Accounting Information System Security Essay


Discuss about the Accounting Information System Security.



Accounting information system (AIS) is defined as a particular system that helps to collect, store and process both the accounting and financial data that are generally used by the decision makers (Moghadam et al. 2013). The accounting information system is a computer-based process that also helps to track the accounting activity in combination with the resources that are related to the information technology. In this report, the frameworks and the controls that were implemented within the project named the Queensland Health Payroll System have been discussed in detail. The particular frameworks and controls that were used in the Queensland Health Payroll System were COBIT and COSO.

Frameworks and Controls: COBIT

The Control Objectives for Information and Related Technologies (COBIT) is considered as a good-practice framework that has been developed by the international association named ISACA for the IT governance and the Information Technology management. It has been found that COBIT gives an implementable set of controls over the information technology and it organizes the set of controls around the logical framework of enablers and processes that are related to information technology (Prasad and Green 2015). It has been found that with the passage of time, the COBIT has been modified and its use, importance and the process of implementation has also been changed. It has been found that in the year 1996, the auditors used to use COBIT 1 ( 2016). In the year 1998, COBIT 2 was mainly used for controlling, whereas, in the year 2000, COBIT 3 was mainly used and implemented by the management team of any organization ( 2016). During the period 2005-2007, it has been found that the IT Governance mainly used the COBIT 4.0/ 4.1 ( 2016). However, a new version of COBIT named COBIT 5 was introduced during the year 2012, which are mainly used by the Governance of Enterprise IT ( 2016). Therefore, the Queensland Health Payroll System should implement COBIT 5 for running the system successfully.

Figure 1: A Business Framework from ISACA

(Source: 2016)

It has been found that ISACA creates and maintains the COBIT framework that were recognized internationally and thus it helps the IT professionals along with the leaders of enterprises who fulfill the responsibilities of IT Governance during the conveying value to the business of an organization.

It can be said that the Queensland Health Payroll System should implement the COBIT 5 within the system as the aim and objective of the ISACA’s latest globally accepted framework is to offer an end-to-end business outlook of the governance of IT enterprise, which reflects the central function of the information technology in order to develop value for the businesses. In addition to this, COBIT 5 is considered as a comprehensive framework, which helps the enterprises to develop optimal value from the information technology by keeping a balance between optimizing risk levels and realizing advantages and the resource use (Vanhoof et al. 2016). More, COBIT 5 enables the related technology and information to be managed and governed in a holistic way for the entire business, by taking in entire end-to-end enterprise and functional regions of responsibility. This also considers the interest of both external and internal stakeholders that are related to information technology. In addition to these, it can also be said that the enablers and principles of COBIT 5 are useful and generic for businesses of all sizes, if commercial, not-for-profit or in the public sector (Soudani 2012). Furthermore, from the principles of COBIT 5, the benefits of using this within the Queensland Health Payroll System can also be understood.

Figure 2: Principles of COBIT 5

(Source: Soudani 2012)

Frameworks and Controls: COSO

In the year 1992, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) created a model for the evaluation of internal controls ( 2016). This particular model has been assumed as the generally accepted framework for the internal control and is broadly acknowledged as the ultimate standard against which the firms determine the usefulness of the systems of internal control. On the other hand, COSO model is defined as the process that is effected by the board of directors of the firm, management and other individual that are structured to offer a reasonable assurance of the attainment of aims in following types:

  • Reliability of financial reporting
  • Efficiency and effectiveness of operations
  • Compliance with regulations, rules and laws

The Queensland Health Payroll System should implement the 2013 Framework of COSO as it makes the particular system easier and simple for the management of an organization in order to identify the gaps that might be present within the compliance program. On the other hand, it has been found that some organizations might not have fully documented their application regarding internal control in line with the 1992 Framework of COSO ( 2016). Therefore, the Queensland Health Payroll System should implement the modified Framework of COSO of the year 2013 ( 2016). This updated Framework of COSO will help to develop new principles and supporting points of highlight within each of the five components of internal control, these include – risk assessment, control environment, control activities, communication and information and monitoring activities (Hall 2012). From the COSO cube, the importance of implementing modified Framework can be better understood.

Figure 3: The COSO Cube

(Source: 2016)

In addition to these, the five steps of transition also imply that the modified Framework of COSO of the year 2013 will help the Queensland Health Payroll System to run successfully, as each of the distinct steps will help the management to implement the particular framework.

Figure 4: The Five-Step Transition

(Source: 2016)

Implementation of Frameworks and Controls in Queensland Health Payroll Project

It has been found that the government of Queensland had developed the SSI (Shared Services Initiative) earlier to LATTICE by notifying the Queensland Health of the termination of support. On the other hand, the LATTICE system was considered as unsupported system. Thus, in order to reduce the risks intrinsic to an unsupported and obsolete system, the Queensland Health commenced the SSI (Hall 2012). Therefore, with the passage of time, IBM and CorpTech restored their previous systems with SAP Finance, SAP HR and the “WorkBrain” solution regarding solution. Therefore, the rationale of the WorkBrain system was to procedure the transport and timesheets to the SAP system. It has been noted that the project to standardize the Finance and Payroll Systems was made compulsory for all the government departments. Thus, a specialized unit of government named “CorpTech” was formed that was responsible to manage all the Finance and Payroll implementation projects for the various government departments (Du, Huddart and Xue 2015). Consequently, the implementation of this payroll and finance systems in the Queensland Health included three key teams of stakeholders (The Sydney Morning Herald 2016). These include – firstly, the staff members of Queensland Health were the end users of this particular system and it has been found that at the time of incorporation of this project, the Queensland Health was accountable for certification and definition of the business necessities and all these requirements were fulfilled in the testing phase.

Secondly, the IBM was considered as the principal consultant or the prime contractor of the Queensland Health incorporation project. Initially, they were contracted with the aim to implement and manage the government mandated software solution (standardized) in all the government divisions (Abbasi 2014). Nevertheless, by the conclusion of the particular Finance and Payroll implementation projects, IBM was no longer responsible for the implementation of the specified projects in the remaining departments of the government due to the financial plan and time swamped experienced particularly in the case of Queensland Health ( 2016). It has been found that the organization IBM was selected and managed by a third group of stakeholder called CorpTech.

Thirdly, the CorpTech was responsible for running or organizing the role and functions of the prime contractor that is IBM, especially in the case of the Queensland Health Finance and Payroll systems implementation project. It has been found that the CorpTech was not only responsible for organizing IBM in the implementation projects of the Queensland Health department, but also for the full incorporation throughout all the departments of the government. From the following figure, the responsibilities of Queensland Health department, CorpTech and IBM can be better understood.

Figure 5: Responsibilities of Implementation Team

(Source: Romney and Steinbart 2015)

From this, it can be said that the responsibilities of Queensland Health department regarding the implementation of the frameworks and controls within the Queensland Health Payroll project were to provide training to the staffs and to define the business requirements. Additionally, another responsibility is to guide the end users of the particular system. On the other hand, the responsibilities of CorpTech regarding the implementation of the frameworks and controls within the Queensland Health Payroll project were to oversee the full implementation in all the departments of the Queensland Government and to manage the prime contractor. Moreover, another responsibility is to oversee the owner of WorkBrain and SAP HR Solution (Romney and Steinbart 2015). Lastly, the responsibilities of IBM regarding the implementation of the frameworks and controls within the Queensland Health Payroll project were to be a prime contractor and to manage the incorporation of the particular project. Furthermore, another responsibility is to incorporate and configure the SAP Finance and SAP HR and WorkBrain Solution (Domeika 2015).

Proceedings of work in this project in the first two stages

System Development Life Cycle (SDLC) is a six-step process that involves planning, developing, examining and organizing of an information system (Dillard and Yuthas 2013). This helps to create a software system only, a hardware system only or a combination of both in order to meet the expectations of a customer. The six phases of SDLC are – preliminary investigation, analysis of the systems, designing of the systems, development of the systems, implementation of the systems and maintenance of the systems (Collier 2015).

Figure 6: System Development Life Cycle

(Source: Collier 2015)

In this report, the implementation of the frameworks and controls within the Queensland Health Payroll project has been highlighted. Therefore, in order to understand the first two steps of SDLC regarding the standardization of the Finance and Payroll Systems within all the government departments of Queensland Health have been discussed below.

Step 1: Preliminary Investigation

It has been noted that the health department of Queensland that is the Queensland Health suffered from the failure of the payroll system. This failure of the payroll system was 300 % over the budget and was eighteen months behind the particular schedule (Meyssonnier and Pourtier 2013). In addition to this, it has been found that a huge numbers of employees of Queensland Health involving the nurses and the doctors were incorrectly paid or were unpaid. The total cost of the particular project including the implementation, maintenance and stabilization was projected to be $ 1.25 billion AUD (Christensen and Feltham 2012). There were various reasons for the failure of the payroll system, these include – industrial strikes, resignation of health minister and loss of members to other employees. It has also been identified that the government of Queensland boarded upon the judicial enquiry form in Australia in order to scrutinize the exact reasons and causes for the failure of the payroll system. In addition to this, the government of Queensland also boarded the enquiry form in order to offer a chain of suggestions to be implemented to the future large IS projects of the government. As per the findings of Royal Commission and Auditor General, the issues regarding the governance and project management were the main causes for the failure of the payroll system.

Step 2: Analysis of the Systems

According to Lim (2013), the government of Queensland is composed principally three kinds of firms – the Government departments and agencies, the Government owned corporations and the General statutory bodies. The Queensland Health is the public sector organization that provides health care regarding medical, dental and the facilities of aged-care. It has been found that Queensland Health provides services to about 40,000 people across Queensland and on the other hand, Queensland Health is responsible for about 85,000 employees (Apostolou et al. 2014). Owing to a huge numbers of employees within the Queensland Health and their diverse sets of skills, a considerable quantity of complexities occurred in the process of payment of the staffs. It has been found that with the present structures of payroll, the organization has to follow over 24,000 calculation combinations regarding payroll (Fang and Shu 2016).

In order to pay the employees of Queensland Health, unequal payroll system named LATTICE and ESP rostering engine was implemented. This particular unequal payroll system rolled out successfully for more than six years, 1996 to 2002 (Li and Bai 2014). Nevertheless, this LATTICE solution needed a significant quantity of manual interventions in order to accommodate the incentive structure and complex award structure. In the year 2005, the vendor of LATTICE system, Talent2 became obsolete. Thus, the requirement of a new payroll system arose within Queensland Health in order to replace the LATTICE system.

Meanwhile, in 2003, the government of Queensland made the implementation of SSI mandatory in all the government departments i.e. replacement of present legacy system by standardized software solution SAP Finance and SAP HR (Demski 2013). The objective of the SSI was to serve various benefits to the business process. These include – increase in the opportunity by providing enable workforce mobility, increase in the visibility into the cost of services, reduction in duplication of data by consolidation systems and reduction in expenses that are related to the licensing agreements. In addition to these, the SSI also reduces the personnel, obtains economies of scale, and helps the government firms to put focus on the core competencies, to increase the standard of service and also to maintain the consistency of finance and human resource information in all the agencies of the government. As a part of SSI, the government established CorpTech to oversee the standardized incorporation in all government departments (Domeika 2015). Thus, SSI was responsible for the selection and the management of the consultants. Four consultant firms namely – IBM, SAP, Logica and Accenture responded to the selection process of consultant. However, ultimately the organization IBM signed the contract officially as the prime contractor of SSI.

During the process of tender, the “WorkBrain” rostering system was put forward by the IBM in order to be utilized and to perform the rostering of staffs and award interpretation. It has been found that in the later period, the SSI projects ordered to use SAP Finance, SAP HR and the “WorkBrain” rostering system (Soudani 2012).

The government of Queensland formed the SSI former to the system of LATTICE due to its discontinuation of the support and unsupported LATTICE system of the Queensland Health. The WorkBrain rostering solution helps to practice the timesheets into such a format that can be made acceptable to the suitable financial institutes with the purpose to pay the employees and the staff members of the Queensland Health.


Therefore, it can be concluded that the implementation of accurate payroll software along with the accurate frameworks and controls within the Queensland Health Payroll project is an important factor. The reason behind the implementation of accurate payroll frameworks and controls is to overcome any type of confusion and complexities within the government organization like the Queensland Health. As it has been found that improper implication of payroll systems has either resulted into incorrectly paid or even not paid of the staffs.


Abbasi, H., 2014. Role of Management Accounting Information System in Organizations. Journal of Business and Technovation, 2(1), pp.96-102.

Apostolou, B., Dorminey, J.W., Hassell, J.M. and Rebele, J.E., 2014. A summary and analysis of education research in accounting information systems (AIS). Journal of Accounting Education, 32(2), pp.99-112.

Christensen, P.O. and Feltham, G., 2012. Economics of Accounting: Information in markets (Vol. 1). Springer.

Collier, P.M., 2015. Accounting for managers: Interpreting accounting information for decision making. John Wiley & Sons. 2016. IC. [online] Available at: [Accessed 3 Sep. 2016].

Demski, J., 2013. Managerial uses of accounting information. Springer Science & Business Media.

Dillard, J. and Yuthas, K., 2013. Critical dialogics, agonistic pluralism, and accounting information systems. International Journal of Accounting Information Systems, 14(2), pp.113-119.

Domeika, P., 2015. Creation of the Information System of Enterprise Fixed Asset Accounting. Engineering Economics, 60(5).

Du, K., Huddart, S. and Xue, L., 2015. Accounting Information Systems and Asset Prices.

Fang, J. and Shu, L., 2016. Modern Accounting Information System Security (AISS) Research Based on IT Technology. 2016. [online] Available at: [Accessed 3 Sep. 2016].

Hall, J.A., 2012. Accounting information systems. Cengage Learning. 2016. COBIT - IT Governance Framework - Information Assurance Control | ISACA. [online] Available at: [Accessed 3 Sep. 2016].

Li, Z.W. and Bai, D., 2014. Research on accounting decision support system based on data warehouse and data mining. In Advanced Materials Research(Vol. 989, pp. 4819-4822). Trans Tech Publications.

Lim, F.P.C., 2013. Impact of Information Technology on Accounting Systems. Asia-PasificJornal of Multimedia Services Convergent with Art, Humanities and Socialgy, 3(2), pp.93-106.

Meyssonnier, F. and Pourtier, F., 2013. Scope of Consolidation and Area of Control-Reflection on the Accounting Information System of Groups.Comptabilite Controle Audit, 19(3), pp.117-146.

Moghadam, H.M., Akhavansaffar, M., Bakhshaei, Z. and MirHosseini, S.Y., 2013. Effect of investment in information technology system on providing desired services of accounting information system. Elixir International Journal A, 55, pp.13268-13273.

Prasad, A. and Green, P., 2015. Organizational competencies and dynamic accounting information system capability: impact on AIS processes and firm performance. Journal of Information Systems, 29(3), pp.123-149.

Romney, M.B. and Steinbart, P.J., 2015. Accounting Information System Thirteen Edition.

Soudani, S.N., 2012. The usefulness of an accounting information system for effective organizational performance. International Journal of Economics and Finance, 4(5), p.136.

The Sydney Morning Herald. 2016. Govt loses to IBM after health payroll debacle. [online] Available at: [Accessed 3 Sep. 2016].

Vanhoof, E., De Bruyn, P., Aerts, W. and Verelst, J., 2016, May. Building an Evolvable Prototype for a Multiple GAAP Accounting Information System. InEnterprise Engineering Working Conference (pp. 71-85). Springer International Publishing.

How to cite this essay: