Accounting Information Systems Essential Concepts and Applications Fourth Edition PDF

Accounting Information Systems:
Essential Concepts and Applications

Fourth Edition by Wilkinson, Cerullo,
Raval, and Wong-On-Wing
Chapter 1: The Study of

Accounting Information
Systems
Slides Authored by Somnath Bhattacharya, Ph.D.

Florida Atlantic University
What Is Accounting?
 It is the principal way of organizing and reporting

financial information. It has been called the
“language of business.”
 Accounting and information systems comprise
the functional area of business responsible for
providing information to the other areas to
enable them to do their jobs and for reporting the
results to interested parties.
 To that end, an accounting system is used to
identify, analyze, measure, record, summarize,
and communicate relevant economic information
to interested parties.
What Is a System?
 A System is an entity consisting of interacting

parts that are coordinated to achieve one or more
common objectives. Systems must possess
Organization:
Transactions-Journals-Ledgers-Financial Statements
Interrelationships:
The relationship between Subsidiary ledgers and the
General Ledger
Integration:
Individual transactions to Financial Statements
Central Objectives:
Financial Reports, Budgets, Management Reports
Data Versus Information
Data are raw facts and figures

that are processed to produce
information
Information is data that have
been processed and are
meaningful and useful to users.
The terms “meaningful” and
“useful” are value-laden terms and
usually subsume other qualities
such as timeliness, relevance,
reliability, consistency,
comparability, etc.
Functional Steps in Transforming
Data into Information
Data collection - capturing, recording,
validating and editing data for
completeness and accuracy
Data Maintenance/Processing -
classifying, sorting, calculating data
Data Management - storing, maintaining
and retrieving data
Data Control - safeguarding and securing
data and ensuring the accuracy and
completeness of the same
Information Generation - interpreting,
reporting, and communicating information
What Is an Information
System?
An Information system is a framework in which

data is collected, processed, controlled and managed
through stages in order to provide information to
users
It evolves over time and becomes more formalized as
a firm grows and becomes more complex. It can be
a manual or computerized system
Firms depend on information systems in order to
survive and stay competitive
The Universal Data Processing
Model
Storage
Processing
Consumers
Exchange Events
Internal Events
Environmental Events
}
Accounting Information
System
An Accounting Information

System is a unified structure that
employs physical resources and
components to transform economic
data into accounting information
for external and internal users.
Objectives and Users of AIS
Support day-to-day operations

Transaction processing
Support Internal Decision-Making
Trend Analyses
Quantitative & Qualitative Data
Non-transactional sources
Help fulfill Stewardship Role
Resources Required for an AIS
Processor(s): Manual or Computerized

Data Base(s): Data Repositories
Procedures: Manual or
Computerized
Input/Output Devices
Miscellaneous Resources
AIS as an MIS Subsystem
Sales/ Production
Marketing Info
AIS
Personnel Finance
Relationship of AIS & MIS
MIS
Finance Sales/Marketing Production AIS Personnel
Order entry/Sales
Billing/A.Rec./Cash receipts
Purchasing/A. Pay./Cash disb.
Inventory
Payroll
General ledger
Production
Reasons for Studying
Accounting Information Systems
Career accountants will be users, auditors, and

developers of AIS
Modern-day AIS are complex because of new
technologies
Concepts studied in AIS are integrated into
every other accounting course
Information-Oriented
Professionals
An array of professionally trained persons
from different fields of study have focused on
providing information to users
These professionals include system and
managerial accountants and auditors,
system analysts and industrial engineers
Professional certifications are increasing.
These include Certified Computing
Professional, Certified Information
Systems Auditor, Certified Managerial
Accountant, Certified Fraud Examiner,
etc.
Roles of Accountants With
Respect to an AIS
Financial accountants
prepare financial information
for external decision-making
in accordance with GAAP
Managerial accountants
prepare financial information
for internal decision-making
Roles of Accountants With
Respect to an AIS
Auditors - evaluate controls
and attest to the fairness of
the financial statements.
Accounting managers -
control all accounting
activities of a firm.
Tax specialists - develop
information that reflects tax
obligations of the firm.
Consultants - devise
specifications for the AIS.
Ethical Standards for
Consulting
Professional competence
Exercise due professional care
Plan and supervise all work
Obtain relevant data to support reasonable
recommendations
Maintain integrity and objectivity
Understand and respect the responsibilities
of all parties
Disclose any conflicts of interest
Copyright © 2000 John Wiley & Sons, Inc. All rights reserved.
Reproduction or translation of this work beyond that permitted in
Section 117 of the 1976 United States Copyright Act without the express
written permission of the copyright owner is unlawful. Request for
further information should be addressed to the Permissions Department,
John Wiley & Sons, Inc. The purchaser may make back-up copies for
his/her own use only and not for distribution or resale. The publisher
assumes no responsibility for errors, omissions, or damages, caused by
the use of these programs or from the use of the information contained
herein.
Chapter 2: The Business

Environment and the AIS

The Business Firm as a System
Organization Organization’s
Environment functions
of the Firm Information
Business System AIS Transaction
Firm Cycles
Operational
Business Events
System
from Operations
Figure 2-1
System Characteristics of
Business Firms
Objectives
Environment
Constraints
Input-Process-Output
Feedback
Controls
Subsystems
Examples of AIS Subsystems
(Merchandising)
Order entry Purchasing/
Sales A. Payable/
System Cash Disb.
Inventory
Shipping
System
System
Receiving
Revenue Expenditure
Cycle Cycle
General
Ledger Human
Billing/ Resource
A. Receivable System Management
Cash Receipts Ext/Fin. reporting (Payroll)
System Tax & req. reporting System
Internal reporting
No Planning/Control, Investment, or Production Cycles reflected here
Examples of AIS
Subsystems: Service Firm Revenue
Billing/
Human resource
A.Receivables Management
Cash Receipts System
System (payroll)
Service firm Revenue Cycle
General
Ledger
System
No Purchasing, Production, Planning/Control, Investment Cycles

reflected here
Examples of AIS
Subsystems: Production Cycle
Purchasing/
Inventory A. Payable/
System Production
Cash Disb.
System System
Production Cycle
Human
General Resource
Ledger Management
System (Payroll
System
No Revenue, and Investment Cycles reflected here

Organizational Structure in
Business Firms
Hierarchical
Matrix: Blend functional and project-

oriented structures
Decentralized
Network
A Networked
Organizational Structure
Consultant Marketing
Training Consulting
Services
Consultant Operation
Recruitment Management
Customer Customer
Project Services
Team Management
Figure 2-5
The Operational System of
a Manufacturing Firm
Facilities Manufacturing Firm
Labor Supporting
(human Operations
services)
Material Producing Storing Shipping Goods
Acquiring
from Finished Finished Finished to
Materials Goods Goods Goods Customer
Supplier
Data Information
AIS
Funds Data and information flow Funds

Physical flows
Figure 2-7
Useful Data Elements
Concerning a Business Event
The nature of the element and when it

occurred
Which “agents” were involved
What kinds of resources were involved
and in what quantities
Where the event took place
Data Management:
Some Specifics
Field 1 Field 2 Field 3
File
{
Field 1 Field 2 Field 3 Records

Some More Specifics
 The manual activity of journalizing transactions is
equivalent to the computerized recording of
transactions in a transaction file
 In general, manual accounting journals are
equivalent to computerized transaction files
 Similarly, manual general ledger and subsidiary
ledgers are equivalent to computerized Master
files. e.g., There is typically 1 record in the
general ledger for each account in an entity’s
chart of accounts
 Examples of Master files include:
 Accounts Receivable Master File
 Accounts Payable Master File
 Inventory Master File
Basic Rules of Flowcharting - I
 1) The flow begins at the upper left-hand corner
of the sheet and generally moves from left to
right and from top to bottom
 2) All steps are clearly presented in a sequence,
or a series of sequences. No obvious gaps in the
procedure should be present
 3) Symbols are used consistently throughout.
Thus the symbol for manual processing (an
inverted trapezoid) should appear each time a
clerk performs a step in the procedure
 Examples: What is what?
Figure 2-9
Basic Rules of Flowcharting - II
 4) The dispositions of all documents and reports are
shown. In fact, the final “resting place” of every copy
of every of every prepared document should be
specified. Typical dispositions include placing
documents in files, sending documents to outside
parties such as customers, forwarding documents to
connecting procedures (such as a general ledger
procedure), and distributing reports to managers. If
the disposition consists of destroying a document,
this action may be represented in the manner shown
below:
From prior
processing Source Document Destroy
Figure 2-9 - continued

Basic Rules of Flowcharting - III
 5) The “sandwich” rule is consistently applied.

This rule states that a processing symbol should
be sandwiched between an input symbol and an
output symbol, in the manner shown below:
Input Output
Manual
document document
Process

Basic Rules of Flowcharting - IV
 6) When a document crosses an organizational
line within the flowchart, the document is
pictured again in the new organizational unit.
However, the repetition is not usually necessary
in some instances if the organizational units are
adjacent
 7) All symbols contain a brief but specific label
written inside the symbols
 8) Multiple copies of documents are drawn as an
overlapping group and are numbered in the upper
right-hand corners; these numbers remain the
copies during their flows through the procedure
Basic Rules of Flowcharting - V
 9) Added comments are included within
annotation symbols and are attached to
appropriate symbols, such as the processing
symbols to which the comments are related
 10) Ample connections (cross-references) are
provided. The symbols used in forming the
connections depend on the situation. Thus, if two
sheets are needed to to contain the flowchart,
the flows between pages are formed by off-page
connector symbols. In those cases where the
procedure being flowcharted links to an adjoining
procedure, the connection can be formed by a
terminal symbol
Basic Rules of Flowcharting - VI
 11) Exceptional Occurrences, such as back
orders, are clearly noted. They may appear as (i)
comments within annotation symbols, (ii)
separate flowcharts, with references to the main
flowchart, or (iii) decision branches, as shown
below:
Rejection
Reject To Customer
Letter
Order
From prior Customer

Credit Accept Acknowledgement
processing Satisfactory? To Customer
Order
To sales Order
Sales Order Processing

herein.
Fourth Edition by Wilkinson, Cerullo, Raval,
and Wong-On-Wing
Chapter 3: AIS
Enhancements Through
Information Technology and
Networks
Importance of IT and Computer
Networks to Accountants
To use, evaluate, and develop a modern

AIS, accountants must be familiar with IT
Computers enable accountants to perform
their duties more quickly, accurately, and
consistently than by manual methods
Software such as electronic spreadsheets
aid accountants in analyzing financial
statements and in developing budgets
IT Components of Interest
to Accountants
Devices for data entry
Data Processing
Data Communication
Information Generation
Data Bases
Data Modeling concepts
Evaluation of internal controls in AIS
Variety of software packages
Computer Networks
Networks & Accountants
Because they transmit data and information,

networks are an integral part of AIS
Networks are vulnerable to high level risk thus
requiring special controls and security measures.
Need to prevent loss of accounting records &
information
Need to ensure accuracy of data
Networks may be used to consolidate data into
financial information
Gains from IT for Accountants
 Faster processing of transactions and other data

 Greater accuracy in computations of and
comparisons with data
 Lower cost of processing each transaction
 More timely preparation of reports and other
outputs
 More concise storage of data, with greater
accessibility when needed
 Wider range of choices for entering data and
providing outputs
 Higher productivity for employees and managers,
who learn to use computers effectively in their
routine and decision-making responsibilities
Task Matching to Computers
Manual Computerized
 Exceptional/infrequent  Collecting and processing large
transactions volumes of routine
transactions
 Setting objectives and policy-  Storing large quantities of data
making judgments and information
 New problems  Monitoring and controlling
continuous processes
 Supervising employees  Answering specific inquiries
 Social communications based on stored data
 Making complex strategic  Preparing complex analyses
decisions and extensive reports
 Helping gather data and
understanding the
relationships between all types
of decisions
Figure 3-1
Limitations of Infoage’s
Legacy AIS
 Large portion of personnel time and effort spent
on systems maintenance
 Little time & effort for value-added services
 Little flexibility to changing business conditions
 Financial and Operational data not integrated
 Difficult to generate data with both financial and non-financial
components
 The transaction processing systems focus on
chart of accounts classification
Ignore the multidimensional aspects of transactions
Files related to applications are not integrated
 Inefficiencies of the manual system remodeled in
automated form
Business processes and accounting procedures not analyzed and
improved upon prior to conversion to automated form
 System not geared to generate timely decision-
support information
Computer programmers required to write new programs for ad hoc
queries
Types of Network
Architectures
Wide-Area Networks
Formed among computers and inter-
connected devices that are geographically
distant from one another
Local-Area Networks
A type of distributed network created when
two or more linked computers are grouped
within a limited geographical area
Centralized WANs - I
 Concentrates all application processing at one
geographical location
 Consists essentially of one (or a cluster of) central
mainframe computer(s) and one or more physically
remote terminals
 Typically all hardware, software, and data processing
personnel are located at corporate headquarters
 Advantages include:
 the concentrated computing power of a large processor
 low operating costs per transaction leading to economies of
scale
 can facilitate the use of a database approach
 facilitate better security provisions
 allow for greater standardization and professional planning and
control of information-related activities
Centralized WANs - II
 Best suited for
 Firms with centralized organizational structures
 Firms with homogeneous operations
 Firms with low processing activity at remote sites
 Examples include
 Savings and loan institutions
 Banks with many ATMs and branches
 Merchandizing chains
 Motels
 Airlines
 Drawbacks include
 Inflexibility
 Expensive and complicated software needed
 Vulnerable to disasters as a result of complete dependence on
central computer
 Not user-friendly
Distributed WANs - I
This links fully functional computers in different

geographical locations.
Each remote site processes its own applications.
However, users may not have easy access to
centralized data or be able to transmit data and
information rapidly.
Computers may be interconnected by data
communications hardware and software to other
remote sites and to a central computer facility to
form an “enterprise-wide” network.
Distributed WANs - II
 Distributed databases are useful when:

 Large volumes of data need to be processed at remote locations
 Managers and employees need very fast access to data on a
frequent basis
 Databases may be distributed by replication or partition.
 Replication: Copies of files from the main data base are stored
at remote locations
 Partition: Segments of files are allocated to various locations
within the network
This avoids data redundancy, but increases the complexity of
transmitting data throughout the network
Likely to become the dominant approach as technology improves
 At present most data bases are a hybrid of the two approaches
Benefits of Distributed
WANs
 Can be responsive to diverse needs of users
 Enable network facilities to be used efficiently
since processing jobs can be routed to unused
computer systems in the network
 Are robust against individual computer failures
 Flexible and adaptable to change
 Best suited for firms with:
 Decentralized organizational structures
 Diverse operations or user groups
 Clustered functions at various locations
 Multiple products
 Manufacturing operations
 A variety of services
Drawbacks of Distributed
WANs
Difficulty in maintaining adequate control and
security
Each distributed processing location needs its own
set of controls and security measures
Given the smallness of each location,
organizational independence is not easily
achieved
Managers may sacrifice control and security for
greater productivity
Difficulty and cost of coordinating the relatively
independent and sometimes incompatible
computer systems
Added costs for multiple computers, other system
components, and communication services
LANs
A LAN may be connected to other LANs

and/or WANs via hardware devices known
as gateways or bridges
At the heart of a LAN is the workstation
Microcomputer-based workstation
Traditional workstation
Super workstation
Peer-to-Peer LANs
In smaller LANs, every workstation
functions as both a client and a server
This allows all users to share data and files on
all workstations
Called peer-to-peer network since no
workstations are dedicated to perform only
server functions
Compared to a server network, peer-to-peer
networks are less costly, easier to install, and
compare well against server networks of
similar size
Number expected to significantly increase in
the near future
Server Networks
 May interconnect hundreds of workstations
 More difficult to manage and interpret than peer-to-peer
networks
 Provide greater security than peer-to-peer networks
 At least one workstation is dedicated to performing
specific server tasks
 Examples include:
 Servers
 Database servers
 Print servers
 Communications servers
 Transaction processing servers
 Large server networks often contain multiple servers
The Network Operating
System
 In peer-to-peer networks, the Network Operating
Software (NOS) is installed in each user workstation
 In a server network, most of the NOS is installed in the
file server and a portion also resides in each workstation
 To run centralized LAN applications, the NOS installed in
the file server interacts with the NOS and the local
operating system installed in the workstation. The client
workstation NOS initiates a request to the file server
NOS to load files and programs into the client
workstation’s RAM
 In a peer-to-peer network, a client NOS initiates a
request to another client NOS, which also functions as a
server, to load the requested files and/or programs into
RAM
More Networks
Examples of pre-developed network

configurations resident in Network Interface
Cards include: Ethernet, Token Ring, and ARC-
net
The International Standards Organization has
issued the Open Systems Interconnection (OSI)
model
Open Systems Architecture
Seamless exchange of data, files, and software
between LANs and WANs built with multiple vendors’
hardware, software, and networking components
Client/Server Networks
This model splits data processing between

a user workstation (client) and one or
more servers
Majority of servers are dedicated database
servers, thereby enabling client to share
data and files, conduct database searches,
and update the database
One of the fastest growing segments of IT
Cooperative Client/
Server Computing
Most commonly implemented mode of

client/server architecture
Facilitates the optimal sharing of
computer resources since the client(s) and
server(s) jointly process the data
Clients typically employ Graphical User
Interfaces (GUIs)
Data-processing locale is transparent to
the user
Network Topologies
The STAR and RING topologies apply to

both distributed WANs and LANs
The BUS topology applies only to LANs
All three found in client/server networks
All three may be combined to form hybrid
configurations
The STAR Configuration
Figure 3-3a
The RING Configuration
Figure 3-3b
The BUS Configuration
Figure 3-3c
Enterprise-wide Processing
and Data Systems
 Enterprise-wide on-line transaction processing systems

collect and process mission-critical accounting and
operational applications
 Enterprise Resource Planning Systems (ERP) such as
SAP R/3 overcome the limitations of legacy applications
 Firms typically develop two types of On-line Analytical
Processing (OLAP) systems that supplement ERP or
legacy systems
 A firm can model the relevant aspects of business events
contained within the business processes allowing for the use of
relational database-related query language commands
 Firms can create a data mart or data warehouse to generate
predefined reports for executives and other managers
Data Marts and Data
Warehouses
 Both Data Marts and Data Warehouses organize and

store copies of “informational” or decision support data
 A Data Mart stores copies of decision support data in a
data base for a portion of a company
 A Data Warehouse stores copies of decision support
data in an integrated data base for an entire enterprise
 As opposed to applications-oriented data in legacy
systems, data in a data mart or warehouse are stored by
subject areas (e.g., customers)
 Data may be stored in both summarized or “raw” form
 Both have “drill down” and “data mining” features
Specialized Inter-organizational
Systems/Networks
Internet Commerce and Electronic Commerce

Point-of-Sale Systems/Networks
Electronic Funds Transfer (EFT) Systems
Electronic Data Interchange (EDI) Systems
Value Added Networks (VANs)
The Internet (TCP/IP)
The World Wide Web (WWW)
Hypertext information retrieval system
Intranets
Extranets
herein.
and Wong-On-Wing
Chapter 4: Data Management

Data
Data may be defined broadly
to include two interrelated components:
Data Models that provide structure to data
File Orientation
Data-base Orientation
Data values
A firm’s data resource involves four major
functions:
Record & Repository Creation
Repository Maintenance through additions and
updates
Data Retrieval
Data Archival and Removal
Entities
 An Entity is an object, person, or event about which a

firm wants to collect and maintain data
 Characteristics of Entities are Attributes
 Each attribute stored in the system is a Data Element
 There is usually a one-to-one correspondence between
attributes and data elements
 A broadly defined attribute may have several specific attributes
and therefore data elements. e.g., Shipping Address
Street Address
City
State
Zip Code
Country
Data Models
Data-base
Files Data bases
-
File Data-sets (or Tables)

Record Record
Data Element Data Element
Figure 4-1
Data Elements
Every recorded attribute of an entity is a data

element
Field Length: This is the number of contiguous
positions required to store a data element
Data Type:
Character
Numeric
Date
Raw
Data Value
Some Specifics
{
File
Field 1 Field 2 Field 3 Records

File Classifications (Master
Files)
Master files: These contain (semi) permanent
data (records) pertaining to entities (people,
places, and things). Accounting related
examples include:
General and Subsidiary ledgers
General ledger master file
Customer/Accounts Receivable master file
Vendor/Accounts Payable master file
Inventory master file
Employee/Payroll master file
Open WIP master file
Standard cost master file
File Classification
(Transaction Files - I)
Transaction files: These contain records
pertaining to events currently being processed,
such as sales, receipts of goods, etc.
Transaction files capture detailed transaction
data. They are counterparts to general and
special journals in manual systems
Transaction data are periodically posted to
related master file(s) and are then either purged
or archived
File Classification
(Transaction Files - II)
Accounting related transaction files

include:
General/Special journal file (General ledger)
Sales/Cash receipts file (Accounts receivable)
Receiving/Purchases file, Cash disbursements
file (Inventory, Accounts payable)
Inventory issuance file/shipment file/sales
file/adjustments file (Inventory)
Payroll/Cash disbursements (Payroll)
Other File Classifications - I
 Reference files: These contain tables or lists of data
needed for making calculations or for checking the
accuracy of input data. e.g., product price tables,
customer lists, etc.
 History files: These are also called archive files since
they contain records pertaining to completed
transactions such as past sales
 Open files: These record incomplete transactions.
Whereas transaction files are purged or archived at the
end of a given period, open files remain indefinitely
open. Only individual records from Open files get
purged as the transaction actually occurs or does not.
e.g., Open sales order file Sales transaction
file
Other File Classifications - II
Report files: These are derived from records

within master or transaction files. e.g., data may
be periodically extracted from the Accounts
Receivable master file to construct an aging
schedule
Backup file: This is a copy of a current file
generated so that the original file can be
recreated from it
Suspense file: This is a collection of those
records of a transaction file that appear to
contain erroneous or questionable data
Record-Key
Record keys: These are data elements within
records that serve as sort keys. e.g., customer-
account number
Two types of keys often used in master and
transaction file records are a primary key and
one or more secondary keys
A Primary key (also called a record key) is the
attribute that uniquely identifies a specific record.
They are usually of numeric or alphanumeric modes,
e.g., customer number
A Secondary key is an attribute other than the
primary key and represents an alternative way to sort
or access records in a file, e.g., customer last name
Flags
Flags that are symbols or characters used

for control purposes, e.g., end-of-batch
flag.
Flags are not visible to the end-user. It is
a system-managed field that is
transparent to the user.
Logical View Versus Physical
Storage of Records - I
File structure pertains either to “logical” file
structures or to “physical” file structures
The logical file structure defines the user’s
perspective of a file. For example, each logical
record in a computerized customer master file
pertains to a particular customer
Data contained in logical records must
necessarily be physically mapped onto storage
media
File organization refers to the methods by which
data in logical records are stored on physical
storage media
Logical View Versus Physical
Storage of Records - II
Files stored on physical media are seen as a
collection of physical records
Sometimes there may be a one-to-one
correspondence between logical and physical
records (unusual)
Sometimes a logical record may occupy more
than one physical record - typically on magnetic
disks
Sometimes two or more logical records may
occupy one physical record - typically on
magnetic tape
Design Considerations for
Records & Files - I
Managing files and records requires the

answering of questions such as:
How should the records be structured
What type of file organization and access
method (e.g., sequential, indexed sequential,
random) should be used
How long should records be retained
Design Considerations for
Records & Files - II
The answers to the above questions

also depend in part on the requirements
of the application being designed
These requirements, in turn, are affected
by issues such as:
storage requirements
efficiency in file maintenance
accessibility of stored data
Establishing Record
Structures - I
The structure of a record is defined by its:

content
 arrangement
modes of data fields
lengths of data fields
keys
Generally the primary keys are placed to occupy
the first fields of the records
Generally balance amounts or amounts of
transactions are placed in the last fields
Establishing Record
Structures - II
Transaction records are usually arranged

somewhat in accordance with the placement of
the elements on the source documents (e.g.,
sales invoices)
The modes and lengths of the fields depend on
the nature of data placed therein, while the keys
are expressed as codes
An important design issue is the extent to which
records should be consolidated. This issue is
especially important in relational database
normalizations and table designs
File-Oriented Approach to
Data Storage
In the file-oriented approach to data

storage computer applications
maintain their own set of files
This traditional approach focuses
on individual applications, each
of which have a limited number
of users, who view the data as
being “owned” by them
Deficiencies of the File-
Oriented Approach
 Files and data elements used in more than one
application must be duplicated, which results in data
redundancy
 As a result of redundancy, the characteristics of data
elements and their values are likely to be inconsistent
 Outputs usually consist of preprogrammed reports
instead of ad-hoc queries provided upon request. This
results in inaccessibility of data
 Changes to current file-oriented applications cannot be
made easily, nor can new developments be quickly
realized, which results in inflexibility
 It is difficult to represent complex objects using file
processing systems.
The Database Approach to
Data Storage
A database is a set of computer files that
minimizes data redundancy and is accessed by
one or more application programs for data
processing
The database approach to data storage applies
whenever a database is established to serve two
or more applications, organizational units, or types
of users
A database management system (DBMS) is a
computer program that enables users to create,
modify, and utilize database information efficiently
Documenting Data in Data-
Base Systems
The Conceptual Data Model is the logical

grouping of data on entities
Two common Conceptual Data Modeling
techniques are:
The Data Dictionary
Entity-Relationship Diagrams
Data Dictionary
A data dictionary is a computer file that maintains

descriptive information about the items in a
database
Each computer record of the data dictionary
contains information about a single data item
used in an AIS
Examples of information that might be stored in a
data dictionary are source document(s) used to
create the data item, programs that update the
data item and classification information about the
item’s length and data type
Data Modeling Via the Entity-
Relationship Diagram - I
The Entity-Relationship Model is a high level
conceptual data model that specifies the data
base structure independent of any specific
DBMS (hierarchical, network, relational, object-
oriented)
It is only after completing the E-R model that a
particular DBMS is selected. Then the high level
model is mapped into schemas using the DDL
provided by a given DBMS
Entity-Relationship Diagram - II
 In order to arrive at a specific E-R model, one must select the

entities first, and then define the relationship between them
(cardinalities: one-to-one, one-to-many, many-to-many)
 Rectangle=Entity
 Diamond=Relationship
 Line=Links:
 attribute to entity
 entity to relationship
 attribute to relationship
 Sometimes we use ellipses to represent specific attributes of
entities, e.g., customer_#, student_last_name, etc.
 To go from the ER model to a specific conceptual data model
(hierarchical, network, relational, object-oriented), we typically
assign attributes to the entities and relationships so as to obtain
fully specified pointers (hierarchical & network), and normalized
tables (relational)
Advantages of the
Database Approach
Efficient use of computerized storage
space
Each subsystem has access to the other’s
information
All application programs utilize the same
computer file, thereby simplifying
operations
Fewer backup files for security purposes
Relieves some users from data-gathering
responsibilities in situations where these
users previously gathered their own data
Disadvantages of the
Database Approach
 Databases can be expensive to implement
because of hardware and software costs.
 Additional software, storage, and network
resources must be used
 A DBMS can only run in certain operating
environments,which makes some unsuitable
for certain alternate hardware/operating
system configurations
 Because it is radically different from the file-
oriented approach, the database approach may
cause initial inertia, or complications and
resistance
Data-Flow Diagrams
A data-flow diagram shows the physical

and logical flows of data through a
transaction processing system without
regard to the time period when each
occurs
Physical devices that transform data are
not used in the logical diagrams
Because of the simplified focus, only
four symbols are needed
Symbols used in Data Flow
Diagrams
 A square represents an external data source or data
destination. The latter is also called a sink
 A circle (or bubble) indicates an entity or a process
that changes or transforms data
 A bubble can either be an internal entity in a physical DFD or a
process in a logical DFD
 An open-ended rectangle or a set of parallel lines
represents a store or repository of data
 The file may represent a view or a portion of a larger entity-wide
data base
 A line with an arrow indicates the
direction of the flow of data
Physical DFDs
A Physical DFD documents the physical

structure of an existing system. It answers
questions such as Where an entity works,
How an entity works, the work is done by
Whom, etc.
Given the very “physical” focus of a
physical DFD, it changes whenever the entities,
technology used to implement the system, etc.
changes
Physical DFDs have no lower levels
• This limitation makes physical DFDs
cumbersome to work with, and usually of
limited value
Logical DFDs - I
Logical Data flow diagrams are
usually drawn in levels that include
increasing amounts of detail
A top level (or high-level) DFD that
provides an overall picture of an
application or system is called a context
diagram
A context diagram is then decomposed,
or broken down, into successively lower
levels of detail
Logical DFDs - II
Logical Data flow diagrams

document the processes in an existing
or proposed system (What tasks)
Because the logic of a system changes
infrequently, relative to its physical nature,
a logical DFD will remain relatively
constant over time
Logical Data flow diagrams typically have
levels below the level-0 diagram
The Hierarchy of Data-Flow
Diagrams
The Hierarchy of Data Flow Diagrams
Context Diagram
Physical DFD Level-0 logical DFD

No lower levels Lower levels possible
Level 1 diagram(s)
Level 2 diagrams(s), etc.

A Context Diagram
Process bubble
Customer Relevant Environment
comprised of External Entities
Payment Cash
}Boundary (border between a
Receipts system and its environment)
Process
Dataflows Deposit
(Interfaces) Bank
This is a flow connecting a system
with its environment
A Physical DFD
1. Bubbles are labeled
with nouns
2. Data flows & files have
Sales physical descriptions
Customer Cash Clerk Order &
register
1.0 tape
Cashier
Form 66W 2.0
Verified
Sales Book- register tape Deposit slip
information & cash
Keeper
3.0
Blue sales book
Bank
A Logical DFD
1) Bubbles are labeled with
verbs that describe the activity
taking place
1.0 2) Data flows & files have logical
Customer Payment Receive Receipts & descriptions
receipts summary
Payment
Verified receipts
2.0
Sales record 3.0
Compare
Cash & Prepare
Tape Deposit
Sales data 4.0 Verified receipts Deposit

Record summary
Sales Journal Sale Bank
herein.
and Wong-On-Wing
Chapter 5: Computer-Based
Transaction Processing

Systems
A fundamental task in any AIS is to

process transactions affecting the
organization
Transaction processing systems(Ss)
involve three stages:
Data entry
Data and file processing
Output preparation
Benefits of Understanding
Transaction Processing Systems
Recognize limitations in currently installed

Transaction Processing Systems such as:
• inadequate data controls
• inefficient processing
• out-of-date files
• stored data that cannot be accessed quickly
• data that is poorly classified and coded
Recommend new or improved processing
approaches and storage methods
Layout of Input-Process-
Output Discussion
Data Processing Model
Input Process Output
Online Offline Periodic Realtime

Always Batched (Batched) (Immediate)
Processing
May lead to May lead to Direct Sequential

Realtime Processing Batched Processing Updating Updating
Sequential Updating Sequential Updating

after Online Data Entry from Batched
(Offline) Inputs
Data Entry
Most transactions are initiated by business
events triggered by various agents or by
instructions within a computer program
Other transactions are initiated by the passage of
time, e.g., interest accruals
Computer-based systems employ an off-line or
on-line approach to data entry
Off-line Data Entry
Off-line refers to input devices not directly

connected to the computer. Examples are
key-to-tape, key-to-disk, and OCR readers
Data must be first captured on source
documents and similar transactions are
batched together
Batched transactions are transcribed into
machine-readable form using an off-line
device
Turnaround documents may be
used as direct input into a system
On-line Data Input
 On-line refers to devices that are directly and

continuously connected to a computer system
 In on-line data entry, transaction data are
entered into the computer directly as they occur
 Characteristics of on-line data entry may
include:
nonexistence of source documents
(telephones, face-to-face conversations)
input of data using source data automation
(scanners at POS terminals)
origination of data by parties external to the
firm (ATM machines, telephone touch-tone
based transactions)
capture of data at remote sites (remote job
entry or remote batch processing)
Input Documents
Input documents typically do the

following:
Authorize Subsequent Transactions
Trigger Desired Actions
Reflect Accountability
Provide Data for Output and Reference
On-line Data Entry design
Four factors that can reduce the tendency for
errors in on-line data entry are:
• Menus that clearly define alternative actions
• Dialogue prompts that display suggestions or
questions to the user
• Graphical user interfaces that allow a user to
make selections
• Preformatted screens that display formats for
transaction documents. These can be
associated with menu options
Advantages of On-line
versus Off-line Data Entry
Off-line data entry offers the
advantages of economy and
productivity
On-line data entry offers the
advantages of timeliness, flexibility,
and simplicity
Options in Computer-Based
Source of Options
Differentiation
Source(s) of Main Remote
Transactions Computer Site
Focus of Batches of Individual
Transaction Events Events
Data
Input Off-line On-line
Approach
Timing of Periodic Immediate
Processing (delayed) (real- time)
Mode of Sequential Direct
Processing
Timing of Spooled Immediate
Outputs
Users of Currency not Currency
Information critical critical
Figure 5-7
Data Processing Methods
Batch data processing involves the

processing of data in groups (or
batches) of like transactions at periodic
intervals. Used when transaction activity
is low or periodic
Real-time processing consists of
processing each transaction as it arises
and is captured
Batch Processing Method
 In batch processing, transaction data are stored in a
transaction file until a master-file update is performed. The
storing of transaction data in a transaction file may occur
either through off-line or on-line entry of data
 Advantages of batch processing include:
 processing can be done in background mode
 processing is only performed when needed
 batch processing leaves a good audit trail
 Disadvantages:
 the master-file is only as current as last processing run.
 If transactions are batched before entry, any errors in
transaction data cannot be corrected at the time of
entry. They must be corrected and reentered either
through a separate run or during the next processing
cycle
Real-time Processing
Method
Real-time processing involves the processing of
each transaction as it arises and is captured
Data from each transaction are entered via an
online device and posted directly and immediately
to the affected record(s) in one or more master
files
Real-time processing may be interactive in that it
may involve direct interactions between humans
and computerized systems
Real-time Processing
Method
Advantages of real-time processing include:

This method keeps the master file more current
than the batch runs
Errors are caught at the time of data entry
Drawbacks of real-time processing include:
More complex and expensive than batch
systems
Harder to audit
Controls and backup procedures are more
elaborate in order to guard against
unwarranted access and human error
Document Flowcharts
Flowcharts are pictorial representations of

transaction processing systems that portray
flows of some type
A Document Flowchart emphasizes the
hardcopy inputs and outputs and their flows
through organizational units
Auditors and accountants may use document
flowcharts when analyzing a current system
for weaknesses in controls and reports
Common Document
Flowcharting Symbols - I
Punched Card Floppy Disk
Keying operation Manual Operation
Document Connector between

two points on a
flowchart
Multiple copies of
a specific document Journal or ledger
Common Document
Flowcharting Symbols - II
Permanent file of Envelope

documents
Information flow
Adding machine
Document flow
tape used for
batch control
Annotation for
additional
explanation
A Sample Document
Flowchart
Requesting Department Central Supplies Department
12 A
Goods Requisition
Form
1
Goods Requisition
Form
File
System Flowcharts
System Flowcharts depict the flows of data

and processing steps in an AIS
They use symbols that are industry
conventions standardized by the American
National Standards Institute (ANSI)
Flowcharting symbols are grouped as
input-output symbols, processing symbols,
storage symbols, data and information
flow symbols, and miscellaneous symbols
System Flowchart
Symbols Input/Output
Keying Operation Punch Card

Can also be output.
These are rarely
used nowadays.
Manual Input
Document
Also output as
reports
Display General Purpose

Input-Output
File
Used when type of media is unknown
or for manual card files, ledgers, batch logs, etc.
System Flowcharting
Symbols Processing
Manual Operation Auxiliary

Operation
Processing
Sorting
Collate
Also known as off-line process

System Flowcharting
Symbols Storage
Punched Card Input/Output
Punched Document
Paper Tape
Magnetic Magnetic
Tape Disk
Online Storage Off-line

Storage
Systems Flowcharting
Symbols Connectors
Start/Stop Terminal
Can also be an external
entity
Logic Flow
A On-page
connector
Telecommunication
Off-page Link
Connector
System Flowcharting
Symbols Miscellaneous - I
Data Preparation
Communication Link
Termination
Can also be an external entity
System Flowcharting
Symbols Miscellaneous - II
Bridge for Annotation for

crossing flows additional
explanation
Batch total - Goods; e.g.,

any total inventory
shipment
Structure Charts
 A structure chart portrays the hierarchy of levels and
interrelationships within a system
 Computer programmers use high-level structure charts
to determine the overall structure of program modules
required to operationalize a system
 Low-level structure charts, prepared during the detailed
design phase, enable computer programmers to create
source code sub-routines that help in the
implementation of systems
 Source code sub-routines are frequently written in
Structured English
 Structured English are English-like statements generated
from low-level structured charts. These statements are
then converted to detailed source programming code
instructions
A High-Level Structure Chart for
a Course Registration System
Class Registration
Processing System
Read Course Process Course Output Course

Schedules Schedules Schedules
Other Inputs Other Inputs
Get Course Edit Course Update Course Output Registration Output Course
Schedules Schedules Schedules Reports Schedules
Other Files Other Files Other Reports
Figure 5-11
Sequential vs. Direct Updating
 Sequential Updating from Batched/Online Inputs: To update a
master file sequentially within a computer-based application, the
processing program starts at the beginning master file record. It
then reads every record in the file, changing data in each record
affected by a transaction (see Figs. 5-6 and 5-7 & 5-8 ).
 Sequential Updating requires sorting of the transaction file by the
master file sorting key (e.g., transactions originally sorted on
transaction_no. must now be resorted by master-file
customer_no.).
 Since all the records in a master file are read during the update,
sequential updating increases the processing time significantly if
only a few records are to be updated.
 Direct Updating: Instead of processing a batch of transactions
sequentially against an entire master file, each transaction in the
batch can be posted directly to the affected records.
 Direct Updating with batched transactions eliminates the sorting
step.
 Direct Updating is only feasible if the master files are stored on direct-
access storage.
DFD Showing Batched Sequential
Processing of Transactions
Source Documents Batch of
Origination of Documents
Batch
Transactions
Documents &
Compute
Totals
Batch Totals
Prepare Batch
Prepare Documents
Financial for Sequential
Outputs Subsidiary and Processing
General ledgers
Updated
Financial Statement Post Data to
Records
& other Outputs Accounting Sorted Batch
Records & of Documents
Verify Batch
Totals
Recipients
of Transaction Data
Outputs (Journals)
Figure 5-12
Enterprise Resource
Planning
 ERP is a software with an integrated set of applications

for enterprise-wide use in functional areas such as
finance, accounting, human resource management,
manufacturing, logistics, etc.
 ERP systems permit an integration of data and
applications. Both financial and non-financial data can
be integrated
 ERP systems also facilitate access to data that are within
the firm but outside the ERP system
 Standardization of worldwide systems, consistent and
accessible data, and on-line processing of data result in
firm-wide data availability
File Management Issues
A File is a collection of related data stored

together for future use
All computerized applications involving
transaction processing typically employ
one or more files
Because of their involvement with
transaction processing, and auditing of
such processing, accountants need to be
aware of file management issues
File Access - I
Sequential Access: This requires each

record in a file to be scanned, beginning
with the first record in the file
The sequential access method is inefficient
for finding individual records. However, it is
very effective if a large number of records in
a file need to be accessed
File Access - II
 Direct Access: This denotes any method that involves the accessing of
desired records in some way other than by an exhaustive search through
all the records in a file
 Significant methods of Direct Access include:
 Indexed sequential file
 Randomization
 Binary searches
 Linked lists
 Inverted lists
 All Direct Access methods require direct-access storage media such as
magnetic disks and the use of Pointers
 Pointers are data elements whose values specify or “point to” the physical
storage addresses where associated data are stored. In contrast to the
other data elements of a record, a pointer provides direction
rather than content
Indexed Sequential File - I
This type of file combines a sequential

arrangement of records with an index that
cross-references the primary key values of
the records
The index enables individual records to be
retrieved quickly, while the file retains the
benefits of sequential processing
Indexed Sequential File - II
Index File Data File
Emp. Name Pointer Addr Emp. # Name
Albany 6 1 500 Carter
Carter 1 2 501 Schneider
Finsbury 3 3 503 Finsbury
1 Goodrich 4 4 504 Goodrich
Jenkins 9 5 506 Sykes
Petersen 8 6 508 Albany
3 Schneider 2 7 509 Williamson
Sykes 5 8 512 Petersen
2 Williamson 7 9 513 Jenkins
Binary Search
Individual Record Retrieval
Using the ISAM Method
Index File Data File
Product # Description
Product #
1. 105010 Dye-12oz.
Pointer 1 2. 106950 Dye-16 oz.
105010 3. 107000 Dye-24 oz.
4. 108020 Conc-1 gal.
110020 7 5.
115015 12 6.
7. 110020 Conc-2 gal.
Inverted list on 8. 110410 Conc-4 gal.
Product # 9. 114650 Conc-6 gal.
10.
11.
12. 115015 Reagent
13. 116000 Additive
Randomization
 This is the access procedure in which computations are

performed to generate addresses for individual records.
 These computational procedures are known as “Hashing
Schemes.”
 When the records of a file are located throughout a direct
access storage medium by means of a randomizing
procedure, the file is described as a random file.
 A Hashing Scheme provides a random file with its major
advantage: fast access.
 Hashing schemes are typically faster than the table
lookup procedures required with indexed sequential files.
Coding
• AISs depend on coding to record, store, classify
and retrieve financial data.
• Computer systems most often use numeric
codes or alphanumeric codes for processing
accounting transactions.
• Purposes of coding:
uniquely identifies transactions and accounts
compresses data
aids in classification process
conveys special meanings
Coding Systems
• Mnemonic Codes give visible clues concerning

the objects they represent
• Sequence Codes are the simplest type of
coding scheme that assign numbers or letters in
consecutive order
• Block Codes assign a series of numbers within
a sequence to entities or events having common
features
• Group Codes reveal two or more dimensions
or facets pertaining to an object
Design Considerations in
Coding
• Codes should serve some useful purpose

• Codes should be consistent
• Codes should be standardized throughout
the organization
• Codes should plan for future
expansion
herein.
and Wong-On-Wing
Chapter 6: Data-Base
Modeling and Applications

Introduction
We use the term Data Base to mean the

collected data sets that are organized and
stored as an integral part of a firm’s computer-
based information system
Data Sets are flexible data structures that
include groupings of data that are logically
related
The Database Approach to
Data Storage
A Database is a set of computer files that
minimizes data redundancy and is accessed by
one or more application programs for data
processing
The database approach to data storage applies
whenever a database is established to serve two
or more applications, organizational units, or
types of users
A Database Management System (DBMS) is a
computer program that enables users to create,
modify, and utilize database information
efficiently
Characteristics of the
Database Approach
Data Independence - the separation of the
data from the various application programs and
other accesses by users
Data Standardization - data elements within a
database have standard definitions, thus stored
data are compatible with every application
program that accesses the data
One-Time Data Entry and Storage -
individual data values are entered into the
database only once; consequently, redundancy
is reduced and inconsistencies between data
elements are eliminated
Characteristics of the
Database Approach
Data Integration - data sets integrate the data,
which enables all affected data sets to be updated
simultaneously
Shared Data Ownership - all data within a
database are owned in common by the users. The
portion of the database that is of interest to each user
is known as the sub-schema
Centralized Data Management - the database
management system stands guard over the database
and presents the logical view to users and
application programs
Program-Data
Independence
Application
Program A
Database
Management
System Database
Application
Program B
Figure 6-1
Questions for Database
Design and Construction
 What data management perspective should be adopted?

 What is the proposed system’s initial objective?
 What systems and users will use the data?
 Which existing or future systems will the proposed system
interface with?
 How much data will be stored initially? In the future?
 How many data accesses (reads and updates) will occur on an
hourly, daily, and monthly basis?
 How can the data be organized, both logically and physically,
to best serve the users of the system?
Iterative Phases in Database
Development: Planning & Analysis
Planning
Cost-benefit Analysis
Effective usage Analysis
Analysis
Enterprise Diagram
User Requirements
Data requirements
Firm’s operations and relationships
Development of logical design
Expected output requirements
Inputs
Processes
Appropriate Conceptual Model
Data Modeling through Entity-Relationship Diagrams
Specification of logical view(s)
Designation of Primary and Secondary keys
Development of Data Dictionary
Development: Detailed Design
Technical Specifications
Report Layouts
Data Flows
Screen Layouts
DBMS Selection
Data Definition Language (DDL)
Data Manipulation language (DML)
Query language [Structured Query Language (SQL)
and/or Query by Example (QBE)]
Data-base Control System (DBCS)
DBMS
Many DBMS packages allow users to:
Analyze Data
Prepare ad hoc or customized Reports
Create and Display Graphs
Create Customized Applications via
Programming Languages
Import and Export Data
Perform On-line Editing
Purge or Archive Obsolete Data
Backup data
Maintain Security Measures
Interface with Communication Networks
Development: Post-Design Phases
Implementation
Testing
Unit Testing
System Testing
User Acceptance Test
Maintenance
Entity-Relationship Model
Relative to the detailed nature of Record layouts and
data dictionaries, Entity-Relationship (E-R) Models
provide a broader and more conceptual view of the
firm’s data
A Data Model documents the key entities in a firm
and the relationships or associations among those
entities
An Entity is an object that exists and is identifiable.
e.g., an agent, event, or a resource
Entity-Relationship Model
Conventions
Rectangles represent entities and diamonds represent

relationships.
Each rectangle is usually denoted by the attributes of
the entity.
E-R Diagrams can easily model the information
needs of the entire enterprise or segments of the
enterprise such as divisions or departments, and even
detailed data issues such as detailed data repositories
such as records and/or tables.
Database Relationships
In a database, relationships occur among data
elements for two reasons:
Because of the nature of the elements themselves.
e.g., the relationship between a customer no. and a
customer name
Because of the need to retrieve
information from a database in
some prescribed manner. e.g.,
customers and invoices.
Kinds of Relationships
No relationship. e.g., student numbers and physical plant
codes
One-to-one relationship. This occurs least frequently,
e.g., reference no. to course description; product no. to
product description; customer no. to customer name
Directed relationships - 2 views:
One-to-many relationship. e.g., advisor to students,
customer to invoices
Many-to-one relationship. e.g., invoice lines to invoice
Many-to-many relationship. e.g., students to courses,
customers to products
A Many-to-Many Relationship:
Variation of Figure 6-6
Customers April June Summers
Product A Product B Product C Product D

n
Products
Figure 6-6
Relational Databases
In a relational database, data are perceived by

users to be structured in the form of simple flat
files or tables
Each table consists of records that are
comprised of a key and associated data
elements
In order to lay claim as a relational database, it
must do the following:
Present data to users as tables only
Support the relational algebra functions of
Restrict (Select), Project, and Join without
requiring any definitions of access paths to support
these operations
Relational Algebra Functions in
a Relational Database - Select
Select (Restrict): This function produces a

new table with only rows from a single
source table whose columns meet
prescribed conditions, e.g.,
Customer_Name=Adam Smith;
DOB=2/29/64; Legal Residence=California,
etc
Select
Cust Cust. Date Credit Legal

No. Name of Limit Res.
Birth
1000 Adam 3-12-62 1000 CA
Smith
1010 Lord 2-29-64 2000 TX

Keynes
Relational Algebra Functions in
a Relational Database - Project
This function produces a new table with only

some columns from a single source table. e.g.,
Project Student table on Student_Name and
Student_Major
Student_Name Student_Major
Estudiante Garcia French
Madeleine Notallbright International Relations

Relational Algebra Functions in a
Relational Database - Select & Project
The combination of Select and Project

produces a new table with both fewer
columns and rows than the original
table. e.g., Project on Student_Name
and Student_Major where
Student_Major = Latin
Select & Project
Student_Name Student_Major Student_Status

Penny Pasta Latin Senior
Connie Curry Greek Freshman
Tony Lama Tibetan Junior
Student_Name Student_Major
Penny Pasta Latin
Relational Algebra Functions
in a Relational Database - Join
The Join function produces a new table

from two or more source tables that
have at least one common column
The new table is wider than either of the
two source tables because it contains all
the columns from both source tables
Customer_Name Customer_Code
Join John Doe 1001
Customer_Code Credit_Limit
+
1001 10,000
Customer_ Customer_ Credit_Limit

=
Name Code
This may get repeated
twice, but then will be
eliminated under the
John Doe 1001 10,000 third normal form.
Query Languages for a
Relational Database
Structured Query Language (SQL)

SELECT CLIENT_NO, CLIENT_NAME,
PROJECT_NAME
FROM PROJ.TABL
WHERE CLIENT_NO = 531
Query-by-Example (QBE)
Use of Dynasets
Relational Databases:
Advantages & Disadvantages
Advantages Disadvantages
Ease of use for non- Relative inefficiency
technical users Huge storage space
Flexible structure required
English-like commands More redundancy than
or menus other data base
Easy structural changes structures
Not suitable for high-
volume applications
Hierarchical Database
Structure
The hierarchical data structure (or tree
structure) expresses hierarchical relationships
among stored data.
The root node is at the top and for
any two adjacent records, the elder
or higher-level record is called the
parent record.
The younger or lower-level record
is called the child record and any
two records on the same level are called sibling
records.
The Hierarchical Conceptual Model
Customer Salesperson
Invoice Salesperson
 In this model all data
deemed necessary must be
defined when the database Invoice 1 Invoice 2 Invoice 3
is created
 The inverted tree structure Line Line
of the database means that Item 1 Item 2
each node can only have
one parent
 Therefore, the hierarchical Customer
model only allows for one-
to-one and one-to-many
relationships. Many-to- Invoice 1 Invoice 2 Invoice 3
many relationships cannot
be modeled except through Line Line
duplication of data elements
Item 1 Item 2
Hierarchical Conceptual
Model - III
Rec. Rec. Forward
 In this model, pointers must
Address Content Pointer
be stored either within the 1 Cust A 4
records or in separate index 2 Cust B 6
files 3 Inv 10 0
Customer A 4 Inv 9 7
Invoice 9 Invoice 12 Invoice 16 5 Inv 16 0
Customer B 6 Inv 8 3
Invoice 8 Invoice 10 7 Inv 12 5

The Use of Pointers in the
Hierarchical Conceptual Model
Rec. Rec. Forward

Address Content Pointer
1 Cust A 4
2 Cust B 6
3 Inv 10 0
4 Inv 9 7
5 Inv 16 0
6 Inv 8 3
7 Inv 12 5
The Network Structure
Like the Tree structure, the Network

structure establishes explicit access paths or
links among data nodes
Unlike the Tree Structure, however, the
Network structure:
Allows any data node to be linked to any other
node
Permits entry at more points than a single root
node
Requires at least one subordinate data node to
have two or more owner nodes
Network Database
Structure
The network data structure handles
complex relationships among records by
linking related records together with
“pointer fields”
Pointer fields are embedded in each record
and contain disk addresses of related
records
The pointers maintain the data relationships,
thereby enabling an AIS to prepare familiar
reports
Network Conceptual
Model - I
In this model there is no distinct data hierarchy.

This enables network models to handle all types of
relationships
Along with this ability, though, comes high
inherent complexity
Simple networks contain one-to-many
relationships
Complex networks contain many-to-many
relationships. Usually these are reduced to
numerous one-to-many relationships through
intersection records
Network Conceptual
Model - II
Pointers are also used to link

data elements in network models.
Micro-computer-based network
models are uncommon. These are
more common in large mainframe
environments.
True Network Model Decomposed
to One-to-Many Relationships
Customers Products
Customer Product
Cust-Prod
Object-Oriented Database
Structure - I
The object-oriented database
(OODB) is a new type of database
that stores objects with (non-textual)
information in them
These unstructured objects may be
graphic images, still photographs,
animated visual, music and speeches
Objects are grouped into object
classes, with each member of the
class having the same set of
attributes, which can be
manipulated
Structure - II
Object Classes feature class hierarchies
Super-classes are at the top of the
hierarchies, with classes and sub-classes
linked below
Movement within class hierarchies is
downward from super-class to class to
subclass
Classes may also form sidewise associations,
e.g., association of university person with
university; faculty with academic dept
Characteristics of Objects
Attributes
Engine
Make Model Year Mileage Color
Size
Object Car
Drive Park Lock Wash

Operations
Characteristics of Objects
Note that Objects possess 2 characteristics:
Attributes attributes & operations
Qty Reorder Order Supplier
Part No. Description
on Hand Point Qty No.
Object Inventory
Review
Reduce Reorder Replace
Qty
Operations Sometimes these may change objects

Structure - III
OODBs feature:
Encapsulation: Storing procedures or operations
called methods with the data to which the methods
relate.
This brings together the data attributes and operations
pertaining to objects and object classes
Because of encapsulation, the application programs that access
the data base can be greatly simplified, thereby reducing
programming errors
Inheritance: This allows subclasses to inherit methods and/or
data from higher classes within a class hierarchy
The major advantage of inheritance is that programmed
instructions (objects) are reusable.
Libraries of commonly used objects (programs) can be
maintained
These standardized programs (fully pre-tested and applied) can
greatly reduce reprogramming efforts
Inheritance Between
Classes CONTROL
Operations:
Object Verify key
Class before Update Object
* Subclasses
Other
*
operations
*
ACCT-PAY ACCT-REC INVENTORY
Attributes: Attributes: Attributes:

Ven-Num (key) Cust-Num (key) Part-Num (key)
* * *
* Other * Other * Other
* Attributes * Attributes * Attributes
herein.
and Wong-On-Wing
Chapter 7: Risk Exposures

and the Internal Control
Structure

Internal Control
Internal Control is a state that

management strives to achieve to provide
reasonable assurance that the firm’s
objectives will be achieved
These controls encompass all the measures
and practices that are used to counteract
exposures to risks
The control framework is called the
Internal Control Structure
Objectives of the Internal
Control Structure
Promoting Effectiveness and Efficiency of

Operations
Reliability of Financial Reporting
Safeguarding assets
Checking the accuracy and reliability of
accounting data
Compliance with applicable laws and regulations
Encouraging adherence to prescribed
managerial policies
Components and Major
Considerations of the IC Structure
Internal Control
Structure
Control Risk Control Information

& Monitoring
Environment Assessment Activities Communication
Activities related Activities related

to Financial to Information
Reporting Processing
General Application
Controls Controls
Figure 7-1
Control Environment
The Control Environment establishes the

tone of a company, influencing the control
consciousness of its employees
It is comprised of seven components:
• Management philosophy and operating style
• Integrity and ethical values
• Commitment to competence
• The Board of Directors and the Audit Committee
• Organizational Structure
• Assignment of authority and responsibility
• Human resources policies and practices
• External Influences
Highlights of CE Components - I
Management Philosophy and Operating
Style
Does management emphasize short-term
profits and operating goals over long-term
goals?
Is management dominated by one or a few
individuals?
What type of business risks does
management take and how are these risks
managed?
Is management conservative or aggressive
toward selecting from available alternative
accounting principles?
Figure 7-2
Highlights of CE Components - II
Organization Structure
Is an up-to-date organization chart prepared,
showing the names of key personnel?
Is the information systems function
separated from incompatible functions?
How is the accounting department
organized?
Is the internal audit function separate and
distinct from accounting?
Do subordinate managers report to more
than one supervisor?
Figure 7-2 Continued
Highlights of CE Components - III
Assignment of Authority and
Responsibility
Does the company prepare written employee
job descriptions defining specific duties and
reporting relationships?
Is written approval required for changes
made to information systems?
Does the company clearly delineate
employees and managers the boundaries of
authority-responsibility relationships?
Does the company properly delegate
authority to employees and departments?
Highlights of CE Components - IV
Human Resource Policies and Practices
Are new personnel indoctrinated with respect to
Internal Controls, Ethics Policies, and Corporate Code
of Conduct?
Is the company in compliance with the ADA? The
EEOA?
Are Grievance Procedures to manage conflict in force?
Does the company maintain a sound Employee
Relations program?
Do employees work in a safe, healthy environment?
Are Counseling Programs available to employees?
Are proper Separation Programs in force for employees
who leave the firm?
Are critical employees Bonded?
Key Functions Performed
by Audit Committees
Establish an Internal Audit Department
Review the Scope and Status of Audits
Review Audit Findings with the Board and
ensure that Management has taken
proper action recommended in the Audit
Report and Letter of Reportable
Conditions
Maintain a direct Line of Communication
among the Board, Management, External
and Internal Auditors, and periodically
arrange Meetings among the parties
Figure 7-3
Key Functions Performed
by Audit Committees
Review the Audited Financial Statements
with the Internal Auditors and the Board
of Directors
Require periodic Quality Reviews of the
operations of the Internal Audit
Departments to identify areas needing
improvement
Supervise special investigations, such as
Fraud Investigations
Assess the performance of Financial
Management
Require the Review of Compliance with
Laws and Regulations and with Corporate
Codes of Conduct Figure 7-3
Risk Assessment
Top management must be directly

involved in Business Risk Assessment.
This involves the Identification and
Analysis of Relevant Risks that may
prevent the attainment of Company-wide
Objectives and Objectives of
Organizational Units and the formation of
a plan to determine how to manage the
risks.
Control Activities - I
Control Activities as related to Financial
Reporting may be classified according to
their intended uses in a system:
• Preventive Controls block adverse events, such
as errors or losses, from occurring
• Detective Controls discover the occurrence of
adverse events such as operational inefficiency
• Corrective controls are designed to remedy
problems discovered through detective controls
• Security Measures are intended to provide
adequate safeguards over access to and use of
assets and data records
Control Activities - II
Control Activities relating to Information

Processing may also be classified according
to where they will be applied within the
system
• General controls are those controls that pertain
to all activities involving a firm’s AIS and assets
• Application controls relate to specific
accounting tasks or transactions
The overall trend seems to be going from
specific application controls to more global
general controls
Control Activities - III
Performance Reviews
Comparing Budgets to Actual Values
Relating Different Sets of Data-Operating or
Financial-to one another, together with
Analyses of the relationships and
Investigative and Corrective Actions
Reviewing Functional Performance such as a
bank’s consumer loan manager’s review of
reports by branch, region, and loan type for
loan approvals and collections
Information & Communication
 All Transactions entered for processing are Valid and
Authorized
 All valid transactions are captured and entered for
processing on a Timely Basis and in Sufficient Detail to
permit the proper Classification of Transactions
 The input data of all entered transactions are Accurate
and Complete, with the transactions being expressed in
proper Monetary terms
 All entered transactions are processed properly to
update all affected records of Master Files and/or Other
Types of Data sets
 All required Outputs are prepared according to
Appropriate Rules to provide Accurate and Reliable
Information
 All transactions are recorded in the proper Accounting
Period
Risk
Business firms face risks that reduce the

chances of achieving their control objectives.
Risk exposures arise from internal sources,
such as employees, as well as external sources,
such as computer hackers.
Risk assessment consists of identifying
relevant risks, analyzing the extent of exposure
to those risks, and managing risks by proposing
effective control procedures.
Some Typical Sources of Risk - I
Clerical and Operational Employees, who
process transactional data and have
access to Assets
Computer Programmers, who have
knowledge relating to the Instructions
by which transactions are processed
Managers and Accountants, who have
access to Records and Financial Reports
and often have Authority to Approve
Transactions
Figure 7-4
Some Typical Sources of Risk - II
Former Employees, who may still understand
the Control Structure and may harbor grudges
against the firm
Customers and Suppliers, who generate many of
the transactions processed by the firm
Competitors, who may desire to acquire
confidential information of the firm
Outside Persons, such as Computer Hackers and
Criminals, who have various reasons to access
the firm’s data or its assets or to commit
destructive acts
Acts of Nature or Accidents, such as floods,
fires, and equipment breakdowns
Types of Risks
Unintentional errors
Deliberate Errors (Fraud)
Unintentional Losses of Assets
Thefts of assets
Breaches of Security
Acts of Violence and Natural Disasters
Factors that Increase Risk
Exposure
Frequency - the more frequent an

occurrence of a transaction the
greater the exposure to risk
Vulnerability - liquid and/or portable
assets contribute to risk exposure
Size of the potential loss - the higher the
monetary value of a loss, the greater the
risk exposure
Problem Conditions
Affecting Risk Exposures
Collusion (both internal and external), which is
the cooperation of two or more people for a
fraudulent purpose, is difficult to counteract even
with sound control procedures
Lack of Enforcement Management may not
prosecute wrongdoers because of the potential
embarrassment
Computer crime poses very high degrees
of risk, and fraudulent activities are difficult
to detect
Computer Crime
Computer crime (computer abuse) is the

use of a computer to deceive for personal
gain.
Due to the proliferation of networks and
personal computers, computer crime is
expected to significantly increase both in
frequency and amount of loss.
It is speculated that a relatively small
proportion of computer crime gets detected
and an even smaller proportion gets reported.
Examples of Computer
Crime
Theft of Computer Hardware & Software

Unauthorized Use of Computer Facilities
for Personal Use
Fraudulent Modification or Use of Data or
Programs
Reasons Why Computers
Cause Control Problems
Processing is Concentrated
Audit Trails may be Undermined
Human Judgment is bypassed
Data are stored in Device-Oriented rather than
Human-Oriented forms
Invisible Data
Stored data are Erasable
Data are stored in a Compressed form
Stored data are relatively accessible
Computer Equipment is Powerful but Complex
and Vulnerable
Feasibility of Controls
 Audit Considerations
 Cost-Benefit Considerations
 Determine Specific Computer Resources Subject to Control
 Determine all Potential Threats to the company’s Computer
System
 Assess the Relevant Risks to which the firm is exposed
 Measure the Extent of each Relevant Risk exposure in dollar
terms
 Multiply the Estimated Effect of each Relevant Risk Exposure by
the Estimated Frequency of Occurrence over a Reasonable
Period, such as a year
 Compute the Cost of Installing and Maintaining a Control that is
to Counter each Relevant Risk Exposure
 Compare the Benefits against the Costs of Each Control
Legislation
The Foreign Corrupt Practices Act of 1977
Of the Federal Legislation governing the use of
computers, The Computer Fraud and Abuse Act
of 1984 (amended in 1986) is perhaps the
most important
This act makes it a federal crime to intentionally
access a computer for such purposes as: (1)
obtaining top-secret military information, personal,
financial or credit information
(2) committing a fraud
(3) altering or destroying federal information
Methods for Thwarting
Computer Abuse
Enlist top-management support so that
awareness of computer abuse will filter down
through management ranks.
Implement and enforce control procedures.
Increase employee awareness in the seriousness
of computer abuse, the amount of costs, and
the disruption it creates.
Establish a code of conduct.
Be aware of the common characteristics of most
computer abusers.
Methods for Thwarting
Computer Abuse
Recognize the symptoms of computer abuse
such as:
behavioral or lifestyle changes in an employee
accounting irregularities such as forged, altered or
destroyed input documents or suspicious
accounting adjustments
absent or ignored control procedures
the presence of many odd or unusual anomalies
that go unchallenged
Encourage ethical behavior
Control Problems Caused by
Computerization: Data Collection
Manual System Computer-based System
Characteristics Characteristics Risk Exposures Compensating
Controls
Data recorded in Data sometimes Audit trail may be Printed copies of

paper source captured without partially lost source documents
documents use of source prepared by
documents computer systems
Data reviewed for Data often not Errors, accidental Edit checks
errors by clerks subject to review or deliberate, may performed by
by clerks be entered for computer system
processing
Figure 7-6
Computerization: Data Processing
Controls
Processing steps Processing steps Errors may cause Outputs reviewed by

performed by clerks performed by CPU incorrect results of users of computer
who possess judgment “blindly” in accordance processing system; carefully
with program developed computer
instructions processing programs
Processing steps Processing steps Unauthorized Restricted access to
among various clerks in concentrated within manipulation of data computer facilities;
separate departments computer CPU and theft of assets can clear procedure for
occur on larger scale authorizing changes to
programs
Processing requires use Processing does not Audit trail may be Printed journals and
of journals and ledgers require use of journals partially lost other analyses
Processing performed Processing performed Effects of errors may Editing of all data
relatively slowly very rapidly spread rapidly through during input and
files processing steps
Control Problems Caused by Computerization:
Data Storage & Retrieval

Controls
Data stored in file Data compressed Data may be Security measures

drawers on magnetic accessed by at points of access
throughout the media (e.g., unauthorized and over data
various tapes, disks) persons or stolen library
departments
Data stored on Data stored in Data are Data files printed
hard copies in invisible, temporarily periodically;
human- readable eraseable, unusable by backup of files;
form computer-readable humans, and protection against
form might possibly be sudden power
lost losses
Stored data Stored data often Data may be Security measures
accessible on a readily accessible accessed by at points of access
piece-meal basis from various unauthorized
at various locations via persons
locations terminals

Control Problems Caused by Computerization:
Information Generation

Controls
Outputs Outputs generated Inaccuracies may Reviews by users

generated quickly and neatly, be buried in of outputs,
laboriously and often in large impressive-looking including the
usually in small volumes outputs that users checking of
volumes accept on faith amounts
Outputs usually in Outputs provided Information stored Backup of files;
hard-copy form in various forms, on magnetic periodic printing of
including soft-copy media is subject to stored files onto
displays and voice modification (only hard-copy records
responses hard copy
provides
permanent record)
Computerization: Equipment
Controls
Relatively simple, Relatively Business Backup of data

inexpensive, and complex, operations may be and power supply
mobile expensive, and in intentionally or and equipment;
fixed locations unintentionally preventive
interrupted; data maintenance of
or hardware may equipment;
be destroyed; restrictions on
operations may be access to
delayed through computer
inefficiencies facilities;
documentation of
equipment usage
and processing
Figure 7-6 Continued procedures
herein.
and Wong-On-Wing
Chapter 8: General Controls

and Application Controls

Introduction to Controls
Controls may relate to manual AISs, to

computer-based AISs, or both
Controls may be grouped into General
controls, Application controls, and Security
measures
Controls may also be grouped in terms of risk
aversion: Corrective, Preventive, and
Detective Controls
These categories are intertwined and an
appropriate balance is needed for an effective
internal control structure
Control Classifications
By Setting By Risk Aversion
General Corrective
Preventive
Application
Input
Processing
Output
} Detective
Figure 8-1
General Controls
General Controls pertain to all activities
involving a firm’s AIS and resources
(assets). They can be grouped as follows:
Organizational or Personnel Controls
Documentation Controls
Asset Accountability Controls
Management Practice Controls
Information Center Operations Controls
Authorization Controls
Access Controls
Organizational or
Personnel Controls - I
Organizational independence, which separates

incompatible functions, is a central control objective
when designing a system
Diligence of independent reviewers, including
BOD, managers, and auditors (both internal and
external)
 In a manual system, authorization, record-
keeping, and custodial functions must be kept
separate. e.g., purchases, sales, cash handling, etc
Organizational or
Personnel Controls - II
In computer-based AISs the major segregation is
between the systems development tasks, which
create systems, and the data processing tasks,
which operate systems
Within data processing, one may find segregation
between separate control (receiving & logging),
data preparation (converting to machine
readable form), computer operations, and data
library - batch processing
Other personnel controls include the two-week
vacation rule
Flow of Batched Data in
Computer-Based Processing Data Library
Data Preparation Section
User Departments Control Section Computer
Section
Operations Files
Receive Convert
Data
to
and machine Process
Inputs
readable
Log media
Files
Log
Outputs Outputs
and
Distribute
Errors To users
to be (exception
corrected and summary
report)
Figure 8-4
Segregation of Functions in a
Direct/Immediate Processing System
Online Files (or data library
User Departments Computer Operations for removable disks and
backups
Data Inputs
Batch
Files
Displayed Outputs Process
Online
Printed or Files
Plotted Outputs
Figure 8-6
Documentation Controls
Documentation consists of procedures manuals

and other means of describing the AIS and its
operations, such as program flowcharts and
organizational charts
In large firms, a data librarian is responsible for
the control, storage, retention and distribution of
documentation
Storing a copy of documentation in a fireproof
vault, and having proper checkout procedures are
other examples of documentation controls.
Use of CASEs
System Standards
Documentation
Systems development policy statements

Program testing policy statements
Computer operations policy statements
Security and disaster policy statements
System Application
Documentation
 Computer system flowcharts
 DFDs
 Narratives
 Input/output descriptions, including filled-in source
documents
 Formats of journals, ledgers, reports, and other outputs
 Details concerning audit trails
 Charts of accounts
 File descriptions, including record layouts and data
dictionaries
 Error messages and formats
 Error correction procedures
 Control procedures
Program Documentation
Program flowcharts, decision tables, data

structure diagrams
Source program listings
Inputs, formats, and sample filled-in forms
Printouts of reports, listings, and other outputs
Operating instructions
Test data and testing procedures
Program change procedures
Error listings
Data Documentation
Descriptions of data elements

Relationships of specific data
elements to other data elements
Operating Documentation
Performance instructions for executing computer

programs
Required input/output files for specific programs
Setup procedures for certain programs
List of programmed halts, including related
messages, and required operator actions for specific
programs
Recovery and restart procedures for specific
programs
Estimated run times of specific programs
Distribution of reports generated by specific
programs
User Documentation
Procedures for entering data on source

documents
Checks of input data for accuracy and
completeness
Formats and uses of reports
Possible error messages and correction
procedures
Examples of Asset
Accountability Controls
Subsidiary ledgers provide a cross-check on the
accuracy of a control account
Reconciliations compare values that have been
computed independently
Acknowledgment procedures transfer
accountability of goods to a certain person
Logs and Registers help account for the status
and use of assets
Reviews & Reassessments are used to re-
evaluate measured asset values
Management Practice
Controls
Since management is responsible and thus “over”
the internal control structure, they pose risks to a
firm
General controls include:
Human resource Policies and Practices
Commitment to Competence
Planning Practices
Audit Practices
Management & Operational Controls
In a computerized AIS, management should
instigate a policy for:
Controls over Changes to Systems
New System Development Procedures
Examples of Computer
Facility/Information Center Controls
Proper Supervision over computer operators

Preventive Diagnostic Programs to monitor hardware
and software functions
 A Disaster Recovery Plan in the event of a man-made
or natural catastrophe
 Hardware controls such as Duplicate
Circuitry, Fault Tolerance and Scheduled
Preventive Maintenance
 Software checks such as a Label Check
and a Read-Write Check
Application Controls
Application controls pertain directly to the

transaction processing systems
The objectives of application controls are to
ensure that all transactions are legitimately
authorized and accurately recorded,
classified, processed, and reported
Application controls are subdivided into input,
processing and output controls
Authorization Controls - I
Authorizations enforce management’s policies

with respect to transactions flowing into the
general ledger system
They have the objectives of assuring that:
Transactions are valid and proper
Outputs are not incorrect due to invalid
inputs
Assets are better protected
Authorizations may be classified as general or
specific
Authorization Controls - II
 A General authorization establishes the standard

conditions for transaction approval and execution
 A Specific authorization establishes specific criteria for
particular sums, events, occurrences, etc
 In manual and computerized batch processing systems,
authorization is manifest through signatures, initials,
stamps, and transaction documents
 In on-line computerized systems, authorization is usually
verified by the system. e.g., validation of inventory
pricing by code numbers in a general ledger package
Input Controls
Input Controls attempt to ensure the validity,

accuracy, and completeness of the data
entered into an AIS.
Input controls may be subdivided into:
Data Observation and Recording
Data Transcription (Batching and
Converting)
Edit tests of Transaction Data
Transmission of Transaction Data
Controls for Data
Observation and Recording
 The use of pre-numbered documents

 Keeping blank forms under lock and key
 Online computer systems offer the following features:
Menu screens
Preformatted screens
Using scanners that read bar codes or other
preprinted documents to reduce input errors
Using feedback mechanisms such as a
confirmation slip to approve a transaction
Using echo routines
Data Transcription - I
 Data Transcription refers to the preparation of data for

computerized processing and includes:
 Carefully structured source documents and input screens
 Batch control totals that help prevent the loss of transactions
and the erroneous posting of transaction data
The use of Batch control logs in the batch control section
Amount control total totals the values in an amount or
quantity field
Hash total totals the values in an identification field
Record count totals the number of source documents
(transactions) in a batch
Data Transcription - II
(Conversion of Transaction Data)
Key Verification which consists of re-

keying data and comparing the results
of the two-keying operations
Visual Verification which consists of
comparing data from original source
documents against converted data.
Examples of Batch Control
Totals
 Financial Control Total - totals up dollar amounts (e.g.,

total of sales invoices)
 Non-financial Control Total - computes non-dollar sums
(e.g., number of hours worked by employees)
 Record Count - totals the number of source documents
once when batching transactions and then again when
performing the data processing
 Hash Total - a sum that is meaningless except for
internal control purposes (e.g., sum of customer
account numbers)
Definition and Purpose of
Edit Tests
Edit Tests (programmed checks) are most

often validation routines built into application
software
The purpose of edit tests is to examine
selected fields of input data and to reject
those transactions whose data fields do not
meet the pre-established standards of data
quality
Examples of Edit Tests
(Programmed Checks)
 Validity Check (e.g., M = male, F = female)
 Limit Check (e.g., hours worked do not exceed 40 hours)
 Reasonableness Check (e.g., increase in salary is reasonable
compared to base salary)
 Field Check (e.g., numbers do not appear in fields reserved for
words)
 Sequence Check (e.g., successive input data are in some prescribed
order)
 Range Check (e.g., particular fields fall within specified ranges - pay
rates for hourly employees in a firm should fall between $8 and
$20)
 Relationship Check (logically related data elements are compatible -
employee rated as “hourly” gets paid at a rate within the range of
$8 and $20)
Transmission of
Transaction Data
When data must be transmitted from the point of origin
to the processing center and data communications
facilities are used, the following checks should also be
considered:
Echo Check - transmitting data back to the
originating terminal for comparison with the
transmitted data
Redundancy Data Check - transmitting
additional data to aid in the verification
process
Completeness Check - verifying that all required
data have been entered and transmitted.
Objectives of Processing
Controls
Processing Controls help assure that data are

processed accurately and completely, that no
unauthorized transactions are included, that the
proper files and programs are included, and that all
transactions can be easily traced
Categories of processing controls include
Manual Cross-checks, Processing
Logic Checks, Run-to-Run Controls,
File and Program Checks, and Audit
Trail Linkages
Examples of Processing
Controls
Manual Cross-Checks - include checking the work
of another employee, reconciliations and
acknowledgments
Processing Logic Checks - many of the
programmed edit checks, such as sequence
checks and reasonableness checks (e.g., payroll
records) used in the input stage, may also be
employed during processing
Examples of Processing
Controls
 Run-to-Run Totals - batched data should be controlled
during processing runs so that no records are omitted or
incorrectly inserted into a transaction file
 File and Program Changes - to ensure that transactions
are posted to the proper account, master files should be
checked for correctness, and programs should be
validated
 Audit Trail Linkages - a clear audit trail is needed to
enable individual transactions to be traced, to provide
support in general ledger balances, to prepare financial
reports and to correct transaction errors or lost data
Output Controls
Outputs should be complete and reliable

and should be distributed to the proper
recipients
Two major types of output controls are:
validating processing results
regulating the distribution and
use of printed output
Validating/Reviewing
Processing Results
Activity (or proof account) listings

document processing activity and reflect
changes made to master files
Because of the high volume of
transactions, large companies may elect
to review exception reports that
highlight material changes in master
files
Regulating/Controlling
Distribution of Printed Output
Reports should only be distributed

to appropriate users by reference
to an authorized distribution list
Sensitive reports should be
shredded after use instead of
discarding
Application Controls Arranged
by Two Classification Plans
Control
Purpose
Preventive Detective Corrective
Control
Stage Properly authorized Batch control totals Sound error correction
transactions procedures
Adequate input edit tests
Well-designed and (programmed checks) Complete audit trail
controlled source
Input documents
Sound conversion control

techniques
Sound file maintenance Run-to-run verifications Complete audit trail
procedures
Processing Adequate detective-type
Adequate preventive- programmed checks
type programmed checks
Distribution log of Reconciliation of Reviews of logs and
authorized users computed totals with procedures by internal
predetermined control auditors
totals
Output Review of error-
Reviews of outputs and correction statistics
tests to source
documents by users
herein.
and Wong-On-Wing
Chapter 9: Security for

Transaction/Information
Processing Support Systems

Security for Transaction
Processing Systems
Every firm must define, identify, and isolate
frequently occurring hazards that threaten its
hardware, software, data, and human resources
Security measures provide day-to-day protection of
computer facilities and other physical facilities,
maintain the integrity and privacy of data files, and
avoid serious damage or losses
Security measures include those that protect
physical non-computer resources, computer
hardware facilities, and data/information
Key Issues for Security
Protection from unauthorized access

Protection from disasters
Protection from breakdowns and interruptions
Protection from undetected access
Protection from loss or improper alteration
Recovery and reconstruction of lost data
Establish a system to monitor the above
Resources in Need of
Security Measures
Transmission
Line
Terminal
Central
Computer On-line Data
Facilities Storage
Figure 9-1
Terminal
------ = Places Needing Security
Physical Data in File

Inventory Cabinets
Assets Cash
Security for Physical Non-
Computer Resources - I
Access controls, which restrict entry by
unauthorized persons, generally to circumvent theft
or vandalism, include security guards, fenced-in
areas, reception areas, grounds lighting, burglar
and fire exit alarms, motion detector alarms, locked
doors, closed-circuit TV monitors, safes, locked cash
registers, locked file cabinets, lock boxes, non-
removable property labels, close supervision of
employees, etc
Security for Physical Non-
Computer Resources - II
Sprinkler systems and fireproof vaults can protect
against natural disasters
Preventive maintenance can protect against
breakdowns and business interruptions
Maintaining a corporate-wide security program and
developing a written security policy, appointing a
security administrator, and making security a part of
the internal audit function can accomplish control
objectives in an efficient and effective manner
Security for Computer
Hardware Facilities - I
 Physical access should be restricted by the use of
security guards, receptionists, electronic ID cards,
surveillance cameras, motion detectors, locked
doors, alarms, log-in, log-out, and escorts of all
visitors
 To protect against natural disasters, the computer
facilities should be environmentally controlled, fire-
proofed (non-Halon-based fire extinguishers), and
should include an uninterruptible power supply
 Other precautions include constructing water-proof
floors, walls, and ceilings, water drainage facilities,
under-floor water detectors, water pumps, and
terrain considerations
Security for Computer
Hardware Facilities - II
 To protect against human violence such as
vandalism, rioting, sabotage, etc., computers should
be placed in inconspicuous locations, equipped with
antimagnetic tape storage, and guarded with strict
employee conduct policies
 A Disaster Contingency and Recovery Plan:
identifies all potential threats to the computer
system
specifies the needed preventive security measures
outlines the steps to be taken if each type of
disaster actually strikes
Security over Data and
Information
 Data/Information resource includes (1) data stored in on-
line or off-line files and databases, (2) application
programs, and (3) information, both in hard-copy reports
or in computer format
 Security measures provide protection against
 (1) unauthorized accesses to data and information
 (2) undetected accesses of data and information
 (3) losses or improper alterations of data and information
 The measures providing these protections are generally
preventive and detective in nature
Protection from Unauthorized
Access to Data and Information - I
 Unauthorized access issues encompass questions of all

access, and perhaps more importantly, questions
regarding the degree of access for persons with some
level of existing or allowable access
 Data and information that are confidential or critical to a
firm’s operations should be physically isolated to
discourage unauthorized access. Isolation includes:
 secured off-line and online program documentation
 secured storage of hard copies
 separate user partitions of direct-access storage media
 database data dictionary always under the control of the DBA
 live program isolation in memory through multiprogramming
 test program isolation from live programs and databases
Access to Data and Information - II
All attempts to access the computer system and

all authorized access should be monitored so
that unwarranted activity can be investigated
and halted
The principle of Least Privilege Access through
Access Control Logs, Console Logs and Access
Control Software (Passwords) facilitate the
monitoring process
Passwords are often tiered and coupled with
other identifiers for access to critical
applications
These other identifiers include the hand-shaking
method, and the math method
Three-Level Password
Security
User Codes
File Access
Data Item Access
Data Base
Figure 9-4
Access to Data and Information - III
 Automatic log-outs and lockups

 Callback procedures
 Keyboard & Floppy-disk drive locks
 Employing automatic boot and start-up procedures
 Usage limitations through device authorization tables
 Use of encryption
 Private key (including PGP)
 Public key (RSA Public key encryption scheme)
Protection from Undetected
Access to Data and Information
Access logs
Console logs
Access control software
Access Control Facility 2
Resource Access Control Facility
System and Program change
logs monitor changes to programs,
files, and controls
Protection from Loss or Improper
Alteration of Data and Information
A Library Log will track the movement of files,
programs and documentation, while a
Transaction Log records individual
transactions as they are entered into on-line
systems
Tape File Protection Rings for magnetic tape,
Write-Protect Rings for diskettes, and File
Labels (both internal and external) for tape
(including internal header labels and internal
trailer labels) or disk can prevent the loss or
alteration of data and information.
ROM-based program instructions
Enforced serialized processing
Recovery and Reconstruction of
Lost Data - I
All companies should backup their vital

documents, files and programs and establish a
recovery procedure to recreate lost data or
programs
These include:
The GPC (the process formerly known as GFS)
method for large tape-based systems
A periodic dump procedure for disk-based systems
(disk-based systems engage in destructive updates,
and hence do not lend themselves to the GPC
process)
Activity logs showing data element values before and
after changes
Recovery and Reconstruction of
Lost Data - II
Reconstruction involves
The Roll-Forward procedure (inclusive of the
last dump and images from the activity log
and transaction log)
The Roll-Back procedure
Use of Checkpoints
Building-in Fault Tolerance through methods
such as Disk Mirroring and Disk Duplexing
Disaster Contingency and
Recovery Planning - I
A DCRP is comprised of:
The Emergency Plan
Prepare organization chart
Determine disasters that trigger the entire DCRP
or just parts of it. Conduct a risk analysis
Determine responsibilities for contacting police,
fire, and other agencies
Determine personnel to remain at headquarters to
perform vital duties
Prepare maps of primary and secondary
evacuation routes and post these throughout the
organization
Develop a method for communicating the “all
clear” signal
Recovery Planning - II
 The Backup Plan
Store duplicates of vital software, data, and records in off-
premise (and if possible geographically distant) locations
Identify key critical and non-critical full-time and part-time
employees and temporary hires
Cross-train employees
Select the most appropriate type of backup system
• manual backup system
• reciprocal arrangements with other firms
• third-party agreements with data-processing service bureaus
• cold sites
• hot sites
• co-operative hot sites
• flying hot sites
Recovery Planning - III
 The Recovery Plan
Appoint a recovery manager and second-in-command
Select and off-site facility to store backups and periodically inspect
the facility
Maintain liaison with insurance firms to facilitate early assessment
of damage
Maintain communication with customers and vendors
Establish a time-table for recovery
Establish a strategy to ensure the strict control of applications
processed at the backup site
The Test Plan

The Maintenance Plan
Recovery Planning - IV
 Strengthening the DCRP process requires
attention to the following issues:
 Broaden recovery plan beyond just computer operations to
ensure business continuity
 Involve the internal audit function in all phases of contingency
planning
 Factor-in the human element
 Contingency plan should address customer and vendor relations
 Managers and employees should be made aware of their
responsibilities in the event that a disaster strikes
 Contingency plan should incorporate telecommunications
backup
herein.
and Wong-On-Wing
Chapter 10: Auditing of

Information Systems

Nature of Audits
Audits are examinations performed to

assess and evaluate an activity or object,
such as whether the internal controls
implemented into the AIS are working as
prescribed by management
Types of Audits
Operational Audits
Compliance Audits
Project Management and Change Control
Audits
Internal Control Audits
Financial Audits
Fraud Audits
Figure 10-1
Types of Auditors
Internal Auditors
External Auditors
Government Auditors
Fraud Auditors
Basic Auditing
Considerations
Ethics and Auditing Standards
Need for Ethics
Content of Standards
Effect of Automation on Standards
Impact of Computerization on Audit
Procedures
Transaction Cycle Approach to Auditing
The Auditing Process
The 5 phases of a financial audit are:

Planning the Audit
Analytical Procedures
Preliminary Review & Assessment of the
Internal Control Structure
Completion of the Review
Detailed Evaluation and Testing of Controls
Analytical and Substantive Review
Audit Reporting
Preliminary Assessment of
the Internal Control Structure
Review, Document, and Assess the ICS
Assess and Set the level of Control Risk
Control Risk is the risk that material misstatements in
assertions, leading to significant errors in the financial
statements, will fail to be prevented or detected by the
internal control structure
The level of Control Risk may be expressed numerically or
subjectively
An Assertion is an expressed account balance, transaction
classification, or disclosure in the financial statements
being examined
Cost Effectiveness of Testing Controls
Testing of Controls
Perform Tests of Controls
Evaluate the Findings of the Tests of Controls
Final Assessment of Control Risk for each
transaction cycle
Determine level of Planned Detection Risk
The Planned Detection Risk is the risk that a
material misstatement in the financial statements
or in individual account balances will fail to be
uncovered by substantive testing procedures
Determine the nature, timing, and extent of
substantive testing procedures
Develop Final Audit Program
Substantive Testing
Choose and Perform Substantive Tests

Perform Final Analytical Procedures
Test Account Balances
Test Details of Transaction Classes
Evaluate Substantive Tests
Document the
Conclusions
Writing the Audit Report
Unqualified Opinion: Financial Statements present
fairly, in all material respects, the financial status,
results of operations, and cash flow of the firm being
audited
Qualified Opinion: Issued when a significant
condition, such as a departure from GAAP, prevents
the issuance of an unqualified opinion
Adverse Opinion: Given when the auditor concludes
that the overall financial statements are so materially
misleading that they cannot be relied upon
A Disclaimer of Opinion: The Auditor refuses to
express an opinion on the overall financial statements
due to major restrictions placed on the scope of the
audit or the failure to collect sufficient evidence
Letter of Reportable Conditions
Auditing Around the
Computer - I
Computer is a “black-box.”
Assumption: If the auditor can show that the
actual outputs are the correct results to be
expected from a set of inputs to the processing
system, then the computer processing must be
functioning in a reliable manner
Involves tracing selected transactions from
source documents to summary accounts and
records, and vice-versa
A “Non-Processing of Data” Method
Auditing Around the
Computer - II
Suitable only under the following 3 conditions:

The audit trail is complete and visible
The processing operations are relatively
straightforward, uncomplicated, and low volume
Complete documentation, such as DFDs and Systems
Flowcharts, are available to the auditor
Best suited for independent periodic processing
applications:
cash disbursements
payroll processing
Auditing Around the
Computer - III
Limitations is that it does not allow the

auditor to determine exactly how the
computer processing programs handle
edit checks and programmed checks
Auditing Around the
Computer: An Illustration
Exception Report
Master File
Regular Processing
Normal Run Documents, Listings,
Processing Registers, Reports
Regular
Transactions
Auditor
Comparison
Selected
Transactions Predetermined
Audit Test Results
Figure 10-4a
Auditing Through the
Computer
Should be applied to all complex automated
processing systems
Periodic direct and real-time processing applications where
the audit trail is impaired
Methods include:
Test Data
Integrated Test Facility
Embedded Audit Module Techniques
Program Code Checking
Parallel Processing
Parallel Simulation
Controlled Processing
All auditing-through-the-computer techniques
provide evidence concerning the level of control
risk.
Auditing Through the
Computer: An Illustration
Exception
Report
Master File Regular Documents,
Processing Run Listings, Registers,
Normal Processing
Regular Reports
Transactions
Exception
Report
Master File
Regular Audit
Processing Run Summary Results
from Tests Comparison
Audit Test
Transactions
Predetermined
Audit Test
Results
Figure 10-4 b
Auditing with the
Computer - I
Microcomputer Audit Assist Software

The Generalized Audit Software (GAS)
Package
The Template
Prepare trial balances
Maintain recurring journal entries
Evaluate sample results
Schedule and manage auditor time in field audits
Perform reasonableness tests of expenses
Estimate expenses
Auditing with the
Computer - II
Audit Software: A collection of program

routines, each serving a mechanistic audit
function
GAS (e.g., ACL)
Attribute Sampling
Histogram Generation
Record Aging
File Comparison
Duplicate Checking
File Printing
Typical Audit Functions
Available in a GAS package
Extracting Data from Files

Calculating with Data
Summarizing Data
Analyzing Data
Reorganizing Data
Selecting Sample Data for Testing
Gathering Statistical Data
Printing Confirmation Requests, Analyses,
and other outputs
Applications of a GAS
Package
Master File Computer runs involving such audit Requests for
functions as confirmation listings,
Extracting data from files Sample data items,
Calculating with data Reports, Analyses,
Performing comparisons with data Control Totals
Summarizing data
Master File
Analyzing data
Reorganizing data
Selecting sample data for testing
Gathering statistical data
Transaction Printing confirmation requests, analyses,
and other outputs
File
Exception
Report
Control and
Specification GAS
File Package
Figure 10-5
Advantages of GAS
Packages
Allow auditors to access computer-readable records
for a wide variety of applications and organizations
Enable auditors to examine much more data than
could be examined through manual means
Rapidly and accurately perform a variety of routine
audit functions, including the statistical selection of
samples
Reduce dependence on non-auditing personnel for
performing routine functions like summarizing data,
thereby enabling auditors to maintain better control
over the audit
Require only minimal computer knowledge on the
part of the auditor
Disadvantages of GAS
Packages
They do not directly examine the
applications program and programmed
checks.
They cannot replace audit-
through-the-computer
techniques
Situations Triggering DP
Operational Audits
An apparently excessive cost for computer services
A major shift in corporate plans
A proposal for a major hardware or software upgrade
or acquisition
An inability to attract and retain computer DP
executives
A new DP executive’s need for an intensive
assessment
An inordinate amount of personnel turnover within
the DP department
A proposal to consolidate or distribute DP resources
A major system that appears unresponsive to needs
or is difficult to enhance or maintain
An excessive or increasing number of user complaints
herein.
and Wong-On-Wing
Chapter 11: The General

Ledger and Financial
Reporting Cycle

System Architectures
A firm’s transaction processing systems

may either be manual or computerized
Manual Transaction
Processing Systems
From Prior Processing Steps
Miscellaneous Paychecks Suppliers’

Sales Cash Remittance Source Checks
Invoices Advices Documents Invoices
Sales Cash
Cash Receipts Journal Payroll Purchases Disbursements
Journal Journal Vouchers Journal Journal Journal
Accounts Receivable General Accounts Payable Trial

Subsidiary Ledger Ledger Subsidiary Ledger Balance
Managerial
Reports
Balance Income Cash-flow
Figure 11-1 Sheet Statement Statement
Computerized Transaction
Processing System
T1 T2 T3 T4 T5 T6 T7
D1
D1 D2 D3 D4 D5 D6
M1
A1
P1 D9
D8 P2
D2 D3
D7
Display
T8 T9
Figure 11-2 (see text book for details)
Benefits & Differences of a Computer-
Based General Ledger System - I
Transaction Data may be captured by electronic

devices and stored on magnetic media, rather
than on hard-copy documents
Transaction Data can be verified by programmed
edit checks, in order to detect and prevent
errors, rather than by human clerks
Added data may easily be captured, in order to
identify transactions with individual employees
or organizational units
Transactions can be quickly posted directly to
ledgers, rather than being laboriously entered
into journals and then posted
Figure 11-3
Based General Ledger System - II
Transaction Processing, including summarizing
of journals and ledgers and computing trial
balance totals, can be done faster with fewer
errors
Financial Statements and other financial
summaries can be prepared at any time during
the accounting period, rather than being
delayed until the end of the period;
furthermore, the ledgers can be kept in balance
at all times
Detailed listings of journals and ledgers,
reflecting all individual transactions rather than
summaries, can be printed for thorough review
Figure 11-3
Continued
Based General Ledger System - III
Required Stewardship Reports can be prepared

quickly and easily from stored transaction data,
using stored computer programs
A wide variety of managerial reports and
analyses can also be prepared from data stored
in related files and tables, thereby providing
managers and employees with useful
information; in manual systems all reports must
be laboriously prepared by clerks
Figure 11-3
Continued
The Central Role of the General
Ledger & Financial Reporting Cycle
The main inputs to the general ledger and

financial reporting cycle are the outputs of
all the other cycles.
The general ledger provides the
chart of accounts structure, which
combines the financial and
managerial sides of accounting.
Objectives of the General
Ledger System
To record all accounting transactions promptly

and accurately
To post these transactions to the proper
accounts
To maintain an equality of debit and credit
balances among the accounts
To accommodate needed adjusting journal
entries
To generate reliable and timely financial reports
pertaining to each accounting period
Brief Chart of Accounts
Account Code Account Code
100-199 Current Assets
200-299 Non-current Assets
300-399 Liabilities
400-499 Owners’ Equity
500-599 Revenues
600-699 Cost of Sales
700-899 Operating Expenses
900-999 Non-operating
Expenses Figure 11-5
Expense Accounts
 850 Administrative Expense Control
 852 Officers’ Salaries
 855 Office Salaries
 859 Overtime Premium
 861 Unemployment Insurance Expense
 863 FICA Expense
 870 Office Supplies
 871 Office Repairs
 872 Telephone & Telegraph
 873 Postage
 881 Dues & Subscriptions
 883 Donations
 884 Travel
 888 Depreciation
 891 Insurance
 892 Taxes
 899 Miscellaneous Administrative Expense
Figure 11-6
Potential Sources of Data
Input
Routine external transactions

Routine internal transactions
Non-routine transactions
Adjusting entries
Accruals
Deferrals
Re-evaluations
Corrections
Reversing entries
Closing entries
Forms of Data Input
Journal Vouchers
A non-routine, adjusting, reversing, or
correcting transaction
A summarization of a batch of
routine transactions
Computer-oriented inputs
The Batch-entry journal voucher
A pre-formatted data-entry screen
Individual non-routine journal entries
Data Processing
Daily Processing
High volume transactions
sales
cash receipts
purchases
cash disbursements
payroll
End of Period Processing
Standard entries
Nonrecurring adjusting entries
Information Output
General Ledger Analysis

General journal listing
General ledger change report
Financial Statements
Balance sheet
Income statement
Statement of cash flows
Managerial Reports
Account-oriented analyses
Responsibility-oriented reports
System Flowchart Showing Period-End
Preparation of Outputs Relating to the
General Ledger
Current
Journal Financial
Budget Entries & Journal Reports
Master Adjusting Voucher Format File
File Journal File
Entries
General General
Ledger Ledger
Prepare History File
Master various Journal
File listings and
Responsibility financial Voucher
Center statements & History
managerial File
Master File reports
General ledger
Statement of Budgetary Control
Journal entry change report Comparative
cash flows Reports
Journal entry balance sheets
General ledger
proof listing trial balance Comparative Income
analyses of statements
general ledger Responsibility
Figure 11-11 accounts Center Reports
Responsibility Reporting
President
VP VP VP VP VP
Finance & Engineering Production Marketing Industrial
Accounting Relations
Purchasing Production Production Receiving Quality

Planning Superintendent Shipping and Control and
and Stores Maintnance
Control
Production Production Supervisor Finishing Assembly

Unit 1 Unit 2 Production
Unit 3
Figure 11-15
File-Oriented Approach to
Data Management
General Ledger Master File

Current Journal Voucher File
General Ledger History File
Responsibility Center Master File
Budget Master File
Financial Reports Format File
Record Layout of a
General Ledger Master File
Account Account Account Account Total Total Total Total Current Debits
Number Description Classification Balance Debits Credits Debits Credits Account or
beginning year-to year-to current current Balance Credit
of year - year -year month month
Figure 11-17
Linked Tables within a General
Ledger Relational Data Base
Account Responsibility Budgeted Total Debits Total Credits
Number Code amount for month Month-to-date Month-to-date
Account Account Account Dr or Cr

Number Description Classification
Account Journal Amount of Dr or Cr

Number Voucher Number line item
Journal Date of Preparer’s Reference Description of Amount of

Voucher Transaction initials Number Transactions Transaction
Number
Figure 11-18
The General Ledger’s Risk
Exposures
 1) Incorrect journal entries
 2) Incorrect posting of journal entries
 3) Transactions not recorded or not posted
 4) Inadequate authorization for journal entries
 5) Control accounts out-of-balance with subsidiary
ledgers
 6) Imbalances between debit and credit balance
accounts
 7) Defects or breaks in the audit trail
 8) Interception of data transmitted via the web
 9) Unauthorized access to and viewing of confidential
data via the Web
 10) Unauthorized alterations to the company’s financial
data via the Web
 11) Breakdown of the Web server
General Controls Pertaining to
the General Ledger
Organizational Controls
Data Center Operations Controls
Access Controls
Passwords
Special terminals
Access logs
Transaction logs
Frequent backups
Application Controls Pertaining
to the General Ledger: Input
Pre-numbered and well-designed journal

vouchers
Validating data on journal vouchers
Correcting detected errors before the data
are posted to the general ledger
Compiling standardized adjusted
journal entries
Pre-computing batch control totals
Programmed Checks for Editing
& Validating Journal Entry Data
Validity check
Field check
Limit check
Zero-balance check
Completeness check
Echo check
Programmed Checks for Editing
& Validating Journal Entry Data
Internal label check

Sequence check
redundancy matching check
Relationship check
Posting check
Batch control/total checks
Application Controls Pertaining to
the General Ledger: Processing
Posting journal entries to the general ledger

accounts with a variety of program checks
performed before and after posting
Summing the amounts posted to the
general ledger accounts and then
comparing the posted totals to the
pre-computed batch control totals
Establishing and maintaining an
adequate audit trail
Application Controls Pertaining to
the General Ledger: Output
 Preparing frequent trial balances, with any differences
between total debits and credits being investigated
 Maintaining a log or file of journal vouchers by number
and periodically checking to make certain that the
sequence of numbers is complete
 Printing period-end listings and change reports for
review by accountants before the financial statements
are prepared
 Reviewing financial reports and other outputs for
correctness and reasonableness
 Auditing general ledger procedures
Web-Security Procedures
Authentication
Authorization
Accountability
Data Transmission
Disaster Contingency & Recovery
Plan
herein.
and Wong-On-Wing
Chapter 12: The Revenue

Cycle

Introduction
Revenue Cycles tend to be similar for all

types of firms.
Two subsystems perform the processing
steps within the revenue cycle:
The Sales Processing System
The Cash Receipts Processing System
Objectives of the Revenue
Cycle
 To record sales orders promptly and accurately
 To verify that the customers are worthy of credit
 To ship the products or perform the services by agreed
dates
 To bill for products or services in a timely and an
accurate manner
 To record and classify cash receipts promptly and
accurately
 To post sales and cash receipts to proper customers’
accounts in the accounts receivable ledger
 To safeguard products until shipped
 To safeguard cash until deposited
Marketing/Distribution
Marketing Management has the

objectives of
Determining and satisfying the
needs of customers
Generating sufficient revenue to cover costs
and expenses
Replacing assets
Providing an adequate return on investment
Finance/Accounting
With respect to the Revenue

Cycle, the objectives are
limited to
Cash Planning and Control
Data pertaining to sales and customer
accounts
Inventory control
Information pertaining to cash, sales, and
customers
Input Documents Pertaining to
the Revenue Cycle
Customer Order Remittance Advice
Sales Order Deposit Slip
Back Order
Order
Acknowledgement Credit Memo
Credit Application
Picking List
Salesperson Call
Packing Slip Report
Bill of Lading Delinquent Notice
Shipping Notice Write-off Notice
Sales Invoice Cash Register
Receipts
Figure 12-2
DFD of a Sales & Receivables
Processing System
Order Data Inventory Data
Customer 1.0
Receive & Inventory Data
Credit Enter Sales 2.0
Data Order
Ship
Customer Data Goods to
Shipping Data Customers 3.0
Bill
Customer
General Ledger Order Data
Customer Account Data
Receivables Data Sales Data

Figure 12-5. See 4.0
Textbook for details Pricing Data
Prepare Customer Data
Accounting
Analyses & Sales History
Accountants & Reports
Managers
Credit Sales Processing
System
Order Entry
Customer Order
Picking List
Shipping
Bill of Lading
Billing
Preparing Analyses & Reports
Invoice Register
Accounts Receivable Summary
Handling Sales Returns & Allowances
Credit Memos
Processing Back Orders
Cash Receipts Processing
System
Remittance Entry
Remittance List
Lockbox
Depositing Receipts
Deposit Slips
Cash Receipts Transaction Listing
Posting Receipts
Balance Forward Method
Open Invoice Method
Collecting Delinquent Accounts
Write-off Notice
Web-Based Systems
Electronic commerce
Larger customer base
Quicker processing of transactions
Less paperwork
Greater efficiency & productivity
Self-service
AICPA’s Web-Trust and competing services
Information Output
Operational Listings & Reports

Inquiry Display Screens
Scheduled Managerial Reports
Demand Managerial Reports
Operational Listings and
Reports
Monthly statement
Open orders report
Sales Invoice register
Shipping register
Cash receipts journal
Credit memo register
Scheduled Managerial
Reports
 Accounts receivable aging schedule
 Reports on critical factors
 Average dollar value per order
 Percentage of orders shipped on time
 Average number of days between the order
date and shipping date
 Sales analyses
 Salesperson
 Sales region
 Product lines
 Customers
 Markets
 Cash flow statements
Demand Managerial
Reports
Demand reports are ad hoc non-

scheduled reports
“What-if” scenarios
Types of Managerial Decisions
Pertaining to the Revenue Cycle
 Marketing decisions
 Which types of markets and customers are to be served?
 Which specific products are to be provided to customers,
including new products to be introduced?
 What prices are to be charged, and what discounts are to be
allowed?
 What after-sales services are to be offered?
 What channels of distribution are to be employed?
 What advertising media are to be employed, and in what mix?
 What organizational units are to be incorporated within
the marketing function?
 What marketing plans and budgets are to be established for the
coming year?
Figure 12-17
Types of Managerial Decisions
Pertaining to the Revenue Cycle
 Financial Decisions
 What criteria are to be employed in granting credit to potential
customers?
 What collection methods are to be employed in minimizing bad
debts?
 What accounts receivable records are to be maintained
concerning amounts owed by customers?
 What sources, other than receipts from sales, are to be
employed in obtaining needed funds for operations?
 What financial plans and cash budgets are to be established for
the coming year?

Typical Files Associated
with the Revenue Cycle
 Master Files
 Customer master file
 Accounts receivable master file
 Merchandise inventory master file
 Transaction & Open Document Files
 Sales order file
 Open sales order file
 Sales invoice transaction file
 Cash receipts transaction file
 Other Files
 Shipping & Price data reference file
 Credit reference file
 Salesperson file
 Sales history file
 Cash receipts history file
 Accounts receivable report file
Figure 12-18
A Layout of an Accounts
Receivable Record
Customer Customer Credit Balance Year-to- Year-to- Current

Account Name Limit Beginning date date Account
Balance of Year Sales Payments Balance
Figure 12-19
Relational Data Structure for the
Sales Aspect of the Revenue Cycle
Customer Customer Customer Phone Credit Trade Account Balance Year-to-date Year-to-date
Number Name Shipping Number Limit Discount Beginning of Year Sales Payments
Address Allowed
Sales Product Quantity Sales Order Expected Salesperson Customer

Order Number Ordered Order Date Delivery Code Number
Number Date
Product Description Warehouse Unit of Reorder Economic Unit Name of Quantity on Quantity on
Number Location Measure Point Reorder Cost Preferred Order Hand
Quantity Supplier
Sales Customer Sales Billing Shipping Terms Total

Invoice Number Order (Invoice) Document Sales
Number Number Number Amount
Sales Product Unit Quantity Shipped

Invoice Number Price and Sold
Number
Figure 12-21
Risk Exposures in the
Revenue Cycle - I
Risk Exposure
1) Credit sales made to customers 1) Losses from bad debts
who represent poor credit risks
2) Unrecorded or unbilled shipments 2) Losses of revenue; overstatement
of inventory and understatement of
accounts receivable in the balance
sheet
3) Errors in preparing sales invoices 3) Alienation of customers and
possible loss of future sales; losses of
revenue
Figure 12-22
Revenue Cycle - II
Risk Exposure
4) Misplacement of orders from 4) Losses of revenue and alienation of
customers or unfilled backorders customers
5) Incorrect posting of sales to 5) Incorrect balances in accounts
accounts receivable records receivable and general ledger account
records
6) Posting of revenues to wrong 6) Overstatement of revenue in one
accounting periods, such as premature year (year of premature booking) and
booking of revenues understatement of revenue in the next
Figure 12-22 (continued)

Revenue Cycle - III
Risk Exposure
7) Fictitious credit sales to nonexistent Overstatement of revenues and
customers accounts receivable
8) Excessive sales returns and 8) Losses in net revenue, with the
allowances with certain of the credit proceeds from subsequent payments
memos being for fictitious returns by affected customers being
fraudulently pocketed
9) Theft or misplacement of finished 9) Losses in revenue; overstatement
goods in the warehouse or on the of inventory on the balance sheet
shipping dock

Revenue Cycle - IV
Risk Exposure
10) Fraudulent write-offs of 10) Understatement of accounts
customers’ accounts by unauthorized receivable; losses of cash receipts
persons when subsequent collections on
written-off accounts are
misappropriated by perpetrators of the
fraud
11) Theft (skimming) of cash receipts, 11) Losses of cash receipts;
especially currency, by persons overstatement of accounts receivable
involved in the processing; often in the subsidiary ledger and the
accompanied by omitted postings to balance sheet
affected customers’ accounts
12) Lapping of payments from 12) Losses of cash receipts; incorrect
customers when amounts are posted account balances for those customers
to accounts receivable records whose records are involved in the
lapping
Revenue Cycle - V
Risk Exposure
13) Accessing of accounts receivable, 13) Loss of security over such records,
merchandise inventory, and other with possibly detrimental use made of
records by unauthorized persons the data accessed
14) Involvement of cash, merchandise 14) Losses of or damages to assets
inventory, and accounts receivable
records in natural or human-made
disasters
15) Planting of virus by disgruntled 15) Loss of customer accounts
employee to destroy data on magnetic receivable data needed to monitor
media collection of amounts from previous
sales

Revenue Cycle - VI
Risk Exposure
16) Interception of data transmittal 16) Loss of data which may be used to
between customers and the web site the detriment of customers
17) Unauthorized viewing and 17) Loss of security over customer
alteration of other customer account records resulting in misstatement of
data via the Web accounts receivable balances
18) Denial by a customer that an 18) Loss of sales revenues
online order was placed after the
transaction is processed

Revenue Cycle - VII
Risk Exposure
19) Use of stolen credit cards to place 19) Loss of shipped goods for which
orders via the Web payments will not be received
20) Breakdown of the web server due 20) Loss of sales revenues and
to unexpectedly high volume of alienation of customers
transactions

Typical Control Objectives
for the Revenue Cycle
 All customers accepted for credit sales are credit-worthy
 All ordered goods are shipped, and all services are
performed by dates that are agreeable to all parties
 All shipped goods are authorized and accurately billed
within the proper accounting period
 All sales returns and allowances are authorized and
accurately recorded and based on actual return of goods
 All cash receipts are recorded completely and accurately
 All credit sales and cash receipts transactions are posted
to proper customers’ accounts in the accounts receivable
ledger
 All accounting records, merchandise inventory,
and cash are safeguarded
General Controls of the
Revenue Cycle - I
Units with custodial functions should be kept
separate from each other
Custodial functions should furthermore be
segregated from record-keeping functions
For computerized systems, systems
development should be kept separate from
systems operations
Revenue Cycle - II
Data Center Operations Controls
Revenue Cycle - III
 Access Controls
 Assigned passwords that authorized clerks must enter to access
accounts receivable and other customer-related files, in order to
perform their strictly defined tasks
 Terminals that are restricted in the functions they allow to be
performed with respect to sales and cash receipts transactions
 Logging of all sales and cash receipt transactions upon their
entry into the system
 Frequent dumping of accounts receivable and merchandise
inventory master files onto magnetic tape backups
 Physically protected warehouses and safes
 A lockbox collection system in situations where feasible
Application Controls of the
Revenue Cycle: Input - I
1) Prepare pre-numbered and well-
designed documents relating to sales,
shipping, and cash receipts, with each
prepared document being approved by an
authorized person
2) Validate data on sales orders and
remittance advices as the data are
prepared and entered for processing. In
computer-based systems, validation
should be performed by means of
programmed edit checks. When data are
keyed into computer-readable medium,
key verification is also appropriate
Revenue Cycle: Input - II
3) Correct errors that are detected during

data entry and before the data are posted
to the customer and inventory records
4) Precompute batch control totals
relating to key data on sales invoices (or
shipping notices) and remittance advices.
These precomputed batch control totals
should be compared with totals computed
during postings to the accounts receivable
ledger and during each processing run.
In the case of cash receipts, the total on
remittance advices should also be
compared with the total on deposit slips
Revenue Cycle: Processing - I
1) Move ordered goods from the finished goods
warehouse and ship the goods only on the basis
of written authorizations such as stock request
copies
2) Invoice customers only on notification by the
shipping department of the quantities that have
been shipped
3) Issue credit memos for sales returns only
when evidence (i.e. receiving report) has been
received that the goods were actually returned
4) Verify all computations on sales invoices
before mailing and postings to proper
customers’ accounts. Also, compare the sales
invoices against shipping notices and open
orders, in order to ensure that the quantities
ordered reconcile with the orders shipped and
back-ordered
Revenue Cycle: Processing - II
5) Verify that total amounts posted to the
accounts receivable accounts from batches of
transactions agree with precomputed batch
totals, and post the total amounts to the
appropriate general ledger accounts
6) Deposit all cash received intact and with a
minimum of delay, thus eliminating the
possibility of cash receipts being used to pay
employees or to reimburse petty cash funds
7) Correct errors that are made during
processing steps, usually by reversing erroneous
postings to accounts and entry of correct data.
The audit trail concerning accounts being
corrected should show the original errors, the
reversals, and the corrections
Revenue Cycle: Output
1) Prepare monthly statements, which should be
mailed to all credit customers, especially if the
balance forward approach is employed
2) File copies of all documents pertaining to
sales and cash receipts transactions by number,
with the sequence of numbers in each file being
periodically checked to see if gaps exist. If
transactions are not supported by preprinted
documents, as often is the case in online
computer-based systems, assign transaction
numbers to the transactions
3) Prepare printed transaction listings and
account summaries on a periodic basis in order
to provide audit trail and a basis for review
Web Security Procedures
Authentication
Authorization
Use of an Access Control List
Accountability
Disaster Contingency & Recovery Plan
herein.
and Wong-On-Wing
Chapter 13: The Expenditure

Cycle

Introduction
Because this cycle involves

the outflow of cash, it is the
counterpoint to the revenue cycle
Expenditure cycles tend to be similar for
all types of firms - merchandising to
manufacturing to services
Two subsystems include:
The purchases processing system
The cash disbursements processing system
Objectives of the Cycle
 To ensure that all goods and services are ordered as
needed
 To receive all ordered goods and verify that they are in
good condition
 To safeguard goods until needed
 To ensure that invoices pertaining to goods and services
are valid and correct
 To record and classify the expenditures promptly and
accurately
 To post obligations and cash disbursements to proper
suppliers’ accounts in the accounts payable ledger
 To ensure that all cash disbursements are related to
authorized expenditures
 To record and classify cash disbursements promptly and
accurately
Relationships of Organizational Units
to Expenditure Cycle Functions
VP VP
Logistics Finance
Purchasing Receiving Inventory Production
Budgeting Inventory Accounts Cash General

& Cash
Planning Control Payable Disbursements Ledger
Determine validity Make Cash

of payment
Recognize need Receive obligation Disbursements
for goods & Place and Store
services Order goods
Maintain Post Transactions

Accounts & Prepare Financial
Figure 13-1 Payable Reports
Documents Pertaining to
the Expenditure Cycle
Purchase Requisition
Purchase Order
Receiving Report
Supplier’s (Vendor’s) Invoice
Disbursement Voucher
Disbursement Check
Debit Memorandum
New Supplier Form
Request for Proposal
Figure 13-2
Purchasing & Payables
Processing System
Purchases
Request for Proposals
Inventory Status Reports
Receiving
Receiving Report
Payables
Disbursements Voucher File
Handling Purchase Returns & Allowances
Debit Memorandum
Cash Disbursements
Processing System
Processing Petty Cash disbursements

Imprest System
Disbursing cash for
miscellaneous purposes
Managerial Decisions Pertaining to
the Expenditure Cycle - I
Inventory Decisions
What levels of merchandise inventory should
be stocked?
When should particular inventory be
reordered?
What quantities of particular inventory items
should be reordered?
When should long term purchase contracts be
obtained for particular inventory items?
Figure 13-11
the Expenditure Cycle - II
Inventory Decisions (Continued)

Which suppliers should be established as long-term
sources of merchandise and supplies?
From which suppliers should particular inventory
items be ordered?
What procedures should be followed in receiving and
storing merchandise inventory?
What organizational units are to be included in the
inventory management and logistics function?
What logistics plans and budgets are to be
established for the coming year?
the Expenditure Cycle - III
Financial Decisions
What policies concerning purchase terms and
discounts should be established?
What level of service should departments be
allowed to inquire?
What accounts payable records are to be
maintained concerning amounts owed to
suppliers?
What financial plans and budgets are to be
established for the coming year?
What sources of funds are to be employed?
Operational Listings &
Reports
Voucher Register
Check Register
Open Purchase Order Report
Open Invoices Report
Inventory Status Report
Overdue Deliveries Report
Scheduled Managerial
Reports
A Payables Aging Report

Purchase Analyses
Vendor Performance Report
Cash-flow Statement
Critical Factors Report
Data Management: File
Oriented Approach
 Master Files
 Supplier/Vendor Master File
 Accounts Payable Master File
 Merchandise Inventory Master File
 Transaction & Open Document Files
 Purchase Order File
 Open Purchase Order File
 Supplier’s Invoice File
 Open Vouchers File
 Cash Disbursements File
 Other Files
 A Supplier Reference & History File
 A Buyer File
 An Accounts Payable Detail File
Figure 13-16
A Layout of a Supplier
(Accounts Payable) Record
Supplier Supplier Mailing Phone Credit Year-to-date Year-to-date Current

Account Name Address Number Terms Purchases Payments Account
Number in total in total Balance
Figure 13-17
Control Objectives - I
All purchases are authorized on a timely basis

when needed and are based on EOQ
calculations
All received goods are verified to determine that
the quantities agree with those ordered and that
they are in good condition
All services are authorized before being
performed and are monitored to determine that
they are properly performed
Control Objectives - II
All suppliers’ invoices are verified on a timely

basis and conform with goods received or
services performed
All available purchase discounts are identified,
so that they may be taken if economical to do
so
All purchase returns and allowances are
authorized and accurately recorded and based
on actual return of goods
Control Objectives - III
All cash disbursements are recorded completely

and accurately
All credit purchases and cash disbursements
transactions are posted to proper suppliers’
accounts in the accounts payable ledger
All accounting records and merchandise
inventory are safeguarded
Risk Exposures Within the
Expenditure Cycle - I
Risk Exposure(s)
1) Orders placed for 1) Excessive inventory
unneeded goods or and storage costs
more goods than
needed
Receipt of uncoded 2) Excessive inventory
goods and storage costs
3) No receipt of ordered 3) Losses due to
goods stockouts
4) Fraudulent placement 4) Possibility of inferior
of orders by buyers with or overpriced goods or
suppliers to whom they services
have personal or
financial attachments
Figure 13-20
Expenditure Cycle - II
Risk Exposure(s)
5) Creation of fictitious invoices 5) Overstatement of inventory;
and other purchasing losses of cash disbursed
documents
6) Lack of vigilance in writing 6) Overstatement of inventory
down inventory that is aged or
damaged
7) Omission of liabilities, such 7) Understatement of liabilities
as material contingencies
8) Overcharges (with respect 8) Excessive purchasing costs
either to unit prices or to
quantities) by suppliers for
goods delivered

Expenditure Cycle - III
Risk Exposure(s)
9) Damage to goods 9) Possibility of inferior
enroute to the acquiring goods for use or sale
firm
10) Errors by suppliers 10) Possibility of
in computing amounts overpayment for goods
or invoices received
11) Erroneous or 11) Incorrect balances in
omitted postings of accounts payable and
purchases or purchase general ledger account
returns to supplier’s records
accounts payable
records
12) Errors in charging 12) Incorrect levels
transaction amounts to (either high or low) for
purchases and expense purchases and expense
accounts accounts

Expenditure Cycle - IV
Risk Exposure(s)
13) Lost purchase 13) Excessive purchasing
discounts due to late costs
payments
14) Duplicate payments of 14) Excessive purchasing
invoices from suppliers costs
15) Incorrect 15) Loss of cash and
disbursements of cash, excessive costs for goods
either to improper or and services
fictitious parties or for
greater amounts than
approved

Expenditure Cycle - V
Risk Exposure(s)
16) Improper 16) Excessive costs for
disbursement of cash for goods or services
goods or services not
received
17) Theft of scrap 17) Loss of cash
proceeds
18) Disbursement of 18) Loss of cash
checks payable to
employees for
unauthorized expenses
or fraudulent claims
19) Fraudulent alteration 19) Loss of cash
and cashing of checks
by employees
20) Kiting of checks by 20) Overstatement of
employees back balances; possible
losses of deposited cash

Expenditure Cycle - VI
Risk Exposure(s)
21) Accessing of supplier 21) Loss of security over
records by unauthorized such records, with possible
persons detrimental use made of
data accessed
22) Involvement of cash, 22) Loss of or damage to
merchandise inventory, and assets, including possible
accounts payable record in loss of data needed to
natural or human-made monitor payments of
disasters amounts due to suppliers
within discount periods
23) Interception of data 23) Loss of data or unreliable
transmitted via the Web data resulting in inaccurate
purchase orders
24) Unauthorized purchase 24) Excessive inventory and
requisitions and purchase storage costs
orders initiated via the Web

Expenditure Cycle - VII
Risk Exposure(s)
25) Unauthorized 25) Loss of security over
viewing and alteration of data which can be used
a company’s purchase to the detriment of the
records via the Web company
26) Breakdown of the 26) Loss of data and
Web server due to delay in processing
unexpected events purchase orders

General Controls - I
Management Practices Controls
Training & Bonding of employees
Systems development & changes subject to
prior approvals, testing, and sign-off
Audits on purchases and cash disbursements
Periodic review and analyses of account
activity and computer-approved transactions
General Controls - II
 Data Center Operations Controls

 Authorization Controls
 Access Controls
 Assigned passwords required in order to access accounts
payable and other supplier-related files
 Terminals restricted in their functions with respect to purchases
and cash disbursement transactions
 Logging of all purchases and cash disbursement transactions
upon their entry into the system
 Frequent dumping of accounts payable and merchandise
inventory master files onto magnetic tape backup
 Physically protected warehouses
 Logs that monitor all accesses of data stored in files
Application Controls Pertaining to the
Expenditure Cycle: Input Controls
1) Prepare pre-numbered and well-designed

documents relating to purchases, receiving,
payables, and cash disbursements
2) Validate data on purchase orders and
receiving reports and invoices as the data are
prepared and entered for processing
3) Correct errors that are detected during data
entry and before the data are posted to the
supplier and inventory records
4) Pre-compute batch control totals relating to
key data on suppliers’ invoices and vouchers
due for payment
Figure 13-21
Expenditure Cycle: Processing Controls
1) Issue purchase requisitions, purchase orders,

disbursement vouchers, checks, and debit
memoranda on the basis of valid authorizations
2) verify all data elements and computations on
purchase requisitions and on purchase orders
3) Vouch all data elements and computations on
suppliers’ invoices
4) Monitor all open transactions, such as partial
deliveries and rejected goods
5) issue debit memoranda only on the basis of
prior approval of the purchasing or other
appropriate manager
6) Reconcile amounts in the accounts payable
subsidiary ledger and expense ledgers with
control accounts in the general ledger
7) Verify that total postings to the accounts
payable file accounts agree with the total
postings to the general ledger accounts
8) Monitor discount terms relating to payment
9) review evidence supporting the validity of
expenditures and the correctness of amounts
prior to the signing of checks
10) use check protectors to protect the amounts
on checks against alteration before the checks
are presented to be signed
11) Require that checks over a specified amount

be countersigned by a second manager
12) Verify all inventories on hand by physical
counts once yearly, and reconcile the counted
quantities with the quantities shown in the
inventory records
13) Use imprest systems for disbursing currency
from petty-cash funds, with the funds being
subject to surprise counts by internal auditors or
a designated manager

14) Establish purchasing policies that require

competitive bidding for large and/or non-routine
purchases and that prohibit conflicts of interest
15) Correct errors that are made during
processing steps, usually by reversing erroneous
postings to accounts and entering correct data

Expenditure Cycle: Output Controls
1) establish clear-cut receiving and payables
cut-off policies, so that inventories and accounts
payable are fairly valued at the end of each
accounting period
2) Establish budgetary control over purchases,
with periodic reviews of actual purchase costs
and such key factors as inventory turnover rates
3) Compare monthly statements from suppliers
with the balances appearing in the suppliers’
accounts in accounts payable

Expenditure Cycle: Output Controls
4) File copies of all documents pertaining to

purchases and cash disbursements by number;
including voided documents such as checks
5) Print transaction listings in order to provide
an adequate audit trail

Programmed Edit Checks Useful in validating
Transaction Data in the Expenditure Cycle
Validity check
Self-checking digit
Field check
Limit check
Range check
Relationship check
Sign check
Completeness check*
Echo checks*
* = applicable only to online systems
Web Security Procedures
Authentication
Authorization
Accountability
Disaster Contingency & Recovery Plan
herein.
and Wong-On-Wing
Chapter 14: Systems

Development

Interaction of Systems
Development with Accounting
 1) Assigning both the controller and the information

systems manager to the steering committee
 2) Assigning accountants to systems project teams
 3) Assigning persons who are knowledgeable in both
accounting and information technology to serve as
coordinators between the accounting and information
systems functions
 4) Establishing an internal audit group, staffed by
accountants and systems-oriented auditors
 5) Establishing data control groups within accounting
departments
Approaches to Systems
Development
Top-Down versus Bottom-up

In-House versus Outsourcing
Re-engineering
Prototyping
Objectives of Strategic
Systems Planning
Integrate the information system development
with the firm’s overall planning processes
Ensure orderly development of systems
projects, making efficient use of available
resources
Recognize changing priorities and newly arising
conditions as well as increasing informational
demands
Incorporate improvements in information
technology as they become relevant to the
firm’s needs and promise greater benefits than
the cost outlays
Survey of the Present
System
Scope
Data Types and Sources
Behavioral Issues
Communicate openly with the persons
to be affected by the system project
Encourage participation by the affected persons
throughout the survey
Emphasize the positive aspects of the project and
explain that the resulting system can better meet the
users’ needs
Reduce the fears of employees and managers by
establishing and publicizing fair personnel policies
A Checklist for Analyzing
Information Systems - I
Are tasks and responsibilities clearly defined and
assigned?
Are tasks and responsibilities distributed
effectively among employees and organizational
units?
Are the policies and procedures understood and
followed?
Does the productivity of the clerical employees
appear to be satisfactorily high?
Do the various organizational units cooperate
and coordinate well in maintaining smooth flows
of data?
Figure 14-8
Information Systems - II
Does each product achieve its intended
objective?
Are redundant processing operations being
performed?
How necessary is the result accomplished by
each operation?
Do unnecessary delays occur in obtaining
and/or processing data?
Do any operations cause bottlenecks in the flow
of data?
Are the number of errors that occur in each
operation minimized?
Information Systems - III
Are physical operations adequately planned and
controlled?
Is the capacity of the information system
sufficient to handle the average volumes of data
without large backlogs?
Are the peak volumes of data handled
adequately?
How easily does the system adapt to
exceptional occurrences and growth in use?
How necessary is each document?
Is each document suitably designed for efficient
use?
Information Systems - IV
Are all copies of documents necessary?
Can reports be prepared easily from the files
and documents?
Does unnecessary duplication occur in files,
records, and reports?
Are files easily accessible and kept up-to-date?
Are sound performance standards developed
and kept up-to-date?
Is data processing equipment being used
effectively?
Is the system of internal control adequate?
Do the informal flows of data and information
harmonize with the formal flows?
A List of Information
Systems Capabilities
Efficient and hence economical operations

Adequate capacity for expected growth
Timeliness in responding to inquiries and
providing reports
Reliability of system hardware and software
Accurate, up-to-date, and relevant information
Security of the data and system facilities
Flexibility and adaptability to changes and new
demands
Simplicity, and hence user-friendliness
Figure 14-9
One-time Costs for a New or Improved
Computer-based Information System - I
System Design Costs

Detailed design
Programming
System Installation and Conversion Costs
System and program testing
File conversion
Retraining of displaced employees
Training of newly hired analysts, programmers, and
operators
Inefficiencies caused by learning new equipment and
procedures
Figure 14-15
Computer-based Information System - II
System Site Preparation Costs

Construction of wiring and piping systems
Construction of electrical power supply
Construction of air-conditioning system
Construction of sprinkler system
Construction of other miscellaneous facilities, such as
false flooring, file storage vault, and special lighting

Computer-based Information System -
III
System Hardware Costs

Central processing unit
Additional processors
Secondary storage devices
Input-output devices
Data communications equipment
Terminals
Peripheral equipment, such as key-to-disk devices
Transportation of equipment

Computer-based Information System -
IV
System Software Costs

Operating system, utility routines, compilers
Data communications software
Application program packages
Data management software packages
Decision model software packages
Outside computer time-sharing rentals

Recurring Costs Related to a Computer-
Based Information System - I
Computer Operations Costs

Salaries for computer supervisors, operators,
technicians, data-entry clerks, librarians, security
guards, and others
Supplies, including forms, paper, ribbons, and tape
Utilities, including power, water, and telephone
Rentals of computer hardware
Software purchases and upgrades
Communications equipment and services
Backup equipment and services
Figure 14-16
Recurring Costs Related to a Computer-
Based Information System - II
Information System Maintenance Costs
Salaries for systems analysts, programmers, repair
technicians, and others
Replacement parts and upgrades
Printing costs for documentation
Information System Administration Costs
Salaries of systems management, data-base
administrator, internal auditors, secretaries, and
others
Insurance
Taxes
Space and building occupancy costs
Typical Conceptual Design
Specifications - I
System Components Features

Output Name
Purpose
Distribution to users
Contents
General format
Frequency or trigger
Timeliness
Output medium
Figure 14-17
Specifications - II

Data base File or table name
File or table type
File size
Contents of record or table
Record or table layout
File organization method
Storage medium
Data characteristics
Updating frequency

Data structure
Specifications - III

Data processing Sequence of steps or
runs
Processing modes,
cycles, volumes
Modes of data
communication
Processing capabilities
at each physical
location
Specifications - IV

Data input Name
Purpose
Source
Method of collecting data
Volume (peak and
average)
Contents (data elements)
General format
Data entry method
Specifications - V

Control and security Type
Purpose
Specific system
components affected
method of correcting
error or establishing
security

Systems Acquisition
Options
Purchasing versus leasing
Single vendors versus multiple vendors
In-house system versus outsourcing
computing services
In-house software development versus
commercial software packages
Types of commercial software
General accounting systems
Turnkey software systems
Advantages of Commercial
Software
Products available without lengthy

developmental periods
Soundly designed and well-tested
and thus efficient and reliable
Reasonable pricing
Limitations of Commercial
Software
Generalized in nature
Acquiring firm is dependent on the
software vendor for support
and maintenance and
upgrades
The Sequence in Designing
System Components
Design Controls
& Security Measures
Design Design Design Data

Information Design
data base Processing Data Inputs
Outputs Operations
Figure 14-19
A List of Design Principles
Foster system objectives

Incorporate reasonable tradeoffs
Focus on functional requirements
Serve multiple purposes
Relate to users’ concerns
Provide a tailored product
Integrate system modules and components
Avoid design excesses
Apply sound methodology
Figure 14-20
System Justification & Selection in the
Systems Development Life Cycle
Determination
of Design
Feasibility
Systems
Planning
Solicitation of
Hardware and
Software Proposals
Systems Evaluation of
Analysis System
Proposals
Selection of
Systems System Hardware
and Software
Design
Systems Justification & Selection

Systems
Operations
Figure 14-21
A List of Resource
Specifications - I
Systems Design Specifications

Output
Data-base
Processing
Input
Control & security
Figure 14-22
A List of Resource
Specifications - II
Hardware Specifications
Processor speeds and capabilities
Secondary storage capacities and access
capabilities
Input-output speeds and capabilities
Compatibility features
Modularity features
Error detection and correction techniques
Data communication capabilities
Special features, such as multiprogramming and
virtual storage
maximum allowable downtime as a percentage of
total time

A List of Resource
Specifications - III
Software Specifications
Programming languages and compilers
Utility packages
Application packages
Operating system capabilities
Data management packages
System Support Specifications
Programming assistance
Training programs
Test facilities and time available
Backup facilities
Maintenance assistance

Techniques for Proposal
Evaluation
The benchmark problem technique

Simulation model technique
Weighted-Rating analysis
technique
Systems Implementation:
Preliminary Actions
Establish implementation
plans and controls
Gantt chart
Network diagrams
Recognize behavioral concerns
Review the organization of
the project team
Complete arrangement for selected
system resources
Implementation Activities - I
Personnel selection and training

Physical site preparation
Detailed system design
Output design
Database design
Input design
Processing design
Controls design
Implementation Activities - II
Application software development

Coding
Structured programming
Software testing
Desk checking
String testing
 System testing
Acceptance testing
Implementation Activities - III
Standards development
System components
Performance
Documentation
Documentation
File conversion
Implementation Activities - IV
System conversion: cutover

Direct conversion approach
Parallel operation approach
Modular conversion approach
Phased conversion approach
User signoff
Systems Operations
Fine tuning
Post-implementation evaluation
To assess the degree to which the
objectives of the system project have been met
To spot any additional modifications that might be
needed in the newly designed system
To evaluate the project team’s performance, both in
terms of a quality product and adherence to the
project schedule and work plan
To serve as the basis for improving future systems
developments and accuracy of cost and benefit
estimates
A Framework Pertaining to the Control
of System-Related Resources
Measurement of Resource Usage

* Personnel Time Reporting Systems
* Computer-oriented Monitoring
Systems
* Effectiveness Monitoring Systems
Performance Evaluation Systems

Chargeback Systems * Personnel performance by
* Chargeback Rates Clerks & Operators
* Usage Measurements by Systems professionals
Department Systems managers
Task * Equipment performance
Project * Information system performance
Computer System Efficiency
Effectiveness
Cost accounting Performance

& control reports reports
Figure 14-27
herein.

Accounting Information Systems Essential Concepts and Applications Fourth Edition PDF

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Accounting Information Systems Essential Concepts and Applications Fourth Edition PDF

Hochgeladen von

Copyright:

Verfügbare Formate

Accounting Information Systems:

Essential Concepts and Applications

Chapter 1: The Study of

Slides Authored by Somnath Bhattacharya, Ph.D.

 It is the principal way of organizing and reporting

 A System is an entity consisting of interacting

Data are raw facts and figures

An Information system is a framework in which

An Accounting Information

Support day-to-day operations

Processor(s): Manual or Computerized

Finance Sales/Marketing Production AIS Personnel

Career accountants will be users, auditors, and

Chapter 2: The Business

Slides Authored by Somnath Bhattacharya, Ph.D.

No Purchasing, Production, Planning/Control, Investment Cycles

No Revenue, and Investment Cycles reflected here

Matrix: Blend functional and project-

Funds Data and information flow Funds

The nature of the element and when it

Field 1 Field 2 Field 3

Field 1 Field 2 Field 3

Figure 2-9 - continued

 5) The “sandwich” rule is consistently applied.

Figure 2-9 - continued

From prior Customer

Figure 2-9 - continued

To use, evaluate, and develop a modern

Because they transmit data and information,

 Faster processing of transactions and other data

This links fully functional computers in different

 Distributed databases are useful when:

A LAN may be connected to other LANs

Examples of pre-developed network

This model splits data processing between

Most commonly implemented mode of

The STAR and RING topologies apply to

 Enterprise-wide on-line transaction processing systems

 Both Data Marts and Data Warehouses organize and

Internet Commerce and Electronic Commerce

Chapter 4: Data Management

Slides Authored by Somnath Bhattacharya, Ph.D.

 An Entity is an object, person, or event about which a

File Data-sets (or Tables)

Every recorded attribute of an entity is a data

Field 1 Field 2 Field 3

Field 1 Field 2 Field 3

Accounting related transaction files

Report files: These are derived from records

Flags that are symbols or characters used

Managing files and records requires the

The answers to the above questions

The structure of a record is defined by its:

Transaction records are usually arranged

In the file-oriented approach to data

The Conceptual Data Model is the logical

A data dictionary is a computer file that maintains

 In order to arrive at a specific E-R model, one must select the

A data-flow diagram shows the physical

A Physical DFD documents the physical

Logical Data flow diagrams

The Hierarchy of Data Flow Diagrams

Physical DFD Level-0 logical DFD