buffer overflow attack occurs when an attacker sends a malicious program which
deliberately overloads the system and starts to overwrite existing data .

8 Controls

-Controls can be classified using various methods. Two of the most common ways are
according to the type of control, which includes general and application controls, or by
the function of the control, which includes prevention, detection and correction.
 Specific system controls should be implemented to ensure reliable data
communication and the safeguarding of assets.

-It is important to take into account that a control can fall into more than one category.
For example, the control of duty segregation can be classified as both a general and
preventive control

8.1 General controls

-These review the reliability of the data generated by the IT systems and check that
they are operating correctly.

General controls include:

1.Physical controls – these involve controls to avoid unauthorised access to computer

equipment, such as security personnel, door locks and card entry systems.

-They also include safeguards against possible environmental damage to the

computer equipment, such as surge protectors in case of lightning strikes or other
power surges.

2.Hardware and software configuration – these controls are designed to ensure that
any new IT is tested and installed correctly into the system to minimise the risk of
errors or damage to the systems.

3.Logical access – these controls are designed to prevent unauthorised access to the
organisation’s information systems. These could include password systems.

4. Disaster recovery – these will ensure that the organisation will be able to continue
operating despite adverse conditions. For example, off-site backup may be kept of all
systems.

5.Output controls – these ensure that the outputs from the system are both complete
and secure. This could include controls over whom outputs (such as reports or lists)
are distributed to within the organisation.

6.Technical support – it is important that all the users of the organisation’s IT systems
are competent. Training policies and technical support for workers can be a valuable
control.

General controls

Organisational controls

-Segregation of duties within each task in the transaction cycles should be present.

- By segregation of duties, we mean that one single staff member should not be
responsible for the initiation, authorisation, processing and review of a transaction.

- In a computerised transaction processing system, the segregation of duties

regarding system

development and data processing is extremely important.

-Operational controls Every task within the transaction processing system must be
described in a procedure manual.

-These manuals should be kept in a safe place, such as a fireproof safe.

-Only competent staff should be appointed to take responsibility for the transaction
processing system.

-Training will also ensure staff competence.

-Rotation of tasks assigned to certain staff should be done on a random basis.

-A sound control environment starts with management in a top- down approach.

-Management could implement general controls – for example, compiling a policy on

changes, or

development system procedures and human resource policies and practices that
make a commitment to excellence.

Controls to protect the IT environment

-The information centre is the place where all the information system activities take
place. The controls listed below are all examples of restricting access to the computer
or information.

● Controls against human access to the information centre should be implemented.

-These controls include fences around the restricted area; locks and keys to restrict
access to the information centre; key staff wearing badges to tell them apart from
intruders, physically inspecting the restricted area and consulting a logging access
report of the area over a specific period.

-It could also include installing biometric access controls, which involve using
computer software to identify fingerprints, handprints, voice patterns, signatures and
retinal scans of individuals authorised to enter the restricted area.

● Access to computer and information: Access control software ensures only

authorised users obtain access to powerful programs and sensitive information by
controlling and monitoring user access and the way information is shared between
users.

-Access control software firstly controls the identification of users, that is, users need
to identify themselves – usually through user IDs (login IDs) – or unique account
numbers (your bank account number, for example).

-The user is then taken through an authentication process (e.g., entering a password)
to verify the user is the person he/she claims to be.

-After users have been identified and authenticated as authorised users, access
control lists will define the specific programs and data they have access to and what
permissions they have (read,

write, copy, etc).

-Different permissions and access to programs and data can be assigned to different
users.

-For example, only the human resources manager and the divisional manager will
have access to individual staff members’ salaries on the staff system.

-The financial clerk will only have access to totals for the entire division’ salary bill to
enable him/her to process the necessary transactions in the financial system.

-The human resource manager might only have view (read) access of the salary bill in
the financial system while the financial clerk will have processing (write) rights.

-It is management’s responsibility to ensure the implementation of an access control

policy.

-Passwords, usernames and personal identification keys (PIN) are effective ways of
preventing unwanted computer access.

-Individuals should take care when selecting passwords, PINs, or usernames that they
will not be easily identifiable or obvious for intruders.

-Passwords should include numbers, capital letters and special characters and should
not be a word

related to your everyday life.

-Also, never divulge your password, especially not to somebody you do not know very
well.

● Firewalls are technological barriers designed to prevent unauthorised or unwanted

communication

between computer networks or hosts.

● Encryption: This is a process of transforming information into a readable format and

is a measure of

control.

-Encryption is the conversion of data into a form called ciphertext that cannot be
easily understood by unauthorised people.

-Decryption is the process of converting encrypted data back into its original form, so
that it can be understood.

-Controls against natural elements are very important for preventing or minimising the
impact of disasters, and include the following (disaster planning is discussed in the
next section):

● Backup power, in the form of an uninterrupted power supply (UPS), generators or

solar power to prevent damages to equipment or loss of information in the case of
power failures.

● Smoke detectors, which alert staff and emergency services to the possibility of a
fire.
-Early detection can help to prevent or limit the damage to computer equipment and
save lives.

- The information centre should have sufficient fire extinguishing equipment in order
to prevent the spread of fires in emergencies.

● If the floor in the information centre is raised, it will prevent water damage from
flooding.

-Temperature control in the information centre is necessary to prevent damage, as

computer systems should be kept at a constant temperature.

● It is important to pay a monthly insurance fee to enable the organisation to replace

computer equipment in the event of damage or loss.

-Maintenance on computer equipment should be done on a regular basis to monitor

the usability of hardware.

IT asset accountability controls

-Controls ensuring the accuracy of information should be implemented and executed

by staff who are not responsible for processing or capturing of transactions, for
example:

● The details of control accounts in the general ledger should be documented in

subsidiary accounts.

● Reconciliations should be prepared by a staff member who is not involved in

capturing, and reviewed by an independent senior staff member.

8.2 Application controls

-These controls are fully automated and tend to be designed to ensure that the data
input into the system is complete and accurate. These controls will vary from system
to system, but are often designed to ensure:

• completeness – has all necessary data been input?

• authorisation – is the person inputting the data authorised to do so?

• identification – can the person inputting the information be uniquely identified?

• validity – is the information being input by the user valid?

• forensic checks – is the information being input by the user mathematically

accurate?

-Application controls are specific to the functioning of individual applications.

-Application controls relating to a computerised information system comprise the

following:

Application controls
-Input controls The purpose of input controls is to prevent and detect errors when
entering information into the information system in order to ensure validity, timeliness
and accuracy.

-Input edit checks of transaction data, for example, check digits, incorrect dates or
date formats, completeness checks to ensure no blank fields are recorded, and visual
verification to confirm the general reasonability of documentation.

-See discussion on programmed edit checks under detective controls as well.

-Data transcription, for example, using a batch control log, batch serial numbers.

- Data observation and recording, using record counts, control totals or other ways to
balance the input totals with the source documents.

- Transmission of transaction data by using, for example, transmittal documents

(batch control tickets) or read-backs, where the sender immediately receives feedback
on the input information for comparison and approval purposes.

-Processing controls

-Processing controls are designed to ensure that all transaction data have been
processed accurately and in time.

-When the processed information is reviewed, the reviewer needs to confirm that no
data were lost, altered, or added during processing.

-Processing controls are also important to ensure that the database and files stay
maintained

- Examples of processing controls include the following:

1.Physical inspections and checks: These may include reconciliations, checking the
work of another employee, and acknowledgements.

2.Logic checks: Programmed edit checks, such as sequence and reasonableness

checks, may also be applied in processing.

- For example, an input value should not be 0 when there will be a number that
divides it somewhere in a program.

3.Run-to-run totals: To ensure batched data are completely and accurately transferred
between processes, output control totals are calculated and used as input control
totals for the next processing sequence, thereby linking the one process to the next.

4.Audit trails: An audit trail is a set of steps put in place to keep proof of each action
taken to execute a business process, for example, keeping complete original records,
like receipts, of petty cash transactions.

- It enables individual transactions to be traced, provides support for general ledger

balances, provides data to prepare financial reports with and corrects errors where
applicable.

-Output controls
- Output controls ensure the reliability and integrity of output information after the
input and processing phase.

● The output information should be reconciled to the input data based on

documented procedures.

● Discrepancy reports should be generated and investigated.

● Files should be verified and audited on a surprise basis.

8.3 Controls classified by function

-There are three key types of control that can be considered:

8.4 Preventive controls

-These are controls that prevent errors or frauds occurring.

For example, authorisation controls should prevent fraudulent or invalid transactions

taking place.

-Other preventive controls include segregation of duties, recruiting and training the
right staff and having an effective control culture

-Preventive controls are the first layer in the internal control shield.

-Preventive controls prevent and discourage adverse events such as fraud, errors,
theft, loss, and so on from occurring.

- Implementing preventive controls and thereby preventing adverse events from

occurring is more cost effective and creates fewer interruptions in the normal
operations than detecting and correcting adverse events after they occurred.

- Examples of preventive controls include the following:

 Backup of data and documentation: It is vital that backup copies of all important
data and documentation are readily available in the event of original data being
destroyed or damaged. Backups of important data should therefore be made
regularly as per a pre-defined backup plan.
 For example, most financial system data is backed up daily, weekly, monthly
and yearly. Files should be backed up on a different storage device, which is also
physically removed from the original data storage device, to ensure that the
backup data is not destroyed or damaged in the same adverse event that
damaged the original data, for example a fire.
 Backup files must have the same level of protection as the original data and
documents, as they contain the same sensitive information and are open to
cybercrime, corruption and destruction as well.
 Backups must be regularly tested to ensure backup files a uncorrupted and that
the relevant data and documents are being backed up

• Antivirus software: This software is used to prevent virus infections on computers

and computer networks.
-Depending on the antivirus software program, the software will scan the computer,
computer networks, e-mails, secondary storage devices, and so on, regularly for
viruses.

- As soon as a virus is found, the program will “clean” the virus, that is, destroy it.

-It is very important not to ignore a virus warning from antivirus software.

-Antivirus software must also be updated regularly to ensure it protects against the
latest viruses

• Anti-spyware: Anti-spyware is similar to antivirus software, the only difference being

that anti-spyware protects the computer and computer system against the installation
of spyware.

-As with antivirus software, anti-spyware must be regularly updated to ensure it

protects against the

latest spyware

• Spam management software: Spam management software filters e-mails to identify

spam.

-If an e-mail is identified as spam, the e-mail is quarantined and not delivered to the
recipient’s e-mail account.

-Recipients are informed of the e-mail and can usually request the mail administrator
to release the

e-mail, if it is not spam.

-If no instruction to release the e-mail is received, the e-mail is automatically deleted
after a predetermined time.

-It is important to allow recipients to identify spam e-mail senders and for the mail
administrator to add these spam e-mail addresses to a list of e-mails that are
automatically blocked as spam.

- A recipient must also be able to remove an e-mail address from the possible spam
list so that e-mails from that specific e-mail address will go to the recipient’s e-mail
address directly

and not be quarantined first

-Training of staff: Staff must understand why controls are imposed, what the benefits
of these controls are and how to execute these controls.

-This will ensure staff will not try to circumvent controls and that they know how to
execute controls properly.

-For example, they should know how to make backups or why it is important not to
share your password with colleagues

-Software change and implementation controls: These controls ensure that only
authorised changes are made to existing software programs or that only authorised
new programs are installed on the computer network
-Adequate disposal of used/damaged/redundant equipment: When hardware reaches
the end of its useful life (technological redundancy, damage, etc), a decision regarding
the proper disposal needs to be taken in order to ensure that the confidentiality of
data is maintained and the negative impact on the environment is minimised

8.5 Detective controls

-These are controls that detect if any problems have occurred.

-They are designed to pick up errors that have not been prevented.

-These could be exception reports that reveal that controls have been bypassed (e.g.,
large amounts paid without being authorised).

-Other examples could include reconciliations, supervision and internal checks

-Examples of detective controls include the following:

1.Programmed edit tests: These detective controls are automatically performed by the
application software used in the data entry.

-Depending on the software program, errors identified can reflect immediately on the
input screen to allow the input clerk to take corrective steps instantaneously to rectify
the data, or the errors can reflect on an error report created periodically, and the
errors must be corrected at a later stage.

-Some of the programmed edit tests which can be performed include the following:

— Check digit: A check digit is used to verify the accuracy of an entered numeric code
(e.g., bank account number, ID number, inventory bar code). The check digit is usually
the last number of the numeric code and is calculated by applying a mathematical
formula to the basic code (the other numbers in the numeric code). When the numeric
code with the check digit is entered, the computer will automatically recalculate the
check digit. If the check digit is not the same, the computer will indicate that the
numeric code has been entered incorrectly and must be re-entered.

A very simplistic example is the following: An inventory bar code, 756-543-6, is seven
digits in length. The first six numbers are the basic code and the last number is the
check digit. The check digit is calculated as the sum of the first three numbers less
the sum of the last three numbers, that is, 6 [(7+5+6)- (5+4+3)]. If, for example, this
specific inventory bar code is entered as 756-643-6 the computer will recalculate the
check digit and get 5 instead of 6.

- The computer will then flag the inventory bar code as incorrectly entered. In
practice, the

mathematical formulas used to calculate the check digit are very complicated

• Mathematical accuracy checks: The computer will re-perform calculations and

compare the answers to calculations manually performed. For example, the total of
the line items on an invoice must be equal to the original invoice total captured.

• Alpha/numeric checks: Data fields can be set to contain only numeric or only
alphabetic characters. The alpha/numeric test will then test if the data entered in that
specific data field were entered in the correct format. For example, if a data field can
only contain numeric characters (1234567) an alphabetic characters (abcde) or
alphanumeric (abcd4567) characters are entered into that specific field, that entry will
be flagged as an error.

• Limit checks: When data are entered, these tests check whether the data fall within
pre-set limits. For example, the quantity sold for a specific item can only be between 0
and 100, the working hours for casual staff can only be between 0 and 15 hours per
week or payment terms must be 30, 60 or

90 days.

Activity logs: Activity logs indicate which users accessed a certain system and at what
time. These logs should be reviewed regularly for atypical activities, that is, users
logging in at unconventional hours, as these activities might indicate fraudulent
activities

-Intrusion detection system (IDS): IDS is software that monitors and logs attempts to
access computer system and networks.

-An intrusion detection alarm is raised if the attempt to access the system falls
outside predetermined activity parameters (unsuccessfully trying to access more than
three times, etc) or falls within the parameters of possible malicious attacks (the
predictable behaviour of a worm).

- An IDS is used to detect attacks from inside as well as outside the organisation

-Hash totals: A hash total is created by adding together all the data for a specified
nonfinancial numeric field (e.g., inventory codes, invoice numbers, supplier and
customer account numbers) in a batch. (A batch is a group of transactions processed
together.)

-The total has no specific value other than as control to ensure the batch is captured
completely and accurately.

-This is done by calculating the hash total for the batch at the start and ensuring that
it agrees with the calculated hash total for the batch at the end

Other examples: Detective controls, discussed earlier in this learning unit, are

• run-to-run totals

• audit trails

• smoke detectors.

8.6 Corrective controls

-These are controls that address any problems that have occurred.

-So, whenproblems are identified, the controls ensure that they are properly rectified.

-Examples of corrective controls include follow-up procedures and management

action.
- Clearly, the most powerful type of control is preventative.

-It is more effective to have a control that stops problems occurring rather than
detecting or correcting

them once they have occurred.

- There is always a possibility that it is too late to sort out the problem

-Corrective controls are the last layer in the internal control shield.

-Corrective controls, also sometimes called corrective measures, commence as soon

as the detective controls have uncovered and identified an adverse event.

- The purpose of corrective controls is to limit and repair the damage caused by the
adverse event

and should bring the organisation back to its normal working operations as effectively
as possible.

-It is important to remember that for each adverse event identified, there can be more
than one corrective control and that the optimum corrective control must be chosen to
rectify each adverse event.

-As with detective controls, corrective controls can have the effect of modifying
existing controls or

implementing new controls

-Even with the availability of more advanced technology, the recovery of data is not
certain.

-It is therefore of the utmost importance to ensure that backups of important

documents are made regularly.

-Backup data restoration: The applicable data backup is restored. This restores the
data and information back to the form it was in at the point the backup was made.

All transactions between the backup date and the date the backup is restored will
therefore be “lost” and must be redone.

-It is, therefore, very important to inform all users before a backup is restored, to
ensure they have a list of transactions that need to be redone.

-The restoration of a backup is the last option, as redoing work is time consuming

-Please remember that it is very important that backups must be tested regularly to
ensure they can be restored.

-An organisation does not want to find out that backups are corrupt and cannot be
restored when it needs to restore the data.

● Data recovery: In the event of a damaged or corrupted secondary storage device,

multiple tools can be used to recover data, including specialised data recovery
software or the replacement of a broken hardware component, among other things.

An operating system failure is the most common reason for the need to recover data
and a CD, called a live CD, containing a complete, functioning and operational
operating system, can be used to boot up the computer so that the file system error
can be fixed.

-Data and system backups can also be made regularly for data recovery purposes.

• Other examples of corrective controls are:

– disaster recovery of complete system (in order to minimise financial loss and
prevent a material impact on the financial reporting process, controls should be in
place that enable a business to resume normal operations as soon as possible after a
disaster has struck the organisation)

– fire extinguishers (to minimise the damage caused by a fire)

– backup power (to minimise the impact of a power outage)

– insurance (to recover damage to be able to be in operation as soon as possible).

9 Potential Threats and Controls

-Information systems are exposed to privacy and security issues.

- The organisation must safeguard the privacy and security of data as well as ensure
complete and

accurate processing of data.

- There are different privacy and security risks that exist, together with solutions as to
how the organisation can tackle each risk.

Potential threat Potential controls

Natural disasters – for example, fire or floor

• Fire procedures – fire alarms extinguishers, fire doors, staff training and insurance
cover

• Location, for example, not in a basement area liable to flooding

• Physical environment – for example, air conditioning and dust controls

• Backup procedures – data should be backed up on a regular basis (ideally in real

time) to allow recovery.

• Business continuity planning – to decide which systems are critical to the

organisation continuing its activities.

Malfunction – of computer hardware or software

• Network design – to cope with periods of high volumes

• Backup procedures and business continuity planning (as above) Unauthorised

access, usage, damage or theft

• Personnel controls – include segregation of duties, policy on usage and compliance

with regulations such as GDPR, hierarchy of access.
• Access controls – such as passwords and time lockouts

• Computer equipment controls – to protect equipment from theft or destruction

Viruses – a small program that, once introduced into the system, spreads extensively.
Can affect the whole computer system.

• Antivirus software – should be run and updated regularly to prevent corruptio of the
system by viruses.

• Formal security policy and procedures, for example, employees should only
download files or open attachments from reputed sources.

• Regular audits to check for unauthorised software

Hackers – deliberate access to systems by unauthorised persons

• Firewall software – should provide protection from unauthorised access to the

system from the internet.

• Passwords and usernames – limit unauthorised access to the system.

• User awareness training and a formal security policy so that employees are aware of
the risks that exist and how best to mitigate them.

• Data encryption – data is scrambled prior to transmission and is recovered in a

readable format once transmission is complete.

Human errors – unintentional errors from using IS

• Training – adequate staff training and operating procedures.

• Controls ensuring only valid data is input/processed and that all data is processed.

Human resource risk – for example, repetitive strain injury (RSI), headaches and eye
strain from computer screens, tripping over loose wires

• Ergonomic design of workstations should reduce problems such as RSI.

• Anti-glare screens reduce eye strain.

10 Business Continuity and Disaster Recovery

-Most organisations now expect to be subject to a cyberattack.

-Therefore, part of the cyber risk management process must be to set up business
continuity plans and disaster recovery plans (although the use of these plans is not
limited to recovery from cyberattacks).

1.Business continuity planning – is proactive and designed to allow the business to

operate with minimal or no downtime or service outage whilst the recovery is being
managed.

2.Disaster recovery planning – is reactive and limited to taking action to restore the
data and applications and acquire new hardware
-Disaster recovery planning takes place in order to recover information systems from
business-critical events after they have happened. It involves:

-Making a risk assessment

-Developing a contingency plan to address those risks.

Examples of backups that organisations use now are:

 Mirror site – this is effectively a complete copy of a website, but hosted on

a different URL (web address). It can be used to relieve traffic on a server
to speed up performance of a website, or it can be used if the main
website goes down for any reason.

- It is a very expensive approach, but if something is business critical, it

could be cheaper than the costs incurred as a result of not having one if
something goes wrong.

 Hot backup site – this is a building that physically replicates all of the
current data centre/servers, with all systems configured and ready to go
with the latest backup.
 Warm backup site – this is a building that has all the critical hardware for
the servers and systems in place, but they will need to be configured and
the most recent backup of the data/information installed before the site
can take over the organisation’s activities.
 Cold backup site – this is an area where, should anything go wrong, new
hardware could be set up and a recovery operation could begin. None of
the hardware needed is actually in place, so it would take a significant
amount of time to restore operations. This is the cheapest option. The
location of backup facilities is also an important issue.
 If the backup facilities are too close, they may be taken offline along with
the primary site.
 If the backup facilities are too far away, that could impact on operations.
-Finding the right balance for an organisation will require significant
consideration.
-There are also third-party providers who maintain sites, which could be
cheaper but could also create problems with ensuing compatibility.
- Third-party providers are likely to have many other commitments to
other clients, and this could impact the availability and accessibility of the
backup in a disaster, particularly as disasters can impact various
organisations at the same time (

11 Privacy

-The amount of personal data available to and used by organisations means that the
privacy, sensitivity and security of this data are very significant considerations in
modern business.

-In the context of the organisation, privacy refers to all information that is considered
confidential and in need of protection from public disclosure.
-Privacy has become an important issue owing to the vast amounts of data being
made available to stakeholders of organisations.

-In most organisations, information is computerised, making it easily accessible.

- It is important that proper control measures be put in place to ensure that

information is managed as well as that it reaches its intended recipients only.

-Individuals must respect the value and ownership of the information they receive and
should not disclose any of its contents without the appropriate authority unless there
is a legal or professional obligation to do so

12 Protection of Personal Information

-On 1 July 2021, the Protection of Personal Information Act (POPIA or the Act), 4 of
2013, came into effect.

-The Act has implications for all research activities that involve the collection,
processing, and storage of personal information.

- POPIA provides for a general prohibition on the processing of special personal

information.

-Special personal information includes information relating to the health, political

persuasion, race or ethnic origin, or criminal behaviour of the data subject.

-There is a similar ban on the processing of personal information relating to a child.

-There are some exceptions to these bans.

-It provides for the development of codes of conduct to guide the interpretation of the
Act with respect to a sector or class of information.

-Prior authorisations are required for using unique identifiers of personal information in
data processing activities, and for sharing special personal information or the personal
information of children with countries outside of South Africa that do not have
adequate data protection laws.

-In order to understand and functionally interpret the provisions of POPIA for the
research community in the Republic of South Africa (South Africa), the Academy of
Science of South Africa (ASSAf) is leading a process to develop a code of conduct
(Code) for research under the Act.

- During 2020, ASSAf was approached by scientists in South Africa to consider the
development of a code for research.

-Within the research setting, POPIA regulates the processing of personal information
for research purposes, and the flow of data across South Africa's borders to ensure
that any limitations on the right to privacy are justified and aimed at protecting other
important rights and interests.

-The new regulatory system that POPIA established, functions alongside other
legislation and regulatory structures governing research in South Africa.
-The law which takes precedence will be that which provides the most comprehensive
protections to the rights of individuals in South Africa.

12.1 Processing of personal information

12.2

- POPIA provides for the lawful processing of personal information in South Africa.

It sets out the roles for various parties involved in the processing (including collection,
use, transfer, matching and storage) of personal information.

- Briefly, these roles include but are not limited to

• the “Responsible Party”, which – in this case – is the researcher (Principal

Investigator) or research institution responsible for determining why and how the
personal information is being processed

• the “Operator” – a third party contracted by the responsible party to process

personal information on their behalf

• an “Information Officer” who is the designated individual within an institution

responsible for ensuring compliance with POPIA

• the “Data Subject” who is the person whose information is being processed and, in
the case of research, would be the “study/research participant”

Conditions of lawful processing of personal information

-POPIA outlines eight (8) conditions for the lawful processing of personal information,
all of which must be fulfilled for such processing to be lawful.

-These conditions are:

a.

b. Accountability: the responsible party must ensure that all the conditions for the
lawful processing of personal information laid out in POPIA are complied. with at the
time of the determination of the purpose of processing and during processing (section
8).

-Process limitation: the responsible party must ensure there is a lawful basis for the
processing of personal information; that such processing is necessary for a defined
purpose and could not be achieved without processing such personal information; and
that the information is collected directly from the data subject and with informed
consent (sections 9–12).

-The lawful basis must be determined at the outset of the processing and will
influence the rights of data subjects.

-The following lawful bases outlined in POPIA are in section 11(1):

(i) the data subject or a competent person where the data subject is a child consents
to the processing;
(ii)processing is necessary to carry out actions for the conclusion or performance of a
contract to which the data subject is party;

(iii)processing complies with an obligation imposed by law on the responsible party;

(iv) processing protects a legitimate interest of the data subject;

(v)processing is necessary for the proper performance of a public law duty by a public
body; or

(vi) processing is necessary for pursuing the legitimate interests of the responsible
party or of a third party to whom the information is supplied.

- Further guidance in this regard is provided under the Code.

c. Purpose specification: the collection and processing of personal information must

be for a defined purpose; records should not be retained longer than is necessary and
must be deleted or destroyed after the purpose for collection and processing has been
fulfilled.

-The retention of records containing personal information is allowed for research

purposes where there is a specifically defined need to retain such information and
where further relevant safeguards are in place (sections 13–14).

d. Further processing limitation: further processing of personal information is

permitted where such information is used for research, and only research, purposes
(section 15).

e. Information quality: personal information collected and stored must be accurate, up

to date, complete and not misleading (section 16).

f. Openness: responsible parties must maintain a record of all processing of personal

information. The data subject must be informed regarding: why theinformation was
collected, who collected it and where it is being held, what rights the data subject has
to access and delete or correct the data, and if the data will be transferred to a third
party and/or internationally during the processing.

-It is not necessary to inform the data subject of the above if their information is being
processed only for research purposes (sections 17–18).

g. Security safeguards: responsible parties must ensure that personal information is

kept secure to maintain confidentiality and integrity, and to prevent data breaches.

-Any security breaches must be reported to the Information Regulator (sections 19–
22).

h. Data subject participation: the responsible party must ensure that the data subject
is informed of their right to access, correct and delete their personal information and
of the manner in which to do so (sections 23–25).

-In a paper delivered by Netshakuma (2020) in a consultative workshop to formulate

code of conduct, it was established that most participants were not aware of the
POPIA, and a lack of collaboration existed between the legal practitioners, records
managers and archivists. Internal control systems with information communication
technology (ICT) need to be in place to provide information integrity, and the value of
international integrity about the international students and staff.

12.3 Social Implications

-If the POPIA is not properly implemented, it can contribute to the violation of
information integrity of the international students partaking in research and cultural
exchange programmes.

-Internationally, it can affect SA trade relations with European countries, if

requirements for non-European Union General Data Protection Regulation (GDPR) are
not followed.

- It is also essential for the POPIA to be aligned with international norms and standards
such as GDPR.

13 Ethics

-Ethics is defined as the moral values and principles of an individual.

-It is a rule or set of rules that is composed to maintain professionalism and guide
members of their profession to assure the public that a profession will maintain a high
level of performance.

- If the rule is not met, it means that the professional has not achieved the standard,
which can be considered as malpractice

-The King IV Report regards exercise of ethical and effective leadership by the
governing body as corporate governance.

- Ethics plays a critical role in moving from tick-box compliance to genuine application
of corporate governance.

-Ethical leadership is exemplified by integrity, competence, responsibility,

accountability, fairness, and transparency (ICRAFT).

-It involves anticipating and preventing or at least ameliorating the negative

consequences of organisational activities and outputs on the economy, society, the
environment as well as capitals that it uses and affects.

-Thus, ethical organisation made up of ethical individuals will act responsible and
fairly, even when nobody is watching.

-Accounting scandals such as Enron and Worldcom have raised a great deal of
attention on ethics.

-The publication of the Sarbanes-Oxley Act in 2002 was an initial response.

- Ever since then, ethics is considered important enough to be taught in universities

and included in the accounting curriculum.

-Despite all the efforts, accounting scandals remain.

13.1 Ethics and the individual professional accountant

-In an information environment, the individual may act unethically for various reasons.

-These may include self-interest or familiarity with organisation information, or

because of intimidation by a dominant senior staff member trying to influence the
decision-making process.

-Ethical behavioural cannot be taught, as it is not based on rules and regulations.

-Although an action might be legal, it might not necessarily be ethical.

-The test for ethical behaviour is to ask oneself the question: “What is the right thing
to do in this situation?”

-A professional accountant is required to comply with the following five fundamental

principles

-Fundamental principle Interpretation

Integrity

-Integrity means being straightforward, honest and truthful in all professional and
business relationships.

Objectivity

-Objectivity means not allowing bias, conflict of interest, or the influence of other
people to override your professional judgement.

Professional competence and due care

-This is an ongoing commitment to maintain your level of professional knowledge and

skill so that

Your client or employer receives a competent professional service.

-Work should be completed carefully, thoroughly and diligently, in accordance with

relevant technical and professional standards.

Confidentiality

- This means respecting the confidential nature of information you acquire through
professional relationships such as past or current employment.

-You should not disclose such information unless you have specific permission or a
legal or professional duty to do so.

-You should also never use confidential information for your or another person’s
advantage.

Professional behaviour

-This requires you to comply with relevant laws and regulations.

- You must also avoid any action that

could negatively affect the reputation of the profession

14. Understanding Ethics in the Accounting Profession

-Public accounting as a professional career, is born from the need to train people in a
technical, professional and ethical way so that they specialise in and are responsible
for the management of the finances of a natural or legal person.

-Thus, a presentation of financial reports with reliable figures in order to improve the
decision-making processes in the management of any organisation is needed

- Accounting is therefore a service, while the provision of service should be directed to

specific interest.

-accounting harmonisation, through adoption of International Financial Reporting

Standards (IFRS), favours the interests of investors.

-They established that multinational companies (MNC), as the leaders of neo-

globalisation, have a goal of expanding areas of “power” and increasing their wealth.

- This was because most corporation managements are still at a physical level, that is,
very egocentric, rather than at a spiritual level, which is “community-centric”,
resulting in the growth of a “capitalist culture” which is the “culture of having”. In this
regard, an important question that may direct ethics purpose as well, needs to be
answered.

-The question relates to who the users of information generated by accountants (both
in financial and audit) are.

-Thus, it is crucial to ensure the confidentiality of users of audited financial statements

and other services provided by public accountants.

-This requires a good audit quality, generally measured by adherence to the audit
process, and standards established and approved by the Indonesian Institute of
Certified Public Accountants.

-Therefore, as an independent party, public accounting as a profession requires the

trust of the public in the reliability of those statements.

-Accordingly, quality financial reporting also demands a qualified auditor.

-Notwithstanding, awareness of the importance of financial statements for

stakeholders is still not sufficient (Jaya & C Irene, 2016).

-Building on the idea that birth cohorts, otherwise known as generations, are useful
proxy for the socio-cultural environments of different time periods, it is believed that
the perceptions of accountants of the millennial age group (young workers and
students born in the 1980s and 1990s, and the so-called “GenMe”) are particularly
important for the future of the accounting profession.

-After all, it is these young people who will become professional accountants or the
accountants’ future clients.

-Specifically, the factors that contribute to influencing GenMe perceptions of

accountants’ ethics, are levels of education, having attended an accounting course at
high school level, gender, and membership of accounting professions (Caglio &
Cameran, 2017).
14.1 Accountants and ethics

-The growing concern over the ethics of professionals makes it important considering
the perception of the public, students, and accountants of the values of accountants
in the working world.

-Building from the above about the accounting profession, the function that
accountants fulfil in the economic system is dependent on their ability to maintain the
perception of high ethical standards.

-creative accounting is a scourge that affects the organisational and professional

ethics of those who consent to committing fraudulent acts for the simple reason of
accommodating figures and showing a reality that does not correspond to what is
truly executed.

-Therefore, accountants as students need to possess certain essential personal

qualities that their employers look for.

-The study by Caglio & Cameran (2017) indicated that there is room for improving
public perceptions of accountants’ ethics through university courses in ethics,
continuing education programs and focused communication strategies by accounting
firms and professional bodies.

14.2 Forensic accountants and ethics

-According to Bryan Howison (2018), although being ethical is identified as an

important characteristic, the question of what constitutes a “good forensic
accountant” has not hitherto been investigated.

-This is because of the multidisciplinary and highly technical nature of forensic

accountants, as they are significantly at risk of conflating ethics with compliance with
law.

-In this regard, prior literature has identified several technical and personal
characteristics and attributes that are desirable in forensic accounts practitioners.

-The understanding of virtue ethics and especially the virtue of practical wisdom will
help forensic accountants maintain public confidence and quality in their service and
provide practical guidance on the exercise of professional judgement.

-Practical implications suggest that the primacy currently given in forensic accounting
literature and practice to a commercial logic technical competence, risks damaging
the professional standing of forensic accountants.

-Over time, it will reduce their ability to exercise professional judgement in complex,
unstructured situations.

-In this regard, virtue ethics can act as a useful counterpoint to these threats.

14.3 Perceptions on ethics between teaching accountants, accounting students,and

accountants
-Prayogo, Tenku Afrizol (2021) conducted a study on the difference in perceptions
between teaching accountants and accountants on the ethics of preparing financial
statements, and ethical indicators for the financial preparation of financial statements
as represented in earnings management, misstatements, disclosures, cost-benefit and
responsibilities.

-Results showed that teaching accountants, accounting students and accountants

have different perceptions.

-However, there were no differences in perception between teaching accountants and

accountants.

-Therefore, it was concluded that there are differences in perception between teaching
accountants, accounting students and accountants on the ethics of preparing financial
statements.

14.4 Basic principles for auditors’ ethics

In carrying out their duties, auditors are expected to always be guided by the basic

14.5 principles of professional ethics, which are:

a. Principle of integrity – every practitioner or auditor must be firm and honest in

establishing professional and business relationships in carrying out his work

b. Principle of objectivity – every practitioner or auditor shall not allow subjectivity,

conflicts of interest to influence professional judgement

c. The principle of competence and attitudes of professional precision and awareness

-The effect of electronic information technology (IT) systems and the auditors’ ethics
on audit quality

-The interaction between electronic IT systems and auditor ethics affects the quality of
audit.

-Based on theory, the interaction between electronic IT systems and auditor ethics has
a positive effect on audit quality.

- Electronic information technology-based systems are indispensable for auditors in

complex audit assignments, where analytical, rapid decision-making and
communication among audit teams is

essential.

-Electronic-based information systems (IS) are needed for decision- making oriented to
professional consideration and complexity of the assignment.

-The electronic IT systems support IS used by auditors in the assignment of audits.

-An understanding of ethics will bring the auditor up to speed with attitudes,
behaviour and action necessary in maintaining the quality of audit

15 Governance

-Governance outcomes: Corporate governance is not presented as an end in itself but

rather a means towards realising certain benefits, or governance outcomes, such as
ethical culture, good performance, effective control and legitimacy.

-The principles are an expression of the fundamental aspirations of any organisation

wishing to achieve corporate governance.

-For example, King IV provides the following principles, among others, for a governing
body. It should:

a. lead ethically and effectively.

b. govern risk in a way that supports the organisation in setting and achieving its
strategic objectives, among others.

c. ensure the organisation remunerates fairly, responsible and transparently so as to

promote the achievement of strategic objectives and the positive outcomes in the
short, medium and long term.

15.1 Corporate governance and the financial crisis

-The credit crunch is increasingly presented as a crisis in corporate governance.

-The regime of corporate failures came on the heels of the global financial crises of
2007 and 2009.

-This emphasised the fact that corporate objectives, goals and priorities had been
compromised by organisational or corporate gatekeepers.

-This results in a breakdown of planning, control and evaluation phases in corporate

management.

-These gatekeepers, as represented by accountants, auditors, corporate managers

and the regulatory authorities, have in some way been implicated in this gruesome
dance of death.

-Global response to this downwards spiral is twofold.

-First, there has been a renewed emphasis on the overhaul and adoption of uniform
International Financial Reporting Standards (IFRS) with an eye on best practices.

-Second, corporate governance principles and practice are emphasised to avert the
misadventures of the past.

15.2 Objectives and importance of corporate governance

-Corporate governance is the means by which a company is operated and controlled.

-The aim of corporate governance is to ensure that companies are run well in the
interests of their shareholders, employees and other key stakeholders such as the
wider community.

- It deals with the mechanism by which stakeholders of a company exercise control

over corporate managers and provide overall direction to the firm, such that the
stakeholders’ interests are protected.

-In such situations, the firm operates more responsible and profitably, relations are
enhanced between the firm and all stakeholders – shareholders, policyholders,
employees, suppliers and society at large.

-The quality of executive and non-executive directors is improved, the long-term

information needs of all stakeholders are satisfied, and executive management is
monitored properly in the interest of shareholders.

-The aim is to try and prevent company directors from abusing their power, which may
adversely affect these stakeholder groups.

-For example, the directors may pay themselves large salaries and bonuses whilst
claiming they have no money to pay dividends to shareholders.

-Similarly, they may be making large numbers of staff redundant but awarding
themselves a pay rise.

-In response to major scandals (for example, Enron) regulators sought to change the
rules surrounding the governance of companies, particularly publicly owned, ones.

-In the United States (US), the Sabarnes-Oxley Act (2002) introduced a set of rigorous
corporate governance laws.

-The UK Corporate Governance Code introduced a set of corporate governance

initiatives into the UK.

-The King Committee on Corporate Governance periodically produces a booklet of

guidelines for the governance structures and operation of companies in South Africa
(SA), called the King Report on Corporate Governance (King Report).

- It has been cited as the “most effective summary of the best international practice in
corporate governance”.

-Compliance with the King Report is a requirement for companies listed on

Johannesburg Stock Exchange (JSE).

-Three reports were issued: in 1994 (King I), 2002 (King II) and 2009 (King II), and a
4th revision (King

IV) in 2016.

-The first report (King I), when published, was recognised internationally as the most
comprehensive publication on the subject, embracing the inclusive approach to
corporate governance.

-The Institute of Directors in SA (IoDSA) owns the copyright of the King Report and the
King Code of Corporate Governance.
-Unlike other corporate governance codes, such as Sarbanes-Oxley, the Code is non-
legislative and based on principles and practices.

-It also espouses an apply-or-explain approach unique to the Netherlands, and now
also found in the 2010 Combined Code of the United Kingdom (UK).

- The philosophy of the Code consists of the three elements of leadership,

sustainability and good corporate citizenship.

-One of the definite fallouts of the Enron saga was a global preoccupation with the
twin challenge of corporate governance and corporate accountability.

15.3 Information and technology

-As we learnt in earlier learning units, information, like technology, is a growing source
of competitive advantage for the enhancement of the intellectual capital of an
organisation.

- For serving its customers more effectively, King IV recognises that information and
technology overlap but are also distinct sources of value creation, each of which has
its own risks and opportunity.

-King IV takes cognisance of the advances in technology that are revolutionising

business and societies and transforming products, services and businesses models.

-To reinforce this distinction in King IV, the Code now refers to information and
technology instead of information technology.

-Principle 12 provides that the governing body should govern technology and
information in a way that supports the organisation, setting and achieving it strategic
objectives.

-So profound are these effects that many believe they herald the dawn of a Fourth
Industrial Revolution, as they cause significant disruption.

-In line with King IV’s assertion that risk often creates opportunity, organisations
should strengthen the processes that help them anticipate change and respond by
capturing new opportunities and managing emerging risks. The practices assist the
governing body to do so.

15.4 Role of accountants in good corporate governance

-The role of an accountant is to maintain a proper balance between the components of

the system to ensure that the audit and accounting tools are performing proper
governance roles and that the pillars of good governance procedures are well in place.

-They must keep a governance checklist on the front burners to ensure that the
auditing and accounting tools serve an overall governance in the firm.

-In this regard, the role and responsibilities of accountants can be comprehensively
explained as follows:

a. The primary task of an accountant is to ensure that there is checklist of good

corporate governance practices. It is not enough to define in theory the roles of the
different components of the governance structure; more importantly, those
components must be seen to operate efficiently in design and effectively in
operations.

b. The responsibilities fall rather heavily on accountants to help the company ensure
full compliance with the requirements of good and effective corporate governance.

-Firms with good corporate governance frameworks are usually fraud resilient.

-In the final analysis, it is part of accountants’ duties to ensure that companies:

(i) implement enhanced Board of Directors oversight of fraud risk management

(ii) appoint an executive-level member of management responsible for fraud

management

(iii) establish formal fraud control policy or strategy

(iv) implement risk management goals, performance measurement and periodic

process evaluations

(v) coordinate efforts of different functions to reduce overlapping activities and

address risk management gaps

(vi) formalise roles and responsibilities of the board, audit committee, management
and staff related to fraud risk management.

c. Ultimately, the role of the accountant is to aid proper corporate planning – setting
achievable standards, establishing reporting, monitoring and evaluation standards,
and crafting an overall vision for the enterprise.

d. Accountants also aid the setting up of proper controls, efficient and effective audit
systems, good fraud risk management, and full, fair and adequate disclosure that
satisfies international standards and best practices

15.5 Advantages of a company following good corporate governance principles

These are the following:

a. Greater transparency

b. Greater accountability

c. Efficiency of operations

d. Better able to respond to risks

e. Less likely to be mismanaged

16 Summary

- we looked at cyber risks, threats, controls, privacy, and ethics. In summary, you
learnt about many issues.
- These include concepts and an understanding of vulnerability and exposure to
threats and security, risk exposure relating to social media, and risks of cloud and
mobile computing.

-The learning unit emphasised that the amount of personal data available to and used
by organisations necessitates that the privacy, sensitivity and security of this data be
given significant consideration in modern business.

-Hence, you were exposed to the POPIA. You also learnt about information security
management systems.

-In addition, you learnt about the effect of electronic information technology systems
and auditors’ ethics on audit quality.

-This includes creating an understanding of ethics in the accounting profession.

-Finally, you learnt about good corporate governance and its principles, including the
role of accountants in it, and corporate governance and the financial crisis, including
advantages of a company following such principles