Chapter 2 Accounting on the Internet
Reasons for Accepting Virtual Currency
1. Ability to do more business 2. The ease with which transactions can take place electronically 3. No need for credit card middleman or check clearing houses 4. Near-instantaneous credit of transactions to corporate accounts (like debit cards) 5. Consumer wallets cannot be frozen 6. no transaction fees charged the retailer
Virtual Currency Challenges to Accountants
1. Assets purchased with this currency have floating cost bases. (no central institution keeps records) 2. Unclear whether funds are reportable to the IRS as "offshore funds" 3. Whether the appreciation in value of a virtual currency qualifies as a long-term asset that is subject to capital gains taxes or ordinary taxes
Issues with Retail Sales
1. Customers cannot tell whether a retail website is legitimate. 2. Consumers must rely on emails to voice their complaints and returns are sometimes problematic. 3. Online stores frequently rely on suppliers rather than their own shelves for merchandise to satisfy orders, creating the potential for stock-out and backorder problems. 4. Click Fraud- dishonest manager or a company's competitors inflate the number of clicks on an advertising link, and bill (or cost) the company for more referrals than actually occurred. 5. Internet sales provide retailers with a wealth of data about their customers raising issues about privacy. (email address, credit card info, sensitive info about purchase patterns)
Social Media Value to Accountants
1. Increases organization recognition (increase cust. base) 2. Evaluate cust. reactions to new goods or services 3. Communicate with one another on projects at remote sites 4. Identify and manage problems caused by corporate actions that anger consumers before they go viral. 5. Recruiting employees
Disadvantages of Cloud Computing
1. Loss of control that client firms experience when another company assumes responsibility for their data and data processing-a security concern. 2. Language barriers, quality control, and time differentials are additional potential concerns when contracting with overseas vendors. 3. Backup service providers typically require large bandwidths, and the timing of automatic backups is not always convenient to individual subscribers. 4. Does not always guarantee price savings.
Disadvantages of XBRL
1. Requires its users to learn, and conform to, the standards of that language (Accountants often acquire software that can output data in XBRL formats) 2. XBRL standards require users to conform to changing specifications (org. ma have to update their accounting software more often) 3. No requirement for auditors to provide assurance on the XBRL filings. 4. Transition to XBRL reporting is expensive
Methods of Creating VANS
1. Start with a blank slate and create everything from scratch 2. Lease secure, dedicated transmission lines from conventional long-distance carriers such as AT&T 3. Create a Virtual Private Network (VPN) on the Internet.
Advantages of Proxy Servers
1. The ability to funnel all incoming and outgoing Internet requests through a single server 2. The ability to examine all incoming requests for info and test them for authenticity (act as a firewall) 3. Proxy server can limit employee Internet access to approved websites. 4. Limit the info that is stored on the proxy server to info that the company can afford to loose (main servers remain functional, the company can restart the system and reinitialize the server with backup data) 5. Store ("cache") frequently accessed web pages on its hard drive. Enables the server to respond quickly to user requests for info bc the web page data are available locally.
Risks of Virtual Currency
1. the potential devaluation of the currency in response to market forces 2. transactions are not independently auditable, as the would be at a bank 3. the observation that all seven earlier virtual currencies have failed 4. the unwillingness of others to accept it
Internet
A collection of local and wide-area networks that are connected together via the Internet backbone (the main electronic connections of the system. (Information superhighway)
Web Page
A collection of text, graphics and links to other web pages stored on Internet-connected computers.
Proxy Server
A network server and related software that creates a transparent gateway to and from the Internet and controls web access. Limits the number of sites that employees can access. Ensures employees do not use web-access privileges for frivolous counterproductive purposes.
Public Key Encryption
A technique that requires each party to use a pare of public/private encryption keys. (Secure Socket layer, SSL, Secure Hypertext Transfer Protocol, HTTP) The sending party uses a public key to encode the message and receiving party uses a second, private key to decode it. The same public key cannot both encode and decode a message. Neither party knows the other's key.
E-Payments
Acts as a trusted intermediary bc it collects pmt from a buyer and pays that amt to the seller. (used by merchants and auction sites) Pay.gov is used by the US Govt to enable businesses and individuals to may pmts to the US Govt. online. PayPal
Groupware
Allows users to send and receive email, plus perform a wide range of other document-editing tasks. Allows users to collaborate on work tasks, make revisions to the same document, schedule appointments on each other's calendars, share files and databases, conduct electronic meetings, and develop custom applications. (Exchange, Groupwise, Lotus Notes, Outlook)
Web Browsers
Allows you to view graphics (Internet Explorer, Chrome). Deciphers the editing language (HTML) and displays the text, graphics and other items of the web page on your screen.
Spam
Annoying, unsolicited email messages that clog your email inbox. Distracting, often illegal, and increasingly costly to organizations.
Digital Time Stamping Service (DTSSs)
Attach digital time stamps to (time sensitive such as bidding docs, deposit slips, stock purchases, legal documents) documents either for a small fee or for free. Authenticates the date, time, and perhaps place of a business transaction. Time delays can occur when file servers temporarily falter or power failures disrupt wide area networks. User sends the document to the service's email address along with the Internet address of the final recipient. When the service receives the document, it performs its time-stamping task and then forwards the document as required.
Digital Certificate
Authenticating document issued by an independent third party called a Certificate Authority. Certificates are signed documents with sender names and public key information. Certificates are generally encoded in a certificate standard. Also used by customers to assure that a website is real.
Access control list (ACL)
Bonafide IP addresses that network administrators create for firewall protection purposes.
Business-to-business e-commerce (B2B)
Businesses buying and selling goods and services to each other the Internet. 1. Buying materials online shortens the time from purchase to delivery 2. Allows businesses to shop from vendors all over the world 3. Can expedite internal paperwork, thus reducing the processing time and costs 4. Wider availability of real-time data that allows managers to view up-to-the minute info. 5. Determine the location of trucks 6. The current status if finished products, parts inventories, or even working assembly lines.
Blogs (web logs)
Collaboration tools that allow users with web browsers and easy-to-use software to publish personalized diaries or similar info online. (explain general accounting concepts, comment on recent pronouncements in the profession, describe recent accounting frauds, or recount CPA experiences)
Processing Services
Companies that access specialized software (tax preparation applications) on the Internet purchase software as a service (SaaS). Web hosting is an example of platform as a service (PaaS) Transaction volumes are usually charged by the day, hour, or minute.
Intranet
Computer networks created by an organization for internal communication purposes. Use same software as Internet. Outsiders cannot access the information. Allows users to access one or more internal databases. Gathers and disseminate info to internal users.
Transmission of Data over the Internet
Computers use an Internet address and a forwarding system. The initial computer transmits a message to other computers along the Internet's backbone, which in turn relay the message from site to site until it reaches its final destination.
Electronic Business (e-business)
Conducting business with computers and data communications. Mostly performed over the Internet but business can also use virtual private networks (VPNs) or proprietary data transmission lines.
Passive IDSs
Create logs of potential intrusions and alert network administrators to them either via console messages, alarms, or beepers.
Intrusion Detection Systems (IDS)
Creates records of unauthorized access events.
Storage and Backup Services
Creating and maintaining copies of critical data and files for both individuals and organizations. Most backups are synchronized and therefore occur at the same time a computerized system gathers and stores the original data, thereby creating mirror, off-site copies of vital accounting data. Other services may include encryption, fixed-time backup schedules, expandable storage options, and Mac computer support.
Identify Theft
Crimes in which someone uses another person's personal identification (credit card, social security card, or similar identifier) in some way that involves fraud or deception (usually for economic benefit).
Electronic Data Interchange (EDI)
Enables companies to save money by transmitting the info contained in manual documents electronically (purchase orders, invoices, pmt. remittance, credit memos, shipping notices) 1. Many business documents are simply faxed over telephone lines, avoiding computers completely. (Does not mean that it is not transmitted over the internet. Telephone systems often use internet lines for both voice and digital transmissions) 2. EDI documents include hand written signatures, providing assurance of their authenticity 3. Includes the exchange of graphic and photographic documents-media that can be scanned and captured electronically
Instant Messaging Software
Enables remote users to communicate with each other in real time via the Internet. Many support audio, video, and electronic conferencing.
Extranet
Enables select outside users to access corporate intranets. Users connect to internal web servers via the Internet itself using their assigned passwords. Users can be anywhere in the world.
Electronic Conferencing
Enables several users to join a discussion instead of just two.
Denial-of-service-attacks
Firewalls can not protect against this. It overwhelms system resources with a volume of service requests.
Knowledge Management
Groupware is one of the technologies behind this practice allowing many professional service firms (accounting, consulting...etc) to distribute expertise within the organization (intranet). Info includes descriptions of clients' best practices, research findings, links to business websites, and customized news.
Firewall
Guards against unauthorized access to sensitive file info from external Internet users. On networked systems, firewalls are often stand-alone devices with built in, protective software. On mainframe or host systems, firewalls are usually software. Most firewalls can only protect against external attacks, not internal (authorized) users.
XBRL International Consortium
Has 600 members in charge of developing XBRL standards. Members include US accounting firms, AICPA and accounting orgs. around the world. Developing global standards for financial reporting include classifications systems for different countries, different reporting segments/industries, and different organizational standards. The language also requires standard tags for formulas and different functions. XBRL is a dynamic language still in continuous development. Most accounting software vendors now support XBRL in their software packages.
Reactive IDSs
Have the ability to detect potential intrusions dynamically (by examining traffic flows), log off potentially malicious users, and even reprogram a firewall to block further messages from the suspected source.
Transmission Control Protocol/Internet Protocol (TCP/IP)
IP addresses enable Internet computers to deliver a specific message to a specific computer site. IP address identify the sender.
Data Packets
If it is a large message that needs transmission, the internet computers can divide it into smaller pieces and send each of hem along different routes. The receiving computer then reassembles the packets into a complete message at the final destination
Digital Signature Standard (DSS)
In 1994 the National Institute of Standards and Technology adopted Federal Information Processing Standard 186. The presence of a digital signature authenticates a document.
Virtual Currency
International currency that eliminates the need to exchange one type of money for another, involves no extra transaction fees, escapes govt. scrutiny, and is widely accepted on the Internet. Operates beyond the restrictions of a particular country or its monetary policies. (Bitcoin)
Internet Protocol (IP)
Internet computers use tables of domain names that translate a text-based domain address into a numeric address.
Internet Corporation for Assigned Names and Numbers (ICANN)
Maintains the official registry of domain names and manages the domain name system (DNS) to ensure that all IP address are unique and that each domain maps to its correct IP address.
Spoofing
Masquerading as an authorized user with a recognizable IP address. Similarly, is the ability of a hacker to alter the contents of the access control list.
Virtual Private Network (VPN)
Mimics a VAN but transmits messages cheaply over existing Internet connections. Creates secure data transmissions by: 1. Using "tunneling" security protocols embedded in the message frames sent to, and received by the organization 2. Encrypting all transmitted data 3. Authenticating the remote computer, and perhaps also the individual sender as well, before permitting further data transmissions. (Most AIS VANs use this approach)
E-Payments, E-Wallets, and Virtual Currencies
Most customers pay for merchandise ordered over the Internet with a credit card, requiring vendors to use third-party affiliates to authenticate user credit card numbers. The verification systems only indicate that a card is valid, not that the online customer is authorized to use it. Customers may not mind giving their credit card numbers to trusted merchants but may not want to share this info with unfamiliar businesses or unknown sellers.
E-Accounting
Performing accounting functions over the internet. Includes normal tasks such as processing payroll or accounts receivable data, as well as preparing financial reports or completing income tax returns using software. Often the web server is not even in the same country as the user. 1. Allows users to share files online that formerly had to be emailed. 2. Provides a medium for publishing accounting documents such as financial statements. (can be revised, replaced, or deleted easily and quickly) 3. Software as a service enable business to avoid the costs of acquiring, installing, upgrading or reformatting the data files required by traditional accounting software. 4. Backup and disaster recovery is also a responsibility of the vendor org. instead of the user org.
Value-Added Networks (VANs)
Private point-to-point communication channels that large organizations create for themselves for security reasons. Business assigns each user a unique acct. code that simultaneously identifies the external entity and authenticates the organization's subsequent electronic transactions.
Digital Signature
Provides proof that the accounting documents transmitted or receive over the internet are authentic. A company can transmit a complete document in plaintext and then also include a portion of that same message or some other standard text in an encrypted format (Digital Signature). If a company's private key decodes a message, then an authentic sender must have created the message. If sender includes a complete message in both plaintext and cyphertext, the encrypted message provides assurance that no one has altered the readable copy
Cloud Computing
Purchasing services from vendors over the Internet.
Semantic Meaning
Refers to the fact that financial data are related to one another through such formulas as "Assets = Liabilities + Equity." Makes the data self-checking.
Access authentication
Requires individuals to prove they are who they say the are. 3 types of authentication: 1. What you have 2. What you know 3. Who you are
Access Security
Restricting access to bona fide users.
Interactive Data and Electronic Applications (IDEA)
Security and Exchange Commission's repository of financial info. Contains XBRL data for over 10,000 companies
Security
Security policies and procedures safeguard an organizations electronic resources and limit their access to authorized users. Information security has been a high-ranking technology for the past 5 years for Top 10 technologies.
E-Wallets
Software applications that store a consumer's personal information, including credit card numbers, email addresses, and shipping addresses. Shoppers pay for online purchases by providing their e-wallet account numbers to online vendors that also subscribe to the system. Spares cust. the trouble of entering personal info every time a purchase is made. E-Wallet information is usually stored on your own hard drive so you control it.
Exclusion
Software compares the incoming packet IP address to a list of known threat addresses, rejecting messages from these sources but accepting all others.
Inclusion
Software examines packets of incoming messages and limits entry to authorized ("included") users. If the software does not recognize the IP address (ACL) of an external user, it refuses access to the files requested.
Identify Theft and Assumption Deterrence Act (ITADA)
The Department of Justice prosecutes ID theft violations under this act. (1998)
Encryption Key
The method that computers use to transform plaintext into cyphertext. Typically a mathematical function that depends on a large prime number.
World Wide Web
The multimedia portion of the Internet. (web)
Message Routing
The security of a data transmission partially rests on the security of all the intermediate computers along a given communications pathway.
Data Encryption
Transforms plaintext messages into unintelligible cyphertext ones. The receiving station then decodes the encrypted messages back into plaintext for use. There are many encryption techniques and standards
Phishing
Tricking users into providing valuable information such as Social Security numbers, debit card PIN numbers, passwords, or similar personal information-for ex) by requesting this info on bogus websites.
Domain addresses
Uniform Resource Locator (URL) (www.name.com.uk) The lead item indicates the World Wide Web, second entry designates the site name, and the third entry ("com" for commercial user) is the organization code. Can also include a country code (ca for Canada, uk for United Kingdom)
Educational Services
Use of web search engines for professional research, software tutorials., or completion of online degrees.
Data Encryption Standard (DES)
Used by the US Govt. to encode documents uses a mathematical function that uses a number with 56 binary digits to encode info.
IPv6
Uses 128 bits instead of 32 bits.
Cyclic Substitution
Uses a displacement value to transform the letters of plaintext message into alternate letters of the alphabet
Secret Key cryptography
Uses a single cryptographic key that is shared by two communicating parties. Users must keep the key secret and not share the key with other parties.
IPv4
Version 4, uses 32 bits 207.142.131.248 (geographic region, org. number, computer group, and a specific computer or web server, respectively)
Retail Sales
Virtual stores (shopping cart applications) offered via the World Wide Web for selling merchandise. Automated AISs that allow customers to create their own order forms, shipping forms, and payment documents.
Hypertext markup language (HTML)
Web pages are created with this editing language. Web designers store these instructions in one or more files and use the Internet to transfer these pages from a source computer to a recipient computer using a communications protocol such as Hypertext transfer protocol (HTTP). Instructions are simply pairs of tags that instruct a web browse how to display the info bracketed by these tags <html> </html> <b> </b>
Advantages of XBRL (Extensive Business Formatting Language)
XBRL is an XML based technology. In other words, XBRL can be used to store or transport data. What makes XBRL unique is that it is designed for business and financial data use. 1. The ability to transmit financial info in a standard format. The Securities Exchange Commission (SEC) requires XBRL-formatted financial statement reports such as 10-Q and 10-K reports of all US publicly traded companies. 2. Defines data items uniquely (uses standardized tags to identify) It is predicted that accounting systems will begin collecting and storing their data in XBRL formats (redefining as a formatting language as much as a reporting language) 3. Standardized tags makes searching for items and extracting info easy) 4. Has the ability to express data relationships in formulas/semantic meaning (self-checking, a means of internal control) 5. Companies using XBRL-enabled software can save their financial info in standard XBRL format, avoiding errors from reentering data multiple times from multiple sources. 6. Permits the automatic and reliable exchange of financial info across all software platforms and technologies, including the Internet. 7. Language is flexible and constructed to support financial reporting by companies in different industries or from different countries. Does not constrain companies to a particular format for their financial reports
Organization Codes
edu (education) gov (government) mil (military) net (network service organization) org (miscellaneous organization) int (international treaty organization)
Two-factor authentication (TFA)
require a combination of authentication techniques for example, requiring both your debit card and your password to withdraw cash from an ATM.
