CHAPTER 1: ROLE AND PURPOSE OF AIS 1.

Inputs – documents
a. What kind of source documents will system users need?
ACCOUNTING INFORMATION SYSTEM – a set of interrelated activities, documents, b. Should the source documents be paper-based, electronic or both?
and technologies designed to collect data, process it, and report to a diverse group of c. How many copies of each source document will be required?
internal external decision makers in organizations. d. What information should the documents contain?
2. Processes – computers and satellites
Three reasons why AIS is important: (H-A-D)
a. Which processing tools should the AIS use?
1. Helps achieve some components of the FASB Conceptual Framework b. Should the tools be manual, computer-based or both?
2. Acquiring knowledge help students learn more about business processes c. If computer-based, which software and hardware should be implemented?
3. Develop core competencies by AICPA. 3. Outputs – general purpose FS
a. What other reports will managers and system users need?
AIS relates to Conceptual Framework by b. How should the AIS be designed to facilitate their production?
4. Storage – paper form, electronic or mix
 Capturing data on the elements of FS. a. How should data be stored?
 Transforming data into relevant and reliable information. b. Where should it be stored?
 Recognizing and adapting to the cost-benefit constraint c. How long should it be stored?
d. Under what conditions can/should data be destroyed?
Core competencies (B-F-P)
5. Internal Controls – daily back up of data and separation of duty
 Broad business perspective competencies a. What controls are necessary to promote integrity?
 Strategic/Critical thinking – ability to link data, knowledge and insight b. What behavioral effects are controls likely to have?
together to provide information for decision making c. Are controls cost-effective?
 Resource management – being able to apply management and human
AIS INFORMATION SOURCES AND INFO LITERACY CONCEPTS
resource theories to HR issues and organizational problems
 Functional competencies Information Competence (IC) – evaluating validity is a critical skill for reaching
 Risk analysis – understanding business risk conclusions and finding genuinely valuable information
 Research – needs to have strong research skills
 Personal competencies Five criteria: (A-A-O-C-C)
 Problem solving and decision making
1. Authority – Who created the information? The purpose of creation?
 Communication – skills necessary to give and exchange information,
2. Accuracy – Where does the information come from? Does it contain obvious
and the ability to listen, deliver powerful presentations and produce
errors or misleading graphs?
examples
3. Objectivity – Does the information contain advertising? Is it available freely?
AIS STRUCTURE 4. Currency – when was it created? When was it last updated?
5. Coverage – is the source still in construction? Did it cover sufficient depth?
Internal Control
CRITICAL THINKING
Inputs processes outputs Storage
- The mental process of actively and skillfully conceptualizing, applying,
synthesizing and evaluating information to reach an answer or conclusion
 -
Journal – a chronological listing of all the organization’s recordable transactions
CHAPTER 2: TRANSACTION PROCESSING IN AIS
Trial balance – a listing of all the accounts in an organization’s general ledger, with their
ACCOUNTING AND BOOKKEEPING
balances, that demonstrates the equality of debits and credits in the ledger
Accounting – the process of identifying, measuring and communicating economic
information to permit informed judgments and decisions by users of the information. Adjusting entries:
 Accrued revenue – service provided before collection of cash
Bookkeeping – the part of accounting devoted to identifying and measuring the  Accrued expense – receive service before paying cash
economic information  Deferred revenue – receives cash before service
 Prepaid expenses – uses up assets that was previously been paid for
ACCOUNTING CYCLE
 Uncollectible accounts – estimates of amounts that customers are unwilling to
1. Obtain information pay
2. Analyze transactions  Depreciation – periodic allocation of an asset’s cost
3. Record transactions
4. Post to general ledger General purpose financial statements:
5. Prepare unadjusted trial balance  Income statement – summarizes the results of business operations; reports
6. Record adjusting entries revenues and expenses
7. Prepare adjusted trial balance  Statement of Changes in Shareholder’s Equity – reports changes in capital
8. Prepare financial statements stock and retained earnings account
9. Close temporary accounts  Balance sheet – financial position of the organization; assets, liabilities and
10. Prepare post-closing trial balance capital
 Statement of cash flows – three categories of cash flows: investing operating
Two basic types of transaction:
and financing
Internal – adjusting entries, closing entries and reversing entries
External – exchanges of goods and services with other individuals and business entities
CODING SYSTEMS

Common internal controls with source documents:

Williamson (2006) coding systems:
 Sequential numbering
 Sequential coding – numbers the items in sequence
 Physical security
 Block coding – numbers are assigned in blocks (exg. All current asset
 Transaction limits
accounts starts with the code “1”)
 Hierarchal coding – each digit/block of digits conveys important information to
Five steps of transaction analysis:
people who know the code; “fund coding”
1. Identify accounts affected
 Mnemonic codes – help people remember the meaning of the code.
2. Identify effect of transaction
3. Determine element of FS by each account
HUMAN JUDGMENT AND IT
4. Determine which kind of entry is required for each account
5. Verify total debits = total credits
Human judgment comes into play in AIS in:
  Designing source documents- should be clear and easy to read a. Systems risk – relating to information technology
 Recognizing recordable transactions – (exg. Market value of land are not b. Human error risk – possibility of people in the org to make mistakes
recordable) 3. Strategic risks – relates to the decision-making process of the higher
 Estimating amounts and interpreting accounting rules management
a. Legal and regulatory risk – chances that the parties will break laws
b. Business strategy risk – poor decision making related to a company’s
CHAPTER 3: INTERNAL CONTROLS basis for competing
4. Hazard risk
INTERNAL CONTROL – a process, effected by an entity’s board of directors, 1. Director’s and Officers’ liability – accused of mismanagement
management and other personnel designed to provide reasonable assurance regarding
achievement of objectives relating to operations, reporting and compliance COSO’S INTERNAL CONTROL INTEGRATED FRAMEWORK

Foreign Corrupt Practices Act (FCPA) – passed in the US Congress in 1977 in order to Control environment – establishing the “tone at the top”
stop corrupt practices (bribery) in the business world of US
Risk assessment – clarifying an organization’s risk exposures
Sarbanes-Oxley Act of 2002 (SOX) – management and external auditors must annually
assess internal control; certain required disclosures to SEC; personally signed Control activities – developing specific controls to address the risk exposures
certifications and reports; most sweeping accounting-related legislation
Information and communication – ensuring stakeholders know about the internal
Purpose of Internal Control (C-A-R-E-S) control plan
 Compliance with applicable laws and regulations
 Accomplishment of the company’s mission Monitoring – creating a process for keeping the plan update and relevant
 Relevant and reliable financial reporting
 Effective and efficient operations
CHAPTER 4: MANAGEMENT CONCEPTS
 Safeguarding of assets

Enterprise risk management – a process applied in strategy setting and across the
RISKS
enterprise, designed to identify potential events that may affect the entity, and manage
Brown’s Taxonomy of Risk
risk to be within its risk appetite, to provide reasonable assurance regarding the
achievement of the entity’s objectives
1. Financial Risks – related to monetary activities
a. Market Risks – changes in company’s stock prices, investment values and
ERM FRAMEWORK ELEMENTS
interest rates
1. Internal Environment – encompasses the tone of an organization, and sets
b. Credit Risks – customer’s unwillingness to pay amounts owed to the
basis for how risk is viewed and addressed by an entity’s people; overall
organization
organizational attitude about ERM
c. Liquidity risks – possibility that the company will not have enough cash
and near-cash assets to meet obligations
2. Objective Setting – this should support and align with the entity’s mission and
2. Operational Risks – concerned with people, assets and technologies used to
are consistent with its risk appetite; what an organization is trying to accomplish
create value for the org’s customers
 3. Event identification – events that could interfere with achieving the objectives 7. Communicate early and often
BEHAVIORAL ISSUES
4. Risk assessment – chance that the interfering events will occur
Expectancy theory – says that motivation is the product of three factors: expectancy
5. Risk response – generic ways to manage risks (events) (will I be successful?), instrumentality (will I be rewarded?), valence (do I value the
reward?)
6. Control activities – specific ways to manage risks (events)
𝑴𝒐𝒕𝒊𝒗𝒂𝒕𝒊𝒐𝒏 = 𝑬𝒙𝒑𝒆𝒄𝒕𝒂𝒏𝒄𝒚 × 𝑰𝒏𝒔𝒕𝒓𝒖𝒎𝒆𝒏𝒕𝒂𝒍𝒊𝒕𝒚 × 𝑽𝒂𝒍𝒆𝒏𝒄𝒆
7. Information and communication – wats to share the ERM plan
CHAPTER 5: INFORMATIONS SYSTEMS CONCEPTS
8. Monitoring – ensure the ERM plan stays relevant Systems Development Life Cycle (SDLC) – a methodology for designing,
NATURE OF BUSINESS PROCESS MANAGEMENT implementing, and maintaining virtually any kind of information system

Business process management 7 parts:

- a business improvement strategy based on documenting, analyzing and 1. Initiation/planning – unfulfilled need present
redesigning processes for greater performance 2. Requirements analysis – what is to be accomplished
- a systematic approach to analyzing, redesigning, improving and managing 3. Design – how system should look
specific process 4. Build – writing codes; customizing
5. Test – critique the system and suggestion for improvement
Generalized model of BPM 6. Implementation – actual use by the org
1. Select the process and define its boundaries. 7. Operations and Maintenance
2. Observe, document and map the process steps and flow.
3. Collect process-related data Capability Maturity Model (CMM) – Watts Humphrey (1980s) to assess business
4. Analyze the collected data processes in an objective way
5. Identify and prioritize potential process improvements
6. Optimize the process 5 Levels:
7. Implement and monitor process improvements 1. Chaotic – unstable and noncohesive processes
2. Repeatable – development of major milestones for projects
BASIC PRINCIPLES 3. Defined – more detail and with more rigor; processes are defined but not
1. Understand how the business processes interact with/support measured
organizational strategy. 4. Managed - management develops metrics to establish goals and control
processes
Strategy – the ways an organization gains competitive advantage in the market 5. Optimized – “continuous improvement”

2. Move away from “we’ve always done it this way”. Be open to alternatives. INFORMATION TECHNOLOGY SELECTION
3. Enlist top management support
4. Hire the right people Two kinds of issues to consider:
5. Value people who has experience with the process  Macro-level issues
6. Well defined task for consultants
  Micro-level issues CHAPTER 6: FLOWCHARTING
Flowchart – a graphical representation of some part of an information system.
Micro-level factors to consider
Classification of flowcharts:
 Need  Systems flowchart – gives the user a “big picture” look at an information
system
 Strategic fit – indicates how an organization competes in market  Program flowchart – shows the logic associated with a computer program
 Document flowchart – shows the various documents involved in a system.
 Mission statement – explains why an organization exists; how it is different - Portrays the procedures performed on these documents
from competitors  Hardware flowchart –shows the computers, printers, monitors, input devices
and other hardware elements associated with an information system
 Personnel involvement -
 Financing Good flowcharting habits:
1. Should be from top to bottom, left to right
Macro-level factors 2. Should have plenty of white space
 Cost – total cost of the IT: upfront cost, training, maintenance and customization 3. Have a title
 Adaptability – can it be adapted effectively to the organization? 4. Should be organized in columns that depict areas of responsibility
 Training – how easy will the employees learn to use the new IT? 5. If document involved in business process, must have clear origin and clear
 Vendor reliability – is it a well-established, reputable company termination
6. Rough drafts should be discussed by involved persons
3-Stage Process (Sylla and Wen, 2002) for evaluating IT investments

Step 1: intangible benefits evaluation

- management support
- competitive advantage
- business transformation
Step 2: IT investments risk analysis
- physical risks
- managerial risk
Step 3: Tangible benefits evaluation
- productivity
- operating process performance

*weighted-rating technique

FLOWCHARTING TOOLS AND SYMBOLS

 7. Data must be moved by a process
FLOWCHART DESIGN STEPS 8. Data cannot move directly from external entity to a data store; by a process
1. Establish the system boundary – putting a box around the system; delimiting 9. Cannot move data to external entity; a process
2. Determine column headings – column headings should focus on area of 10. Data store has a noun phrase label
responsibility 11. Cannot move data from external entity to another EE
3. List actions performed within each column – what a department do within 12. EE has a noun phrase label
the system 13. Data flow has only one direction between symbols
4. Select appropriate symbols 14. Data flow cannot directly go back to the same process it leaves.
5. Prepare a first draft 15. A data flow can go directly to a data store
6. Discuss flowchart with others 16. Data flows has noun phrase label
7. Revise as needed
DATA FLOW DIAGRAMS AND FLOWCHARTS
CHAPTER 7: DATA FLOW DIAGRAMMING
DFD FC
DFD SYMBOLS AND DESIGN CONSIDERATIONS - Four symbols - Many symbols
- Leveled sets - Columns
Process – any set of - Level zero, depicting area of
1.0,1.1.. responsibility
procedures an organization
- Focus on data - Numbers can be
uses to gather data, change and how they used even not for
data to information, or report move between process
the information to system business - Concerned w
users; starts with an action processes, data, also w docs
word; two identifying external entities and processing
characteristics: a number and and data stores tools
- Line represents - Line represent
a name
data with noun movement
phrase label
External entity – any person or org outside the boundary of information system
LEVELED SETS OF DFDS
Data store –a place for collecting data; file
Leveled sets – a collection that models related business processes
Data flow – a directional line; refers to the data itself, not what happens to it.
Context diagram – show how the process, a single circle, related to the external entities,
GOOD DFD RULES: rectangles.
1. Processes should have unique names
2. Inputs to a process should differ from the outputs to a process DATABASE DESIGN
3. Any single DFD should not have more than seven processes Database tables – the fundamental building blocks of relational databases
4. No process can have only outputs. Primary key – a field that uniquely identifies every record within the table
5. No process can have only inputs.
6. Process = verb phrase label
Query – a set of instructions that examines records in one or more tables, then outputs 2. Information events deal with recording and maintaining data, as well
data in accordance with instructions as reporting information
Reports – a third database object 3. Decision/management events concerned with human decision making
Forms – allows user to input data to a table and/or look up data in a table Agents – people involved in the information system: employees (internal), customers
(external)
Normalization – the process of making a database table efficient and effective Resources – the things agents need to complete the events: cash, inventory, supplies
Three-stage process:
1. First Normal Form (1NF) –eliminates repeating groups Resources – left column
2. Second Normal Form (2NF) – eliminates repeating groups and redundant data Events – middle column
3. Third Normal Form (3NF) – eliminates repeating groups, redundant data and Agents – right column
columns not dependent on the Primary key
Six-step REA model:
CHAPTER 8: REA MODELING 1. Understand the org’s environment and objectives – to have a thorough
TYPES OF AIS grasp of what the organization does
 View-driven – traditional accounting systems; focus on general purpose 2. Review the business process and identify the strategically significant
financial statements; idea that departments can remain separate and unrelated operating events. Focus on strategically significant operating events.
3. Analyze each strategically significant operating events to identify the
 Five key problems: relevant event resources and agents.
1. Focus on very small, well-defined group of important 4. Identify the relevant behaviors, characteristics and attributes of the REA
business events model elements. Helps create database tables.
2. Process data in batches, data are often outdated 5. Identify and document the direct relationships among elements of the REA
3. System captures limited set of data Model.
4. Data are highly aggregated and stored in multiple places 6. Validate the REA model with business people.
5. Internal control is often protective and expensive
 Event-driven – focus on business processes; assumes that the purpose of AIS CARDINALITIES – tell the accounting professional about the relationships between
is to provide info about economic events that is useful in a variety of decision elements of a REA model.
context.
 Capture more data about individual transactions DATABASE CREATION FROM A REA MODEL
 Organize data so can be accessed and understood by variety of
people 1ST RULE. When the maximum cardinalities between two elements of a REA model
 Equipped to answer questions that cannot be answered by view-driven are one and many, include the primary key from the “one side” in the table on the
“many side.”
REA MODELING
2nd RULE. When the maximum cardinalities between two elements of a REA model
REA – “resources, events and agents” are many and many, create a separate junction table to reflect the combined
 Events: relationship.
1. Operating events focus on activities involved with providing goods and
services to customers. The idea is to create a workable model that reflects an organization’s
STRATEGICALLY SIGNIFICANT OPERATING ACTIVITIES.
 CHAPTER 9: XBRL (eXtensible Business Reporting Language) 3. Language.

TERMINOLOGIES Own rules regarding punctuation.

 Extensible GLOBAL TAXONOMIES AND TAGGING TOOLS

 “X” in XBRL;
 the XBRL language is ‘able’ to be ‘extended’; Global Ledger taxonomy – commonly known as XBRL-GL, helps organizations
 quality of XBRL that allows users to add tags manage internal information.
 Specification - Allows representation of anything that is found in a chart of accounts, journal
 A specific example of a broader class of objects entries or historical trans.
 XBRL is a part of a larger group of languages called XML (eXtensible
Markup Language) ORGANIZATIONAL BENEFITS
 XBRL is focused on descriptors of business reporting information
 Taxonomy XBRL helps the organization in 2 ways:
 A way to organize knowledge
1. Allows more efficient data collection and reporting
 “table of contents”
2. Facilitates data consumption and analysis.
 “asset, liabilities, equity”
 XBRL is focused on specific industry groups XBRL Benefits:
 Namespace
 The internet location of an XBRL taxonomy 1. Save costs
 “dictionary” of XBRL 2. Consolidates results
 Instance document 3. Improve accuracy and reliability of financial data
 A document that includes data properly tagged with XBRL 4. Focus effort on analysis, forecast, etc
5. Achieve quicker, efficient decisions
HISTORY AND STRUCTURE 6. More effective use of internet
7. Improve investor relations
 XBRL is one application of XML. 8. Simplify process and reduce costs
9. Obtain quicker responses
XML – a standard for the electronic exchange of data between businesses and on
10. Free from systems and software
the internet. Under this, identifying tags are applied to items of data so that they can
be processes efficiently by computer software. INTERNAL CONTROL
eXtensible BusinessReporting Language Risks and control activities:
1. extensible. 1. Comprised data – firewall, backup
2. Tagging errors – electronic tagging
Users can ‘extend’ the language beyond original parameters based on needs.
3. Hardware/Software failure – disaster recovery plans
2. business reporting. 4. Selection of inappropriate taxonomy – periodic review and approval of taxonomy
used
It is specifically designed to tag and transmit financial information.
 3. G2C – Government to Consumer – Internal Revenue Service
4. G2B – Government to Business – EDGAR (SEC)
Chapter 10 – E-business and Enterprise Resource Planning Systems 5. C2C – Consumer to Consumer – eBay
 Enterprise Resource Planning (ERP) – a relational database that provides
 E-commerce – the exchange of goods and services by means of the Internet or comprehensive information for making decisions in organizations (ex. Oracle’s
other computer networks PeopleSoft and SAP)
 Benefits of E-business:  More holistic (complete) view of the organization
1. Marketing: geographic market expansion, hard-to-reach markets, more  Modular Organization of ERP Systems
targeted marketing
2. Reduced operating costs: marketing, telecommunications, transactions Primary Stakeholder Module Components in
processing, doesn’t suffer the costs of maintaining real-world stores Generic Module Name
Group SAP
thereby charging less to consumers
Customer Relationship
3. Streamlined (organized) operations Customers Sales and distribution
Management (CRM)
4. Quicker, easier product and service delivery Human Resource
 Costs of E-business: Employees Human Resources
Management (HRM)
1. Financial costs associated with setting up networks Supply Chain
2. Need to develop different, better internal control systems Vendors Materials management
Management
 Control Number – a three digit number printed next to the card Financial Management Stockholders Financial Accounting
number itself, above the signature panel on the back of the card
 Trust Services – a set of professional assurance and advisory  Database Tables in ERP systems
services based on a common framework (a core set of principles and
criteria) to address the risks and opportunities of IT.
 WebTrust – the accounting profession’s answer to concerns relating Generic Module Name Table Names Table Primary Key
electronic commerce
 SysTrust – the accounting profession’s answer to concerns relating to Customer Relationship Customer ID, sales
Customers, Sales
system reliability Management (CRM) transaction ID
 Data Encryption Human Resource Employee ID, payroll
Employee, pay employees
Management (HRM) transaction ID
3. Potential for customer distrust
Supply Chain
4. Severe consequences for technology breakdowns: Los of customer Vendor, inventory Vendor ID, Inventory ID
Management
confidence, lost sales, overloaded customer service phone lines, and
Financial Management Chart of Accounts Account Number
generalized damage to a company’s reputation
 Amazon’s marketing strategy (six pillars)
1. It freely proffers(offers) products and services
 10 major causes of ERP implementation failures (Umble and Umble 2002):
2. It uses a customer friendly interface
1. Poor leadership from top management  Clear, strong leadership and
3. It scales easily from small to large
support from top management
4. It exploits its affiliate’s products and resources
2. Automating existing redundant or non-value added processes in the
5. It uses existing communication systems
new system  few policies need to be changed to make the most of the
6. It utilizes universal behaviors and mentality
ERP system, otherwise, managers will be doing the same ineffective
 E-business Taxonomies:
things, only faster
1. B2C – Business to consumer – Travelocity
2. B2B – Business to Business – Dell computers
 3. Unrealistic Expectations  Systems are not a panacea (cure) for  Application Service Provider – an organization that provides a contractual
problems with organizational culture, poorly designed business processes, service to deploy, host and manage applications for customers remotely from a
or inadequate internal controls centralized location (Jaruzelski and Lake 2014)
4. Poor project management  managers have to apply solid project  ASP subcategories: (5)
management techniques for selecting the right people, completing the 1. Enterprise ASPs – deliver high end business applications
tasks in the right order, and staying on schedule 2. Local/Regional ASPs – supply wide variety of application services for
5. Inadequate education and training  seeing the ERP as solely an smaller businesses in a local area
information technology project, rather than a an opportunity to analyse 3. Specialist ASPs – provide applications for a specific need, such as Web
business processes and make them better site services or human resources
6. Trying to maintain the status quo  be upfront and honest from the start 4. Vertical Market ASPs – provide support to a specific industry such as
about the purpose and possible results of implementing ERP systems healthcare
7. A bad match between ERP software and organizational process  5. Volume Business ASPs – supply general small/medium-sized businesses
consult with colleagues about which ERP software has worked well, and with prepackaged application services in volume
which has worked poorly, in a specific industry  COSO’s Enterprise Risk Management – Integrated Framework – discuss
8. Inaccurate data in the system  the information generated by an ERP ASPs as a form of risk sharing, one way of responding to risks in an
system are as only as valid and useful as the data that undergird them organization’s environment
9. ERP implementation viewed as an IT project  view ERP project as  Uses of ASPs: (5)
holistic, touching not only information technology, but also business 1. Process insurance claims
processes and organizational behaviour issues 2. Complete the steps in accounting cycle
10. Significant technical difficulties  such as bugs in the software, 3. Manage stock market
problems interfacing with existing information systems, and hardware 4. Provide personal financial planning
difficulties 5. Prepare income tax returns
 Six necessary conditions for a successful ERP implementation:  ASPs benefits:
1. Obtain organizational commitment: get a clear, strong commitment to 1. Less costly than purchasing software outright
the project throughout the organization 2. Increased flexibility
2. Communicate strategic goals clearly: employees must understand the 3. Potentially improved customer service
goals of the ERP project – typically, providing better information more 4. Role in disaster recovery plans
quickly for decision making  ASPs risk:
3. View ERP as an enterprise-wide venture: ERP touches every aspect of 1. Psychological and behavioural factors
operations 2. Service interruptions
4. Select a compatible ERP system: don’t believe everything the software 3. Compromised data
vendor or implementation consultants tell you! Do your own research; ask 4. Inability to pay monthly fees
for other companies that have had successful (and unsuccessful)  Internal controls that will address ASPs risk:
implementations 1. Establish a budget for the ASP project
5. Resolve multisite issues: the project management plan must deal 2. Back up data on a daily basis
specifically with multisite issues 3. Provide ongoing training for employees using ASP
6. Ensure data accuracy: the project team needs to do significant employee 4. Create firewalls and encryption protocols
education about the importance of accurate data entry; test runs with  Service Organizational Control Reports – internal control reports on the
fictitious data before the system “goes live” also can help achieve this goal services provided by a service organization providing a valuable information that
users need to assess and address the risk associated with an outsourced ervice
 3 broad types of SOC reports:
 1. SOC 1 – control relevant to user entities internal control over financial  Privacy laws have made managers and other stakeholders aware
reporting of the critical need to protect information assets
2. SOC 2 – controls over security, availability, processing integrity, 5. Intrusions
confidentiality, or privacy  to gain access to a network or a system by bypassing security
3. SOC 3 – less-detailed but similar to SOC 2 reports controls or exploiting lack of adequate controls
 hacker for profit/hacker for fun
6. Information Theft
Chapter 11 – Computer Crime and Information Technology Security  Targets the organization’s most precious asset: information
 Results in potentially higher losses for the organizations
 Taxonomy for Computer Crime (Carter) 7. Information Manipulation
1. Target – the system or its data. The objective of these crimes is to impact  Input manipulation – hard to detect since the fraudulent input may
the confidentiality, availability, and/or integrity of data stored on the look valid until an in depth examination is performed
computer  Program manipulation – involves the modification or insertion of
2. Instrumentality – uses the computer to further a criminal end; the specific functions in the computer information system
computer is used to commit a crime  Salami technique – where unnoticeable slices of a financial
3. Incidental – encompasses crimes where the computer is not required for transaction are removed and transferred to another account
the crime but is related to the criminal act 8. Malicious Software (Malware)
4. Associated – the growth of the internet has generated new version of fairly  Can take many different forms: a virus infecting a system and
traditional crimes modifying its data, a worm replicating over the network causing a
 Business risk and threats to information systems bottleneck, or a Trojan horse allowing an unauthorized backdoor
1. Fraud into a system that directly impacts the confidentiality of the files
 Any illegal act for which knowledge of computer technology is residing on the system
used to commit the offense  Logic bombs
 Data diddling – intentional modification of information 9. Denial of Service Attacks
 Theft of information  Attacks prevent computer systems and networks from functioning
 Sarbanes-Oxley Act – introduced with the firm resolve to increase in accordance with their intended purpose
corporate responsibility and requires that companies establish  Causes loss of service to the users by consuming scarce
extensive governance policies to prevent and respond to resources such as bandwidth, memory, processor cycles
fraudulent activities  Can disrupt configuration information or physical components
2. Error 10. Website Defacements
 Implementing preventive controls that will detect and correct  A form of digital graffiti where intruders modify pages on the site
errors before they can occur can prevent financial losses and in order to leave their mark, send a message, or mock the
negative impacts to the organization’s image organization
3. Service Interruption and Delays  Hacktivism – politically motivated defacement that attempts to
 Delay - Can bring the organization to a standstill send a message to the organization or some part of the online
 Service interruption: accidental (can be caused by someone community
shutting down the wrong machine), wilful neglect (could be due to 11. Extortion
outdated antivirus software), and malicious behaviour (can be  the result of the computer being the object of a crime; the
caused by a hacker launching a denial of service attack against extortionist contacts an organization after successfully stealing
an organization’s Web site information or launching a DOS attack
4. Disclosure of Confidential Information
 Can have major impacts on an organization’s financial health
 Information Security – the protection of data in a system against unauthorized  Adequate supervision of employees - This should be the first
disclosure, modification, or destruction, and protection of the computer system line of defense in protecting critical computing infrastructures
itself against unauthorized use, modification, or denial of service.  Security Reviews – monitor the program to ensure compliance,
 Basic Principles of Information Security: fine tune the security policy and controls in accordance with the
1. Confidentiality – condition that exists when data are held in confidence and organization’s goals, and ensure that any deficiencies are
are protected from unauthorized disclosure corrected
2. Data integrity – state that exists when data stored in an information system  Security audits – examine whether the information systems
are the same as those in the source documents or have been correctly operate in accordance with the security policy and ensure that
processed from source data and have not been exposed to accidental or the controls are effective in protecting these systems
malicious alteration or destruction  Administrative security controls – established for three main
3. Availability – achieved when the required data can be obtained within the reasons: (1) to provide supplemental controls (2) to protect
required time frame information processing resources (3) to ensure that all
 Classification of IT controls: employees have proper authorization to access computing
1. Physical security controls – are required to protect computers, related resources
equipment, and their contents from espionage, theft, and destruction or
Note: Preventive controls are implemented to keep unwanted
damage by accident, fire, or natural disasters.
events from occurring, detective controls attempt to identify
2. Technical security controls (logical controls) – involve the use of
safeguards incorporated in computer and telecommunication hardware and anomalous and unwanted events once they have occurred, whereas
software corrective controls remedy problems discovered by detective
 Firewalls – the first line of defense in protecting the corporate controls
network from network based threats
 Access control policy – determines which packets can flow  ISACA (Information Systems Audit and Control Association) – a
between the network segments protected by firewalls professional group that bridges the gap between accounting and information
 Intrusion detection systems and intrusion prevention technology
systems – detect potentially malicious data and access patterns  COBIT 5.0 – five principles that form the foundation of a strong IT
(Network based: examine network traffic, they look for specific governance and management:
patterns of anomalous behaviour or deviations from the standard 1. Meeting Stakeholder needs: When an organization manages its IT well,
behaviour of the network & Individual based: detect malicious the system will meet legitimate information needs of all stakeholder groups
activity by examining system calls, event logs, critical system files, 2. Covering the enterprise end to end: A well designed plan for managing
and other valuable system information information covers the whole entity not just the IT function
 Cryptography – transforms data to (1) hide them, (2) prevent them 3. Applying a single integrated framework: incorporates ad builds on other
from being modified and/or, (3) prevent unauthorized access to frameworks to produce a unified set of ideas
them 4. Enabling a holistic approach: integrating IT governance and
3. Administrative Security Controls – management constraints, as well as management throughout the entity
operational and accountability procedures 5. Separating governance from management: governance focuses on
 Security policies – a clear and concise set of guiding strategic decision making, goal setting, and prioritization; management
statements supported by management; it provides a framework focuses more on day to day actions needed to achieve those goals
that ensures that information assets are secured  Seven enablers (tools that make the best possible uses of information and
 Security awareness training – is an often overlooked part of a information technology)
security management program.
  Inbound logistics: move raw materials
Enabler ISACA Explanation Example  Operations: transform materials into finished products
 Outbound Logistics: move finished product
Vehicle to translate the  Marketing & sales: sell the product
Enterprise Risk
1. Principles, policies, and desired behaviour into  Service: provide support as needed
management plan, internal
frameworks practical guidance for day  Support activities: provide essential services to the organization
control plan
to day management  Procurement: purchasing function
Organized set of practices  Information technology: R & D, other transforms of IT
Sales/collection process,
and activities to achieve  Human resource management: personnel-related functions
acquisition/payment
certain objectives and  Infrastructure: other aspects of the organization
2. Processes process, conversion
produce a set of outputs in
process, human resource  Process Description (Sales/collection) – TAP-FISH-BICOP
support of achieving overall
process, financing process 1. Take a customer’s order – either face to face, via the Internet, through the
IT related goals
3. Organizational Key decision making mail, over the phone and others
C-suite executives 2. Approve the customer’s credit - such as scanning the credit card
Structures entities in an enterprise
Very often underestimated 3. Fill the order based on the approved credit – preparing the order for
4. Culture, ethics, and as a success factor in Valuing open dialogue and shipment
behavior governance and cooperation 4. Ship the product (if necessary)
management activities 5. Bill the customer
Required for keeping the 6. Collect payment – (1) open invoice system – a customer remittance is tied
organization running and to a specific invoice or set of invoices (provides more detail though
Product demand, employee
well governed, but at the complex). (2) balance forward system – remittances are not applied to a
5. Information satisfaction, vendor
operational level very often, particular invoice; rather, they are simply applied to a customer’s total
reliability
the key product of the outstanding balance
enterprise itself 7. Process uncollectible receivables as necessary
Infrastructure, technology,  Documents Associated with the Sales/ Collection Process
Enterprise resource
and applications that
6. Services, Infrastructure planning systems, relational
provide the enterprise with
and applications databases, transaction Document Name Basic Purpose Originator Recipient
information technology
processing software To summarize items
processing and services Customer Order Sales department Warehouse
Required for successful ordered and prices
completion of all activities, To guide selection of items Shipping
7. People, skills, and Functional experts, cross Picking List Warehouse
and for making correct from warehouse department
competencies functional thinking To specify contents of Shipping
decisions, and taking Packing List Customer
corrective actions shipments department
Shipping
Bill of Lading To specify freight terms Common Carrier
department
CHAPTER 12 SALES/COLLLECTION PROCESS Customer Invoice To bill client Billing department Customer
Cash receipts
Customer Check To remit payment Customer
 Business Process – a set of procedures and policies designed to create value department
for some organizational stakeholder To provide a source Accounting
Remittance Advice Customer
 Value Chain – a way to think about the processes organizations use for their document department
stakeholder (Porter’s Value Chain) To transmit cash receipts to Cash receipts
Deposit slip Bank
bank department
 Primary activities: directly involved in value creation
 a. Incorporating independent order checking
 File Structures in the Sales/Collection Process b. Using information technology to fill orders
4. Damaging goods in the delivery process
File Name File Type Primary Key Other Data a. Packing merchandise adequately prior to shipment
Last name, First name b. Insuring goods in transit
Street Address, city state, ZIP ode 5. Billing the customer incorrectly
Phone number a. Machining documents prior to billing
Employee Master Employee ID
Emergency Contact b. Using information technology to ensure numerical accuracy
Department 6. Mishandling cash receipts
Hire date a. Separating duties
Customer company name b. Restrictively endorsing checks when they are received
Street address, city, state, ZIP Code c. Reconciling the bank statement at least monthly
Phone number
Customer Master Customer ID CHAPTER 13 ACQUISITION/PAYMENT PROCESS
Contact person name
Credit limit
Date of first sale  Basic steps: (Hollander, Denna and Cherrington) – RAP REDIW
Product name 1. Request goods and services based on monitored need
Beginning balance date 2. Authorize a purchase
Inventory Master Product ID Beginning balance quantity 3. Purchase goods/services
Beginning balance cost per unit 4. Receive goods and services (blind copy – indicates what items are
Preferred supplier expected from what vendor but not the item in quantities)
Transaction date 5. Disburse Cash
Transaction
Sales Transaction Customer ID 6. When necessary, process purchase returns
ID
Employee ID  Documents Used in the Acquisition Payment Process
Product ID
Transaction Document Name Basic Purpose Originator Recipient
Sales/Inventory Junction Quantity sold
ID To request that the purchasing
Selling price per unit Purchase Operating Purchasing
department order goods or
requisition department department
services from a vendor
 Common Risk Faced in the sales/collection process and the internal To specify the items to be
controls that might lessen those risks: ordered, freight terms, shipping Purchasing
Purchase Order Vendor
address, and other information department
1. Granting credit to customers who are not creditworthy
for the vendor
a. Relying on third-party vendors to grant credit (Visa, Discover, or
To ensure that goods have
American Express) Receiving Various
Receiving report been ordered and received in
b. Establishing a formal credit approval process, independent of the department departments
good condition
sales function (example of separation of duties) To request payments from a Accounting
c. Conducting a cash-only business Vendor Invoice Vendor
customer department
2. Selling products that are not available Accounting
a. Checking stock on hand before completing a customer’s order Check To pay the vendor Vendor
department
(maintain a relational organization/ERP system controlled by a query)
b. Maintaining adequate inventory (just in time, economic order quantity,
and reorder point)  File Structures in the Acquisition/ Payment Process
3. Filing the customer’s order incorrectly
 c. Insure products en route
File name File Type Primary Key Other data 4. Experiencing theft of inventory and/or cash
Last name, first name a. Establish an internal audit function
Street Address, city state, ZIP b. Reconcile bank statements promptly
code c. Separate authorization, custody, and usage functions for both
Employee Master Employee ID Phone Number inventory and cash
Emergency Contact d. Install employee monitoring systems
Department e. Bond employees who handle high value goods – Fidelity bonding –
Hire date insurance focused on employee behavior: (1) individual bonds – cover
Vendor company name theft by a specific named individual (2) Schedule bonds – list every
Street address, city state, ZIP name or position to be covered (3) Blanket bonds – the most
code
encompassing, covers all employees without reference to individual
Vendor Master Vendor ID Phone number
names or positions
Contact person name
Credit limit 5. Making errors in paying invoices
Date of fist purchase a. Require document matching (purchase order, receiving report, invoice)
Product Name b. Employ information technology to take advantage of available
Beginning balance date discounts
Inventory Master Product ID Beginning balance quantity c. Stamp documents paid to avoid duplicate payments
Beginning balance cost per unit  Comprehensive view of sales/collection process and acquisition/payment
Preferred supplier process
Transaction date 1. An operating department in the buying organization request goods and
Purchases Transaction Transaction ID Vendor ID services
Employee ID 2. The purchasing department in the buying organization authorizes purchase
Product ID 3. The sales department in the selling organization takes the customer’s order
Purchases/Inventory Junction Transaction ID Quantity Purchased 4. The credit department in the selling organization approves the customer’s
Purchase price per unit credit
5. The warehouse in the selling organization fills the order based on the
approved credit
 Common Risk Faced in the acquisition/payment process and the internal
6. The selling organization’s shipping department ships the product
controls that might lessen those risks:
7. The buying organization’s receiving department receives the goods
1. Ordering unneeded goods
8. The billing department in the selling organization bills the client
a. Institute a system for monitoring inventory levels
9. The cash disbursements department in the buying organization disburses
b. Require justification for unusual orders or orders over a specified dollar
the cash
amount 10. The cash receipts department in the selling organization collects payment
c. Specify the business purpose for ordered goods
2. Purchasing goods from inappropriate vendors CHAPTER 14 OTHER BUSINESS PROCESSES
a. Develop and enforce a conflict of interest policy
b. Establish criteria for supplier reliability and quality of goods  Conversion process – basic purpose is to convert direct material, direct labor,
c. Create strategic alliances with preferred vendors and manufacturing overhead (factors of production) into a finished product.
3. Receiving unordered defective goods  Job costing – units of product are differentiated from one another
a. Match receiving reports with approved purchase orders  Process costing – systems produced are undifferentiated goods
b. Inspect the goods before accepting a shipment
  Hybrid system – combine some elements of both job and process costing  Time to repayment
system  Frequency of payments
 Conversion Process Documents  Lender identification data
Form Name Purpose Originator Recipient  Human resource process
Request raw material from the  Payroll forms:
Materials requisition Production Warehouse
warehouse for production Form Name Purpose Data Included
Summarizes material, labor, and Form W-4 Establishes payroll withholding status Employee identification data
Job cost sheet Production Accounting
overhead cost in a job costing system Withholding status
Accumulates labor data (time, pay rate, Number of withholding allowances
Labor time ticket Production Accounting
total labor cost) Form W-2 Reports year-end information for tax Employee identification data
Production cost Summarizes cos and quantity purposes Employer identification data
Production Accounting
report information a process costing system Gross pay and tax withholdings
Documents he movement of materials 401(k) contributions
Material move ticket Warehouse Production
from the warehouse into production Payroll register Computes payroll data for all Employee identification data
employees for a given pay period Hours worked
 Risk and Control in the Conversion Process Pay rate
Risk Control Total gross pay
Special storage conditions Tax and benefit withholdings
Damage to raw materials Net pay
Backup power supplies for heating and cooling
Secured storage areas Employee Summarizes payroll data for a single Virtually the same as the payroll
Loss/theft of raw earnings record employee for multiple pay periods register
Adequate documentation
materials Form 1099 Reports amounts paid to an I.C identification data
Separation of duties
Workers’ compensation insurance independent contractor (IC) Payer’s identification data
Worker injuries Safety training Total amount paid
Protective clothing Form 940 Reports employer’s federal Company name
unemployment taxes Amount Paid
Form 941 Reports amounts withheld by
 Financing Process employer to IRS
 Information needed for financing process transactions
 Equity financing transactions
CHAPTER 15 DECISION-MAKING MODELS AND KNOWLEDGE MANAGEMENT
 No. of shares
 Par value per share
 Information overload (Eppler and Mengis)
 Market value per share
 the amount of information actually integrated into the decision begins
 Shareholder identification data
to decline
 Dividend per share
 the volume of information supply exceeds the limited human
 Dividend dates (declaration, record, payment)
information processing capacity
 Debt financing transactions
 the information processing requirements exceed the information-
 Principal
processing capacity
 Coupon interest rate (rate of interest paid in cash)
 the decision maker estimates he or she has to handle more
 Market interest rate (the rate prevailing in the market for
information than he or she can efficiently use
investments of similar risk
 Issue date
 Causes of information overload (5)  Knowledge management – the organization generate value from their
1. Personal factors - everyone’s limitations to process information intellectual resources and information systems within a business environment
2. Information characteristics  the process through which organizations generate value from such
3. Task and process parameters\ assets involves sharing them to employees, departments and even
4. Organizational design – people in groups have differing ideas and with other companies in an effort to devise best practices (Santosus
approaches for problem solving and decision making and Surmacz)
5. Information technology  Four objectives of knowledge management (Rowley)
 Symptoms and effects of Information overload 1. To create knowledge repositories
1. Limited information search and retrieval strategies 2. To improve knowledge access
 Less systematic searching 3. To enhance the knowledge environment
 Increased problems differentiating relevant and irrelevant 4. To manage knowledge as an asset
information  Seven steps to create knowledge management system (Nesbit)
2. Arbitrary information analysis and organization 1. Create an organizational culture that supports the ideas of knowledge
 Overlapping and inconsistent categories sharing and development
 Difficulty seeing the big picture 2. Define the business goals the knowledge management system will address
3. Suboptimal decisions 3. Perform a knowledge audit to identify any duplication, gaps, and overlaps
 Inefficient work in an organization’s knowledge base
 Reduced quality and accuracy of decisions 4. Create a visual map that describes units of knowledge and the
4. Strenuous personal situations relationships between them
 Stress, confusion, and cognitive strain 5. Develop a knowledge management strategy based on the content
 Overconfidence management, integration, search mechanisms, information delivery, and
 Countermeasures for information overload collaboration
1. Allow more time to complete important tasks 6. Purchase or build appropriate tools for capturing, analyzing, categorizing,
2. Compress, aggregate, categorize, and structure information and distributing knowledge
3. Create, small, self-contained tasks rather than trying to do everything at 7. Periodically reassess the value of the knowledge management system and
once make necessary adjustments
4. Define decision models and rules for common decision contexts  Steps for better thinking (Wolcott and Lynch)
5. Focus on creating value added information Foundation Knowing: acquire background knowledge and skills
6. Formalize the language used to describe information 1. Identifying: Problem, Relevant information, uncertainties
7. Handle information as it comes to you – don’t put it off 2. Exploring: Biases, Assumptions, Qualitative interpretation from various
8. Improve personal information management POV, information organization
9. Improve personal time management skills and techniques 3. Prioritizing: Ranked list of factors to consider, Conclusion
10. Use graphs and other visual aids 4. Envisioning: Solution limitations, Information use for future decisions

 2 additional reasons why people don’t always make the best decisions: CHAPTER 16: PROFESSIONALISM, ETHICS AND CAREER PLANNING
(Simon)
PROFESSIONALISM
1. Satisficing – people’s tendency to stop looking for solutions to a problem
when they find a solution that works- whether the decision is best or not 7 Characterisctics of Professionals (Dr. Nancy Bell, 2004)
2. Bounded rationality – a separate, but related, idea which means that
people will inherently avoid uncertainty and rely on proven rules for  Communicates effectively
problem solving whenever they can  Thinks rationally, logically and coherently
  Appropriately uses technical knowledge 8 Step Model of Dealing with Ethical Dilemmas (Langenderfer and Rockness, 1989)
 Integrates knowledge from many disciplines
1. Identify the facts
 Exhibits ethical professional behavior
2. Identify the ethics issues and the stakeholders involved
 Recognizes the influence of political, social economic, legal and regulatory
3. Define the norms, principles and values related to situation
forces
4. Identify the alternative courses of action
 Actively seeks additional knowledge
5. Evaluate the consequences of each possible course of action
4 Criteria of Being Professional (McDonald, 2001) 6. Decide the best course of action consistent with the norms, principles and
values
 Specialized knowledge base. Financial reporting rules, auditing standards. 7. If appropriate, discuss the alternative with a trusted person
 Complex skills. Use of judgment and computations. 8. Reach a decision
 Autonomy of practice. Refers to independence or self-sufficiency.
ETHICAL CASES
“independence of mind”
 Adherence to a code of ethical behavior Charles Ponzi – committed a multimillion-dollar fraud with international postal reply
coupon; “pyramid” or “multilevel marketing” scheme
ETHICS
Adelphia Communications Corporation – the management engaged in deceptive
Nature of Ethics (Boss, 2014)
accounting practices to meet analyst’ expectations for profitability
1. Ethics is a set of standards that:
Enron/Arthur Andersen – best known accounting fraud in recent history (Enron);
a. Differentiates “right” from “wrong”
downfall of one of the then “Big Five” CPA firms because of Enron (Arthur)
b. Is established by a particular group
c. Is imposed on members of the group to regulate behavior CAREER PLANNING
2. Ethics is a discipline that:
a. Studies values and guidelines for living Steps in Career Planning
b. Considers the justification (or lack) of values
1. Determine your strengths, aptitudes and abilities
Ethical Egoism – teaches that people are fundamentally solitary creatures, each 2. Create a career mission statement
pursuing their own best interest. 3. Research employment opportunities related to the first two
4. Build your resume
Utilitarianism – teaches that the most ethical action is the one that promotes the greatest 5. Practice interview skills
good for the greatest number
CHAPTER 17: AUDITING AND EVALUATING THE AIS
Deontology – “rights and duties” school of ethical thought that believes individuals have
rights and that ethical principles are developed through reasoning; Auditing – the area of accounting associated with AIS evaluation.
- Ethical decisions are based on a universal moral code, not on the outcome of a
TYPES OF AUDIT (7)
decision

Virtue ethics – ethical behavior is a natural product of being fundamentally ethical and 1) FINANCIAL AUDIT – involves the examination of a company’s accounting
virtuous; being a good person is more important information system and financial statements.
 o Financial Audit Reports: (4) FORMAT
 Unmodified Report – “clean report” says that the company’s statements  INTRODUCTION - explains when the standard applies in audit engagement
are prepared in accordance with GAAP.  OBJECTIVE – discusses the overall goal of the standard; what is being tried to
 Qualified Report – one or more items don’t conform with GAAP – but does achieve
not compromise the overall fairness  DEFINITIONS – identifies key terms and their meaning
 Adverse Report – statements are not prepared in accordance with GAAP  REQUIREMENTS – explain what the auditor needs to do to fulfill that standard
 Disclaimer – denotes that the auditors could not tell if they were in  GUIDANCE AND EXPLANATORY MATERIAL - gives additional information
accordance with GAAP about the requirements and related matters
2) OPERATIONAL AUDIT – auditors examine a company’s rules and procedures
for conducting business. Internal auditors are often involved. GENERALLY ACCEPTED AUDITING STANDARDS
3) SYSTEMS AUDIT – determines whether the various forms of information
technology in an AIS are producing expected results. It also examines the issue  GENERAL STANDARDS – focus on
of systems security very closely. the auditor’s background and
4) COMPLIANCE AUDIT – Governmental and NPOs are subject to this, virtually approach to the audit.
devoid of judgment  Training – well-trained in auditing
5) MANAGEMENT AUDIT – may involve the greatest degree of judgment.  Independence – auditor’s mental
Determines the degree to which the assumptions underlying decisions are valid attitude
or how these management decisions are supported.  Professional care – properly
6) INVESTIGATIVE AUDIT – “fraud audit”; associated with forensic accounting. It planned
may be triggered by observation of unusual behavior or discrepancies in the
AIS.  FIELD WORK – set out important ideas for conducting the audit
 Review of documents  Supervision – all staff members must be adequately supervised; as experience
 Interview of neutral third-party witnesses increases, need for supervision decreases
 Interview of corroborative witness  Internal control – assess an organization’s risk exposures and determine if IC
 Interview of coconspirators ameliorates
 Interview of target  Evidence – importance of having an objective, reasonable basis for expressing
7) INTERNATIONAL AUDIT – it requires the auditor to understand the accounting opinion
rules in another country but also necessitates an intimate understanding of
national culture, laws, regulation and other nonaccounting issues.  REPORTING – speak to the ultimate opinion the auditors express
 GAAP – opinion must state if be in accordance
AUDIT CLARITY PROJECT (Skinner, 2012)  Consistency – report inconsistencies between current and prior application
Two main objectives:  Disclosure – state if it is appropriate
i. To make auditing standards easier  Opinion – explain the reasons for opinion
to read, understand and apply
ii. To converge the US Auditing
Standards with IAS
GENERIC AUDIT STEPS
I. Assessment of management’s integrity
II. Evaluate management’s credentials.
III. Review the internal control system.
IV. Perform compliance testing
V. Issue the audit report.

ASSERTIONS BY MANAGEMENT (5)

 Existence or occurrence – Did the transaction really happen? Do the assets
exist?
 Rights and obligations – Does the company really own the assets?
 Valuation and allocation – are the accounts valued correctly?
 Completeness – are the financial statements complete?
 Presentation and disclosure – were all the transactions recorded in the
correct accounts? Are the disclosures understandable?

SARBANES-OXLEY ACT
 Section 302. Evaluation of internal controls in an audit. Responsibility of CEO
and CFO.
 Section 401. Disclosures in Periodic Reports. Financial statements must be
accurate and presented correctly.
 Section 404. Management Assessment of Internal Controls, reemphasizes the
importance of sound internal control in AIS integrity and reliability.
 Section 409. Real-time reporting is the primary issue of this section.
Disclosures should be made in nontechnical, easy-to-understand terms
 Section 802. Spells out the penalties for noncompliance with the Act.
 “
D
i
s
7
7
7
7
7
7
7