ACTG 474 Notes PDF
Document Details
Tags
Summary
These notes cover different aspects of information systems and accounting including the components of a system, data, information, and different types of decisions.
Full Transcript
Chapter 1 Notes System- A set of two or more interrelated components that interact to achieve a goal and are usually composed of smaller subsystems 1. Subsystem- is designed to achieve one or more organizational goals and so any changes made to one subsystem can not...
Chapter 1 Notes System- A set of two or more interrelated components that interact to achieve a goal and are usually composed of smaller subsystems 1. Subsystem- is designed to achieve one or more organizational goals and so any changes made to one subsystem can not occur without considering the effect it would have on the other subsystems A. Goal conflict- occurs when a subsystems goals are consistent with the goals of another subsystem or with the system as a whole B. Goal congruence- occurs when a subsystem achieves its goals while contributing to the organization’s overall goal Data- Are facts that are collected, recorded, stored, and processed by an information system Information- Are data that have been processed and organized to provide meaning and improve the decision-making process Information overload- occurs when those limits are surpassed, resulting in a decline in decision making quality and an increase in the cost of providing that information Value of information- Is the benefit produced by the info minus the costs of producing it Business process- A set of related and structured activities and tasks that are performed by a person, computer or machine Transaction- An agreement between two entities to exchange goods or services or any other event that can be measured in economic terms by an organization 1. Transactional processing- A process that begins with capturing transaction data and ends with informational output such as financial statements Give-Get Exchange- Many business activities are pairs of events Revenue Cycle- Where goods and services are sold for cash or a future promise to receive cash Expenditure cycle- Where companies purchase inventory for resale or raw materials to use in producing products in exchange for cash or a future promise to pay cash Production or Conversion Cycle- Where raw material are transformed into finished products Human resources/Payroll- Where employees are hired, trained, compensated, evaluated, promoted, and terminated Financing Cycle- Where companies see shares in the company to investors, borrow money and where investors are paid dividends and interest is paid on loans Information Systems Need 1. Language and Number System 2. Storage Medium (From papers to computers) 3. Data Processing (In today’s society its structured query language) The problem with humans is that they are prone to error which lead to double entry accounts(debits/credits) Accounting Information Systems Functions 1. Creating/collecting and storing data 2. Processes data into info for decision making 3. Provides control to ensure that A. Data is reliable-free from error/bias B. Data and other assets are safeguarded Six Components of AIS 1. The people who use the system 2. The procedures and instructions used to collect, process, and store data 3. The data about the organization and its business activities 4. The software used to process the data 5. The information technology infrastructure including the companies, peripheral devices, and network communication devices used in AIS 6. The internal controls and security measures that safeguard AIS AIS Can Help Improve Decision- Making 1. Identify situations requiring management action 2. It can reduce uncertainty and thereby provide a basis for choosing among alternative actions 3. It can store information about the results of previous decisions which provides valuable feedback that can be used to improve future decisions Data 1. Facts, measurements, numbers, letters, etc Info 1. Organized(processed) data that lends meaning Types of Decisions 1. Structured A. An example of this is the economic order quantity B. Easy to automate C. Example: Approval of credit cards 2. Semi Structured A. Decision model with subjective features B. Experience & judgment budgeting C. Example: if the market is changing and how that will affect the company’s expenses & sales 3. Unstructured A. Non-routine, no clear decision model B. Expert systems C. Example: What is the best market to enter? D. How do you define best? Most profitable or most aligned with the company is doing and its objectives Business Strategy in relation to Accounting Information Systems 1. Strategy Spectrum 2. Strategic Positions A. Access based- geography, rural area, a. Carmike Cinemas- need to keep track of local communities B. Needs- based a. IKEA- need to track a lot of different things b. Lots of things for particular group C. Variety Based a. Staples- specific inventory but has lots of details b. Just Tires c. Subset of the industry Strategic Analysis Primary Activities of the Value Chain- AIS optimizes all of this 1. Inbound Logistics-stores A. How does the company get materials and inventory into their company 2. Operations A. Convert inputs into desired products 3. Outbound Logistics A. How the company handles sending their goods to their customer- delivery/online ordering 4. Sales/Marketing-advertising A. Make sure that the potential customers are aware of the company’s products 5. Post Sales Support A. How the company continues to support their customers and products Support Activities 1. Firm Infrastructure- Accounting, finance, legal and general administration activities that allow an organization to function, AIS 2. Human resources- Activities include recruiting, hiring, training, and compensating employees 3. Technology activities- Activities that improve a product or service 4. Purchasing- Activities procure raw materials, supplies, machinery, and the buildings used to carry out the primary activities Chapter 2 Notes Data Processing Cycle- The operations performed on data to generate meaningful and relevant info 1. Data Input- Obtaining transaction data and entering them into the system and must collect data regarding three facets of business activities A. Each activity of interest B. The resources affected by each activity C. The people who participate in each activity 2. Make sure captured data are accurate and complete A. One way to do this is to use source data automation or turn around documents and data entry screens 3. Make sure company policies are being followed such as approving or verifying a transaction General Ledger- Control account 1. Data in ledgers are organized logically using coding techniques 2. Coding is the systematic assignment of numbers or letters to classify and organize them A. Sequence codes- Items that are numbered consecutively to account for all items B. Block code- Blocks of numbers are reserved for specific categories of data C. Group codes- Two or more subgroups of digits used to code items are often used in tandem with block codes D. Mnemonic codes- Letters and numbers are interspersed to identify an item Audit Trail- A traceable path of a transaction through a data processing system from the point of origin to final output or reverse 1. Turnaround documents- Are company output sent to an external party who often adds to the document and then are returned to the company as an input document Source Data Automation- Devices that capture transaction data in the machine readable form of the time and place of their origin Data Processing Activities 1. Creating- New data records 2. Reading-Retrieving or viewing existing data 3. Updating- Previously stored data 4. Deleting data- Data such as purging the vendor master file of all inventors the company no longer does business with Batch processing- Updating data periodically 1. Cheaper and more efficient 2. Data is current and more accurate only immediately after processing 3. Typically used for applications like payroll that do not need frequent updating Online Real Time Processing 1. Ensures that data is always current 2. More accurate as well because data input errors can be corrected in real time Enterprise Resource Planning Systems 1. Integrate all aspects of a company’s operations with a traditional AIS thereby avoiding the problems of having multiple systems by creating a separate system to record info not stored in AIS systems which creates redundancy or discrepancies if data is changed in one of the systems but not the other A. Use a centralized database to share info across business processes and coordinate activities Internal control is a process( a series of steps) that gives reasonable assurance (not absolute) that the firm’s objectives are achieved 1. Safeguard assets- No stealing 2. Ensure accurate and reliable accounting and other info 3. Improve operational efficiency 4. Promote adherence to managerial policies dress codes 5. Financial statements are types of internal controls Corrective- Identify and correct problems etc Detective- Discover problems that were not prevented (taste testing) Preventative- Deter problems before they arise ( segregation of duties) Threats to Control Objectives- Natural Diasters (why do we need internal controls in the first place) 1. Hardware Malfunctions- Credit card processors 2. Unexpected loss of personnel, death, illness, more jobs, maternity leave 3. Loss Data- Similar to hardware malfunctions 4. Intentional Acts- Internal and external hackers Sarbanes Oxley (SOX) 1. What does SOX do? I. It changes the law governing auditing and corporate responsibility 2. Who does it Affect? I. Board of Directors II. C- Level Executives (CFO, COO) III. Auditors 3. Who Benefits Created the Public COmpany Accounting Oversight Board to oversee the auditing profession 1. Regulates auditors more closely I. Auditors must report more closely to Audit Committee II. Prohibits much add-on consulting work 2. Regulates board of directors more closely I. Audit committee must be on the board of directors II. Audit committee members must be independent of the company 3. Regulates management more closely I. Certify the financial statements and carry legal liability II. Provide more financial statement disclosures III. Rule 404- issue a report about company’s internal control system and publicly evaluate their company’s IC system using internal control best practices framework and reported material weaknesses Enterprise Risk Management 1. Developed by COSO (Committee of Sponsoring Organizations of the Treadway Commission) 2. ERM was an attempt to develop a standardized comprehensive framework for internal controls ERM Framework 1. Internal Environment (tone at the top) I. The people side of things 01. Management’s philosophy and risk profile 02. Board of directors- are they just yes men or women and agree with whatever the ceo decides 03. Integrity and ethics- violates policy/laws 2. Objective Setting I. Strategic Planning- what does the company want to accomplish 01. Example: Rivian wants to produce trucks at the lowest cost possible 02. Risk appetite- Gambling so you have a 03. Risk Tolerance- How much money you would be willing to lose 3. Event Identification I. Events that could affect your strategy especially negative occurrences II. What are some events that may affect the cost of Rivian’s trucks? 01. Exchange rates 02. Competitors 03. Regulation 4. Risk Assessment I. Likelihood- chance that the negative event will occur II. Impact (Exposure)- Dollar loss from negative event if it occurs I. Likelihood x Impact= Expected loss 5. Risk Response (providing reasonable assurance) I. How do we deal with the risks? (preventative, detective,corrective) 01. Identifying needed controls 02. Estimating costs and benefits of controls 03. What can be done about Residual Risk? (after the controls) 1) Accept it-move forward 2) Share it- insurance 3) Avoid it- cancel the activity 6. Control Activities I. Proper authorizations (who says yes) II. Segregation of duties(responsibilities should be divided in many ways so that no one person has so much power/control) 01. Custody- handling cash, handling inventories, tools or fixed assets, receiving checks in the mail) 1) Prevents employees from falsifying records to conceal theft of assets entrusted to them 02. Recording- preparing source documents, maintaining journals, ledgers or other files, preparing performance reports 1) Prevents an employee from falsifying records to cover up an inaccurate or false transaction that was inappropriately authorized 03. Authorization-authorizations of activities or transactions III. Adequate documents and records (prenumbered documents, copies) IV. Adequate safeguards of assets and data(strong passwords, duo, physical locks) V. Independent checks on performances (manager reviews) 7. Information and Communications I. Audit Trail- documentation that links source documents to the final numbers on the financial statements 8. Monitoring Performance- ongoing that internal controls are present/functioning properly I. Training and Supervision II. Responsibility Accounting-budgets, etc III. Conduct Internal Audits IV. Proactive Fraud Testing Chapter 3 Documentation- explains how a system works including the who, what, when, why and how of data entry, data processing, data storage, information output, and system controls Narrative descriptions- a written step by step explanation of system components and interactions Data flow diagram- a graphical description of data sources, data flows, transformation processes, data storage, and data destinations Flowchart- which is a graphical description of a system ❖ Document flowchart- which shows the flow of documents and information between department or areas of responsibility ❖ System flowchart- which shows the relationship among the input, processing, and output in an information system ❖ Program flowchart- which shows the sequence of logical operations a computer performs as it executes a program Business process diagrams- which are graphical descriptions of the business processes used by a company Sarbanes-Oxley Act of 2002 requires an internal control report in public annual reports that states that management is responsible for establishing and maintaining an adequate internal control structure and assesses the effectiveness of the company’s internal controls ❖ The auditor must evaluate management’s assessment of the company’s internal control structures and attest to its accuracy ❖ The auditor's attestation should include a specific notation about significant defects or material noncompliance found during the internal control tests Data source and data destination- entities that send or receive data that the system uses or produces Data flow- is the movement of data among processes, stores, sources, and destination Data store is a repository of data Context diagram- highest level of data flow diagrams and provides the use with a summary level view of a system Flowchart- is a pictorial analytical technique that is used to describe some aspect of an information system in a clear, concise and logical manner ❖ Input/output symbols- show input to or output from a system ❖ Processing symbols- show data processing either electronically or by hand ❖ Storage symbols- show where data is stored ❖ Flow and miscellaneous symbols- indicate the flow of data where flowcharts begin or end, where decisions are made or how to add an explanatory notes to flowcharts Document flowcharts- were developed to illustrate the flow of documents and data among areas of responsibility within an organization ❖ Can trace a document by showing where each document originates and everything that happens in between as it flows through the system Internal control flowchart- is used to describe, analyze and evaluate internal controls System flowchart- depicts the relationship among system input, processing, storage and output Program flowchart- illustrates the sequence of logical operations performed by a computer in executing a program Business process diagram- is a visual way to describe the different steps or activities in a business process Chapter 7 Threat- any potential adverse occurrence ❖ Inherent risk- the susceptibility of a set of accounts or transactions to significant control problems in the absence of internal control ❖ Residual risk- the risk that remains after management implements internal controls or some other response to risk Exposure/impact- any potential dollar loss from a threat Likelihood- the probability that it will happen Internal controls- are the processes implemented to provide reasonable assurance that the following objectives are achieved ❖ Safeguard assets-prevent or detect their unauthorized acquisition, use or disposition ❖ Maintain records in sufficient detail to report company assets, accurately and fairly ❖ Provide accurate and reliable info ❖ Prepare financial reports in accordance with established criteria ❖ Promote and improve operational efficiency ❖ Encourage adherence to prescribed managerial policies ❖ Comply with applicable laws and regulations ❖ Possess limitations: Susceptibility to simple errors, collusion, management overrides ❖ Three functions: Preventative controls- deter problems before they arise such segregating duties, controlling physical access to assets Detective controls- discover problems that are not prevented such preparing bank reconciliations Corrective controls- identify and correct problems as well as correct and recover from the resulting errors such as maintaining backup copies of files ❖ Segregated in two categories General controls- make sure an organization's control environment is stable and well managed such as IT infrastructure Application controls prevent, detect, and correct transaction errors and fraud in application programs and are concerned with the accuracy, completeness, validity Belief system- describes how a company creates value, helps employees understand management’s vision, communicates company core values and inspires employees to live by those values Boundary system- helps employees to act ethically by setting boundaries on employee behavior Diagnostic control system- measures, monitors, and compares actual company progress to budgets and performance goals Interactive control system- helps managers to focus subordinates’ attention on key strategic issues and to be more involved in their decisions Foreign Corrupt Practices Act- was passed to prevent companies from bribing foreign officials to obtain business Public Company Accounting Oversight Board- created to control the auditing profession by setting and enforcing auditing, quality control, ethics, independence and other auditing standards ❖ Auditors must report specific info to the company’s audit committee such as critical accounting policies and if top management that was recently employed by the firm within the last year worked on a an engagement for the same client prior ❖ Audit committee members must be on the company’s board of directors and be independent of the company ❖ SOX requires that the CFO and CEO certify that the financial statements and disclosures are fairly presented were reviewed by management and are not misleading and the auditors were told about all material internal control weaknesses and fraud ❖ Companies must issue a report accompanying the financial statements stating that management is responsible for establishing and maintaining an adequate internal control system Control Objectives for Information and Related Technology- consolidates control standards from many different sources into a single framework that allows management to benchmark security and control practices of IT environments ❖ Meeting stakeholder needs- ❖ Covering the enterprise end to end- integrates all IT functions and processes into company wide functions and processes ❖ Applying a single, integrated framework- ❖ Enabling a holistic approach ❖ Separating governance from management- Enterprise Risk Management- Integrated Framework- is the process the board of directors and management use to set strategy, identify events that may affect the entity, assess and manage risks and provide reasonable assurance that the company achieves its objectives and goals ❖ Internal environment/company culture- influences how organizations establish strategies and objectives, structure business activities and identify, asses and respond to risk ❖ Objective setting Strategic objectives- high level goals which are aligned with the company’s mission and support it Operation objectives- which deal with the effectiveness and efficiency of company operations determines how to allocate resources Reporting objectives- help ensure the accuracy, completeness, and reliability of company reports, improve decision making Compliance objectives- help the company comply with all applicable laws and Risk appetite- the amount of risk they are willing to accept to achieve their goals Audit committee- composed of outside independent directors who oversee the internal and external auditors and are responsible for financial reporting and regulatory compliance Management can respond to risk in one of four ways: ❖ Reduce-reduce the likelihood and impact of risk by implementing an effective system of internal controls ❖ Accept- acept the likelihood and impact of risk ❖ Share- share risk or transfer it to someone else by buying insurance, outsourcing an activity or entering into hedging transactions ❖ Avoid- avoid risk by not engaging in the activity that produces the risk which may require the company to sell a division, exit a product line or not expand as they originally planned Preventative controls are usually superior to detective controls, detective controls are usually implemented when preventative control measures fail and corrective controls are are used to help resolve a problem/issue Expected loss- mathematical product of impact and likelihood ❖ Expected loss= impact x likelihood Risks not reduced must be accepted, shared, or avoided ❖ Risks can be accepted if it is within the company’s risk tolerance ❖ Responses to reduce or share risk helps to bring residual risk into an acceptable risk tolerance range ❖ A company may choose to avoid the risk when there is no cost-effective way to bring risk into an acceptable risk tolerance range Control activities- are policies, procedures, and rules that provide reasonable assurance that control objectives are met and risk responses are carried out Authorization- often documented by signing, initializing, or entering an authorization code on a document or record ❖ Specific authorization How Can AIS Add Value? ❖ Efficiency- minimizing the time and resources used without sacrificing quality(less foul waste) ❖ Effectiveness- increasing the quality of products or services ❖ Internal controls- a process that gives reasonable assurance that the firm's objectives are achieved Aims to increase the accuracy of info and decrease undesirable behavior and follow company policy Evolution of AIS ❖ Manual- electronic storage and processing, flat files and general ledgers ❖ TPS- transaction process system ❖ Database- Database file organization, real time access, integration, of quantitative and non-quantitative data ❖ ERP- enterprise resources planning, integration of all company databases