Accounting Information Systems, 1st Edition

Accounting Information Systems, 1st Edition
Introduction to AIS Accounting Information Systems, 1st Edition

Study Objectives An overview of business processes
An overview of an accounting information system The business process linkage throughout the supply chain The IT enablement of business processes Basic computer and IT concepts Examples of IT enablement The internal control structure of organizations The importance of accounting information systems to accountants The relation of ethics to accounting information systems 1. On the topic, “Challenges Facing Financial Accounting,” what did the AICPA Special Committee on Financial Reporting suggest should be included in future financial statements? Non-financial Measurements (customer satisfaction indexes, backlog information, and reject rates on goods purchases). Forward-looking Information Soft Assets (a company’s know-how, market dominance, marketing setup, well-trained employees, and brand image). Timeliness (no real time financial information)

An Introduction To Business Processes
Accounting Information System must identify Transactions to record, Capture all details, Properly process into correct accounts, and Provide reports externally and internally. SO 1 An overview of business processes

Business Process - a sequence of work steps performed in order to produce a desired result. Examples: Completing a sale Purchasing raw materials Paying employees Paying vendors SO 1 An overview of business processes

Four general types of business processes: 1. Revenue Processes (Chapter 8) a. Sales b. Sales return c. Cash collection SO 1 An overview of business processes

Four general types of business processes: 2. Expenditure Processes (Chapters 9 and 10) a. Purchase b. Purchase return c. Cash disbursement d. Payroll e. Fixed asset SO 1 An overview of business processes

Four general types of business processes: 3. Conversion Processes (Chapter 11) a. Planning b. Resource management c. Logistics SO 1 An overview of business processes

Four general types of business processes: 4. Administrative Processes (Chapter 12) a. Capital b. Investment c. General ledger SO 1 An overview of business processes

Internal controls are the set of procedures and policies adopted to: safeguard assets, check accuracy and reliability of data, promote operational efficiency, and encourage adherence to prescribed managerial practices. SO 1 An overview of business processes

Quick Review When a customer returns goods that were purchased, the business process to accept the return would most likely be a(n) administrative process b. conversion process 1. Revenue Processes a. Sales b. Sales return c. Cash collection c. expenditure process d. revenue process SO 1 An overview of business processes

The Accounting Information System
Various Business Processes Exhibit 1-1 SO 2 An overview of an accounting information system

The Accounting Information System
Quick Review Which of the following is least likely to be an output of the accounting information system? a check b. a report c. an invoice A bar code is usually an input to the accounting information system. d. a bar code SO 2 An overview of an accounting information system

Business Processes Throughout The Supply Chain
Supply Chain - processes and information flows that involve the movement of materials, funds, and related information through the full logistics process, from the acquisition of raw materials to the delivery of finished products to the end user. The supply chain includes all: Vendors Service providers Customers Intermediaries SO 3 The business process linkage throughout the supply chain

A simplified Supply Chain for McDonald’s Exhibit 1-2 SO 3 The business process linkage throughout the supply chain

Quick Review Which of the following is not true of the supply chain? The supply chain includes vendors. b. The supply chain excludes customers. c. The supply chain includes information flows. d. The supply chain includes secondary suppliers. SO 3 The business process linkage throughout the supply chain

IT Enablement of Processes and the AIS
Information Technology - Computers, ancillary equipment, software, services, and related resources as applied to support business processes. IT Enablement - Using IT systems to enhance efficiency and effectiveness of internal or supply chain processes. SO 4 The IT enablement of business processes

IT usage accomplishes one or more of the following objectives: Increased efficiency of business processes Reduced cost of business processes Increased accuracy of the data related to business processes Business Process Reengineering (BPR) is the purposeful and organized changing of business processes to make them more efficient. SO 4 The IT enablement of business processes

Quick Review Which of the following is not an objective of IT enablement? increased accuracy of data b. reduced cost c. reduced security problems d. increased efficiency SO 4 The IT enablement of business processes

Basic Computer and IT Concepts
Basic Computer Data Structures Smallest unit Values = zero or one Data hierarchy: Bit, or binary digit Byte Field Record File Database One character Eight bits One item within record Example - last name Set of related fields Example – employee #, name, pay rate, etc. Set of related records Entire collection of files SO 5 Basic computer and IT concepts

Quick Review The correct order of the computer data hierarchy is byte, bit, record, field, file, database b. bit, byte, record, field, file, database c. bit, byte, field, record, file, database d. bit, byte, field, record, database, file SO 5 Basic computer and IT concepts

Relational Database Example - relationship in data of a customer having more than one order. Master File Example - payroll master file maintains the relatively permanent data to process payroll transactions. Example - transaction file is processed against the master file, and year-to-date balances are updated in the master file. Transaction File SO 5 Basic computer and IT concepts

File Access and Processing Modes Sequential access Random access Indexed Sequential Access Method (ISAM) Batch processing Online processing Real-time processing SO 5 Basic computer and IT concepts

Data Warehouse and Data Mining Data warehouse Operational database Data mining SO 5 Basic computer and IT concepts

Quick Review The process of searching for identifiable patterns in data is called sequential processing b. data warehousing c. data mining d. real-time processing SO 5 Basic computer and IT concepts

Networks and the Internet Network (two or more computers linked together) Types important to accounting: Local Area Network (LAN) Internet Extranet Intranet SO 5 Basic computer and IT concepts

Examples of IT Enablement
E-Business Encompasses all forms of: Online electronic trading Consumer-based e-commerce Business-to-business electronic trading Business-to-business process integration Internal use of IT Examples, buying: a book at Amazon.com clothes at Landsend.com SO 6 Examples of IT enablement

Electronic Data Interchange The intercompany, computer-to-computer transfer of business documents in a standard business format. Example: Transmit purchase orders, invoices, and payments electronically between trading partners. SO 6 Examples of IT enablement

Point of Sale System A system of hardware and software that captures retail sales transactions by standard bar coding. Example: Customer checks out through the cash register, bar codes are scanned on the items purchased, prices are determined by access to inventory and price list data, sales revenue is recorded, and inventory values are updated. SO 6 Examples of IT enablement

Automated Matching A computer system in which the software matches an invoice to its related purchase order and receiving report. Example: Ford Motor Company described in text illustrated an automated matching system. SO 6 Examples of IT enablement

Evaluated Receipt Settlement (ERS) An invoice-less system in which computer software completes an invoice-less match that is a comparison of the purchase order with the goods received. E-Payables and Electronic Invoice Presentment and Payment (EIPP) Web-enabled receipt and payment of vendor invoices. SO 6 Examples of IT enablement

Enterprise Resource Planning Systems (ERP) Multi-module software system designed to manage all aspects of an enterprise. Usually broken down into modules such as financials, sales, purchasing, inventory management, manufacturing, and human resources. SO 6 Examples of IT enablement

Quick Review An IT enabled system for purchasing that is an “invoice-less” system is called a(n) automated matching system b. evaluated receipt settlement c. e-payables d. point of sale system SO 6 Examples of IT enablement

The Control Environment of Organizations
Risks that impact financial standing: Assets will be stolen or misused Errors in accounting data or information Fraudulent activity Risks inherent in IT systems, such as Erroneous input of data Erroneous processing of data Computer fraud Computer security breaches Hardware or software failure Natural disasters SO 7 The internal control structure of organizations

Enterprise Risk Management (ERM) ERM is defined as . . . a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. SO 7 The internal control structure of organizations

Enterprise Risk Management (ERM) Requires management set policies and procedures related to: Internal Environment Objective Setting Event Identification Risk Assessment Risk Response Control Activities Information and Communication Monitoring SO 7 The internal control structure of organizations

Enterprise Risk Management (ERM) Management should ensure the following types of control structures exist: Code of ethics (Chapter 3) COSO accounting internal control structure (Chapter 3) IT system control structure (Chapter 4) Corporate governance structure (Chapter 5) IT governance structure (Chapter 6) SO 7 The internal control structure of organizations

Quick Review The COSO report written for the purpose of assisting managers in the challenge of managing risk in their organizations is entitled “Internal Controls—Integrated Framework” b. “Enterprise Risk Management—Integrated Framework” c. “Corporate Governance” d. “IT Governance” SO 7 The internal control structure of organizations

The Accountant’s Role in AIS
Accountants may be users of the AIS, part of the design or implementation team of an AIS, and/or auditors of an AIS. SO 8 The importance of accounting information systems to accountants

The Accountant’s Role in AIS
Quick Review Accountants have some form of use of the AIS in all but which role? user b. programmer c. auditor d. designer SO 8 The importance of accounting information systems to accountants

Ethics and the AIS Examples of potential unethical behaviors:
Fraudulent financial reporting Revenue inflation Expense account fraud Inflating hours worked for payroll purposes Computer fraud Hacking Browsing confidential data SO 9 The relation of ethics to accounting information systems

Quick Review Ethics and the AIS
Which of the following is not true of unethical behavior? The only category of unethical behavior for accountants is inflating revenue. Accountants are often pressured to help commit or cover up unethical behavior. Hacking is an unethical behavior that accountants should be concerned about. An accounting information system can be used to cover up unethical behavior. SO 9 The relation of ethics to accounting information systems

Copyright Copyright © 2008 John Wiley & Sons, Inc. All rights reserved. Reproduction or translation of this work beyond that permitted in Section 117 of the 1976 United States Copyright Act without the express written permission of the copyright owner is unlawful. Request for further information should be addressed to the Permissions Department, John Wiley & Sons, Inc. The purchaser may make back-up copies for his/her own use only and not for distribution or resale. The Publisher assumes no responsibility for errors, omissions, or damages, caused by the use of these programs or from the use of the information contained herein.

Foundational Concepts of the AIS Accounting Information Systems, 1st Edition

Study Objectives The interrelationships of business processes and the AIS Types of accounting information systems Accounting software market segments Input methods used in business processes The processing of accounting data Outputs from the AIS related to business processes Documenting processes and systems Client-server computing Ethical considerations at the foundation of accounting information systems 1. On the topic, “Challenges Facing Financial Accounting,” what did the AICPA Special Committee on Financial Reporting suggest should be included in future financial statements? Non-financial Measurements (customer satisfaction indexes, backlog information, and reject rates on goods purchases). Forward-looking Information Soft Assets (a company’s know-how, market dominance, marketing setup, well-trained employees, and brand image). Timeliness (no real time financial information)

Business Processes and the AIS
Accounting Information System - a system that captures, records, processes, and reports accounting information. Business Process - a prescribed sequence of work steps completed in order to produce a desired result. SO 1 The interrelationships of business processes and the AIS

Exhibit 2-1 Overall View of Transactions, Processes, and Resulting Reports SO 1 The interrelationships of business processes and the AIS

Concept Check 1. Which of the following statements is not true? a. Accounting information systems must maintain both detail and summary information. b. Business processes may vary from company to company. c. Regardless of the extent of computerization, all accounting information systems must capture data from the transactions within business processes. d. Business processes categorized as expenditure processes are not intended to be processes that serve customers. SO 1 The interrelationships of business processes and the AIS

Types of Accounting Information Systems
Three categories of AIS: Manual systems Legacy systems Modern, integrated IT systems SO 2 Types of accounting information systems

Manual Systems Generally used by small organizations. Entirely manual system would require: Source document Turnaround document General ledger General journal Special journals Subsidiary ledgers SO 2 Types of accounting information systems

Legacy Systems Existing system, often based on old technology. Advantages are that legacy systems: Customized to specific needs. Support unique business processes not inherent in generic accounting software. Contain invaluable historical data that may be difficult to integrate into a new system. Well supported and understood by existing personnel. SO 2 Types of accounting information systems

Legacy Systems Disadvantages are that legacy systems: Costly to maintain. Often lack adequate supporting documentation. Hardware needed to maintain may become obsolete. Not usually based on user-friendly interfaces. Tends to use software written in older computer languages. Often difficult to modify to make user friendly. Difficult to integrate when companies merge. SO 2 Types of accounting information systems

Legacy Systems Decision whether to replace or update legacy systems. Screen scrapers Enterprise application integration Complete replacement of legacy systems SO 2 Types of accounting information systems

Modern, Integrated Systems New programs sold by software development companies are more user friendly than legacy accounting systems. Advantages to purchasing accounting software: Lower cost Shorter implementation time Fewer bugs SO 2 Types of accounting information systems

Concept Check 2. In a manual system, an adjusting entry would most likely be initially recorded in a a. special journal. b. subsidiary ledger. c. general journal. d. general ledger. SO 2 Types of accounting information systems

Concept Check 3. Which of the following is not a disadvantage of maintaining legacy systems? a. There are fewer programmers available to support and maintain legacy systems. b. They contain invaluable historical data that may be difficult to integrate into newer systems. c. Hardware or hardware parts may be unavailable for legacy systems. d. It can be difficult to integrate various legacy systems into an integrated whole. SO 2 Types of accounting information systems

Concept Check 4. Which of the following is a disadvantage of purchased accounting software, compared with software developed in-house? a. It is custom designed for that company. b. It is less costly. c. The implementation time is shorter. d. There are fewer bugs. SO 2 Types of accounting information systems

Accounting Software Market Segments
Exhibit 2-2 Accounting Software Market Segments SO 3 Accounting software market segments

Exhibit 2-3 Popular Accounting Software Programs within the Market Segments SO 3 Accounting software market segments

Concept Check 5. Which of the following is not a method of updating legacy systems? a. Enterprise application integration. b. Backoffice ware. c. Screen scraper. d. Complete replacement. SO 3 Accounting software market segments

Concept Check 6. When categorizing the accounting software market, a company with revenue of $8 million would most likely purchase software from which segment? a. Small company. b. Midmarket. c. Beginning ERP. d. Tier 1 ERP. SO 3 Accounting software market segments

Input Methods for AIS Input methods used in organizations:
Source documents and keying Bar coding Point of sale systems EDI E-business SO 4 Input methods used in business processes

Concept Check Input Methods for AIS
7. An IT system that uses touch-screen cash registers as an input method is called a. Electronic data interchange. b. E-business. c. Point of sale system. d. Source documents and keying. SO 4 Input methods used in business processes

Processing Methods Batch Processing -Transactions are grouped.
Advantages Efficient for large volumes of like transactions. Audit trail is maintained. Generally use less costly hardware and software. Hardware and software systems are not as complicated as on-line systems. Generally easier to control than other types of computerized systems. Personnel become specialized and efficient in processing routine transactions. SO 5 The processing of accounting data

Processing Methods Batch Processing -Transactions are grouped.
Disadvantages Processing can take longer Adding or deleting records takes much computer maintenance time. Some data duplication is likely. Integration across business processes is difficult in legacy systems that are batch oriented. Lag while all transactions in a batch are collected. May require that transaction and master files be sorted in the same sequential order. SO 5 The processing of accounting data

Online and Real-Time Processing
Processing Methods Online and Real-Time Processing Advantages System checks for input errors. Information provided on a timely basis. All files are constantly up to date. The business processes are integrated into a single database so that a single system is achieved. SO 5 The processing of accounting data

Online and Real-Time Processing
Processing Methods Online and Real-Time Processing Disadvantages Hardware and software are more expensive than a batch systems. A single database that is shared is more susceptible to unauthorized access of data. Real-time systems can be difficult to audit. SO 5 The processing of accounting data

b. Real-time processing.
Processing Methods Concept Check 8. When similar transactions are grouped together for a specified time for processing, it is called a. Online processing. b. Real-time processing. c. Batch processing. d. Group processing. SO 5 The processing of accounting data

Outputs of the AIS General Categories of Outputs
Trading partner documents such as checks, invoices, and statements Internal documents Internal reports External reports SO 6 Outputs from the AIS related to business processes

Documenting Systems Pictorial Representations of processes and systems include: Process maps System flowcharts Document flowcharts Data flow diagrams Entity relationship diagrams (ER diagrams) SO 7 Documenting processes and systems

Documenting Systems Process Maps
Pictorial representations of business processes in which the actual flow and sequence of events in the process are presented in diagram form. Exhibit 2-5 Process Map Symbols SO 7 Documenting processes and systems

Common System Flowchart Symbols
Exhibit 2-7 Common System Flowchart Symbols Documenting Systems System Flowcharts Intended to depict the entire system, including inputs, manual and computerized processes, and outputs. SO 7 Documenting processes and systems

Payroll System Flowchart
Documenting Systems Exhibit 2-8 Payroll System Flowchart Document Flowcharts Flow of documents and information among departments or units within an organization.

Restaurant Process Map
Documenting Systems Exhibit 2-9 Restaurant Process Map

Restaurant Document Flowchart
Exhibit 2-10 Restaurant Document Flowchart

Documenting Systems Data Flow Diagrams
Exhibit 2-11 Restaurant Data Flow Diagram Data Flow Diagrams Used to show the logical design of a system.

Entity Relationship Diagrams
Documenting Systems Entity Relationship Diagrams Pictorial representations of the logical structure of databases. Entities - items in the accounting system, such as employees, customers, vendors, and inventory items. Each entity has attributes, such as last name, first name, pay rate, and number of withholdings. SO 7 Documenting processes and systems

Entity Relationship Diagrams
Documenting Systems Entity Relationship Diagrams Cardinality refers to how many instances of an entity relate to each instance of another entity. One to one: Each employee has one personnel file. One to many: One supervisor has many employees. Many to many: Each vendor can sell many items. SO 7 Documenting processes and systems

Entity Relationship Diagrams Entity Relationship Diagrams
Exhibit 2-11 ERD of Internet Sales Documenting Systems Entity Relationship Diagrams Entity Relationship Diagrams SO 7 Documenting processes and systems

d. Entity relationship diagram.
Documenting Systems Concept Check 10. In documenting systems, which pictorial method is described as a method that diagrams the actual flow and sequence of events? a. System flowchart. b. Process map. c. Data flow diagram. d. Entity relationship diagram. SO 7 Documenting processes and systems

Client–Server Computing
Two types of computers are networked together to accomplish the application processing. Characteristics: Client and server computer are networked together. System appears to users to be one integrated whole. Individual parts of processing are shared between server and client. Client computer participates in processing or data manipulation in some meaningful way. SO 8 Client-server computing

Two Levels of Client-Server Computing: Distributed presentation. Distributed applications. SO 8 Client-server computing

Concept Check 12. In a client–server system, when the client PC manipulates data for presentation, but does not do any other significant processing, it is called a. Distributed presentation. b. Distributed application. c. Distributed database. d. Distributed processing. SO 8 Client-server computing

Ethical Considerations of AIS
Accountants should be aware of opportunities for unethical behaviors within the various business processes. As a company chooses features and options for its accounting information systems, the importance of monitoring those systems should not be overlooked as a factor in decision making. SO 9 Ethical considerations at the foundation of accounting information systems

Fraud, Ethics, and Internal Control Accounting Information Systems, 1st Edition

Study Objectives An introduction to the need for a code of ethics and good internal controls The accounting related fraud that can occur when ethics codes and internal controls are weak or not correctly applied The nature of management fraud The nature of employee fraud The nature of customer fraud The nature of vendor fraud The nature of computer fraud The policies that assist in the avoidance of fraud and errors The maintenance of a code of ethics The maintenance of accounting internal controls The maintenance of information technology controls 1. On the topic, “Challenges Facing Financial Accounting,” what did the AICPA Special Committee on Financial Reporting suggest should be included in future financial statements? Non-financial Measurements (customer satisfaction indexes, backlog information, and reject rates on goods purchases). Forward-looking Information Soft Assets (a company’s know-how, market dominance, marketing setup, well-trained employees, and brand image). Timeliness (no real time financial information)

Need for a Code of Ethics and Internal Controls
During 2001 and 2002, several companies were named in regards to fraudulent financial reporting. WorldCom (Audit firm) SO 1 An introduction to the need for a code of ethics and good internal controls

When management is unethical, fraud is likely to occur. Management obligations: Stewardship. Provide accurate reports. Maintain internal controls. Enforce a code of ethics. SO 1 An introduction to the need for a code of ethics and good internal controls

Quick Review The careful and responsible oversight and use of the assets entrusted to management is called a. control environment. b. stewardship. c. preventive control. d. security. SO 1 An introduction to the need for a code of ethics and good internal controls

Accounting Related Fraud
Fraud - theft, concealment, and conversion to personal gain of another’s money, physical assets, or information. Misappropriation of Assets - defalcation or internal theft. Misstatement of Financial Records - earnings management or fraudulent financial reporting. SO 2 The accounting related fraud that can occur when ethics codes and internal controls are weak or not correctly applied

Fraud, three conditions must exist. Exhibit 3-1 The Fraud Triangle SO 2 The accounting related fraud that can occur when ethics codes and internal controls are weak or not correctly applied

Exhibit 3-2 Categories of Accounting Related Fraud Categories of Accounting-Related Fraud SO 2 The accounting related fraud that can occur when ethics codes and internal controls are weak or not correctly applied

Quick Review Which of the following is not a condition in the fraud triangle? a. rationalization. b. incentive. c. conversion. d. opportunity. SO 2 The accounting related fraud that can occur when ethics codes and internal controls are weak or not correctly applied

The Nature of Management Fraud
Management Fraud is usually in the form of fraudulent financial reporting. Managers misstate financial statements in order to: Increased stock price. Improved financial statements. Enhanced chances of promotion, or avoidance of firing or demotion. Increased incentive-based compensation. Delayed cash flow problems or bankruptcy. SO 3 The nature of management fraud

Management Fraud may involve: Overstating revenues and assets. Understating expenses and liabilities. Misapplying accounting principles. Enron’s top management had been hiding debt and losses by using special purpose entities (SPEs). Two Examples: Managers at Xerox approved and encouraged accounting practices that violated GAAP and accelerated revenue recognition. SO 3 The nature of management fraud

Quick Review There are many possible indirect benefits to management when management fraud occurs. Which of the following is not an indirect benefit of management fraud? a. delayed exercise of stock options. b. delayed cash flow problems. c. enhanced promotion opportunities. d. increased incentive-based compensation. SO 3 The nature of management fraud

The Nature of Employee Fraud
Employee Fraud usually means that an employee steals cash or assets for personal gain. Kinds of Employee Fraud: Inventory theft. Cash receipts theft. Accounts payable fraud. Payroll fraud. Expense account fraud. Kickback Collusion Larceny Skimming SO 4 The nature of employee fraud

Quick Review Which of the following is not an example of employee fraud? a. skimming. b. larceny. c. kickbacks. d. earnings management. SO 4 The nature of employee fraud

Quick Review The most difficult type of misstatement to discover is fraud that is concealed by a. over-recording the transactions. b. nonrecorded transactions. c. recording the transactions in subsidiary records. d. related parties. SO 4 The nature of employee fraud

The Nature of Customer Fraud
Customer Fraud occurs when a customer improperly obtains cash or property from a company, or avoids a liability through deception. Kinds of Customer Fraud: Credit card fraud. Check fraud. Refund fraud. SO 5 The nature of customer fraud

The Nature of Vendor Fraud
Vendor Fraud occurs when vendors obtain payments to which they are not entitled. Vendors may: Submit duplicate or incorrect invoices. Send shipments in which the quantities are short. Send lower-quality goods than ordered. SO 6 The nature of vendor fraud

Quick Review The review of amounts charged to the company from a seller that it purchased from is called a a. vendor audit. b. seller review. c. collusion. d. customer review. SO 6 The nature of vendor fraud

The Nature of Computer Fraud
Computer Fraud may include: Industrial espionage. Software piracy. SO 7 The nature of computer fraud

Internal Sources of Computer Fraud Input manipulation Program manipulation Salami technique Trojan horse programs Trap door alterations Output manipulation SO 7 The nature of computer fraud

External Sources of Computer Fraud In most cases conducted by someone outside the company who has gained unauthorized access to the computer. Two Common Types: Hacking. Denial of Service attack (DoS) Spoofing. SO 7 The nature of computer fraud

Quick Review Which of the following is generally an external computer fraud, rather than an internal computer fraud? a. spoofing b. input manipulation c. program manipulation d. output manipulation SO 6 The nature of vendor fraud

Policies to Assist in the Avoidance of Fraud and Errors
Actions to assist in prevention or detection of fraud and errors: Maintain and enforce a code of ethics. Maintain a system of accounting internal controls. Maintain a system of information technology controls. SO 8 The policies that assist in the avoidance of fraud and errors

Maintain a Code of Ethics
Sarbanes–Oxley Act of 2002 Requirement - public companies adopt and disclose a code of ethics. Concepts usually found in code of ethics: Obeying applicable laws and regulations. Conduct that is honest, fair, and trustworthy. Avoiding all conflicts of interest. Creating and maintaining a safe work environment. Protecting the environment. SO 9 The maintenance of a code of ethics

System of Accounting Internal Controls
Objectives of an internal control system are: Safeguard assets (from fraud or errors). Maintain accuracy and integrity of accounting data. Promote operational efficiency. Ensure compliance with management directives. SO 10 The maintenance of accounting internal controls

Three types of controls: Preventive controls Detective controls Corrective controls COSO Report - five components of internal control: Control environment. Risk assessment. Control activities. Information and communication. Monitoring. SO 10 The maintenance of accounting internal controls

Exhibit 3-5 Factors of the Control Environment Control Environment Example of a less risky control environment Example of a more risky control environment Factor Integrity and ethics The company has a code of The company does not have ethics, and it is rigidly a code of ethics, or if they enforced. have one, it is not enforced. Philosophy and operating Management is very Management is very style conservative in its approach aggressive and risk taking to things such as mergers. in its approach to things such as mergers. SO 10 The maintenance of accounting internal controls

Example of a less risky control environment Example of a more risky control environment Factor Assignment of authority Lines of authority are well Managers have overlapping and responsibility established, and managers’ duties, and oftentimes jobs and duties are clear to managers are not quite sure them. whether or not they have certain responsibilities and authority. Organization and Management carefully trains Management does not spend development of people and cultivates employees to any money or time on the be able to take on more training of employees. responsibility. Attention and direction by Members of the board Members of the board do the board of directors examine reports and hold not prepare for the top management meetings they attend and accountable for the are merely “big-name” accuracy of the reports. figureheads.

Risk Assessment Management must develop a way to: Identify the sources of risks. Determine impact of risks. Estimate chances of risks occurring. Develop an action plan to reduce the impact and probability of risks. Execute the action plan and continue the cycle, beginning again with the first step. SO 10 The maintenance of accounting internal controls

Control Activities Categories: Authorization of transactions Segregation of duties Adequate records and documents Security of assets and documents Independent checks and reconciliation SO 10 The maintenance of accounting internal controls

Control Activities Categories: Authorization of Transactions General authorization Specific authorization SO 10 The maintenance of accounting internal controls

Control Activities Categories: Segregation of Duties Exhibit 3-6 Segregation of Duties SO 10 The maintenance of accounting internal controls

Control Activities Categories: Adequate Records and Documents Supporting documentation for all significant transactions Schedules and analyses of financial information Accounting cycle reports Audit Trail SO 10 The maintenance of accounting internal controls

Control Activities Categories: Security of Assets and Documents Protecting physical assets Protecting information Cost-benefit comparison SO 10 The maintenance of accounting internal controls

Control Activities Categories: Independent Checks and Reconciliation Procedures: Reconciliation Comparison of physical assets with records Recalculation of amounts Analysis of reports Review of batch totals SO 10 The maintenance of accounting internal controls

Quick Review Which control activity is intended to serve as a method to confirm the accuracy or completeness of data in the accounting system? a. authorization b. segregation of duties c. security of assets d. independent checks and reconciliations SO 10 The maintenance of accounting internal controls

Quick Review Proper segregation of functional responsibilities calls for separation of the functions of a. authorization, execution, and payment. b. authorization, recording, and custody. c. custody, execution, and reporting. d. authorization, payment, and recording. SO 10 The maintenance of accounting internal controls

Information and Communication An effective accounting system must: Identify all relevant financial events transactions. Capture the important data of these transactions. Record and process the data through appropriate classification, summarization, and aggregation. Report this summarized and aggregated information to managers. SO 10 The maintenance of accounting internal controls

Information and Communication Monitoring Any system of control must be constantly monitored to assure that it continues to be effective. SO 10 The maintenance of accounting internal controls

Reasonable Assurance of Internal Controls Controls achieve a sensible balance of reducing risk when compared with the cost of the control. Not possible to provide absolute assurance, because: Flawed judgments are applied in decision making. Human error exists in every organization. Controls can be circumvented or ignored. Controls may not be cost beneficial. SO 10 The maintenance of accounting internal controls

System of Information Technology Controls
For any business process, there should be both accounting internal controls as in COSO, and IT controls as in the Trust Principles. Risk and controls in IT are divided into five categories: Security Availability Processing integrity. Online privacy. Confidentiality. SO 11 The maintenance of information technology controls

System of Information Technology Controls
Quick Review AICPA Trust Principles identify five categories of risks and controls. Which category is best described by the statement, “Information process could be inaccurate, incomplete, or not properly authorized”? a. security b. availability c. processing integrity d. confidentiality SO 11 The maintenance of information technology controls

Internal Controls and Risks in IT Systems Accounting Information Systems, 1st Edition

Study Objectives An overview of internal controls for IT systems
General controls for IT systems General controls from a Trust Principles perspective Hardware and software exposures in IT systems Application software and application controls Ethical issues in IT systems 1. On the topic, “Challenges Facing Financial Accounting,” what did the AICPA Special Committee on Financial Reporting suggest should be included in future financial statements? Non-financial Measurements (customer satisfaction indexes, backlog information, and reject rates on goods purchases). Forward-looking Information Soft Assets (a company’s know-how, market dominance, marketing setup, well-trained employees, and brand image). Timeliness (no real time financial information)

Internal Controls for IT Systems
Accounting Information System - collects, processes, stores, and reports accounting information. Computer-based systems have been described as being of two types: General controls Application controls SO 1 An overview of internal controls for IT systems

Exhibit 4-1 General and Application Controls in IT Systems Application controls used to control inputs, processing, and outputs. General controls apply overall to the IT accounting system. SO 1 An overview of internal controls for IT systems

Concept Check Internal controls that apply overall to the IT system are called a. Overall controls. b. Technology controls. c. Application controls. d. General controls. SO 1 An overview of internal controls for IT systems

General Controls in IT Systems
Five categories of general controls: Authentication of users and limiting unauthorized access Hacking and other network break-ins Organizational structure Physical environment and physical security of the system Business Continuity SO 2 General controls for IT systems

Authentication of Users and Limiting Unauthorized Users Authentication of users Log-in User IDs Password Smart card Security token Two factor authentication Biometric devices Computer log Nonrepudiation User profile Authority table Configuration tables SO 2 General controls for IT systems

Hacking and other Network Break-Ins Firewall Symmetric encryption Public key encryption Wired equivalency privacy Wireless protected access Service set identifier Virtual private network Secure sockets layer Virus Antivirus software Vulnerability assessment Intrusion detection Penetration testing SO 2 General controls for IT systems

Organizational Structure IT governance committee, responsibilities include: Align IT investments to business strategy. Budget funds and personnel for the most effective use of the IT systems. Oversee and prioritize changes to IT systems. Develop, monitor, and review all IT operational policies. Develop, monitor, and review security policies. SO 2 General controls for IT systems

Organizational Structure Duties to be segregated are: Systems analysts Programmers Operators Database administrator SO 2 General controls for IT systems

Physical Environment and Security Physical access controls: Limited access to computer rooms through employee ID badges or card keys Video surveillance equipment Logs of persons entering and exiting the computer rooms Locked storage of backup data and offsite backup data SO 2 General controls for IT systems

Business Continuity Business Continuity Planning (BCP) Business continuity related to IT systems: A strategy for backup and restoration of IT systems, to include redundant servers, redundant data storage, daily incremental backups, a backup of weekly changes, and offsite storage of daily and weekly backups. A disaster recovery plan. SO 2 General controls for IT systems

Concept Check Which of the following is not a control intended to authenticate users? a. User log-in. b. Security token. c. Encryption. d. Biometric devices. SO 2 General controls for IT systems

Concept Check An IT governance committee has several responsibilities. Which of the following is least likely to be a responsibility of the IT governance committee? Develop and maintain the database and ensure adequate controls over the database. Develop, monitor, and review security policies. Oversee and prioritize changes to IT systems. d. Align IT investments to business strategy. SO 2 General controls for IT systems

General Controls from an AICPA Trust Principles Perspective
AICPA Trust Principles categorizes IT controls and risks into five categories: Security Availability Processing integrity Online privacy Confidentiality SO 3 General controls from a Trust Principles perspective

Risks In Not Limiting Unauthorized Users IT controls that lessen risk of unauthorized users gaining access to the IT system: user ID, password, security token, biometric devices, log-in procedures, access levels, computer logs, and authority tables. SO 3 General controls from a Trust Principles perspective

Risks From Hacking or Other Network Break-Ins Controls that may be applied are, firewalls encryption of data, security policies, security breach resolution, secure socket layers (SSL), virtual private network (VPN), network (VPN), SO 3 General controls from a Trust Principles perspective

Risks From Hacking or Other Network Break-Ins Controls that may be applied are, wired equivalency privacy (WEP), wireless protected access (WPA), service set identifier (SSID), antivirus software, vulnerability assessment, penetration testing, and intrusion detection. SO 3 General controls from a Trust Principles perspective

Risks From Environmental Factors Environmental changes that affect the IT system can cause availability risks and processing integrity risks. Physical Access Risks Business Continuity Risks SO 3 General controls from a Trust Principles perspective

General Controls from an AICPA Trust
Concept Check AICPA Trust Principles describe five categories of IT risks and controls. Which of these five categories would best be described by the statement, “The system is protected against unauthorized access”? a. Security. b. Confidentiality. c. Processing integrity. d. Availability. SO 3 General controls from a Trust Principles perspective

General Controls from an AICPA Trust
Concept Check The risk that an unauthorized user would shut down systems within the IT system is a(n) a. Security risk. b. Availability risk. c. Processing integrity risk. d. Confidentiality risk. SO 3 General controls from a Trust Principles perspective

Hardware and Software Exposures
Typical IT system components that represent “entry points” where the risks must be controlled. The operating system The database The database management system (DBMS) Local area networks (LANs) Wireless networks E-business conducted via the Internet Telecommuting workers Electronic data interchange (EDI) Application software SO 4 Hardware and software exposures in IT systems

Hardware and Software Exposures Typical “entry points”
Exhibit 4-6

The Operating System The software that controls the basic input and output activities of the computer. Provides the instructions that enable the CPU to: read and write to disk, read keyboard input, control output to the monitor, manage computer memory, and communicate between the CPU, memory, and disk storage. SO 4 Hardware and software exposures in IT systems

The Operating System Unauthorized access would allow an unauthorized user to: Browse disk files or memory for sensitive data or passwords. Alter data through the operating system. Alter access tables to change access levels of users. Alter application programs. Destroy data or programs. SO 4 Hardware and software exposures in IT systems

The Database A large disk storage for accounting and operating data. Controls such as: user IDs, passwords, authority tables, firewalls, and encryption are examples of controls that can limit exposure. SO 4 Hardware and software exposures in IT systems

Hardware and Software Exposures The Database Management System
A software system that manages the interface between many users and the database. Exhibit 4-7 SO 4 Hardware and software exposures in IT systems

Exhibit 4-6 The Database Management System A software system that manages the interface between many users and the database. SO 4 Hardware and software exposures in IT systems

A software system that manages the interface between many users and the database. Physical access, environmental, and business continuity controls can help guard against the loss of the data or alteration to the DBMS. SO 4 Hardware and software exposures in IT systems

LANS and WANS A local area network, or LAN, is a computer network covering a small geographic area. A group of LANs connected to each other is called a wide area network, or WAN. SO 4 Hardware and software exposures in IT systems

LANS and WANS Exhibit 4-6 Controls: limit unauthorized users firewalls encryption virtual private networks SO 4 Hardware and software exposures in IT systems

Exhibit 4-6 Wireless Networks Same kind of exposures as a local area network. SO 4 Hardware and software exposures in IT systems

Wireless Networks Same kind of exposures as a local area network. Controls include: wired equivalency privacy (WEP) or wireless protected access (WPA), station set identifiers (SSID), and encrypted data. SO 4 Hardware and software exposures in IT systems

Hardware and Software Exposures Internet and World Wide Web
Exhibit 4-6 Internet and World Wide Web The use of dual firewalls can help prevent hackers or unauthorized users from accessing the organization’s internal network of computers. SO 4 Hardware and software exposures in IT systems

Hardware and Software Exposures Telecommuting Workers
Exhibit 4-6 Telecommuting Workers The organization’s security policy should address the security expectations of workers who telecommute, and such workers should connect to the company network via a virtual private network.

Hardware and Software Exposures Electronic Data Interchange
Company-to-company transfer of standard business documents in electronic form. EDI controls include: authentication, computer logs, and network break-in controls. Exhibit 4-6

Concept Check The risk of an unauthorized user gaining access is likely to be a risk for which of the following areas? a. Telecommuting workers. b. Internet. c. Wireless networks. d. All of the above. SO 4 Hardware and software exposures in IT systems

Application Software and Application Controls
Applications software accomplishes end user tasks such as: word processing, spreadsheets, database maintenance, and accounting functions. Applications controls - intended to improve the accuracy, completeness, and security of input, process, and output. SO 5 Application software and application controls

Input Controls Date input - data converted from human readable form to computer readable form. Input controls are of four types: Source document controls Standard procedures for data preparation and error handling Programmed edit checks Control totals and reconciliation SO 5 Application software and application controls

Application Software and Application Controls Source Document Controls
Source document -paper form used to capture and record the original data of an accounting transaction. Note: Many IT systems do not use source documents. General controls such as computer logging of transactions and keeping backup files, become important. Where source documents are used, several source document controls should be used. SO 5 Application software and application controls

Source Document Controls Form Design - Both the source document and the input screen should be well designed so that they are easy to understand and use, logically organized into groups of related data. Form Authorization and Control: Area for authorization by appropriate manager Prenumbered and used in sequence Blank source documents should be controlled SO 5 Application software and application controls

Source Document Controls Retention of Source Documents: Retained and filed for easy retrieval Part of the audit trail. SO 5 Application software and application controls

Standard Procedures for Data Input Data Preparation – standard data collection procedures reduce the chance of lost, misdirected, or incorrect data collection from source documents. Error Handling: Errors should be logged, investigated, corrected, and resubmitted for processing Error log should be regularly reviewed by an appropriate manager SO 5 Application software and application controls

Programmed Input Validation Checks Data should be validated and edited to be as close to the original source of data as possible. Input validation checks include: 1. Field check 2. Validity check 3. Limit check 4. Range check 5. Reasonableness check 6. Completeness check 7. Sign check 8. Sequence check 9. Self-checking digit SO 5 Application software and application controls

Control Totals and Reconciliation Control totals are subtotals of selected fields for an entire batch of transactions. Three types: record counts, batch totals, and hash totals. SO 5 Application software and application controls

Processing Controls Intended to prevent, detect, or correct errors that occur during processing. Ensure that application software has no errors. Control totals, limit and range tests, and reasonableness and sign tests. Computer logs of transactions processed, production run logs, and error listings. SO 5 Application software and application controls

Output Controls Reports from the various applications. Two primary objectives of output controls: to assure the accuracy and completeness of the output, and to properly manage the safekeeping of output reports to ascertain that security and confidentiality of the information is maintained. SO 5 Application software and application controls

Concept Check Which programmed input validation check compares the value in a field with related fields with determine whether the value is appropriate? a. Completeness check. b. Validity check. c. Reasonableness check. d. Completeness check. SO 5 Application software and application controls

Concept Check Which programmed input validation check determines whether the appropriate type of data, either alphabetic or numeric, was entered? a. Completeness check. b. Validity check. c. Reasonableness check. d. Field check. SO 5 Application software and application controls

Concept Check Which programmed input validation makes sure that a value was entered in all of the critical fields? a. Completeness check. b. Validity check. c. Reasonableness check. d. Field check. SO 5 Application software and application controls

Concept Check Which control total is the total of field values that are added for control purposes, but not added for any other purpose? a. Record count. b. Hash total. c. Batch total. d. Field total. SO 5 Application software and application controls

Ethical Issues in Information Technology
Besides fraud, there are many kinds of unethical behaviors related to computers, such as: Misuse of confidential customer information. Theft of data, such as credit card information, by hackers. Employee use of IT system hardware and software for personal use or personal gain. Using company to send offensive, threatening, or sexually explicit material. SO 6 Ethical issues in IT systems

Corporate Governance and the Sarbanes-Oxley Act Accounting Information Systems, 1st Edition

Study Objectives An overview of corporate governance
Participants in the corporate governance process The functions within the corporate governance process The history of corporate governance The Sarbanes–Oxley Act of 2002 The impact of the Sarbanes–Oxley Act on corporate governance The importance of corporate governance in the study of accounting information systems Ethics and corporate governance 1. On the topic, “Challenges Facing Financial Accounting,” what did the AICPA Special Committee on Financial Reporting suggest should be included in future financial statements? Non-financial Measurements (customer satisfaction indexes, backlog information, and reject rates on goods purchases). Forward-looking Information Soft Assets (a company’s know-how, market dominance, marketing setup, well-trained employees, and brand image). Timeliness (no real time financial information)

An Overview of Corporate Governance
Accountants would characterize corporate governance as a system of checks and balances whereby a company’s leadership is held accountable for building: shareholder value and creating confidence in the financial reporting processes. Tone at the top - set of values and behaviors in place for the corporate leaders. SO 1 An overview of corporate governance

Concept Check Which of the following is not considered a component of corporate governance? a. Board of directors oversight. b. IRS audits. c. Internal audits. d. External audits. SO 1 An overview of corporate governance

Concept Check Good corporate governance is achieved when the interests of which of the following groups are balanced? a. Internal auditors and external auditors. b. Shareholders and regulators. c. Shareholders, the corporation, and the community. d. Regulators and the community. SO 1 An overview of corporate governance

Concept Check Corporate governance is primarily concerned with a. enhancing the trend toward more women serving on boards of directors.. b. promoting an increase in hostile takeovers. c. promoting the legitimacy of corporate charters. d. emphasizing the relative roles, rights, and accountability of a company’s stakeholders. SO 1 An overview of corporate governance

Participants in Corporate Governance Process
Exhibit 5-1 Stakeholders as participants in the corporate governance process Stakeholders are all of the different people who have some form of involvement or interest in the business. SO 2 Participants in the corporate governance process SO 1 An overview of corporate governance

Exhibit 5-1 Stakeholders as participants in the corporate governance process Internal Stakeholders Shareholders Board of directors Audit committee Management Employees Internal auditors

Exhibit 5-1 Stakeholders as participants in the corporate governance process External Stakeholders External auditors Governing bodies Communities Investors Creditors Customers and suppliers

Concept Check The governing body responsible for establishing the COSO framework for internal controls evaluations is the a. Treadway Commission. b. SEC. c. PCAOB. d. FASB.

Functions Within Corporate Governance Process
Management Oversight Policies and procedures in place to lead the directorship of the company. Features of effective leaders: recruiting, motivating, evaluating, problem solving, and decision making. SO 3 The functions within the corporate governance process

Internal Controls and Compliance Accurate and transparent financial reporting requires a process approach. Six-step process for internal controls: Define key activities and resources. Define objectives of each activity. Obtain input from experienced users and advisors on the effective design of controls. Formally document the details of controls. Test the effectiveness of controls. Engage in continuous improvement. SO 3 The functions within the corporate governance process

Functions Within Corporate Governance Process Financial Stewardship
Discipline, respect, and accountability encourage good financial stewardship. Earnings management - manipulating financial information. early recognition of revenues early shipment of products falsification of customers falsification of invoices or other records allowing customers to take products without taking title to the products SO 3 The functions within the corporate governance process

Ethical Conduct Integrity, fairness, and accountability are the underlying concepts in each of the roles of corporate governance. SO 3 The functions within the corporate governance process

Concept Check When financial information is presented properly and its correctness is verifiable, it is a. transparent. b. compliant. c. accurate. d. accountable. SO 3 The functions within the corporate governance process

History of Corporate Governance
Corporate governance first came to light in the 1930s with the creation of the Securities and Exchange Commission and in reaction to the accounting problems connected with the market crash of 1929 and the Great Depression. Over the years, the concept has evolved as the business world has shifted focus from materiality to earnings pressures and, most recently, to the requirements of the Sarbanes–Oxley Act. SO 4 The history of corporate governance

Sarbanes–Oxley Act of 2002 The Sarbanes–Oxley Act (“the Act”) applies to public companies and the auditors of public companies. The Public Company Accounting Oversight Board (PCAOB) was established. PCAOB comprises five members appointed by the SEC. PCAOB governs the work of auditors of public companies PCAOB has investigative and disciplinary authority over the performance of public accounting firms. SO 5 The Sarbanes-Oxley Act of 2002

Sarbanes–Oxley Act of 2002 Certain sections of the Act pertain to audit services. 201—Services outside scope of practice of auditors. 301—Public company audit committees. 302—Corporate responsibility for financial reports. 906—Failure of corporate officers to certify financial reports. 401—Disclosures in periodic reports. 404—Management assessment of internal controls. 406—Code of ethics for senior financial officers. SO 5 The Sarbanes-Oxley Act of 2002

Sarbanes–Oxley Act of 2002 Certain sections of the Act pertain to audit services. 409—Real-time disclosures. 802—Criminal penalties for altering documents. 1102—Tampering with a record or otherwise impeding an official proceeding. 806—Protection for employees of publicly traded companies who provide evidence of fraud. SO 5 The Sarbanes-Oxley Act of 2002

Concept Check Sarbanes–Oxley Act of 2002
Which of the following nonaudit services may be performed by auditors for a public-company audit client? a. IT consulting regarding the general ledger system for a newly acquired division. b. Programming assistance on the new division’s general ledger system. c. Human resources consulting regarding personnel for the new division. d. Income tax return preparation for the new division. SO 5 The Sarbanes-Oxley Act of 2002

c. It protects whistleblowers’ jobs and prohibits retaliation.
Sarbanes–Oxley Act of 2002 Concept Check Section 806 of the Sarbanes–Oxley Act is often referred to as the whistleblower protection provision of the Act because a. It offers stock ownership to those who report instances of wrongdoing. b. It specifies that whistleblowers must be terminated so as to avoid retaliation. c. It protects whistleblowers’ jobs and prohibits retaliation. d. It provides criminal penalties for the alteration or destruction of documents. SO 5 The Sarbanes-Oxley Act of 2002

Impact of Sarbanes–Oxley Act
Management Oversight More knowledgeable about accounting principles and financial systems. Management certification of financial information. Rigid penalties for noncompliance. SO 6 The impact of the Sarbanes–Oxley Act on corporate governance

Impact of Sarbanes–Oxley Act Internal Controls and Compliance
Extra work for accountants, IT departments, and executives. More paperwork is now prepared, retained, and filed with the SEC. More timely information is required. Section 404 requires companies to monitor their systems to find weaknesses in internal controls. SO 6 The impact of the Sarbanes–Oxley Act on corporate governance

Financial Stewardship Act has caused many companies to take a deeper look at their policies and procedures that govern corporate conduct. Ethical Conduct codes of conduct performance evaluation models communications SO 6 The impact of the Sarbanes–Oxley Act on corporate governance

Concept Check In the corporate governance chain of command, the audit committee is accountable to a. The company’s vendors and other creditors. b. Management and employees. c. Governing bodies such as the SEC and PCAOB. d. The external auditors. SO 6 The impact of the Sarbanes–Oxley Act on corporate governance

Concept Check Which of the following is true regarding the post-Sarbanes–Oxley role of the corporate leader? a. More emphasis is placed on strategic planning and less emphasis on financial information. b. The corporate leader must be more in tune with IT to provide corporate governance solutions. c. The corporate leader must be more focused on merger and acquisition targets. d. The corporate leader tends to be less involved with the board of directors. SO 6 The impact of the Sarbanes–Oxley Act on corporate governance

Corporate Governance in the Study of AIS
The Sarbanes–Oxley Act heightens the business value of financial information. Since the Act requires more financial information and faster financial reporting, there is more attention than ever on the importance of the accountants and IT personnel who provide financial information for the company. SO 7 Importance of corporate governance in the study of AIS

Ethics and Corporate Governance
Internal stakeholders may sometimes have difficult ethical choices to make when their personal interests conflict with the interests of shareholders. Corporate governance must provide the structure to make sure that a system of financial stewardship is maintained, even when times get tough. SO 8 Ethics and corporate governance

Ethics and Corporate Governance
Concept Check Many corporate frauds involve a. Managers soliciting assistance from their subordinates. b. A small deceptive act that intensifies into criminal behavior c. An earnings management motive. d. All of the above. SO 8 Ethics and corporate governance

IT Governance Accounting Information Systems, 1st Edition

Study Objectives An overview of IT governance and its role in strategic management An overview of the system development life cycle (SDLC) The elements of the systems planning phase of the SDLC The elements of the systems analysis phase of the SDLC The elements of the systems design phase of the SDLC The elements of the systems implementation phase of the SDLC The elements of the operation and maintenance phase of the SDLC The critical importance of IT governance in an organization Ethical considerations related to IT governance 1. On the topic, “Challenges Facing Financial Accounting,” what did the AICPA Special Committee on Financial Reporting suggest should be included in future financial statements? Non-financial Measurements (customer satisfaction indexes, backlog information, and reject rates on goods purchases). Forward-looking Information Soft Assets (a company’s know-how, market dominance, marketing setup, well-trained employees, and brand image). Timeliness (no real time financial information)

Introduction to IT Governance
How does a company decide, which IT systems are appropriate? which accounting software package to buy? when it has outgrown its accounting software or when to upgrade the software? whether to use IT systems to sell products on the web? whether to establish a data warehouse for analyzing data such as sales trends? whether to use ERP systems or customer relationship management (CRM) software? SO 1 An overview of IT governance and its role in strategic management

IT systems must be strategically managed. Strategic management is the process of determining the strategic vision for the organization, developing the long-term objectives, creating the strategies that will achieve the vision and objectives, and implementing those strategies. SO 1 An overview of IT governance and its role in strategic management

Proper management, control, and use of IT systems is IT governance. IT Governance is defined as: [A] structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise’s goals by adding value while balancing risk versus return over IT and its processes. IT governance provides the structure that links IT processes, IT resources and information to enterprise strategies and objectives. SO 1 An overview of IT governance and its role in strategic management

Management must focus on the following activities: aligning IT strategy with the business strategy cascading strategy and goals down into the enterprise providing organizational structures that facilitate the implementation of strategy and goals insisting that an IT control framework be adopted and implemented measuring IT’s performance SO 1 An overview of IT governance and its role in strategic management

The board and top management must ensure that the organization has processes to accomplish the following: Continually evaluate the match of strategic goals to the IT systems in use. Identify changes or improvements to the IT system. Prioritize the necessary changes to IT systems. Develop the plan to design and implement those IT changes that are of high priority. Implement and maintain the IT systems. Continually loop back to step 1. SO 1 An overview of IT governance and its role in strategic management

Company should have an IT governance committee and a formal process to select, design, and implement IT systems (system development life cycle, or SDLC). SO 1 An overview of IT governance and its role in strategic management

Concept Check IT governance includes all but which of the following responsibilities? a. Aligning It strategy with the business strategy. b. Writing programming code for IT systems. c. Insisting that an IT control framework be adopted and implemented. d. Measuring IT’s performance. SO 1 An overview of IT governance and its role in strategic management

An Overview of SDLC The systems development life cycle (SDLC) is a systematic process to manage the acquisition, design, implementation, and use of IT systems. Operation and Maintenance Exhibit 6-1 An Overview of the Systems Development Life Cycle System Planning System Implementation System Analysis System Design SO 2 An overview of the system development life cycle (SDLC)

Process Map of the System Development Life Cycle (SDLC)
An Overview of SDLC Exhibit 6-2 Process Map of the System Development Life Cycle (SDLC) SO 2 An overview of the system development life cycle (SDLC)

Elements of Systems Planning Phase of SDLC
IT governance committee must monitor the IT system through feedback about network utilization, security breaches, and reports on the operation of the system. IT governance committee should consider: the assessment of IT systems and their match to strategic organizational objectives, and the feasibility of each of the requested modifications or upgrades. SO 3 The elements of the systems planning phase of the SDLC

Exhibit 6-3 System Planning Process Map SO 3 The elements of the systems planning phase of the SDLC

Feasibility Study IT governance committee should evaluate the feasibility of each competing proposal. Four feasibility aspects Technical Operational Economic Schedule feasibility SO 3 The elements of the systems planning phase of the SDLC

Planning and Oversight of Proposed Changes IT governance committee must decide which of the changes can be undertaken at the current time. Next phases of the SDLC: 1. Formally announce the project. 2. Assign the project team that will begin the next phase, the systems analysis. 3. Budget the funds necessary to complete the SDLC. 4. Continue oversight and management of the project team and proposed IT changes. SO 3 The elements of the systems planning phase of the SDLC

Concept Check Which of the following feasibility aspects is an evaluation of whether the technology exists to meet the need identified in the proposed change to the IT system? a. Technical feasibility. b. Operational feasibility. c. Economic feasibility. d. Schedule feasibility. SO 3 The elements of the systems planning phase of the SDLC

Concept Check The purpose of the feasibility study is to assist in? a. Selecting software. b. Designing internal controls. c. Designing reports for the IT system. d. Prioritizing IT requested changes. SO 3 The elements of the systems planning phase of the SDLC

Elements of Systems Analysis Phase of SDLC
Exhibit 6-4 System Analysis Process Map Preliminary Investigation The purpose of the preliminary investigation is to determine whether the problem or deficiency in the current system really exists. “go” or “no-go” decision SO 4 The elements of the systems analysis phase of the SDLC

System Survey A systems survey requires collecting data about the current system, including the following: Inputs Outputs Processes Controls Data storage Transaction volumes Errors SO 4 The elements of the systems analysis phase of the SDLC

Determination of User Requirements
Elements of Systems Analysis Phase of SDLC Determination of User Requirements To gain a complete understanding of the system under study, the project team should not only observe and review documentation, but also seek the opinions and thoughts of those who use the system. Interviews Questionnaires SO 4 The elements of the systems analysis phase of the SDLC

Analysis of the System Survey
Elements of Systems Analysis Phase of SDLC Analysis of the System Survey Analysis phase is the critical-thinking stage. In many cases, the analysis phase may lead to business process reengineering (BPR). “ fundamental rethinking and radical redesign of business processes to bring about dramatic improvements” in performance. SO 4 The elements of the systems analysis phase of the SDLC

Elements of Systems Analysis Phase of SDLC System Analysis Report
The report to inform the IT governance committee of the results of the systems survey, user needs determination, and BPR. SO 4 The elements of the systems analysis phase of the SDLC

Concept Check Which phase of the system development life cycle includes determining user needs of the IT system? a. Systems planning. b. Systems analysis. c. Systems design. d. Systems implementation. SO 4 The elements of the systems analysis phase of the SDLC

Elements of Systems Design Phase of SDLC
Purchased Software Exhibit 6-5 System Design Process Map for Purchased Software SO 5 The elements of the systems design phase of the SDLC

When evaluating each proposal, the IT governance committee should consider: 1. Price of software or software modules 2. Match of system and user needs to features of the software 3. Technical, operational, economic, and schedule feasibility 4. Technical support provided by the vendor 5. Reputation and reliability of the vendor 6. Usability and user friendliness of the software 7. Testimonials from other customers SO 5 The elements of the systems design phase of the SDLC

In-House Design Exhibit 6-6 System Design Process Map for In-House Design SO 5 The elements of the systems design phase of the SDLC

Conceptual Design Involves identifying the alternative conceptual design approaches to systems that will meet the needs identified in the system analysis phase. SO 5 The elements of the systems design phase of the SDLC

Elements of Systems Design Phase of SDLC Evaluation and Selection
Feasibility assessments are: Technical feasibility Operational feasibility Economic feasibility Schedule feasibility In most cases, the cost–benefit analysis is the most important of the four tests. SO 5 The elements of the systems design phase of the SDLC

Detailed Design The purpose of the detailed design phase is to create the entire set of specifications necessary to build and implement the system. The various parts of the system that must be designed are the outputs, inputs, Processes, data storage, and internal controls. SO 5 The elements of the systems design phase of the SDLC

Concept Check A request for proposal (RFP) is used during the? a. Phase-in period. b. Purchase of software. c. Feasibility study. d. In-house design. SO 5 The elements of the systems design phase of the SDLC

Elements of Systems Implementation Phase
Exhibit 6-7 Implementation and Operation Process Map Parallel Direct cutover Phase-in Pilot SO 6 The elements of the systems implementation phase of the SDLC

Concept Check Which of the following steps within the systems implementation phase could not occur concurrently with other steps, but would occur at the end? a. Employee training. b. Data conversion. c. Software programming. d. Post-implementation review. SO 6 The elements of the systems implementation phase of the SDLC

Concept Check Each of the following are methods for implementing a new application system except a. Direct cutover conversion. b. parallel conversion. c. Pilot conversion. d. Test method conversion. SO 6 The elements of the systems implementation phase of the SDLC

Elements of the Operation and Maintenance Phase
Management should receive regular reports regarding the performance of the IT system. Examples of reports are: IT performance IT load usage and excess capacity Downtime of IT systems Maintenance hours on IT systems IT security and number of security breaches or problems IT customer satisfaction, from both internal and external customers. SO 7 The elements of the operation and maintenance phase of the SDLC

Elements of the Operation and Maintenance Phase
Concept Check The use of the SDLC for IT system changes is important for several reasons. Which of the following is not a part of the purposes of the SDLC processes? a. As a part of strategic management of the organization. b. As part of the internal control structure of the organization. c. As part of the audit of an IT system. d. As partial fulfillment of management’s ethical obligations. SO 7 The elements of the operation and maintenance phase of the SDLC

Critical Importance of IT Governance
Three major purposes are served by the continual and proper use of the IT governance committee and the SDLC: 1. The strategic management process of the organization 2. The internal control structure of the organization 3. The fulfillment of ethical obligations SO 8 The critical importance of IT governance in an organization

Ethical Considerations Related to IT Governance
Management has an ethical obligation to maintain a set of processes and procedures that assure accurate and complete records and protection of assets. Employees should not subvert the process. Consultants have at least four ethical obligations: Bid the engagement fairly, and completely disclose the terms of potential cost increases. Bill time accurately to the client. Do not oversell unnecessary services or systems. Do not disclose confidential or proprietary information. SO 9 Ethical considerations related to IT governance

Ethical Considerations Related to IT Governance
Concept Check Confidentiality of information is an ethical consideration for which of the following party or parties? a. Management. b. Employees. c. Consultants. d. All of the above. SO 9 Ethical considerations related to IT governance

Auditing Information Technology-Based Processes Accounting Information Systems, 1st Edition

Study Objectives An introduction to auditing IT processes
The various types of audits and auditors Information risk and IT-enhanced internal control Authoritative literature used in auditing Management assertions used in the auditing process and the related audit objectives The phases of an IT audit The use of computers in audits Tests of controls Tests of transactions and tests of balances Audit Completion/Reporting Other audit considerations Ethical issues related to auditing 1. On the topic, “Challenges Facing Financial Accounting,” what did the AICPA Special Committee on Financial Reporting suggest should be included in future financial statements? Non-financial Measurements (customer satisfaction indexes, backlog information, and reject rates on goods purchases). Forward-looking Information Soft Assets (a company’s know-how, market dominance, marketing setup, well-trained employees, and brand image). Timeliness (no real time financial information)

Introduction to Auditing IT Processes
Accounting services that improve the quality of information are called assurance services. An audit is the most common type of assurance service. SO 1 An introduction to auditing IT processes

Types of Audits and Auditors
Main purpose of the audit is to assure users of financial information about the accuracy and completeness of the information. Three primary types of audits include compliance audits, operational audits, and financial statement audits. SO 2 The various types of audits and auditors

Audits are typically conducted by accountants. Certified public accountants (CPAs) Internal auditor IT auditors Government auditors SO 2 The various types of audits and auditors

IT environment plays a key role in how auditors conduct their work in the following areas: Consideration of risk Audit procedures used to obtain knowledge of accounting and internal control systems Design and performance of audit tests SO 2 The various types of audits and auditors

Concept Check Which of the following types of audits is most likely to be conducted for the purpose of identifying areas for cost savings? a. Financial statement audits b. Operational audits c. Regulatory audits d. Compliance audits SO 2 The various types of audits and auditors

Concept Check Financial statement audits are required to be performed by a. government auditors. b. CPAs. c. internal auditors. d. IT auditors. SO 2 The various types of audits and auditors

Risk and IT-Enhanced Internal Control
Information risk is the chance that information used by decision makers may be inaccurate. Following are some causes of information risk: Remoteness of information Volume and complexity of underlying data Motive of the preparer SO 3 Information risk and IT-enhanced internal control

Authoritative Literature Used in Auditing
Sources of authoritative literature Generally accepted auditing standards (GAAS) Public Company Accounting Oversight Board (PCAOB) Auditing Standards Board (ASB) International Audit Practices Committee (IAPC) Information Systems Audit and Control Association (ISACA). SO 4 Authoritative literature used in auditing

Concept Check Which of the following is not a part of generally accepted auditing standards? a. general standards b. standards of fieldwork c. standards of information systems d. standards of reporting SO 4 Authoritative literature used in auditing

Concept Check Which of the following best describes what is meant by the term “generally accepted auditing standards”? a. Procedures used to gather evidence to support the accuracy of a client’s financial statements b. Measures of the quality of an auditor’s conduct c. Professional pronouncements issued by the Auditing Standards Board d. Rules acknowledged by the accounting profession because of their widespread application SO 4 Authoritative literature used in auditing

Concept Check In an audit of financial statements in accordance with generally accepted auditing standards, an auditor is required to a. document the auditor’s understanding of the client company’s internal controls. b. search for weaknesses in the operation of the client company’s internal controls. c. perform tests of controls to evaluate the effectiveness of the client company’s internal controls. d. determine whether controls are appropriately designed to prevent or detect material misstatements. SO 4 Authoritative literature used in auditing

Management Assertions and Audit Objectives
Responsibility for the preparation of financial statements lies with management Management assertions are claims regarding the financial condition and results of operations. Existence/occurrence Valuation and Allocation Accuracy, Classification, Cutoff Completeness Rights and Obligations Presentation and Disclosure Audit tests developed for an audit client are documented in an audit program. SO 5 Management assertions used in the auditing process and the related audit objectives

Concept Check Auditors should design a written audit program so that a. all material transactions will be included in substantive testing. b. substantive testing performed prior to year end will be minimized. c. the procedures will achieve specific audit objectives related to specific management assertions. d. each account balance will be tested under either a substantive test or a test of controls. SO 5 Management assertions used in the auditing process and the related audit objectives

Concept Check Which of the following audit objectives relates to the management assertion of existence? a. A transaction is recorded in the proper period. b. A transaction actually occurred (i.e., it is real). c. A transaction is properly presented in the financial statements. d. A transaction is supported by detailed evidence. SO 5 Management assertions used in the auditing process and the related audit objectives

Phases of an IT Audit There are four primary phases to an IT audit:
planning, tests of controls, substantive tests, and audit completion/reporting. SO 6 The phases of an IT audit

SO 6 The phases of an IT audit
Exhibit 7-4 Process Map of Phases of an Audit SO 6 The phases of an IT audit

Phases of an IT Audit Audit evidence is proof of the fairness of financial information. Techniques for gathering evidence: physically examining or inspecting assets or supporting documentation obtaining written confirmations rechecking or recalculating information observing the underlying activities making inquiries of client personnel analyzing financial relationships and comparisons SO 6 The phases of an IT audit

Phases of an IT Audit Audit Planning
Auditors review and assess the risks and controls, establish materiality guidelines, and develop relevant tests addressing the objectives. SO 6 The phases of an IT audit

Audit Planning Phase Process Map
Phases of an IT Audit Audit Planning Exhibit 7-5 Audit Planning Phase Process Map SO 6 The phases of an IT audit

Concept Check Phases of an IT Audit
Risk assessment is a process designed to a. identify possible events that may effect the business. b. establish policies and procedures to carry out internal controls. c. identify and capture information in a timely manner. d. test the internal controls throughout the year. SO 6 The phases of an IT audit

Concept Check Phases of an IT Audit
Which of the following audit procedures is most likely to be performed during the planning phase of the audit? a. Obtain an understanding of the client’s risk assessment process. b. Identify specific internal control activities that are designed to prevent fraud. c. Evaluate the reasonableness of the client’s accounting estimates. d. Test the timely cutoff of cash payments and collections. SO 6 The phases of an IT audit

Use of Computers in Audits
Auditing around the computer Auditing through the computer Auditing with the computer Computer-assisted audit techniques (CAATs) SO 7 The use of computers in audits

Use of Computers in Audits
Concept Check Which of the following is the most significant disadvantage of auditing around the computer rather than through the computer? a. The time involved in testing processing controls is significant. b. The cost involved in testing processing controls is significant. c. A portion of the audit trail is not tested. d. The technical expertise required to test processing controls is extensive. SO 7 The use of computers in audits

Control Testing Phase Process Map
Tests of Controls Exhibit 7-6 Control Testing Phase Process Map Tests of controls involve audit procedures designed to evaluate both general controls and application controls. SO 8 Test of controls

Tests of Controls General Controls
Two broad categories of general controls that relate to IT systems: IT administration and related operating systems development and maintenance processes Security controls and related access issues SO 8 Test of controls

Tests of Controls General Controls IT Administration
Audit tests include review for the existence and communication of company policies regarding: personal accountability and segregation of incompatible responsibilities job descriptions and clear lines of authority computer security and virus protection IT systems documentation SO 8 Test of controls

Tests of Controls General Controls Security Controls
To test external access controls, auditors may perform: Authenticity tests. Penetration tests Vulnerability assessments Review access logs to identify unauthorized users or failed access attempts SO 8 Test of controls

Tests of Controls Application Controls
Computerized controls over application programs. Auditors should test Systems documentation Main functions of the computer applications input, processing, and output. SO 8 Test of controls

Completeness or redundancy tests
Tests of Controls Application Controls Input Controls Financial totals Hash totals Completeness or redundancy tests Limit tests Validation checks Field checks SO 8 Test of controls

Tests of Controls Application Controls
Processing Controls, techniques for testing Test data method Program tracing Integrated test facility Parallel simulation Embedded audit modules SO 8 Test of controls

Tests of Controls Application Controls Output Controls
Reasonableness tests Audit trail tests Rounding errors tests SO 8 Test of controls

Concept Check Tests of Controls
The primary objective of compliance testing in a financial statement audit is to determine whether a. procedures have been updated regularly. b. financial statement amounts are accurately stated. c. internal controls are functioning as designed. d. collusion is taking place. SO 8 Test of controls

Which of the following computer assisted auditing techniques processes actual client input data (or a copy of the real data) on a controlled program under the auditor’s control to periodically test controls in the client’s computer system? a. Test data method b. Embedded audit module c. Integrated test facility d. Parallel simulation SO 8 Test of controls

Which of the following is a general control to test for external access to a client’s computerized systems? a. Penetration tests b. Hash totals c. Field checks d. Program tracing SO 8 Test of controls

Tests of Transactions and Balances
Substantive Testing - tests of accuracy of monetary amounts of transactions and account balances. Computerized auditing tools make it possible for more efficient audit tests such as: mathematical and statistical calculations data queries identification of missing items in a sequence stratification and comparison of data items selection of items of interest from the data files summarization of testing results into a useful format for decision making SO 9 Test of transactions and tests of balances

Exhibit 7-9 Substantive Testing Phase Process Map SO 9 Test of transactions and tests of balances

Concept Check Generalized audit software can be used to a. examine the consistency of data maintained on computer files. b. perform audit tests of multiple computer files concurrently. c. verify the processing logic of operating system software. d. process test data against master files that contain both real and fictitious data. SO 9 Test of transactions and tests of balances

Audit Completion/Reporting
Four basic types of reports: Unqualified opinion Qualified opinion Adverse opinion Disclaimer The most important task is obtaining a letter of representations from client management. SO 10 Audit Completion/Reporting

Audit Completion/Reporting
Exhibit 7-10 Audit Completion/Reporting Phase Process Map SO 10 Audit Completion/Reporting

Other Audit Considerations
Different IT Environments Using PCs, companies may use IT environments that involve networks, database management systems, and/or e-commerce systems. SO 11 Other audit considerations

Changes in a Client’s IT Environment Auditors must consider whether additional audit testing is needed. Specific audit tests include verification of: Assessment of user needs Authorization for new projects and program changes Adequate feasibility study and cost–benefit analysis Proper design documentation Proper user instructions Adequate testing before system is put into use SO 11 Other audit considerations

Sampling Test a limited number of items or transactions and then draw conclusions about the balance as a whole on the basis of the results. SO 11 Other audit considerations

Concept Check Independent auditors are generally actively involved in each of the following tasks except: a. Preparation of a client’s financial statements and accompanying notes b. Advising client management as to the applicability of a new accounting standard c. Proposing adjustments to a client’s financial statements d. Advising client management about the presentation of the financial statements SO 11 Other audit considerations

Concept Check Which of the following is most likely to be an attribute unique to the audit work of CPAs, compared with work performed by attorneys or practitioners of other business professions? a. Due professional care b. Competence c. Independence d. A complex underlying body of professional knowledge SO 11 Other audit considerations

Concept Check Which of the following terms is not associated with the auditor’s requirement to maintain independence? a. Objectivity b. Neutrality c. Professional skepticism d. Competence SO 11 Other audit considerations

Ethical Issues Related to Auditing
AICPA Code of Professional Conduct Six principles of the code: Responsibilities. The Public Interest. Integrity. Objectivity and Independence. CPAs Due Care Scope and Nature of Services Auditors must practice professional skepticism SO 12 Ethical issues related to auditing

Overview of ERP Systems
Concept Check Manufacturing companies implement ERP systems for the primary purpose of a. Increasing productivity. b. Reducing inventory quantities. c. Sharing information. d. Reducing investments. SO 1 The overview of an ERP system

Revenue and Cash Collection Processes and Controls Accounting Information Systems, 1st Edition

Study Objectives An overview of revenue processes within an organization Sales processes and the risks and controls in sales processes Sales return processes and the risks and controls in sales return processes Cash collection processes and the risks and controls in cash collection processes An overview of IT systems of revenue and cash collection that enhance the efficiency of revenue processes E-business systems and the related risks and controls Electronic data interchange (EDI) systems and the related risks and controls Point of sale (POS) systems and the related risks and controls Ethical issues related to revenue processes Corporate governance of revenue processes 1. On the topic, “Challenges Facing Financial Accounting,” what did the AICPA Special Committee on Financial Reporting suggest should be included in future financial statements? Non-financial Measurements (customer satisfaction indexes, backlog information, and reject rates on goods purchases). Forward-looking Information Soft Assets (a company’s know-how, market dominance, marketing setup, well-trained employees, and brand image). Timeliness (no real time financial information)

Introduction to Revenue Processes
Companies sell products and/or services. Examples: Retailers: Record the sale, collect cash, update inventory status all at the time of the sale. Manufacturers: Sell product to other companies. Deliver goods and bill customer at a later date. Collect payment. SO 1 An overview of revenue processes within an organization

Systems and processes must be in place to capture, record, summarize, and report sales transactions. Processes include: Polices and procedures employees follow in completing the sale. Capturing customer data and sales quantities. Routing sales documents to the right departments. The Accounting System uses this flow of sales documents to various departments to record, summarize, and report the results of the sales transactions. SO 1 An overview of revenue processes within an organization

Exhibit 8-1 Revenue Processes within the Overall System SO 1 An overview of revenue processes within an organization

Business processes common in company-to-company sales are: Collect order data from customer. Deliver goods. Record receivable and bill customer. Handle product returns. Collect the cash. Update records, such as accounts receivable, cash, inventory, revenue, and cost of goods sold. SO 1 An overview of revenue processes within an organization

Sales Processes Terminology Purchase Order Sales Order Price List
Credit Limit Pick List Packing Slip Bill of Lading. Shipping Log Sales Invoice (Bill) Sales Journal SO 2 Sales processes and the risks and controls in sales processes

Sales Processes See next slide for larger image. Exhibit 8-2
Sales Process Map See next slide for larger image. SO 2 Sales processes and the risks and controls in sales processes

Sales Processes Exhibit 8-2 Sales Process Map
SO 2 Sales processes and the risks and controls in sales processes

Controls and Risks in Sales Processes
Common procedures associated with the revenue process: Authorization of transactions Segregation of duties Adequate records and documents Security of assets and documents Independent checks and reconciliation SO 2 Sales processes and the risks and controls in sales processes

Characteristics indicating risk with respect to revenue processes: Frequent changes made to sales prices or customers. Pricing structure is complex or based on estimates. Large volume of transactions. One or few key customers. Shipments not controlled directly by the company. Product mix is difficult to differentiate. Shipping and/or recordkeeping at multiple locations. SO 2 Sales processes and the risks and controls in sales processes

Quick Review The purpose of tracing shipping documents to prenumbered sales invoices would be to provide evidence that shipments to customers were properly invoiced. b. no duplicate shipments or billings occurred. c. goods billed to customers were shipped. d. all prenumbered sales invoices were accounted for. SO 2 Sales processes and the risks and controls in sales processes

Quick Review The purpose of tracing sales invoices to shipping documents would be to provide evidence that shipments to customers were properly invoiced. b. no duplicate shipments or billings occurred. c. goods billed to customers were shipped. d. all prenumbered sales invoices were accounted for. SO 2 Sales processes and the risks and controls in sales processes

Sales Returns Processes
Company must have procedures for receiving returned goods, crediting customer’s account, and placing items back in inventory. Terminology: Receiving log Receiving report Credit memorandum SO 3 Sales return processes and the risks and controls in sales return processes

Exhibit 8-8 Sales Returns Process Map See next slide for larger image. SO 3 Sales return processes and the risks and controls in sales return processes

Exhibit 8-8 Sales Returns Process Map SO 3 Sales return processes and the risks and controls in sales return processes

Controls and Risks Associated with the Sales Returns Process
Specific controls over the sales returns process: Authorization of transactions Segregation of duties Adequate records and documents Security of assets and documents Independent checks and reconciliation SO 3 Sales return processes and the risks and controls in sales return processes

Circumstances which may indicate high level of risk. Quantities of returns are difficult to determine. High volume of credit memo activity. Product prices change frequently, or pricing structure is otherwise complex. Returns are received at various locations, or issuance of credit memos may occur at different locations. One or few key customers. Returns not controlled directly by the company. SO 3 Sales return processes and the risks and controls in sales return processes

Quick Review Under a system of sound internal controls, if a company sold defective goods, the return of those goods from the customer should be accepted by the receiving clerk. b. sales clerk. c. purchasing clerk. d. inventory control clerk. SO 3 Sales return processes and the risks and controls in sales return processes

Cash Collection Processes
Company-to-company sales are typically made on account, and a time span is given for the customer to pay. Terminology: Remittance advice Cash receipts journal SO 4 Cash collection processes and the risks and controls in cash collection processes

Exhibit 8-12 Cash Receipts Process Map See next slide for larger image. SO 4 Cash collection processes and the risks and controls in cash collection processes

Exhibit 8-12 Cash Receipts Process Map SO 4 Cash collection processes and the risks and controls in cash collection processes

Quick Review Which of the following is not a document that is part of the cash collection process? Remittance advice b. Cash receipts journal c. Bank deposit slip d. Packing slip SO 4 Cash collection processes and the risks and controls in cash collection processes

Controls and Risks Associated with the Cash Collection Process
Specific controls over the cash receipts process: Authorization of transactions Segregation of duties Adequate records and documents Security of assets and documents Independent checks and reconciliation SO 4 Cash collection processes and the risks and controls in cash collection processes

Controls and Risks Associated with the Cash Collection Process
Circumstances that may indicate risks to cash collections. High volume of cash collections. Decentralized cash collections. Lack of consistency in the volume or source of collections. Presence of cash collections denominated in foreign currencies. SO 4 Cash collection processes and the risks and controls in cash collection processes

Quick Review Which of the following would represent proper segregation of duties? The employee who has custody of cash also does accounts receivable record keeping. b. The employee who has custody of cash completes the bank reconciliation. The employee who opens mail containing checks prepares a list of checks received. The employee who opens mail containing checks records transactions in the general ledger. SO 4 Cash collection processes and the risks and controls in cash collection processes

IT Enabled Systems of Revenue and Cash Collection Processes
Larger IT systems generally have: Fewer manual processes More computerized processes SO 5 An overview of IT systems of revenue and cash collection that enhance the efficiency of revenue processes

Exhibit 8-17 Revenue Processes System Flowchart IT Enabled Systems of Revenue and Cash Collection Processes Exhibit 8-17 is a system flowchart of a generic version of revenue system with some paper documents.

Sophisticated, highly integrated IT systems capture, record, and process revenue and cash collection events. Such systems include: E-commerce systems. Electronic Data Interchange (EDI) systems. Point of Sale (POS) systems. SO 5 An overview of IT systems of revenue and cash collection that enhance the efficiency of revenue processes

Sophisticated IT systems usually lead to: First, underlying processes are reengineered (BPR) so as to be conducted more efficiently. Second, IT systems improve the efficiency of the underlying processes. SO 5 An overview of IT systems of revenue and cash collection that enhance the efficiency of revenue processes

E-Business Systems and the Risks and Controls
Two popular types of Internet sales: Business to Business (B2B) Business to Consumer (B2C) SO 6 E-business systems and the related risks and controls

Advantages of e-commerce include: Reduced cost Shorter sales cycles Increased accuracy and reliability of sales data Increased potential market for products and services SO 6 E-business systems and the related risks and controls

Risks related to Internet Sales include: Security and Confidentiality Unauthorized access. Hackers or other network break-ins. Repudiation of sales transactions. Processing Integrity Invalid data entered by customers. Incomplete audit trail. Errors when integrating data into back end systems. SO 6 E-business systems and the related risks and controls

Risks related to Internet Sales include: Availability Hardware and software system failures that block customers from access to the website. Virus and worm attacks. Denial-of-service attacks by hackers. In addition, there are many online privacy risks to customers. SO 6 E-business systems and the related risks and controls

Quick Review When a company sells items over the Internet, it is usually called e-commerce. There are many IT risks related to Internet sales. The risk of invalid data entered by a customer would be a(n) availability risk. b. processing integrity risk. c. security risk d. confidentiality risk SO 6 E-business systems and the related risks and controls

Quick Review When a company sells items over the Internet, there are many IT risks. The risk of hardware and software failures that prevent website sales would be a(n) availability risk. b. processing integrity risk. c. security risk d. confidentiality risk SO 6 E-business systems and the related risks and controls

Electronic Data Interchange and the Risks and Controls
Electronic data interchange is the inter-company, computer-to-computer transfer of business documents in a standard business format. ANSI X.12 standards divide EDI data transmissions into three parts: Header data Trailer data Labeling interchanges Data segments SO 7 Electronic data interchange (EDI) systems and the related risks and controls

Value Added Networks (VANs) Exhibit 8-18 EDI Using a Third-Party Network

Advantages to an EDI system within the revenue and cash collection processes: Reduction or elimination of data keying. Elimination of keying errors. Elimination of costs related to keying errors. Elimination of time needed to key in orders. Elimination of mail delays. SO 7 Electronic data interchange (EDI) systems and the related risks and controls

Advantages to an EDI system within the revenue and cash collection processes: Elimination of postage costs. Reduction in inventory levels. Competitive advantage through better customer service. Preservation of business with existing customers who have adopted EDI. SO 7 Electronic data interchange (EDI) systems and the related risks and controls

Risks in an EDI system include: Security and Confidentiality Unauthorized access. Trading partners gaining access to unauthorized data. Hackers or other network break-ins. Repudiation of sales transactions. Processing Integrity Invalid data entered by trading partners. Incomplete audit trail. Errors when integrating data into back end systems. SO 7 Electronic data interchange (EDI) systems and the related risks and controls

Risks in an EDI system include: Availability Hardware and software system failures that block customers from access to the EDI system. IT controls can lessen these risks. Controls are: Authentication Encryption Transaction logging Control totals Acknowledgment SO 7 Electronic data interchange (EDI) systems and the related risks and controls

Quick Review When The use of electronic data interchange (EDI) to conduct sales electronically has both risks and benefits. Which of the following is a benefit of EDI, rather than a risk? Incomplete audit trail. b. Repudiation of sales transactions. c. Unauthorized access. d. Shorter inventory cycle time. SO 7 Electronic data interchange (EDI) systems and the related risks and controls

Point of Sale Systems and the Risks and Controls
Point of Sale systems, features that assist accountants and managers: Touch screen menus. Bar code scanning. Real-time access to inventory and price data. Credit card authorizations during the sale. Real-time update of cash, sales, and inventory records. Immediate summaries and analyses. Integration with the company’s general ledger system. SO 8 Point of sale (POS) systems and the related risks and controls

Point of Sale systems can reduce some processing integrity risks within revenue and cash collection: Pricing errors for products sold. Cash overage shortage errors. Errors in inventory changes—less chance of an incorrect product number. Erroneous or invalid sales voids or deletions. SO 8 Point of sale (POS) systems and the related risks and controls

Quick Review When An IT system that uses touch screens, bar coded products, and credit card authorization during the sale is called a(n) electronic data interchange system. b. e-commerce system. c. point of sale system. d. e-payables system. SO 8 Point of sale (POS) systems and the related risks and controls

Ethical Issues Related to Revenue Processes
Intentional revenue inflation is unethical, and many types of revenue inflation are illegal. Two ways to inflate revenue: Channel stuffing Leaving sales open SO 9 Ethical issues related to revenue processes

Corporate Governance of Revenue Processes
Four primary functions of the corporate governance process: Management oversight. Internal controls and compliance. Financial stewardship. Ethical conduct. Establishing proper processes, internal controls, and ethical guidelines leads to better corporate governance and, therefore, good financial stewardship. SO 10 Corporate governance of revenue processes

Quick Review Corporate Governance of Revenue Processes
Which of the following is not a method of unethically inflating sales revenue? Electronic data interchange system. b. E-commerce system. c. Point of sale system. d. E-payables system. SO 10 Corporate governance of revenue processes

Expenditures Processes and Controls-Purchases Accounting Information Systems, 1st Edition

Study Objectives An introduction to expenditures processes
Purchasing processes and the related risks and controls Purchase return processes and the related risks and controls Cash disbursement processes and the related risks and controls An overview of IT systems of expenditure and cash disbursement processes that enhance the efficiency of expenditures processes Computer-based matching of purchasing documents and the related risks and controls Evaluated receipt settlement systems and the related risks and controls E-business and electronic data interchange (EDI) systems and the related risks and controls E-payables systems Procurement cards Ethical issues related to expenditures processes Corporate governance in expenditures processes 1. On the topic, “Challenges Facing Financial Accounting,” what did the AICPA Special Committee on Financial Reporting suggest should be included in future financial statements? Non-financial Measurements (customer satisfaction indexes, backlog information, and reject rates on goods purchases). Forward-looking Information Soft Assets (a company’s know-how, market dominance, marketing setup, well-trained employees, and brand image). Timeliness (no real time financial information)

Introduction to Expenditure Processes
When a purchase occurs, the information resulting from that purchase must flow into the purchase recording systems, the accounts payable and cash disbursement systems, and the inventory tracking systems. Transaction Processing Systems (TPS) SO 1 An introduction to expenditure processes

Exhibit 9-1 Expenditures Processes within the Overall System SO 1 An introduction to expenditure processes

Exhibit 9-2 Comparison of the Revenue and Expenditures Processes SO 1 An introduction to expenditure processes

Common expenditures processes include: Prepare a purchase requisition and/or purchase order. Notify vendor (supplier) of goods or services needed. Receive goods or services. Record the payable. Pay the resulting invoice. Update the records affected, such as accounts payable, cash, inventory, and expenses. SO 1 An introduction to expenditure processes

Purchasing Processes Terminology Purchase Requisition Purchase Order
Purchases Journal Blind Purchase Order Bill of Lading Packing Slip Receiving Report Receiving Log Cutoff Accounts Payable Subsidiary Ledger SO 2 Purchasing processes and the related risks and controls

Purchasing Processes See next slide for larger image. Exhibit 9-2
Purchasing Process Map See next slide for larger image. SO 2 Purchasing processes and the related risks and controls

Purchasing Processes Exhibit 9-2 Purchasing Process Map
SO 2 Purchasing processes and the related risks and controls

Controls and Risks in Purchasing Processes
Common procedures associated with the revenue process: Authorization of transactions Segregation of duties Adequate records and documents Security of assets and documents Independent checks and reconciliation Cost-benefit considerations SO 2 Purchasing processes and the related risks and controls

Characteristics indicating risk with purchasing processes: Goods received difficult to differentiate, count, or inspect. High volumes of goods are received, or goods are of high value. Inventory pricing arrangements are complex or based on estimates. Frequent changes occur in purchase prices or vendors. Company depends on one or few key vendors. Receiving and/or record keeping are performed at multiple locations. SO 2 Purchasing processes and the related risks and controls

Quick Review Within the purchasing processes, which of the following is the first document prepared and thereby the one that triggers the remaining purchasing processes? a. The invoice b. The receiving report c. The purchase order d. The purchase requisition SO 2 Purchasing processes and the related risks and controls

Quick Review Personnel who work in the receiving area should complete all of the following processes except counting the goods received. inspecting goods received for damage. preparing a receiving report. preparing an invoice. SO 2 Purchasing processes and the related risks and controls

Quick Review Which of the given departments will immediately adjust the vendor account for each purchase transaction so that the company will know the correct amount owed to the vendor? Purchasing Receiving Accounts payable Shipping SO 2 Purchasing processes and the related risks and controls

Purchase Returns Processes
Reasons for Returns: Goods received are unacceptable: Quantity or quality discrepancies Damage or defects Errors in the type of goods delivered or ordered Discrepancies in the terms of the purchase Timing issues Changes in the company’s needs. SO 3 Purchase return processes and the related risks and controls

Exhibit 9-9 Purchase Returns Process Map See next slide for larger image. SO 3 Purchase return processes and the related risks and controls

Exhibit 9-9 Purchase Returns Process Map SO 3 Purchase return processes and the related risks and controls

Risks and Controls in the Purchase Returns Process
Specific controls over the purchase returns process: Authorization of transactions Segregation of duties Adequate records and documents Security of assets and documents Independent checks and reconciliation Cost-benefit considerations SO 3 Purchase return processes and the related risks and controls

Risks and Controls in the Purchase Returns Process
Quick Review The document prepared when purchased items are returned is a(n) debit memo. invoice. receiving report. sales journal. SO 3 Purchase return processes and the related risks and controls

Cash Disbursement Processes
Cash disbursements process must be designed to ensure that the company appropriately processes payments to satisfy its accounts payable when they are due. Terminology: Cash management Remittance advice Cash disbursements journal SO 4 Cash disbursement processes and the related risks and controls

Exhibit 9-14 Cash Disbursement Process Map See next slide for larger image. SO 4 Cash disbursement processes and the related risks and controls

Exhibit 9-14 Cash Disbursement Process Map Cash Disbursement Processes SO 4 Cash disbursement processes and the related risks and controls

Risks and Controls Cash Disbursement Process
Specific controls over the cash receipts process: Authorization of transactions Segregation of duties Adequate records and documents Security of assets and documents Independent checks and reconciliation Cost-benefit considerations SO 4 Cash disbursement processes and the related risks and controls

Quick Review Which of the following controls is not normally performed in the accounts payable department? The vendor’s invoice is matched with the related receiving report. Vendor invoices are selected for payment. Asset and expense accounts to be recorded are assigned. Unused purchase orders and receiving reports are accounted for. SO 4 Cash disbursement processes and the related risks and controls

Quick Review In a system of proper internal controls, the same employee should not be allowed to sign checks and cancel the supporting voucher package. receive goods and prepare the related receiving report. prepare voucher packages and sign checks. initiate purchase requisitions and inspect goods received. SO 4 Cash disbursement processes and the related risks and controls

Quick Review Within accounts payable, to ensure that each voucher is submitted and paid only once, each invoice approved to be paid should be supported by a receiving report. stamped “paid” by the check signer. prenumbered and accounted for. approved for authorized purchases. SO 4 Cash disbursement processes and the related risks and controls

IT Systems of Expenditure and Cash Disbursement Processes
Three-Way Match - matching of a purchase order to the related receiving report and invoice. Time consuming and expensive. Business Process Reengineering (BPR) to improve efficiency and effectiveness. IT systems include: Computer-based matching and checking of purchasing documents Evaluated receipt settlement (ERS) Electronic forms of purchase and payment SO 5 An overview of IT systems of expenditure and cash disbursement processes that enhance the efficiency of expenditures processes

IT Systems of Expenditure and Cash Disbursement Processes
Exhibit 9-19 Document Matching to Approve and Pay for Purchases Exhibit 8-17 is a system flowchart of a generic version of revenue system with some paper documents. SO 5 An overview of IT systems of expenditure and cash disbursement processes that enhance the efficiency of expenditures processes

Computer-Based Matching
Automated matching - software matches an invoice to its related purchase order and receiving report. Advantages reduce time, costs, errors, and duplicate payments in invoice processing. Risks system errors unauthorized access, fraud, and inadequate backup of files. SO 6 Computer-based matching of purchasing documents and the related risks and controls

Risks and Controls in Computer-Based Matching
Security and Confidentiality Risks Processing Integrity Risks Availability Risks SO 6 Computer-based matching of purchasing documents and the related risks and controls

Elevated Receipt Settlement
Prior to 2000, some companies, began implementing invoice-less matching systems for purchasing and paying vendors. Evaluated receipt settlement (ERS) - receipt of goods is carefully evaluated and, if it matches the purchase order, settlement of the obligation occurs through this system. SO 7 Evaluated receipt settlement systems and the related risks and controls

Risks and Controls in Elevated Receipt Settlement
Security and Confidentiality Risks Processing Integrity Risks Availability Risks SO 7 Evaluated receipt settlement systems and the related risks and controls

Risks and Controls in Elevated Receipt Settlement
Quick Review Which of the following IT systems is designed to avoid the document matching process and is an “invoiceless” system? Computer-based matching system Electronic data interchange Evaluated receipt settlement Microsoft Dynamics GP® SO 7 Evaluated receipt settlement systems and the related risks and controls

E-Business and Electronic Data Interchange
Value Added Networks (VANs) Exhibit 8-18 EDI Using a Third-Party Network

Risks and Controls in El-Business and EDI
Exhibit 9-20 E-Business and EDI Risks and Controls SO 8 E-business and electronic data interchange (EDI) systems and the related risks and controls

Risks and Controls in El-Business and EDI
Quick Review Input controls such as field check, validity check, limit check, and reasonableness check are useful in IT systems of purchasing processes to lessen which of the following risks? Unauthorized access Invalid data entered by vendors Repudiation of purchase transactions Virus and worm attacks SO 8 E-business and electronic data interchange (EDI) systems and the related risks and controls

E-Payables Electronic Invoice Presentment and Payment (EIPP)
Takes advantage of the connectivity of the Internet to electronically send invoices or payments. SO 9 E-payables system

Procurement Cards Procurement cards Called p-cards
Credit cards that organization gives to certain employees to make designated purchases. Normally not used to purchase raw materials or products Used for small-dollar-amount purchases. SO 10 Procurement cards

Ethical Issues Related to Expenditures
It is important to establish internal control policies and IT controls to help prevent or detect such fraud, ethical lapses, or errors. SO 11 Ethical issues related to expenditures processes

It is important to establish internal control policies and IT controls to help prevent or detect fraud, ethical lapses, or errors. SO 11 Ethical issues related to expenditures processes

Quick Review Which of the following is most likely to be effective in deterring fraud by upper level managers? Internal controls An enforced code of ethics Matching documents prior to payment Segregating custody of inventory from inventory record keeping SO 11 Ethical issues related to expenditures processes

Corporate Governance in Expenditure Processes
Corporate governance policies should incorporate the four areas of management oversight, internal controls, financial stewardship, and ethical behavior. SO 12 Corporate governance in expenditure processes

Expenditures Processes and Controls-Payroll and Fixed Assets Accounting Information Systems, 1st Edition

Study Objectives An introduction to payroll and fixed asset processes
Payroll processes Risks and controls in payroll processes IT systems of payroll processes Fixed asset processes Risks and controls in fixed asset processes IT Systems of fixed asset processes Ethical issues related to payroll and fixed assets processes Corporate governance in payroll and fixed assets processes 1. On the topic, “Challenges Facing Financial Accounting,” what did the AICPA Special Committee on Financial Reporting suggest should be included in future financial statements? Non-financial Measurements (customer satisfaction indexes, backlog information, and reject rates on goods purchases). Forward-looking Information Soft Assets (a company’s know-how, market dominance, marketing setup, well-trained employees, and brand image). Timeliness (no real time financial information)

Introduction to Payroll and Fixed Asset Processes
Payroll processes Acquiring and maintaining human resources. Capturing and maintaining employee data. Paying employees. Recording cash and payroll liabilities and expenses. Fixed asset processes Purchasing property. Capturing and maintaining relevant data about assets. Paying for and recording the related assets. Recording depreciation and other expenses. Accounting for gains or losses. SO 1 An introduction to payroll and fixed asset processes

Various risks Recorded expenditures may not be valid. Transactions may be recorded in the wrong amount. Valid expenditure transactions may have been omitted. Transactions may have been recorded in the wrong employee or vendor account. Transactions may not have been recorded in a timely manner. Transactions may not have been accumulated or transferred to the accounting records correctly. SO 1 An introduction to payroll and fixed asset processes

Payroll and Fixed Asset Processes
Exhibit 10-1 Expenditure Processes within the Overall System SO 1 Payroll and fixed asset processes

Quick Review Which of the following statements about payroll and fixed asset processes is true? Both have only routine processes. Both have only nonroutine processes. Both have routine and nonroutine processes. Payroll has only routine processes, while fixed asset has only nonroutine processes SO 1 An introduction to payroll and fixed asset processes

Payroll Processes Terminology Human resources department
Organization chart Time sheet Payroll register Payroll disbursements journal SO 2 Payroll processes

Payroll Processes SO 2 Payroll processes
Exhibit 10-3 Payroll Process Map See next slide for larger image. SO 2 Payroll processes

Payroll Processes SO 2 Payroll processes Exhibit 10-3
Payroll Process Map SO 2 Payroll processes

Quick Review Payroll Processes
For a given pay period, the complete listing of paychecks for the pay period is a payroll register. payroll ledger. payroll journal. paymaster. SO 2 Payroll processes

Quick Review Payroll Processes A payroll voucher
authorizes an employee paycheck to be written. authorizes the transfer of cash from a main operating account to a payroll account. authorizes the transfer of cash from a payroll account to a main operating account. authorizes the paymaster to distribute paychecks. SO 2 Payroll processes

Risks and Controls in Payroll Processes
Common procedures associated with the payroll process: Authorization of transactions Segregation of duties Adequate records and documents Security of assets and documents Independent checks and reconciliation Cost-benefit considerations SO 3 Risks and controls in payroll processes

Quick Review For proper segregation of duties, the department that should authorize new employees for payroll would be payroll. human resources. cash disbursement. general ledger. SO 3 Risks and controls in payroll processes

Quick Review Internal control problems would be likely to result if a company’s payroll department supervisor was also responsible for reviewing authorization forms for new employees. comparing the payroll register with the batch transmittal data. authorizing changes in employee pay rates. hiring subordinates to work in the payroll department. SO 3 Risks and controls in payroll processes

Quick Review Which of the following departments or positions most likely would approve changes in pay rates and deductions from employee salaries? Human resources Treasurer Controller Payroll SO 3 Risks and controls in payroll processes

IT Systems of Payroll Processes
Payroll requires routine mathematical calculations and storing of a large volume of data regarding employees, deductions, vacation days, sick days, and other data. IT systems can include payroll and human resources software, automated timekeeping, Internet-based timekeeping, and electronic transfer of funds. Some organizations outsource payroll processing. SO 4 IT systems of payroll processes

IT Systems of Payroll Processes
Quick Review An integrated IT system of payroll and human resources may have extra risks above those of a manual system. Passwords and access logs are controls that should be used in these integrated systems to lessen the risk of hardware failures. erroneous data input. payroll data that does not reconcile to time cards. unauthorized access to payroll data. SO 4 IT systems of payroll processes

Fixed Assets Processes
Fixed assets may include the following: vehicles, office equipment and computers, machinery and production equipment, furniture, and real estate (such as land and buildings). SO 5 Fixed asset processes

Fixed Asset Acquisitions Initiated by user department. Large cash outlays sometimes required. Non-routine transactions that require specific authorization. Capital budget. Fixed asset subsidiary ledger. SO 5 Fixed asset processes

Fixed Asset Continuance Involves: Updating cost data for improvements Updating estimated figures as needed Adjusting for periodic depreciation Keeping track of physical location of assets Depreciation schedule SO 5 Fixed asset processes

Fixed Asset Disposals Four Basis Steps: Date of disposal is noted, and depreciation computations updated through this date. Disposed assets are removed from fixed asset subsidiary ledger. Related depreciation accounts are removed. Gains or losses are computed. SO 5 Fixed asset processes

Exhibit 10-11 Fixed Asset Disposal Process Map See next slide for larger image. SO 5 Fixed asset processes

Exhibit 10-11 Fixed Asset Disposal Process Map SO 5 Fixed asset processes

Quick Review The purchase of fixed assets is likely to require different authorization processes than the purchase of inventory. Which of the following is not likely to be part of the authorization of fixed assets? Specific authorization Inclusion in the capital budget An investment analysis or feasibility analysis of the purchase Approval of the depreciation schedule SO 5 Fixed asset processes

Risks and Controls in Fixed Assets Processes
Authorization of Transactions Three Formal Steps: Investment analysis Comparison with the capital budget Review of the proposal and specific approval Exhibit 10-13 Fixed Asset Approval Levels SO 6 Risks and controls in fixed asset processes

Common procedures associated with the fixed asset process: Authorization of transactions Segregation of duties Adequate records and documents Security of assets and documents Independent checks and reconciliation Cost-benefit considerations SO 6 Risks and controls in fixed asset processes

Quick Review Which of the following is not a part of “adequate documents and records” for fixed assets? Fixed asset journal Fixed asset subsidiary ledger Purchase order Fixed asset tags SO 6 Risks and controls in fixed asset processes

Quick Review Which of the following questions would be least likely to appear on an internal control questionnaire regarding the initiation and execution of new PP&E purchases? Are requests for repairs approved by someone higher than the department initiating the request? Are prenumbered purchase orders used and accounted for? Are purchase requisitions reviewed for consideration of soliciting competitive bids? Is access to the assets restricted and monitored? SO 6 Risks and controls in fixed asset processes

Quick Review Which of the following reviews would be most likely to indicate that a company’s property, plant, and equipment accounts are not understated? Review of the company’s repairs and maintenance expense accounts. Review of supporting documentation for recent equipment purchases. Review and recomputation of the company’s depreciation expense accounts. Review of the company’s miscellaneous revenue account. SO 6 Risks and controls in fixed asset processes

IT Systems of Fixed Assets Processes
The efficiency and effectiveness of accounting for fixed assets can be greatly improved through the use of specialized asset management software. Such software simplifies the record keeping regarding location and description of fixed assets, depreciation and maintenance records, audit trail, and linkages to the general ledger. SO 7 IT systems of fixed assets processes

IT Systems of Fixed Assets Processes
Quick Review Which of the following is not an advantage of fixed asset software systems when compared with spreadsheets? Better ability to handle nonfinancial data such as asset location Easier to apply different depreciation policies to different assets Manual processes to link to the general ledger Expanded opportunities for customized reporting SO 7 IT systems of fixed assets processes

Ethical Issues Related to Payroll and Fixed Assets Processes
Typical sources of time sheet falsifications: Exaggeration of hours worked Falsification of overtime or holiday time worked Falsification of sales in order to increase commission payouts Overstatement of job-related expenses SO 8 Ethical issues related to payroll and fixed assets processes

Ghost Employee Clues that a ghost employee may exist: Payroll register identifies paychecks without adequate tax withholdings. Personnel files contain duplicate addresses, Social Security numbers, or bank account numbers. Payroll expenses are over budget. Paychecks not claimed when paymaster distributes. Paychecks contain dual endorsements. SO 8 Ethical issues related to payroll and fixed assets processes

Fixed asset information is more likely to be manipulated by management to unethically enhance the financial statements. Often, this occurs when management misclassifies expenses as fixed asset purchases. SO 8 Ethical issues related to payroll and fixed assets processes

Quick Review Ethical Issues Related to Payroll
The term “ghost employee” means that hours worked has been exaggerated by an employee. false sales have been claimed to boost commission earned. overtime hours have been inflated. someone who does not work for the company receives a paycheck. SO 8 Ethical issues related to payroll and fixed assets processes

Corporate Governance in Payroll and Fixed Assets Processes
In addition to the need for strong management oversight, internal controls, and ethical practices, corporate managers must recognize their responsibility to be good stewards of the assets underlying the payroll and fixed assets processes. SO 9 Corporate governance in payroll and fixed assets processes

Conversion Processes and Controls Accounting Information Systems, 1st Edition

Study Objectives Basic features of conversion processes
The components of the logistics function Cost accounting reports generated by conversion processes Risks and controls in conversion processes IT systems of conversion processes Ethical issues related to conversion processes Corporate governance in conversion processes 1. On the topic, “Challenges Facing Financial Accounting,” what did the AICPA Special Committee on Financial Reporting suggest should be included in future financial statements? Non-financial Measurements (customer satisfaction indexes, backlog information, and reject rates on goods purchases). Forward-looking Information Soft Assets (a company’s know-how, market dominance, marketing setup, well-trained employees, and brand image). Timeliness (no real time financial information)

Basic Features of Conversion Processes
Conversion processes - activities related to the transformation of resources into goods or services. Resources include: Materials Labor Overhead Various other expenses necessary to run the operating facility SO 1 Basic features of conversion processes

Major activities within this process include Operational planning, Optimizing use of employees, property, and inventories, Controlling production flows, Ensuring product quality, and Preparing related cost accounting and financial accounting records. SO 1 Basic features of conversion processes

Exhibit 11-1 Conversion Processes within the Overall System SO 1 Basic features of conversion processes

Exhibit 11-2 Overview of the Conversion Processes SO 1 Basic features of conversion processes

Quick Review Manufacturing has changed in recent years as a result of each of the following factors except: globalization technological advances increased competition lack of economic prosperity SO 1 Basic features of conversion processes

Components of the Logistics Function
Logistics is the logical, systematic flow of resources throughout the organization. Three primary components: planning, resource management, and operations. SO 2 The components of the logistics function

bill of materials operations list Production orders Production schedule Exhibit 11-3 Components of the Logistics Function SO 2 The components of the logistics function

Terminology Economic Order Quantities (EOQ) Raw materials Work-in-process Finished goods Inventory status report Exhibit 11-3 Components of the Logistics Function SO 2 The components of the logistics function

Operations may be performed by : Continuous processing of homogeneous products Batch processing Custom, made-to-order processing Exhibit 11-3 Components of the Logistics Function SO 2 The components of the logistics function

Exhibit 11-5 Production Process Map See next slide for larger image. SO 2 The components of the logistics function

Exhibit 11-5 Production Process Map SO 2 The components of the logistics function

Quick Review The term conversion processes is often used synonymously with operations. production. manufacturing. all of the above. SO 2 The components of the logistics function

Quick Review Which of the following activities is not part of the planning component of the logistics function? Research and development Capital budgeting Human resource management Scheduling SO 2 The components of the logistics function

Quick Review Which of the following terms relates to the control of materials being held for future production? Routing Work-in-process Stores Warehousing SO 2 The components of the logistics function

Quick Review When additional procedures are necessary to bring a defective product up to its required specifications, this is referred to as rework. scrap. work-in-process. variance reporting. SO 2 The components of the logistics function

Quick Review A firm expects to sell 1000 units of its best-selling product in the coming year. Ordering costs for this product are $100 per order, and carrying costs are $2 per unit. Compute the optimum order size, using the EOQ model. 10 units 224 units 317 units 448 units SO 2 The components of the logistics function

Cost Accounting Reports Generated by Conversion Processes
Standard costs are expected costs based on projections of a product’s required resources. Perpetual inventory systems involve recording purchases as raw materials inventory, recording all components of work-in-process for inventories in various stages of production, and recording total cost of sales for products completed and sold. SO 3 Cost accounting reports generated by conversion processes

Cost Accounting Reports Generated by Conversion Processes
Periodic inventory systems involve updating the inventory and cost of sales accounts only at the end of the period. Variances represent the differences between actual costs and the standard costs applied. SO 3 Cost accounting reports generated by conversion processes

Risks and Controls in Conversion Processes
Common procedures within the conversion process: Authorization of transactions Initiation of production orders Issuance of materials into production Transfer finished goods to warehouse or shipping areas Segregation of duties Adequate records and documents SO 4 Risks and controls in conversion processes

Common procedures within the conversion process: Security of assets and documents Independent checks and reconciliation Physical inventory count Physical inventory reconciliation Cost-benefit considerations SO 4 Risks and controls in conversion processes

Quick Review Which of the following internal controls is typically associated with the maintenance of accurate inventory records? Performing regular comparisons of perpetual records with recent costs of inventory items Using a just-in-time system to keep inventory levels at a minimum Performing a match of the purchase request, receiving report, and purchase order before payment is approved Using physical inventory counts as a basis for adjusting the perpetual records SO 4 Risks and controls in conversion processes

Quick Review The goal of a physical inventory reconciliation is to determine the quantity of inventory sold. compare the physical count with the perpetual records. compare the physical count with the periodic records. determine the quantity of inventory in process. SO 4 Risks and controls in conversion processes

IT Systems of Conversion Processes
Computerized systems may provide the following benefits: Automatic computation of materials requirements Systematic scheduling that allows for greater flexibility and increased efficiencies Timely transfer of inventories due to the automatic notification features Validation of data entries Automatic updating of inventory status reports Automatic preparation of financial accounting entries and cost accounting reports SO 5 IT systems of conversion processes

Additional trends that enhance the conversion process: Computer-aided design (CAD) Computer-aided manufacturing (CAM) Industrial robots Materials resource planning (MRP) Manufacturing resource planning (MRP-II) Enterprise-wide resource planning (ERP) Computer-integrated manufacturing systems (CIMs) Just-in-time (JIT) production systems SO 5 IT systems of conversion processes

Match IT systems on left with their definitions on the right: CAD CAM MRP MRP-II ERP CIMs JIT A network including production equipment, computer terminals, and accounting systems b. Electronic workstation including advanced graphics and 3-D modeling of production processes Automated scheduling of manufacturing resources, including scheduling, capacity, and forecasting functions The minimization of inventory levels by the control of production so that products are produced on a tight schedule in time for their sale A single software system that includes all manufacturing and related accounting applications Automated scheduling of production orders and materials movement Production automation, including use of computers and robotics SO 5 IT systems of conversion processes

Match IT systems on left with their definitions on the right: SO 5 IT systems of conversion processes

Quick Review Which of the following is not considered a benefit of using computerized conversion systems? Automatic computation of materials requirements Increased sales and cost of sales Increased efficiency and flexibility Early error detection and increased accuracy SO 5 IT systems of conversion processes

Quick Review Which of the following represents a method of managing inventory designed to minimize a company’s investment in inventories by scheduling materials to arrive at the time they are needed for production? The economic order quantity (EOQ) Material resource planning (MRP) First-in, first-out (FIFO) Just-in-time (JIT) SO 5 IT systems of conversion processes

Quick Review For which of the following computerized conversion systems is Wal-Mart well known? CAD/CAM MRP-II CIMs JIT SO 5 IT systems of conversion processes

Ethical Issues Related to Conversion Processes
Earnings management is the act of misstating financial information in order to improve financial statement results. Absorption costing involves the inclusion of both variable and fixed costs in the determination of unit costs for ending inventories and cost of goods sold. SO 6 Ethical issues related to conversion processes

Corporate Governance in Conversion Processes
The internal controls and ethical tone and procedures within the conversion process are also part of the corporate governance structure. Establishing and maintaining reliable inventory management processes, internal controls, and ethical practices help ensure proper financial stewardship. SO 7 Corporate governance in conversion processes

Administrative Processes and Controls Accounting Information Systems, 1st Edition

Study Objectives An introduction to administrative processes
Source of capital processes Investment processes Risks and controls in capital and investment processes General ledger processes Risks and controls and risks in general ledger processes Reporting as an output of the general ledger processes Ethical issues related to administrative processes and reporting Corporate governance in administrative processes and reporting 1. On the topic, “Challenges Facing Financial Accounting,” what did the AICPA Special Committee on Financial Reporting suggest should be included in future financial statements? Non-financial Measurements (customer satisfaction indexes, backlog information, and reject rates on goods purchases). Forward-looking Information Soft Assets (a company’s know-how, market dominance, marketing setup, well-trained employees, and brand image). Timeliness (no real time financial information)

Administrative Processes
Three administrative processes described in this chapter: Source of capital processes Investment processes General ledger processes

Introduction to Administrative Processes
Administrative processes are transactions and activities that either are specifically authorized by top managers or are used by managers to perform administrative functions. First set of processes: Examples include sale of stocks or bonds, the initiation of loans, bonds or notes payable, and the investment of funds in marketable securities. Second set of processes: financial information being recorded in general ledger accounts. SO 1 An introduction to administrative processes

Exhibit 12-2 Overall View of Transactions, Processes, and Resulting Reports SO 1 An introduction to administrative processes

Quick Review Which of the following is not part of an administrative process? The sale of stock The sale of bonds The write-off of bad debts The purchase of marketable securities SO 1 An introduction to administrative processes

Sources of Capital Processes
Capital is the funds used to acquire long-term, capital assets of an organization. Source of capital processes are those processes to authorize the raising of capital, the execution of raising capital, and the proper accounting of that capital. SO 2 Source of capital processes

Exhibit 12-3 Sources of Capital Process Map SO 2 Source of capital processes

Quick Review Which of the following statements is not true regarding source of capital transactions? These processes should not be initiated unless there is specific authorization by management at a top level. Source of capital processes will result in potential dividend or interest payments. Retirement of debt is a source of capital process. The fact that these transactions and processes cannot occur without oversight by top management means other controls are not necessary. SO 2 Source of capital processes

Investment Processes Management should properly manage, or administer, the investment of excess funds. Investment processes are those processes which authorize, execute, manage, and properly account for investments of excess funds. SO 3 Investment processes

Investment Processes SO 3 Investment processes Exhibit 12-4
Investment Process Map SO 3 Investment processes

Quick Review Investment Processes
The officer within a corporation that usually has oversight responsibility for investment processes is the controller. treasurer. chief executive officer (CEO). chief accounting officer (CAO). SO 3 Investment processes

Risks and Controls in Capital and Investment Processes
For both source of capital processes and investment processes, the important control is the specific authorization and oversight by top management. Generally, the risks are not related to employee fraud, but are instead related to management fraud. SO 4 Risks and controls in capital and investment processes

Quick Review Risks and Controls
Which of the following statements is not true regarding internal controls of capital and investment processes? Internal controls aimed at preventing and detecting employee fraud in capital and investment processes are not as effective. Top management fraud, rather than employee fraud, is more likely to occur. Any fraud is likely to involve manipulating capital and investment processes. Because of top management oversight, the auditor need not review these processes.

General Ledger SO 5 General ledger processes Exhibit 12-5
Accounting Cycle Process Map SO 5 General ledger processes

General Ledger Process
Quick Review Which of the following statements is true? Routine transactions are recorded in the general journal. Nonroutine transactions are entered in the general journal. Nonroutine transactions are recorded in a subsidiary ledger. Nonroutine transactions are recorded in a special journal. SO 5 General ledger processes

General Ledger Process
Quick Review Regarding subsidiary ledgers and general ledger control accounts, which of the following is not true? Total balances in a subsidiary ledger should always equal the balance in the corresponding general ledger account. The general ledger maintains details of subaccounts. Control is enhanced by separating the subsidiary ledger from the general ledger. Reconciling a subsidiary ledger to the general ledger can help to detect errors or fraud. SO 5 General ledger processes

Risks and Controls in General Ledger Processes
Common procedures associated with the general ledger: Authorization of transactions Segregation of duties Adequate records and documents Security of the general ledger and documents Independent checks and reconciliation Cost-benefit considerations SO 6 Risks and controls and risks in general ledger processes

Quick Review Which of the following statements regarding the authorization of general ledger posting is not true? Posting to the general ledger always requires specific authorization. User IDs and passwords can serve as authorization to post transactions to the general ledger. A journal voucher serves as authorization for manual systems. As IT systems become more automated, the authorization of general ledger posting is moved to lower levels of employees. SO 6 Risks and controls and risks in general ledger processes

Quick Review In a manual system with proper segregation of duties, an employee in the general ledger department should only authorize posting to the general ledger. post transactions to the general ledger. reconcile the subsidiary ledger to the general ledger. post transactions to the subsidiary ledger. SO 6 Risks and controls and risks in general ledger processes

Reporting as an Output of the General Ledger Processes
External Reporting Four general purpose financial statements balance sheet, income statement, statement of cash flows, and statement of retained earnings are created from general ledger account balances. SO 7 Reporting as an output of the general ledger processes

Reporting as an Output of the General Ledger Processes
Internal Reporting Internal reports are usually not financial statements, but reports tailored to specific needs of each management level and function. Many factors affect the type of report provided Type of organization Function managed Time horizon SO 7 Reporting as an output of the general ledger processes

Reporting as an Output of the General Ledger
Quick Review Which of the following statements about reporting is true? External users need detailed, rather than summarized, information. All reports, internal and external, are derived only from general ledger data. All organizations need similar internal reports. Internal reports are tailored to the specific needs of each management level and function. SO 7 Reporting as an output of the general ledger processes

Reporting as an Output of the General Ledger
For each report shown, indicate in the appropriate column whether the report is likely to be for internal or external users (some reports may be both), and whether data would come exclusively from the general ledger. External Yes Both No Internal No Internal No Internal No External No Internal No SO 7 Reporting as an output of the general ledger processes

Ethical Issues Related to Administrative Processes and Reporting
Reasons that unethical and fraudulent behavior would tend to be management-initiated. First, in a properly controlled system, employees do not have access to related assets or source documents. Second, administrative processes are tightly controlled and supervised by top management. Finally, routine nature of processes such as sales, purchasing, payroll, and conversion generates a huge volume of transactions. SO 8 Ethical issues related to administrative processes and reporting

Unethical Management Behavior in Capital Sources and Investing Management should be honest in the financial statements presented, footnote disclosures, and any related disclosures. not try to mislead creditors about the financial status of the company or its ability to repay any borrowing. SO 8 Ethical issues related to administrative processes and reporting

Internal Reporting ethical Issues Top management has an ethical obligation to use financial and other reports to encourage beneficial and ethical behavior. Reports to lower level managers are usually used for two purposes. Feedback to lower level managers. Used by upper management to evaluate and reward the performance of lower level managers. SO 8 Ethical issues related to administrative processes and reporting

Quick Review Which of the following is not an area of measure in a balanced scorecard? Vendor Customer Financial Learning and growth SO 8 Ethical issues related to administrative processes and reporting

Corporate Governance in Administrative Processes and Reporting
Setting and monitoring financial goals, and establishing and maintaining reliable accounting journals and ledgers so that performance can be properly reported, are important to effective corporate governance. In addition, internal controls and ethical practices within the administrative processes help ensure proper financial stewardship of a company’s administrative resources. SO 9 Corporate governance in administrative processes and reporting

Data and Databases Accounting Information Systems, 1st Edition

Study Objectives The need for data collection and storage
Methods of storing data and the interrelationship between storage and processing The differences between batch processing and real-time processing The importance of databases and the historical progression from flat-file databases to relational databases The need for normalization of data in a relational database Data warehouse and the use of a data warehouse to analyze data The use of OLAP and data mining as analysis tools Distributed databases and advantages of the use of distributed data Controls for Data and Databases Ethical issues related to data collection and storage, and their use in IT systems 1. On the topic, “Challenges Facing Financial Accounting,” what did the AICPA Special Committee on Financial Reporting suggest should be included in future financial statements? Non-financial Measurements (customer satisfaction indexes, backlog information, and reject rates on goods purchases). Forward-looking Information Soft Assets (a company’s know-how, market dominance, marketing setup, well-trained employees, and brand image). Timeliness (no real time financial information)

The Need for Data Collection and Storage
Data are the set of facts collected from transactions, whereas information is the interpretation of data that have been processed. Main reasons to store transaction data: To complete transactions from beginning to end. To follow up with customers or vendors and to expedite future transactions. To create accounting reports and financial statements. To provide feedback to management. SO 1 The need for data collection and storage

Typical storage and processing techniques: The storage media types for data: sequential and random access Methods of processing data: batch and real time Databases and relational databases Data warehouses, data mining, and OLAP Distributed data processing and distributed databases SO 1 The need for data collection and storage

Concept Check Which of the following best describes the relationship between data and information? a. Data is interpreted information. b. Information is interpreted data. c. Data is more useful than information in decision making. d. Data and information are not related. SO 1 The need for data collection and storage

Storing and Accessing Data
Data Storage Terminology Exhibit 13-1 Data Hierarchy Character Field Record File Database SO 2 Methods of storing data and the interrelationship between storage and processing

Data Storage Media Magnetic tape Sequential access Early Days of Mainframe Computers Modern IT Systems Random Access SO 2 Methods of storing data and the interrelationship between storage and processing

Concept Check A character is to a field as a. Water is to a pool. b. A pool is to a swimmer. c. A pool is to water. d. A glass is to water. SO 2 Methods of storing data and the interrelationship between storage and processing

Concept Check Magnetic tape is a form of a. Direct access media. b. Random access media. c. Sequential access media. d. Alphabetical access media. SO 2 Methods of storing data and the interrelationship between storage and processing

Data Processing Techniques
Real-time Processing Batch Processing Exhibit 13-2 Comparison of Batch and Real-Time Processing SO 3 The differences between batch processing and real-time processing

Data Processing Techniques
Concept Check Which of the following is not an advantage of using real-time data processing? Quick response time to support timely record keeping and customer satisfaction b. Efficiency for use with large volumes of data. c. Provides for random access of data. d. Improved accuracy due to the immediate recording of transactions. SO 3 The differences between batch processing and real-time processing

Traditional File-Oriented Approach
Databases Data stored in a form that allows the data to be easily accessed, retrieved, manipulated, and stored. Exhibit 13-3 Traditional File-Oriented Approach Data redundancy Concurrency SO 4 The importance of databases and the historical progression from flat-file databases to relational databases

Databases Exhibit 13-3 Database Approach Relationships One-to-One One-to-Many Many-to-Many Database Management System (DBMS) is software that manages the database and controls the access and use of data by individual users and applications. SO 4 The importance of databases and the historical progression from flat-file databases to relational databases

The History of Databases
Flat File Database Model Exhibit 13-4 Database Table 1950s and 1960s Text format, sequential order Sequential processing Large volumes of similar transactions Single record not easily retrieved or stored SO 4 The importance of databases and the historical progression from flat-file databases to relational databases

Hierarchical Database Model Inverted tree structure Parent–child, represent one-to-many relationships Record pointer Exhibit 13-5 Linkages in a Hierarchical Database SO 4 The importance of databases and the historical progression from flat-file databases to relational databases

Network Database Model Inverted tree structure More complex relationship linkages by use of shared branches Not very popular, rarely used SO 4 The importance of databases and the historical progression from flat-file databases to relational databases

Relational Database Model Developed in 1969 Stores data in two-dimensional tables Most widely used database structure today Examples include; IBM DB2, Oracle Database, and Microsoft Access SO 4 The importance of databases and the historical progression from flat-file databases to relational databases

c. industrial espionage.
Databases Concept Check If a company stores data in separate files in its different departmental locations and is able to update all files simultaneously, it would not have problems with a. attributes. b. data redundancy. c. industrial espionage. d. concurrency. SO 4 The importance of databases and the historical progression from flat-file databases to relational databases

b. hierarchical database.
Databases Concept Check When the data contained in a database are stored in large, two-dimensional tables, the database is referred to as a a. flat file database. b. hierarchical database. c. network database. d. relational database. SO 4 The importance of databases and the historical progression from flat-file databases to relational databases

Concept Check Databases
Database management systems are categorized by the data structures they support. In which type of database management system is the data arranged in a series of tables? a. Network. b. Hierarchical. c. Relational. d. Sequential. SO 4 The importance of databases and the historical progression from flat-file databases to relational databases

The Need for Normalized Data
Relational databases consist of several small tables. Small tables can be joined in ways that represent relationships among the data. Exhibit 13-6 Relational Database in Microsoft Access Bolded field is the primary key. SO 5 The need for normalization of data in a relational database

Relational database has flexibility in retrieving data. Structured query language (SQL) has become the industry standard. Exhibit 13-7 Relational Database in Microsoft Access SELECT Customers.CustomerID, Customers.CompanyName, Orders.OrderID, Orders.ShippedDate FROM Customers INNER JOIN Orders ON Customers.CustomerID Orders.CustomerID; SO 5 The need for normalization of data in a relational database

The process of converting data into tables that meet the definition of a relational database is called data normalization. Seven rules of data normalization, additive. Most relational databases are in third normal form. First three rules of data normalization are: Eliminate repeating groups Eliminate redundant data Eliminate columns not dependent on primary key. SO 5 The need for normalization of data in a relational database

Trade-offs in Database Storage Relational database Not most efficient way to store data that will be used in other ways. Most organizations are willing to accept less transaction processing efficiency for better query opportunities. SO 5 The need for normalization of data in a relational database

Concept Check Which of the following statements is not true with regard to a relational database? a. It is flexible and useful for unplanned, ad hoc queries. b. It stores data in tables. c. It stores data in a tree formation. d. It is maintained on direct access devices. SO 5 The need for normalization of data in a relational database

Use of a Data Warehouse to Analyze Data
Management often needs data from several fiscal periods from across the whole organization. Exhibit 13-8 The Data Warehouse and Operational Databases SO 6 Data warehouse and the use of a data warehouse to analyze data

Management often needs data from several fiscal periods from across the whole organization. Build the data warehouse Identify the data Standardize the data Cleanse, or scrub, the data Upload the data SO 6 Data warehouse and the use of a data warehouse to analyze data

Concept Check A collection of several years’ nonvolatile data used to support strategic decision-making is a(n) a. operational database. b. data warehouse. c. data mine. d. what-if simulation. SO 6 Data warehouse and the use of a data warehouse to analyze data

Data Analysis Tools Data mining is the process of searching for identifiable patterns in data that can be used to predict future behavior. OLAP is a set of software tools that allow online analysis of the data within a data warehouse. Analytical methods in OLAP usually include: Drill down Consolidation Pivoting Time series analysis Exception reports What-if simulations SO 7 The use of OLAP and data mining as analysis tools

Concept Check Data Analysis Tools
Data mining would be useful in all of the following situations except a. identifying hidden patterns in customers’ buying habits. b. assessing customer reactions to new products. c. determining customers’ behavior patterns. d. determining customers’ behavior patterns. SO 7 The use of OLAP and data mining as analysis tools

Distributed Data Processing
Early days Centralized processing Centralized databases Today’s IT Environment Distributed data processing (DDP) Distributed databases (DDB) SO 8 Distributed databases and advantages of the use of distributed data

Distributing the processing and data offers the following advantages: Reduced hardware cost Improved responsiveness Easier incremental growth Increased user control and user involvement Automatic integrated backup The most popular type of distributed system is a client/server system. SO 8 Distributed databases and advantages of the use of distributed data

Concept Check A set of small databases where data are collected, processed, and stored on multiple computers within a network is a a. Centralized database. b. Distributed database. c. Flat file database. d. High-impact process. SO 8 Distributed databases and advantages of the use of distributed data

IT Controls for Data and Databases
To ensure integrity (completeness and accuracy) of data in the database, IT application controls should be used. These controls are input, processing, and output controls such as data validation, control totals and reconciliation, and reports that are analyzed by managers. SO 9 Controls for data and databases

Ethical Issues Related to Data Collection
Ethical Responsibilities of the Company Data collected and stored in databases in many instances consist of information that is private between the company and its customer. Ten privacy practices for online companies: Management Notice Choice and consent Collection Use and retention Access Disclosure to third parties Security for privacy Quality Monitoring and enforcement SO 10 Ethical issues related to data collection and storage, and their use in IT systems

Ethical Responsibilities of Employees Employees have an ethical obligation to avoid misuse of any private or personal data about customers. There are no specific IT controls that would always prevent authorized employees from disclosing private information. SO 10 Ethical issues related to data collection and storage, and their use in IT systems

Ethical Responsibilities of Customers Customers have an obligation to provide accurate and complete information. keep any known company information confidential. avoid improper use of data that they gain from accessing a database as a customer. SO 10 Ethical issues related to data collection and storage, and their use in IT systems

Concept Check Each of the following is an online privacy practice recommended by the AICPA Trust Principles Privacy Framework except: a. Redundant data should be eliminated from the database. b. Notification of privacy policies should be given to customers. Private information should not be given to third parties without the customer’s consent d. All of the above. SO 10 Ethical issues related to data collection and storage, and their use in IT systems

E-Commerce and E-Business Accounting Information Systems, 1st Edition

Study Objectives An introduction to e-commerce and e-business.
The history of the Internet. The physical structure and standards of the Internet. E-commerce and the benefits of e-commerce. The privacy expectations in e-commerce. E-business and the IT enablement. E-business enabling examples. Intranets and extranets to enable e-business. Internal controls for the Internet, intranets, and extranets. XML and XBRL as e-business tools. The ethical issues in e-business and e-commerce. 1. On the topic, “Challenges Facing Financial Accounting,” what did the AICPA Special Committee on Financial Reporting suggest should be included in future financial statements? Non-financial Measurements (customer satisfaction indexes, backlog information, and reject rates on goods purchases). Forward-looking Information Soft Assets (a company’s know-how, market dominance, marketing setup, well-trained employees, and brand image). Timeliness (no real time financial information)

Introduction to E-commerce and E-business
E-commerce - electronically enabled transactions between a business and its customers. E-business - includes not only electronic trade with customers, but also servicing customers and vendors, trading information with customers and vendors, and electronic recording and control of internal processes. SO 1 An introduction to e-commerce and e-business.

Exhibit 14-1 E-business and E-commerce The most common method of conducting e-commerce and e-business is to use the Internet to electronically exchange data. SO 1 An introduction to e-commerce and e-business.

Quick Review Which of the following statements is true? a. E-business is a subset of e-commerce. b. E-commerce is a subset of e-business. c. E-business and e-commerce are exactly the same thing. d. E-business and e-commerce are not elated. SO 1 An introduction to e-commerce and e-business.

The History of the Internet
In 1965, a computer at MIT (Massachusetts) was connected to a computer in California, using dial-up telephone lines. In 1969, computers at four major universities were connected via leased telephone lines. Grew into a network called ARPANET. Purpose was to share military research data among UCLA, UC Santa Barbara (UCSB), Stanford, and the University of Utah. Over time, many other universities, NASA, and the Rand Corporation were connected to this network. SO 2 The history of the Internet.

Two technologies developed for ARPANET: Packet switching Router was adapted to ARPANET in 1972. BBN Technologies, developed the use of symbol in address. developed a communication protocol to use in ARPANET. in the 1970s, helped develop the TCP/IP protocol. SO 2 The history of the Internet.

In 1986, the National Science Foundation (NSF) began to develop a backbone set of servers, gateways, and networks that eventually became the Internet. Internet serves as backbone for World Wide Web. In 1992, commercial enterprises began offering Internet access to subscribers. In 1993, first graphical user interface (GUI) browser was developed. In 1995, the NSF relinquished control of the Internet. Since that time, all Internet traffic has been routed through commercial networks. SO 2 The history of the Internet.

Exhibit 14-2 Chart of the Number of Web Servers

Quick Review An electronic hardware device that is located at the gateway between two or more networks is a a. packet switch. b. URL. c. router. d. protocol. SO 2 The history of the Internet.

The Physical Structure and Standards of the Internet
The Network Types of organizations that make up the Internet. Exhibit 14-3 Architecture of the Internet SO 3 The physical structure and standards of the Internet.

The Network The Internet comprises, backbone providers, network access points, regional ISPs, local ISPs, and Internet subscribers. SO 3 The physical structure and standards of the Internet.

The Network The Internet comprises, backbone providers, network access points, regional ISPs, local ISPs, and Internet subscribers. dial-up modems, digital subscriber lines (DSL), or cable TV lines. SO 3 The physical structure and standards of the Internet.

Exhibit 14-4 A Simple Web Page and the HTML Source Code. The Common Standards of the Internet HTML - language to present data on websites. SO 3 The physical structure and standards of the Internet.

Exhibit 14-4 A Simple Web Page and the HTML Source Code. The Common Standards of the Internet SO 3 The physical structure and standards of the Internet.

Exhibit 14-4 A Simple Web Page and the HTML Source Code. The Common Standards of the Internet URL - uniform resource locater address. Domain Name - Common suffix portions of domain names: .com - commercial .edu - educational .org - nonprofit .gov - governmental .mil - military .net - network URL system actually uses IP addresses. SO 3 The physical structure and standards of the Internet.

Quick Review The type of organization that serves as the main trunk line of the Internet is called a a. local ISP. b. regional ISP. c. global ISP. d. backbone provider. SO 3 The physical structure and standards of the Internet.

E-Commerce and its Benefits
Benefits of E-commerce for the Customer Access to broader market for goods and services. More convenient times for shopping. More choices to the customer. Lower prices. Exchange information with businesses before, during, and after the purchase. Quicker delivery of the product. Receive targeted marketing from businesses. SO 4 E-commerce and the benefits of e-commerce.

Disadvantages of E-commerce for Customer Opportunity for fraud. Theft of assets. Theft of data. Inability to handle or try out the product. SO 4 E-commerce and the benefits of e-commerce.

Benefits of E-commerce for the Business Access to broader market. Reduced marketing costs. Potential for much richer marketing concepts. Quickly react to changes in market conditions. Likely to experience reduced order-processing and distribution costs. Customer convenience likely to result in higher sales. Higher sales with reduced marketing, order processing, and distribution costs can lead to higher profits. SO 4 E-commerce and the benefits of e-commerce.

Disadvantages of E-commerce for Business IT system usually more complex and costly. World Wide Web opens a business to: chances for fraud, hackers, and compromised customer privacy. SO 4 E-commerce and the benefits of e-commerce.

E-Commerce and Traditional Commerce Brick and mortar. Etailers. Clicks and mortar (bricks and clicks). SO 4 E-commerce and the benefits of e-commerce.

Quick Review Which of the following is not a direct advantage for the consumer from e-commerce? a. Access to a broader market. b. More shopping convenience. c. Reduced order-processing cost. d. Information sharing from the company. SO 4 E-commerce and the benefits of e-commerce.

Quick Review Each of the following represents an application of B2C commerce except a. software sales. b. electronic retailing. c. data exchanges. d. stock trading. SO 4 E-commerce and the benefits of e-commerce.

Privacy Expectations of Business in E-commerce
Personal information to be protected: Name. Address. Social Security number or other ID number. Employment history. Personal or family health conditions. Personal or family financial information. History of purchases or other transactions. Credit records. SO 5 The privacy expectations in e-commerce.

Ten privacy practices to ensure adequate customer confidence regarding privacy of information: Management. Notice. Choice and consent. Collection. Use and retention. Access. Onward transfer and disclosure. Security. Quality. Management and enforcement. SO 5 The privacy expectations in e-commerce.

Quick Review Before forwarding customer data, an organization should receive explicit or implicit consent of the customer. This describes which of the AICPA Trust Services Principles online privacy practices? a. Consent. b. Use and retention. c. Access. d. Onward transfer and disclosure. SO 5 The privacy expectations in e-commerce.

E-Business and IT Enablement
The supply chain is the set of linked processes that take place from the, acquisition and delivery of raw materials, through the manufacturing, distribution, wholesale, and delivery of the product to the customer. SO 6 E-business and the IT enablement.

Exhibit 14-6 E-commerce B2C vs. E-Business B2B4 B2B—A Part of E-Business SO 6 E-business and the IT enablement.

Quick Review Which of the following processes within a supply chain can benefit from IT enablement? a. All processes throughout the supply chain. b. Only internal processes within the supply chain. c. Only external processes within the supply chain. d. Exchange processes between a company and its suppliers. SO 6 E-business and the IT enablement.

E-Business Enablement Examples SO 7 E-business enabling examples.

Intranets and Extranets to Enable E-Business
Exhibit 14-7 Internet, Extranet, and Intranet Three levels of network platforms SO 8 Intranets and extranets to enable e-business.

Intranets and Extranets to Enable E-Business
Quick Review Intranets are used for each of the following except a. communication and collaboration. b. business operations and managerial monitoring. c. web publishing. d. customer self-service. SO 8 Intranets and extranets to enable e-business.

Internal Controls for the Internet, Intranets and Extranets
Exhibit 14-8 Controls to Limit Access to Intranets and Extranets SO 9 Internal controls for the Internet, intranets, and extranets.

Internal Controls for the Internet, Intranets and Extranets
Quick Review Which of the following IT controls would not be important in an extranet? a. Encryption. b. Password. c. Antivirus software. d. Penetration testing. e. All of the above are important IT controls. SO 9 Internal controls for the Internet, intranets, and extranets.

XML and XBRL as Tools to Enable E-Business
Two languages as tools to enable e-business: XML (eXtensible Markup Language) XBRL (eXtensible Business Reporting Language) XML In Internet EDI Internet EDI is alternative to traditional EDI. Uses the Internet to transmit business information between companies. XML allows data exchange over Internet in a rich format. SO 10 XML and XBRL as e-business tools.

Traditional EDI and VAN versus Internet EDI Exhibit 14-9 SO 10 XML and XBRL as e-business tools.

XBRL for Financial Statement Reporting Major advantages: Easily used in several formats. Printed in paper format. Displayed as an HTML web page. Sent electronically to the SEC. Transmitted to banks or regulatory agencies. Computer program can extract pieces of information from the XBRL file. SO 10 XML and XBRL as e-business tools.

Quick Review An extensible markup language designed specifically for financial reporting is a. Internet EDI. b. XML. c. XBRL. d. XFRL. SO 10 XML and XBRL as e-business tools.

Ethical Considerations
Online privacy policies of the AICPA Trust services Principles represent ethical obligations to customers. Ethical obligations would dictate that companies take adequate care to guard the security and privacy of data collected through e-commerce. SO 11 The ethical issues in e-business and e-commerce.

IT Infrastructure for E-Business Accounting Information Systems, 1st Edition

Study Objectives The overview of an ERP system
The history of ERP systems Current ERP system characteristics The modules of an ERP system The market segments of ERP software systems Implementation issues of ERP systems The benefits and risks of ERP systems ERP systems and the Sarbanes–Oxley Act of 2002 1. On the topic, “Challenges Facing Financial Accounting,” what did the AICPA Special Committee on Financial Reporting suggest should be included in future financial statements? Non-financial Measurements (customer satisfaction indexes, backlog information, and reject rates on goods purchases). Forward-looking Information Soft Assets (a company’s know-how, market dominance, marketing setup, well-trained employees, and brand image). Timeliness (no real time financial information)

Enterprise Resource Planning (ERP) system integrates all business processes and functions into a single software system, using a single database. ERP system components: Financials Human resources Procurement and logistics Product development and manufacturing Sales and services Analytics Data in a(n) Operational database Data warehouse SO 1 The overview of an ERP system

Exhibit 15-1 An ERP System SO 1 The overview of an ERP system

Concept Check Manufacturing companies implement ERP systems for the primary purpose of a. Increasing productivity. b. Reducing inventory quantities. c. Sharing information. d. Reducing investments. SO 1 The overview of an ERP system

History of ERP Systems ERP systems:
Developed during the 1960s and 1970s. First generation was materials requirements planning (MRP) software. MRP evolved into manufacturing resource planning (MRP II). ERP software did not become popular with large corporations until the 1990s. SO 2 The history of ERP systems

Concept Check History of ERP Systems
In the late 1990s, the Y2K compatibility issue was concerned primarily with computer systems’ a. File retrieval capability. b. Data storage. c. Human resource comparisons. d. Capital budgeting. SO 2 The history of ERP systems

Current ERP System Characteristics
EDI, Internet EDI, or extranets are used to connect a company’s ERP system to the IT systems of its suppliers and customers. Exhibit 15-2 An ERP II System SO 3 Current ERP system characteristics

ERP spending in 2005 was up 16% over Some reasons for the increase are: Need to improve customer service through standardizing and combining business processes. Global companies may have separate ERP systems in different countries. Aging ERP systems. Bigger IT budgets in 2005. Many companies needed upgraded systems to comply with Sarbanes–Oxley Act. SO 3 Current ERP system characteristics

Exhibit 15-3 Pie Chart of ERP Implementations SO 3 Current ERP system characteristics

Concept Check Which of the following is not one of the reasons for increased spending on ERP systems in recent years? a. The need for Sarbanes-Oxley compliance. b. Globalization and increased competitive pressures. c. The need for earnings management. d. The need for customer service enhancements. SO 3 Current ERP system characteristics

SAP® View of ERP Modules
The top-selling ERP system for large corporations and organizations is SAP. Exhibit 15-4 SAP® View of ERP Modules SO 4 Current ERP system characteristics

ERP Modules BE 36: Match the ERP modules with their purpose of the related processes. a. Taking customer orders and preparing for the impending revenue and cash collection. SO 4 Current ERP system characteristics

ERP Modules BE 36: Match the ERP modules with their purpose of the related processes. Maintenance of the general ledger and supporting journals and subledgers. SO 4 Current ERP system characteristics

Keeping track of purchasing and movement of goods and materials.
ERP Modules BE 36: Match the ERP modules with their purpose of the related processes. Keeping track of purchasing and movement of goods and materials. SO 4 Current ERP system characteristics

Accounting for personnel and payroll activities.
ERP Modules BE 36: Match the ERP modules with their purpose of the related processes. Accounting for personnel and payroll activities. SO 4 Current ERP system characteristics

ERP Modules BE 36: Match the ERP modules with their purpose of the related processes. Data mining and other processes for obtaining feedback and supporting managerial decision making. SO 4 Current ERP system characteristics

Planning and scheduling of conversion activities.
ERP Modules BE 36: Match the ERP modules with their purpose of the related processes. Planning and scheduling of conversion activities. SO 4 Current ERP system characteristics

Market Segments of ERP Systems
Tier One Software Usually implemented in very large organizations. Minimum cost to purchase is approximately $350, Often, the cost exceeds $1 million. Three most popular ERP systems in tier one are SAP, Oracle, and Peoplesoft. SO 5 The market segments of ERP software systems

Tier Two Software Intended for organizations with approximately $25 to $250 million in sales. Popular ERP systems are Axapta, Epicor, MAS 500 ERP, Great Plains ERP, and Macola ERP. Price range between $30,000 and $100,000. SO 5 The market segments of ERP software systems

Concept Check The type of ERP system used by large, multinational corporations is known as a. Big bang implementation. b. Modular implementation. c. Tier one software. d. Tier two software. SO 5 The market segments of ERP software systems

Implementation of ERP Systems
Important factors and issues to considers when implementing an ERP system. Hiring a consulting firm The best fit ERP system Which modules to implement Best of breed, verses ERP modules Business process reengineering Customization of ERP system Costs of hardware and software Testing the ERP system Data conversion Training of employees Method of conversion, or “go live” Big Bang Location-Wise Modular SO 6 Implementation issues of ERP systems

Implementation of ERP Systems
Concept Check Which of the following ERP approaches accomplishes the ERP implementation beginning with one department? a. The pilot method. b. The modular implementation approach. c. The big bang approach. d. The location-wise implementation method. SO 6 Implementation issues of ERP systems

Benefits and Risks of ERP Systems
Benefits of ERP Systems Interactive nature of the modules. Real-time nature of processing. “Best Practices” nature of the processes. Single database enhances sharing of information. Capability to analyze large amounts of data. Capability to enhance e-commerce and e-business Capability to interact in real-time. ERP systems are scalable. SO 7 The benefits and risks of ERP systems

Benefits and Risks of ERP Systems
Implementation Risks Operation Risks Security Availability Processing integrity Online privacy Confidentiality SO 7 The benefits and risks of ERP systems

ERP Systems and the Sarbanes-Oxley Act
Provide feedback information to management regarding internal control. Tracking each employee’s ID and password, Used to properly segregate duties. Can incorporate a matrix of tasks that are incompatible. Allows real-time monitoring and reporting of exceptions. SO 8 ERP systems and the Sarbanes–Oxley Act of 2002

Accounting Information Systems, 1st Edition

Similar presentations

Presentation on theme: "Accounting Information Systems, 1st Edition"— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

Accounting Information Systems, 1st Edition

Similar presentations

Presentation on theme: "Accounting Information Systems, 1st Edition"— Presentation transcript:

Similar presentations

About project

Feedback