Types of AIS
Manual Systems
Legacy Systems
Modern, integrated IT Systems
Legacy System
Existing system, often based on old technology
Legacy Systems: Advantages
Customized to specific needs
Support unique business processes that are not inherent in accounting software
Contain invaluable historical data that may be difficult to integrate into a new system
Well supported and understood by existing personnel
Manual Systems- Turnaround document
is a document that has been output from a computer, some extra information added to it, and then returned to become an input document to be printed etc. For example, meter cards are produced for collecting readings from gas meters, photocopiers, water meters etc
Legacy System: Disadvantages
Costly to maintain
Often lack adequate supporting documentation
Hardware needed to maintain may become obsolete
Not usually based on user-friendly interface
Tends to use software written in older computer language
Often difficult to modify to make user friendly
Difficult to integrate when companies merge
Legacy System: Decision to replace or update
Screen scrapers - new system same screen
Enterprise Application Integration - merge systems
Complete replacement of Legacy Systems - new system (Three ways to switch)
Data v. Information
Data - simply raw facts that describe an event and have little meaning on their own. It is an input.
Information - data organized in a meaningful way, Information is interpreted data. Information is an output.
Information overload
Computers can process and organize a large amount of data.
Too much information causes information overload. If there is too much information it is difficult to make a decision.
Attributes of useful information
Relevant
Predictable Value
Feedback Value
Timely Reliable
Verifiable
Representational Faithfulness
Neutrality
Understandable Complete Accessible
Processing Methods - Batch Processing Advantages
1 .Efficient for large volumes of like transactions 2. Audit trail is maintained 3. Generally use less costly hardware and software 4. Hardware and software systems are not as complicated as on-line systems 5. Generally easier to control than other types of computerized systems. 6. Personnel become specialized and efficient in processing routine transactions.
Processing Methods - Batch Processing Disadvantages
Processing can take longer
Adding or deleting records takes much computer maintenance time
Some data duplication is likely
integration across business processes is difficult in legacy systems that are batch oriented
Lag while all transactions in a batch are collected
May require that transactions and master files be sorted in the same sequential order
Value Chain
is a series of business processes that products pass through gaining some value at each activity
Primary activities - directly provide value to customer
Inbound logistics
Operations
Outbound Logistics
Marketing and Sales Activities
Service Activities
Value Chain
support activities sustain the primary activities
Firm infrastructure (accounting and legal)
Human Resource Management
Technology
Procurement
Information Technology
Computers, ancillary equipment, software, services, and related resources as applied to support business processes
IT Enablement
Using IT systems to enhance efficiency and effectiveness of internal or supply chain processes.
IT usage accomplishes one or more of the following objectives: Increased efficiency of business processes Reduced cost of business processes Increased accuracy of the data related to business processes
Business Process Reengineering (BPR)
is the purposeful and organized changing of business processes to make them more efficient.
SOX
The Sarbanes-Oxley Act came about as a response to business scandals.
This act requires public companies and their auditors to assess and report on the design and effectiveness of internal control over financial reporting.
It also established the PCAOB, to provide standards and oversight to public companies and auditors.
SOX - Sections Pertaining to audit services
201- Services outside of practice of auditors (Only tax returns. Bad Audits. Auditors cannot provide services outside of audits) 203 -Auditor partner rotation 204 - Auditor reports to audit committee 301- Public company audit committees (Entirely independent board members) 404- Management assessment of internal controls (MOST IMPORTANT)
SOX - Sections that pertain to audit services
806- Protection for employees of publicly traded companies who provide evidence of fraud 409 - Real-time disclosures. 802 - Criminal penalties for altering documents. 1102- Tampering with a record or otherwise impeding an official proceeding.
Internal Controls
Objectives of Internal Control
Safeguard assets (from fraud or errors)
Maintain accuracy and integrity for accounting data
Promote operational efficiency
Ensure compliance with management directives
Internal Controls (Types)
Purpose to prevent errors and deter fraud.
Preventive
Requiring authorization of documents (make sure someone else looks over documents)
Detective
Bank Reconciliations (Make sure everything is accounted for)
Corrective
Backup Files
Risk Assessment
Process of identifying and analyzing risks. Companies should determine the likelihood and impact of risk. Types of Risk:
Inherent Risk - risk related to the nature of the business activity
Control Risk - in the threat that errors or irregularities will not be prevented, detected, or corrected by internal controls.
Residual Risk - the risk that remains after controls are put in to place
Risk Responses
Situation: Warehouse Catching Fire Reduce - Sprinkler system
Share - Insurance
Avoid - Won't place warehouse in a certain location
Accept -go on with life
Control Activities (Internal)
Physical Controls are mainly manual but they could use computers:
Authorization
Segregation of Duties
Supervision
Accounting Documents and Records
Access Control
Interdependent Verification
Control Activities: Segregation of Duties or Supervision
Want to keep all three separate:
Authorization (Signs checks)
Recording (Makes journal entry)
Custody (Has checks)
(Can't have one person doing too much because it could lead to fraud)
General Control Activities (IT Control Activities)
IT Controls can be split in to general controls and application controls. The general controls apply overall to the IT system and include:
Authentication of users and limiting unauthorized access
Hacking and other network break-ins
Organized structure
Physical environment and physical security of the system
Business continuity
General Controls - Authentication
Log-in
User ID's
Password
Smart Card
Security Token (Flash Drive)
Two factor Authentication (Know and have)
Biometric Devices
General Controls - Hacking and other Network Break-ins
Firewall
Symmetric Encryption -
Public Key Encryption-
Wired Equivalency Privacy
Wireless Protected Access
Virtual Private Network -
Virus
General Controls - Physical Environment and Security
Location
Operating Environment
Back-up systems
General Controls
AICPA Trust Services Principles categorizes IT controls and risks into five categories: a. Security b. Availability c. Processing Integrity d. Online privacy e. Confidentiality
Processing Integrity
System processing is complete accurate, timely and authorized.
IT Application Controls
These controls are specific to a subsystem and fall in to three categories. Input Controls Data Input - data converted from human readable form to computer readable form Input Controls:
Source document controls
Standard procedures for data preparation and error handling
Programmed edit checks
Control totals and reconciliation
IT Application Controls - Input
Programmed Input Validation Checks Data should be validated and edited to be as close to the original source of data as possible. Input validation checks include:
Field Check
Validity Check
Limit Check
Range Check
Reasonableness Check
Completeness Check
Sign Check
Sequence Check
Self-checking digit
Fraud
theft , concealment,and conversion to personal gain of another's money, physical assets, or information
Misappropriation of assets
defalcation or internal theft (actual physical stealing of assets)
The Fraud Triangle
Incentive or pressure - get "something" from it, money
Opportunity
Attitude to Rationalize - attitude to think its okay "I'll pay it back" or "I deserve this"
ALL THREE MUST BE PRESENT Exam: Which part is missing?
Employee Fraud
usually means that an employee steals cash or assets for personal gain Kinds of employee fraud:
Inventory theft
Cash receipts theft
Larceny
Skimming
Accounts payable fraud (make fake invoice, prevent with separation of duties)
Payroll Fraud
Expense Account Fraud (Reimbursement of meals)
Employee Fraud - Larceny
steal cash after transaction , already in records
Employee Fraud - Skimming
steal before transaction occurs
Goals of information security
Security- access to the system and its data is controlled and restricted to legitimate users
Confidentiality - Sensitive organizational information (e.g., marketing plans, trade secrets) is protected from unauthorized disclosure.
Privacy - Personal information about customers is collected, used, disclosed, and maintained only in compliance with internal policies and external regulatory requirements and is protected from unauthorized disclosure
Processing integrity - data that is processed accurately, completely, in a timely manner, and only with proper authorization
Availability- the system and its information are available to meet operational and contractual obligations (available to use systems when needed)
Virtual Private Network
Private communication channels, often referred to as tunnels, which are accessible only to those parties possessing the appropriate encryption and decryption keys. (In what situation would someone use a VPN)
Privacy Principles
Management
Procedures and policies
Assignment of responsibility
Notice
To customers of policies
Choice and Consent
Allow customers consent over information provided, stored
Collection
Only what is necessary and stated in policy
Use and Retention
Based on policy and only for as long as needed for the business
Access
Customers should be capable of reviewing, editing, deleting information
Disclosure to 3rd parties
Based on policy and only if the 3rd party has same privacy policy statement
Security
Protection of personal information
Quality
Allow customer review
Information needs to be reasonably accurate
Monitor and Enforce
Ensure compliance with policy
Sales and Collection Process
Process Includes:
Maintaining Customer Records
Making Sales
Billing Customers
Recording Payments
Manage AR
(KNOW STEPS. WHEN MAKE SALES)
Sales and Collection process
Accounts Receivable Sales Tax Payable Sales -Recording sale of products on account
Cash Sales Tax Payable Sales
Sale of products for cash
Cost of Goods Sold Inventory
Recording Cost of Sales
Cash Accounts Receivable
Received payment for invoice
(KNOW WHICH ACCOUNT IS INVOLVED WITH EACH STEP)
Important Revenue Terms
Purchase Order
Sales Order
Price list (Inv. #)
Credit Limit
Pick List
Packing Slip
Bill of Landing
Shipping Log
Sales Invoice (Bill)
Sales Journal
Purchases and Expenditures Process
The process includes
Buying inventory
Maintaining Supplier Records
Making Payments
Manage AP
IT Enablement for Cash Disbursements
Three-Way Match is the matching of a purchase order to the related receiving report and invoice.
Time consuming and expensive
Business Process Reeginneering (BPR) - to improve efficiency effectiveness. IT systems include:
Computer - based matching and checking of purchasing documents
Evaluated receipt settlement (ERS)
Electronic forms of purchase and payment
(ALL THREE MUST MATCH. IT MAKES PROCESS BETTER)
IT Enablement for Cash Disbursements
Automated Matching - software matches an invoice to its related purchase order and receiving report
Advantages
reduce time
costs
errors, and
duplicate payments in invoice processing
Risks
system errors in the matching process
unauthorized access
fraud
inadequate backup of files
Evaluated Receipt Settlement
receipt of goods is carefully evaluated and, if it matches the purchase order, settlement of the obligation occurs through this system
In the mid- 1990s, some companies began implementing invoice-less matching systems for purchasing and paying vendors
Conversion Process
The conversion process typically includes
transfer of raw materials to work in the process
transfer of work in process of finished goods
account for costs of raw materials, director labor, and allocation of overhead
Conversion Process
1st Step - Sales Order or Sales Forecast 2nd Step - Logistics 3rd Step - Reporting
Logistics
is the logical, systematic flow of resources throughout the organization
Three Primary Components:
Planning
Resources Management
Operations
Resource Management
Maintenance and Control
Human Resources
Inventory Control
Purchasing
Receiving
Stores
Routing
Warehousing
Shipping
Logistics: Terms
Economic Order Quantities - figure out how much needs to be ordered Raw Materials Work-in Process Finished Goods
Logistics: Operation
Operations
Production - Making the product
Quality Control
Just In Time
The minimization of inventory levels by the control of production so that products are produced on a tight schedule in time for their sale
Payroll Process
Acquire and maintain human resources Capture and maintain employee data Pay employees Record cash and payroll liabilities and expenses
(PAYROLL PROCESS)
Fixed Asset Process
Purchasing property Capturing and maintaining relevant data about assets Paying for and recording assets Recording depreciation and other expenses Accounting for gains and losses
Terms - Payroll
Human Resources Department
Time Sheet
Payroll Voucher - authorizes transfer of cash from main operating account to payroll account
Payroll Register - to complete listing of paychecks for the current period
Payroll disbursements journal
Fixed Assets Process
Acquisition - buying Continuance - maintaining Disposal - getting rid of
Fixed Asset Acquisition (Steps to Acquire)
Initiated by user department
Large cash outlays sometimes required
Non-routine transactions that require specific Authorization
Capital budget
Fixed asset subsidiary ledger
Fixed Asset Continuance
Update cost data improvements Update estimated figures as needed Adjust for periodic depreciation Keep track of the physical location of assets Depreciation Schedule
Fixed Asset Disposal
Four Steps:
Note data of disposal and calculate depreciation through this date
Remove asset from fixed asset subsidiary ledger
Remove related depreciation account
Compute gain or loss
Common Fraud Issues for Payroll
Ghost Employee - employee that only exists on the payroll list but is not real Clues that a ghost employee may exist:
Payroll register identifies paycheck without adequate tax withholdings
Personnel files contain duplicate addresses, Social Security numbers, or bank account numbers
Payroll expenses are over budget
Paychecks not claimed when paymaster distributes them
Paychecks contain dual endorsements
Capital Process
Capital - is the funds used to acquire long-term, capital assets of an organization Source of capital processes are those processes to
authorize the raising capital
the execution of raising capital , and
the proper accounting of the capital
(ROUTINE AND NON-ROUTINE)
Capital Process
This process often requires board approval Two primary types:
Equity (stock)
Debt (bonds or loans)
XBRL
Extensible Business Reporting Language (XBRL)- is designed to electronically communicate business information and is used to facilitate business reporting of financial and non financial data.
This allows each item in the financial statements to have its own computer readable and searchable tag
XBRL - Key Terms
XBRL Taxonomy - defines and describes each key data element
XBRL Instance Document - contain the actual dollar amounts or the details of each of the elements within the firm's XBRL database
XBRL Style Sheets - take the instance documents and add presentation elements to make the readable by humans
Types of Auditors
*CPAs * Internal Auditor IT Auditors Government Auditors
Auditing Standards
Sources of Authoritative literature
Generally Accepted Auditing Standards (GAAS)
Public Company Accounting Oversight Board (PCAOB)
Auditing Standards Board (ASB)
Generally Accepted Auditing Standards
General Standards Audit performed by people with the adequate technical training and proficiency of an Auditor. Independence of mental attitude and professional care to be practiced through entire audit process.
Standards of Fieldwork Audit adequately planned and supervised. An understanding of internal controls is obtained as part of the planning process. Adequate evidence is obtained to provide a reasonable basis for forming an overall opinion on the audit.
Standards of Reporting Reports state whether the financial statements are presented in accordance. Report identifies any circumstances where the established principles were not consistently applied. The report also expresses the fairness or unfairness of the financial statements.
Phases of an Audit
Planning
Tests of Controls
Substantive Tests- tests of accuracy of monetary amounts of transactions and account balances
Audit completion and reporting
Phases of an Audit
Planning
Tests of Controls
Substantive Tests - tests of the accuracy of monetary amounts of transactions and account balances
Audit Completion and reporting
Audit Planning
Materiality - estimate the monetary amounts that are large enough to make a difference in decision making.
Auditors review and assess the risks and controls, establish materiality guidelines, and develop relevant tests addressing the objectives.
Other Audit Considerations
Sampling
Test a limited number of items or transactions and then draw conclusions about the balance as a whole on the basis of the results
Auditors try to use sampling so that a fair representation of the population is evaluated
The choice of an appropriate sampling technique is very subjective
SDLC (System Development Life Cycle)
IT governance committee should evaluate the feasibility of each competing proposal. The four feasibility aspects:
Technical - analysis may be in the design phase
Operational
Economic - cost-benefit analysis
Schedule - do we have the time
Balanced Score Card
Recent studies show that management is investing in IT without actually understanding how to best implement it.
The Balanced Scorecard provides a tool that can describe the contribution of IT to the Company's strategy.
It is a performance measurement framework that allows managers to measure the firm's performance from multiple perspectives.
Balanced Scorecard Perspectives
Learning and Growth - addresses the firms goals for investments in human, information, and organizational capital.
Process Perspective - Describe the firm's objectives for its business processes.
Customer Perspective - Customer satisfaction focus
Financial Perspective - accounting-based performance that is used as a lagging indicator of firm performance - see how company did
Developing the Value Porpostion
Payback period= Initial investment / increased cash flow per period
Net Present value - sum of the present value of all cash outflows and inflows
Internal Rate of Return - the discount rate that makes the project's net present value equal to zero (break even)
Accounting Rate of Return = average annual income from project / total IT project cost
Payback Period
Initial investment / increased cash flow per period
ERP Systems
Enterprise Resource Planning (ERP) - system integrates all business processes and functions into a single software system, using a single database.
ERP system components:
Financials
Human Resources
Procurement and logistics
Product development and manufacturing
Sales and services
Analytics
Benefits of ERP
Interactive nature of the modules
Real-time nature of processing
"Best Practices" nature of the processes
Single database enhance sharing of information
Capability to analyze large amounts of data
Capability to enhance e-commerce and e-business
Capability to interact in real-time
ERP systems are scalable
Types of Stores
Brick and Mortar - only have physical stores
E-tailers - only sell stuff online
Clicks and mortar (bricks and clicks) - a combination of both
Networks
two or more computers linked together
Types important to accounting:
Local Area Network (LAN)
Internet - all over the world
Intranet - just people in one company
Extranet - access to customers and vendors
Keys
Primary keys are attributes that uniquely identify a specific row or record in the table
Foreign Key - are attributes in one table that are the primary key of another, used to link the tables
Rules of the Databases
The Entity Integrity Rule *- the primary key of a table cannot be null (no data value)
The Referential Integrity - the data value for a foreign key attribute must either be null or match one of the data values that already exist in the corresponding table
Each attribute must be uniquely named
Values of a specific attribute must be of the same type
Each attribute (column) of a record (row) must be single- valued. This requirement forces us to create a relationship table for each many-to-many relationship.
All other non-key attributes in a table must describe a characteristic of the entity identified by the primary key.
(KNOW TOP TWO)
(READ OTHER ONES)
Activity Models
These are basically flowcharts that show the sequence of workflow in a business process.
Multiplicities
Multiplicities (also called cardinalities) describe the minimum and maximum number of times an object in one class can be associated with objects in another class
Multiplicities for a class are represented by a pair of numbers placed on the opposite side of the association
(KNOW WHAT THEY ARE)
Business Rules
A business rule is a succinct statement of a constraint on a business process.
Obligatory. This rule form states what should occur: payment should be made in U.S dollars.
Prohibited. This rule form what should not occur :no payments by check
Allowed. This rule form says what is allowed under what conditions: credit card payments are allowed if the card is American Express.