ACTG 474 Notes PDF

Summary

These notes cover different aspects of information systems and accounting including the components of a system, data, information, and different types of decisions.

Full Transcript

Chapter 1 Notes
System- A set of two or more interrelated components that interact to achieve a goal and
are usually composed of smaller subsystems
1. Subsystem- is designed to achieve one or more organizational goals and so any
changes made to one subsystem can not occur without considering the effect it
would have on the other subsystems
A. Goal conflict- occurs when a subsystems goals are consistent with the
goals of another subsystem or with the system as a whole
B. Goal congruence- occurs when a subsystem achieves its goals while
contributing to the organization’s overall goal
Data- Are facts that are collected, recorded, stored, and processed by an information
system
Information- Are data that have been processed and organized to provide meaning and
improve the decision-making process
Information overload- occurs when those limits are surpassed, resulting in a decline in
decision making quality and an increase in the cost of providing that information
Value of information- Is the benefit produced by the info minus the costs of producing it
Business process- A set of related and structured activities and tasks that are performed
by a person, computer or machine
Transaction- An agreement between two entities to exchange goods or services or any
other event that can be measured in economic terms by an organization
1. Transactional processing- A process that begins with capturing transaction data
and ends with informational output such as financial statements
Give-Get Exchange- Many business activities are pairs of events
Revenue Cycle- Where goods and services are sold for cash or a future promise to
receive cash
Expenditure cycle- Where companies purchase inventory for resale or raw materials to
use in producing products in exchange for cash or a future promise to pay cash
Production or Conversion Cycle- Where raw material are transformed into finished
products
Human resources/Payroll- Where employees are hired, trained, compensated,
evaluated, promoted, and terminated
Financing Cycle- Where companies see shares in the company to investors, borrow
money and where investors are paid dividends and interest is paid on loans
Information Systems Need
1. Language and Number System
2. Storage Medium (From papers to computers)
3. Data Processing (In today’s society its structured query language)
The problem with humans is that they are prone to error which lead to double entry
accounts(debits/credits)
Accounting Information Systems Functions
1. Creating/collecting and storing data
2. Processes data into info for decision making
3. Provides control to ensure that
 A. Data is reliable-free from error/bias
B. Data and other assets are safeguarded
Six Components of AIS
1. The people who use the system
2. The procedures and instructions used to collect, process, and store data
3. The data about the organization and its business activities
4. The software used to process the data
5. The information technology infrastructure including the companies, peripheral
devices, and network communication devices used in AIS
6. The internal controls and security measures that safeguard AIS
AIS Can Help Improve Decision- Making
1. Identify situations requiring management action
2. It can reduce uncertainty and thereby provide a basis for choosing among
alternative actions
3. It can store information about the results of previous decisions which provides
valuable feedback that can be used to improve future decisions
Data
1. Facts, measurements, numbers, letters, etc
Info
1. Organized(processed) data that lends meaning
Types of Decisions
1. Structured
A. An example of this is the economic order quantity
B. Easy to automate
C. Example: Approval of credit cards
2. Semi Structured
A. Decision model with subjective features
B. Experience & judgment budgeting
C. Example: if the market is changing and how that will affect the company’s
expenses & sales
3. Unstructured
A. Non-routine, no clear decision model
B. Expert systems
C. Example: What is the best market to enter?
D. How do you define best? Most profitable or most aligned with the
company is doing and its objectives
Business Strategy in relation to Accounting Information Systems
1. Strategy Spectrum
2. Strategic Positions
A. Access based- geography, rural area,
a. Carmike Cinemas- need to keep track of local communities
B. Needs- based
a. IKEA- need to track a lot of different things
b. Lots of things for particular group
 C. Variety Based
a. Staples- specific inventory but has lots of details
b. Just Tires
c. Subset of the industry
Strategic Analysis Primary Activities of the Value Chain- AIS optimizes all of this
1. Inbound Logistics-stores
A. How does the company get materials and inventory into their company
2. Operations
A. Convert inputs into desired products
3. Outbound Logistics
A. How the company handles sending their goods to their customer-
delivery/online ordering
4. Sales/Marketing-advertising
A. Make sure that the potential customers are aware of the company’s
products
5. Post Sales Support
A. How the company continues to support their customers and products
Support Activities
1. Firm Infrastructure- Accounting, finance, legal and general administration
activities that allow an organization to function, AIS
2. Human resources- Activities include recruiting, hiring, training, and compensating
employees
3. Technology activities- Activities that improve a product or service
4. Purchasing- Activities procure raw materials, supplies, machinery, and the
buildings used to carry out the primary activities
Chapter 2 Notes
Data Processing Cycle- The operations performed on data to generate meaningful and
relevant info
1. Data Input- Obtaining transaction data and entering them into the system and
must collect data regarding three facets of business activities
A. Each activity of interest
B. The resources affected by each activity
C. The people who participate in each activity
2. Make sure captured data are accurate and complete
A. One way to do this is to use source data automation or turn around
documents and data entry screens
3. Make sure company policies are being followed such as approving or verifying a
transaction
General Ledger- Control account
1. Data in ledgers are organized logically using coding techniques
2. Coding is the systematic assignment of numbers or letters to classify and
organize them
A. Sequence codes- Items that are numbered consecutively to account for
all items
 B. Block code- Blocks of numbers are reserved for specific categories of
data
C. Group codes- Two or more subgroups of digits used to code items are
often used in tandem with block codes
D. Mnemonic codes- Letters and numbers are interspersed to identify an
item
Audit Trail- A traceable path of a transaction through a data processing system from the
point of origin to final output or reverse

1. Turnaround documents- Are company output sent to an external party who often adds to
the document and then are returned to the company as an input document
Source Data Automation- Devices that capture transaction data in the machine readable
form of the time and place of their origin
Data Processing Activities
1. Creating- New data records
2. Reading-Retrieving or viewing existing data
3. Updating- Previously stored data
4. Deleting data- Data such as purging the vendor master file of all inventors the
company no longer does business with
Batch processing- Updating data periodically
1. Cheaper and more efficient
2. Data is current and more accurate only immediately after processing
3. Typically used for applications like payroll that do not need frequent updating
Online Real Time Processing
1. Ensures that data is always current
2. More accurate as well because data input errors can be corrected in real time
Enterprise Resource Planning Systems
1. Integrate all aspects of a company’s operations with a traditional AIS thereby
avoiding the problems of having multiple systems by creating a separate system
to record info not stored in AIS systems which creates redundancy or
discrepancies if data is changed in one of the systems but not the other
A. Use a centralized database to share info across business processes and
coordinate activities
Internal control is a process( a series of steps) that gives reasonable assurance (not
absolute) that the firm’s objectives are achieved
1. Safeguard assets- No stealing
2. Ensure accurate and reliable accounting and other info
3. Improve operational efficiency
4. Promote adherence to managerial policies dress codes
5. Financial statements are types of internal controls
Corrective- Identify and correct problems etc
Detective- Discover problems that were not prevented (taste testing)
Preventative- Deter problems before they arise ( segregation of duties)
 Threats to Control Objectives- Natural Diasters (why do we need internal controls in the
first place)
1. Hardware Malfunctions- Credit card processors
2. Unexpected loss of personnel, death, illness, more jobs, maternity leave
3. Loss Data- Similar to hardware malfunctions
4. Intentional Acts- Internal and external hackers
Sarbanes Oxley (SOX)
1. What does SOX do?
I. It changes the law governing auditing and corporate responsibility
2. Who does it Affect?
I. Board of Directors
II. C- Level Executives (CFO, COO)
III. Auditors
3. Who Benefits
Created the Public COmpany Accounting Oversight Board to oversee the auditing
profession
1. Regulates auditors more closely
I. Auditors must report more closely to Audit Committee
II. Prohibits much add-on consulting work
2. Regulates board of directors more closely
I. Audit committee must be on the board of directors
II. Audit committee members must be independent of the company
3. Regulates management more closely
I. Certify the financial statements and carry legal liability
II. Provide more financial statement disclosures
III. Rule 404- issue a report about company’s internal control system and
publicly evaluate their company’s IC system using internal control best
practices framework and reported material weaknesses
Enterprise Risk Management
1. Developed by COSO (Committee of Sponsoring Organizations of the Treadway
Commission)
2. ERM was an attempt to develop a standardized comprehensive framework for
internal controls
ERM Framework
1. Internal Environment (tone at the top)
I. The people side of things
01. Management’s philosophy and risk profile
02. Board of directors- are they just yes men or women and agree
with whatever the ceo decides
03. Integrity and ethics- violates policy/laws
2. Objective Setting
I. Strategic Planning- what does the company want to accomplish
01. Example: Rivian wants to produce trucks at the lowest cost
possible
 02. Risk appetite- Gambling so you have a
03. Risk Tolerance- How much money you would be willing to lose
3. Event Identification
I. Events that could affect your strategy especially negative occurrences
II. What are some events that may affect the cost of Rivian’s trucks?
01. Exchange rates
02. Competitors
03. Regulation
4. Risk Assessment
I. Likelihood- chance that the negative event will occur
II. Impact (Exposure)- Dollar loss from negative event if it occurs
I. Likelihood x Impact= Expected loss
5. Risk Response (providing reasonable assurance)
I. How do we deal with the risks? (preventative, detective,corrective)
01. Identifying needed controls
02. Estimating costs and benefits of controls
03. What can be done about Residual Risk? (after the controls)
1) Accept it-move forward
2) Share it- insurance
3) Avoid it- cancel the activity
6. Control Activities
I. Proper authorizations (who says yes)
II. Segregation of duties(responsibilities should be divided in many ways so
that no one person has so much power/control)
01. Custody- handling cash, handling inventories, tools or fixed
assets, receiving checks in the mail)
1) Prevents employees from falsifying records to conceal theft
of assets entrusted to them
02. Recording- preparing source documents, maintaining journals,
ledgers or other files, preparing performance reports
1) Prevents an employee from falsifying records to cover up
an inaccurate or false transaction that was inappropriately
authorized
03. Authorization-authorizations of activities or transactions
III. Adequate documents and records (prenumbered documents, copies)
IV. Adequate safeguards of assets and data(strong passwords, duo, physical
locks)
V. Independent checks on performances (manager reviews)
7. Information and Communications
I. Audit Trail- documentation that links source documents to the final
numbers on the financial statements
8. Monitoring Performance- ongoing that internal controls are present/functioning
properly
I. Training and Supervision
 II. Responsibility Accounting-budgets, etc
III. Conduct Internal Audits
IV. Proactive Fraud Testing
Chapter 3
Documentation- explains how a system works including the who, what, when, why and
how of data entry, data processing, data storage, information output, and system
controls
Narrative descriptions- a written step by step explanation of system components and
interactions
Data flow diagram- a graphical description of data sources, data flows, transformation
processes, data storage, and data destinations
Flowchart- which is a graphical description of a system
❖ Document flowchart- which shows the flow of documents and information
between department or areas of responsibility
❖ System flowchart- which shows the relationship among the input, processing, and
output in an information system
❖ Program flowchart- which shows the sequence of logical operations a computer
performs as it executes a program
Business process diagrams- which are graphical descriptions of the business processes
used by a company
Sarbanes-Oxley Act of 2002 requires an internal control report in public annual reports
that states that management is responsible for establishing and maintaining an adequate
internal control structure and assesses the effectiveness of the company’s internal
controls
❖ The auditor must evaluate management’s assessment of the company’s internal
control structures and attest to its accuracy
❖ The auditor's attestation should include a specific notation about significant
defects or material noncompliance found during the internal control tests
Data source and data destination- entities that send or receive data that the system uses
or produces
Data flow- is the movement of data among processes, stores, sources, and destination
Data store is a repository of data
Context diagram- highest level of data flow diagrams and provides the use with a
summary level view of a system
Flowchart- is a pictorial analytical technique that is used to describe some aspect of an
information system in a clear, concise and logical manner
❖ Input/output symbols- show input to or output from a system
❖ Processing symbols- show data processing either electronically or by hand
❖ Storage symbols- show where data is stored
❖ Flow and miscellaneous symbols- indicate the flow of data where flowcharts
begin or end, where decisions are made or how to add an explanatory notes to
flowcharts
Document flowcharts- were developed to illustrate the flow of documents and data
among areas of responsibility within an organization
 ❖ Can trace a document by showing where each document originates and
everything that happens in between as it flows through the system
Internal control flowchart- is used to describe, analyze and evaluate internal controls
System flowchart- depicts the relationship among system input, processing, storage and
output
Program flowchart- illustrates the sequence of logical operations performed by a
computer in executing a program
Business process diagram- is a visual way to describe the different steps or activities in
a business process
Chapter 7
Threat- any potential adverse occurrence
❖ Inherent risk- the susceptibility of a set of accounts or transactions to significant
control problems in the absence of internal control
❖ Residual risk- the risk that remains after management implements internal
controls or some other response to risk
Exposure/impact- any potential dollar loss from a threat
Likelihood- the probability that it will happen
Internal controls- are the processes implemented to provide reasonable assurance that
the following objectives are achieved
❖ Safeguard assets-prevent or detect their unauthorized acquisition, use or
disposition
❖ Maintain records in sufficient detail to report company assets, accurately and
fairly
❖ Provide accurate and reliable info
❖ Prepare financial reports in accordance with established criteria
❖ Promote and improve operational efficiency
❖ Encourage adherence to prescribed managerial policies
❖ Comply with applicable laws and regulations
❖ Possess limitations:
Susceptibility to simple errors, collusion, management overrides
❖ Three functions:
Preventative controls- deter problems before they arise such segregating
duties, controlling physical access to assets
Detective controls- discover problems that are not prevented such
preparing bank reconciliations
Corrective controls- identify and correct problems as well as correct and
recover from the resulting errors such as maintaining backup copies of
files
❖ Segregated in two categories
General controls- make sure an organization's control environment is
stable and well managed such as IT infrastructure
Application controls prevent, detect, and correct transaction errors and
fraud in application programs and are concerned with the accuracy,
completeness, validity
 Belief system- describes how a company creates value, helps employees understand
management’s vision, communicates company core values and inspires employees to
live by those values
Boundary system- helps employees to act ethically by setting boundaries on employee
behavior
Diagnostic control system- measures, monitors, and compares actual company progress
to budgets and performance goals
Interactive control system- helps managers to focus subordinates’ attention on key
strategic issues and to be more involved in their decisions
Foreign Corrupt Practices Act- was passed to prevent companies from bribing foreign
officials to obtain business
Public Company Accounting Oversight Board- created to control the auditing profession
by setting and enforcing auditing, quality control, ethics, independence and other
auditing standards
❖ Auditors must report specific info to the company’s audit committee such as
critical accounting policies and if top management that was recently employed by
the firm within the last year worked on a an engagement for the same client prior
❖ Audit committee members must be on the company’s board of directors and be
independent of the company
❖ SOX requires that the CFO and CEO certify that the financial statements and
disclosures are fairly presented were reviewed by management and are not
misleading and the auditors were told about all material internal control
weaknesses and fraud
❖ Companies must issue a report accompanying the financial statements stating
that management is responsible for establishing and maintaining an adequate
internal control system
Control Objectives for Information and Related Technology- consolidates control
standards from many different sources into a single framework that allows management
to benchmark security and control practices of IT environments
❖ Meeting stakeholder needs-
❖ Covering the enterprise end to end- integrates all IT functions and processes into
company wide functions and processes
❖ Applying a single, integrated framework-
❖ Enabling a holistic approach
❖ Separating governance from management-
Enterprise Risk Management- Integrated Framework- is the process the board of
directors and management use to set strategy, identify events that may affect the entity,
assess and manage risks and provide reasonable assurance that the company achieves
its objectives and goals
❖ Internal environment/company culture- influences how organizations establish
strategies and objectives, structure business activities and identify, asses and
respond to risk
❖ Objective setting
 Strategic objectives- high level goals which are aligned with the
company’s mission and support it
Operation objectives- which deal with the effectiveness and efficiency of
company operations determines how to allocate resources
Reporting objectives- help ensure the accuracy, completeness, and
reliability of company reports, improve decision making
Compliance objectives- help the company comply with all applicable laws
and
Risk appetite- the amount of risk they are willing to accept to achieve their goals
Audit committee- composed of outside independent directors who oversee the internal
and external auditors and are responsible for financial reporting and regulatory
compliance
Management can respond to risk in one of four ways:
❖ Reduce-reduce the likelihood and impact of risk by implementing an effective
system of internal controls
❖ Accept- acept the likelihood and impact of risk
❖ Share- share risk or transfer it to someone else by buying insurance, outsourcing
an activity or entering into hedging transactions
❖ Avoid- avoid risk by not engaging in the activity that produces the risk which may
require the company to sell a division, exit a product line or not expand as they
originally planned
Preventative controls are usually superior to detective controls, detective controls are
usually implemented when preventative control measures fail and corrective controls are
are used to help resolve a problem/issue
Expected loss- mathematical product of impact and likelihood
❖ Expected loss= impact x likelihood
Risks not reduced must be accepted, shared, or avoided
❖ Risks can be accepted if it is within the company’s risk tolerance
❖ Responses to reduce or share risk helps to bring residual risk into an acceptable
risk tolerance range
❖ A company may choose to avoid the risk when there is no cost-effective way to
bring risk into an acceptable risk tolerance range
Control activities- are policies, procedures, and rules that provide reasonable assurance
that control objectives are met and risk responses are carried out
Authorization- often documented by signing, initializing, or entering an authorization
code on a document or record
❖ Specific authorization
How Can AIS Add Value?
❖ Efficiency- minimizing the time and resources used without sacrificing quality(less
foul waste)
❖ Effectiveness- increasing the quality of products or services
❖ Internal controls- a process that gives reasonable assurance that the firm's
objectives are achieved
 Aims to increase the accuracy of info and decrease undesirable behavior
and follow company policy
Evolution of AIS
❖ Manual- electronic storage and processing, flat files and general ledgers
❖ TPS- transaction process system
❖ Database- Database file organization, real time access, integration, of
quantitative and non-quantitative data
❖ ERP- enterprise resources planning, integration of all company databases