The Information System:

An Accountant’s
Perspective
Recognize the primary information flows within the business
environment.

Understand the difference between accounting information systems and

management information systems.

Understand the difference between financial transactions and non-

financial transactions.

Know the principal features of the general model for information

systems.

Understand the organizational structure and functional areas of a

business.
Information is a business resource.

Operations management directly responsible for controlling

day-to-day operations.

Middle management accountable for short-term planning

and coordinating activities to accomplish organizational
objectives.

Top management responsible for longer-term planning and

setting organizational objectives.
 Information Objectives
The goal of an information system is to
support

• The firm’s day to day operations

• Management decision making
• The stewardship function of management.
 An Information Systems Framework
The information system is the set of formal procedures by which data are
collected, processed into information, and distributed to users.

A transaction is an event that affects or is of interest to the organization

and is processed by its information system as a unit of work.

A financial transaction is an economic event that affect the assets and

equities of the organization, is reflected in its accounts and is measured in
monetary terms.

A nonfinancial transaction is an event that doesn’t meet the definition of

a financial transaction.
 An Information Systems Framework
Accounting information system (AIS) processes financial
and some nonfinancial transactions. Three subsections:
• Transaction processing system (TPS) which supports
daily business operations.
• General ledger/financial reporting system (GL/FRS)
which produces reports.
• Management reporting system (MRS) which provides
information for decision making.

Management information system (MIS) processes

nonfinancial transactions not processed by the AIS.
 AIS SUBSYSTEM
Transaction Processing System (TPS)
• Converts economic events into financial transactions.
• Records financial transactions in the accounting records
• Distributes essential financial information to support operations.

General ledger/financial reporting system (GL/FRS) takes information from

the TPS and other input and:
• Updates general ledger control accounts.
• Handles nondiscretionary reporting requirements.

Management reporting system (MRS) provides the internal information needed

to manage a business and handles discretionary reporting.
 A General Model for AIS
End users fall into two groups:
• External users include creditors, stockholders, government agencies, suppliers and
customers.
• Internal users include management and operations personnel.
Distributes essential financial information to support operations.

Data are facts which may or may not be processed and have no direct effect on a user’s
actions.

Information causes a user to take an action that would otherwise not have been taken.

Data sources are financial transactions that enter the information system for internal or
external sources.
 A General Model for AIS
The levels in the data hierarchy:

Data Attribute is the most elemental piece of potentially useful data in

the database.
Record is a complete set of attributes for a single occurrence within an
entity class.
File (or table) is a complete set of records of an identical class.
Database management involves three fundamental tasks: storage,
retrieval and deletion.
 A General Model for AIS
Operational Stages in the Information System:
• Data collection
• First operational stage in the information system. The objective is to ensure data
are valid, complete and free from material errors.
• Only relevant data should be captured.
• Efficient collection procedures designed to collect data only once.

• Data processing tasks range from simple to complex.

The organization’s database is its physical repository for financial and
nonfinancial data.
(Term could apply to a filing cabinet or computer disk.)
 A General Model for AIS
Operational Stages in the Information System (continuation):

• Information generation is the process of compiling, arranging, formatting, and

presenting information to users.

Regardless of physical form, useful information has:

Relevance: Content must serve a purpose.
Reliability: When it gives same repeated result
Timeliness: No older than time frame of supported action.
Accuracy: Free from material errors.
Completeness: All essential information is present.
Summarization: Aggregated for the user’s needs.

Feedback is a form of output sent back to the system as a source of data.

 The Accounting Function
Accounting manages the financial resource of the firm:
• Captures and records transactions
• Distributes transaction information to operations personnel.

Value of information is determined by its

• Relevance
• Reliability
• Timeliness
• Accuracy
• Completeness
• Summarization
Unreliable information has no value.
I
 The Accounting Function
• Information reliability requires accounting independence.
• Accounting activities must be separate and independent of
the functional areas maintaining custody of resources.
• Accounting supports these functions with information but
does not participate in the physical activities.
 Information Technology
Systems Development is the process organizations use to acquire information
systems. It can be purchased or built from scratch.

Commercial software available for general accounting and industry specific

applications. Sometimes called turnkey systems because can be implemented
with little modification.

Custom software is developed through a formal process called the system

development life cycle. Requires an in-house team of qualified individuals.

Systems maintenance may be trivial or significant. Between 80% - 90% of

system’s total cost may be incurred because of maintenance activities.
 The Role of Accountants in AIS
IT professionals determine the most economical and effective technologies for the
physical system, including data storage.

Accountants play a prominent role on system development teams as domain experts,

responsible for many aspects of the conceptual system including specifying rules,
reporting requirements and internal control objectives.

Types of Audits in AIS

External audit is an independent attestation and opinion (audit report) regarding
financial statement presentation.
Requires auditors (independent CPAs) to test internal controls and perform
substantive tests of data.
Critical element is auditor independence, which means the auditor is free from factors
that might influence the audit report.
 The Role of Accountants in AIS
Types of Audits in AIS (continuation)
Prior to SOX, accounting firms were permitted to provide both advisory and attest
services to clients.

SOX legislation restricts non-audit services that auditors may provide and prohibits
auditors from providing these services:
• Other accounting services including bookkeeping, financial information systems
design and implementation, appraisal or valuation, actuarial, and internal audit
outsourcing.
• Management or human resources, broker or dealer, investment adviser, or
investment banking services.
• Legal services and expert services unrelated to the audit.
• Any other service that the Board determines, by regulation, is impermissible.
 The Role of Accountants in AIS
Types of Audits in AIS (continuation)
Internal auditing is an independent appraisal function within an organization to
examine and evaluate activities. External auditors represent outsiders and internal
auditors represent the interests of the organization.

Fraud audits have increased in popularity as a corporate governance tool.

It may be initiated by managers to investigate employees or the board to investigate
management.

Audit Committees serves an independent “check and balance” for internal audit
functions and a liaison with external auditors. Usually three people, one of which must
be a “financial expert”.
 Ethical Issues in Business
Computer ethics analyzes the social impact of computer technology and formulation
and justification of policies for the ethical use of technology.

Para computer ethics involves taking an interest in computer ethics cases and acquiring
some level of skill and knowledge in the field.

Issues of concern include:

• Privacy and ownership in the personal information industry.
• Security involving accuracy and confidentiality.
• What can an individual or organization own?
• Equity of access issues related to economic status, culture and safety.
• Environmental issues, artificial intelligence, unemployment and displacement and
computer misuse.
 Ethical Issues in Business
Sarbanes-Oxley Act (SOX) Section 406 requires public companies to disclose to the
SEC if they have a code of ethics that applies to the CEO, CFO and controller.
If a company does not have a code, it must explain why.

Compliance with 406 requires a code of ethics that addresses:

• Procedures for dealing with conflicts of interest.
• Full and fair disclosures to ensure candid, open, truthful disclosures
• Requiring employees to follow applicable laws, rules and regulations.
• A mechanism to permit prompt internal reporting of ethical violations.
• Taking appropriate actions when code violations occur.
 Fraud and Accountants
The Fraud Triangle factors that contribute to fraud:
• Situational pressures that coerce an individual to act dishonestly.
• Opportunity through direct access to assets.
• Rationalization (Ethics) which relate to one’s character and moral compass.

Fraud losses equal 5% of revenue. Actual cost difficult to quantify and do not include
indirect losses.
Most frauds are committed by employees than managers, the losses are much higher
for managers and owners.
Collusion in the commission of a fraud is difficult to prevent and detect.
 Internal Control Concepts and Techniques
The internal control system consists of policies, practices and procedures to achieve
four broad objectives:

Safeguard assets of the firm.

Ensure accuracy and reliability of accounting records and information.
Promote efficiency of the firm’s operations.
Measure compliance with management’s prescribed policies and procedures.
 Internal Control Concepts and Techniques
Modifying Assumptions to the Internal Control Objectives:

Management Responsibility
The establishment and maintenance of a system of internal control is the
responsibility of management.
Reasonable Assurance
Cost of achieving objectives should not outweigh the benefits.
Methods of Data Processing
Control techniques vary with different types of technology.
Limitations
These include (1) possibility of error, (2) circumvention, (3) management override
and (4) changing conditions.
 Internal Control Concepts and Techniques
The absence or weakness of a control is an exposure:
May result in asset destruction or theft and corruption or disruption of the information
system.

Preventive controls are passive techniques designed to reduce undesirable events

by forcing compliance with prescribed or desired actions. Preventing errors and fraud
is more cost-effective than detecting and correcting them.

Detective controls are designed to identify undesirable events that elude preventive
controls.

Corrective controls are actions taken to reverse the effects of errors detected.
 Internal Control Concepts and Techniques
Public company management responsibilities are codified in Sections 302 and 404 of
SOX:

Section 302 requires management to certify organization’s internal controls on a

quarterly and annual basis.

Section 404 requires management to assess internal control effectiveness.

The control environment sets the tone for the organization and influences control
awareness.
 Internal Control Concepts and Techniques
COSO internal control framework five components:

Organizations must perform a risk assessment to identify, analyze and manage financial
reporting risks.

The quality of information the AIS generates impacts management’s ability to take actions
and make decisions.

An effective system records all valid transactions and provides timely and accurate
information.

Monitoring is the process by which the quality of internal control design and operations
can be assessed.

Control activities are policies and procedures to ensure appropriate actions are taken
to deal with identified risks.
 Internal Control Concepts and Techniques
IT controls relate to the computer environment:
• General control pertain to entity-wide IT concerns.
• Application controls ensure the integrity of specific systems.

Physical controls relate to human activities:

• Transaction authorization is to ensure all material transactions processed are
valid.
• Segregation of duties controls are designed to minimize incompatible functions
including separating: (1) transaction authorization and processing and (2) asset
custody and record-keeping. Successful fraud must require collusion.
• Supervision is a compensating control in organizations too small for sufficient
segregation of duties.
 Internal Control Concepts and Techniques
Discussion on IT Application Controls:
IT application controls are associated with applications.
• Input control (edits) perform tests on transactions to ensure they are free
from errors.
* Check digit is a control digit(s) that is added to the data code when
originally assigned. Allows integrity to be established during processing
and helps prevent two common errors
*Transcription errors occur when (1) extra digits are added to a code,
(2) a digit is omitted from a code, or (3) a digit is recorded incorrectly.
* Transposition errors occur when digits are reversed.
* Missing data check identifies blank or incomplete input fields.
* Numeric-alphabetic check identifies data in the wrong form.
* Limit checks identify fields that exceed authorized limits.
 Internal Control Concepts and Techniques
• Input controls (cont’d):
* Range checks verify that all amounts fall within an acceptable range.
* Reasonableness checks verify that amounts that have based limit and
range checks are reasonable.
* Validity checks compare actual fields against acceptable values.
• Processing controls are programmed procedures to ensure an application’s logic
is functioning properly.
• Batch controls manage the flow of high volume transactions and reconcile system
output with original input .
• Run-to-run controls monitor batch from one process to another.
 Internal Control Concepts and Techniques
• Output controls are procedures to ensure output is not lost, misdirected or corrupted
and that privacy is not violated. This can cause disruption, financial loss and litigation.
* Controlling hard-copy output:
**Output data can become backlogged (spooling) requiring an
intermediate output file in the printing process.

**Proper access and backup procedures must be in place to protect

these files.

* Print programs controls should be designed to prevent unauthorized copies and

employee browsing of sensitive data.

* Sensitive computer waste should be shredded for protection.

* Report distribution must be controlled.

* End-user should examine reports for correctness, report errors and maintain r
report security.
Internal Control Concepts and Techniques
Discussions on Physical Controls
Physical controls relate to human activities:
• Accounting records consist of source documents, journals and ledgers
which capture economic essence and provide an audit trail.
• Access controls ensure that only authorized personnel have access to firm
assets.
• Independent verification procedures are checks to identify errors and
misrepresentations. Management can assess (1) individual performance, (2)
system integrity and (3) data correctness. Includes:

* Reconciling batch totals during transaction processing.

* Comparing physical assets with accounting records.
* Reconciling subsidiary accounts with control accounts.
* Reviewing management reports that summarize business activities.
Internal Control Concepts and Techniques
Audit trail controls ensure every transaction can be traced through each stage to
processing from source to financial statements.
Every transaction the system processes, including automatic ones, should be
recorded on a transaction log.

Master file backup controls may be viewed as either a general control or an

application control.

GFS (grandfather-father-son) backup is used with systems that use sequential

master files.

The destructive update approach leaves no backup copy and requires a special
recovery program if data is destroyed or corrupted.

Real-time systems schedule backups at specified daily intervals.