© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart
55 of 151
OBJECTIVE 1: OVERALL SECURITY
If security controls are seriously deficient, the organization faces substantial risks.
Partial compensation for poor computer security can be provided by:
Sound personnel policies
Effective segregation of incompatible duties
Effective user controls, so that users can recognize unusual system output.
These compensations aren’t likely to be enough, so auditors should strongly recommend that security weaknesses be corrected.