ACC425 â€“ Accounting Information Systems

ACC425 – Accounting Information Systems

Course Syllabus

ACC425 – Accounting Information Systems

Copyright 2013 The Taft University System, Inc.

All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in

writing from the copyright holder.

ACC 425 – Accounting Information Systems

Course Syllabus

Introduction

Important: You should take the time to carefully read this syllabus and the Student Handbook before you begin the assignments for this course.

This course is designed to prepare you for a successful accounting career in public practice,

industry, or government. Users of accounting information systems (AIS) should participate in the

design of those systems. Doing so effectively, however, requires a sound understanding of how

they work. In addition to being users, some are or will become managers. Others may become

internal and external auditors, and some may become consultants. All of these roles require an

understanding of how accounting information systems work to measure their cost-effectiveness,

assess their reliability and the reliability of the information produced, or lead the redesign and

implementation of new and better systems. Mastering the material presented in this course will

provide the foundational knowledge needed to excel at all those tasks.

The text for this course discusses important information technology (IT) developments, such as

virtualization, cloud computing, the use of RFID tags to track inventory, and the adoption of XBRL

for financial reporting, because such developments affect business processes and often cause

organizations to redesign their accounting systems to take advantage of new capabilities. The

focus, however, is not on IT for the sake of IT, but on how IT affects business processes and

controls. Indeed, new IT developments not only bring new capabilities, but also often create new

threats and affect the overall level of risk. This course will help you to understand these issues so

that you can properly determine how to modify accounting systems controls to effectively address

those new threats and accurately assess the adequacy of controls in those redesigned systems. We

also discuss the effect of recent regulatory developments, most notably the Sarbanes–Oxley Act

and the upcoming switch from GAAP to IFRS, on the design and operation of accounting systems.

In addition to technology and regulatory-driven changes, companies are responding to the

increasingly competitive business environment by reexamining every internal activity in an effort to

reap the most value at the least cost. As a result, accountants are being asked to do more than

simply report the results of past activities. They must take a more proactive role in both providing

and interpreting financial and nonfinancial information about the organization’s activities.

Therefore, throughout the course you will see a discussion of how accountants can improve the

design and functioning of the accounting information system (AIS) so that it truly adds value to

the organization.


Course Syllabus

Expected Student Learning Outcomes

Upon the successful completion of this course you will be able to:

Characterize the basic activities performed in the major business cycles.

Design an AIS to provide the information needed to make key decisions in each business cycle.

Summarize risk of fraud and the motives and techniques used to perpetrate fraud.

Use COSO and COSO-ERM models for internal control and risk management, as well as the specific controls used to achieve those objectives.

Recall Control Objectives for Information and Related Technology (COBIT) framework for the effective governance and control of information systems and how IT affects the implementation of internal controls.

Use the AICPA’s Trust Services framework for ensuring systems reliability by developing procedures to protect the confidentiality of proprietary information, maintain the privacy of personal information collected from customers, assure the availability of information resources, and provide for information processing integrity.

Carry out the basic steps in the system development process to design and improve an AIS.

Required Text: Romney, Marshall B. and Steinbart, Paul John (2012). Accounting Information Systems, 12E. Upper Saddle River, NJ: Prentice Hall. ISBN: 978-0132552622

Lesson Assignments

This course contains a number of lesson assignments. Work through the lessons one at a time. Unless otherwise instructed, you should complete all assignments for a particular l esson in one WORD document. When you complete all of the assignments in a lesson, submit it to the faculty for grading and feedback. Submit only one lesson at a time, completing them in sequence. Continue on to the next lesson, but be sure to incorporate any feedback received on previous lessons into your subsequent assignments – if necessary.

Format Unless otherwise instructed, Lesson Assignments should be prepared in Microsoft Word® using the Times New Roman font, 12 point, single space, double space between paragraphs. Each page must


Course Syllabus

be numbered and your last name and student number included on the upper left hand corner of each page.

Your lesson assignment responses should be evidenced from the course textbook and/or from peer-reviewed sources not more than 5 years old. In general, Wikipedia is not a professionally-reviewed resource and should not be used as an assignment reference. You must cite your references so that readers can verify your conclusions, and easily determine what is your work, and what is paraphrased or taken directly from other sources. Failure to give credit for the work of others in your assignments and writing projects constitutes plagiarism.

Citation Machine: http://citationmachine.net/index2.php?start=&reqstyleid=2&newstyle=2&stylebox=2 Citation Machine is an online tool to assist in proper citation of researched information. We recommend APA format, although you may use other approved formats as long as you remain consistent.

Final Examination

Final examination requirements and procedures are set forth in the Student Handbook. Notwithstanding any other provision in this syllabus, if you are required to take a Final Examination for this course you must pass the exam to pass the course.

Evaluation (How You Will Be Graded for This Course) Your grade will be influenced by the accuracy of your responses and the quality of your writing. The extent of research necessary will vary from assignment to assignment. In most cases, your work product should not simply consist of quoting from the assigned text.

When grading your assignments, the faculty will consider three general components:

1. A demonstrated understanding of the material and the learning objectives.

2. Your ability to articulate, synthesize and analyze the concepts and issues presented in the material.

3. Clear and logical composition supported by examples and appropriate references.

If at any time you desire additional feedback, you should contact your faculty advisor directly via email. Feel free to ask questions about course progress, grades, etc., at any time, and remember that the faculty and administration are interested in helping you learn and succeed. The final grade for the course is determined by the sum of each of the grades in the Lesson Assignments.

http://citationmachine.net/index2.php?start=&reqstyleid=2&newstyle=2&stylebox=2


Course Syllabus

Total Possible Points = 900 (100 Points per Lesson)

Grade GPA Percentage Comments

A 4 90-100 (Outstanding)

A- 3.67 88-89

B+ 3.33 84-87

B 3 80-83 (Satisfactory)

B- 2.67 78-79

C+ 2.33 74-77

C 2 70-73 (Passing but below the standard accepted in graduate study)

C- 1.67 68-69

D+ 1.33 64-67

D 1 60-63 (Does not meet standard for graduate study, coursework must be repeated for credit)

D- 0.67 59

F <0.67 58 or below (Failure)

Faculty Advisors will refer to the following grading rubric when evaluating your assignments:

Excellent Above

Average Satisfactory

Needs

Improvement Unsatisfactory

Understanding

of Material and Lesson

Objectives

Demonstrates a

thorough understanding of the

material.

Demonstrates an

adequate understanding of

material

Responses are

generally accurate, but at times lacking

coherence.

Demonstrates a

marginal understanding of the material and lesson objectives.

Provides marginally complete and/or

inaccurate responses showing little

understanding of the

material

Articulation,

Synthesis and Analysis of

Concepts

Work is articulated consistent with the

degree level integrating or synthesizing

concepts in an original and

innovative way.

Work demonstrates

a solid knowledge of concepts and

theories with some

individual analysis of issues.

Work demonstrates an

elementary knowledge of concepts but lacks

original thought and analysis.

Work is primarily paraphrased or quoted

directly from the text or other sources.

Responses demonstrate little or no individual

analysis.

No individual analysis of concepts.

Work is poorly

articulated and/or derived entirely from

the textbook.

Composition,

Presentation, and

References

Work presented in a

logical and coherent way supported by

sound resources.

Citations are

composed in proper format with few or

no errors.

Work presented is

grammatically sound.

Resources are

appropriate and

cited in proper format with few

errors.

Work is grammatically

sound with a few minor errors.

Resources may be of

questionable

authority, but are cited in proper format

with few errors.

Work contains frequent grammatical errors.

Resources are few, non-

existent, or may be of questionable authority.

Frequent errors in

composition, grammar and presentation.

Quoted material is

incorporated without

the use of quotation marks or citation

(plagiarism).


Course Syllabus

Course Completion Requirements

The course will be deemed completed only when all the following has been accomplished:

You have completed the Lesson Assignments and they have been received by the University.

You have passed the course Final Examination (if required.)

You have completed the Course Certification Form and it has been received by the University.

You have completed the Course Evaluation Survey.


Course Syllabus

Lesson 1 – Overview of Systems

Introduction Systems, Data, and Information Systems

A System is a set of two or more interrelated components that interact to achieve a goal.

When the Systems Concept is used in systems development, changes in subsystems cannot be made without considering the effect on other subsystems and the system as a whole.

The systems concept also encourages Integration, which is eliminating duplicate recording, storage, reporting, and other processing activities in an organization.

Data

Data are facts that are collected, recorded, stored, and processed by an information system.

Several kinds of data need to be collected in businesses, such as:

1. Facts about the activities that take place.

2. The resources affected by the activities.

3. The people who participate in the activity. Information

Information is data that have been organized and processed to provide meaning to a user. There are limits to the amount of information the human mind can effectively absorb and process. Information Overload occurs when those limits are passed. When you get more information than you can effectively assimilate, you suffer from information overload. Table 1-1 on page 4 provides the seven characteristics that make information useful and meaningful for decision making.

Reorganize Business Processes For each of these processes there is a basic give-get relationship that is called transaction processing. Figure 1-2 provides a description of the basic give-get exchanges.


Course Syllabus

What Is an Accounting Information System? An Accounting Information System (AIS) is a system that collects, records, stores, and processes data to produce information for decision makers. Six components of an Accounting Information System

1. The people who operate the system and perform various functions. 2. The procedures and instructions, both manual and automated, involved in collecting,

processing, and storing data about the organization’s activities.

3. The data about the organization and its business processes.

4. The software used to process the organization’s data.

5. The information technology infrastructure, including computers, peripheral devices and network communications devices used to collect, store, process, and transmit data and information.

6. The internal controls and security measures that safeguard the data in the AIS.

These six components enable an Accounting Information System to fulfill three important business functions:

1. Collect and store data about organizational activities, resources, and personnel. 2. Transform data into information that is useful for making decisions so management can

plan, execute, control, and evaluate activities, resources, and personnel.

3. Provide adequate controls to safeguard the organization’s assets, including its data, to ensure that the assets and data are available when needed and the data are accurate and reliable.

The Role of the AIS in the Value Chain [Figure 1-3 on Page 11] The objective of most organizations is to provide value to their customers. Five Primary Activities that directly provide value to its customers:

1. Inbound logistics consists of receiving, storing, and distributing the materials an

organization uses to create the services and products it sells. 2. Operations activities transform inputs into final products or services.

3. Outbound logistics activities distribute finished products or services to customers.


Course Syllabus

4. Marketing and sales activities help customers buy the organization’s products or services.

5. Service activities provide post-sale support to customers.

Transaction Processing: The Data Processing Cycle Four Major Steps in the Data Processing Cycle

1) Data Input

2) Data Storage

3) Data Processing

4) Information Output

Source Data Automation is yet another means to improve the accuracy and efficiency of data input. An example would be once the sale of merchandise is rung up on the cash register it would be interfaced with accounting to automatically record the sale and also interfaced with the warehouse to automatically reduce the level of inventory for the item that was sold. This would also be interfaced with purchasing in which the purchase order would automatically be printed out for delivery to the vendor. Computer-Based Storage Concepts

An entity is something about which information is stored. For example, employees, inventory items, and customers. Each entity has attributes, or characteristics of interest, which need to be stored. For example, an employee’s hourly rate of pay, unit cost of an inventory item, and a customer’s address. Data Processing Once data about a business activity have been collected and entered into the system they must be processed. Data processing implies the execution of a certain procedures, usually involving a series of tasks. Periodic updating of data is referred to as batch processing. This approach may be combined with either the off-line or on-line entry of data. Data Storage Accountants need to know how to manage data for maximum corporate use. Ledgers

General Ledger contains summary-level data for every asset, liability, equity, revenue, and expense account of the organization.


Course Syllabus

Subsidiary Ledger records all the detailed data for any general ledger account that has many individual subaccounts. These subsidiary ledgers would be used for accounts receivable and accounts payable.

Accounts receivable subsidiary ledger would record detailed data for customers whom buy products or services on credit. The accounts receivable subsidiary ledger would support the accounts receivable general ledger controlling account.

Accounts payable subsidiary ledger would record detailed data for the individual vendor credit purchases of merchandise or supplies made by the company. The accounts payable subsidiary ledger would support the accounts payable general ledger controlling account.

Coding Techniques

Coding is the systematic assignment of numbers or letters to items to classify and organize them.

1. With sequence codes, items are numbered consecutively to ensure that there will be no

gaps in the sequence.

2. With a block code, blocks of numbers within a numerical sequence are reserved for categories having meaning to the user

3. Group codes are often used in conjunction with the block code. S&S uses a seven-digit

product code number, for example, the group coding technique might be applied as follows

In designing a coding system, the following guidelines will result in a better coding system: 1. The code should be consistent with its intended use, which requires the code designer to

determine the types of system outputs desired by users prior to selecting the code.

2. Make sure the code allows for growth in the number of items to be coded.

3. Make the coding system as simple as possible in order to minimize costs, facilitate memorization and interpretation of coding categories, and ensure employee acceptance.

Make sure the coding system is consistent (1) with the company’s organizational structure and (2) across the different divisions of an organization


Course Syllabus

Chart of Accounts

A chart of accounts is a list of all general ledger accounts an organization uses with each general ledger account being assigned a specific number. Audit Trail The accounting data and records should provide a trail starting with the source document that supports the transaction (for example, let’s use credit sales) all the way through to the final posting in the general ledger accounts to the financial statements. An audit trail provides a means to check the accuracy and validity of ledger postings.

In auditing, this technique would be called Tracing. In the opposite direction; from the general ledger to

the journals and subsidiary ledgers to the source document; this is called Vouching for auditors.

Enterprise resource planning (ERP) systems are designed to overcome these problems as they integrate all aspects of a company’s operations with its traditional AIS. A key feature of ERP systems is the integration of financial with other nonfinancial operating data.

Lesson Learning Objectives By the conclusion of this Lesson you should be able to:

1. Distinguish between data and information, discuss the characteristics of useful information, and explain how to determine the value of information.

2. Identify the information that passes between internal and external parties and an AIS. 3. Describe the major business processes present in most companies. 4. Explain what an accounting information system (AIS) is and describe its basic functions. 5. Discuss the role an AIS plays in a company’s value chain.

6. Summarize the four parts of the data processing cycle and the major activities in each.

7. Discuss how organizations use enterprise resource planning (ERP) systems to process

transactions and provide information.

Reading

Study Chapters 1 and 2

View PowerPoints for Chapters 1 and 2


Course Syllabus

Assignments

The following Short Answer Questions should be completed and submitted to the course faculty via the learning platform for evaluation and grading. Submit your responses to these questions in one WORD document. List the question first, and then your response. In most cases your responses to individual questions should be no more than 500 words.

1. The value of information is the difference between the benefits realized from using that

information and the costs of producing it. Would you, or any organization, ever produce information if its expected costs exceeded its benefits? If so, provide some examples. If not,

why not?

2. Can the characteristics of useful information listed in Table 1-1 be met simultaneously? Or does achieving one mean sacrificing another?

3. You and a few of your classmates decided to become entrepreneurs. You came up with a great

idea for a new mobile phone application that you think will make lots of money. Your business plan won second place in a local competition, and you are using the $10,000 prize to support yourselves as you start your company.

a. Identify the key decisions you need to make to be successful entrepreneurs, the information

you need to make them, and the business processes you will need to engage in.

b. Your company will need to exchange information with various external parties. Identify the external parties, and specify the information received from and sent to each of them.

4. How do an organization’s business processes and lines of business affect the design of its AIS?

Give several examples of how differences among organizations are reflected in their AIS.

5. Information technology enables organizations to easily collect large amounts of information about employees. Discuss the following issues:

a. To what extent should management monitor employees’ e-mail?

b. To what extent should management monitor which Web sites employees visit?

c. To what extent should management monitor employee performance by, for example, using software to track keystrokes per hour or some other unit of time? If such information is collected, how should it be used?

d. Should companies use software to electronically “shred” all traces of e-mail?

e. Under what circumstances and to whom is it appropriate for a company to distribute information it collects about the people who visit its Web site?


Course Syllabus

6. With respect to the data processing cycle, explain the phrase “garbage in, garbage out.” How can you prevent this from happening?

7. Some individuals argue that accountants should focus on producing financial statements and

leave the design and production of managerial reports to information systems specialists. What are the advantages and disadvantages of following this advice? To what extent should accountants be involved in producing reports that include more than just financial measures of performance? Why?

8. Table 2-1 lists some of the documents used in the revenue, expenditure, and human resources cycle. What kinds of input or output documents or forms would you find in the production (also referred to as the conversion cycle?

9. What kinds of documents are most likely to be turnaround documents? Do an internet search to find the answer and to find example turnaround documents.

10. The data processing cycle in Figure 2-1 is an example of a basic process found throughout

nature. Relate the basic input/process/store/output model to the functions of the human body.

Professional Development Question

1. Apply the value chain concept (Figure 1-3 on page 11) to the integrative case of S&S presented in Chapter One of the text. Explain how it would perform the various primary and support activities.

Take the Lesson One Quiz

Your results on the quiz do not affect your grade for the course. Quizzes are designed to help you to

learn important concepts in the Lesson and prepare you for the Final Examination. You may take the quiz as many times as you wish.


Course Syllabus

Lesson 2 – Systems Documentation and Relational Databases

Introduction Narratives, flowcharts, diagrams, and other written materials explain how a system works.

1. Data flow diagram is a graphical description of the source and destination of data that

shows data flow within an organization, the processes performed on the data, and how data are stored.

2. Document flowchart is a graphical description of the flow of documents and information

between departments or areas of responsibility within an organization.

3. System flowchart is a graphical description of the relationship among the input, processing, and output in an information system.

4. Program flowchart is a graphical description of the sequence of logical operations that a

computer performs as it executes a program. The Sarbanes-Oxley Act requires companies to document their business processes and internal controls.

1. Input/output symbols. Input/output symbols represent devices or media that provide input to or record output from processing operations.

2. Processing symbols. Processing symbols either show what type of device is used to process data or indicate when processing is performed manually.

3. Storage symbols. Storage symbols represent the device used to store data that the

system is not currently using.

4. Flow and miscellaneous symbols. Flow and miscellaneous symbols indicate the flow of data and goods. They also represent such operations as where flowcharts begin or end, where decisions are made, and when to add explanatory notes to flowcharts.

A document flowchart illustrates the flow of documents and information among areas of responsibility within an organization. Document flowcharts that describe and evaluate internal controls are often referred to as internal control flowcharts.

System flowcharts depict the relationship among the input, processing, and output of an Accounting Information System.


Course Syllabus

A program flowchart illustrates the sequence of logical operations performed by a computer in executing a program. Some of the computer programs are COBOL (Common Business Language), FORTRAN, RPG from the old days. COBOL is still being used. Now, there is C Plus Plus and Java.

The emphasis in chapter four is on understanding the structure of a relational database system. We use the term database to mean the collected data sets that are organized and stored as an integral part of a firm’s computer-based information system. In turn, we define the term data sets as flexible data structures. Data sets include groupings of data that are logically related as well as the files with which we are familiar.

Data independence, a critical feature of the data-base approach, is the separation of data from the various applications that access and process the data. Data independence is achieved by interposing the database management system (DBMS) software between the database and the users of the data (e.g., the application programs. As technology improves many companies are developing very large databases called data warehouses. Data mining is the process of analyzing data repositories for new knowledge about the company’s data and business processes.

Database technology is widespread because it provides organizations with the following benefits:

1. Data integration: Integration is achieved by combining master files into larger “pools” of data that many application programs can access. An example is an employee database that consolidates data formerly contained in payroll, personnel, and job skills master files. This makes it easier for information to be combined in unlimited ways.

2. Data sharing: Integrating data makes it easier to share data with all authorized users.

3. Reporting flexibility: Reports can be revised easily and generated as needed and the

database can be easily browsed to research a problem or obtain detailed information underlying a summary report.

4. Minimal data redundancy and data inconsistencies: Because data items are usually

stored only once, data redundancy and data inconsistencies are minimized.

5. Data independence: Because data and the programs that use them are independent of one another, each can be changed without having to change the other. This makes programming easier and simplifies data management.

6. Central management of data: Data management is more efficient because a database

administrator is responsible for coordinating, controlling, and managing data.


Course Syllabus

7. Cross-functional analysis: In a database system, relationships, such as the association

between selling costs and promotional campaigns, can be explicitly defined and used in the preparation of management reports.

There is an additional benefit not mentioned in the text: One-time Data Entry and Storage: In the database approach to data management data is input into the database once, stored in a particular location, and available for use by multiple applications and users.

Database Systems

Logical and Physical Views of Data

Figure 4-3 at the bottom of page 90 provides an example of a record layout of an accounts receivable file.

The logical view is how the user or programmer conceptually organizes and understands the data. The physical view refers to how and where the data are physically arranged and stored in the computer system.

As shown in Figure 4-4, database management system (DBMS) software handles the link between the way data are physically stored and each user’s logical view of the data.

Schemas A schema describes the logical structure of a database.

Three levels of schemas: the conceptual, the external, and the internal.

The Data Dictionary

The data dictionary contains information about the structure of the database. The data elements composing the database are fully described in a data dictionary, which serves as a repository containing facts about the structure of the data elements employed in applications. Table 4-1 on page 93 provides an example of a data dictionary.

Relational Databases

A data model is an abstract representation of the contents of a database. The relational data model represents everything in the database as being stored in the form of tables like the one shown in Table 4-2 on page 94.


Course Syllabus

Database Systems and the Future of Accounting Database systems may profoundly affect the fundamental nature of accounting. For instance, database systems may lead to the abandonment of the double-entry accounting model. If the amounts associated with a transaction are entered into a database system correctly, then it is necessary to store them only once, not twice. Database systems also have the potential to significantly alter the nature of external reporting. Why not simply make a copy of the company’s financial database and make it available to external users in lieu of the traditional financial statements? Focus 4-1 on page 125 discusses this possibility in more detail. Perhaps the most significant effect of database systems will be in the way accounting information is used in decision making. Relational databases, however, provide query languages that are powerful and easy to use. Managers can concentrate solely on specifying what information they want. Finally, relational DBMSs provide the capability of integrating financial and operational data.


1. Prepare and use data flow diagrams and flowcharts to understand, evaluate, and document information systems.

2. Explain fundamental concepts of database systems such as DBMS, schemas, the data dictionary,

and DBMS languages.

3. Describe what a relational database is and how it organizes data.

4. Create a set of well-structured tables to properly store data in a relational database.

5. Perform simple queries using the Microsoft Access database.

Reading




Course Syllabus

Assignments


1. Identify the DFD elements in the following narrative: A customer purchases a few items from a local

grocery store. Jill, a salesclerk, enters the transaction in the cash register and takes the customer’s money. At closing, Jill gives both the cash and the register tape to her manager.

2. Do you agree with the following statement: “Any one of the systems documentation procedures can

be used to adequately document a given system”? Explain. 3. Compare the guidelines for preparing flowcharts and DFDs. What general design principles and

limitations are common to both documentation techniques?

4. Contrast the logical and the physical view of data and discuss why separate views are necessary in database applications. Describe which perspective is most useful for each of the following employees: a programmer, a manager, and an internal auditor. How will understanding logical data structures assist you when designing and using database systems?

5. The relational data model represents data as being stored in tables. Spreadsheets are another tool

that accountants use to employ a tabular representation of data. What are some similarities and differences in the way these tools use tables? How might an accountant’s familiarity with the tabular representation of spreadsheets facilitate or hinder learning how to use a relational DBMS?

6. Some people believe database technology may eliminate the need for double-entry accounting. This

creates three possibilities: (1) the double-entry model will be abandoned; (2) the double-entry model will not be used directly, but an external-level schema based on the double-entry model will be defined for accountants’ use; or (3) the double-entry model will be retained in database systems. Which alternative do you think is most likely to occur? Why?

7. Relational DBMS query languages provide easy access to information about the organization’s

activities. Does this mean that online, real-time processing should be used for all transactions? Does an organization need real-time financial reports? Why or why not?

8. Why is it so important to have good data? 9. What is a data dictionary, what does it contain, and how is it used?

10. Compare and contrast the file-oriented approach and the database approach. Explain the main

advantages of database systems.


Course Syllabus

Professional Development Question Most DBMS packages contain data definition, data manipulation, and data query languages. For each of the following, indicate which language would be used and why.

a) A database administrator defines the logical structure of the database

b) The controller requests a cost accounting report containing a list of all employees being paid for more than 10 hours overtime in a given week.

c) A programmer develops a program to update the fixed-assets records stored in the database.

d) The human resources manager requests a report noting all employees who are retiring within five years.

e) The inventory serial number field is extended in the inventory records to allow for recognition of additional inventory items with serial numbers containing more than 10 digits.

f) A user develops a program to print out all purchases made during the past two weeks.

g) An additional field is added to the fixed-asset records to record the estimated salvage value of each asset.

Take the Lesson Two Quiz

Your results on the quiz do not affect your grade for the course. Quizzes are designed to help you to learn important concepts in the Lesson and prepare you for the Final Examination. You may take the quiz as many times as you wish.


Course Syllabus

Lesson 3 – Computer Fraud, Abuse and Control

Introduction Our society has become increasingly dependent on accounting information systems. As system complexity and our dependence on systems increase, companies face the growing risk of their systems being compromised. A recent survey disclosed that

67 percent of companies had a security breach. More than 45 percent were targeted by organized crime. 60 percent reported financial losses.

AIS Threats Four Types of Systems Threats:

1. Natural and political disasters.

2. Software errors and equipment malfunctions.

3. Unintentional acts.

4. Intentional acts (computer crimes).

Fraud is any and all means a person uses to gain an unfair advantage over another person. Legally, for an act to be considered fraudulent there must be:

1. A false statement, representation, or disclosure.

2. A material fact, which is something that induces a person to act.

3. An intent to deceive.

4. A justifiable reliance; that is, the person relies on the misrepresentation to take an action.

5. An injury or loss suffered by the victim.

Who Perpetrates Fraud and Why It Occurs Perpetrators of computer fraud tend to be younger and possess more computer knowledge, experience, and skills. Some hackers and computer fraud perpetrators are more motivated by curiosity, a quest for knowledge, the desire to learn how things work, and the challenge of “beating the system.” Most have no previous criminal record. Research shows that three conditions are necessary for fraud to occur: a pressure, an opportunity, and a rationalization. This is referred to as the fraud triangle and is shown as the middle triangle in Figure 5-1 on page 127.


Course Syllabus

Computer Fraud The U.S. Department of Justice defines computer fraud as any illegal act for which knowledge of computer technology is essential for its perpetration, investigation, or prosecution. More specifically, computer fraud includes the following:

1. Unauthorized theft, use, access, modification, copying, and destruction of software or data.

2. Theft of money by altering computer records.

3. Theft of computer time.

4. Theft or destruction of computer hardware.

5. Use or the conspiracy to use computer resources to commit a felony.

6. Intent to illegally obtain information or tangible property through the use of computers.

The Association of the Certified Fraud Examiners provides the general definition of computer fraud: Any defalcation or embezzlement accomplished by tampering with computer programs, data files, operations, equipment, or media and resulting in losses sustained by the organization whose computer system was manipulated.

Another definition of computer crime: In a computer crime, the computer is involved—directly or indirectly—in committing the criminal act. Sabotage of computer facilities is classified as a direct computer crime and unauthorized access of stored data is an indirect computer crime because the presence of the computer created the environment for committing the crime.

Preventing and Detecting Computer Fraud and Abuse Table 5-5 on page 134 provides a summary of ways to prevent and detect computer fraud.

1. Make fraud less likely to occur.

2. Increase the difficulty of committing fraud.

3. Improve detection methods.

4. Reduce fraud losses.

Social Engineering In social engineering, perpetrators trick employees into giving them the information they need to get into the system.


Course Syllabus

Malware

This section describes malware, which is any software that can be used to do harm. A recent study shows that malware is spread using several simultaneous approaches, including file sharing (used in 72 percent of attacks), shared access to files (42 percent), e-mail attachments (25 percent), and remote access vulnerabilities (24 percent). Pages 160–165 list various malware types.

Why Accounting Information Systems Threats Are Increasing More than 60 percent of organizations have recently experienced a major control failure for some of the following reasons:

1. Increase in number of information systems means that information is available to an increasing number of workers.

2. Distributed (decentralized) computer networks are harder to control than centralized mainframe systems.

3. Wide area networks are giving customers and suppliers access to each other’s systems and data, making confidentiality a major concern

Why Control and Security Are Important

As an accountant you must have a good understanding of Information Technology (IT) and its capabilities and risks.

Internal control is the process implemented by the board of directors, management, and those under their direction to provide reasonable assurance that control objectives are achieved. The Sarbanes-Oxley and Foreign Corrupt Practices Acts

The Foreign Corrupt Practices Act (1977) The primary purpose of this Act was to prevent the bribery of foreign officials in order to obtain business.

The Sarbanes-Oxley Act of 2002 Applies to publicly held companies and their auditors and was intended to prevent financial statement fraud, make financial reports more transparent, provide protection to investors, strengthen the internal controls at public companies, and punish executives who perpetrate fraud.


Course Syllabus

Levels of Control

Many people feel there is a basic conflict between creativity and controls. In other words, you can’t have both.

Four levels of control to help companies to reconcile this conflict:

1. The first is a concise belief system that communicates company core values to employees

and inspires them to live by them.

2. A boundary system helps employees act ethically by setting limits beyond which an employee must not pass.

3. To ensure the efficient and effective achievement of important goals, a diagnostic control system measures company progress by comparing actual performance to planned performance (budget).

4. An interactive control system helps top-level managers with high-level activities that demand frequent and regular attention, such as developing company strategy, setting company objectives, understanding and assessing threats and risks, monitoring changes in competitive conditions and emerging technologies, and developing responses and action plans to proactively deal with these high-level issues.

Control Frameworks

COBIT Framework The Information Systems Audit and Control Foundation (ISACF) developed the Control Objectives for Information and related Technology (COBIT) framework. COBIT is a framework of generally applicable information systems security and controls practices of Information Technology control.

The Committee of Sponsoring Organizations Internal Control Framework

The Committee of Sponsoring Organizations (COSO) is a private-sector group consisting of the American Accounting Association, the AICPA, the Institute of Internal Auditors, the Institute of Management Accountants, and the Financial Executives Institute.

COSO’s Enterprise Risk Management Framework

Enterprise Risk Management—Integrated Framework (ERM) Expands on the elements of the internal control integrated framework and provides an all-encompassing focus on the broader subject of enterprise risk management.


Course Syllabus

The ERM Framework versus the Internal Control Framework

The internal control framework has been widely adopted as the principal way to evaluate internal controls, as required by the Sarbanes-Oxley Act. However, it has too narrow a focus. The ERM is a more comprehensive framework which takes a risk-based, rather than a controls-based approach to the organization that is oriented toward the future and constant change.

Information and Communication Accounting Information Systems has five primary objectives:

1. Identify and record all valid transactions.

2. Properly classify transactions.

3. Record transactions at their proper monetary value.

4. Record transactions in the proper accounting period.

5. Properly present transactions and related disclosures in the financial statements.

Monitoring

1. Perform ERM Evaluations.

2. Implement Effective Supervision.

3. Use Responsibility Accounting.

4. Monitor System Activities.


1. Summarize the threats faced by modern information systems.

2. Explain how to prevent and detect computer fraud and abuse.

3. Discuss how social engineering techniques are used to gain physical or logical access to computer resources.

4. Describe the different types of malware used to harm computers.

5. Compare and contrast the COBIT, COSO, and ERM control frameworks.


Course Syllabus

6. Describe the four types of control objectives that companies need to set.

7. Explain how to assess and respond to risk using the Enterprise Risk Management model.

8. Decide how to communicate information and monitor control processes in organizations.

Reading

Study Chapterest 5, 6 and 7

View PowerPoints for Chapters 5, 6 and 7

Assignments


1. Do you agree that the most effective way to obtain adequate system security is to rely on the integrity of company employees? Why or why not? Does this seem ironic? What should a company do to ensure the integrity of its employees?

2. You are the president of a multinational company where an executive confessed to kiting $100,000. What is kiting and what can your company do to prevent it? How would you respond to the confession? What issues must you consider before pressing charges?

3. Discuss the following statement by Roswell Steffen, a convicted embezzler: “For every foolproof system, there is a method for beating it.” Do you believe a completely secure computer system is possible? Explain. If internal controls are less than 100% effective, why should they be employed at all?

4. When U.S. Leasing (USL) computers began acting sluggishly, computer operators were relieved when a software troubleshooter from IBM called. When he offered to correct the problem they were having, he was given a log-on ID and password. The next morning, the computers were worse. A call to IBM confirmed USL’s suspicion: Someone had impersonated an IBM repairman to gain unauthorized access to the system and destroy the database. USL was also concerned that the intruder had devised a program that would let him get back into the system even after all the passwords were changed. What techniques might the impostor have employed to breach USL’s internal security?

5. What motives do people have for hacking? Why has hacking become so popular in recent years? Do you regard it as a crime? Explain your position.


Course Syllabus

6. The UCLA computer lab was filled to capacity when the system slowed and crashed, disrupting the

lives of students who could no longer log into the system or access data to prepare for finals. IT initially suspected a cable break or an operating system failure, but diagnostics revealed nothing. After several frustrating hours, a staff member ran a virus detection program and uncovered a virus on the lab’s main server. The virus was eventually traced to the computers of unsuspecting UCLA students. Later that evening, the system was brought back online after infected files were replaced with backup copies. What conditions made the UCLA system a potential breeding ground for the virus? What symptoms indicated that a virus was present?

7. Answer the following questions about the audit of Springer’s Lumber & Supply

a. What deficiencies existed in the internal environment at Springer’s?

b. Do you agree with the decision to settle with the Springers rather than to prosecute them for fraud and embezzlement? Why or why not?

c. Should the company have told Jason and Maria the results of the high-level audit? Why or why not?

8. Effective segregation of duties is sometimes not economically feasible in a small business. What internal control elements do you think can help compensate for this threat?

9. One function of the AIS is to provide adequate controls to ensure the safety of organizational assets, including data. However, many people view control procedures as “red tape.” They also believe

that, instead of producing tangible benefits, business controls create resentment and loss of company morale. Discuss this position.

10. In recent years, Supersmurf’s external auditors have given clean opinions on its financial statements and favorable evaluations of its internal control systems. Discuss whether it is necessary for this corporation to take any further action to comply with the Sarbanes–Oxley Act.


Compare and contrast the following three frameworks: COBIT, COSO Integrated

Control, and ERM.

Take the Lesson Three Quiz

Your results on the quiz do not affect your grade for the course. Quizzes are designed to help you to learn important concepts in the Lesson and prepare you for the Final Examination.You may take the quiz as many times as you wish.


Course Syllabus

Lesson 4 – Information Security, Confidentiality and Privacy

Introduction The COBIT and Trust Service Frameworks Figure 8-1 on page 220 presents an overview of the Control Objectives for Information and related Technology (COBIT) framework. It shows that achieving the organization’s business and governance objectives requires adequate controls over IT resources to ensure that information provided to management satisfied seven key criteria:

1. Effectiveness—the information must be relevant and timely.

2. Efficiency—the information must be produced in a cost-effective manner.

3. Confidentiality—sensitive information must be protected from unauthorized disclosure.

4. Integrity—the information must be accurate, complete, and valid.

5. Availability—the information must be available whenever needed.

6. Compliance—controls must ensure compliance with internal policies and with external legal and regulatory requirements.

7. Reliability—management must have access to appropriate information needed to conduct daily activities and to exercise its fiduciary and governance responsibilities.

One basic function of an accounting information system is to provide information useful for decision making.

Figure 8-2 on page 222 shows the five fundamental principles that contribute to the overall objective of systems reliability:

1. Security—Security procedures restrict access to authorized users only.

2. Confidentiality—By restricting access, the confidentiality of sensitive organizational information is protected.

3. Privacy—Also, by restricting access, the privacy of personal identifying information collected from customers is protected.

4. Processing Integrity—Security procedures provide for processing integrity by preventing submission of unauthorized or fictitious transactions as well as preventing unauthorized changes to stored data or programs.

5. Availability—Security procedures provide protection against a variety of attacks, including viruses and worms, thereby ensuring that the system is available when needed.


Course Syllabus

Preventive Controls Seven major types of preventive controls are listed in Table 8-2 on page 225. Authorization Controls Authorization restricts access of authenticated users to specific portions of the system and specifies what actions they are permitted to perform. Confidentiality Reliable systems protect confidential information from unauthorized disclosure. Types of information that need to be protected would include; business plans, pricing strategies, client and customer lists, and legal documents. It is especially important to control the disposal of information resources. Printed reports and microfilm containing sensitive information should be shredded before being thrown out. Special procedures are needed to destroy information stored on magnetic and optical media. Building-in operating system commands to delete that information is insufficient, because many utility programs have been developed to recover deleted files. Privacy The Trust Services Framework privacy principle is closely related to the confidentiality principle, differing primarily in that it focuses on protecting personal information about customers rather than organizational data. Ten internationally recognized best practices for protecting the privacy of customers’ personal information:

1. Management. The organization establishes a set of procedures and policies for protecting the

privacy of personal information it collects and assigns responsibility and accountability for those policies to a specific person or group of employees.

2. Notice. The organization provides notice about its privacy policies and practices at or before the time it collects personal information from customers, or as soon as practicable thereafter.

3. Choice and Consent. The organization describes the choices available to individuals and obtains their consent to the collection and use of their personal information.

4. Collection. The organization collects only that information needed to fulfill the purposes stated in its privacy policies.

5. Use and Retention. The organization uses its customers’ personal information only in the manner described in its stated privacy policies and retains that information only as long as it is needed.

6. Access. The organization provides individuals with the ability to access, review, correct, and delete the personal information stored about them.

7. Disclosure to Third Parties. The organization discloses customers’ personal privacy policies and only to third parties who provide equivalent protection of that information.


Course Syllabus

8. Security. The organization takes reasonable steps to protect customers’ personal information from loss or unauthorized disclosure.

9. Quality. The organization maintains the integrity of its customers’ personal information.

10. Monitoring and Enforcement. The organization assigns one or more employees to be

responsible for assuring compliance with its stated privacy policies and periodically verifies compliance with those policies.

Encryption Encryption is the final layer of preventive controls. Encryption is the process of transforming normal text, called plaintext, into unreadable gibberish, called ciphertext. The term cipher is sometimes used as a synonym for ciphertext. In turn, a secret code is the same as a cipher. Decryption reverses this process, transforming ciphertext back into plaintext.


1. Discuss how the COBIT framework can be used to develop sound internal control over an organization’s information systems.

2. Explain the factors that influence information systems reliability.

3. Describe how a combination of preventive, detective, and corrective controls can be employed to provide reasonable assurance about information security.

4. Identify and explain controls designed to protect the confidentiality of customer’s personal information as well as sensitive information.

5. Explain how the two basic types of encryption systems work.

Reading



Assignments



Course Syllabus

1. Explain why an organization would want to use all of the following information security controls: firewalls, intrusion prevention systems, intrusion detection systems, and a CIRT.

2. What are the advantages and disadvantages of having the person responsible for information security report directly to the chief information officer (CIO), who has overall responsibility for all aspects of the organization’s information systems?

3. Reliability is often included in service level agreements (SLAs) when outsourcing. The toughest thing is to decide how much reliability is enough. Consider an application like e-mail. If an organization outsources its e-mail to a cloud provider, what is the difference between 95%, 99%, 99.99%, and 99.9999% reliability?

4. What is the difference between authentication and authorization?

5. What are the limitations, if any, of relying on the results of penetration tests to assess the overall level of security?

6. From the viewpoint of the customer, what are the advantages and disadvantages to the opt-in versus the opt-out approaches to collecting personal information? From the viewpoint of the organization desiring to collect such information?

7. What risks, if any, does offshore outsourcing of various information systems functions pose to satisfying the principles of confidentiality and privacy?

8. Should organizations permit personal use of e-mail systems by employees during working hours?

9. What privacy concerns might arise from the use of biometric authentication techniques? What about the embedding of RFID tags in products such as clothing? What other technologies might

create privacy concerns?

10. What do you think an organization’s duty or responsibility should be to protect the privacy of its customers’ personal information? Why?


Which preventive, detective, and/or corrective controls would best mitigate the following threats?

a. An employee’s laptop was stolen at the airport. The laptop contained personally identifying

information about the company’s customers that could potentially be used to commit identity theft.

b. A salesperson successfully logged into the payroll system by guessing the payroll supervisor’s password.

c. A criminal remotely accessed a sensitive database using the authentication credentials (user ID and strong password) of an IT manager. At the time the attack occurred, the IT manager was logged into the system at his workstation at company headquarters.


Course Syllabus

d. An employee received an email purporting to be from her boss informing her of an important new attendance policy. When she clicked on a link embedded in the email to view the new policy, she infected her laptop with a keystroke logger.

e. A company’s programming staff wrote custom code for the shopping cart feature on its web site. The code contained a buffer overflow vulnerability that could be exploited when the customer typed in the ship-to address.

f. A company purchased the leading “off-the-shelf” e-commerce software for linking its electronic storefront to its inventory database. A customer discovered a way to directly access the back-end database by entering appropriate SQL code.

g. Attackers broke into the company’s information system through a wireless access point located in one of its retail stores. The wireless access point had been purchased and installed by the store manager without informing central IT or security.

h. An employee picked up a USB drive in the parking lot and plugged it into their laptop to “see what was on it,” which resulted in a keystroke logger being installed on that laptop.

i. Once an attack on the company’s website was discovered, it took more than 30 minutes to determine who to contact to initiate response actions.

j. To facilitate working from home, an employee installed a modem on his office workstation. An attacker successfully penetrated the company’s system by dialing into that modem.

k. An attacker gained access to the company’s internal network by installing a wireless access point in a wiring closet located next to the elevators on the fourth floor of a high-rise office building that the company shared with seven other companies.

Take the Lesson Four Quiz



Course Syllabus

Lesson 5 – Processing Integrity and Availability, and Auditing

Introduction Processing Integrity Table 10-1 on page 275 groups six categories of application controls as they apply to input, processing, or output of data. The AC is Access Controls. Input Controls As the old saying goes: “garbage in, garbage out.” The quality of data that is collected about business activities and entered into the information system is vital. The following source data controls regulate the integrity of input:

1. Forms Design. Source documents and other forms should be designed to help ensure that

errors and omissions are minimized.

Prenumbered Forms. Prenumbering forms improves control by making it possible to verify that none is missing.

Turnaround Documents. A turnaround document is a record of company data sent to

an external party and then returned by the external party to the system as input.

2. Cancellation and Storage of Documents. Documents that have been entered into the system should be cancelled so they cannot be inadvertently or fraudulently reentered into the system. Paper documents should be defaced, for example, by stamping them “paid.” Electronic documents can be similarly “cancelled” by setting a flag field to indicate that the document has already been processed.

3. Authorization and Segregation of Duties. Source documents should be prepared only by

authorized personnel acting within their authority. 4. Visual Scanning. Source documents should be scanned for reasonableness and propriety

before being entered into the system.


Course Syllabus

Data Entry Controls The following tests are used to validate input data:

1. A Field Check determines if the characters in a field are of the proper type.

2. A Sign Check (+/-) determines if the data in a field have the appropriate arithmetic sign.

3. A Limit Check tests a numerical amount to ensure that it does not exceed a predetermined value.

4. A Range Check is similar to a limit check except that it has both upper and lower limits.

5. A Size Check ensures that the input data will fit into the assigned field.

6. A Completeness Check on each input record determines if all required data items have been entered.

7. A Validity Check compares the ID code or account number in transaction data with similar data in the master file to verify that the account exists.

8. A Reasonableness Test determines the correctness of the logical relationship between two data items.

9. Check Digit Verification. Authorized ID numbers (such as an employee number) can contain a check digit that is computed from the other digits. For example, the system could assign each new employee a nine-digit number, then calculate a tenth digit from the original nine and append that calculated to the original nine to form a ten-digit ID number.

Output Controls Careful checking of system output provides additional control over processing integrity. Important output controls include:

1. User review of output. Users should carefully examine system output for reasonableness,

completeness, and that they are the intended recipient.

2. Reconciliation procedures. Periodically, all transactions and other system updates should be reconciled to control reports, file status/update reports, or other control mechanisms. In addition, general ledger accounts should be reconciled to subsidiary account totals on a regular basis.

3. External data reconciliation. Database totals should periodically be reconciled with data maintained outside the system. For example, the number of employee records in the payroll file can be compared with the total from human resources to detect attempts to add fictitious employees to the payroll database.

Availability Reliable systems and information are available for use whenever needed.


Course Syllabus

Threats to system availability originate from many sources, including:

1. Hardware and software failures.

2. Natural and man-made disasters.

3. Human error.

4. Worms and viruses.

5. Denial-of-service attacks and other acts of sabotage.

The Nature of Auditing Auditing is a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between those assertions and established criteria and communicating the results to interested users. Auditors used to audit around the computer and ignore the computer and its programs. Types of Internal Auditing Work

1. Financial audit

2. Information systems, or internal control audit

3. Operational, or management audit

Four auditing stages and activities:

1. Auditing Planning

The purpose of audit planning is to determine why, how, when, and by whom the audit will be performed.

2. Collection of Audit Evidence

3. Evaluation of Audit Evidence

4. Communication of Audit Results (the audit report)

The auditor prepares a written (and sometimes oral) report summarizing the audit findings and recommendations.

Information Systems Audits The purpose of an information systems audit is to review and evaluate the internal controls that protect the system. In conducting accounting information system audits, auditors should determine if the following objectives are met:


Course Syllabus

1. Security provisions protect computer equipment, programs, communications, and data from unauthorized access, modification, or destruction.

2. Program development and acquisition are performed in accordance with management’s general and specific authorization.

3. Program modifications have management’s authorization and approval.

4. Processing of transactions, files, reports, and other computer records is accurate and complete.

5. Source data that are inaccurate or improperly authorized are identified and handled according to prescribed managerial policies.

6. Computer data files are accurate, complete, and confidential.

Computer Software A number of computer programs, called computer audit software (CAS) or generalized audit software (GAS), have been written especially for auditors.

General Audit Software is software designed to read, process, and write data with the help of functions performing specific audit routines and with self-made macros. It is a tool in applying Computer Assisted Auditing Techniques. A function of generalized audit software includes importing computerized data; thereafter other functions can be applied. Two of the most popular are Audit Control Language (ACL) and IDEA.

Operational Audits of an Accounting Information System The techniques and procedures used in operational audits are similar to audits of information systems and financial statements. The basic difference is that the scope of the information systems audit is confined to internal controls, whereas the scope of the financial audit is limited to systems output. In contrast, the scope of the operational audit is much broader, encompassing all aspects of information systems management. The evidence collection, during the audit preliminary survey, includes the following activities:

1. Reviewing operating policies and documentation

2. Confirming procedures with management and operating personnel

3. Observing operating functions and activities

4. Examining financial and operating plans and reports

5. Testing the accuracy of operating information

6. Testing controls


Course Syllabus


1. Identify and explain controls designed to ensure processing integrity and systems availability.

2. Describe the scope and objectives of audit work, and identify the major steps in the audit process.

3. Identify the objectives of an information system audit, and describe the four-step approach necessary for meeting these objectives.

4. Design a plan for the study and evaluation of internal control in an AIS.

5. Describe computer audit software, and explain how it is used in the audit of an AIS.

6. Describe the nature and scope of an operational audit.

Reading



Assignments


1. What is the difference between using check digit verification and a validity check to test the

accuracy of an account number entered on a transaction record?

2. For each of the three basic options for replacing IT infrastructure (cold sites, hot sites, and real-time mirroring) give an example of an organization that could use that approach as part of its DRP.

3. What are some business processes for which an organization might use batch processing?

4. Why do you think that surveys continue to find that a sizable percentage of organizations either do not have formal disaster recovery and business continuity plans or have not tested and revised those plans for more than a year?

5. Auditing an AIS effectively requires that an auditor have some knowledge of computers and their accounting applications. However, it may not be feasible for every auditor to be a


Course Syllabus

computer expert. Discuss the extent to which auditors should possess computer expertise to be effective auditors.

6. Should internal auditors be members of systems development teams that design and implement an AIS? Why or why not?

7. At present, no Berwick employees have auditing experience. To staff its new internal audit function, Berwick could (a) train some of its computer specialists in auditing, (b) hire experienced auditors and train them to understand Berwick’s information system, (c) use a combination of the first two approaches, or (d) try a different approach. Which approach would you support, and why?

8. The assistant finance director for the city of Tustin, California, was fired after city officials discovered that she had used her access to city computers to cancel her daughter’s $300 water bill. An investigation revealed that she had embezzled a large sum of money from Tustin in this manner over a long period. She was able to conceal the embezzlement for so long because the amount embezzled always fell within a 2% error factor used by the city’s internal auditors. What weaknesses existed in the audit approach? How could the audit plan be improved? What internal control weaknesses were present in the system? Should Tustin’s internal auditors have discovered this fraud earlier?

9. Lou Goble, an internal auditor for a large manufacturing enterprise, received an anonymous note from an assembly-line operator who has worked at the company’s West Coast factory for the past 15 years. The note indicated that there are some fictitious employees on the payroll as well as some employees who have left the company. He offers no proof or names. What computer-assisted audit technique could Lou use to help him substantiate or refute the employee’s claim?

10. Explain the four steps of the risk-based audit approach, and discuss how they apply to the overall security of a company.

Professional Development Question You are the director of internal auditing at a university. Recently, you met with Issa Arnita, the manager of administrative data processing, and expressed the desire to establish a more effective interface between the two departments. Issa wants your help with a new computerized accounts payable system currently in development. He recommends that your department assume line responsibility for auditing suppliers’ invoices prior to payment. He also wants internal auditing to make suggestions during system development, assist in its installation, and approve the completed system after making a final review.

Would you accept or reject each of the following? Why?

a. The recommendation that your department be responsible for the pre-audit of supplier's invoices.

b. The request that you make suggestions during system development.

c. The request that you assist in the installation of the system and approve the system after making a final review.


Course Syllabus

Take the Lesson Five Quiz



Course Syllabus

Lesson 6 – Accounting Information Systems Applications: The Revenue and Expenditure Cycles

Introduction The revenue cycle is a recurring set of business activities and related information processing operations associated with providing goods and services to customers and collecting cash in payment for those sales. Refer to Figure 12-2 on page 332 for the context diagram of the revenue cycle

Revenue Cycle Business Activities Figure 10-3 on page 372 shows the four basic business activities performed in the revenue cycle.

1. Sales order entry

2. Shipping

3. Billing

4. Cash collections

The revenue cycle’s primary objective is to provide the right product in the right place at the right time for the right price.

To accomplish that objective, management must make the following key decisions:

1. To what extent can and should products be customized to individual customers’ needs and desires?

2. How much inventory should be carried, and where should that inventory be located?

3. How should merchandise be delivered to customers? Should the company perform the shipping function itself or outsource it to a third party that specializes in logistics?

4. What are the optimal prices for each product or service?

5. Should credit be extended to customers?

6. How much credit should be given to individual customers?

7. What credit terms should be offered?

8. How can customer payments be processed to maximize cash flow?

Control Objectives, Threats, and Procedures In the revenue cycle, a well-designed accounting information system should provide adequate controls to ensure that the following objectives are met:


Course Syllabus

1. All transactions are properly authorized.

2. All recorded transactions are valid (actually occurred).

3. All valid, authorized transactions are recorded.

4. All transactions are recorded accurately.

5. Assets, (cash, inventory, and data) are safeguarded from loss or theft.

6. Business activities are performed efficiently and effectively.

Revenue Cycle Information Needs

Effective management of revenue cycle activities requires timely access to accurate information. Operational data are needed to monitor performance and to perform the following recurring tasks:

1. Respond to customer inquiries about account balances and order status.

2. Decide whether to extend credit to a particular customer.

3. Determine inventory availability.

4. Select methods for delivering merchandise.

In addition, current and historical information is needed to enable management to make the following strategic decisions:

1. Setting prices for products and services.

2. Establishing policies regarding sales returns and warranties.

3. Deciding what types of credit terms to offer.

4. Determining the need for short-term borrowing.

5. Planning new marketing campaigns.

The expenditure cycle is a recurring set of business activities and related data processing operations associated with the purchase of and payment for goods and services. Figure 11-1 on page 418 provides a context diagram of the expenditures cycle. Note that the expenditures cycle involves the revenue cycle, inventory cycle, various departments involved in requesting items to be ordered, and receiving the items and the production cycle.

The primary objective of the expenditure cycle is to minimize the total cost of acquiring and maintaining inventories, supplies, and the various services the organization needs to function. Expenditure Cycle Business Activities Figure 13-2 on page 373 provides a level 0 data flow diagram for the expenditure cycle.


Course Syllabus

Three basic business activities in the expenditure cycle:

1. Ordering goods, supplies, and services.

2. Receiving and storing goods, supplies, and services.

3. Paying for goods, supplies, and services.

Expenditure Cycle Information Needs The following information is needed for the following operational tasks in the expenditure cycle:

1. Determine when and how much additional inventory to order.

2. Select the appropriate suppliers from whom to order.

3. Verify the accuracy of vendor invoices.

4. Decide if purchase discounts should be taken.

5. Monitor cash flow needs to pay outstanding obligations.

The AIS needs to provide information to evaluate the following:

1. Purchasing efficiency and effectiveness.

2. Supplier performance.

3. Time taken to move goods from receiving to production.

4. Percent of purchase discounts taken.

Control Objectives, Threats, And Procedures In the expenditure cycle (or any cycle), a well-designed AIS should provide adequate controls to ensure that the following objectives are met:

1. All transactions are properly authorized.

2. All recorded transactions are valid.

3. All valid and authorized transactions are recorded.

4. All transactions are recorded accurately.

5. Assets are safeguarded from loss or theft.

6. Business activities are performed efficiently and effectively.

7. The company is in compliance with all applicable laws and regulations.

8. All disclosures are full and fair.


Course Syllabus


1. Describe the basic business activities and related information processing operations performed in the revenue cycle and expenditure cycle.

2. Discuss the key decisions that need to be made in the revenue cycle and expenditure cycle and identify the information needed to make those decisions.

3. Identify major threats in the revenue cycle and expenditure cycle and evaluate the adequacy of

various control procedures for dealing with those threats.

Reading



Assignments


1. Customer relationship management systems hold great promise, but their usefulness is

determined by the amount of personal data customers are willing to divulge. To what extent do you think concerns about privacy-related issues affect the use of CRM systems?

2. Some products, like music and software, can be digitized. How does this affect each of the four main activities in the revenue cycle?

3. Many companies use accounts receivable aging schedules to project future cash inflows and bad-debt expense. Review the information typically presented in such a report (see Figure 12-8). Which specific metrics can be calculated from those data that might be especially useful in providing early warning about looming cash flow or bad-debt problems?

4. Table 12-1 suggests that restricting physical access to inventory is one way to reduce the threat of theft. How can information technology help accomplish that objective?

5. The use of some form of electronic “cash” that would provide the same kind of anonymity for e-commerce that cash provides for traditional physical business transactions has been discussed for a long time. What are the advantages and disadvantages of electronic cash to customers? To

businesses? What are some of the accounting implications of using electronic cash?


Course Syllabus

6. In chapter 13 and in Chapter 12 the controller of AOE played a major role in evaluating and recommending ways to use IT to improve efficiency and effectiveness. Should the company’s chief information officer make these decisions instead? Should the controller be involved in making these types of decisions? Why or why not?

7. Companies such as Wal-Mart have moved beyond JIT to VMI systems. Discuss the potential advantages and disadvantages of this arrangement. What special controls, if any, should be developed to monitor VMI systems?

8. Procurement cards are designed to improve the efficiency of small noninventory purchases. What controls should be placed on their use? Why?

9. In what ways can you apply the control procedures discussed in this chapter to paying personal debts (e.g., credit card bills)?

10. Should every company switch from the traditional 3-way matching process (purchase orders, receiving reports, and supplier invoices) to the 2-way match (purchase orders and receiving reports) used in Evaluate Receipt Settlement (ERS)? Why (not)?

Professional Development Question Match threats in the first column to appropriate control procedures in the second column. More than one control may be applicable.

Threat

Control Procedure

1. __ Failing to take available purchase discounts for prompt payment.

a. Only accept deliveries for which an approved purchase order exists.

2. __ Recording and posting errors in accounts payable.

b. Document all transfers of inventory.

3. __ Paying for items not received. c. Restrict physical access to inventory.

4. __ Kickbacks. d. File invoices by due date.

5. __ Theft of inventory. e. Maintain a cash budget.

6. __ Paying the same invoice twice. f. Automated comparison of total change in cash to total changes in accounts payable.

7. __ Stockouts. g. Adopt a perpetual inventory system.

8. __ Purchasing items at inflated prices. h. Require purchasing agents to disclose financial or personal interests in suppliers.

9. __ Misappropriation of cash. i. Require purchases to be made only from


Course Syllabus

approved suppliers.

10. __ Purchasing goods of inferior quality. j. Restrict access to the supplier master data.

11. __ Wasted time and cost of returning unordered merchandise to suppliers.

k. Restrict access to blank checks.

12. __ Accidental loss of purchasing data. l. Only issue checks for a complete voucher package (receiving report, supplier invoice, and purchase order).

13. __ Disclosure of sensitive supplier information (e.g., banking data).

m. Cancel or mark “Paid” all supporting documents in a voucher package when a check

is issued.

n. Regular backup of the expenditure cycle database.

o. Train employees how to respond properly to gifts or incentives offered by suppliers.

p. Hold purchasing managers responsible for costs of scrap and rework.

q. Reconciliation of bank account by someone other than the cashier.

Take the Lesson Six Quiz

Your results on the quiz do not affect your grade for the course. Quizzes are designed to help you to

learn important concepts in the Lesson and prepare you for the Final Examination. You may take the quiz as many times as you wish.


Course Syllabus

Lesson 7 – The Production, Human Resource Management and Payroll Cycles, General Ledger and Reporting System

Introduction The production cycle is a recurring set of business activities and related information processing operations associated with the manufacture of products. Figure 14-1 on page 406 shows how the production cycle is linked to the other subsystems in a company’s AIS. A company’s AIS plays a vital role in the production cycle. Accurate and timely cost accounting information is essential input to decisions about the following:

1. Product mix (what to produce)

2. Product pricing

3. Resource allocation and planning (e.g., whether to make or buy a product, relative profitability of different products)

4. Cost management (planning and controlling manufacturing costs, evaluating performance)

This chapter examines the three major functions of the AIS in the production cycle:

1. Capturing and processing data about business activities

2. Storing and organizing the data to support decision making

3. Providing controls to ensure the reliability of data and the safeguarding of organizational resources

Production Cycle Activities Figure 14-2 on page 407 shows the four basic activities in the production cycle:

1. Product design

2. Planning and scheduling

3. Production operations

4. Cost accounting

Cost Accounting The final step in the production cycle is cost accounting (circle 4.0 in Figure 14-2).


Course Syllabus

The three principal objectives of the cost accounting system are:

1. Provide information for planning, controlling, and evaluating the performance of production operations.

2. Provide accurate cost data about products for use in pricing and product mix decisions.

3. Collect and process the information used to calculate the inventory and cost of goods sold values that appear in the company’s financial statements.

Information Processing Procedures Figure 12-8 on page 474 depicts a typical online AIS for the production cycle. Both systems require accumulating data about four basic kinds of costs: 1) raw materials, 2) direct labor, 3) machinery and equipment, and 4) manufacturing overhead. Control Objectives, Threats, and Procedures A second function of a well-designed AIS is to provide adequate controls to meet the following production cycle objectives:

1. All production activities and fixed asset acquisitions are properly authorized.

2. Work-in-process inventories and fixed assets are safeguarded.

3. All valid, authorized production cycle transactions are recorded.

4. All production cycle transactions are recorded accurately.

5. Accurate records are maintained and protected from loss.

6. Production cycle activities are performed efficiently and effectively.

Production Cycle Information Needs A third function of the AIS is to provide information useful for decision making. The focus must be on total quality management. Many companies have maintained the cost accounting and production

operations information system separately.

THE HUMAN RESOURCES MANAGEMENT AND PAYROLL CYCLE

The human resources management (HRM)/payroll cycle is a recurring set of business activities and related data processing operations associated with effectively managing employee workforce. The

more important tasks include:

1. Recruiting and hiring new employees

2. Training

3. Job assignment

4. Compensation (payroll)


Course Syllabus

5. Performance evaluation

6. Discharge of employees due to voluntary or involuntary termination

Tasks 1 and 6 are performed once and tasks 2 through 5 are performed repeatedly.

The HRM provides information on hirings, terminations, and pay-rate changes due to pay raises and promotions. The various departments provide data for the hours worked. The government provides the tax information and requirements. The principal output for the payroll cycle is checks.

Payroll Cycle Activities

Figure 15-4 on page 442 shows the seven basic activities performed in the payroll cycle:

1. Update payroll master file.

2. Update tax rates and deductions.

3. Validate time and attendance data.

4. Prepare payroll.

5. Disburse payroll.

6. Calculate employer paid benefits and taxes.

7. Disburse payroll taxes and miscellaneous deductions.

Payroll is an AIS application that is processed in the batch mode. Key Decisions and Information Needs The payroll system must be designed to collect and integrate cost data with other types of HR information to enable management to make the following kinds of decisions:

1. Future workforce staffing needs

2. Employee performance

3. Employee morale

4. Payroll processing efficiency and effectiveness

Control Objectives, Threats, and Procedures A second major function of the AIS in the HRM/payroll cycle is to provide adequate internal controls to ensure meeting the following objectives:

1. All payroll transactions are properly authorized.

2. All recorded payroll transactions are valid.

3. All valid, authorized payroll transactions are recorded.


Course Syllabus

4. All payroll transactions are accurately recorded.

5. Applicable government regulations regarding remittance of taxes and filing of payroll and HRM reports are met.

6. Assets (both cash and data) are safeguarded from loss or theft.

7. HRM/payroll cycle activities are performed efficiently and effectively.

GENERAL LEDGER AND REPORTING SYSTEMS

Figure 16-1 on page 464 provides a context diagram of the general ledger and reporting system.

One of the primary functions of the general ledger and reporting system is to collect and organize data from the following sources:

1. Each of the accounting cycle subsystems described in chapters 10 through 13 provides information about regular transactions.

2. The treasurer provides information about financing and investing activities, such as the issuance or retirement of debt and equity instruments and the purchase or sale of investment securities.

3. The budget department provides budget numbers.

4. The controller provides adjusting entries.

Figure 16-2 on page 464 is a level 0 data flow diagram depicting the four basic activities performed by the general ledger and reporting system.

Circle 1.0 Update general ledger Circle 2.0 Post adjusting entries Circle 3.0 Prepare financial statements Circle 4.0 Produce managerial reports

Control Objectives, Threats, and Procedures The control objectives in the general ledger and reporting system are similar to those in the other AIS cycles discussed in previous chapters.

1. All updates to the general ledger are properly authorized.

2. All recorded general ledger transactions are valid.

3. All valid, authorized general ledger transactions are recorded.

4. All general ledger transactions are accurately recorded.

5. General ledger data are safeguarded from loss or theft.

6. General ledger system activities are performed efficiently and effectively.


Course Syllabus

The Balanced Scorecard The balance scorecard is a report that provides a multidimensional perspective of organizational performance. A balanced scorecard contains measures reflecting four perspectives of the organization; 1) financial, 2) customer, 3) internal operations, and 4) innovation and learning.


1. Describe the major business activities and related information processing operations performed in the production cycle and the human resources management (HRM)/payroll cycle.

2. Identify major threats in the production cycle and HRM/payroll cycle and evaluate the adequacy

of various control procedures for dealing with those threats.

3. Discuss the key decisions that must be made in the production cycle and HRM/payroll cycle and identify the information required to make those decisions.

4. Describe the information processing operations required to update the general ledger and to produce other reports for internal and external users.

5. Identify the major threats in general ledger and reporting activities, and evaluate the adequacy of various control procedures for dealing with them.

6. Understand the implications of new IT developments, such as XBRL, for internal and external reporting.

7. Discuss how tools such as responsibility accounting, balanced scorecards, and graphs can be used to provide information managers need to effectively monitor performance.

Reading

Study Chapters 14, 15 and 16


Assignments



Course Syllabus

1. When activity-based cost reports indicate that excess capacity exists, management should either find alternative revenue-enhancing uses for that capacity or eliminate it through downsizing. What factors influence management’s decision? What are the likely behavioral side effects of each choice? What implications do those side effects have for the long-run usefulness of activity-based cost systems?

2. Why should accountants participate in product design? What insights about costs can accountants contribute that differ from the perspectives of purchasing managers and engineers?

3. Some companies have eliminated the collection and reporting of detailed analyses on direct labor costs broken down by various activities. Instead, first-line supervisors are responsible for controlling the total costs of direct labor. The justification for this argument is that labor costs represent only a small fraction of the total costs of producing a product and are not worth the time and effort to trace to individual activities. Do you agree or disagree with this argument? Why?

4. This chapter noted many of the benefits that can arise by integrating the HRM and payroll databases. Nevertheless, many companies maintain separate payroll and HRM information systems. Why do you think this is so? (Hint: Think about the differences in employee background and the functions performed by the HRM and payroll departments.)

5. Some accountants have advocated that a company’s human assets be measured and included directly in the financial statements. For example, the costs of hiring and training an employee would be recorded as an asset that is amortized over the employee’s expected term of service. Do you agree or disagree? Why?

6. How could formal reports supplement and enhance what the supervisors learn by direct observation?

7. How can responsibility accounting and flexible budgets improve morale?

8. Why is the audit trail an important control?

9. The balanced scorecard measures organizational performance along four dimensions. Is it possible that measures on the customer, internal operations, and innovation and learning

dimensions could be improving without any positive change in the financial dimension? If so, what are the implications of such a pattern?

10. Do you think that mandatory standards should be developed for the design of graphs of financial data that are included in annual reports and other periodic communications to investors? Why or why not?


Course Syllabus

Professional Development Question Match the term in the left column with its appropriate definition from the right column:

1. ___ journal voucher file a. an individual financial statement item

2. ____ instance document b. evaluating performance based on controllable costs

3. ___ XBRL element c. evaluating performance by computing standards in light of actual activity levels

4. ___ Balanced Scorecard d. the set of journal entries that updated the general ledger

5. ___ XBRL extension taxonomy e. a set of files that defines XBRL elements and specifies the relationships among them

6. ____ audit trail f. a multi-dimensional performance report

7. ____ XBRL taxonomy g. a file that defines relationships among XBRL elements

8. ____ XBRL linkbase h. a file that defines the attributes of XBRL elements

9. ____ XBRL schema i. a detective control that can be used to trace changes in general ledger account balances back to source documents

10. ___ XBRL style sheet j. a file that explains how to display an XBRL instance document

11. ___ responsibility accounting k. a file that contains specific data values for a set of XBRL elements for a specific time period or point in time

12. ___ flexible budget l. a file containing a set of customized tags to define new XBRL elements that are unique to a specific organization

Take the Lesson Seven Quiz



Course Syllabus

Lesson 8 – The REA Data Model

Introduction

Database Design Process Figure 17-1 on page 494 shows the five basic steps in database design.

1. Systems Analysis.

2. Conceptual Design.

3. Physical Design.

4. Implementation and Conversion.

5. Operation and Maintenance. An entity-relationship (E-R) diagram is a graphical technique for portraying a database schema.

The REA Data Model The REA data model was developed for use in designing AIS. The REA data model focuses on the business semantics underlying an organization’s value chain activities. Three Basic Types of Entities The REA data model is so named as it has three distinct categories:

1. R—resources the organization acquires and uses.

2. E—events (business activities) in which the organization engages.

3. A—agents participating in these events.

Developing an REA diagram for a specific transaction cycle consists of the following three steps:

1. Identify the events about which management wants to collect information.

2. Identify the resources affected by each event and the agents who participate in those events.

3. Determine the cardinalities of each relationship.

Business Meaning of Cardinalities The information that reflects facts about the organization and its business practices is obtained during the systems analysis and conceptual design stages of the database design process. Integrating REA Diagrams across Cycles

There are now five rules for integrated REA diagrams:


Course Syllabus

1. Every event must be liked to at least one resource.

2. Every event must be linked to two agents who participate in that event.

3. Every event that involves the disposition of a resource must be linked to an event that involves

the acquisition of a resource. (This reflects the economic duality underlying “give-to-get” economic exchanges.)

4. Every resource must be linked to at least one event that increments that resource and to at least one event that decrements that resource.

5. If event A can be linked to more than one other event, but cannot be linked simultaneously to all of those other events, then the REA diagram should show that event A is linked to a minimum of 0 of each of those other events.

Implementing an REA Diagram in a Relational Database There are three steps to implementing an REA diagram in a relational database:

1. Create a table for each distinct entity in the diagram and for each many-to-many relationship.

2. Assign attributes to appropriate tables.

3. Use foreign keys to implement one-to-one and one-to-many relationships.

Using REA Diagrams to Retrieve Information from a Database In this section we refer to Figure 18-4 and Table 18-1 to show how to use completed REA diagrams

to retrieve information to evaluate performance. Chapters 17 and 18 introduced the topic of REA data modeling and explained how to implement an REA model in a relational database. Both chapters focused primarily on the rev enue and expenditure cycle activities for a typical retail organization. Chapter 19 extends those basic concepts to a variety of other types of businesses and business cycles. We begin by examining more complex models of the revenue and expenditure cycles, including some additional activities typically performed by manufacturers and

distributors and other special situations. Then we discuss several additions to the basic REA model. Next we explain how to model basic business activities in the production, HR, and financing cycles. We conclude by presenting a comprehensive integrated REA model that incorporates many of the topics presented in this chapter. Figures 19-1 and 19-2 present REA diagrams that include additional events for the revenue and expenditure cycles, respectively. Tables 19-1 and 19-2 show how to implement these models in a

relational database. Figure 19-7 integrates payroll and HR activities. The Time Worked event is necessary to calculate payroll. The Time Used event is used for cost accounting, to properly assign labor costs (in manufacturing companies, this event entity is often called “Job Operations”). All of the other events represent important HR activities.


Course Syllabus


1. Discuss the steps for designing and implementing a database system.

2. Use the REA data model to design an AIS database.

3. Examine an REA diagram and explain what it reveals about the business activities and policies of the organization being modeled.

4. Integrate separate REA diagrams for individual transaction cycles into a single comprehensive organization-wide REA diagram.

Reading



Assignments


1. Why is it not necessary to model activities such as entering information about customers or suppliers, mailing invoices to customers, and recording invoices received from suppliers as events in an REA diagram?

2. The basic REA template includes links between two events and links between events and resources and between events and agents. Why do you think the basic REA template does not include direct links between (a) two resources, (b) two agents, or (c) between resources and agents?

3. How can REA diagrams help an auditor understand a client’s business processes?

4. Why take the time to develop separate REA diagrams for each business cycle if the ultimate objective is to combine them into one integrated enterprise-wide data model? Why not just focus on the integrated model from the start?

5. Refer to Figure 18-4 and Table 18-1. How would you determine the amount of cash that Fred’s

Train Shop has at any point in time?


Course Syllabus

6. Examine Figure 18-4 and Table 18-1. Why do the Inventory, Customers, and Suppliers tables all have an attribute that contains data about the balance at the beginning of the current fiscal period?

7. Often it takes several sales calls to obtain the first order from a new customer. Why then does Figure 19-1 depict the relationship between the Call on Customer and Take Customer Order events as being 1:1?

8. How could an automobile dealer model the use of loaner cars, which it gives to customers for free whenever they drop off a vehicle for maintenance that will take longer than one day to complete?

9. In what situations would you expect to model a relationship between an agent and a resource?

10. Why is depreciation not represented as an event in the REA data model?

Professional Development Question What are the five stages of the database design process? In which stages should accountants participate? Why? Take the Lesson Eight Quiz



Course Syllabus

Lesson 9 – The Systems Development Process

Introduction

Companies in a very competitive global business world are constantly looking for new, faster, and more reliable ways of obtaining information. Companies usually change their systems for one of the following reasons:

1. Changes in user or business needs.

2. Technological changes.

3. Improved business processes.

4. Competitive advantage.

5. Productivity gains.

6. Growth.

7. Downsizing.

8. Systems integration.

9. Systems age and need to be replaced.

Developing quality, error-free software is a difficult, expensive, and time-consuming task. Most software development projects deliver less than one expects, and take more time and money than expected. Developers start cutting corners by omitting some of the basic systems development steps. Omitting these steps will only lead to disaster. The Systems Development Life Cycle

1. Systems Analysis

2. Conceptual Design

3. Physical Design

4. Implementation and Conversion

5. Operations and Maintenance As shown in Figure 20-1 several activities must be performed at various times throughout the SDLC. One such activity is planning.

Systems development planning is an important step for the following key reasons:


Course Syllabus

1. Consistency. Planning enables the system’s goals and objectives to correspond to the organization’s overall strategic plan.

2. Efficiency. Systems are more efficient, subsystems are coordinated, and there is a sound basis

for selecting new applications for development.

3. Cutting edge. The company remains abreast of the ever-present changes in information technology.

4. Lower costs. Duplication, wasted effort, and cost and time overruns are avoided. The system is less costly and easier to maintain.

5. Adaptability. Management is better prepared for future resource needs, and employees are better prepared for the changes that will occur.

Five important aspects to be considered during a feasibility study are as follows:

1. Economic feasibility. Will system benefits justify the time, money, and other resources required to implement it?

2. Technical feasibility. Can the planned system be developed and implemented using existing technology?

3. Legal feasibility. Does the system comply with all applicable federal and state laws and statutes, administrative agency regulations, and the company’s contractual obligations?

4. Scheduling feasibility. Does the organization have access to people who can design,

implement, and operate the proposed system? Can people use the system and will they use it?

Initial outlay and operating costs are summarized in Table 20-2.

1. Hardware

2. Software

3. Staff

4. Supplies and overhead

5. Maintenance/backup

6. Documentation

7. Site preparation

8. Installation

9. Conversion

10. Financial


Course Syllabus

Capital Budgeting Various feasibility measures are used to narrow the list of alternative approaches that meet system requirements. The following are three commonly used capital budgeting techniques:

1. Payback period. This is the number of years required for the net savings to equal the initial cost of the investment.

2. Net present value (NPV). All estimated future cash flows are discounted back to the present, using a discount rate that reflects the time value of money

3. Internal rate of return (IRR). The IRR is the effective interest rate that results in an NPV of zero. A project’s IRR is compared with a minimum acceptable rate to determine acceptance or rejection.

Behavioral Aspects of Change The behavioral aspects of change are crucial, because the best system will fail without the support of the people it serves. Organizations must be sensitive to and consider the feelings and reactions of persons affected by change. Why Behavioral Problems Occur

To minimize adverse behavioral reactions, one must first understand why resistance takes place. Some of the more important factors include the following:

1. Personal characteristics and background. Generally speaking, the younger and more highly educated people are, the more likely they are to accept change.

2. Manner in which change is introduced. Resistance is often a reaction to the methods of instituting change rather than to change itself.

3. Experience with prior changes. Employees who had a bad experience with prior changes are more reluctant to cooperate when future changes occur.

4. Top-management support. Employees who sense a lack of top-management support for change wonder why they themselves should endorse it.

5. Biases and natural resistance to change. People with emotional attachments to their duties or coworkers may not want to change if those elements are affected.

6. Disruptive nature of the change process. Requests for information and interviews are distracting and place additional burdens on people. These disturbances can create negative feelings toward the change that prompted them to occur.

7. Fear. Many people fear the unknown and the uncertainty accompanying change. They also fear

losing their jobs, losing respect or status, failure, technology, and automation.


Course Syllabus

Traditionally, companies have experienced the following difficulties in developing an AIS:

1. Demands for development resources are so numerous that AIS projects can be backlogged for several years.

2. A newly designed AIS does not always meet user needs.

3. The development process can take so long that the system no longer meets company needs.

4. Users are unable to specify their needs adequately.

5. Changes to the AIS are often difficult to make after requirements have been frozen into specifications.

SYSTEMS DESIGN, IMPLEMENTATION, AND OPERATION

Accountants should help keep the project on track by evaluating and measuring benefits, monitoring costs, and ensuring that the project stays on schedule. Effective systems analysis and design can ensure that developers correctly define the business problem and design the appropriate solution. Chapter 22 discusses the other four steps (see Figure 12-1) in the systems development life cycle:

1. Conceptual systems design

2. Physical systems design

3. Systems implementation and conversion

4. Operation and maintenance

Table 22-7 provides a list of important factors to consider and questions to answer during the post-

implementation review.

Factors include:

1 Goals and objectives 8 Compatibility

2 Satisfaction 9 Controls and security

3 Benefits 10 Errors

4 Costs 11 Training

5 Reliability 12 Communications

6 Accuracy 13 Organizational changes

7 Timeliness 14 Documentation


Course Syllabus


1. Describe the five phases of the systems development life cycle.

2. Summarize the various types of feasibility analysis and calculate economic feasibility.

3. Explain why system changes triggers behavioral reactions, what form does this resistance to change take, and how to avoid or minimize the resulting problems.

4. Recall the key issues and steps in systems analysis.

5. Discuss the conceptual, physical, implementation and conversion and operation and maintenance systems design processes.

Reading



Assignments


1. The approach to long-range AIS planning described in this chapter is important for large

organizations with extensive investments in computer facilities. Should small organizations with far fewer information systems employees attempt to implement planning programs? Why or why not? Be prepared to defend your position to the class.

2. While reviewing a list of benefits from a computer vendor’s proposal, you note an item that reads, “Improvements in management decision making—$50,000 per year.” How would you interpret this item? What influence should it have on the economic feasibility and the computer acquisition decision?

3. The following problem situations occurred in a manufacturing firm. What questions should you ask to understand the problem?

a. Customer complaints about product quality have increased.

b. Accounting sees an increase in the number and dollar value of bad debt write-offs


Course Syllabus

c. Operating margins have declined each of the past four years due to higher-than-expected production costs from idle time, overtime, and reworking products

4. What is the accountant’s role in the computer acquisition process? Should the accountant play an active role, or should all the work be left to computer experts? In what aspects of computer acquisition might an accountant provide a useful contribution?

5. In a Midwest city of 45,000, a computer was purchased and in-house programmers began developing programs. Four years later, only one incomplete and poorly functioning application had been developed, none of software met users’ minimum requirements, and the hardware and the software frequently failed. Why do you think the city was unable to produce quality, workable software? Would the city have been better off purchasing software? Could the city have found software that met its needs? Why or why not?

6. You are a systems consultant for Ernst, Price, and Deloitte, CPAs. At your country club’s annual golf tournament, Frank Fender, an automobile dealer, describes a proposal from Turnkey Systems and asks for your opinion. The system will handle inventories, receivables, payroll, accounts payable, and general ledger accounting. Turnkey personnel would install the $40,000 system and train Fender’s employees. Identify the major themes you would touch on in responding to Fender. Identify the advantages and disadvantages of using a turnkey system to operate the organization’s accounting system.

7. Sara Jones owns a rapidly growing retail store that faces stiff competition due to poor customer service, late and error-prone billing, and inefficient inventory control. To continue its growth, its AIS must be upgraded but Sara is not sure what it wants the AIS to accomplish. Sara has heard about prototyping, but does not know what it is or whether it would help. How would you explain prototyping to Sara? Include an explanation of its advantages and disadvantages as well as when its use is appropriate.

8. You are a consultant advising a firm on the design and implementation of a new system. Management has decided to let several employees go after the system is implemented. Some have many years of company service. What are some of the actions you going to advise them to take?

9. How would you advise management to communicate this decision to the affected employees? To the entire staff?

10. Prism Glass is converting to a new information system. To expedite and speed up implementation, the CEO asked your consulting team to postpone establishing standards and controls until after the system is fully operational. How should you respond to the CEO’s request?


When a company converts from one system to another, many areas within the organization are affected. Explain how conversion to a new system will affect the following groups, both individually and collectively. a. Personnel

b. Data Storage


Course Syllabus

c. Operations

d. Policies and Procedures

e. Physical Facilities

Take the Lesson Nine Quiz


ACC425 â€“ Accounting Information Systems

Documents

Transcript of ACC425 â€“ Accounting Information Systems