Beruflich Dokumente
Kultur Dokumente
Storage
Processing
Consumers
Exchange Events
Internal Events
Environmental Events
}
Accounting Information
System
Sales/ Production
Marketing Info
AIS
Personnel Finance
Relationship of AIS & MIS
MIS
Order entry/Sales
Billing/A.Rec./Cash receipts
Purchasing/A. Pay./Cash disb.
Inventory
Payroll
General ledger
Production
Reasons for Studying
Accounting Information Systems
Financial accountants
prepare financial information
for external decision-making
in accordance with GAAP
Managerial accountants
prepare financial information
for internal decision-making
Roles of Accountants With
Respect to an AIS
Auditors - evaluate controls
and attest to the fairness of
the financial statements.
Accounting managers -
control all accounting
activities of a firm.
Tax specialists - develop
information that reflects tax
obligations of the firm.
Consultants - devise
specifications for the AIS.
Ethical Standards for
Consulting
Professional competence
Exercise due professional care
Plan and supervise all work
Obtain relevant data to support reasonable
recommendations
Maintain integrity and objectivity
Understand and respect the responsibilities
of all parties
Disclose any conflicts of interest
Accounting Information Systems:
Essential Concepts and Applications
Fourth Edition by Wilkinson, Cerullo,
Raval, and Wong-On-Wing
Copyright © 2000 John Wiley & Sons, Inc. All rights reserved.
Reproduction or translation of this work beyond that permitted in
Section 117 of the 1976 United States Copyright Act without the express
written permission of the copyright owner is unlawful. Request for
further information should be addressed to the Permissions Department,
John Wiley & Sons, Inc. The purchaser may make back-up copies for
his/her own use only and not for distribution or resale. The publisher
assumes no responsibility for errors, omissions, or damages, caused by
the use of these programs or from the use of the information contained
herein.
Accounting Information Systems:
Essential Concepts and Applications
Fourth Edition by Wilkinson, Cerullo,
Raval, and Wong-On-Wing
Organization Organization’s
Environment functions
of the Firm Information
Business System AIS Transaction
Firm Cycles
Operational
Business Events
System
from Operations
Figure 2-1
System Characteristics of
Business Firms
Objectives
Environment
Constraints
Input-Process-Output
Feedback
Controls
Subsystems
Examples of AIS Subsystems
(Merchandising)
Order entry Purchasing/
Sales A. Payable/
System Cash Disb.
Inventory
Shipping
System
System
Receiving
Revenue Expenditure
Cycle Cycle
General
Ledger Human
Billing/ Resource
A. Receivable System Management
Cash Receipts Ext/Fin. reporting (Payroll)
System Tax & req. reporting System
Internal reporting
No Planning/Control, Investment, or Production Cycles reflected here
Examples of AIS
Subsystems: Service Firm Revenue
Billing/
Human resource
A.Receivables Management
Cash Receipts System
System (payroll)
Service firm Revenue Cycle
General
Ledger
System
Production Cycle
Human
General Resource
Ledger Management
System (Payroll
System
Hierarchical
Decentralized
Network
A Networked
Organizational Structure
Consultant Marketing
Training Consulting
Services
Consultant Operation
Recruitment Management
Customer Customer
Project Services
Team Management
Figure 2-5
The Operational System of
a Manufacturing Firm
Facilities Manufacturing Firm
Labor Supporting
(human Operations
services)
Material Producing Storing Shipping Goods
Acquiring
from Finished Finished Finished to
Materials Goods Goods Goods Customer
Supplier
Data Information
AIS
File
{
Field 1 Field 2 Field 3 Records
Figure 2-9
Basic Rules of Flowcharting - II
4) The dispositions of all documents and reports are
shown. In fact, the final “resting place” of every copy
of every of every prepared document should be
specified. Typical dispositions include placing
documents in files, sending documents to outside
parties such as customers, forwarding documents to
connecting procedures (such as a general ledger
procedure), and distributing reports to managers. If
the disposition consists of destroying a document,
this action may be represented in the manner shown
below:
From prior
processing Source Document Destroy
Input Output
Manual
document document
Process
To sales Order
Sales Order Processing
Copyright © 2000 John Wiley & Sons, Inc. All rights reserved.
Reproduction or translation of this work beyond that permitted in
Section 117 of the 1976 United States Copyright Act without the express
written permission of the copyright owner is unlawful. Request for
further information should be addressed to the Permissions Department,
John Wiley & Sons, Inc. The purchaser may make back-up copies for
his/her own use only and not for distribution or resale. The publisher
assumes no responsibility for errors, omissions, or damages, caused by
the use of these programs or from the use of the information contained
herein.
Accounting Information Systems:
Essential Concepts and Applications
Fourth Edition by Wilkinson, Cerullo, Raval,
and Wong-On-Wing
Chapter 3: AIS
Enhancements Through
Information Technology and
Networks
Slides Authored by Somnath Bhattacharya, Ph.D.
Florida Atlantic University
Importance of IT and Computer
Networks to Accountants
Manual Computerized
Exceptional/infrequent Collecting and processing large
transactions volumes of routine
transactions
Setting objectives and policy- Storing large quantities of data
making judgments and information
New problems Monitoring and controlling
continuous processes
Supervising employees Answering specific inquiries
Social communications based on stored data
Making complex strategic Preparing complex analyses
decisions and extensive reports
Helping gather data and
understanding the
relationships between all types
of decisions
Figure 3-1
Limitations of Infoage’s
Legacy AIS
Large portion of personnel time and effort spent
on systems maintenance
Little time & effort for value-added services
Little flexibility to changing business conditions
Financial and Operational data not integrated
Difficult to generate data with both financial and non-financial
components
The transaction processing systems focus on
chart of accounts classification
Ignore the multidimensional aspects of transactions
Files related to applications are not integrated
Inefficiencies of the manual system remodeled in
automated form
Business processes and accounting procedures not analyzed and
improved upon prior to conversion to automated form
System not geared to generate timely decision-
support information
Computer programmers required to write new programs for ad hoc
queries
Types of Network
Architectures
Wide-Area Networks
Formed among computers and inter-
connected devices that are geographically
distant from one another
Local-Area Networks
A type of distributed network created when
two or more linked computers are grouped
within a limited geographical area
Centralized WANs - I
Concentrates all application processing at one
geographical location
Consists essentially of one (or a cluster of) central
mainframe computer(s) and one or more physically
remote terminals
Typically all hardware, software, and data processing
personnel are located at corporate headquarters
Advantages include:
the concentrated computing power of a large processor
low operating costs per transaction leading to economies of
scale
can facilitate the use of a database approach
facilitate better security provisions
allow for greater standardization and professional planning and
control of information-related activities
Centralized WANs - II
Best suited for
Firms with centralized organizational structures
Firms with homogeneous operations
Firms with low processing activity at remote sites
Examples include
Savings and loan institutions
Banks with many ATMs and branches
Merchandizing chains
Motels
Airlines
Drawbacks include
Inflexibility
Expensive and complicated software needed
Vulnerable to disasters as a result of complete dependence on
central computer
Not user-friendly
Distributed WANs - I
Figure 3-3a
The RING Configuration
Figure 3-3b
The BUS Configuration
Figure 3-3c
Enterprise-wide Processing
and Data Systems
Copyright © 2000 John Wiley & Sons, Inc. All rights reserved.
Reproduction or translation of this work beyond that permitted in
Section 117 of the 1976 United States Copyright Act without the express
written permission of the copyright owner is unlawful. Request for
further information should be addressed to the Permissions Department,
John Wiley & Sons, Inc. The purchaser may make back-up copies for
his/her own use only and not for distribution or resale. The publisher
assumes no responsibility for errors, omissions, or damages, caused by
the use of these programs or from the use of the information contained
herein.
Accounting Information Systems:
Essential Concepts and Applications
Fourth Edition by Wilkinson, Cerullo, Raval,
and Wong-On-Wing
Data-base
Files Data bases
-
Figure 4-1
Data Elements
{
File
Field 1 Field 2 Field 3 Records
Context Diagram
Level 1 diagram(s)
Process bubble
Customer Relevant Environment
comprised of External Entities
Payment Cash
}Boundary (border between a
Receipts system and its environment)
Process
Dataflows Deposit
(Interfaces) Bank
This is a flow connecting a system
with its environment
A Physical DFD
1. Bubbles are labeled
with nouns
2. Data flows & files have
Sales physical descriptions
Customer Cash Clerk Order &
register
1.0 tape
Cashier
Form 66W 2.0
Verified
Sales Book- register tape Deposit slip
information & cash
Keeper
3.0
Blue sales book
Bank
A Logical DFD
1) Bubbles are labeled with
verbs that describe the activity
taking place
1.0 2) Data flows & files have logical
Customer Payment Receive Receipts & descriptions
receipts summary
Payment
Verified receipts
2.0
Sales record 3.0
Compare
Cash & Prepare
Tape Deposit
Copyright © 2000 John Wiley & Sons, Inc. All rights reserved.
Reproduction or translation of this work beyond that permitted in
Section 117 of the 1976 United States Copyright Act without the express
written permission of the copyright owner is unlawful. Request for
further information should be addressed to the Permissions Department,
John Wiley & Sons, Inc. The purchaser may make back-up copies for
his/her own use only and not for distribution or resale. The publisher
assumes no responsibility for errors, omissions, or damages, caused by
the use of these programs or from the use of the information contained
herein.
Accounting Information Systems:
Essential Concepts and Applications
Fourth Edition by Wilkinson, Cerullo, Raval,
and Wong-On-Wing
Chapter 5: Computer-Based
Transaction Processing
Figure 5-7
Data Processing Methods
Information flow
Adding machine
Document flow
tape used for
batch control
Annotation for
additional
explanation
A Sample Document
Flowchart
Requesting Department Central Supplies Department
12 A
Goods Requisition
Form
1
Goods Requisition
Form
File
System Flowcharts
Punched Document
Paper Tape
Magnetic Magnetic
Tape Disk
Start/Stop Terminal
Can also be an external
entity
Logic Flow
A On-page
connector
Telecommunication
Off-page Link
Connector
System Flowcharting
Symbols Miscellaneous - I
Data Preparation
Communication Link
Termination
Can also be an external entity
System Flowcharting
Symbols Miscellaneous - II
Class Registration
Processing System
Get Course Edit Course Update Course Output Registration Output Course
Schedules Schedules Schedules Reports Schedules
Other Files Other Files Other Reports
Figure 5-11
Sequential vs. Direct Updating
Sequential Updating from Batched/Online Inputs: To update a
master file sequentially within a computer-based application, the
processing program starts at the beginning master file record. It
then reads every record in the file, changing data in each record
affected by a transaction (see Figs. 5-6 and 5-7 & 5-8 ).
Sequential Updating requires sorting of the transaction file by the
master file sorting key (e.g., transactions originally sorted on
transaction_no. must now be resorted by master-file
customer_no.).
Since all the records in a master file are read during the update,
sequential updating increases the processing time significantly if
only a few records are to be updated.
Direct Updating: Instead of processing a batch of transactions
sequentially against an entire master file, each transaction in the
batch can be posted directly to the affected records.
Direct Updating with batched transactions eliminates the sorting
step.
Direct Updating is only feasible if the master files are stored on direct-
access storage.
DFD Showing Batched Sequential
Processing of Transactions
Source Documents Batch of
Origination of Documents
Batch
Transactions
Documents &
Compute
Totals
Batch Totals
Prepare Batch
Prepare Documents
Financial for Sequential
Outputs Subsidiary and Processing
General ledgers
Updated
Financial Statement Post Data to
Records
& other Outputs Accounting Sorted Batch
Records & of Documents
Verify Batch
Totals
Recipients
of Transaction Data
Outputs (Journals)
Figure 5-12
Enterprise Resource
Planning
Direct Access: This denotes any method that involves the accessing of
desired records in some way other than by an exhaustive search through
all the records in a file
Significant methods of Direct Access include:
Indexed sequential file
Randomization
Binary searches
Linked lists
Inverted lists
All Direct Access methods require direct-access storage media such as
magnetic disks and the use of Pointers
Pointers are data elements whose values specify or “point to” the physical
storage addresses where associated data are stored. In contrast to the
other data elements of a record, a pointer provides direction
rather than content
Indexed Sequential File - I
Copyright © 2000 John Wiley & Sons, Inc. All rights reserved.
Reproduction or translation of this work beyond that permitted in
Section 117 of the 1976 United States Copyright Act without the express
written permission of the copyright owner is unlawful. Request for
further information should be addressed to the Permissions Department,
John Wiley & Sons, Inc. The purchaser may make back-up copies for
his/her own use only and not for distribution or resale. The publisher
assumes no responsibility for errors, omissions, or damages, caused by
the use of these programs or from the use of the information contained
herein.
Accounting Information Systems:
Essential Concepts and Applications
Fourth Edition by Wilkinson, Cerullo, Raval,
and Wong-On-Wing
Chapter 6: Data-Base
Modeling and Applications
Application
Program A
Database
Management
System Database
Application
Program B
Figure 6-1
Questions for Database
Design and Construction
Planning
Cost-benefit Analysis
Effective usage Analysis
Analysis
Enterprise Diagram
User Requirements
Data requirements
Firm’s operations and relationships
Development of logical design
Expected output requirements
Inputs
Processes
Appropriate Conceptual Model
Data Modeling through Entity-Relationship Diagrams
Specification of logical view(s)
Designation of Primary and Secondary keys
Development of Data Dictionary
Iterative Phases in Database
Development: Detailed Design
Technical Specifications
Report Layouts
Data Flows
Screen Layouts
DBMS Selection
Data Definition Language (DDL)
Data Manipulation language (DML)
Query language [Structured Query Language (SQL)
and/or Query by Example (QBE)]
Data-base Control System (DBCS)
DBMS
Many DBMS packages allow users to:
Analyze Data
Prepare ad hoc or customized Reports
Create and Display Graphs
Create Customized Applications via
Programming Languages
Import and Export Data
Perform On-line Editing
Purge or Archive Obsolete Data
Backup data
Maintain Security Measures
Interface with Communication Networks
Iterative Phases in Database
Development: Post-Design Phases
Implementation
Testing
Unit Testing
System Testing
User Acceptance Test
Maintenance
Entity-Relationship Model
Relative to the detailed nature of Record layouts and
data dictionaries, Entity-Relationship (E-R) Models
provide a broader and more conceptual view of the
firm’s data
A Data Model documents the key entities in a firm
and the relationships or associations among those
entities
An Entity is an object that exists and is identifiable.
e.g., an agent, event, or a resource
Entity-Relationship Model
Conventions
Products
Figure 6-6
Relational Databases
Student_Name Student_Major
Penny Pasta Latin
Relational Algebra Functions
in a Relational Database - Join
Customer_Code Credit_Limit
+
1001 10,000
Advantages Disadvantages
Ease of use for non- Relative inefficiency
technical users Huge storage space
Flexible structure required
English-like commands More redundancy than
or menus other data base
Easy structural changes structures
Not suitable for high-
volume applications
Hierarchical Database
Structure
The hierarchical data structure (or tree
structure) expresses hierarchical relationships
among stored data.
The root node is at the top and for
any two adjacent records, the elder
or higher-level record is called the
parent record.
The younger or lower-level record
is called the child record and any
two records on the same level are called sibling
records.
The Hierarchical Conceptual Model
Customer Salesperson
Invoice Salesperson
In this model all data
deemed necessary must be
defined when the database Invoice 1 Invoice 2 Invoice 3
is created
The inverted tree structure Line Line
of the database means that Item 1 Item 2
each node can only have
one parent
Therefore, the hierarchical Customer
model only allows for one-
to-one and one-to-many
relationships. Many-to- Invoice 1 Invoice 2 Invoice 3
many relationships cannot
be modeled except through Line Line
duplication of data elements
Item 1 Item 2
Hierarchical Conceptual
Model - III
Rec. Rec. Forward
In this model, pointers must
Address Content Pointer
be stored either within the 1 Cust A 4
records or in separate index 2 Cust B 6
files 3 Inv 10 0
Customer A 4 Inv 9 7
Customer B 6 Inv 8 3
4 Inv 9 7
5 Inv 16 0
6 Inv 8 3
7 Inv 12 5
The Network Structure
Customers Products
Customer Product
Cust-Prod
Object-Oriented Database
Structure - I
The object-oriented database
(OODB) is a new type of database
that stores objects with (non-textual)
information in them
These unstructured objects may be
graphic images, still photographs,
animated visual, music and speeches
Objects are grouped into object
classes, with each member of the
class having the same set of
attributes, which can be
manipulated
Object-Oriented Database
Structure - II
Object Classes feature class hierarchies
Super-classes are at the top of the
hierarchies, with classes and sub-classes
linked below
Movement within class hierarchies is
downward from super-class to class to
subclass
Classes may also form sidewise associations,
e.g., association of university person with
university; faculty with academic dept
Characteristics of Objects
Attributes
Engine
Make Model Year Mileage Color
Size
Object Car
Object Inventory
Review
Reduce Reorder Replace
Qty
Copyright © 2000 John Wiley & Sons, Inc. All rights reserved.
Reproduction or translation of this work beyond that permitted in
Section 117 of the 1976 United States Copyright Act without the express
written permission of the copyright owner is unlawful. Request for
further information should be addressed to the Permissions Department,
John Wiley & Sons, Inc. The purchaser may make back-up copies for
his/her own use only and not for distribution or resale. The publisher
assumes no responsibility for errors, omissions, or damages, caused by
the use of these programs or from the use of the information contained
herein.
Accounting Information Systems:
Essential Concepts and Applications
Fourth Edition by Wilkinson, Cerullo, Raval,
and Wong-On-Wing
General Application
Controls Controls
Figure 7-1
Control Environment
Unintentional errors
Deliberate Errors (Fraud)
Unintentional Losses of Assets
Thefts of assets
Breaches of Security
Acts of Violence and Natural Disasters
Factors that Increase Risk
Exposure
Processing is Concentrated
Audit Trails may be Undermined
Human Judgment is bypassed
Data are stored in Device-Oriented rather than
Human-Oriented forms
Invisible Data
Stored data are Erasable
Data are stored in a Compressed form
Stored data are relatively accessible
Computer Equipment is Powerful but Complex
and Vulnerable
Feasibility of Controls
Audit Considerations
Cost-Benefit Considerations
Determine Specific Computer Resources Subject to Control
Determine all Potential Threats to the company’s Computer
System
Assess the Relevant Risks to which the firm is exposed
Measure the Extent of each Relevant Risk exposure in dollar
terms
Multiply the Estimated Effect of each Relevant Risk Exposure by
the Estimated Frequency of Occurrence over a Reasonable
Period, such as a year
Compute the Cost of Installing and Maintaining a Control that is
to Counter each Relevant Risk Exposure
Compare the Benefits against the Costs of Each Control
Legislation
The Foreign Corrupt Practices Act of 1977
Of the Federal Legislation governing the use of
computers, The Computer Fraud and Abuse Act
of 1984 (amended in 1986) is perhaps the
most important
This act makes it a federal crime to intentionally
access a computer for such purposes as: (1)
obtaining top-secret military information, personal,
financial or credit information
(2) committing a fraud
(3) altering or destroying federal information
Methods for Thwarting
Computer Abuse
Enlist top-management support so that
awareness of computer abuse will filter down
through management ranks.
Implement and enforce control procedures.
Increase employee awareness in the seriousness
of computer abuse, the amount of costs, and
the disruption it creates.
Establish a code of conduct.
Be aware of the common characteristics of most
computer abusers.
Methods for Thwarting
Computer Abuse
Recognize the symptoms of computer abuse
such as:
behavioral or lifestyle changes in an employee
accounting irregularities such as forged, altered or
destroyed input documents or suspicious
accounting adjustments
absent or ignored control procedures
the presence of many odd or unusual anomalies
that go unchallenged
Encourage ethical behavior
Control Problems Caused by
Computerization: Data Collection
Manual System Computer-based System
Characteristics Characteristics Risk Exposures Compensating
Controls
Data reviewed for Data often not Errors, accidental Edit checks
errors by clerks subject to review or deliberate, may performed by
by clerks be entered for computer system
processing
Figure 7-6
Control Problems Caused by
Computerization: Data Processing
Manual System Computer-based System
Characteristics Characteristics Risk Exposures Compensating
Controls
Processing performed Processing performed Effects of errors may Editing of all data
relatively slowly very rapidly spread rapidly through during input and
files processing steps
Figure 7-6 Continued
Control Problems Caused by Computerization:
Data Storage & Retrieval
Manual System Computer-based System
Copyright © 2000 John Wiley & Sons, Inc. All rights reserved.
Reproduction or translation of this work beyond that permitted in
Section 117 of the 1976 United States Copyright Act without the express
written permission of the copyright owner is unlawful. Request for
further information should be addressed to the Permissions Department,
John Wiley & Sons, Inc. The purchaser may make back-up copies for
his/her own use only and not for distribution or resale. The publisher
assumes no responsibility for errors, omissions, or damages, caused by
the use of these programs or from the use of the information contained
herein.
Accounting Information Systems:
Essential Concepts and Applications
Fourth Edition by Wilkinson, Cerullo, Raval,
and Wong-On-Wing
General Corrective
Preventive
Application
Input
Processing
Output
} Detective
Figure 8-1
General Controls
General Controls pertain to all activities
involving a firm’s AIS and resources
(assets). They can be grouped as follows:
Organizational or Personnel Controls
Documentation Controls
Asset Accountability Controls
Management Practice Controls
Information Center Operations Controls
Authorization Controls
Access Controls
Organizational or
Personnel Controls - I
Distribute
Errors To users
to be (exception
corrected and summary
report)
Figure 8-4
Segregation of Functions in a
Direct/Immediate Processing System
Online Files (or data library
User Departments Computer Operations for removable disks and
backups
Data Inputs
Batch
Files
Online
Printed or Files
Plotted Outputs
Figure 8-6
Documentation Controls
Control
Stage Properly authorized Batch control totals Sound error correction
transactions procedures
Adequate input edit tests
Well-designed and (programmed checks) Complete audit trail
controlled source
Input documents
Copyright © 2000 John Wiley & Sons, Inc. All rights reserved.
Reproduction or translation of this work beyond that permitted in
Section 117 of the 1976 United States Copyright Act without the express
written permission of the copyright owner is unlawful. Request for
further information should be addressed to the Permissions Department,
John Wiley & Sons, Inc. The purchaser may make back-up copies for
his/her own use only and not for distribution or resale. The publisher
assumes no responsibility for errors, omissions, or damages, caused by
the use of these programs or from the use of the information contained
herein.
Accounting Information Systems:
Essential Concepts and Applications
Fourth Edition by Wilkinson, Cerullo, Raval,
and Wong-On-Wing
Central
Computer On-line Data
Facilities Storage
Figure 9-1
Terminal
------ = Places Needing Security
User Codes
File Access
Data Base
Figure 9-4
Protection from Unauthorized
Access to Data and Information - III
Access logs
Console logs
Access control software
Access Control Facility 2
Resource Access Control Facility
System and Program change
logs monitor changes to programs,
files, and controls
Protection from Loss or Improper
Alteration of Data and Information
A Library Log will track the movement of files,
programs and documentation, while a
Transaction Log records individual
transactions as they are entered into on-line
systems
Tape File Protection Rings for magnetic tape,
Write-Protect Rings for diskettes, and File
Labels (both internal and external) for tape
(including internal header labels and internal
trailer labels) or disk can prevent the loss or
alteration of data and information.
ROM-based program instructions
Enforced serialized processing
Recovery and Reconstruction of
Lost Data - I
Reconstruction involves
The Roll-Forward procedure (inclusive of the
last dump and images from the activity log
and transaction log)
The Roll-Back procedure
Use of Checkpoints
Building-in Fault Tolerance through methods
such as Disk Mirroring and Disk Duplexing
Disaster Contingency and
Recovery Planning - I
A DCRP is comprised of:
The Emergency Plan
Prepare organization chart
Determine disasters that trigger the entire DCRP
or just parts of it. Conduct a risk analysis
Determine responsibilities for contacting police,
fire, and other agencies
Determine personnel to remain at headquarters to
perform vital duties
Prepare maps of primary and secondary
evacuation routes and post these throughout the
organization
Develop a method for communicating the “all
clear” signal
Disaster Contingency and
Recovery Planning - II
The Backup Plan
Store duplicates of vital software, data, and records in off-
premise (and if possible geographically distant) locations
Identify key critical and non-critical full-time and part-time
employees and temporary hires
Cross-train employees
Select the most appropriate type of backup system
• manual backup system
• reciprocal arrangements with other firms
• third-party agreements with data-processing service bureaus
• cold sites
• hot sites
• co-operative hot sites
• flying hot sites
Disaster Contingency and
Recovery Planning - III
The Recovery Plan
Appoint a recovery manager and second-in-command
Select and off-site facility to store backups and periodically inspect
the facility
Maintain liaison with insurance firms to facilitate early assessment
of damage
Maintain communication with customers and vendors
Establish a time-table for recovery
Establish a strategy to ensure the strict control of applications
processed at the backup site
Copyright © 2000 John Wiley & Sons, Inc. All rights reserved.
Reproduction or translation of this work beyond that permitted in
Section 117 of the 1976 United States Copyright Act without the express
written permission of the copyright owner is unlawful. Request for
further information should be addressed to the Permissions Department,
John Wiley & Sons, Inc. The purchaser may make back-up copies for
his/her own use only and not for distribution or resale. The publisher
assumes no responsibility for errors, omissions, or damages, caused by
the use of these programs or from the use of the information contained
herein.
Accounting Information Systems:
Essential Concepts and Applications
Fourth Edition by Wilkinson, Cerullo, Raval,
and Wong-On-Wing
Operational Audits
Compliance Audits
Project Management and Change Control
Audits
Internal Control Audits
Financial Audits
Fraud Audits
Figure 10-1
Types of Auditors
Internal Auditors
External Auditors
Government Auditors
Fraud Auditors
Basic Auditing
Considerations
Ethics and Auditing Standards
Need for Ethics
Content of Standards
Effect of Automation on Standards
Impact of Computerization on Audit
Procedures
Transaction Cycle Approach to Auditing
The Auditing Process
Computer is a “black-box.”
Assumption: If the auditor can show that the
actual outputs are the correct results to be
expected from a set of inputs to the processing
system, then the computer processing must be
functioning in a reliable manner
Involves tracing selected transactions from
source documents to summary accounts and
records, and vice-versa
A “Non-Processing of Data” Method
Auditing Around the
Computer - II
Master File
Regular Processing
Normal Run Documents, Listings,
Processing Registers, Reports
Regular
Transactions
Auditor
Comparison
Selected
Transactions Predetermined
Audit Test Results
Figure 10-4a
Auditing Through the
Computer
Should be applied to all complex automated
processing systems
Periodic direct and real-time processing applications where
the audit trail is impaired
Methods include:
Test Data
Integrated Test Facility
Embedded Audit Module Techniques
Program Code Checking
Parallel Processing
Parallel Simulation
Controlled Processing
All auditing-through-the-computer techniques
provide evidence concerning the level of control
risk.
Auditing Through the
Computer: An Illustration
Exception
Report
Master File Regular Documents,
Processing Run Listings, Registers,
Normal Processing
Regular Reports
Transactions
Exception
Report
Master File
Regular Audit
Processing Run Summary Results
from Tests Comparison
Audit Test
Transactions
Predetermined
Audit Test
Results
Figure 10-4 b
Auditing with the
Computer - I
Exception
Report
Control and
Specification GAS
File Package
Figure 10-5
Advantages of GAS
Packages
Allow auditors to access computer-readable records
for a wide variety of applications and organizations
Enable auditors to examine much more data than
could be examined through manual means
Rapidly and accurately perform a variety of routine
audit functions, including the statistical selection of
samples
Reduce dependence on non-auditing personnel for
performing routine functions like summarizing data,
thereby enabling auditors to maintain better control
over the audit
Require only minimal computer knowledge on the
part of the auditor
Disadvantages of GAS
Packages
They do not directly examine the
applications program and programmed
checks.
They cannot replace audit-
through-the-computer
techniques
Situations Triggering DP
Operational Audits
An apparently excessive cost for computer services
A major shift in corporate plans
A proposal for a major hardware or software upgrade
or acquisition
An inability to attract and retain computer DP
executives
A new DP executive’s need for an intensive
assessment
An inordinate amount of personnel turnover within
the DP department
A proposal to consolidate or distribute DP resources
A major system that appears unresponsive to needs
or is difficult to enhance or maintain
An excessive or increasing number of user complaints
Accounting Information Systems:
Essential Concepts and Applications
Fourth Edition by Wilkinson, Cerullo,
Raval, and Wong-On-Wing
Copyright © 2000 John Wiley & Sons, Inc. All rights reserved.
Reproduction or translation of this work beyond that permitted in
Section 117 of the 1976 United States Copyright Act without the express
written permission of the copyright owner is unlawful. Request for
further information should be addressed to the Permissions Department,
John Wiley & Sons, Inc. The purchaser may make back-up copies for
his/her own use only and not for distribution or resale. The publisher
assumes no responsibility for errors, omissions, or damages, caused by
the use of these programs or from the use of the information contained
herein.
Accounting Information Systems:
Essential Concepts and Applications
Fourth Edition by Wilkinson, Cerullo, Raval,
and Wong-On-Wing
Sales Cash
Cash Receipts Journal Payroll Purchases Disbursements
Journal Journal Vouchers Journal Journal Journal
Managerial
Reports
Balance Income Cash-flow
Figure 11-1 Sheet Statement Statement
Computerized Transaction
Processing System
T1 T2 T3 T4 T5 T6 T7
D1
D1 D2 D3 D4 D5 D6
M1
A1
P1 D9
D8 P2
D2 D3
D7
Display
T8 T9
Figure 11-2 (see text book for details)
Benefits & Differences of a Computer-
Based General Ledger System - I
Figure 11-3
Continued
The Central Role of the General
Ledger & Financial Reporting Cycle
Journal Vouchers
A non-routine, adjusting, reversing, or
correcting transaction
A summarization of a batch of
routine transactions
Computer-oriented inputs
The Batch-entry journal voucher
A pre-formatted data-entry screen
Individual non-routine journal entries
Data Processing
Daily Processing
High volume transactions
sales
cash receipts
purchases
cash disbursements
payroll
End of Period Processing
Standard entries
Nonrecurring adjusting entries
Information Output
General General
Ledger Ledger
Prepare History File
Master various Journal
File listings and
Responsibility financial Voucher
Center statements & History
managerial File
Master File reports
General ledger
Statement of Budgetary Control
Journal entry change report Comparative
cash flows Reports
Journal entry balance sheets
General ledger
proof listing trial balance Comparative Income
analyses of statements
general ledger Responsibility
Figure 11-11 accounts Center Reports
Responsibility Reporting
President
VP VP VP VP VP
Finance & Engineering Production Marketing Industrial
Accounting Relations
Figure 11-15
File-Oriented Approach to
Data Management
Account Account Account Account Total Total Total Total Current Debits
Number Description Classification Balance Debits Credits Debits Credits Account or
beginning year-to year-to current current Balance Credit
of year - year -year month month
Figure 11-17
Linked Tables within a General
Ledger Relational Data Base
Account Responsibility Budgeted Total Debits Total Credits
Number Code amount for month Month-to-date Month-to-date
Figure 11-18
The General Ledger’s Risk
Exposures
1) Incorrect journal entries
2) Incorrect posting of journal entries
3) Transactions not recorded or not posted
4) Inadequate authorization for journal entries
5) Control accounts out-of-balance with subsidiary
ledgers
6) Imbalances between debit and credit balance
accounts
7) Defects or breaks in the audit trail
8) Interception of data transmitted via the web
9) Unauthorized access to and viewing of confidential
data via the Web
10) Unauthorized alterations to the company’s financial
data via the Web
11) Breakdown of the Web server
General Controls Pertaining to
the General Ledger
Organizational Controls
Documentation Controls
Asset Accountability Controls
Management Practice Controls
Data Center Operations Controls
Authorization Controls
Access Controls
Passwords
Special terminals
Access logs
Transaction logs
Frequent backups
Application Controls Pertaining
to the General Ledger: Input
Validity check
Field check
Limit check
Zero-balance check
Completeness check
Echo check
Programmed Checks for Editing
& Validating Journal Entry Data
Authentication
Authorization
Accountability
Data Transmission
Disaster Contingency & Recovery
Plan
Accounting Information Systems:
Essential Concepts and Applications
Fourth Edition by Wilkinson, Cerullo,
Raval, and Wong-On-Wing
Copyright © 2000 John Wiley & Sons, Inc. All rights reserved.
Reproduction or translation of this work beyond that permitted in
Section 117 of the 1976 United States Copyright Act without the express
written permission of the copyright owner is unlawful. Request for
further information should be addressed to the Permissions Department,
John Wiley & Sons, Inc. The purchaser may make back-up copies for
his/her own use only and not for distribution or resale. The publisher
assumes no responsibility for errors, omissions, or damages, caused by
the use of these programs or from the use of the information contained
herein.
Accounting Information Systems:
Essential Concepts and Applications
Fourth Edition by Wilkinson, Cerullo, Raval,
and Wong-On-Wing
Electronic commerce
Larger customer base
Quicker processing of transactions
Less paperwork
Greater efficiency & productivity
Self-service
AICPA’s Web-Trust and competing services
Information Output
Monthly statement
Open orders report
Sales Invoice register
Shipping register
Cash receipts journal
Credit memo register
Scheduled Managerial
Reports
Accounts receivable aging schedule
Reports on critical factors
Average dollar value per order
Percentage of orders shipped on time
Average number of days between the order
date and shipping date
Sales analyses
Salesperson
Sales region
Product lines
Customers
Markets
Cash flow statements
Demand Managerial
Reports
Figure 12-17
Types of Managerial Decisions
Pertaining to the Revenue Cycle
Financial Decisions
What criteria are to be employed in granting credit to potential
customers?
What collection methods are to be employed in minimizing bad
debts?
What accounts receivable records are to be maintained
concerning amounts owed by customers?
What sources, other than receipts from sales, are to be
employed in obtaining needed funds for operations?
What financial plans and cash budgets are to be established for
the coming year?
Figure 12-19
Relational Data Structure for the
Sales Aspect of the Revenue Cycle
Customer Customer Customer Phone Credit Trade Account Balance Year-to-date Year-to-date
Number Name Shipping Number Limit Discount Beginning of Year Sales Payments
Address Allowed
Product Description Warehouse Unit of Reorder Economic Unit Name of Quantity on Quantity on
Number Location Measure Point Reorder Cost Preferred Order Hand
Quantity Supplier
Risk Exposure
1) Credit sales made to customers 1) Losses from bad debts
who represent poor credit risks
2) Unrecorded or unbilled shipments 2) Losses of revenue; overstatement
of inventory and understatement of
accounts receivable in the balance
sheet
3) Errors in preparing sales invoices 3) Alienation of customers and
possible loss of future sales; losses of
revenue
Figure 12-22
Risk Exposures in the
Revenue Cycle - II
Risk Exposure
4) Misplacement of orders from 4) Losses of revenue and alienation of
customers or unfilled backorders customers
5) Incorrect posting of sales to 5) Incorrect balances in accounts
accounts receivable records receivable and general ledger account
records
6) Posting of revenues to wrong 6) Overstatement of revenue in one
accounting periods, such as premature year (year of premature booking) and
booking of revenues understatement of revenue in the next
Risk Exposure
7) Fictitious credit sales to nonexistent Overstatement of revenues and
customers accounts receivable
8) Excessive sales returns and 8) Losses in net revenue, with the
allowances with certain of the credit proceeds from subsequent payments
memos being for fictitious returns by affected customers being
fraudulently pocketed
9) Theft or misplacement of finished 9) Losses in revenue; overstatement
goods in the warehouse or on the of inventory on the balance sheet
shipping dock
Risk Exposure
13) Accessing of accounts receivable, 13) Loss of security over such records,
merchandise inventory, and other with possibly detrimental use made of
records by unauthorized persons the data accessed
14) Involvement of cash, merchandise 14) Losses of or damages to assets
inventory, and accounts receivable
records in natural or human-made
disasters
15) Planting of virus by disgruntled 15) Loss of customer accounts
employee to destroy data on magnetic receivable data needed to monitor
media collection of amounts from previous
sales
Risk Exposure
16) Interception of data transmittal 16) Loss of data which may be used to
between customers and the web site the detriment of customers
17) Unauthorized viewing and 17) Loss of security over customer
alteration of other customer account records resulting in misstatement of
data via the Web accounts receivable balances
18) Denial by a customer that an 18) Loss of sales revenues
online order was placed after the
transaction is processed
Risk Exposure
19) Use of stolen credit cards to place 19) Loss of shipped goods for which
orders via the Web payments will not be received
20) Breakdown of the web server due 20) Loss of sales revenues and
to unexpectedly high volume of alienation of customers
transactions
Organizational Controls
Units with custodial functions should be kept
separate from each other
Custodial functions should furthermore be
segregated from record-keeping functions
For computerized systems, systems
development should be kept separate from
systems operations
General Controls of the
Revenue Cycle - II
Documentation Controls
Asset Accountability Controls
Management Practice Controls
Data Center Operations Controls
Authorization Controls
General Controls of the
Revenue Cycle - III
Access Controls
Assigned passwords that authorized clerks must enter to access
accounts receivable and other customer-related files, in order to
perform their strictly defined tasks
Terminals that are restricted in the functions they allow to be
performed with respect to sales and cash receipts transactions
Logging of all sales and cash receipt transactions upon their
entry into the system
Frequent dumping of accounts receivable and merchandise
inventory master files onto magnetic tape backups
Physically protected warehouses and safes
A lockbox collection system in situations where feasible
Application Controls of the
Revenue Cycle: Input - I
1) Prepare pre-numbered and well-
designed documents relating to sales,
shipping, and cash receipts, with each
prepared document being approved by an
authorized person
2) Validate data on sales orders and
remittance advices as the data are
prepared and entered for processing. In
computer-based systems, validation
should be performed by means of
programmed edit checks. When data are
keyed into computer-readable medium,
key verification is also appropriate
Application Controls of the
Revenue Cycle: Input - II
Authentication
Authorization
Use of an Access Control List
Accountability
Data Transmission
Disaster Contingency & Recovery Plan
Accounting Information Systems:
Essential Concepts and Applications
Fourth Edition by Wilkinson, Cerullo,
Raval, and Wong-On-Wing
Copyright © 2000 John Wiley & Sons, Inc. All rights reserved.
Reproduction or translation of this work beyond that permitted in
Section 117 of the 1976 United States Copyright Act without the express
written permission of the copyright owner is unlawful. Request for
further information should be addressed to the Permissions Department,
John Wiley & Sons, Inc. The purchaser may make back-up copies for
his/her own use only and not for distribution or resale. The publisher
assumes no responsibility for errors, omissions, or damages, caused by
the use of these programs or from the use of the information contained
herein.
Accounting Information Systems:
Essential Concepts and Applications
Fourth Edition by Wilkinson, Cerullo, Raval,
and Wong-On-Wing
Purchases
Request for Proposals
Inventory Status Reports
Receiving
Receiving Report
Payables
Disbursements Voucher File
Preparing Analyses & Reports
Handling Purchase Returns & Allowances
Debit Memorandum
Cash Disbursements
Processing System
Inventory Decisions
What levels of merchandise inventory should
be stocked?
When should particular inventory be
reordered?
What quantities of particular inventory items
should be reordered?
When should long term purchase contracts be
obtained for particular inventory items?
Figure 13-11
Managerial Decisions Pertaining to
the Expenditure Cycle - II
Financial Decisions
What policies concerning purchase terms and
discounts should be established?
What level of service should departments be
allowed to inquire?
What accounts payable records are to be
maintained concerning amounts owed to
suppliers?
What financial plans and budgets are to be
established for the coming year?
What sources of funds are to be employed?
Figure 13-11 Continued
Operational Listings &
Reports
Voucher Register
Check Register
Open Purchase Order Report
Open Invoices Report
Inventory Status Report
Overdue Deliveries Report
Scheduled Managerial
Reports
Figure 13-17
Control Objectives - I
Figure 13-20
Risk Exposures Within the
Expenditure Cycle - II
Risk Exposure(s)
5) Creation of fictitious invoices 5) Overstatement of inventory;
and other purchasing losses of cash disbursed
documents
6) Lack of vigilance in writing 6) Overstatement of inventory
down inventory that is aged or
damaged
7) Omission of liabilities, such 7) Understatement of liabilities
as material contingencies
8) Overcharges (with respect 8) Excessive purchasing costs
either to unit prices or to
quantities) by suppliers for
goods delivered
Organizational Controls
Documentation Controls
Asset Accountability Controls
Management Practices Controls
Training & Bonding of employees
Systems development & changes subject to
prior approvals, testing, and sign-off
Audits on purchases and cash disbursements
Periodic review and analyses of account
activity and computer-approved transactions
General Controls - II
Validity check
Self-checking digit
Field check
Limit check
Range check
Relationship check
Sign check
Completeness check*
Echo checks*
* = applicable only to online systems
Web Security Procedures
Authentication
Authorization
Accountability
Data Transmission
Disaster Contingency & Recovery Plan
Accounting Information Systems:
Essential Concepts and Applications
Fourth Edition by Wilkinson, Cerullo,
Raval, and Wong-On-Wing
Copyright © 2000 John Wiley & Sons, Inc. All rights reserved.
Reproduction or translation of this work beyond that permitted in
Section 117 of the 1976 United States Copyright Act without the express
written permission of the copyright owner is unlawful. Request for
further information should be addressed to the Permissions Department,
John Wiley & Sons, Inc. The purchaser may make back-up copies for
his/her own use only and not for distribution or resale. The publisher
assumes no responsibility for errors, omissions, or damages, caused by
the use of these programs or from the use of the information contained
herein.
Accounting Information Systems:
Essential Concepts and Applications
Fourth Edition by Wilkinson, Cerullo, Raval,
and Wong-On-Wing
Scope
Data Types and Sources
Behavioral Issues
Communicate openly with the persons
to be affected by the system project
Encourage participation by the affected persons
throughout the survey
Emphasize the positive aspects of the project and
explain that the resulting system can better meet the
users’ needs
Reduce the fears of employees and managers by
establishing and publicizing fair personnel policies
A Checklist for Analyzing
Information Systems - I
Are tasks and responsibilities clearly defined and
assigned?
Are tasks and responsibilities distributed
effectively among employees and organizational
units?
Are the policies and procedures understood and
followed?
Does the productivity of the clerical employees
appear to be satisfactorily high?
Do the various organizational units cooperate
and coordinate well in maintaining smooth flows
of data?
Figure 14-8
A Checklist for Analyzing
Information Systems - II
Does each product achieve its intended
objective?
Are redundant processing operations being
performed?
How necessary is the result accomplished by
each operation?
Do unnecessary delays occur in obtaining
and/or processing data?
Do any operations cause bottlenecks in the flow
of data?
Are the number of errors that occur in each
operation minimized?
Figure 14-8 Continued
A Checklist for Analyzing
Information Systems - III
Are physical operations adequately planned and
controlled?
Is the capacity of the information system
sufficient to handle the average volumes of data
without large backlogs?
Are the peak volumes of data handled
adequately?
How easily does the system adapt to
exceptional occurrences and growth in use?
How necessary is each document?
Is each document suitably designed for efficient
use?
Figure 14-8 Continued
A Checklist for Analyzing
Information Systems - IV
Are all copies of documents necessary?
Can reports be prepared easily from the files
and documents?
Does unnecessary duplication occur in files,
records, and reports?
Are files easily accessible and kept up-to-date?
Are sound performance standards developed
and kept up-to-date?
Is data processing equipment being used
effectively?
Is the system of internal control adequate?
Do the informal flows of data and information
harmonize with the formal flows?
Figure 14-8 Continued
A List of Information
Systems Capabilities
Figure 14-9
One-time Costs for a New or Improved
Computer-based Information System - I
Figure 14-16
Recurring Costs Related to a Computer-
Based Information System - II
Information System Maintenance Costs
Salaries for systems analysts, programmers, repair
technicians, and others
Replacement parts and upgrades
Printing costs for documentation
Information System Administration Costs
Salaries of systems management, data-base
administrator, internal auditors, secretaries, and
others
Insurance
Taxes
Space and building occupancy costs
Figure 14-16 Continued
Typical Conceptual Design
Specifications - I
Figure 14-17
Typical Conceptual Design
Specifications - II
Generalized in nature
Acquiring firm is dependent on the
software vendor for support
and maintenance and
upgrades
The Sequence in Designing
System Components
Design Controls
& Security Measures
Figure 14-19
A List of Design Principles
Figure 14-20
System Justification & Selection in the
Systems Development Life Cycle
Determination
of Design
Feasibility
Systems
Planning
Solicitation of
Hardware and
Software Proposals
Systems Evaluation of
Analysis System
Proposals
Selection of
Systems System Hardware
and Software
Design
Figure 14-22
A List of Resource
Specifications - II
Hardware Specifications
Processor speeds and capabilities
Secondary storage capacities and access
capabilities
Input-output speeds and capabilities
Compatibility features
Modularity features
Error detection and correction techniques
Data communication capabilities
Special features, such as multiprogramming and
virtual storage
maximum allowable downtime as a percentage of
total time
Software Specifications
Programming languages and compilers
Utility packages
Application packages
Operating system capabilities
Data management packages
System Support Specifications
Programming assistance
Training programs
Test facilities and time available
Backup facilities
Maintenance assistance
Standards development
System components
Performance
Documentation
Documentation
File conversion
Implementation Activities - IV
Fine tuning
Post-implementation evaluation
To assess the degree to which the
objectives of the system project have been met
To spot any additional modifications that might be
needed in the newly designed system
To evaluate the project team’s performance, both in
terms of a quality product and adherence to the
project schedule and work plan
To serve as the basis for improving future systems
developments and accuracy of cost and benefit
estimates
A Framework Pertaining to the Control
of System-Related Resources
Copyright © 2000 John Wiley & Sons, Inc. All rights reserved.
Reproduction or translation of this work beyond that permitted in
Section 117 of the 1976 United States Copyright Act without the express
written permission of the copyright owner is unlawful. Request for
further information should be addressed to the Permissions Department,
John Wiley & Sons, Inc. The purchaser may make back-up copies for
his/her own use only and not for distribution or resale. The publisher
assumes no responsibility for errors, omissions, or damages, caused by
the use of these programs or from the use of the information contained
herein.