Presentation is loading. Please wait.

Presentation is loading. Please wait.

Accounting Information Systems 8e

Published byBenjamin Sherman Modified over 8 years ago

Similar presentations

Presentation on theme: "Accounting Information Systems 8e"— Presentation transcript:

1 Accounting Information Systems 8e
Chapter 9 Controlling Information Systems: Business Process and Application Controls Accounting Information Systems 8e Ulric J. Gelinas and Richard Dull © 2010 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use

2 Learning Objectives Complete the steps in the control framework and prepare a control matrix. Write explanations that describe how the business process and application controls introduced in this chapter accomplish control goals. Describe the importance of business process and application controls to organizations with enterprise systems and those engaging in e-business. 2

3 The Control Matrix The control matrix is a tool designed to assist in analyzing the effectiveness of controls (PCAOB Auditing Standard Number 5 – “Effectiveness of Control Design”). Establishes the criteria to be used in evaluating the controls in a particular business process.

4 Lenox Control Matrix

5 Control Matrix Explanations

6 Lenox Company Annotated Systems Flowchart

7 Steps in Preparing a Control Matrix
STEP I: Specify control goals. Identify the Operations Process Goals Effectiveness goals Efficiency goals Security goals Identify Information Process Goals Input Goals Update Goals

8 Operations Process Goals: Effectiveness Goals
Ensure the successful accomplishment of the goals set forth for the business process. Different processes have different effectiveness goals. For Lenox’s cash receipts process two examples are: A: Timely deposit of checks. B : Comply with compensating balance agreements with the depository bank. Other possible goals of a cash receipts would be shown as goals C, D, etc. and described at the bottom of the matrix (in the matrix legend). With respect to other business processes, such as production, possible effectiveness goals are : A: Maintain customer satisfaction by finishing orders on time. B: Increase market share by ensuring the highest quality of goods.

9 Operations Process Goals: Efficiency Goals
Ensure that all resources used throughout the business process are being employed in the most productive manner. For Lenox’s cash receipts process, and for all accounting information systems, people and computers should always be included in the efficiency assessment. For other business processes, such as receiving goods and supplies, efficiency goals include the productive use of equipment.

10 Operations Process Goals: Security Goals
Ensure that entity resources are protected from loss, destruction, disclosure, copying, sale, or other misuse. Two resources of the cash receipts process over which security must be ensured are cash and information (accounts receivable master data). With any business process, information that is added, changed, or deleted as a result of executing the process, and assets that are brought into or taken out of the organization as a result of the process are a concern. Note that the security over hard assets used to execute business processes, such as computer equipment, trucks, trailers, and loading docks, is handled through pervasive controls (discussed in Chapter 7).

11 Information Process Goals: Input Goals
With respect to all business process data entering the system, ensure: input validity (IV) input completeness (IC) input accuracy (IA) With the cash receipts process, concern is with IV, IC and IA over cash receipts. Lenox uses remittance advices (RA). Notice that the input data of concern is specifically named. With respect to other business processes, such as hiring employees, concern would be with other inputs, such as employee, payroll, and benefit plan data.

12 Information Process Goals: Update Goals
Update goals must consider all related information that will be affected by the input data, including master file and ledger data. Ensure: Update completeness (UC) Update accuracy (UA) With the cash receipts information process, accounts receivable data will be updated by cash receipts. Cash is debited and customer account is credited. Accounts receivable master data is listed in the control matrix. Other business processes, such as cash payments, would involve different update concerns, such as vendor, payroll, or accounts payable master data.

13 Steps in Preparing the Control Matrix
STEP II: Identify recommend Control Plans Annotate “Present” Control Plans Evaluate “Present” Control Plans Identify and Evaluate “Missing” Control Plans

14 Annotate Present Control Plans
Start in the upper left-hand column of the systems flowchart . Identify the first manual keying symbol, manual process symbol, or computer process symbol (process related symbols). Follow the sequential logic of the systems flowchart and identify all of the process-related symbols. Each process-related symbol reflects an internal control plan which is already present. Recognize that the current control plan may not be working as effectively as it should. Recommendations may be needed to strengthen or augment existing control plans.

15 Annotate the Systems Flowchart
Review the flowchart and determine whether a control is present (P-) or missing (M-) Annotate the flowchart If controls are present, mark P- If controls are absent, mark M-

16 Annotating Present Control Plans
Review the Lenox systems flowchart (Figure 9.2). The first process-related symbol is entitled “Endorse checks.” Because this process appears on the flowchart, this control plan already exists, meaning, it is present as opposed to missing. Accordingly, place a P- beside the process, indicating that is it present, and a 1 beside the P- reflecting the first present control plan on the flowchart. As a result, the systems flowchart should be annotated with a P-1.

17 Annotating Present Control Plans
Continue reviewing the systems flowchart by following its sequential logic, annotating the flowchart with P-2, P-3, and so on until all present control plans have been accounted for.

18 Evaluate “Present” Control Plans
Write numbers (P-1, P-2, P-3 through P-n) and name of each control plan in the left-hand column of the control matrix. Start with P-1. Look across the row and determine which control goals the plan addresses. Place a P-1 in each cell of the matrix for which P-1 is applicable. It is possible that a given control plan can attend to more than one control goal. Continue this procedure for each of the present control plans. Simultaneously, in the legend of the matrix, describe how the control plan addresses each noted control goal.

19 Identify and Evaluate “Missing” Control Plans
Determine if additional controls are needed to address missing control goal areas, strengthen present control plans, or both. Look at the control matrix and see if there are any control goals (operations or information) for which no present control plan is addressing. If so, take the steps on the following slide.

20 Identify and Evaluate Missing” Control Plans
In the left-hand column of the matrix, number the first missing control plan as M-1 and label or title the plan. Place M-1 in each cell in the matrix row for which the missing control is designed. In the matrix legend, explain how the missing control will address each noted control goal. Annotate M-1 on the systems flowchart where the control should be inserted. If there are other control goals which no plan has addressed, develop plan M-2 and repeat the steps. Continue until each control goal on the matrix is addressed by at least one control plan. Two missing control plans have been identified for Lenox. More might exist.

21 Evaluate the Systems Flowchart
Look for areas where further controls are needed. Control plans might need to be added or existing plans might need to be strengthened to reduce residual risk to an acceptable level. Training and experience are required to identify these risks and weaknesses. Chapters 10 through 16 discuss how to make critical internal control assessments.

22 Sample Control Plans for Data Input
Manual and automated data entry Data entry with batches of input data

23 Systems flowchart: Manual And Automated Data Entry

24 Control Matrix for Automated and Manual Entry

25 Available Control Plans for Data Input
P-1: Document design P-2: Written approvals P-3: Preformatted screens P-4: Online prompting P-5: Populate input screen with master data P-6: Compare input data with master data

26 Available Control Plans for Data Input (Cont’d.)
P-7: Procedures for rejected Inputs P-8: Programmed edit checks P-9: Confirm input acceptance P-10: Automated data entry P-11: Enter data close to the originating source P-12: Digital signatures

27 Data Entry with Batches
Data entry with batches involves collecting inputs into work units called batches; batched inputs are then keyed into system as a group. Implies some delay between the economic event and its reflection in the system. Allows for controls focusing on the batch, e.g., batch control totals (hash or other totals from batch). Batch entry is often followed by an exception and summary report.

28 Batch Control Plans To be effective, batch control plans should ensure that: All documents are included in the batch. All batches are submitted for processing. All batches are accepted by the computer. All differences are disclosed, investigated and corrected on a timely basis. Batch control procedures start by grouping event data and calculating totals for the group. Several different types of batch control totals can be calculated as shown on the next two slides.

29 Batch Control Plans Document/record counts
Simple count of the number of documents entered in a batch. Minimum level required to control input completeness. Because a document could be intentionally replaced, this control is not effective for ensuring input validity. Input accuracy is not addressed. Item or line counts Counts number of items or lines entered, such as a count of the number of invoices being paid by all customer remittances. Improves input validity, completeness, and accuracy by reducing the possibility that line items or entire documents could be added to the batch or not be input. A missing event record is a completeness error and a data set missing from an event record is an accuracy error.

30 Batch Control Plans Dollar totals
Sum of dollar value of items in batch. By reducing the possibility that entire documents could be added to or lost from the batch or that dollar amounts were incorrectly input, this control improves input validity, completeness, and accuracy. Hash totals Summation of any numeric data existing for all documents in the batch, such as a total of customer numbers or invoice numbers in the case of remittance advices. Hash totals are a powerful control, as they can determine if inputs have been altered, added, or deleted. Batch hash totals are, for a batch, similar to document/record hash totals for individual inputs.

31 System Flowchart: Data Entry with Batches

32 Control Matrix for Data Entry with Batches

33 Data Entry with Batches Control Plans
Present Controls P-1: Turnaround documents P-2: Manually reconcile batch totals P-3: Agree run-to-run totals (reconcile input and output batch totals) P-4: Review tickler file (file of pending shipments) P-5: One-for-one checking (compare picking tickets and packing slips) Missing Controls M-1: Sequence check M-2: Computer agreement of batch totals

34 Computer Agreement of Batch Totals

35 Public Key Cryptography and Digital Signatures

Download ppt "Accounting Information Systems 8e"

Similar presentations

Accounting Information Systems 8e

Accounting Information Systems 8e
Chapter 14 The Human Resources (HR) Management and Payroll Processes

Chapter 14 The Human Resources (HR) Management and Payroll Processes
Analyzing and Recording Transactions Last Revised: 3/1/2011

Analyzing and Recording Transactions Last Revised: 3/1/2011
Chapter 7 Customer Order and Account Management Business Processes

Chapter 7 Customer Order and Account Management Business Processes
Overview of Transaction Processing and Enterprise Resource Planning Systems Chapter 2.

Overview of Transaction Processing and Enterprise Resource Planning Systems Chapter 2.
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Documenting Information Systems

Documenting Information Systems
Chapter 4 – Documenting Information Systems

Chapter 4 – Documenting Information Systems
Chapter 13 The Accounts Payable/ Cash Disbursement (AP/CD) Process

Chapter 13 The Accounts Payable/ Cash Disbursement (AP/CD) Process
Chapter 10: Auditing the Expenditure Cycle

Chapter 10: Auditing the Expenditure Cycle
P-1: Enter cash receipts close to originating source Ensure effectiveness of operations: As reflected by the entries in goal columns A and B under process.

P-1: Enter cash receipts close to originating source Ensure effectiveness of operations: As reflected by the entries in goal columns A and B under process.
PowerPoint Presentation by Charlie Cook Copyright © 2004 South-Western. All rights reserved. Chapter 11 The “Order-to-Cash” Process: Part II, Revenue Collection.

PowerPoint Presentation by Charlie Cook Copyright © 2004 South-Western. All rights reserved. Chapter 11 The “Order-to-Cash” Process: Part II, Revenue Collection.
Chapter 12 The Purchasing Process

Chapter 12 The Purchasing Process
Chapter 12 The Revenue Cycle: Sales to Cash Collections Copyright © 2012 Pearson Education 12-1.

Chapter 12 The Revenue Cycle: Sales to Cash Collections Copyright © 2012 Pearson Education 12-1.
Chapter 11 THE REVENUE CYCLE. Introduction Revenue cycle: 1. Respond to customer inquiries 2. Develop agreements with customers to provide goods and services.

Chapter 11 THE REVENUE CYCLE. Introduction Revenue cycle: 1. Respond to customer inquiries 2. Develop agreements with customers to provide goods and services.
Principles of Information Systems, Seventh Edition2 An organization’s TPS must support the routine, day-to- day activities that occur in the normal course.

Principles of Information Systems, Seventh Edition2 An organization’s TPS must support the routine, day-to- day activities that occur in the normal course.
PowerPoint Presentation by Charlie Cook Copyright © 2004 South-Western. All rights reserved. Chapter 9 Controlling Information Systems: Process Controls.

PowerPoint Presentation by Charlie Cook Copyright © 2004 South-Western. All rights reserved. Chapter 9 Controlling Information Systems: Process Controls.
Copyright © 2015 Pearson Education, Inc. Systems Documentation Techniques Chapter 3 3-1.

Copyright © 2015 Pearson Education, Inc. Systems Documentation Techniques Chapter
Systems Documentation Techniques

Systems Documentation Techniques
Chapter Lead Black Slide © 2001 Business & Information Systems 2/e.

Chapter Lead Black Slide © 2001 Business & Information Systems 2/e.

Similar presentations

Ads by Google