Accounting 4100: Accounting Systems

Types of AIS

1. Manual Systems
2. Legacy Systems
3. Modern, integrated IT Systems

Legacy System

Existing system, often based on old technology

Legacy Systems: Advantages

1. Customized to specific needs
2. Support unique business processes that are not inherent in accounting software
3. Contain invaluable historical data that may be difficult to integrate into a new system
4. Well supported and understood by existing personnel

Manual Systems- Turnaround document

is a document that has been output from a computer, some extra information added to it, and then returned to become an input document to be printed etc. For example, meter cards are produced for collecting readings from gas meters, photocopiers, water meters etc

Legacy System: Disadvantages

1. Costly to maintain
2. Often lack adequate supporting documentation
3. Hardware needed to maintain may become obsolete
4. Not usually based on user-friendly interface
5. Tends to use software written in older computer language
6. Often difficult to modify to make user friendly
7. Difficult to integrate when companies merge

Legacy System: Decision to replace or update

1. Screen scrapers - new system same screen
2. Enterprise Application Integration - merge systems
3. Complete replacement of Legacy Systems - new system
(Three ways to switch)

Data v. Information

Data - simply raw facts that describe an event and have little meaning on their own. It is an input.

Information - data organized in a meaningful way, Information is interpreted data. Information is an output.

Information overload

Computers can process and organize a large amount of data.

Too much information causes information overload. If there is too much information it is difficult to make a decision.

Attributes of useful information

Relevant
- Predictable Value
- Feedback Value
- Timely
Reliable
- Verifiable
- Representational Faithfulness
- Neutrality
- Understandable
Complete
Accessible

Processing Methods - Batch Processing Advantages

1 .Efficient for large volumes of like transactions
2. Audit trail is maintained
3. Generally use less costly hardware and software
4. Hardware and software systems are not as complicated as on-line systems
5. Generally easier to control than other types of computerized systems.
6. Personnel become specialized and efficient in processing routine transactions.

Processing Methods - Batch Processing Disadvantages

1. Processing can take longer
2. Adding or deleting records takes much computer maintenance time
3. Some data duplication is likely
4. integration across business processes is difficult in legacy systems that are batch oriented
5. Lag while all transactions in a batch are collected
6. May require that transactions and master files be sorted in the same sequential order

Value Chain

is a series of business processes that products pass through gaining some value at each activity

Primary activities - directly provide value to customer
1. Inbound logistics
2. Operations
3. Outbound Logistics
4. Marketing and Sales Activities
5. Service Activities

Value Chain

support activities sustain the primary activities
- Firm infrastructure (accounting and legal)
- Human Resource Management
- Technology
- Procurement

Information Technology

Computers, ancillary equipment, software, services, and related resources as applied to support business processes

IT Enablement

Using IT systems to enhance efficiency and effectiveness of internal or supply chain processes.

IT usage accomplishes one or more of the following objectives:
Increased efficiency of business processes
Reduced cost of business processes
Increased accuracy of the data related to business processes

Business Process Reengineering (BPR)

is the purposeful and organized changing of business processes to make them more efficient.

SOX

The Sarbanes-Oxley Act came about as a response to business scandals.

This act requires public companies and their auditors to assess and report on the design and effectiveness of internal control over financial reporting.

It also established the PCAOB, to provide standards and oversight to public companies and auditors.

SOX - Sections Pertaining to audit services

201- Services outside of practice of auditors (Only tax returns. Bad Audits. Auditors cannot provide services outside of audits)
203 -Auditor partner rotation
204 - Auditor reports to audit committee
301- Public company audit committees (Entirely independent board members)
404- Management assessment of internal controls (MOST IMPORTANT)

SOX - Sections that pertain to audit services

806- Protection for employees of publicly traded companies who provide evidence of fraud
409 - Real-time disclosures.
802 - Criminal penalties for altering documents.
1102- Tampering with a record or otherwise impeding an official proceeding.

Internal Controls

Objectives of Internal Control
1. Safeguard assets (from fraud or errors)
2. Maintain accuracy and integrity for accounting data
3. Promote operational efficiency
4. Ensure compliance with management directives

Internal Controls (Types)

Purpose to prevent errors and deter fraud.
1. Preventive
- Requiring authorization of documents (make sure someone else looks over documents)
2. Detective
- Bank Reconciliations (Make sure everything is accounted for)
3. Corrective
- Backup Files

Risk Assessment

Process of identifying and analyzing risks. Companies should determine the likelihood and impact of risk. Types of Risk:

- Inherent Risk - risk related to the nature of the business activity
- Control Risk - in the threat that errors or irregularities will not be prevented, detected, or corrected by internal controls.

- Residual Risk - the risk that remains after controls are put in to place

Risk Responses

Situation: Warehouse Catching Fire
Reduce - Sprinkler system

Share - Insurance

Avoid - Won't place warehouse in a certain location

Accept -go on with life

Control Activities (Internal)

Physical Controls are mainly manual but they could use computers:
- Authorization
- Segregation of Duties
- Supervision
- Accounting Documents and Records
- Access Control
- Interdependent Verification

Control Activities: Segregation of Duties or Supervision

Want to keep all three separate:
- Authorization (Signs checks)
- Recording (Makes journal entry)
- Custody (Has checks)

(Can't have one person doing too much because it could lead to fraud)

General Control Activities (IT Control Activities)

IT Controls can be split in to general controls and application controls.
The general controls apply overall to the IT system and include:
1. Authentication of users and limiting unauthorized access
2. Hacking and other network break-ins
3. Organized structure
4. Physical environment and physical security of the system
5. Business continuity

General Controls - Authentication

- Log-in
- User ID's
- Password
- Smart Card
- Security Token (Flash Drive)
- Two factor Authentication (Know and have)
- Biometric Devices

General Controls - Hacking and other Network Break-ins

- Firewall
- Symmetric Encryption -
- Public Key Encryption-
- Wired Equivalency Privacy
- Wireless Protected Access
- Virtual Private Network -
- Virus

General Controls - Physical Environment and Security

- Location
- Operating Environment
- Back-up systems

General Controls

AICPA Trust Services Principles categorizes IT controls and risks into five categories:
a. Security
b. Availability
c. Processing Integrity
d. Online privacy
e. Confidentiality

Processing Integrity

System processing is complete accurate, timely and authorized.

IT Application Controls

These controls are specific to a subsystem and fall in to three categories.
Input Controls
Data Input - data converted from human readable form to computer readable form
Input Controls:
1. Source document controls
2. Standard procedures for data preparation and error handling
3. Programmed edit checks
4. Control totals and reconciliation

IT Application Controls - Input

Programmed Input Validation Checks
Data should be validated and edited to be as close to the original source of data as possible.
Input validation checks include:
1. Field Check
2. Validity Check
3. Limit Check
4. Range Check
5. Reasonableness Check
6. Completeness Check
7. Sign Check
8. Sequence Check
9. Self-checking digit

Fraud

theft , concealment,and conversion to personal gain of another's money, physical assets, or information

Misappropriation of assets

defalcation or internal theft (actual physical stealing of assets)

The Fraud Triangle

1. Incentive or pressure - get "something" from it, money
2. Opportunity
3. Attitude to Rationalize - attitude to think its okay "I'll pay it back" or "I deserve this"

ALL THREE MUST BE PRESENT
Exam: Which part is missing?

Employee Fraud

usually means that an employee steals cash or assets for personal gain
Kinds of employee fraud:
1. Inventory theft
2. Cash receipts theft
- Larceny
- Skimming
3. Accounts payable fraud (make fake invoice, prevent with separation of duties)
4. Payroll Fraud
5. Expense Account Fraud (Reimbursement of meals)

Employee Fraud - Larceny

steal cash after transaction , already in records

Employee Fraud - Skimming

steal before transaction occurs

Goals of information security

Security- access to the system and its data is controlled and restricted to legitimate users

Confidentiality - Sensitive organizational information (e.g., marketing plans, trade secrets) is protected from unauthorized disclosure.

Privacy - Personal information about customers is collected, used, disclosed, and maintained only in compliance with internal policies and external regulatory requirements and is protected from unauthorized disclosure

Processing integrity - data that is processed accurately, completely, in a timely manner, and only with proper authorization

Availability- the system and its information are available to meet operational and contractual obligations (available to use systems when needed)

Virtual Private Network

Private communication channels, often referred to as tunnels, which are accessible only to those parties possessing the appropriate encryption and decryption keys.
(In what situation would someone use a VPN)

Privacy Principles

1. Management
- Procedures and policies
- Assignment of responsibility

2. Notice
- To customers of policies

3. Choice and Consent
- Allow customers consent over information provided, stored

4. Collection
- Only what is necessary and stated in policy

5. Use and Retention
- Based on policy and only for as long as needed for the business

6. Access
- Customers should be capable of reviewing, editing, deleting information

7. Disclosure to 3rd parties
- Based on policy and only if the 3rd party has same privacy policy statement

8. Security
- Protection of personal information

9. Quality
- Allow customer review
- Information needs to be reasonably accurate

10. Monitor and Enforce
- Ensure compliance with policy

Sales and Collection Process

Process Includes:
- Maintaining Customer Records
- Making Sales
- Billing Customers
- Recording Payments
- Manage AR

(KNOW STEPS. WHEN MAKE SALES)

Sales and Collection process

Accounts Receivable
Sales Tax Payable
Sales
-Recording sale of products on account

Cash
Sales Tax Payable
Sales
- Sale of products for cash

Cost of Goods Sold
Inventory
- Recording Cost of Sales

Cash
Accounts Receivable
- Received payment for invoice

(KNOW WHICH ACCOUNT IS INVOLVED WITH EACH STEP)

Important Revenue Terms

- Purchase Order
- Sales Order
- Price list (Inv. #)
- Credit Limit
- Pick List
- Packing Slip
- Bill of Landing
- Shipping Log
- Sales Invoice (Bill)
- Sales Journal

Purchases and Expenditures Process

The process includes
- Buying inventory
- Maintaining Supplier Records
- Making Payments
- Manage AP

IT Enablement for Cash Disbursements

Three-Way Match is the matching of a purchase order to the related receiving report and invoice.
- Time consuming and expensive
- Business Process Reeginneering (BPR) - to improve efficiency effectiveness. IT systems include:
- Computer - based matching and checking of purchasing documents
- Evaluated receipt settlement (ERS)
- Electronic forms of purchase and payment

(ALL THREE MUST MATCH. IT MAKES PROCESS BETTER)

IT Enablement for Cash Disbursements

Automated Matching - software matches an invoice to its related purchase order and receiving report

Advantages
- reduce time
- costs
- errors, and
- duplicate payments in invoice processing

Risks
- system errors in the matching process
- unauthorized access
- fraud
- inadequate backup of files

Evaluated Receipt Settlement

receipt of goods is carefully evaluated and, if it matches the purchase order, settlement of the obligation occurs through this system

In the mid- 1990s, some companies began implementing invoice-less matching systems for purchasing and paying vendors

Conversion Process

The conversion process typically includes
- transfer of raw materials to work in the process
- transfer of work in process of finished goods
- account for costs of raw materials, director labor, and allocation of overhead

Conversion Process

1st Step - Sales Order or Sales Forecast
2nd Step - Logistics
3rd Step - Reporting

Logistics

is the logical, systematic flow of resources throughout the organization

Three Primary Components:
- Planning
- Resources Management
- Operations

Resource Management

- Maintenance and Control
- Human Resources
- Inventory Control
- Purchasing
- Receiving
- Stores
- Routing
- Warehousing
- Shipping

Logistics: Terms

Economic Order Quantities - figure out how much needs to be ordered
Raw Materials
Work-in Process
Finished Goods

Logistics: Operation

Operations
- Production - Making the product
- Quality Control

Just In Time

The minimization of inventory levels by the control of production so that products are produced on a tight schedule in time for their sale

Payroll Process

Acquire and maintain human resources
Capture and maintain employee data
Pay employees
Record cash and payroll liabilities and expenses

(PAYROLL PROCESS)

Fixed Asset Process

Purchasing property
Capturing and maintaining relevant data about assets
Paying for and recording assets
Recording depreciation and other expenses
Accounting for gains and losses

Terms - Payroll

- Human Resources Department
- Time Sheet
- Payroll Voucher - authorizes transfer of cash from main operating account to payroll account
- Payroll Register - to complete listing of paychecks for the current period
- Payroll disbursements journal

Fixed Assets Process

Acquisition - buying
Continuance - maintaining
Disposal - getting rid of

Fixed Asset Acquisition (Steps to Acquire)

- Initiated by user department
- Large cash outlays sometimes required
- Non-routine transactions that require specific Authorization
- Capital budget
- Fixed asset subsidiary ledger

Fixed Asset Continuance

Update cost data improvements
Update estimated figures as needed
Adjust for periodic depreciation
Keep track of the physical location of assets
Depreciation Schedule

Fixed Asset Disposal

Four Steps:
- Note data of disposal and calculate depreciation through this date
- Remove asset from fixed asset subsidiary ledger
- Remove related depreciation account
- Compute gain or loss

Common Fraud Issues for Payroll

Ghost Employee - employee that only exists on the payroll list but is not real
Clues that a ghost employee may exist:
- Payroll register identifies paycheck without adequate tax withholdings
- Personnel files contain duplicate addresses, Social Security numbers, or bank account numbers
- Payroll expenses are over budget
- Paychecks not claimed when paymaster distributes them
- Paychecks contain dual endorsements

Capital Process

Capital - is the funds used to acquire long-term, capital assets of an organization
Source of capital processes are those processes to
- authorize the raising capital
- the execution of raising capital , and
- the proper accounting of the capital

(ROUTINE AND NON-ROUTINE)

Capital Process

This process often requires board approval
Two primary types:
1. Equity (stock)
2. Debt (bonds or loans)

XBRL

Extensible Business Reporting Language (XBRL)- is designed to electronically communicate business information and is used to facilitate business reporting of financial and non financial data.

This allows each item in the financial statements to have its own computer readable and searchable tag

XBRL - Key Terms

XBRL Taxonomy - defines and describes each key data element

XBRL Instance Document - contain the actual dollar amounts or the details of each of the elements within the firm's XBRL database

XBRL Style Sheets - take the instance documents and add presentation elements to make the readable by humans

Types of Auditors

*CPAs *
Internal Auditor
IT Auditors
Government Auditors

Auditing Standards

Sources of Authoritative literature
- Generally Accepted Auditing Standards (GAAS)
- Public Company Accounting Oversight Board (PCAOB)
- Auditing Standards Board (ASB)

Generally Accepted Auditing Standards

- General Standards
Audit performed by people with the adequate technical training and proficiency of an Auditor. Independence of mental attitude and professional care to be practiced through entire audit process.

- Standards of Fieldwork
Audit adequately planned and supervised. An understanding of internal controls is obtained as part of the planning process. Adequate evidence is obtained to provide a reasonable basis for forming an overall opinion on the audit.

- Standards of Reporting
Reports state whether the financial statements are presented in accordance. Report identifies any circumstances where the established principles were not consistently applied. The report also expresses the fairness or unfairness of the financial statements.

Phases of an Audit

1. Planning
2. Tests of Controls
3. Substantive Tests- tests of accuracy of monetary amounts of transactions and account balances
4. Audit completion and reporting

Phases of an Audit

1. Planning
2. Tests of Controls
3. Substantive Tests - tests of the accuracy of monetary amounts of transactions and account balances
4. Audit Completion and reporting

Audit Planning

*Materiality* - estimate the monetary amounts that are large enough to make a difference in decision making.

Auditors review and assess the risks and controls, establish materiality guidelines, and develop relevant tests addressing the objectives.

Other Audit Considerations

Sampling
- Test a limited number of items or transactions and then draw conclusions about the balance as a whole on the basis of the results
- Auditors try to use sampling so that a fair representation of the population is evaluated
- The choice of an appropriate sampling technique is very subjective

SDLC (System Development Life Cycle)

IT governance committee should evaluate the feasibility of each competing proposal.
The four feasibility aspects:
1. Technical - analysis may be in the design phase
2. Operational
3. Economic - cost-benefit analysis
4. Schedule - do we have the time

Balanced Score Card

Recent studies show that management is investing in IT without actually understanding how to best implement it.

The Balanced Scorecard provides a tool that can describe the contribution of IT to the Company's strategy.

It is a performance measurement framework that allows managers to measure the firm's performance from multiple perspectives.

Balanced Scorecard Perspectives

Learning and Growth - addresses the firms goals for investments in human, information, and organizational capital.

Process Perspective - Describe the firm's objectives for its business processes.

Customer Perspective - Customer satisfaction focus

Financial Perspective - accounting-based performance that is used as a lagging indicator of firm performance - see how company did

Developing the Value Porpostion

Payback period= Initial investment / increased cash flow per period

Net Present value - sum of the present value of all cash outflows and inflows

Internal Rate of Return - the discount rate that makes the project's net present value equal to zero (break even)

Accounting Rate of Return = average annual income from project / total IT project cost

Payback Period

Initial investment / increased cash flow per period

ERP Systems

Enterprise Resource Planning (ERP) - system integrates all business processes and functions into a single software system, using a single database.

ERP system components:
1. Financials
2. Human Resources
3. Procurement and logistics
4. Product development and manufacturing
5. Sales and services
6. Analytics

Benefits of ERP

1. Interactive nature of the modules
2. Real-time nature of processing
3. "Best Practices" nature of the processes
4. Single database enhance sharing of information
5. Capability to analyze large amounts of data
6. Capability to enhance e-commerce and e-business
7. Capability to interact in real-time
8. ERP systems are scalable

Types of Stores

- Brick and Mortar - only have physical stores
- E-tailers - only sell stuff online
- Clicks and mortar (bricks and clicks) - a combination of both

Networks

two or more computers linked together

Types important to accounting:
- Local Area Network (LAN)
- Internet - all over the world
- Intranet - just people in one company
- Extranet - access to customers and vendors

Keys

Primary keys are attributes that uniquely identify a specific row or record in the table

Foreign Key - are attributes in one table that are the primary key of another, used to link the tables

Rules of the Databases

* The Entity Integrity Rule *- the primary key of a table cannot be null (no data value)

*The Referential Integrity* - the data value for a foreign key attribute must either be null or match one of the data values that already exist in the corresponding table

Each attribute must be uniquely named

Values of a specific attribute must be of the same type

Each attribute (column) of a record (row) must be single- valued. This requirement forces us to create a relationship table for each many-to-many relationship.

All other non-key attributes in a table must describe a characteristic of the entity identified by the primary key.


(KNOW TOP TWO)

(READ OTHER ONES)

Activity Models

These are basically flowcharts that show the sequence of workflow in a business process.

Multiplicities

Multiplicities (also called cardinalities) describe the minimum and maximum number of times an object in one class can be associated with objects in another class

Multiplicities for a class are represented by a pair of numbers placed on the opposite side of the association

(KNOW WHAT THEY ARE)

Business Rules

A business rule is a succinct statement of a constraint on a business process.

Obligatory. This rule form states what should occur: payment should be made in U.S dollars.

Prohibited. This rule form what should not occur :no payments by check

Allowed. This rule form says what is allowed under what conditions: credit card payments are allowed if the card is American Express.