Presentation is loading. Please wait.

Presentation is loading. Please wait.

Core Concepts of ACCOUNTING INFORMATION SYSTEMS Moscove, Simkin & Bagranoff John Wiley & Sons, Inc. Developed by: Marianne Bradford, Ph.D. Bryant College.

Published bySpencer Ray Modified over 8 years ago

Similar presentations

Presentation on theme: "Core Concepts of ACCOUNTING INFORMATION SYSTEMS Moscove, Simkin & Bagranoff John Wiley & Sons, Inc. Developed by: Marianne Bradford, Ph.D. Bryant College."— Presentation transcript:

1 Core Concepts of ACCOUNTING INFORMATION SYSTEMS Moscove, Simkin & Bagranoff John Wiley & Sons, Inc. Developed by: Marianne Bradford, Ph.D. Bryant College

2 Chapter 8 Controls for Computerized Accounting Information Systems Introduction General Controls within IT Environments Application Controls within IT Environments Database Controls Controls in the Information Age

3 Computer Control Procedures Computer controls are frequently classified into two categories: General controls ensure that a company’s control environment is stable and well managed in order to strengthen the effectiveness of application controls. Application controls are designed to prevent, detect, and correct errors and irregularities in transactions as they flow through the input, processing, and output stages of data processing.

4 Reasons Why Computers Can Cause Control Problems Effects or errors may be magnified. Inadequate separation of duties because of decreased manual involvement Audit trails may be reduced, eliminated, or exist only for a brief time. Changes to data and programs may be made by individuals lacking knowledge. More individuals may have access to accounting data. Accounting data stored in computer-based systems are oriented to characteristics of magnetic or optical media.

5 Objectives of Controls over the Data Processing Function To provide reasonable assurance that: –development of, and changes to, computer programs are authorized, tested and approved prior to their usage. –access to data files is restricted to authorized users and programs. These objectives are referred to as general computer control objectives.

6 General Controls within IT Environments Personnel Controls File Security Controls Fault-Tolerant Systems, Backup, and Contingency Planning Computer Facility Controls Access to Computer Files

7 Personnel Controls - Separation of Duties Separation of duties, which separates incompatible functions, is a central control objective when designing a system. In IT environments separation of duties should include: –separating accounting and information processing subsystems from other subsystems –separate responsibilities within the IT environment

8 More Personnel Controls Companies use separate computer accounts that are assigned to users on either a group or individual basis. –Passwords are checked against a master list. –Call-back procedures restrict access from remote terminals. An informal knowledge of employees and their activities can be an important clue for the detection of fraud.

9 File Security Controls The purpose of file security controls is to protect computer files from either accidental or intentional abuse. Examples: External file labels Internal file labels Lock-out procedures File protection rings Read-only file designations

10 Risks that Control Procedures Seek to Reduce Control procedures are aimed at reducing financial risk, the chance that financial statements are misstated. Controls also seek to reduce business risk, the risk that the viability of the business is impacted by lack of control.

11 Fault-Tolerant Systems Fault-tolerant systems are designed to tolerate faults or errors and are often based on the concept of redundancy. Two major approaches to redundant CPU processing are consensus-based protocols and watchdog protocols. Disk mirroring (disk shadowing) is a process used to make disks fault-tolerant. Under roll-back processing transactions are never written to disk until they are complete.

12 Backup All companies should backup their vital documents, files and programs. Grandfather-parent-child procedure is used during batch processing. Through electronic vaulting, data on backup tapes can be electronically transmitted to remote sites. An uninterruptible power system (UPS) is an auxiliary power supply that can prevent the loss of data due to momentary surges or dips in power.

13 Contingency Planning Contingency planning includes the development of a formal disaster recovery plan. This plan describes procedures to be followed in the case of an emergency as well as the role of each member of the disaster recovery team. The goal is to recover processing capability as soon as possible. A disaster recovery site can either be a hot site or cold site.

14 Computer Facility Controls Locate the Data Processing Center in a safe place. Limit employee access. Buy insurance.

15 Access to Computer Files Password codes and biometric identifications restrict logical access to data. Biometric identification devices identify distinctive user physical characteristics such as voice patterns, fingerprints and retina prints.

16 Application Controls within IT Environments Application controls pertain directly to the transaction processing systems. The objectives of application controls are to prevent, detect and correct errors and irregularities in transactions that are processed in an IT environment. Application controls are subdivided into input, processing and output controls.

17 Input Controls Input controls attempt to ensure the validity, accuracy and completeness of the data entered into an AIS. The categories of input controls include 1) data observation and recording 2) data transcription 3) edit tests 4) additional input controls

18 Data Observation and Recording Controls Feedback mechanism Dual observation Point-of-sale (POS) devices Preprinted recording forms

19 Data Transcription Data transcription refers to the preparation of data for computerized processing. Preformatted screens that use “masks” are an important control procedure.

20 Edit Tests Input validation routines (edit programs) check the validity and accuracy of input data after the data have been entered and recorded on a machine-readable file. Edit tests examine selected fields of input data and reject those transactions whose data fields do not meet the pre-established standards of data quality. Real-time systems use edit checks during data- entry.

21 Examples of Edit Tests Tests for: Numeric field Alphabetic field Alphanumeric field Valid code Reasonableness Sign Completeness Sequence Consistency

22 Processing Controls Processing controls focus on the manipulation of accounting data after they are input to the computer system. Two kinds: 1) Data-access controls 2) Data manipulation controls

23 Data-Access Control Totals Batch control total Financial control total Nonfinancial control total Hash total Record count

24 Data Manipulation Controls Once data has been validated by earlier portions of data processing, they usually must be manipulated in some way to produce useful output. Data manipulation controls include: Software documentation Compiler Test Data System testing

25 Output Controls The objective of output controls is to assure the output’s validity, accuracy and completeness. Activity (or proof) listings provide complete, detailed information about all changes to master files. Forms control is vital for forms associated with check-writing. Prenumbered forms are the most common type of control utilized with computer-generated check-writing procedures. Shred sensitive documents

26 Database Controls Database management software Layered passwords Complete documentation including data dictionary Database administrator Security modules Authorization and approval of all significant modifications to software Changes made by authorized individuals

27 Risks Unique to Micro Environment Hardware - microcomputers can be easily stolen or destroyed Data and software - easy to access, modify, copy or destroy; therefore, are difficult to control.

28 Control Procedures for Microcomputers Take inventory Keyboard locks Lock laptops in cabinets Software protection procedures Back-up files Lock office doors

29 Additional Controls for Laptops Identify your laptop Use nonbreakable cables to attach laptops to stationary furniture Load antivirus software Keep laptop information backed up

30 Controls for Computer Network Systems Data encryption minimizes the risk of unauthorized access to data through electronic eavesdropping. A checkpoint should be established to facilitate recovery from a system failure. Routing verification procedures help to ensure that no transactions or messages are routed to the wrong computer network system address. Message acknowledgement procedures are useful in preventing the loss of part or all of a transaction or message on a computer network system.

31 Copyright Copyright 2001 John Wiley & Sons, Inc. All rights reserved. Reproduction or translation of this work beyond that permitted in Section 117 of the 1976 United States Copyright Act without the express written permission of the copyright owner is unlawful. Request for further information should be addressed to the Permissions Department, John Wiley & Sons, Inc. The purchaser may make backup copies for his/her own use only and not for distribution or resale. The Publisher assumes no responsibility for errors, omissions, or damages, caused by the use of these programs or from the use of the information contained herein.

32 Chapter 8

Download ppt "Core Concepts of ACCOUNTING INFORMATION SYSTEMS Moscove, Simkin & Bagranoff John Wiley & Sons, Inc. Developed by: Marianne Bradford, Ph.D. Bryant College."

Similar presentations

Accounting Information Systems

Accounting Information Systems
ACCOUNTING INFORMATION SYSTEMS

ACCOUNTING INFORMATION SYSTEMS
Core Concepts of ACCOUNTING INFORMATION SYSTEMS Moscove, Simkin & Bagranoff John Wiley & Sons, Inc. Developed by: S. Bhattacharya, Ph.D. Florida Atlantic.

Core Concepts of ACCOUNTING INFORMATION SYSTEMS Moscove, Simkin & Bagranoff John Wiley & Sons, Inc. Developed by: S. Bhattacharya, Ph.D. Florida Atlantic.
Appendix D 1. Appendix D 2 Payroll Accounting Financial Accounting, Seventh Edition Appendix D.

Appendix D 1. Appendix D 2 Payroll Accounting Financial Accounting, Seventh Edition Appendix D.
Financial Accounting, Sixth Edition

Financial Accounting, Sixth Edition
Chapter 15 Creating Database Forms and Reports Introduction Forms Reports.

Chapter 15 Creating Database Forms and Reports Introduction Forms Reports.
Auditing Computer Systems

Auditing Computer Systems
9 - 1 Computer-Based Information Systems Control.

9 - 1 Computer-Based Information Systems Control.
ACCOUNTING INFORMATION SYSTEMS

ACCOUNTING INFORMATION SYSTEMS
Chapter 13-1. Chapter 13-2 Chapter 13 Data Modeling Introduction An Overview of Databases Steps in Creating a Database Using Rea Creating Database Tables.

Chapter Chapter 13-2 Chapter 13 Data Modeling Introduction An Overview of Databases Steps in Creating a Database Using Rea Creating Database Tables.
Chapter 14 System Controls. A Quote “The factory of the future will have only two employees, a man and a dog. The man will be there to feed the dog. The.

Chapter 14 System Controls. A Quote “The factory of the future will have only two employees, a man and a dog. The man will be there to feed the dog. The.
Introduction to Information Technology, 2nd Edition Turban, Rainer & Potter © 2003 John Wiley & Sons, Inc. 15-1 Introduction to Information Technology.

Introduction to Information Technology, 2nd Edition Turban, Rainer & Potter © 2003 John Wiley & Sons, Inc Introduction to Information Technology.
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
Chapter 14 Organizing and Manipulating the Data in Databases

Chapter 14 Organizing and Manipulating the Data in Databases
1 Output Controls Ensure that system output is not lost, misdirected, or corrupted and that privacy is not violated. Exposures of this sort can cause serious.

1 Output Controls Ensure that system output is not lost, misdirected, or corrupted and that privacy is not violated. Exposures of this sort can cause serious.
Copyright 2010 John Wiley & Sons, Inc.

Copyright 2010 John Wiley & Sons, Inc.
Chapter 101 Information Technology For Management 6 th Edition Turban, Leidner, McLean, Wetherbe Lecture Slides by L. Beaubien, Providence College John.

Chapter 101 Information Technology For Management 6 th Edition Turban, Leidner, McLean, Wetherbe Lecture Slides by L. Beaubien, Providence College John.
Processing Integrity and Availability Controls

Processing Integrity and Availability Controls
Chapter 3: Data Modeling

Chapter 3: Data Modeling
5th Edition, Irv Englander

5th Edition, Irv Englander

Similar presentations

Ads by Google