IT Systems in Accounting

Questions and Answers

Which of the following is a characteristic of computerized accounting systems?

• They eliminate the need for manual bookkeeping.
• They only cater to large businesses.
• Their functionality depends on the size and needs of a business. (correct)
• They are uniform in complexity across all businesses.

Small businesses typically require complex and expensive accounting software.

False (B)

Which of the following is an example of accounting software suitable for small businesses?

• Quicken (correct)
• Oracle Financials
• NetSuite
• SAP

What are the primary functions that QuickBooks is commonly used for?

invoicing, payroll, tax calculations, and financial reporting

Which of the following is a characteristic of accounting systems designed for large businesses?

They are designed to handle complex financial operations and integrate multiple departments. (A)

Which type of accounting system stores data on a centralized server and allows multiple users to access financial information from different locations?

Client/Server Accounting Systems (B)

__________ systems are fully integrated software that combines accounting, finance, supply chain management, human resources, and other business functions.

Enterprise Resource Planning (ERP)

Cloud Computing Accounting Systems are not suitable for large enterprises with multiple locations due to scalability issues.

False (B)

Match each component to its description:

Hardware = Physical components such as computers and storage devices Software = Programs and applications that enable hardware to perform tasks Data = Raw facts and figures processed into useful information Networks = Communication systems for data transfer between devices

Which of the following is considered system software?

Windows (A)

In the context of IT systems, what are 'procedures'?

Policies and protocols for using and maintaining IT systems. (B)

Which type of computer system is specifically designed to support routine business activities such as sales and purchasing?

Transaction processing systems (D)

What is the key difference between batch processing and real-time processing?

Batch processing processes transactions in groups at a scheduled time, while real-time processing processes transactions instantly. (A)

End-User Computing always strengthens data security due to the direct involvement of the IT department.

False (B)

What is a primary risk associated with End-User Computing (EUC)?

Potential for security issues and programming errors. (D)

In an IT context, an auditable trail is weakened when:

records are all electronic and can be altered without evidence of change. (D)

Why is separation of duties important in a computerized environment?

To prevent fraud and errors by requiring multiple individuals to be involved in critical processes. (D)

In a computerized environment, separation of duties is often maintained using _______ within an Enterprise Resource Planning (ERP) system.

role-based access control (RBAC)

Which of the following scenarios violates the principle of 'clearly defined responsibilities' in an IT environment?

There is no approval process for large financial transactions. (A)

Which of the following is an example of a physical control in a computerized environment?

Using keycard access to enter a server room. (D)

What does Multi-Factor Authentication (MFA) primarily enhance?

Access controls (B)

Match the example scenario with the internal control component violated:

An employee approves their own expense reimbursements. = Separation of Duties Employees use the same password for both personal and company accounts. = Access Controls Servers containing confidential customer information are stored in an unlocked room. = Physical Controls

How does encryption contribute to data security in a computerized environment?

Encryption scrambles data into a secret code so that only authorized users can read it.

Non-compliance with data protection regulations like GDPR and HIPAA does not result in legal penalties.

False (B)

Because a central database improves efficiency, it also introduces security and control risks, including the need for a _________.

Database Administrator (DBA)

Flashcards

Computerized Accounting Systems

Accounting systems that vary in complexity and functionality based on business size. Fall into small and large categories.

Small Business Systems

Accounting applications that are simple, affordable, and user-friendly, assisting with bookkeeping, invoicing, and payroll.

Large Business Systems

Accounting solutions for complex financial operations, integrating departments and providing in-depth financial analysis.

Hardware

Physical components of an IT system including computers, servers, storage, and networking.

Software

Programs enabling hardware to perform tasks, split into system and application categories .

System Software

Programs controlling hardware components and supporting application software.

Application Software

Programs designed for end-users to perform specific data processing tasks.

Data

Raw facts and figures processed into useful information; critical for IT systems.

People in IT

Users, IT administrators, analysts, and professionals who manage and interact with IT systems.

IT Procedures

Policies defining how IT systems are used and maintained.

Networks

Systems enabling data transfer between devices.

Batch Processing

Transactions grouped and processed at a scheduled time, like payroll.

Real-Time Processing

Transactions are processed instantly, such as at ATM withdrawals.

Database Storage

Important business data stored in central databases for organization and security.

End-User Computing (EUC)

Creating, editing, and analyzing data using tools (spreadsheets, reporting tools) by employees.

Electronic Commerce

Buying/selling things online, relying on secure systems for payments and customer info.

Client/Server Environments

Client devices(laptops) connect to central computers for data and resource sharing.

Access Controls

Ensuring access to information and systems is limited to users relevant to their job roles.

Multi-Factor Authentication (MFA)

Requires more than one verification method to confirm u

Encryption

Scrambling data into a secret code, readable only by authorized users with a decryption key.

Automated Transaction Verification

Banking system flags unusual transactions exceeding certain limits.

Password Policies & Login Monitoring

Forcing users to update passwords periodically, and locks accounts after failed login attempts.

Audit Trails & Logging

Financial system logs record who accesses or modifies data and when.

Exception Reports & Alerts

Alerts are generated if stock levels drop below a threshold, prompting timely restocking.

Separation of Duties

Making sure no single person has complete control over financial transactions to prevent fraud.

Study Notes

Nature of IT Based Systems

• Computerized accounting systems complexity and functionality varies depending on business' size and needs.
• Systems are generally categorized as either Small Business Systems or Large Business Systems

Small Business Accounting Systems

• Suited for simple, affordable, and user-friendly software.
• They facilitate tasks like bookkeeping, invoicing, and payroll management.
• An example of such a system is Quicken that is used by freelancers and small businesses to track personal and business expenses.
• Quicken helps with check writing, bill payments, and financial planning.
• QuickBooks is also an example, used for invoicing, payroll, tax calculations, and financial reporting as a basic general ledger system.

Large Business Accounting Systems

• Larger businesses need more advanced and scalable accounting solutions.
• These handle complex financial operations, integrate departments, and provide financial analysis.
• Systems can be client/server-based, storing data on a centralized server for multi-user access.
• Enterprise Resource Planning (ERP) systems integrate accounting, finance, supply chain management, and HR functions.
• Cloud Computing Accounting Systems are web-based, offering scalability, accessibility, and security for large enterprises with multiple locations.

Major Components of an IT System

• Hardware: physical components, like computers, servers, storage, and networking equipment.
• Software: programs enabling hardware tasks, are divided into system software and application software.
• System software: programs that control and coordinate hardware components and includes operating systems like Windows.
• Application software: programs designed for end-users like Java, to perform specific data processing tasks.
• Data: raw facts and figures processed into information and deemed a critical asset.
• People: users, IT administrators, system analysts, managing IT systems.
• Procedures: policies defining IT use and maintenance.
• Networks: systems enabling data transfer between devices and systems.

System Characteristics

• Companies use various computer systems like office automation, transaction processing, management information, decision support, expert, and enterprise-wide systems.
• Transaction processing systems are a focus in auditing and accounting and they support daily business activities like sales and purchasing.
• They range from simple general ledger packages to company-wide ERP systems.
• These systems record and process financial transactions, ensure accuracy, completeness, and timeliness in financial reporting.

IT Systems Characteristics

• Batch Processing: groups of transactions processed at scheduled times, such as payroll.
• Real-Time Processing: instant transaction processing, ex: ATM withdrawals.
• Database Storage: Businesses keep important data in central databases that improve organization and security.
• End-User Computing: employees use software like spreadsheets to create, edit, and analyze data.
• Electronic Commerce: secure and require systems for online payments and customer information.
• Client/Server Environments: computers connect to powerful central servers, sharing data and resources.

Batch Processing

• Input data is periodically gathered and processed in groups.
• An example is accumulating a day’s sales transactions to process them at the end of the day.
• It is often more efficient unlike other systems as it does not provide up-to-minute information

Database Storage/System

• Old IT systems meant the same data was saved in different places that caused unnecessary duplication and inconsistencies.
• A database system eliminates duplications by storing all data in one central place.
• Due to the centralization a Database Administrator (DBA) is needed to manage security, prevent unauthorized access, and keep data accurate.
• Security and control risks are introduced by centralized databases that improve efficiency.

Database Storage/System Audit Risks

• Data Integrity Risks consist of unauthorized database changes that leads to inaccurate or incomplete financial records.
• Access Control Risks include inadequate user access controls where unauthorized users can modify or delete critical data.
• Data Redundancy and Inconsistency involves how poor database design can lead to duplicate or inconsistent records.
• Audit Trail Weaknesses are when databases allow mass data updates, this makes it difficult to track individual transactions.
• Segregation of Duties Risks involves a single individual with extensive database privileges is able to manipulate financial records without detection.
• System Downtime and Data Loss occurs when failure in database backups or disaster recovery mechanisms that can result in permanent loss of financial data.
• Cybersecurity Threats are when databases are targets for hacking, which may lead to manipulation and data breaches.
• Compliance Risks are with non-compliance with data protection regulations (e.g., GDPR, HIPAA) which can result in legal penalties.

End User Computing

• Different user departments develop and run their own IT applications instead of relying on a central IT department.
• Due to the IT department isn't directly involved, this leads to more efficiency and flexibility.
• The lack of oversight can bring out risks associated with the security protocols and programming errors.

End User Computing - Special Audit Risks

• Data Accuracy and Integrity Issues: Manually managed spreadsheets or databases that increases errors and inconsistencies.
• Lack of Formal IT Controls: limited access controls, increasing the risk of unauthorized changes.
• Version Control Issues: different spreadsheets can lead to discrepancies in reports.
• Audit Trail Limitations: many EUC applications do not have the correct logging features, making it difficult to track changes.
• Risk of Fraud: Lack of separate duties in EUC applications that increases the risk of fraudulent modifications.
• Data Backup and Recovery Risks: lacking backup procedures, risking data loss.
• Non-Compliance with IT Policies: Employees may use unauthorized software that does not comply with the organizations IT policies.
• Scalability and Reliability Issues: EUC solutions may not be designed to handle large-scale financial data, leading to performance problems.

End User Computing - Reducing Risks

• Access Controls – Limit who can view or edit data.
• Error-Checking – Use validation tools to catch mistakes.
• Backups - Regularly save copies of important data.
• Security Measures – Use passwords and encryption to protect data.
• IT Oversight – The central IT team should still monitor and provide guidance.
• Flexibility can be balanced with security with the help of implementing controls.

IT and the Audit Trail

• A system may be either on or off-premises.
• With manual transactions sales orders are manually recorded on paper forms, authorizing credit, preparing shipping reports/invoices, recording sales, and maintaining accounts receivable records.
• With automated transations records may all be electronic. IT may be able to create, update, and delete data without evidence of change.

Internal Control in IT

• Internal control importance is not lessened in computerized environments.
• Aspects that are important would be: separation of duties, clearly defined responsibilities, physical controls, access controls, alongside control written into computer programs.
• Internal control importance is not lessened in computerized environments.
• Separation of duties ensures that no one person has complete control over all aspects of a financial or operational transaction.
• This type of system helps prevent fraud by requiring multiple individuals that are involved in critical processes.
• In a computerized environment a role-based access control (RBAC) is used within an ERP system to help maintain separation of duties.
• An accounts payable clerk can enter payment information but cannot approve transactions while a manager can approve transactions but cannot modify payment records.
• An IT administrator can manage the system but does not have access to modify financial data.
• Each employee should have a well-defined role with responsibilities that is outlined to avoid overlap and conflicts.
• Accountability is ensured and risks are minimized related to fraud, negligence, and automated workflows ensure that members can’t modify inventory records without authorization.
• Physical security measures are essential to protect hardware, software, and sensitive information from unauthorized access, theft, or damage in a computerized environment.
• An example of this would be using keycard access can only be used by authorized personnel to enter ensuring there is no unauthorized access to critical hardware and data.
• Access control ensures that users can only access information and systems relevant to their job roles.
• Modern access control systems use multi-factor authentication (MFA) and encryption to enhance security.
• MFA makes it so that one has to have extra proof to log in.
• Encryption scrambles data into a secret code is where authorized users can read it.
• Modern access control systems also keeps data safe from cyber threats with the help of MFA and Encryption.
• With computerized controls its meant to help detect and prevent errors, fraud, or unauthorized actions.
• Automated Transaction Verification - limits can automatically be flagged an additional approval before processing.
• Password Policies & Login Monitoring: An enterprise system forces users to change passwords every 90 days and locks accounts after multiple failed login attempts.
• Audit trails are able to maintain log of every transaction.
• Exception are when an inventory management system generates alerts if stock levels drop below a predefined threshold, ensuring timely restocking.

Internal Control in IT- ACCA Example

• An employee can approve their own expense reimbursements, without independent approval and this is fraud.
• Employees use the same password for both personal and company accounts, there is risk of data breaches if one account is compromised.
• There is no approval process for large financial transactions, and oversight is not provided leading to unauthorized actions going unnoticed.
• Employees are allowed to install any software on their work computers, there is regulated software which increases the risk of malware infections.
• Servers containing confidential customer information are stored in an unlocked room accessible to all employees meaning they have restricted physical access and is possible to cause data breaches.