0% found this document useful (0 votes)

97 views

Accounting Information System

Uploaded by

Samir Raihan Chowdhury

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

97 views

Accounting Information System

Uploaded by

Samir Raihan Chowdhury

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 296

Chapter 1

Accounting Information Systems: An Overview

1-1
Copyright © 2012 Pearson Education
Learning Objectives

 Distinguish between data and information.

 Discuss the characteristics of useful information.

 Explain how to determine the value of information.

 Explain the decisions an organization makes and the information needed to make them.

 Identify the information that passes between internal and external parties and an AIS.

 Describe the major business processes present in most companies.

 Explain what an accounting information system (AIS) is and describe its basic functions.

 Discuss how an AIS can add value to an organization.

 Explain how an AIS and corporate strategy affect each other.

 Explain the role an AIS plays in a company’s value chain.

Copyright © 2012 Pearson Education 1-2

What Is a System?

 System
 A set of two or more
interrelated components
interacting to achieve a
goal

 Goal Conflict
 Occurs when components
act in their own interest
without regard for overall
goal

 Goal Congruence
 Occurs when components
acting in their own interest
contribute toward overall
goal

Copyright © 2012 Pearson Education 1-3

Data vs. Information

 Data are facts that are

recorded and stored.
 Insufficient for decision
making.

 Information is processed
data used in decision
making.
 Too much information
however, will make it
more, not less, difficult to Information
make decisions. This is
known as Information
Overload.

Copyright © 2012 Pearson Education 1-4

Value of Information

Benefits Costs
 Reduce Uncertainty  Time & Resources

 Improve Decisions
 Produce Information
 Improve Planning  Distribute Information

 Improve Scheduling
Benefit $’s > Cost $’s

Copyright © 2012 Pearson Education 1-5

What Makes Information Useful?

 Necessary characteristics:
 Relevant
 “The capacity of information to make a difference in a
decision by helping users to form predictions about the
outcomes of past, present, and future events or to
confirm or correct prior expectations.”
 Reliable
 “The quality of information that assures that information is
reasonably free from error and bias and faithfully
represents what it purports to represent.”
 Complete
 “The inclusion in reported information of everything
material that is necessary for faithful representation of the
relevant phenomena.”

Copyright © 2012 Pearson Education 1-6

What Makes Information Useful?

 Timely
 “Having information available to a decision maker before
it loses its capacity to influence decisions.”
 Understandable
 “The quality of information that enables users to perceive
its significance.”
 Verifiable
 “The ability through consensus among measurers to
ensure that information represents what it purports to
represent or that the chosen method of measurement
has been used without error or bias.”
 Accessible
 Available when needed (see Timely) and in a useful
format (see Understandable).

Copyright © 2012 Pearson Education 1-7

Business Process

 Systems working toward

organizational goals Financing Revenue

Human
Expenditure
Resources

Production

Copyright © 2012 Pearson Education 1-8

Business Process Cycles

 Revenue

 Expenditure

 Production

 Human Resources

 Financing

Copyright © 2012 Pearson Education 1-9

Business Transactions

 Give–Get exchanges

 Between two entities

 Measured in economic terms

Copyright © 2012 Pearson Education 1-10

Business Cycle Give–Get

Copyright © 2012 Pearson Education 1-11

Accounting Information Systems

 Collect, process, store, and report data and information

 If Accounting = language of business

 AIS = information providing vehicle

 Accounting = AIS

Copyright © 2012 Pearson Education 1-12

Components of an AIS

 People using the system

 Procedures and Instructions

 For collecting, processing, and storing data

 Data

 Software

 Information Technology (IT) Infrastructure

 Computers, peripherals, networks, and so on

 Internal Control and Security

 Safeguard the system and its data

Copyright © 2012 Pearson Education 1-13

AIS and Business Functions

 Collect and store data about organizational:

 Activities, resources, and personnel

 Transform data into information enabling

 Management to:
 Plan, execute, control, and evaluate
 Activities, resources, and personnel

 Provide adequate control to safeguard

 Assets and data

Copyright © 2012 Pearson Education 1-14

AIS Value Add

 Improve Quality and Reduce Costs

 Improve Efficiency

 Improve Sharing Knowledge

 Improve Supply Chain

 Improve Internal Control

 Improve Decision Making

Copyright © 2012 Pearson Education 1-15

Improve Decision Making

 Identify situations that require action.

 Provide alternative choices.

 Reduce uncertainty.

 Provide feedback on previous decisions.

 Provide accurate and timely information.

Copyright © 2012 Pearson Education 1-16

Value Chain

 The set of activities a product or service moves along

before as output it is sold to a customer
 At each activity the product or service gains value

Copyright © 2012 Pearson Education 1-17

Value Chain—Primary Activities

Copyright © 2012 Pearson Education 1-18

Value Chain—Support Activities

Firm
Infrastructure Technology

Human Purchasing
Resources

Copyright © 2012 Pearson Education 1-19

Value Chain

Copyright © 2012 Pearson Education 1-20

AIS and Corporate Strategy
Organizations have limited
resources, thus investments
to AIS should have greatest
impact on ROI.

Organizations need to
understand:

IT developments

Business strategy

Organizational culture

Will effect and be effected

by new AIS

Copyright © 2012 Pearson Education 1-21

Chapter 2
Overview of Transaction Processing and ERP Systems
2-1
Copyright © 2012 Pearson Education
Learning Objectives

 Describe the four major steps in the data processing cycle.

 Describe the major activities in each cycle.
 Describe documents and procedures used to collected
and process data.
 Describe the ways information is stored in computer-based
information systems.
 Discuss the types of information that an AIS can provide.
 Discuss how organizations use ERP systems to process
transactions and provide information.

Copyright © 2012 Pearson Education 2-2

Data Processing Cycle

Copyright © 2012 Pearson Education 2-3

The Data Processing Cycle
Determines
 What data is stored?

 Who has access to the data?

 How is the data organized?

 How can unanticipated information needs be met?

Copyright © 2012 Pearson Education 2-4

Data Input—Capture

 As a business activity occurs data is collected about:

1. Each activity of interest
2. The resources affected
3. The people who are participating

Copyright © 2012 Pearson Education 2-5

Paper-Based Source Documents

 Data are collected on

source documents
 E.g., a sales-order form
 The data from paper-
based will eventually
need to be transferred to
the AIS

 Turnaround
 Usually paper-based
 Are sent from
organization to customer
 Same document is
returned by customer to
organization
Turnaround Document

Copyright © 2012 Pearson Education 2-6

Source Data Automaton

 Source data is captured

 In machine-readable form
 At the time of the business activity
 E.g., ATM’s; POS

Copyright © 2012 Pearson Education 2-7

Data Input—Accuracy and Control

 Well-designed source documents can ensure that data

captured is
 Accurate
 Provide instructions and prompts
 Check boxes
 Drop-down boxes
 Complete
 Internal control support
 Prenumbered documents

Copyright © 2012 Pearson Education 2-8

Data Storage

 Types of AIS storage:

 Paper-based
 Ledgers
 Journals
 Computer-based

Copyright © 2012 Pearson Education 2-9

Ledgers

 General • Joe Smith

 Summary level data for each: $250
 Asset, liability, equity, • Patti Jones
revenue, and expense $750
 Subsidiary
 Detailed data for a General
Ledger (Control) Account
that has individual sub- • ACME
accounts Inc.$150
 Accounts Receivable • Jones, Inc
 Accounts Payable $350

Copyright © 2012 Pearson Education 2-10

Journals

 General
 Infrequent or specialized transactions

 Specialized
 Repetitive transactions
 E.g., sales transactions

Copyright © 2012 Pearson Education 2-11

Coding Techniques

 Sequence
Digit Position Meaning
 Items numbered consecutively
1–2 Product Line, size,
 Block and so on
 Specific range of numbers are
associated with a category 3 Color
 10000–199999 = Electric Range
4–5 Year of
 Group Manufacture
 Positioning of digits in code provide
meaning 6–7 Optional Features
1241000 12 = Dishwasher
 Mnemonic
 Letters and numbers 4 = White
 Easy to memorize 10 = 2010
 Code derived from description of item 00 = No Options

 Chart of accounts
 Type of block coding

Copyright © 2012 Pearson Education 2-12

Computer Based Storage
 Entity
 Person, place, or thing (Noun)
 Something an organization wishes to store data about
 Attributes
 Facts about the entity
 Fields
 Where attributes are stored
 Records
 Group of related attributes about an entity
 File
 Group of related Records

Copyright © 2012 Pearson Education 2-13

File Types

 Transaction
 Contains records of a
business from a specific
period of time

 Master
 Permanent records
 Updated by transaction
with the transaction file

 Database
 Set of interrelated files

Copyright © 2012 Pearson Education 2-14

Data Processing

 Four Main Activities

1. Create new records
2. Read existing records
3. Update existing records
4. Delete records or data from records

Copyright © 2012 Pearson Education 2-15

Data Output Types

 Soft copy
 Displayed on a screen

 Hard copy
 Printed on paper

Copyright © 2012 Pearson Education 2-16

ERP Systems

Copyright © 2012 Pearson Education 2-17

Enterprise Resource Planning (ERP)

 Integrate an organization’s information into one overall

AIS

 ERP modules:
 Financial
 Human resources and payroll
 Order to cash
 Purchase to pay
 Manufacturing
 Project management
 Customer relationship management
 System tools

Copyright © 2012 Pearson Education 2-18

ERP Advantages

 Integration of an organization’s data and financial

information

 Data is captured once

 Greater management visibility, increased monitoring

 Better access controls

 Standardizes business operating procedures

 Improved customer service

 More efficient manufacturing

Copyright © 2012 Pearson Education 2-19

ERP Disadvantages

 Cost

 Time-consuming to implement

 Changes to an organization’s existing business processes

can be disruptive

 Complex

 Resistance to change

Copyright © 2012 Pearson Education 2-20

Chapter 3
Systems Documentation Techniques
3-1
Copyright © 2012 Pearson Education
Learning Objectives

Prepare and use data flow

diagrams to understand,
evaluate, and document
information systems.
Prepare and use flowcharts to
understand, evaluate, and
document information systems.

Copyright © 2012 Pearson Education 3-2

What Is Documentation?

 Set of documents and models

 Narratives, data flow models, flowcharts

 Describe who, what, why, when, and where of systems:

 Input, process, storage, output, and controls

Copyright © 2012 Pearson Education 3-3

Why Should You Learn Documentation?

 You need to be able to read documentation in all its forms:

narratives, diagrams, models.

 You need to be able to evaluate the quality of systems,

such as internal control based in part on documentation.

 SAS 94 requires independent auditors to understand all

internal control procedures.
 Documentation assists in auditor understanding and
documentation of their understanding

 Sarbanes-Oxley states that management:

 Is responsible for internal control system
 Is responsible for assessing the effectiveness of the IC System
 Both management and external auditors need to document
and test IC System

Copyright © 2012 Pearson Education 3-4

Data Flow Diagrams

 Graphically describes the flow of data within a system

 Four basic elements

Entity Data Flow

Process

Data Store

Copyright © 2012 Pearson Education 3-5

Entity

 Represents a source of data or input into the system

 Represents a destination of data or output from the

system

Copyright © 2012 Pearson Education 3-6

Data Flows

 Movement of data among:

 Entities (sources or destinations)
 Processes
 Data stores

 Label should describe the information moving

Copyright © 2012 Pearson Education 3-7

Process

 Represents the transformation of data

Copyright © 2012 Pearson Education 3-8

Data Store

 Represents data at rest

Copyright © 2012 Pearson Education 3-9

Data Flow Diagram Levels

 Context
 Highest level (most general)
 Purpose: show inputs and outputs into system
 Characteristics: one process symbol only, no data stores

 Level-0
 Purpose: show all major activity steps of a system
 Characteristics: processes are labeled 1.0, 2.0, and so on

Copyright © 2012 Pearson Education 3-10

DFD Creation Guidelines

 Understand the system  Identify transformational

processes
 Ignore certain aspects of the
system  Group transformational
processes
 Determine system
boundaries  Identify all data stores

 Develop a context DFD  Identify all sources and

destinations
 Identify data flows
 Label all DFD elements
 Group data flows
 Subdivide DFD
 Number each process

Copyright © 2012 Pearson Education 3-11

Flowcharts

 Use symbols to logically depict transaction processing

and the flow of data through a system.

 Using a pictorial representation is easier to understand

and explain versus a detailed narrative.

Copyright © 2012 Pearson Education 3-12

Flowchart Symbol Categories

 Input/Output

 Processing

 Storage

 Miscellaneous

Copyright © 2012 Pearson Education 3-13

Flow Chart Symbol Categories

 (cont’d)

Copyright © 2012 Pearson Education

Types of Flowcharts

 Document
 Illustrates the flow of documents through an organization
 Useful for analyzing internal control procedures

 System
 Logical representation of system inputs, processes, and
outputs
 Useful in systems analysis and design

 Program
 Represent the logical sequence of program logic

Copyright © 2012 Pearson Education 3-15

Document Flowchart

Copyright © 2012 Pearson Education 3-16

Document Flowchart (cont’d)

Copyright © 2012 Pearson Education 3-17

System Flowchart

Copyright © 2012 Pearson Education 3-18

Program Flowchart

Copyright © 2012 Pearson Education 3-19

Chapter 5
Computer Fraud
5-1
Copyright © 2012 Pearson Education
Learning Objectives

 Explain the threats faced by modern information systems.

 Define fraud and describe the process one follows to
perpetuate a fraud.
 Discuss who perpetrates fraud and why it occurs,
including:
 the pressures, opportunities, and rationalizations that are
present in most frauds.
 Define computer fraud and discuss the different computer
fraud classifications.
 Explain how to prevent and detect computer fraud and
abuse.

Copyright © 2012 Pearson Education 5-2

Common Threats to AIS

 Natural Disasters and Terrorist Threats

 Software Errors and/or Equipment Malfunction

 Unintentional Acts (Human Error)

 Intentional Acts (Computer Crimes)

Copyright © 2012 Pearson Education 5-3

What Is Fraud?

 Gaining an unfair advantage over another person

 A false statement, representation, or disclosure
 A material fact that induces a person to act
 An intent to deceive
 A justifiable reliance on the fraudulent fact in which a person
takes action
 An injury or loss suffered by the victim

 Individuals who commit fraud are referred to as white-

collar criminals.

Copyright © 2012 Pearson Education 5-4

Forms of Fraud

 Misappropriation of assets
 Theft of a companies assets.
 Largest factors for theft of assets:
 Absence of internal control system
 Failure to enforce internal control system

 Fraudulent financial reporting

 “…intentional or reckless conduct, whether by act or
omission, that results in materially misleading financial
statements” (The Treadway Commission).

Copyright © 2012 Pearson Education 5-5

Reasons for Fraudulent Financial
Statements

1. Deceive investors or creditors

2. Increase a company’s stock price

3. Meet cash flow needs

4. Hide company losses or other problems

Copyright © 2012 Pearson Education 5-6

Treadway Commission Actions to
Reduce Fraud
1. Establish environment which supports the integrity of the
financial reporting process.

2. Identification of factors that lead to fraud.

3. Assess the risk of fraud within the company.

4. Design and implement internal controls to provide

assurance that fraud is being prevented.

Copyright © 2012 Pearson Education 5-7

SAS #99

 Auditors responsibility to detect fraud

 Understand fraud
 Discuss risks of material fraudulent statements
 Among members of audit team
 Obtain information
 Look for fraud risk factors
 Identify, assess, and respond to risk
 Evaluate the results of audit tests
 Determine impact of fraud on financial statements
 Document and communicate findings
 See Chapter 3
 Incorporate a technological focus

Copyright © 2012 Pearson Education 5-8

The Fraud Triangle

Pressure

Opportunity

Rationalization

Copyright © 2012 Pearson Education 5-9

Pressure

• Motivation or incentive to
commit fraud

•Types:
1. Employee
• Financial
• Emotional
• Lifestyle
2. Financial
• Industry conditions
• Management
characteristics

Copyright © 2012 Pearson Education 5-10

Opportunity

• Condition or situation that

allows a person or
organization to:
1.Commit the fraud
2.Conceal the
fraud
• Lapping
• Kiting
3.Convert the theft
or
misrepresentation
to personal gain

Copyright © 2012 Pearson Education 5-11

Rationalizations

•Justification of illegal behavior

1.Justification
• I am not being
dishonest.
2.Attitude
• I don’t need to
be honest.
3.Lack of personal
integrity
• Theft is valued
higher than
honesty or
integrity.

Copyright © 2012 Pearson Education 5-12

Computer Fraud

 Any illegal act in which knowledge of computer

technology is necessary for:
 Perpetration
 Investigation
 Prosecution

Copyright © 2012 Pearson Education 5-13

Rise of Computer Fraud

1. Definition is not agreed on

2. Many go undetected

3. High percentage is not reported

4. Lack of network security

5. Step-by-step guides are easily available

6. Law enforcement is overburdened

7. Difficulty calculating loss

Copyright © 2012 Pearson Education 5-14

Computer Fraud Classifications
 Input Fraud
 Alteration or falsifying input

 Processor Fraud
 Unauthorized system use

 Computer Instructions Fraud

 Modifying software, illegal copying of software, using software in an
unauthorized manner, creating software to undergo unauthorized
activities

 Data Fraud
 Illegally using, copying, browsing, searching, or harming company data

 Output Fraud
 Stealing, copying, or misusing computer printouts or displayed
information

Copyright © 2012 Pearson Education 5-15

Chapter 6
Computer Fraud and Abuse Techniques
6-1
Copyright © 2012 Pearson Education
Learning Objectives

Compare and contrast computer

attack and abuse tactics.
Explain how social engineering
techniques are used to gain physical or
logical access to computer resources.
Describe the different types of malware
used to harm computers.

Copyright © 2012 Pearson Education 6-2

Computer Attacks and Abuse

 Hacking
 Unauthorized access, modification, or use of a computer
system or other electronic device

 Social Engineering
 Techniques, usually psychological tricks, to gain access to
sensitive data or information
 Used to gain access to secure systems or locations

 Malware
 Any software which can be used to do harm

Copyright © 2012 Pearson Education 6-3

Types of Computer Attacks

 Botnet—Robot Network
 Network of hijacked computers
 Hijacked computers carry out processes without users
knowledge
 Zombie—hijacked computer

 Denial-of-Service (DoS) Attack

 Constant stream of requests made to a Web-server (usually
via a Botnet) that overwhelms and shuts down service

 Spoofing
 Making an electronic communication look as if it comes
from a trusted official source to lure the recipient into
providing information

Copyright © 2012 Pearson Education 6-4

Types of Spoofing
 E-mail
 E-mail sender appears as if it  SMS
comes from a different  Incorrect number or name
source appears, similar to caller-ID
but for text messaging
 Caller-ID
 Incorrect number is  Web page
displayed  Phishing (see below)

 IP address  DNS
 Forged IP address to  Intercepting a request for a
conceal identity of sender of Web service and sending
data over the Internet or to the request to a false service
impersonate another
computer system

 Address Resolution Protocol

(ARP)
 Allows a computer on a LAN
to intercept traffic meant for
any other computer on the
LAN

Copyright © 2012 Pearson Education 6-5

Hacking Attacks

 Cross-Site Scripting (XSS)

 Unwanted code is sent via dynamic Web pages disguised as
user input.

 Buffer Overflow
 Data is sent that exceeds computer capacity causing
program instructions to be lost and replaced with attacker
instructions.

 SQL Injection (Insertion)

 Malicious code is inserted in the place of query to a
database system.

 Man-in-the-Middle
 Hacker places themselves between client and host.

Copyright © 2012 Pearson Education 6-6

Additional Hacking Attacks

 Password Cracking
 Penetrating system security to steal passwords

 War Dialing
 Computer automatically dials phone numbers looking for
modems.

 Phreaking
 Attacks on phone systems to obtain free phone service.

 Data Diddling
 Making changes to data before, during, or after it is entered
into a system.

 Data Leakage
 Unauthorized copying of company data.

Copyright © 2012 Pearson Education 6-7

Hacking Embezzlement Schemes
 Salami Technique
 Taking small amounts from many different accounts.

 Economic Espionage
 Theft of information, trade secrets, and intellectual property.

 Cyber-Bullying
 Internet, cell phones, or other communication technologies to
support deliberate, repeated, and hostile behavior that
torments, threatens, harasses, humiliates, embarrasses, or
otherwise harms another person.

 Internet Terrorism
 Act of disrupting electronic commerce and harming computers
and communications.

 Internet Misinformation

Copyright © 2012 Pearson Education 6-8

Hacking for Fraud

 Internet Misinformation
 Using the Internet to spread false or misleading information

 Internet Auction
 Using an Internet auction site to defraud another person
 Unfairly drive up bidding
 Seller delivers inferior merchandise or fails to deliver at all
 Buyer fails to make payment

 Internet Pump-and-Dump
 Using the Internet to pump up the price of a stock and then
selling it

Copyright © 2012 Pearson Education 6-9

Social Engineering Techniques
 Identity Theft  Typesquatting
 Assuming someone else’s identity  Typographical errors when
entering a Web site name cause
 Pretexting an invalid site to be accessed
 Inventing a scenario that will lull
someone into divulging sensitive  Tabnapping
information  Changing an already open
browser tab
 Posing
 Using a fake business to acquire  Scavenging
sensitive information  Looking for sensitive information in
items thrown away
 Phishing
 Posing as a legitimate company  Shoulder Surfing
asking for verification type  Snooping over someone’s
information: passwords, accounts, shoulder for sensitive information
usernames

 Pharming
 Redirecting Web site traffic to a
spoofed Web site.

Copyright © 2012 Pearson Education 6-10

More Social Engineering

 Lebanese Loping
 Capturing ATM pin and card numbers

 Skimming
 Double-swiping a credit card

 Chipping
 Planting a device to read credit card information in a credit
card reader

 Eavesdropping
 Listening to private communications

Copyright © 2012 Pearson Education 6-11

Type of Malware
 Spyware
 Secretly monitors and collects personal information about users and
sends it to someone else
 Adware
 Pops banner ads on a monitor, collects information about the user’s
Web-surfing, and spending habits, and forward it to the adware
creator

 Key logging
 Records computer activity, such as a user’s keystrokes, e-mails sent and
received, Web sites visited, and chat session participation

 Trojan Horse
 Malicious computer instructions in an authorized and otherwise properly
functioning program
 Time bombs/logic bombs
 Idle until triggered by a specified date or time, by a change in the
system, by a message sent to the system, or by an event that does
not occur

Copyright © 2012 Pearson Education 6-12

More Malware
 Trap Door/Back Door
 A way into a system that bypasses normal authorization and
authentication controls

 Packet Sniffers
 Capture data from information packets as they travel over
networks
 Rootkit
 Used to hide the presence of trap doors, sniffers, and key
loggers; conceal software that originates a denial-of-service
or an e-mail spam attack; and access user names and log-in
information

 Superzapping
 Unauthorized use of special system programs to bypass regular
system controls and perform illegal acts, all without leaving an
audit trail

Copyright © 2012 Pearson Education 6-13

Chapter 7
Control and AIS
7-1
Copyright © 2012 Pearson Education
Learning Objectives
 Explain basic control concepts and explain why computer control and security
are important.

 Compare and contrast the COBIT, COSO, and ERM control frameworks.

 Describe the major elements in the internal environment of a company

 Describe the four types of control objectives that companies need to set.

 Describe the events that affect uncertainty and the techniques used to identify
them.

 Explain how to assess and respond to risk using the Enterprise Risk Management
(ERM) model.

 Describe control activities commonly used in companies.

 Describe how to communicate information and monitor control processes in

organizations.

Copyright © 2012 Pearson Education 7-2

Internal Control

 System to provide reasonable assurance that objectives

are met such as:
 Safeguard assets.
 Maintain records in sufficient detail to report company assets
accurately and fairly.
 Provide accurate and reliable information.
 Prepare financial reports in accordance with established
criteria.
 Promote and improve operational efficiency.
 Encourage adherence to prescribed managerial policies.
 Comply with applicable laws and regulations.

Copyright © 2012 Pearson Education 7-3

Internal Control

Functions Categories
 Preventive  General
 Deter problems  Overall IC system and
processes
 Detective
 Discover problems  Application
 Transactions are
 Corrective processed correctly
 Correct problems

Copyright © 2012 Pearson Education 7-4

Sarbanes Oxley (2002)

 Designed to prevent financial statement fraud, make

financial reports more transparent, protect investors,
strengthen internal controls, and punish executives who
perpetrate fraud
 Public Company Accounting Oversight Board (PCAOB)
 Oversight of auditing profession
 New Auditing Rules
 Partners must rotate periodically
 Prohibited from performing certain non-audit services

Copyright © 2012 Pearson Education 7-5

Sarbanes Oxley (2002)

 New Roles for Audit Committee

 Be part of board of directors and be independent
 One member must be a financial expert
 Oversees external auditors
 New Rules for Management
 Financial statements and disclosures are fairly presented,
were reviewed by management, and are not misleading.
 The auditors were told about all material internal control
weaknesses and fraud.
 New Internal Control Requirements
 Management is responsible for establishing and
maintaining an adequate internal control system.

Copyright © 2012 Pearson Education 7-6

SOX Management Rules

 Base evaluation of internal control on a recognized

framework.

 Disclose all material internal control weaknesses.

 Conclude a company does not have effective financial

reporting internal controls of material weaknesses.

Copyright © 2012 Pearson Education 7-7

Internal Control Frameworks

 Control Objectives for Information and Related

Technology (COBIT)
 Business objectives
 IT resources
 IT processes

 Committee of Sponsoring Organizations (COSO)

 Internal control—integrated framework
 Control environment
 Control activities
 Risk assessment
 Information and communication
 Monitoring

Copyright © 2012 Pearson Education 7-8

Internal Control

 Enterprise Risk Management Model

 Risk-based vs. control-based
 COSO elements +
 Setting objectives
 Event identification
 Risk assessment
 Can be controlled but also
 Accepted
 Diversified
 Shared
 Transferred

Copyright © 2012 Pearson Education 7-9

Control Environment

 Management’s philosophy, operating style, and risk

appetite

 The board of directors

 Commitment to integrity, ethical values, and

competence

 Organizational structure

 Methods of assigning authority and responsibility

 Human resource standards

 External influences

Copyright © 2012 Pearson Education 7-10

ERM—Objective Setting

 Strategic
 High-level goals aligned with corporate mission

 Operational
 Effectiveness and efficiency of operations

 Reporting
 Complete and reliable
 Improve decision making

 Compliance
 Laws and regulations are followed

Copyright © 2012 Pearson Education 7-11

ERM—Event Identification

 “…an incident or occurrence emanating from internal or

external sources that affects implementation of strategy
or achievement of objectives.”
 Positive or negative impacts (or both)
 Events may trigger other events
 All events should be anticipated

Copyright © 2012 Pearson Education 7-12

Risk Assessment

 Identify Risk
 Identify likelihood of risk
 Identify positive or negative impact

 Types of Risk
 Inherent
 Risk that exists before any plans are made to control it
 Residual
 Remaining risk after controls are in place to reduce it

Copyright © 2012 Pearson Education 7-13

ERM—Risk Response

 Reduce
 Implement effective internal control

 Accept
 Do nothing, accept likelihood of risk

 Share
 Buy insurance, outsource, hedge

 Avoid
 Do not engage in activity that produces risk

Copyright © 2012 Pearson Education 7-14

Event/Risk/Response Model

Copyright © 2012 Pearson Education 7-15

Control Activities

 Policies and procedures to provide reasonable

assurance that control objectives are met:
 Proper authorization of transactions and activities
 Signature or code on document to signal authority
over a process
 Segregation of duties
 Project development and acquisition controls
 Change management controls
 Design and use of documents and records
 Safeguarding assets, records, and data
 Independent checks on performance

Copyright © 2012 Pearson Education 7-16

Segregation of Accounting Duties

 No one employee should be given too much responsibility

 Separate:
 Authorization
 Approving transactions and decisions
 Recording
 Preparing source documents
 Entering data into an AIS
 Maintaining accounting records
 Custody
 Handling cash, inventory, fixed assets
 Receiving incoming checks
 Writing checks

Copyright © 2012 Pearson Education 7-17

Information and Communication

 Primary purpose of an AIS

 Gather
 Record
 Process
 Summarize
 Communicate

Copyright © 2012 Pearson Education 7-18

Monitoring
 Evaluate internal control framework.

 Effective supervision.

 Responsibility accounting system.

 Monitor system activities.

 Track purchased software and mobile devices.

 Conduct periodic audits.

 Employ a security officer and compliance officer.

 Engage forensic specialists.

 Install fraud detection software.

 Implement a fraud hotline.

Copyright © 2012 Pearson Education 7-19

Segregation of System Duties

 Like accounting system duties should also be separated

 These duties include:

 System administration
 Network management
 Security management
 Change management
 Users
 Systems analysts
 Programmers
 Computer operators
 Information system librarian
 Data control

Copyright © 2012 Pearson Education 7-20

Chapter 8
Information Systems Controls for System Reliability— Part 1: Information Security
8-1
Copyright © 2012 Pearson Education
Learning Objectives

 Discuss how the COBIT framework can be used to

develop sound internal control over an organization’s
information systems.

 Explain the factors that influence information systems

reliability.

 Describe how a combination of preventive, detective,

and corrective controls can be employed to provide
reasonable assurance about information security.

Copyright © 2012 Pearson Education 8-2

AIS Controls

 COSO and COSO-ERM address general internal control

 COBIT addresses information technology internal control

Copyright © 2012 Pearson Education 8-3

Information for Management Should
Be:
 Effectiveness  Availability
 Information must be relevant  Information must be available
and timely. whenever needed.

 Efficiency  Compliance
 Information must be produced  Controls must ensure
in a cost-effective manner. compliance with internal
policies and with external
 Confidentiality legal and regulatory
requirements.
 Sensitive information must be
protected from unauthorized
disclosure.  Reliability
 Management must have
 Integrity access to appropriate
information needed to
 Information must be accurate, conduct daily activities and to
complete, and valid. exercise its fiduciary and
governance responsibilities.

Copyright © 2012 Pearson Education 8-4

COBIT Framework

Information
Criteria

Copyright © 2012 Pearson Education 8-5

COBIT Cycle

 Management develops plans to organize information

resources to provide the information it needs.

 Management authorizes and oversees efforts to acquire (or

build internally) the desired functionality.

 Management ensures that the resulting system actually

delivers the desired information.

 Management monitors and evaluates system performance

against the established criteria.

 Cycle constantly repeats, as management modifies existing

plans and procedures or develops new ones to respond to
changes in business objectives and new developments in
information technology.

Copyright © 2012 Pearson Education 8-6

COBIT Controls

 210 controls for ensuring information integrity

 Subset is relevant for external auditors
 IT control objectives for Sarbanes-Oxley, 2nd Edition

 AICPA and CICA information systems controls

 Controls for system and financial statement reliability

Copyright © 2012 Pearson Education 8-7

Trust Services Framework
 Security
 Access to the system and its data is controlled and restricted to legitimate
users.

 Confidentiality
 Sensitive organizational information (e.g., marketing plans, trade secrets) is
protected from unauthorized disclosure.

 Privacy
 Personal information about customers is collected, used, disclosed, and
maintained only in compliance with internal policies and external regulatory
requirements and is protected from unauthorized disclosure.

 Processing Integrity
 Data are processed accurately, completely, in a timely manner, and only with
proper authorization.

 Availability
 The system and its information are available to meet operational and
contractual obligations.

Copyright © 2012 Pearson Education 8-8

Trust Services Framework

Copyright © 2012 Pearson Education 8-9

Security / Systems Reliability

 Foundation of the Trust Services Framework

 Management issue, not a technology issue
 SOX 302 states:
 CEO and the CFO responsible to certify that the
financial statements fairly present the results of the
company’s activities.
 The accuracy of an organization’s financial
statements depends upon the reliability of its
information systems.
 Defense-in-depth and the time-based model of information
security
 Have multiple layers of control

Copyright © 2012 Pearson Education 8-10

Management’s Role in IS Security

 Create security aware culture

 Inventory and value company information resources

 Assess risk, select risk response

 Develop and communicate security:

 Plans, policies, and procedures

 Acquire and deploy IT security resources

 Monitor and evaluate effectiveness

Copyright © 2012 Pearson Education 8-11

Time-Based Model

 Combination of detective and corrective controls

 P = the time it takes an attacker to break through the
organization’s preventive controls
 D = the time it takes to detect that an attack is in progress
 C = the time it takes to respond to the attack
 For an effective information security system:
 P>D+C

Copyright © 2012 Pearson Education 8-12

Steps in an IS System Attack

Copyright © 2012 Pearson Education 8-13

Mitigate Risk of Attack

 Preventive Control

 Detective Control

 Corrective Control

Copyright © 2012 Pearson Education 8-14

Preventive Control

 Training

 User access controls (authentication and authorization)

 Physical access controls (locks, guards, etc.)

 Network access controls (firewalls, intrusion prevention

systems, etc.)

 Device and software hardening controls (configuration

options)

Copyright © 2012 Pearson Education 8-15

Authentication vs.
Authorization
 Authentication—verifies who a person is
1. Something person knows
2. Something person has
3. Some biometric characteristic
4. Combination of all three

 Authorization—determines what a person can access

Copyright © 2012 Pearson Education 8-16

Network Access Control
(Perimeter Defense)
 Border router
 Connects an organization’s information system to the Internet

 Firewall
 Software or hardware used to filter information

 Demilitarized Zone (DMZ)

 Separate network that permits controlled access from the
Internet to selected resources

 Intrusion Prevention Systems (IPS)

 Monitors patterns in the traffic flow, rather than only inspecting
individual packets, to identify and automatically block attacks

Copyright © 2012 Pearson Education 8-17

Internet Information Protocols

Copyright © 2012 Pearson Education 8-18

Device and Software
Hardening (Internal Defense)
 End-Point Configuration
 Disable unnecessary features that may be vulnerable to
attack on:
 Servers, printers, workstations

 User Account Management

 Software Design
 Programmers must be trained to treat all input from external
users as untrustworthy and to carefully check it before
performing further actions.

Copyright © 2012 Pearson Education 8-19

Detective Controls

 Log Analysis
 Process of examining logs to identify evidence of possible
attacks

 Intrusion Detection
 Sensors and a central monitoring unit that create logs of
network traffic that was permitted to pass the firewall and
then analyze those logs for signs of attempted or successful
intrusions

 Managerial Reports

 Security Testing

Copyright © 2012 Pearson Education 8-20

Corrective Controls

 Computer Incident Response Team

 Chief Information Security Officer (CISO)

 Independent responsibility for information security assigned
to someone at an appropriate senior level

 Patch Management
 Fix known vulnerabilities by installing the latest updates
 Security programs
 Operating systems
 Applications programs

Copyright © 2012 Pearson Education 8-21

Computer Incident Response
Team
 Recognize that a problem exists

 Containment of the problem

 Recovery

 Follow-up

Copyright © 2012 Pearson Education 8-22

New Considerations

 Virtualization  Risks
 Multiple systems are  Increased exposure if
run on one computer breach occurs
 Reduced
 Cloud Computing authentication
 Remotely accessed standards
resources  Opportunities
 Implementing strong
 Software access controls in the
applications cloud or over the server
 Data storage that hosts a virtual
network provides good
 Hardware security over all the
systems contained
therein
Copyright © 2012 Pearson Education 8-23
Chapter 11
Auditing Computer-Based Information Systems
11-1
Copyright © 2012 Pearson Education
Learning Objectives

 Describe the scope and objectives of audit work, and

identify the major steps in the audit process.

 Identify the objectives of an information system audit,

and describe the four-step approach necessary for
meeting these objectives.

 Design a plan for the study and evaluation of internal

control in an AIS.

 Describe computer audit software, and explain how it is

used in the audit of an AIS

 Describe the nature and scope of an operational audit.

Copyright © 2012 Pearson Education 11-2

Auditing

 The systematic process of obtaining and evaluating

evidence regarding assertions about economic actions
and events in order to determine how well they
correspond with established criteria

Copyright © 2012 Pearson Education 11-3

Types of Audits
 Financial
 Examines the reliability and integrity of:
 Financial transactions, accounting records, and financial statements.

 Information System
 Reviews the controls of an AIS to assess compliance with:
 Internal control policies and procedures and effectiveness in
safeguarding assets

 Operational
 Economical and efficient use of resources and the accomplishment of
established goals and objectives

 Compliance
 Determines whether entities are complying with:
 Applicable laws, regulations, policies, and procedures

 Investigative
 Incidents of possible fraud, misappropriation of assets, waste and abuse, or
improper governmental activities.

Copyright © 2012 Pearson Education 11-4

The Audit Process

 Planning

 Collecting Evidence

 Evaluating Evidence

 Communicating Audit Results

Copyright © 2012 Pearson Education 11-5

Planning the Audit

 Why, when, how, whom

 Work targeted to area with greatest risk:

 Inherent
 Chance of risk in the absence of controls
 Control
 Risk a misstatement will not be caught by the internal
control system
 Detection
 Chance a misstatement will not be caught by auditors or
their procedures

Copyright © 2012 Pearson Education 11-6

Collection of Audit Evidence

 Not everything can be  Confirmations

examined so samples are  Testing balances with
collected external 3rd parties
 Observation activates to  Re-performance
be audited
 Recalculations to test
 Review of documentation values
 Gain understanding of  Vouching
process or control
 Examination of
 Discussions supporting documents

 Questionnaires  Analytical review

 Examining relationships
 Physical examination and trends

Copyright © 2012 Pearson Education 11-7

Evaluation of Audit Evidence

 Does evidence support favorable or unfavorable

conclusion?

 Materiality
 How significant is the impact of the evidence?

 Reasonable Assurance
 Some risk remains that the audit conclusion is incorrect.

Copyright © 2012 Pearson Education 11-8

Communication of Audit Conclusion

 Written report summarizing audit findings and

recommendations:
 To management
 The audit committee
 The board of directors
 Other appropriate parties

Copyright © 2012 Pearson Education 11-9

Risk-Based Audit
 Determine the threats (fraud and errors) facing the company.
 Accidental or intentional abuse and damage to which the system is
exposed

 Identify the control procedures that prevent, detect, or correct the

threats.
 These are all the controls that management has put into place and that
auditors should review and test, to minimize the threats

 Evaluate control procedures.

 A systems review
 Are control procedures in place
 Tests of controls
 Are existing controls working

 Evaluate control weaknesses to determine their effect on the

nature, timing, or extent of auditing procedures.

Copyright © 2012 Pearson Education 11-10

Information Systems Audit

 Purpose:
 To review and evaluate the internal controls that protect the
system

 Objectives:
1. Overall information security
2. Program development and acquisition
3. Program modification
4. Computer processing
5. Source files
6. Data files

Copyright © 2012 Pearson Education 11-11

1. Information System Threats

 Accidental or intentional damage to system assets

 Unauthorized access, disclosure, or modification of data

and programs

 Theft

 Interruption of crucial business activities

Copyright © 2012 Pearson Education 11-12

2. Program Development and
Acquisition

 Inadvertent programming errors due to misunderstanding

system specifications or careless programming

 Unauthorized instructions deliberately inserted into the

programs

 Controls:
 Management and user authorization and approval, thorough
testing, and proper documentation

Copyright © 2012 Pearson Education 11-13

3. Program Modification

 Source Code Comparison

 Compares current program against source code for any
discrepancies

 Reprocessing
 Use of source code to re-run program and compare for
discrepancies

 Parallel Simulation
 Auditor-created program is run and used to compare
against source code

Copyright © 2012 Pearson Education 11-14

4. Computer Processing

 System fails to detect:

 Erroneous input
 Improper correction of input errors
 Process erroneous input
 Improperly distribute or disclose output

 Concurrent audit techniques

 Continuous system monitoring while live data are processed
during regular operating hours
 Using embedded audit modules
 Program code segments that perform audit functions,
report test results, and store the evidence collected for
auditor review

Copyright © 2012 Pearson Education 11-15

Types of Concurrent Audits

 Integrated Test Facility

 Uses fictitious inputs

 Snapshot Technique
 Master files before and after update are stored for specially marked
transactions

 System Control Audit Review File (SCARF)

 Continuous monitoring and storing of transactions that meet pre-specifications

 Audit Hooks
 Notify auditors of questionable transactions

 Continuous and Intermittent Simulation

 Similar to SCARF for DBMS

Copyright © 2012 Pearson Education 11-16

5. Source Data and
6. Data Files
 Accuracy

 Integrity

 Security of data

Copyright © 2012 Pearson Education 11-17

Chapter 12
The Revenue Cycle: Sales to Cash Collections
12-1
Copyright © 2012 Pearson Education
Learning Objectives

 Describe the basic business activities and related

information processing operations performed in the
revenue cycle.

 Discuss the key decisions that need to be made in the

revenue cycle, and identify the information needed to
make those decisions.

 Identify major threats in the revenue cycle, and evaluate

the adequacy of various control procedures for dealing
with those threats.

Copyright © 2012 Pearson Education 12-2

The Revenue Cycle

Copyright © 2012 Pearson Education 12-3

The Revenue Cycle

 Provides goods and services to customers

 Collects cash in payment for those sales

 Primary Objective:
 Provide the right product
 In the right place
 At the right time for the right price

Copyright © 2012 Pearson Education 12-4

Revenue Cycle Activities

1. Sales order entry

2. Shipping

3. Billing

4. Cash collections

Copyright © 2012 Pearson Education 12-5

General Revenue Cycle Threats

 Inaccurate or invalid master data

 Unauthorized disclosure of sensitive information

 Loss or destruction of master data

 Poor performance

Copyright © 2012 Pearson Education 12-6

General Revenue Cycle Controls

 Data processing integrity controls

 Restriction of access to master data

 Review of all changes to master data

 Access controls

 Encryption

 Backup and disaster recovery procedures

 Managerial reports

Copyright © 2012 Pearson Education 12-7

Sales Order Entry

1. Take order

2. Check and approve credit

3. Check inventory availability

Copyright © 2012 Pearson Education 12-8

Sales Order Threats

 Incomplete/inaccurate orders

 Invalid orders

 Uncollectible accounts

 Stockouts or excess inventory

 Loss of customers

Copyright 2012 © Pearson Education 12-9

Sales Order Entry Controls

 Data entry edit controls (see  Perpetual inventory control

Chapter 10) system

 Restriction of access to  Use of bar-codes or RFID

master data
 Training
 Digital signatures or written
signatures  Periodic physical counts of
inventory
 Credit limits
 Sales forecasts and activity
 Specific authorization to reports
approve sales to new
customers or sales that  CRM systems, self-help Web
exceed a customer’s credit sites, and proper evaluation
limit of customer service ratings
 Aging of accounts
receivable

Copyright © 2012 Pearson Education 12-10

Shipping

1. Picking and packing the order

2. Shipping the order

Copyright © 2012 Pearson Education 12-11

Shipping Threats

 Picking the wrong items or the wrong quantity

 Theft of inventory

 Shipping errors (delay or failure to ship, wrong quantities,

wrong items, wrong addresses, duplication)

Copyright © 2012 Pearson Education 12-12

Shipping Controls

 Bar-code and RFID  Reconciliation of shipping

technology documents with sales orders,
picking lists, and packing
 Reconciliation of picking lists slips
to sales order details
 Use RFID systems to identify
 Restriction of physical delays
access to inventory
 Data entry via bar-code
 Documentation of all scanners and RFID
inventory transfers
 Data entry edit controls (if
 RFID and bar-code shipping data entered on
technology terminals)

 Periodic physical counts of  Configuration of ERP system

inventory and reconciliation to prevent duplicate
to recorded quantities shipments

Copyright © 2012 Pearson Education 12-13

Billing

1. Invoicing

2. Updating accounts receivable

Copyright © 2012 Pearson Education 12-14

Billing Threats

 Failure to bill

 Billing errors

 Posting errors in accounts receivable

 Inaccurate or invalid credit memos

Copyright © 2012 Pearson Education 12-15

Billing Controls
 Separation of billing and  Data entry controls
shipping functions
 Reconciliation of batch totals
 Periodic reconciliation of
invoices with sales orders,  Mailing of monthly statements to
picking tickets, and shipping customers
documents
 Reconciliation of subsidiary
 Configuration of system to enter accounts to general ledger
pricing data automatically
 Segregation of duties of credit
 Restriction of access to pricing memo authorization from both
master data sales order entry and customer
account maintenance
 Data entry edit controls
 Configuration of system to block
 Reconciliation of shipping credit memos unless there is
documents (picking tickets, bills either corresponding
of lading, and packing list) to documentation of return of
sales orders damaged goods or specific
authorization by management

Copyright © 2012 Pearson Education 12-16

Cash Collections Threats

1. Theft of cash

2. Cash flow problems

Copyright © 2012 Pearson Education 12-17

Cash Collection Controls
 Separation of cash handling function from accounts receivable and credit functions

 Regular reconciliation of bank account with recorded amounts by someone

independent of cash collections procedures

 Use of EFT, FEDI, and lockboxes to minimize handling of customer payments by

employees

 Prompt, restrictive endorsement of all customer checks

 Having two people open all mail likely to contain customer payments

 Use of cash registers

 Daily deposit of all cash receipts

 Lockbox arrangements, EFT, or credit cards

 Discounts for prompt payment by customers

 Cash flow budgets

Copyright © 2012 Pearson Education 12-18

Chapter 13
The Expenditure Cycle: Purchasing to Cash Disbursements
13-1
Copyright © 2012 Pearson Education
Learning Objectives

 Explain the basic business activities and related

information processing operations performed in the
expenditure cycle.

 Discuss the key decisions to be made in the expenditure

cycle, and identify the information needed to make
those decisions.

 Identify major threats in the expenditure cycle, and

evaluate the adequacy of various control procedures for
dealing with those threats.

Copyright © 2012 Pearson Education 13-2

The Expenditure Cycle

Copyright © 2012 Pearson Education 13-3

The Expenditure Cycle

 Activities and information processing related to:

 Purchasing and payment of
 Goods and services

 Primary objective:
 Minimize the total cost of acquiring and maintaining
inventories, supplies, and the various services the
organization needs to function

Copyright © 2012 Pearson Education 13-4

Expenditure Cycle Activities

1. Ordering materials, supplies,

and services

2. Receiving materials, supplies,

and services

3. Approving supplier invoices

4. Cash disbursements

Copyright © 2012 Pearson Education 13-5

Expenditure Cycle General Threats

 Inaccurate or invalid master data

 Unauthorized disclosure of sensitive information

 Loss or destruction of data

 Poor performance

Copyright © 2012 Pearson Education 13-6

Expenditure Cycle General Controls

 Data processing integrity controls

 Restriction of access to master data

 Review of all changes to master data

Copyright © 2012 Pearson Education 13-7

Ordering Threats

 Inaccurate inventory records

 Purchasing items not needed

 Purchasing at inflated prices

 Purchasing goods of inferior quality

 Unreliable suppliers

 Purchasing from unauthorized suppliers

 Kickbacks

Copyright © 2012 Pearson Education 13-8

Ordering Controls
 Perpetual inventory system

 Bar coding or RFID tags

 Periodic physical counts of inventory

 Perpetual inventory system

 Review and approval of purchase requisitions

 Centralized purchasing function

 Price lists

 Competitive bidding

 Review of purchase orders

 Budgets

 Purchasing only from approved suppliers

Copyright © 2012 Pearson Education 13-9

Ordering Controls (cont’d)
 Review and approval of purchases from new suppliers

 Holding purchasing managers responsible for rework and scrap costs

 Tracking and monitoring product quality by supplier

 Requiring suppliers to possess quality certification (e.g., ISO 9000)

 Collecting and monitoring supplier delivery performance data

 Maintaining a list of approved suppliers and configuring the system to permit purchase orders
only to approved suppliers

 Review and approval of purchases from new suppliers

 EDI-specific controls (access, review of orders, encryption, policy)

 Requiring purchasing agents to disclose financial and personal interests in suppliers

 Training employees in how to respond to offers of gifts from suppliers

 Job rotation and mandatory vacations

 Supplier audits

Copyright © 2012 Pearson Education 13-10

Receiving Threats

 Accepting unordered items

 Mistakes in counting

 Verifying receipt of services

 Theft of inventory

Copyright © 2012 Pearson Education 13-11

Receiving Controls
 Requiring existence of approved purchase  Budgetary controls
order prior to accepting any delivery
 Audits
 Do not inform receiving employees about
quantity ordered  Restriction of physical access to
inventory
 Require receiving employees to sign
receiving report  Documentation of all transfers of
inventory between receiving and
 Incentives inventory employees

 Document transfer of goods to inventory  Periodic physical counts of inventory

and reconciliation to recorded
 Use of bar-codes and RFID tags quantities

 Configuration of the ERP system to flag

discrepancies between received and
ordered quantities that exceed tolerance
threshold for investigation

 Segregation of duties: custody of inventory

versus receiving

Copyright © 2012 Pearson Education 13-12

Invoice Processing

 Non-Voucher
 Each approved invoice is posted to individual supplier
records in the accounts payable file and is then stored in an
open-invoice file.
 When a check is written to pay for an invoice, the voucher
package is removed from the open-invoice file, the invoice
is marked paid, and then the voucher package is stored in
the paid-invoice file.

 Voucher
 Disbursement voucher is also created when a supplier
invoice is approved for payment.
 Identifies the supplier, lists the outstanding invoices, and
indicates the net amount to be paid after deducting any
applicable discounts and allowances.

Copyright © 2012 Pearson Education 13-13

Advantages of Voucher System

1. Reduce number of checks

2. Can utilize pre-sequential-numbered voucher control

3. Allows for separation of invoice approval from invoice

payment

Copyright © 2012 Pearson Education 13-14

Approving Invoices Threats

 Errors in supplier invoices

 Mistakes in posting to accounts payable

Copyright © 2012 Pearson Education 13-15

Approving Invoices Controls
 Verification of invoice accuracy

 Requiring detailed receipts for

procurement card purchases

 Evaluated receipt settlement

 Match PO with receiving report

 Restriction of access to supplier master

data

 Verification of freight bill and use of

approved delivery channels

 Data entry edit controls

 Reconciliation of detailed accounts

payable records with the general ledger
control account

Copyright © 2012 Pearson Education 13-16

Cash Disbursement Threats

 Failure to take advantage of discounts for prompt

payment

 Paying for items not received

 Duplicate payments

 Theft of cash

 Check alteration

 Cash flow problems

Copyright © 2012 Pearson Education 13-17

Cash Disbursement Controls
 Filing of invoices by due date for discounts

 Cash flow budgets

 Requiring that all supplier invoices be matched to supporting

documents that are acknowledged by both receiving and inventory
control

 Budgets (for services)

 Requiring receipts for travel expenses

 Use of corporate credit cards for travel expenses

 Requiring a complete voucher package for all payments

 Policy to pay only from original copies of supplier invoices

 Cancelling all supporting documents when payment is made

Copyright © 2012 Pearson Education 13-18

Cash Disbursement Controls
 Cancelling all supporting documents when payment is made

 Physical security of blank checks and check-signing machine

 Periodic accounting of all sequentially numbered checks by cashier

 Access controls to EFT terminals

 Use of dedicated computer and browser for online banking

 ACH blocks on accounts not used for payments

 Separation of check-writing function from accounts payable

 Requiring dual signatures on checks greater than a specific amount

 Regular reconciliation of bank account with recorded amounts by

someone independent of cash disbursements procedures

Copyright © 2012 Pearson Education 13-19

Cash Disbursement Controls
 Restriction of access to supplier master file

 Limiting the number of employees with ability to create one-

time suppliers and to process invoices from one-time
suppliers

 Running petty cash as an imprest fund

 Surprise audits of petty cash fund

 Check protection machines

 Use of special inks and papers

 “Positive pay” arrangements with banks

 Cash flow budget

Copyright © 2012 Pearson Education 13-20

Chapter 14
The Production Cycle
14-1
Copyright © 2012 Pearson Education
Learning Objectives

 Describe the major business activities and related

information processing operations performed in the
production cycle.

 Identify major threats in the production cycle and

evaluate the adequacy of various control procedures for
dealing with those threats.

 Explain how a company’s cost accounting system can

help it achieve its manufacturing goals.

 Discuss the key decisions that must be made in the

production cycle and identify the information required to
make those decisions.

Copyright © 2012 Pearson Education 14-2

Production Cycle

Copyright © 2012 Pearson Education 14-3

The Production Cycle

 Business activities and information processing activities

 Related to manufacturing of products

Copyright © 2012 Pearson Education 14-4

Production Cycle Activities

1. Product design

2. Planning and
scheduling

3. Production operations

4. Cost accounting

Copyright © 2012 Pearson Education 14-5

Production Cycle General Threats

 Inaccurate or invalid master data

 Unauthorized disclosure of sensitive information

 Loss or destruction of data

Copyright © 2012 Pearson Education 14-6

Production Cycle General Controls

 Data processing integrity controls

 Restriction of access to master data

 Review of all changes to master data

 Access controls

 Encryption

 Backup and disaster recovery procedures

Copyright © 2012 Pearson Education 14-7

Product Design Threats

 Poor product design resulting in excess costs

Copyright © 2012 Pearson Education 14-8

Product Design Controls

 Accounting analysis of costs arising from product design

choices

 Analysis of warranty and repair costs

Copyright © 2012 Pearson Education 14-9

Planning and Scheduling Threats

 Over- or underproduction

Copyright © 2012 Pearson Education 14-10

Planning and Scheduling Controls

 Production planning systems

 Review and approval of production schedules and

orders

 Restriction of access to production orders and

production schedules

Copyright © 2012 Pearson Education 14-11

Production Operations Threats

 Theft of inventory

 Theft of fixed asset

 Poor performance

 Suboptimal investment in fixed assets

 Loss of inventory or fixed assets due to fire or other

disasters

 Disruption of operations

Copyright © 2012 Pearson Education 14-12

Production Operations Controls
 Physical access control  Maintaining detailed records of
fixed assets, including disposal
 Documentation of all inventory
movement  Training

 Segregation of duties—custody of  Performance reports

assets from recording and
authorization of removal  Proper approval of fixed asset
acquisitions, including use of
 Restriction of access to inventory requests for proposals to solicit
master data multiple competitive bids

 Periodic physical counts of inventory  Physical safeguards (e.g., fire

and reconciliation of those counts to sprinklers)
recorded quantities
 Insurance
 Physical inventory of all fixed assets
 Backup and disaster recovery
 Restriction of physical access to fixed plans
assets

Copyright © 2012 Pearson Education 14-13

Cost Accounting Threats

 Inaccurate cost data

 Inappropriate allocation of overhead costs

 Misleading reports

Copyright © 2012 Pearson Education 14-14

Cost Accounting Controls

 Source data automation

 Data processing integrity controls

 Time-driven activity-based costing

 Innovative performance metrics

Copyright © 2012 Pearson Education 14-15

Assigning Production Costs
 Job-Order Costing
 Assigns costs to specific production batches, or jobs
 If the product or service is uniquely identifiable

 Process Costing
 Assigns costs to each process, or work center, in the production cycle,
and then calculates the average cost for all units produced.
 If the product or service is similar and produced in mass quantities

 Activity-Based Costing
 Traces costs to the activities that create them
 Uses a greater number of overhead pools
 Batch
 Product
 Organization
 Identifies cost drivers
 Cause-and-effect relationship

Copyright © 2012 Pearson Education 14-16

Chapter 15
The Human Resources Management and Payroll Cycle
15-1
Copyright © 2012 Pearson Education
Learning Objectives

 Describe the major business activities and related

information processing operations performed in the
human resources management (HRM)/payroll cycle.

 Discuss the key decisions to be made in the HRM/payroll

cycle and identify the information needed to make those
decisions.

 Identify the major threats in the HRM/payroll cycle and

evaluate the adequacy of various internal control
procedures for dealing with them.

HRM and Payroll Cycle

 Managing Employees:
 Recruiting and hiring new employees
 Training
 Job assignment
 Compensation
 Performance evaluation
 Discharge of employees due to voluntary or involuntary
termination

HRM and Payroll Cycle Activities

1. Update master data

2. Validate time and

attendance

3. Prepare payroll

4. Distribute payroll

5. Disburse taxes and

miscellaneous
deductions

HRM and Payroll General Threats

 Inaccurate or invalid master data

 Unauthorized disclosure of sensitive information

 Loss or destruction of data

 Hiring unqualified or larcenous employees

 Violations of employment laws

HRM and Payroll General Controls

 Data processing integrity controls

 Restriction of access to master data

 Review of all changes to master data

 Access controls

 Encryption

 Backup and disaster recovery procedures

 Sound hiring procedures, including verification of job applicants’ credentials, skills,

references, and employment history

 Criminal background investigation checks of all applicants for finance-related

positions

 Thorough documentation of hiring, performance evaluation, and dismissal

procedures

Update Master File Threats

 Unauthorized changes to payroll master data

 Inaccurate updating of payroll master data

Update Master File Controls

 Segregation of duties: HRM department updates master

data, but only payroll department issues paychecks

 Access controls

 Data processing integrity controls

 Regular review of all changes to master payroll data

Validation Threats

 Inaccurate time and attendance data

Validation Controls

 Source data automation for data capture

 Biometric authentication

 Segregation of duties (reconciliation of job-time tickets to

time cards)

 Supervisory review

Prepare Payroll Threats

 Errors in processing payroll

Prepare Payroll Controls

 Data processing integrity controls: batch totals, cross-

footing of the payroll register, use of a payroll clearing
account, and a zero-balance check

 Supervisory review of payroll register and other reports

 Issuing earnings statements to employees

 Review of IRS guidelines to ensure proper classification of

workers as either employees or independent contractors

Disburse Payroll Threats

 Theft or fraudulent distribution of paychecks

Disburse Payroll Controls
 Restriction of physical access to blank payroll checks and the check signature
machine

 Restriction of access to the EFT system

 Prenumbering and periodically accounting for all payroll checks and review of all
EFT direct deposit transactions

 Require proper supporting documentation for all paychecks

 Use of a separate checking account for payroll, maintained as an imprest fund

 Segregation of duties (cashier versus accounts payable; check distribution from

hiring/firing; independent reconciliation of the payroll checking account)

 Restriction of access to payroll master database

 Verification of identity of all employees receiving paychecks

 Re-depositing unclaimed paychecks and investigating cause

Disburse Taxes and Deduction Threats

 Failure to make required payments

 Untimely payments

 Inaccurate payments

Disburse Taxes and Deductions Controls

 Configuration of system to make required payments

using current instructions from IRS (Publication Circular E)

 Processing integrity controls

 Supervisory review of reports

 Employee review of earnings statement

Chapter 16
General Ledger and Reporting System
16-1
Copyright © 2012 Pearson Education
Learning Objectives
 Describe the information processing operations required to
update the general ledger and to produce reports for
internal and external users.

 Identify the major threats in general ledger and reporting

activities and evaluate the adequacy of various control
procedures for dealing with them.

 Understand the implications of new IT developments, such

as XBRL, and changes in external reporting requirements,
such as IFRS, for the design and operation of the general
ledger and reporting system.

 Discuss how tools such as responsibility accounting,

balanced scorecards, and graphs can be used to provide
information managers need to effectively monitor
performance.

General Ledger and Reporting

 Primary function is to collect and organize

 The accounting cycle activities
 Financing activities
 Investing activities
 Budget activities
 Adjustments

General Ledger and Reporting Activities

1. Update general
ledger

2. Post adjusting
entries

3. Prepare financial
statements

4. Produce
management
reports

General Ledger and Reporting General
Threats

 Inaccurate or invalid general ledger data

 Unauthorized disclosure of financial statement

 Loss or destruction of data

General Ledger and Reporting
General Controls
 Data processing integrity controls

 Restriction of access to general ledger

 Review of all changes to general ledger data

 Access controls

 Encryption

 Backup and disaster recovery procedures

Update General Ledger Threats

 Inaccurate updating of general ledger

 Unauthorized journal entries

Update General Ledger Controls

 Data entry processing integrity controls

 Reconciliations and control reports

 Audit trail creation and review

 Access controls

 Reconciliations and control reports

 Audit trail creation and review

Post Adjusting Entries Threats

 Inaccurate adjusting entries

 Unauthorized adjusting entries

Post Adjusting Entries Controls

 Data entry processing integrity controls

 Spreadsheet error protection controls

 Standard adjusting entries

 Reconciliations and control reports

 Audit trail creation and review

 Access controls

 Reconciliations and control reports

 Audit trail creation and review

Prepare Financial Statement Threats

 Inaccurate financial statements

 Fraudulent financial reporting

Prepare Financial Statement Controls

 Processing integrity controls

 Use of packaged software

 Training and experience in applying IFRS and XBRL

 Audits

eXtensible Business Reporting
Language (XBRL)
Without With

XBRL
 Instance Document
 Contains data from financial statements
 Marked up or tagged with data describing the data
 Each piece of data in XBRL is an element

 Taxonomy
 Set of files defining the various elements and the relationships between them
 A schema
 Contains the definitions of every element that could appear in an instance document

 Linkbases
 Describes relationships between elements
 Reference
 Identifies relevant authoritative pronouncements
 Calculation
 Specifies how to combine elements
 Presentation
 How to group elements
 Label
 Associates human-readable labels with elements

Produce Management Reports
Threats
 Poorly designed reports and graphs

Produce Management Report
Controls
 Responsibility accounting

 Balanced scorecard

 Training on proper graph design

Balanced Scorecard

 A report that provides a multidimensional perspective of

organizational performance
 Reflecting four perspectives of the organization
 Financial
 Customer
 Internal operations
 Innovation and learning
 Showing goals and measures
 Targets
 Actual

 Discuss the steps for designing and implementing a

database system.

 Use the REA data model to design an AIS database.

 Draw an REA diagram of an AIS database.

 Read an REA diagram and explain what it reveals about

the business activities and policies of the organization
being modeled.

Database Design Process

The System Analysis Process
 Systems Analysis
 Initial planning to determine the need for and feasibility of developing a new
system
 Judgments about the proposal’s technological and economic feasibility
 Identify user information needs
 Define the scope of the proposed new system
 Gather information about the expected number of users and transaction
volumes to make preliminary decisions about hardware and software
requirements

 Conceptual Design
 Developing the different schemas for the new system at the conceptual,
external, and internal levels

The System Analysis Process (cont’d)

 Physical Design
 Translating the internal-level schema into the actual database structures that
will be implemented in the new system
 New applications are developed

 Implementation and Conversion

 Includes all the activities associated with transferring data from existing
systems to the new database AIS
 Testing the new system
 Training employees

 Maintaining the New System

Data Modeling

 Process of defining an information system so it represents

an organizations requirements

 Occurs at two stages of the design process:

 System analysis
 Conceptual design

 Data models:
 Data flow diagrams (Chapter 3)
 Flow charts (Chapter 3)
 Entity-relationship diagrams (Chapter 17)

Entity-Relationship Diagrams

 Used to graphically represent a database schema

 Depicts entities
 Anything an organization wants to collect information about

 Relationships between entities

E-R Diagram Variations

Resources-Events-Agents Diagram

 Developed for designing AIS

 Categorizing entities into:

 Resources
 Things that have economic value

 Events
 Business activities
 Management wants to manage and control

 Agents
 People and organizations that participate in events

REA Diagram Rules

1. Each event is linked to at least one resource that it

affects.

2. Each event is linked to at least one other event.

 Types of links (relationships):
 Get events
 Give events
 Participation events

3. Each event is linked to at least two participating agents.

Business Cycle Give–Get Relationships

Revenue Cycle REA Diagram

Developing an REA Diagram

1. Identify the events about which management wants to

collect information.

2. Identify the resources affected by each event and the

agents who participate in those events.
 What economic resource is reduced by the “Give” event?
 What economic resource is acquired by the “Get” event?
 What economic resource is affected by a commitment
event?

3. Determine the cardinalities of each relationship.

Cardinalities

 Describe the nature of relationships between entities

 How many instances of one entity can be linked to each specific instance of
another entity
 Minimum can be: 0 or 1
 Maximum can be: 1 or Many

Three Types of Relationships

 Relationship type is based on maximum cardinality:

 One-to-One:

 One-to-Many:

 Many-to-Many:

 Discuss the people involved in systems development and

the roles they play.

 Explain the importance of systems development planning

and describe planning techniques.

 Discuss the various types of feasibility analysis and calculate

economic feasibility.

 Explain why system changes trigger behavioral reactions,

What form this resistance to change takes, and how to avoid or
minimize the resulting problems.

 Discuss the key issues and steps in systems analysis.

Why Update Systems?

 User or business changes

 Technology changes

 To improve business process

 Create competitive advantage

 Increase productivity gains

 Integrate multiple systems

 Aging systems need replacement

Software Development Problems

 Most software development projects deliver less, cost

more, and take longer than expected.
 Standish Group found that:
 70 percent of software development projects were late
 54 percent were over budget
 66 percent were unsuccessful
 30 percent were canceled before completion
 American Management Systems found that:
 75 percent of all large systems are not used
 Not used as intended, or
 Generate meaningless reports or inaccurate data

Systems Development Life Cycle
(SDLC)

SDLC Steps
 System Analysis
 Information about system needs, costs, and so on are gathered.

 Conceptual Design
 Gather system/user requirements.

 Physical Design
 Concepts are translated into detailed specifications.

 Implementation and Conversion

 New hardware and software are installed and tested.
 Employees are hired and trained or existing employees relocated.
 Processing procedures are tested and modified.
 Standards and controls for the new system are established and system
documentation completed.

 Operation and Maintenance

 New system is periodically reviewed.
 Modifications are made as problems arise or as new needs become evident.

Systems Analysis Activities

Initial Systems Feasibility Information Systems

Investigation Survey Study needs and Analysis
•What’s the •Gain •Determine System Report
Problem Understanding of Project Viability Requirements •Summarize and
•What’s the Company Document
•What do Users
Scope •Preliminary Need Activities
Assessment of
Needs & •Document
System
Changes
Required Requirements
•Develop Working
Relationships
•Collect Data

People Interacting in SDLC

 Management

 Accountants

 Users

 Information systems steering committee

 Project development team

 Systems analysts and programmers

Planning SDLC

 Project Development Plan

 Cost/benefit analysis
 Developmental and operational requirements (people,
hardware, software, and financial)
 Schedule of the activities required to develop and operate
the new application

 Master Plan
 What the system will consist of
 How it will be developed
 Who will develop it
 How needed resources will be acquired
 Where the AIS is headed

Planning Technique—PERT Chart

 Program Evaluation and Review Technique (PERT)

 Network of arrows and nodes representing project activities
that require an expenditure of time and resources and the
completion and initiation of activities
 Completion time estimates made
 Critical path—the path requiring the greatest amount of
time is determined

Planning Technique—GANTT Chart

 A bar chart with project activities on the left-hand side

and units of time across the top

 Graphically shows the entire schedule for a large,

complex project

Feasibility Analysis
 Does it make sense to proceed with new system?

 Economic:
 Will system benefits justify the time, money, and resources required to implement it?

 Technical:
 Can the system be developed and implemented using existing technology?

 Legal:
 Does the system comply with all applicable federal and state laws, administrative
agency regulations, and contractual obligations?

 Scheduling
 Can the system be developed and implemented in the time allotted?

 Operational
 Does the organization have access to people who can design, implement, and
operate the proposed system? Will people use the system?

Capital Budgeting: Economic
Feasibility
Cost-Benefit Analysis Techniques
 Benefits and costs are estimated  Payback Period
 Number of years required for the
and compared to determine net savings to equal the initial
whether the system is cost cost of the investment.
beneficial.
 Net Present Value (NPV)
 Future benefits are discounted
 Benefits and costs that are not back to the present.
easily quantifiable are estimated  Initial cost is subtracted.
and included.  Positive NPV = economically
feasible.
 If they cannot be accurately
 Internal Rate of Return (IRR)
estimated, they are listed, and
 The effective interest rate that
their likelihood and expected results in an NPV of zero.
impact on the organization  A project’s IRR is compared with a
evaluated. minimum acceptable rate to
determine acceptance or
rejection.

System Failure Due to Change

 The best system will fail without the support of the people
it serves.

 Why people resist change:

 Fear
 Lack of top management support
 Lack of communication
 Disruptive nature of change
 Methods of instituting change
 Biases and emotions
 Personal characteristics and background

Types of Resistance

 Aggression
 Behavior that destroys, cripples, or weakens system
effectiveness, such as increased error rates, disruptions, or
deliberate sabotage

 Projection
 Blaming the new system for everything that goes wrong

 Avoidance
 Ignoring a new AIS in the hope that the problem (the
system) will eventually go away

Preventing Resistance
 Obtain management support

 Meet user needs

 Involve users

 Stress new opportunities

 Avoid being too emotional

 Provide user training

 Reexamine performance evaluation to make sure they are aligned

with new system

 Keep communication lines open

 Control users expectations

 Explain how information system departments develop custom software.

 Explain how end users develop, use, and control computer- based
information systems.

 Explain why organizations outsource their information systems, and evaluate

the benefits and risks of this strategy.

 Explain the principles and challenges of business process management.

 Describe how prototypes are used to develop an AIS, and discuss the
advantages and disadvantages of doing so.

 Explain what computer-aided software engineering is and how it is used in

systems development.

Ways to Obtain an AIS

 Purchase the software

 Develop software in-house

 Hire and external company to develop and maintain

new software

Purchasing Software

 Off the Shelf (OTS) Canned

 System capabilities for users with similar requirements

 Turnkey System
 Hardware and software sold as a package

 Application Service Provider (ASP)

 Software is provided to user via the Internet

In-House System Development

 Main criteria for in-house development

 Provides a significant competitive advantage

 Risks of in-house development

 Significant amounts of time required
 Complexity of the system
 Poor requirements defined
 Insufficient planning
 Inadequate communication and cooperation
 Lack of qualified staff
 Poor top management support

End-User Computing (EUC)
 Hands-on development, use, and control of computer- based information systems by
users

 Advantages of EUC
 User creation, control, and implementation
 Users decide whether a system should be developed and what information is
important.
 Systems that meet user needs
 Users discover flaws that IS people do not catch.
 Many of the user-analyst-programmer communication problems in traditional
program development are avoided.
 Timeliness
 Time-consuming cost-benefit analyses, detailed requirements definitions, and
the delays and red tape of the approval process can be avoided.

End-User Computing (EUC) (cont’d)

 Advantages of EUC (cont’d)

 Freeing up of systems resources
 The more information needs users meet, the more time the IS department can
spend on other development and maintenance activities.
 Versatility and ease of use
 Users can change the information they produce or modify their application any
time their requirements change.

 Disadvantages to EUC:
 Logic and development errors
 Inadequately tested applications
 Inefficient systems
 Poorly controlled systems
 Poorly documented systems
 Incompatible systems
 Redundant data
 Wasted resources
 Increased costs

Outsourcing the System
 Hiring an outside company to handle all  Disadvantages:
or part of an organization’s data  Inflexibility
processing activities
 Reduced competitive
advantage
 Advantages:
 Unfulfilled goals
 Strategic and economic business
solution that allows companies to  Poor service
concentrate on core competencies  Increased risk
 Organizations improve their cash
position and reduce expenses by
selling assets to an outsourcer
 Access to greater expertise and
better technology
 Lower costs by standardizing user
applications, buying hardware at
bulk prices, splitting development
and maintenance costs between
projects, and operating at higher
volumes
 Less development time.
 Elimination of peaks-and-valleys
 Facilitates downsizing

Methods to Develop an AIS

 Business Process Redesign

 Prototyping

 Computer-Aided Software Engineering (CASE) Tools

Business Process Redesign

 Drastic, one-time-event approach to improving and

automating business processes

 Low success rate

 Evolved into:
 Business Process Management (BPM)
 Systematic approach to continuously improving and
optimizing an organization’s business processes

Prototyping

Prototyping
Advantages Disadvantages
 Better definition of user needs  Less efficient use of system
resources
 Higher user involvement and
satisfaction  Inadequate testing and
documentation
 Faster development time
 Negative behavioral reactions
 Fewer errors
 Never-ending development
 More opportunity for changes

 Less costly

Computer-Aided Software
Engineering (CASE)
 Software to help plan, analyze, design, program, and
maintain an information system
 Strategic planning
 Project and system management
 Database design
 Screen and report layout
 Automatic code generation

CASE Advantages vs. Disadvantages

 Improved productivity  Incompatibility

 Improved program quality  Cost

 Cost savings  Unmet expectations

 Improved control
procedures

 Simplified documentation

 Discuss the conceptual systems design process and the

activities in this phase.

 Discuss the physical systems design process and the

activities in this phase.

 Discuss the systems implementation and conversion

process and the activities in this phase.

 Discuss the systems operation and maintenance process

and the activities in this phase.

Systems Development Life Cycle
(SDLC)

Conceptual Design

 Developer creates a
general framework for
implementing user
requirements and solving
the problems identified in
the analysis phase.
 Evaluating design
alternatives
 Preparing design
specifications
 Preparing the conceptual
systems design report

Preparing Design Specifications
 Output
 How often?
 What should reports contain?
 What should reports look like?
 Should reports be online or hard copy or both?

 Data Storage
 What data elements must be stored to produce a report?
 How they should be stored?
 What type of file or database should be used?

 Input
 Where, when, and how to collect the data?

 Processing Procedures and Operations

Physical Design

 Conceptual designs
are translated into
detailed specifications
that are used to code
and test the computer
programs.
 Output
 File and database
 Input
 Program
 Procedures
 Controls

Output Design

 Determine the nature, format, content, and timing of

reports, documents, and screen displays.
 Types of Output:
 Scheduled reports
 Special-purpose analysis reports
 Triggered exception reports
 Demand reports

Program Design

1. Determine user needs.

2. Create and document development plan.

3. Write program instructions (code the system).

4. Test the program (debug for errors).

5. Document the program.

6. Train the users.

7. Install the system.

8. Use and modify the system.

Procedures and Controls

 Procedures for who, what,  Control considerations:

where, why, when:  Validity
 Input preparation  Authorization
 Transaction processing  Accuracy
 Error detection and  Security
correction
 Numerical control
 Controls
 Availability
 Reconciliation of
balances  Maintainability
 Database access  Integrity
 Output preparation and  Audit control
distribution
 Computer operator
instructions

Implementation and Conversion

 Process of installing
hardware and
software and getting
the AIS up and running
 Planning
 Prepare site
 Train personnel
 Complete
documentation
 Test system
 Conversion

Types of Documentation

 Development Documentation
 A system description; copies of output, input, and file and
database layouts; program flowcharts; test results; and user
acceptance forms

 Operations Documentation
 Includes operating schedules; files and databases
accessed; and equipment, security, and file-retention
requirements

 User Documentation
 Teaches users how to operate the AIS; it includes a
procedures manual and training materials

Types of System Testing

 Walk-Through
 Step-by-step reviews of procedures or program logic to find
incorrect logic, errors, omissions, or other problems

 Processing Test Data

 Using both valid transactions and all possible error conditions

 Acceptance Tests
 Real transactions and files rather than hypothetical ones,
users develop the acceptance criteria and make the final
decision whether to accept the AIS

Types of Conversions

 Direct
 Terminates the old AIS when the new one is introduced

 Parallel
 Operates the old and new systems simultaneously for a
period

 Phase-in
 Gradually replaces elements of the old AIS with the new one

 Pilot
 Implements a system in one part of the organization, such as
a branch location
 Localizes conversion problems and allows training in a live
environment

Operations and Maintenance

 Post-Implementation Review
 Determines whether the system meets its planned objectives

Hourglass Workout Program by Luisagiuliet 2
76% (21)
Hourglass Workout Program by Luisagiuliet 2
51 pages
12 Week Program: Summer Body Starts Now
87% (46)
12 Week Program: Summer Body Starts Now
70 pages
Read People Like A Book by Patrick King-Edited
57% (82)
Read People Like A Book by Patrick King-Edited
12 pages
Livingood, Blake - Livingood Daily Your 21-Day Guide To Experience Real Health
77% (13)
Livingood, Blake - Livingood Daily Your 21-Day Guide To Experience Real Health
260 pages
Cheat Code To The Universe
94% (79)
Cheat Code To The Universe
34 pages
Facial Gains Guide (001 081)
91% (45)
Facial Gains Guide (001 081)
81 pages
Curse of Strahd
95% (467)
Curse of Strahd
258 pages
The Psychiatric Interview - Daniel Carlat
91% (34)
The Psychiatric Interview - Daniel Carlat
473 pages
The Borax Conspiracy
91% (57)
The Borax Conspiracy
14 pages
The Secret Language of Attraction
86% (108)
The Secret Language of Attraction
278 pages
How To Develop and Write A Grant Proposal
83% (542)
How To Develop and Write A Grant Proposal
17 pages
Penis Enlargement Secret
60% (124)
Penis Enlargement Secret
12 pages
Workbook For The Body Keeps The Score
89% (53)
Workbook For The Body Keeps The Score
111 pages
Donald Trump & Jeffrey Epstein Rape Lawsuit and Affidavits
83% (1016)
Donald Trump & Jeffrey Epstein Rape Lawsuit and Affidavits
13 pages
KamaSutra Positions
78% (69)
KamaSutra Positions
55 pages
7 Hermetic Principles
93% (30)
7 Hermetic Principles
3 pages
27 Feedback Mechanisms Pogil Key
77% (13)
27 Feedback Mechanisms Pogil Key
6 pages
Frank Hammond - List of Demons
92% (92)
Frank Hammond - List of Demons
3 pages
Phone Codes
79% (28)
Phone Codes
5 pages
36 Questions That Lead To Love
91% (35)
36 Questions That Lead To Love
3 pages
How 2 Setup Trust
97% (307)
How 2 Setup Trust
3 pages
The 36 Questions That Lead To Love - The New York Times
94% (34)
The 36 Questions That Lead To Love - The New York Times
3 pages
100 Questions To Ask Your Partner
78% (36)
100 Questions To Ask Your Partner
2 pages
Satanic Calendar
25% (56)
Satanic Calendar
4 pages
The 36 Questions That Lead To Love - The New York Times
95% (21)
The 36 Questions That Lead To Love - The New York Times
3 pages
Jeffrey Epstein39s Little Black Book Unredacted PDF
75% (12)
Jeffrey Epstein39s Little Black Book Unredacted PDF
95 pages
14 Easiest & Hardest Muscles To Build (Ranked With Solutions)
100% (8)
14 Easiest & Hardest Muscles To Build (Ranked With Solutions)
27 pages
1001 Songs
70% (73)
1001 Songs
1,798 pages
Alfred's Drum Method Book 1
0% (7)
Alfred's Drum Method Book 1
23 pages
The 4 Hour Workweek, Expanded and Updated by Timothy Ferriss - Excerpt
23% (954)
The 4 Hour Workweek, Expanded and Updated by Timothy Ferriss - Excerpt
38 pages
Zodiac Sign & Their Most Common Addictions
63% (30)
Zodiac Sign & Their Most Common Addictions
9 pages
Romney Ais13 PPT 02 PDF
No ratings yet
Romney Ais13 PPT 02 PDF
30 pages
AIS - Romney - Ais13 - PPT - 01 PDF
No ratings yet
AIS - Romney - Ais13 - PPT - 01 PDF
31 pages
CH 1 Romney
No ratings yet
CH 1 Romney
21 pages
01 Ge
No ratings yet
01 Ge
21 pages
Accounting Information Systems: An Overview
No ratings yet
Accounting Information Systems: An Overview
21 pages
01 Ge
No ratings yet
01 Ge
21 pages
Accounting Information Systems: An Overview
No ratings yet
Accounting Information Systems: An Overview
21 pages
Accounting Information Systems: An Overview
No ratings yet
Accounting Information Systems: An Overview
21 pages
Accounting Information Systems: An Overview
No ratings yet
Accounting Information Systems: An Overview
21 pages
Overview of Transaction Processing and ERP Systems
No ratings yet
Overview of Transaction Processing and ERP Systems
20 pages
ACC 311 - Topic 1 - AIS Overview
No ratings yet
ACC 311 - Topic 1 - AIS Overview
28 pages
Accounting Information Systems: An Overview
No ratings yet
Accounting Information Systems: An Overview
37 pages
Accounting Information Systems: An Overview
No ratings yet
Accounting Information Systems: An Overview
86 pages
MODUL I SIA
No ratings yet
MODUL I SIA
187 pages
Romney Ch. 2
No ratings yet
Romney Ch. 2
20 pages
Overview of Transaction Processing and ERP Systems 2-1
No ratings yet
Overview of Transaction Processing and ERP Systems 2-1
21 pages
AIS Chapter 1
No ratings yet
AIS Chapter 1
18 pages
Accounting Information System: An Overview
No ratings yet
Accounting Information System: An Overview
23 pages
TPS and ERP
No ratings yet
TPS and ERP
21 pages
ch1Ais update
No ratings yet
ch1Ais update
20 pages
Romney Ais13 PPT 01
No ratings yet
Romney Ais13 PPT 01
17 pages
AIS Chapter One
No ratings yet
AIS Chapter One
21 pages
Accounting Information Systems: An Overview: Lecture 1-Chapter 1
No ratings yet
Accounting Information Systems: An Overview: Lecture 1-Chapter 1
17 pages
Ch. 1 AIS
No ratings yet
Ch. 1 AIS
8 pages
Accounting Information Systems: An Overview
No ratings yet
Accounting Information Systems: An Overview
22 pages
Accounting Information Systems: An Overview
No ratings yet
Accounting Information Systems: An Overview
16 pages
Chapter 1 - An Overview of Accounting Information System
No ratings yet
Chapter 1 - An Overview of Accounting Information System
62 pages
AIS Ch.1
No ratings yet
AIS Ch.1
32 pages
Ais Chapter 2
No ratings yet
Ais Chapter 2
20 pages
Chapter 2 - Overview of Transaction Processing and ERP Systems
No ratings yet
Chapter 2 - Overview of Transaction Processing and ERP Systems
20 pages
02 Ge
No ratings yet
02 Ge
20 pages
02 Ge
No ratings yet
02 Ge
20 pages
AIS Lecture 1
No ratings yet
AIS Lecture 1
29 pages
Overview of Transaction Processing and ERP Systems
No ratings yet
Overview of Transaction Processing and ERP Systems
20 pages
Overview of Transaction Processing and Enterprise Resource Planning System
No ratings yet
Overview of Transaction Processing and Enterprise Resource Planning System
44 pages
CHAPTER 1
No ratings yet
CHAPTER 1
17 pages
01 - Accounting Information Systems An Overview
No ratings yet
01 - Accounting Information Systems An Overview
31 pages
AIS-1
No ratings yet
AIS-1
33 pages
CamScanner 07-05-2024 05.28
No ratings yet
CamScanner 07-05-2024 05.28
6 pages
Romney Ch01
No ratings yet
Romney Ch01
24 pages
Ais Chapter 1 3 - 010827
No ratings yet
Ais Chapter 1 3 - 010827
7 pages
A20 Prelim
No ratings yet
A20 Prelim
3 pages
Intro To AIS
0% (1)
Intro To AIS
5 pages
01 INTRO
No ratings yet
01 INTRO
21 pages
Accounting Information System Reviewer
100% (2)
Accounting Information System Reviewer
9 pages
CH 1
No ratings yet
CH 1
27 pages
Chapter 1 Slides Posted
No ratings yet
Chapter 1 Slides Posted
26 pages
CHAPTER 1 - The Information System An Accountant’s Perspective
No ratings yet
CHAPTER 1 - The Information System An Accountant’s Perspective
13 pages
AIS 01coventry
No ratings yet
AIS 01coventry
21 pages
Accounting Information System: Chapter One
No ratings yet
Accounting Information System: Chapter One
23 pages
CLO 1 PPT 1 - AIS, Concepts and Components
No ratings yet
CLO 1 PPT 1 - AIS, Concepts and Components
35 pages
AIS Chapter 1
No ratings yet
AIS Chapter 1
28 pages
ACCTING 2503 Accounting Information Systems Exam Notes P
No ratings yet
ACCTING 2503 Accounting Information Systems Exam Notes P
5 pages
Ais 102B Chapter 1 Overview 1
No ratings yet
Ais 102B Chapter 1 Overview 1
6 pages
ACACIS Session 1 26 August 2023 1
No ratings yet
ACACIS Session 1 26 August 2023 1
54 pages
Sia Merged Fix-1
No ratings yet
Sia Merged Fix-1
350 pages
Unit 1 Accounting Information Systems: An Overview: System
No ratings yet
Unit 1 Accounting Information Systems: An Overview: System
10 pages
The Information System: An Accountant's Perspective: CMEA2216 Accounting Information Systems
No ratings yet
The Information System: An Accountant's Perspective: CMEA2216 Accounting Information Systems
25 pages
Chap 1 and 2
No ratings yet
Chap 1 and 2
36 pages
The E-Learning Strategy
From Everand
The E-Learning Strategy
Matthew W Rinehart
No ratings yet
Reservation Confirmation Letter of MR Raihan Chowdhury
No ratings yet
Reservation Confirmation Letter of MR Raihan Chowdhury
1 page
Midterm Question Strategic Management Accounting (11th Batch)
No ratings yet
Midterm Question Strategic Management Accounting (11th Batch)
5 pages
Advanced Management Accounting RTP
No ratings yet
Advanced Management Accounting RTP
25 pages
Internship Distribution (MBA-11th Batch)
No ratings yet
Internship Distribution (MBA-11th Batch)
2 pages
Accounting Theory 7th Edition Godfrey
No ratings yet
Accounting Theory 7th Edition Godfrey
7 pages
Presentation Financial Analysis MMB
No ratings yet
Presentation Financial Analysis MMB
88 pages
Payment Acknowledgement Slip: Authorized Signature Not Required. Visit For Details Http://student - Erp.jnu - Ac.bd
No ratings yet
Payment Acknowledgement Slip: Authorized Signature Not Required. Visit For Details Http://student - Erp.jnu - Ac.bd
1 page
210619121023MHMWMJC4X8EW
No ratings yet
210619121023MHMWMJC4X8EW
1 page
Assignment - Queuing Theory
No ratings yet
Assignment - Queuing Theory
2 pages
How We Invest Your Money
No ratings yet
How We Invest Your Money
34 pages
RETUYA V CA
No ratings yet
RETUYA V CA
2 pages
Dr. Nofrisel, Se, MM, CSLP: Direktur Operasi Dan Pengembangan Usaha PT Bhanda Ghara Reksa (Persero)
100% (1)
Dr. Nofrisel, Se, MM, CSLP: Direktur Operasi Dan Pengembangan Usaha PT Bhanda Ghara Reksa (Persero)
35 pages
Design of Dairy Processing Plant Stirred Yogurt With The Productivity of 50 000 Tonsyears
No ratings yet
Design of Dairy Processing Plant Stirred Yogurt With The Productivity of 50 000 Tonsyears
54 pages
Atmosphere Sky Trade-In Program
No ratings yet
Atmosphere Sky Trade-In Program
12 pages
College of Saint Adeline: 8167 Datamex Compd. Dr. A. Santos Avenue Sucatparañaque City
No ratings yet
College of Saint Adeline: 8167 Datamex Compd. Dr. A. Santos Avenue Sucatparañaque City
1 page
Random Text Generator - Get Random Text For Web or Typography4
No ratings yet
Random Text Generator - Get Random Text For Web or Typography4
3 pages
TN Kuttulingam-Usage of Waste Plastic in Bituminous RoadConstruction-14.02.2024
No ratings yet
TN Kuttulingam-Usage of Waste Plastic in Bituminous RoadConstruction-14.02.2024
40 pages
Critical Companion To ED
No ratings yet
Critical Companion To ED
5 pages
Escoda
No ratings yet
Escoda
34 pages
Sesco E Form
No ratings yet
Sesco E Form
9 pages
PPG Q4 - W1 - Module 7
No ratings yet
PPG Q4 - W1 - Module 7
33 pages
The Evolution of Traditional Types of Building Foundation
No ratings yet
The Evolution of Traditional Types of Building Foundation
14 pages
Family Guy S01E04.En
No ratings yet
Family Guy S01E04.En
33 pages
Aliens Armageddon Arcade Manual
No ratings yet
Aliens Armageddon Arcade Manual
59 pages
Summative Test - Q1 - Set 1
No ratings yet
Summative Test - Q1 - Set 1
2 pages
Programa de Instrumentacion Quirurgica: Planeamiento Quirurgico Formativa IQX-FT-003-BUC
No ratings yet
Programa de Instrumentacion Quirurgica: Planeamiento Quirurgico Formativa IQX-FT-003-BUC
7 pages
IMPORTANT QUESTIONS CH-2 Data representation class 11 cbse
No ratings yet
IMPORTANT QUESTIONS CH-2 Data representation class 11 cbse
17 pages
Technical Writing
No ratings yet
Technical Writing
8 pages
Customer Master - CIN Details Screen Changes
No ratings yet
Customer Master - CIN Details Screen Changes
4 pages