pc based fa cts.docx
TRANSCRIPT
The Advantages of Using Computerised Accounting Software
Let me start this article by saying I am a qualified accountant who has taught accounting at a variety of levels for over 18 years. I have also worked extensively as a business consultant for small and medium size enterprises. I am continually amazed when I come across a business either not using a computerized accounting package or using spread sheets to do their accounts. Therefore I decided to write a short article on the benefits of using a computerized accounting package. The package I use for our small to medium business isMYOB(Mind Your Own Business) accounting software.
Small and medium sized businesses can now buy off the shelf accounting programs at remarkably low cost. Larger businesses will often have customized programs made for their business. The accounting programs carry out functions such as invoicing, dealing with payments, paying wages and providing regular accounting reports such as trading and profit and loss accounts and balance sheets.
The introduction of computerized accounting systems provide major advantages such as speed and accuracy of operation, and, perhaps most importantly, the ability to see the real-time state of the companys financial position. In my experience I have never seen a business that has upgraded to a computerized accounting system return to paper based accounting systems. A typical computerized accounting package will offer a number of different facilities. These include:
- On-screen input and printout of sales invoices- Automatic updating of customer accounts in the sales ledger- Recording of suppliers invoices- Automatic updating of suppliers' accounts in the purchases ledger Recording of bank receipts- Making payments to suppliers and for expenses- Automatic updating of the general ledger- Automatic adjustment of stock records- Integration of a business database with the accounting program- Automatic calculation of payroll and associated entries
Computerized accounting programs can provide instant reports for management, for example:
- Aged debtors summary a summary of customer accounts showing overdue amounts- Trial balance, trading and profit and loss account and balance sheet- Stock valuation- Sales analysis- Budget analysis and variance analysis- GST/VAT returns- Payroll analysis
When using a computerized accounting system the on computer, input screens have been designed for ease of use. The main advantage is that each transaction needs only to be inputed once, unlike a manual double entry system where two or three entries are required. The computerized ledger system is fully integrated. This means that when a business transaction is inputed on the computer it is recorded in a number of different accounting records at the same time.
The main advantages of a computerized accounting system are listed below:
Speed data entry onto the computer with its formatted screens and built-in databases of customers and supplier details and stock records can be carried out far more quickly than any manual processing.Automatic document production fast and accurate invoices, credit notes, purchase orders, printing statements and payroll documents are all done automatically.Accuracy there is less room for errors as only one accounting entry is needed for each transaction rather than two (or three) for a manual system.Up-to-date informationthe accounting records are automatically updated and so account balances (e.g. customer accounts) will always be up-to-date.Availability of information the data is instantly available and can be made available to different users in different locations at the same time.Management information reports can be produced which will help management monitor and control the business, for example the aged debtors analysis will show which customer accounts are overdue, trial balance, trading and profit and loss account and balance sheet.GST/VAT return the automatic creation of figures for the regular GST/VAT returns.Legibility the onscreen and printed data should always be legible and so will avoid errors caused by poor figures.Efficiency better use is made of resources and time; cash flow should improve through better debt collection and inventory control.Staff motivation the system will require staff to be trained to use new skills, which can make them feel more motivated. Further to this with many off-the-shelf packages like MYOB the training can be outsourced and thus making a particular staff member less critical of business operations.Cost savings computerized accounting programs reduce staff time doing accounts and reduce audit expenses as records are neat, up-to-date and accurate.Reduce frustration management can be on top of their accounts and thus reduce stress levels associated with what is not known.The ability to deal in multiple currencies easily many computerized accounting packages now allow a business to trade in multiple currencies with ease. Problems associated with exchange rate changes are minimized.
In summary if you have not computerized your accounting you should seriously consider doing so. I chose to train in MYOB after reviewing all the small to medium business accounting packages on the market. In my view MYOB was the best overall package. A free 90 day trial version of MYOB accounting software can be downloaded from your own countrys MYOB website. This trial version is the full version but any business set up with it can only have entries entered for 90 days; after that, purchase of the software is required. I strongly recommend you download a version and take a look.
OPERATING SYSTEMSAn operating system is a collection of software that controls the basic operation of a computer, including the execution of programs, managing storage, input/output and communication resources. According to W3Schools, Windows XP and Windows 7 are the most popular operating systems, with the Windows family -- which also includes Windows Vista and Windows 2003 -- accounting for over 80 percent of operating system use. Other personal computer operating systems include Linux, the Apple Macintosh operating system, OS X and many others, each of which has its own strengths and weaknesses.
The operating system is the most importantprogramthatrunson acomputer. Every general-purpose computer must have an operating system to run other programs andapplications. Operating systems perform basic tasks, such as recognizinginputfrom thekeyboard, sendingoutputto thedisplay screen, keeping track offilesanddirectorieson thedisk, and controllingperipheral devicessuch asdisk drivesandprinters.For large systems, the operating system has even greater responsibilities and powers. It is like a traffic cop -- it makes sure that different programs andusersrunning at the same time do not interfere with each other. The operating system is also responsible forsecurity, ensuring that unauthorized users do notaccessthe system.
TOP 10 OPERATING SYSTEMS1. MICROSOFT WINDOWS 72. WINDOWS 83. UBUNTU4. WINDOWS 8.15. WINDOWS XP PROFESSIONAL6. LINUX MINT7. MACINTOS H OSX8. ANDROID9. WINDOWS XP10. FEDORA
A general-purpose computer is one that, given the appropriate application and required time, should be able to perform most common computing tasks.Personal computers, includingdesktops,notebooks,smartphonesandtablets, are all examples of general-purpose computers. The term is used to differentiate general-purpose computers from other types, in particular the specialized embedded computers used inintelligent systems.ENIAC, designed and built in the 1940s, was the first general-purpose computer. ENIAC weighed 30 tons and covered an area of about 1,800 square feet. In contrast, a current smartphone weighs a few ounces and is small enough to slip into a pocket.
Modular pcWhere the word modular representsin sectionsordesigned for easy change and expansion, the term modular computer refers to amultiprocessingcomputer system where processing,memory, andperipheralunits can be added or removed without disrupting its operation.
Business accounting softwarePC accounting softwarePC accounting softwareWhat is pc-based accounting software?PC-based accounting software is bought either on CD or by download and then installed onto a computer.Upgrades need to be purchased and run manually. The software also requires regular system backups. If you have more than one person needing to access the same software or database, an internal server and networking infrastructure is required.What systems do we recommend?We are happy to support any client or future client using any pc-based accounting package. We currently have clients who use the following software: MAMUT Sage Quickbooks TAS MYOB(although this product will cease to exist after 2011)However, we are encouraging more of our clients to switch to aweb-based accounting software package. This type of accounting software is much more accessible than the traditional pc-based and enables you to view all relevant data - bank balances, creditors and debtors - at any time and from anywhere in the world with an internet connection.
USER INTERFACEAbbreviatedUI, the junction between auserand acomputerprogram. An interface is a set ofcommandsormenusthrough which a user communicates with a program. Acommand-driveninterface is one in which you enter commands. Amenu-driveninterface is one in which youselectcommand choices from various menus displayed on thescreen.The user interface is one of the most important parts of any program because it determines how easily you can make the program do what you want. A powerful program with a poorly designed user interface has little value.Graphical user interfaces (GUIs)that usewindows,icons, and pop-up menus have becomestandardonpersonal computers.
Password PolicyThis page provides some basic information that may be included in a password policy. When writing a password policy there are several issues to be considered. There are some experts that argue that password policies in many organizations are too stringent and actually decrease the organization's computer security. When employees are required to change passwords often, meet minimim complexity requirements, and not repeat a password for a minimum amount of time, they may begin to break the rules and start writing passwords down simply because they cannot remember passwords that change so often. The reason for changing passwords is due to the fact that if an attacker gets a hashed or encrypted copy of a password, they can eventually break the password using a brute force attack. This takes a certain amount of computing power and as computers are more powerful, takes less time every year.However the password policy is setup, it may be worth taking other precautions to protect accounts and passwords. One precaution is not to transmit them on the internet even in encrypted form. Another precaution is to be very careful about network security, to detect any unauthorized sniffing of the internal network, and stringent virus prevention including blocking dangerous email attachments.Another controversial issue that some experts have discussed deals with the use of passwords versus pass phrases. Some experts contend that passwords are no longer secure and that pass phrases should be used rather than passwords.Example Password Policy1.0 OverviewAll employees and personnel that have access to organizational computer systems must adhere to the password policies defined below in order to protect the security of the network, protect data integrity, and protect computer systems.2.0 PurposeThis policy is designed to protect the organizational resources on the network by requiring strong passwords along with protection of these passwords, and establishing a minimum time between changes to passwords.3.0 ScopeThis policy applies to any and all personnel who have any form of computer account requiring a password on the organizational network including but not limited to a domain account and e-mail account.4.0 Password Protection1. Never write passwords down.2. Never send a password through email.3. Never include a password in a non-encrypted stored document.4. Never tell anyone your password.5. Never reveal your password over the telephone.6. Never hint at the format of your password.7. Never reveal or hint at your password on a form on the internet.8. Never use the "Remember Password" feature of application programs such as Internet Explorer, your email program, or any other program.9. Never use your corporate or network password on an account over the internet which does not have a secure login where the web browser address starts with https:// rather than http://10. Report any suspician of your password being broken to your IT computer security office.11. If anyone asks for your password, refer them to your IT computer security office.12. Don't use common acronyms as part of your password.13. Don't use common words or reverse spelling of words in part of your password.14. Don't use names of people or places as part of your password.15. Don't use part of your login name in your password.16. Don't use parts of numbers easily remembered such as phone numbers, social security numbers, or street addresses.17. Be careful about letting someone see you type your password.5.0 Password Requirements (subject to change)Those setting password requirements must remember that making the password rules too difficult may actually decrease security if users decide the rules are impossible or too difficult to meet. If passwords are changed too often, users may tend to write them down or make their password a variant of an old password which an attacker with the old password could guess. The following password requirements will be set by the IT security department:1. Minimum Length - 8 characters recommended2. Maximum Length - 14 characters3. Minimum complexity - No dictionary words included. Passwords should use three of four of the following four types of characters:1. Lowercase2. Uppercase3. Numbers4. Special characters such as !@#$%^&*(){}[]4. Passwords are case sensitive and the user name or login ID is not case sensitive.5. Password history - Require a number of unique passwords before an old password may be reused. This number should be no less than 24.6. Maximum password age - 60 days7. Minimum password age - 2 days8. Store passwords using reversible encryption - This should not be done without special authorization by the IT department since it would reduce the security of the user's password.9. Account lockout threshold - 4 failed login attempts10. Reset account lockout after - The time it takes between bad login attempts before the count of bad login attempts is cleared. The recommended value as of the date of writing this article is 20 minutes. This means if there are three bad attempts in 20 minutes, the account would be locked.11. Account lockout duration - Some experts recommend that the administrator reset the account lockout so they are aware of possible break in attempts on the network. However this will cause a great deal of additional help desk calls. Therefore depending on the situation, the account lockout should be between 30 minutes and 2 hours.12. Password protected screen savers should be enabled and should protect the computer within 5 minutes of user inactivity. Computers should not be unattended with the user logged on and no password protected screen saver active. Users should be in the habit of not leaving their computers unlocked. they can press the CTRL-ALT-DEL keys and select "Lock Computer".13. Rules that apply to passwords apply to passphrases which are used for public/private key authentication6.0 Choosing PasswordsUse password choosing tips as shown athttp://www.comptechdoc.org/docs/ctdp/howtopass/and be sure your passwords meet the minimum guidelines.7.0 EnforcementSince password security is critical to the security of the organization and everyone, employees that do not adhere to this policy may be subject to disciplinary action up to and including dismissal.8.0 Other ConsiderationsAdministrator passwords should be protected very carefully. Administrator accounts should have the minimum access to perform their function. Administrator accounts should not be shared.
Anti-Virus Policy1.0 OverviewThis policy is an internal IT policy which defines anti-virus policy on every computer including how often a virus scan is done, how often updates are done, what programs will be used to detect, prevent, and remove malware programs. It defines what types of files attachments are blocked at the mail server and what anti-virus program will be run on the mail server. It may specify whether an anti-spam firewall will be used to provide additional protection to the mail server. It may also specify how files can enter the trusted network and how these files will be checked for hostile or unwanted content. For example it may specify that files sent to the enterprise from outside the trusted network be scanned for viruses by a specific program.2.0 PurposeThis policy is designed to protect the organizational resources against intrusion by viruses and other malware.3.0 Anti-Virus PolicyThe organization will use a single anti-virus product for anti-virus protection and that product is ____________. The following minimum requirements shall remain in force.1. The anti-virus product shall be operated in real time on all servers and client computers. The product shall be configured for real time protection.2. The anti-virus library definitions shall be updated at least once per day.3. Anti-virus scans shall be done a minimum of once per week on all user controlled workstations and servers.No one should be able to stop anti-virus definition updates and anti-virus scans except for domain administrators.4.0 Email Server PolicyThe email server will have additional protection against malware since email with malware must be prevented from entering the network.4.1 Email Malware ScanningIn addition to having the standard anti-virus program, the email server or proxy server will additionally include ___________________ which will be used to scan all email for viruses and/or malware. This scanner will scan all email as it enters the server and scan all email before it leaves the server. In addition, the scanner may scan all stored email once per week for viruses or malware.When a virus is found or malware is found, the policy shall be to delete the email and not to notify either the sender or recipient. The reason for this is that most viruses fake the sender of the email and sending them a notice that they sent a message with a virus may alarm them unnecessarily since it would not likely be true. It would simply cause an additional help desk call by the notified person and most likely waste system administrator's time needlessly. Notifying the recipient that someone tried to send them a virus would only alarm them needlessly and result in an increased number of help desk calls.4.2 Blocked Attachment TypesThe email server or proxy server will block all emails with attachment types listed below. This is because these attachment types are dangerous containing active content which may be used to infect a computer with hostile software or because these attachment types are commonly successfully used by virus programs or malware to spread.1. ade - Microsoft Access project extension can contain executable code.2. adp - Microsoft Access project can contain executable code.3. app - Microsoft FoxPro application is executable code.4. asp - Active server pages5. asx -6. bas - Basic program source code is executable code.7. bat - Batch file which can call executable code.8. chm - Compiled HTML help file can contain executable code.9. cmd - Windows NT command script file is executable code.10. com - Command file program is executable code.11. cpl - Control panel extension12. crt13. csh14. dll - Dynamic link library is executable code. Could be placed on your system then run by the system later.15. exe - Binary executable program is executable code.16. fxp - Microsoft FoxPro is executable code.17. hlp - Help file18. hta - HTML program19. inf - Setup information20. ins - Internet naming service21. isp - Internet communication settings22. js - JavaScript file23. jse - JavaScript encoded file24. ksh - Unix shell file25. lnk - Link file26. mda - Microsoft Access add-in program27. mdb - Microsoft Access program28. mde - Microsoft Access MDE database29. mdt - Microsoft Access file30. mdw - Microsoft Access file31. mdz - Microsoft Access wizard program32. msc - Microsoft Common Console document33. msi - Microsoft windows installer package34. msp - Windows Installer patch35. mst - Visual Test source files36. ops - FoxPro file37. pcd - "Photo CD image or Microsoft Visual Test compiled script"38. pif - "Shortcut to MS-DOS program"39. prf - "Microsoft Outlook Profile Settings"40. prg - "FoxPro program source file"41. reg - Registry files42. scf - "Windows Explorer Command file"43. scr - Screen saver44. sct - Windows script component45. shb - Document shortcut46. shs - Shell scrap object47. url - Internet address48. vb - Visual Basic file49. vbe - Visual Basic encoded script file50. vbs - Visual Basic file51. vsd52. vss53. vst54. vsw55. wsc - Windows script component56. wsf - Windows script file57. wsh - Windows script host settings file58. xsl - XML file may contain executable code59. zip - Many viruses are commonly zipping files to keep them from being scanned and providing instructions to users about how to run the attachment. Many users still do this so to secure the network, it has become necessary to block this attachment type.
Do not depend on your anti-virus software on each computer to prevent these viruses. Viruses have a period of time when they spread unrecognized by anti-virus software. Blocking these file attachments will prevent many trouble calls. Give the users a work around for your network to get some of their files sent to other organizations. Your solution will depend on your network and the software that is being used to block the file attachments. In one case we renamed the file to another type and instructed the recipient to rename it back to the original name before using it. This will not work in all cases since some file blocking software senses the actual file type reguardless of its named file extension.When an email breaks the rules and contains an illegal file attachment your policy should define one of the following to be done:1. Delete the email and notify neither the sender or the recipient. The problem with doing this is in the fact that people may be trying to send legitimate files to each other and have no way of knowing their communication attempts are failing. Training by letting users know what files are blocked can help remedy this problem2. Delete the email and notify the sender - This will notify senders when their emails do not go through, but it will also notify senders who really did not send an email (when a virus spoofed them as the sender) that they sent an email with an illegal attachment. This can cause more additional help desk requests and questions for the administrator on the spoofed sender's side.3. Delete the email and notify the sender and recipient. - This would have all the drawbacks of the above policy but would also increase help desk calls in your organization.4. Remove the attachment and let the email go through. - This would let the receiver know that someone tried to send them an illegal attachment. If the attempt was a legitimate one, they could contact the sender and tell them what to do to get the attachment sent. This policy would very likely cause your organization's help desk calls to increase with users calling to ask questions about why someone is trying to send them these files.There is no ideal policy here and your system administrators must choose the best method depending on the situation being experienced by your organization. I usually use the first option and provide training to users so they know these files are blocked and what the work around is for this situation.4.3 Proxy or anti-spam ServerTo increase mail security, many organizations are adding an anti-spam server or proxy mail server to their network. This reduces their mail server to the threat of being intruded upon and an anti-spam server can significantly reduce the load on the mail server, not to mention the reduction of spam. Your organization should decide whether to use one of these types of servers or whether to use a service to prevent spam. The service or devices used for this purpose should be defined in this policy. Periodic updates should also be defined and the person who manages the additional servers or is the point of contact for the services should be defined.5.0 File Exchange PolicyThis part of the policy specifies methods that are allowed to be used when files are sent into the network by members of the public or employees of the organization. It specifies:1. All legitimate methods used including:1. FTP transfer to a FTP server.2. File transfer to a Web server with a legitimate file upload program.3. Any other method.2. The method and type of software to be used to scan the files for hosile content before they are completely transferred into the network. It will also specify the update frequency for the scanning software.3. The point in time when the files will be scanned.6.0 Network Exploit ProtectionThis part of the policy should specify how hostile software that uses network exploits should be prevented. This policy will not cover system updates but may refer to the system update policy. This policy combined with other quoted policies should prevent worms from entering the network. This policy may also refer to the remote user policy and mobile computer policy.This policy will specify that all systems be protected by a firewall any time they are connected to the internet. It would specify that systems on the organizational network be connected to a part of the network that is protected from the internet or untrusted network by an approved firewall system. It will also specify or refer to policy that requires computers operating outside the organizational network to have a local firewall software program operational at all times when these computers are connected to the internet. It should specify one or more acceptable software firewall products. This policy may refer to the mobile computer policy which may require users of mobile computers to have their computers checked for malware before connecting to the main network.7.0 Other Malware PolicyThis policy should cover any other possible malware including adware and spyware. It may specify methods to prevent and remove this type of malware. It may specify acceptable prevention and removal software. If the anti-virus product is a product that also handles other types of malware such as adware or spyware, it should be stated here.Applicable Training1. Blocked email attachments2. How viruses work and avoidance3. Adware and spyware avoidance
Today's CPA firm depends on reliable backup and recovery systems. Online backup eliminates the expense and maintenance costs of tape drives, the need to purchase backup servers, and tape storage solutions. The inherent risk of tapes being corrupted, misplaced, damaged, stolen, or not stored offsite is significant. Using online backup eliminates these risks by automating the offsite storage solution with state of the art backup, security, and datacenter technologies. Here are 10 steps you can take to relieve your backup worries and ensure your firm has the perfect backup plan:AdvertAdvertise with us1. Define your backup policyFormalize the what, when, where, and who of backups. Determine what data is to be backed up, when the backups should occur, where the data should be stored (i.e. offsite, vault, etc.) and who is responsible for ensuring that the backup process is followed, verified, and tested on a regular basis.
2. Use online backup to move data offsiteBy the very nature of online backup, your data will be stored in a location other than where your servers reside. This is a key component in your disaster recovery planning.
3. Use "local network copy" function for immediate restoresChoose an online backup solution that allows for a copy of your backup data to be stored locally on your network -- in addition to the copy that will reside in the backup datacenter. This will provide better performance for restoring large volumes of data in a hurry. The datacenter copy will allow for recovery from disaster that destroys the local copy.
4. Ensure that e-mail server mailboxes are included in backup job definitionsFirms usually do a good job of including the entire e-mail server database in the backup routine, and this is great for restoring a total server failure. However, for events requiring a single mailbox to be restored, be certain that you use the backup feature that allows for backing up individual mailboxes.
5. Ensure that work-in-process files on laptops, desktops, and home PCs are factored into backup planYour audit teams spend valuable time scanning, creating, modifying, and notating documents in the field. Be sure that even these PCs are covered in your backup strategy. Simply install a backup agent on each of your field laptops and any home PCs where data is stored, and your data will be protected.
6. Use solutions that encrypt data end-to-endFrom the time your data leaves your server(s) until the moment it reaches its final destination in the datacenter, it should be encrypted using at least 128-bit encryption. And, only you should have the encryption keys, so that no one other than you can access the data not even the datacenter employees.
7. Avoid backup processes that require human interventionHuman error is the cause of at least one third of all data loss. Typical online backup solutions will minimize the need for human interaction by automating the backup process and eliminating the need for tape rotation and manual offsite storage.
8. Ensure method of recovery from an alternate location in the event of a disasterBe certain, in the event of a disaster, that your data can be restored from a location and to a location other than your primary office. Online backup allows you to restore to any computer, from any location that is connected to the Internet.
9. Test the restore process on a regular basisOnce a disaster occurs, it is often too late to test the restore process on your backup system. Regularly restore sample files from your backups to validate that the restore process works and that it functions according to your expectations.
10. Ensure backup policy adheres to data retention policyData retention is a much debated topic with the regulatory demands that impact accounting firms. No matter what your policy for retaining client data dictates, ensure that the files stored within your backup comply.