Accounting Information Systems PDF
Document Details
Uploaded by BelievableLove
James A. Hall
Tags
Related
Summary
This book, "Accounting Information Systems", by James A. Hall, provides a comprehensive overview of accounting information systems. It covers numerous topics, including business processes and technologies used in accounting, transaction processing cycles, and internal controls. The book is designed for undergraduate students.
Full Transcript
Accounting Information Systems SEVENTH EDITION JAMES A. HALL Peter E. Bennett Chair in Business and Economics Lehigh University Accounting Information Systems, ª 2011, 2008 Cengage Learning Seventh Edition James A. Hall ALL RIGHTS RESERVE...
Accounting Information Systems SEVENTH EDITION JAMES A. HALL Peter E. Bennett Chair in Business and Economics Lehigh University Accounting Information Systems, ª 2011, 2008 Cengage Learning Seventh Edition James A. Hall ALL RIGHTS RESERVED. No part of this work covered by the copy- right herein may be reproduced, transmitted, stored or used in any form or by any means graphic, electronic, or mechanical, including but not VP/Editorial Director: Jack W. Calhoun limited to photocopying, recording, scanning, digitizing, taping, Web distribution, information networks, or information storage and retrieval Editor-in-Chief: Rob Dewey systems, except as permitted under Section 107 or 108 of the 1976 Sr. Acquisitions Editor: Matt Filimonov United States Copyright Act, without the prior written permission of the Editorial Assistant: Lauren Athmer publisher. Developmental Editor: Maggie Kubale Marketing Manager: Natalie King For more information about our products, contact us at: Marketing Coordinator: Heather McAuliffe Cengage Learning Academic Resource Center, 1-800-423-0563 Associate Content Project Manager: Jana Lewis For permission to use material from this text or product, submit a Manager of Technology, Editorial: Matt McKinney request online at http://www.cengage.com/permissions. Media Editor: Bryan England Sr. Manufacturing Buyer: Doug Wilke Production Technology Analyst: Starratt Alexander South-Western Cengage Learning, a part of Cengage Learning. Production House: Cadmus Communications Cengage, the Star logo, and South-Western are trademarks used herein under license. Printer: Edwards Brothers Art Director: Stacy Jenkins-Shirley Library of Congress Control Number: 2009938064 Marketing Communications Manager: Libby Shipp ISBN-13: 978-1-4390-7857-0 Permissions Acquisition Manager: Roberta Broyer ISBN-10: 1-4390-7857-2 Cover Designer: Itzhack Shelomi Cover Image: iStock Photo Cengage Learning 5191 Natorp Boulevard Mason, OH 45040 USA Printed in the United States of America 1 2 3 4 5 13 12 11 10 09 Brief Contents Preface xvii Part I Overview of Accounting Information Systems 1 Chapter 1 The Information System: An Accountant’s Perspective 3 Chapter 2 Introduction to Transaction Processing 41 Chapter 3 Ethics, Fraud, and Internal Control 111 Part II Transaction Cycles and Business Processes 151 Chapter 4 The Revenue Cycle 153 Chapter 5 The Expenditure Cycle Part I: Purchases and Cash Disbursements Procedures 217 Chapter 6 The Expenditure Cycle Part II: Payroll Processing and Fixed Asset Procedures 265 Chapter 7 The Conversion Cycle 305 Chapter 8 Financial Reporting and Management Reporting Systems 349 Part III Advanced Technologies in Accounting Information 395 Chapter 9 Database Management Systems 397 Chapter 10 The REA Approach to Database Modeling 459 Chapter 11 Enterprise Resource Planning Systems 489 Chapter 12 Electronic Commerce Systems 523 iii iv Brief Contents Part IV Systems Development Activities 571 Chapter 13 Managing the Systems Development Life Cycle 573 Chapter 14 Construct, Deliver, and Maintain Systems Project 605 Part V Computer Controls and Auditing 663 Chapter 15 IT Controls Part I: Sarbanes-Oxley and IT Governance 665 Chapter 16 IT Controls Part II: Security and Access 703 Chapter 17 IT Controls Part III: Systems Development, Program Changes, and Application Controls 737 Glossary 773 Index 791 Contents Preface xvii Acknowledgments xxvi Dedication xxvii Part I Overview of Accounting Information Systems 1 Chapter 1 The Information System: An Accountant’s Perspective 3 THE INFORMATION ENVIRONMENT 4 What Is a System? 5 An Information Systems Framework 7 AIS Subsystems 9 A General Model for AIS 10 Acquisition of Information Systems 14 ORGANIZATIONAL STRUCTURE 15 Business Segments 15 Functional Segmentation 16 The Accounting Function 19 The Information Technology Function 20 THE EVOLUTION OF INFORMATION SYSTEM MODELS 24 The Manual Process Model 24 The Flat-File Model 25 The Database Model 27 The REA Model 28 Enterprise Resource Planning Systems 31 THE ROLE OF THE ACCOUNTANT 31 Accountants as Users 32 Accountants as System Designers 32 Accountants as System Auditors 32 SUMMARY 33 Chapter 2 Introduction to Transaction Processing 41 AN OVERVIEW OF TRANSACTION PROCESSING 42 Transaction Cycles 42 ACCOUNTING RECORDS 44 Manual Systems 44 The Audit Trail 50 v vi Contents Computer-Based Systems 51 DOCUMENTATION TECHNIQUES 53 Data Flow Diagrams and Entity Relationship Diagrams 53 System Flowcharts 57 Program Flowcharts 64 Record Layout Diagrams 67 COMPUTER-BASED ACCOUNTING SYSTEMS 67 Differences between Batch and Real-Time Systems 68 Alternative Data Processing Approaches 69 Batch Processing Using Real-Time Data Collection 71 Real-Time Processing 74 DATA CODING SCHEMES 74 A System without Codes 74 A System with Codes 76 Numeric and Alphabetic Coding Schemes 76 SUMMARY 79 APPENDIX 80 Chapter 3 Ethics, Fraud, and Internal Control 111 ETHICAL ISSUES IN BUSINESS 112 Business Ethics 112 Computer Ethics 112 Sarbanes-Oxley Act and Ethical Issues 116 FRAUD AND ACCOUNTANTS 117 Definitions of Fraud 117 The Fraud Triangle 118 Financial Losses from Fraud 119 The Perpetrators of Frauds 120 Fraud Schemes 122 INTERNAL CONTROL CONCEPTS AND TECHNIQUES 128 SAS 78/COSO Internal Control Framework 132 SUMMARY 137 Part II Transaction Cycles and Business Processes 151 Chapter 4 The Revenue Cycle 153 THE CONCEPTUAL SYSTEM 154 Overview of Revenue Cycle Activities 154 Sales Return Procedures 160 Cash Receipts Procedures 163 Contents vii Revenue Cycle Controls 166 PHYSICAL SYSTEMS 170 MANUAL SYSTEMS 171 Sales Order Processing 171 Sales Return Procedures 174 Cash Receipts Procedures 174 COMPUTER-BASED ACCOUNTING SYSTEMS 177 Automating Sales Order Processing with Batch Technology 177 Keystroke 178 Edit Run 180 Update Procedures 180 Reengineering Sales Order Processing with Real-Time Technology 180 Transaction Processing Procedures 180 General Ledger Update Procedures 182 Advantages of Real-Time Processing 183 Automated Cash Receipts Procedures 183 Reengineered Cash Receipts Procedures 185 Point-of-Sale (POS) Systems 185 Daily Procedures 185 End-of-Day Procedures 187 Reengineering Using EDI 187 Reengineering Using the Internet 188 Control Considerations for Computer-Based Systems 188 PC-BASED ACCOUNTING SYSTEMS 190 PC Control Issues 190 SUMMARY 191 APPENDIX 192 Chapter 5 The Expenditure Cycle Part I: Purchases and Cash Disbursements Procedures 217 THE CONCEPTUAL SYSTEM 218 Overview of Purchases and Cash Disbursements Activities 218 The Cash Disbursements Systems 225 Expenditure Cycle Controls 228 PHYSICAL SYSTEMS 230 A Manual System 230 The Cash Disbursements Systems 232 COMPUTER-BASED PURCHASES AND CASH DISBURSEMENTS APPLICATIONS 234 Automating Purchases Procedures Using Batch Processing Technology 234 viii Contents Cash Disbursements Procedures 239 Reengineering the Purchases/Cash Disbursements System 240 Control Implications 242 SUMMARY 243 Chapter 6 The Expenditure Cycle Part II: Payroll Processing and Fixed Asset Procedures 265 THE CONCEPTUAL PAYROLL SYSTEM 266 Payroll Controls 274 THE PHYSICAL PAYROLL SYSTEM 275 Manual Payroll System 275 COMPUTER-BASED PAYROLL SYSTEMS 277 Automating the Payroll System Using Batch Processing 277 Reengineering the Payroll System 279 THE CONCEPTUAL FIXED ASSET SYSTEM 281 The Logic of a Fixed Asset System 281 THE PHYSICAL FIXED ASSET SYSTEM 283 Computer-Based Fixed Asset System 283 Controlling the Fixed Asset System 286 SUMMARY 288 Chapter 7 The Conversion Cycle 305 THE TRADITIONAL MANUFACTURING ENVIRONMENT 306 Batch Processing System 307 Controls in the Traditional Environment 318 WORLD-CLASS COMPANIES AND LEAN MANUFACTURING 320 What Is a World-Class Company? 320 Principles of Lean Manufacturing 320 TECHNIQUES AND TECHNOLOGIES THAT PROMOTE LEAN MANUFACTURING 322 Physical Reorganization of the Production Facilities 322 Automation of the Manufacturing Process 323 ACCOUNTING IN A LEAN MANUFACTURING ENVIRONMENT 326 What’s Wrong with Traditional Accounting Information? 326 Activity-Based Costing (ABC) 328 Value Stream Accounting 329 INFORMATION SYSTEMS THAT SUPPORT LEAN MANUFACTURING 331 Materials Requirement Planning (MRP) 331 Contents ix Manufacturing Resource Planning (MRP II) 331 Enterprise Resource Planning (ERP) Systems 333 SUMMARY 334 Chapter 8 Financial Reporting and Management Reporting Systems 349 THE GENERAL LEDGER SYSTEM 349 The Journal Voucher 350 The GLS Database 350 GLS Procedures 352 THE FINANCIAL REPORTING SYSTEM 352 Sophisticated Users with Homogeneous Information Needs 352 Financial Reporting Procedures 352 XBRL—REENGINEERING FINANCIAL REPORTING 355 XML 355 XBRL 356 The Current State of XBRL Reporting 361 CONTROLLING THE FRS 362 SAS 78/COSO Control Issues 362 Internal Control Implications of XBRL 364 THE MANAGEMENT REPORTING SYSTEM 365 FACTORS THAT INFLUENCE THE MRS 365 Management Principles 365 Management Function, Level, and Decision Type 368 Problem Structure 370 Types of Management Reports 371 Responsibility Accounting 374 Behavioral Considerations 378 SUMMARY 380 Part III Advanced Technologies in Accounting Information 395 Chapter 9 Database Management Systems 397 OVERVIEW OF THE FLAT-FILE VERSUS DATABASE APPROACH 398 Data Storage 398 Data Updating 398 Currency of Information 399 Task-Data Dependency 399 The Database Approach 399 Flat-File Problems Solved 400 x Contents Controlling Access to the Database 400 The Database Management System 400 Three Conceptual Models 401 ELEMENTS OF THE DATABASE ENVIRONMENT 401 Users 401 Database Management System 401 Database Administrator 404 The Physical Database 407 THE RELATIONAL DATABASE MODEL 407 Relational Database Concepts 408 Anomalies, Structural Dependencies, and Data Normalization 412 DESIGNING RELATIONAL DATABASES 419 Identify Entities 419 Construct a Data Model Showing Entity Associations 421 Add Primary Keys and Attributes to the Model 422 Normalize Data Model and Add Foreign Keys 422 Construct the Physical Database 423 Prepare the User Views 424 Global View Integration 427 DATABASES IN A DISTRIBUTED ENVIRONMENT 427 Centralized Databases 428 Distributed Databases 429 SUMMARY 433 APPENDIX 433 Chapter 10 The REA Approach to Database Modeling 459 THE REA APPROACH 460 The REA Model 460 DEVELOPING AN REA MODEL 462 Differences between ER and REA Diagrams 463 View Modeling: Creating an Individual REA Diagram 463 VIEW INTEGRATION: CREATING AN ENTERPRISE-WIDE REA MODEL 470 Step 1. Consolidate the Individual Models 470 Step 2. Define Primary Keys, Foreign Keys, and Attributes 475 Step 3. Construct Physical Database and Produce User Views 477 REA and Value Chain Analysis 481 REA Compromises in Practice 482 SUMMARY 482 Contents xi Chapter 11 Enterprise Resource Planning Systems 489 WHAT IS AN ERP? 490 ERP Core Applications 491 Online Analytical Processing 492 ERP SYSTEM CONFIGURATIONS 492 Server Configurations 492 OLTP Versus OLAP Servers 493 Database Configuration 496 Bolt-on Software 496 DATA WAREHOUSING 497 Modeling Data for the Data Warehouse 497 Extracting Data from Operational Databases 498 Cleansing Extracted Data 498 Transforming Data into the Warehouse Model 500 Loading the Data into the Data Warehouse Database 501 Decisions Supported by the Data Warehouse 501 Supporting Supply Chain Decisions from the Data Warehouse 502 RISKS ASSOCIATED WITH ERP IMPLEMENTATION 503 Big Bang Versus Phased-in Implementation 503 Opposition to Changes in the Business’s Culture 504 Choosing the Wrong ERP 504 Choosing the Wrong Consultant 505 High Cost and Cost Overruns 506 Disruptions to Operations 507 IMPLICATIONS FOR INTERNAL CONTROL AND AUDITING 507 Transaction Authorization 507 Segregation of Duties 508 Supervision 508 Accounting Records 508 Independent Verification 508 Access Controls 509 Internal Control Issues Related to ERP Roles 509 Contingency Planning 511 SUMMARY 512 APPENDIX 512 Chapter 12 Electronic Commerce Systems 523 INTRAORGANIZATIONAL NETWORKS AND EDI 524 INTERNET COMMERCE 524 Internet Technologies 524 xii Contents Protocols 527 Internet Protocols 528 Benefits from Internet Commerce 530 RISKS ASSOCIATED WITH ELECTRONIC COMMERCE 532 Intranet Risks 532 Internet Risks 533 Risks to Consumers 533 SECURITY, ASSURANCE, AND TRUST 539 Encryption 539 Digital Authentication 540 Firewalls 542 Seals of Assurance 542 IMPLICATIONS FOR THE ACCOUNTING PROFESSION 543 Privacy Violation 543 Continuous Auditing 544 Electronic Audit Trails 545 Confidentiality of Data 545 Authentication 545 Nonrepudiation 545 Data Integrity 545 Access Controls 545 A Changing Legal Environment 546 SUMMARY 546 APPENDIX 546 Part IV Systems Development Activities 571 Chapter 13 Managing the Systems Development Life Cycle 573 THE SYSTEMS DEVELOPMENT LIFE CYCLE 574 Participants in Systems Development 575 SYSTEMS STRATEGY 576 ASSESS STRATEGIC INFORMATION NEEDS 576 Strategic Business Needs 576 Legacy Systems 577 User Feedback 577 DEVELOP A STRATEGIC SYSTEMS PLAN 580 CREATE AN ACTION PLAN 580 The Learning and Growth Perspective 581 The Internal Business Process Perspective 582 Contents xiii The Customer Perspective 582 The Financial Perspective 582 Balanced Scorecard Applied to IT Projects 582 PROJECT INITIATION 583 SYSTEMS ANALYSIS 583 The Survey Step 583 The Analysis Step 586 CONCEPTUALIZATION OF ALTERNATIVE DESIGNS 587 How Much Design Detail Is Needed? 587 SYSTEMS EVALUATION AND SELECTION 589 Perform a Detailed Feasibility Study 589 Perform Cost-Benefit Analysis 590 Prepare Systems Selection Report 595 Announcing the New System Project 596 User Feedback 597 THE ACCOUNTANT’S ROLE IN MANAGING THE SDLC 597 How Are Accountants Involved with SDLC? 597 The Accountant’s Role in Systems Strategy 598 The Accountant’s Role in Conceptual Design 598 The Accountant’s Role in Systems Selection 598 SUMMARY 598 Chapter 14 Construct, Deliver, and Maintain Systems Project 605 IN-HOUSE SYSTEMS DEVELOPMENT 606 Tools for Improving Systems Development 606 CONSTRUCT THE SYSTEM 610 The Structured Design Approach 610 The Object-Oriented Design Approach 610 System Design 615 Data Modeling, Conceptual Views, and Normalized Tables 615 Design Physical User Views 615 Design the System Process 622 Design System Controls 625 Perform a System Design Walk-Through 625 Program Application Software 626 Software Testing 627 DELIVER THE SYSTEM 628 Testing the Entire System 628 Documenting the System 628 Converting the Databases 630 Converting to the New System 630 xiv Contents Postimplementation Review 631 The Role of Accountants 633 COMMERCIAL PACKAGES 633 TRENDS IN COMMERCIAL PACKAGES 633 Advantages of Commercial Packages 635 Disadvantages of Commercial Packages 635 CHOOSING A PACKAGE 635 MAINTENANCE AND SUPPORT 639 User Support 639 Knowledge Management and Group Memory 639 SUMMARY 640 APPENDIX 640 Part V Computer Controls and Auditing 663 Chapter 15 IT Controls Part I: Sarbanes-Oxley and IT Governance 665 OVERVIEW OF SOX SECTIONS 302 AND 404 666 Relationship between IT Controls and Financial Reporting 666 Audit Implications of Sections 302 and 404 667 IT GOVERNANCE CONTROLS 671 ORGANIZATIONAL STRUCTURE CONTROLS 671 Segregation of Duties within the Centralized Firm 672 The Distributed Model 674 Creating a Corporate IT Function 675 Audit Objectives Relating to Organizational Structure 676 Audit Procedures Relating to Organizational Structure 676 COMPUTER CENTER SECURITY AND CONTROLS 677 Computer Center Controls 677 DISASTER RECOVERY PLANNING 679 Providing Second-Site Backup 680 Identifying Critical Applications 681 Performing Backup and Off-Site Storage Procedures 681 Creating a Disaster Recovery Team 682 Testing the DRP 683 Audit Objective: Assessing Disaster Recovery Planning 683 Audit Procedures for Assessing Disaster Recovery Planning 683 OUTSOURCING THE IT FUNCTION 683 Risks Inherent to IT Outsourcing 684 Audit Implications of IT Outsourcing 685 SUMMARY 687 APPENDIX 687 Contents xv Chapter 16 IT Controls Part II: Security and Access 703 CONTROLLING THE OPERATING SYSTEM 704 Operating System Objectives 704 Operating System Security 704 Threats to Operating System Integrity 705 Operating System Controls and Test of Controls 705 CONTROLLING DATABASE MANAGEMENT SYSTEMS 710 Access Controls 710 Backup Controls 712 CONTROLLING NETWORKS 713 Controlling Risks from Subversive Threats 713 Controlling Risks from Equipment Failure 721 ELECTRONIC DATA INTERCHANGE (EDI) CONTROLS 722 Transaction Authorization and Validation 723 Access Control 724 EDI Audit Trail 724 SUMMARY 726 APPENDIX 726 Chapter 17 IT Controls Part III: Systems Development, Program Changes, and Application Controls 737 SYSTEMS DEVELOPMENT CONTROLS 738 Controlling Systems Development Activities 738 Controlling Program Change Activities 740 Source Program Library Controls 740 The Worst-Case Situation: No Controls 741 A Controlled SPL Environment 741 APPLICATION CONTROLS 745 Input Controls 745 Processing Controls 747 Output Controls 750 TESTING COMPUTER APPLICATION CONTROLS 752 Black Box Approach 753 White Box Approach 753 White Box Testing Techniques 756 The Integrated Test Facility 759 Parallel Simulation 760 SUBSTANTIVE TESTING TECHNIQUES 761 The Embedded Audit Module 761 Generalized Audit Software 763 SUMMARY 766 This page intentionally left blank Preface Welcome to the Seventh Edition T he seventh edition of Accounting Information Systems includes a full range of new and revised homework assignments and up-to-date content changes, as well as several reorganized chapters. All of these changes add up to more stu- dent and instructor enhancements than ever before. As this preface makes clear, we have made these changes to keep students and instructors as current as possible on issues such as business processes, systems development methods, IT governance and strategy, security, internal controls, and relevant aspects of Sarbanes-Oxley legislation. Focus and Flexibility in Designing Your AIS Course Among accounting courses, accounting information systems (AIS) courses tend to be the least standardized. Often the objectives, background, and orientation of the instruc- tor, rather than adherence to a standard body of knowledge, determines the direction the AIS course takes. Therefore, we have designed this text for maximum flexibility: This textbook covers a full range of AIS topics to provide instructors with flexibil- ity in setting the direction and intensity of their courses. At the same time, for those who desire a structured model, the first nine chapters of the text, along with the chapters on electronic commerce and computer controls, provide what has proven to be a successful template for developing an AIS course. Earlier editions of this book have been used successfully in introductory, advanced, and graduate-level AIS courses. The topics in this book are presented from the perspective of the managers’ and accountants’ AIS-related responsibilities under the Sarbanes-Oxley Act. Although this book was written primarily to meet the needs of accounting majors about to enter the modern business world, we have also developed it to be an effec- tive text for general business and industrial engineering students who seek a thorough understanding of AIS and internal control issues as part of their professional education. Key Features CONCEPTUAL FRAMEWORK This book employs a conceptual framework to emphasize the professional and legal responsibility of accountants, auditors, and management for the design, operation, and control of AIS applications. This responsibility pertains to business events that are nar- rowly defined as financial transactions. Systems that process nonfinancial transactions are not subject to the standards of internal control under Sarbanes-Oxley legislation. Supporting the information needs of all users in a modern organization, however, requires systems that integrate both accounting and nonaccounting functions. While xvii xviii Preface providing the organization with unquestioned benefit, a potential consequence of such integration is a loss of control due to the blurring of the lines that traditionally separate AIS from non-AIS functions. The conceptual framework presented in this book dis- tinguishes AIS applications that are legally subject to specific internal control standards. EVOLUTIONARY APPROACH Over the years, accounting information systems have been represented by a number of different approaches or models. Each new model evolved because of the shortcomings and limitations of its predecessor. An interesting feature in this evolution is that older models are not immediately replaced by the newest technique. Thus, at any point in time, various generations of legacy systems exist across different organizations and of- ten coexist within a single enterprise. Modern accountants need to be familiar with the operational characteristics of all AIS approaches that they are likely to encounter. Therefore, this book presents the salient aspects of five models that relate to both legacy and state-of-the-art systems: 1. manual processes 2. flat-file systems 3. the database approach 4. the resources, events, and agents (REA) model 5. enterprise resource planning (ERP) systems EMPHASIS ON INTERNAL CONTROLS The book presents a conceptual model for internal control based on Statement on Auditing Standards no. 78 (SAS 78) and the Committee of Sponsoring Organizations of the Treadway Commission (COSO) frameworks. This SAS 78/COSO model is used to discuss control issues for both manual processes and computer-based information systems (CBIS). Three chapters (Chapters 15, 16 and 17) are devoted to the control of CBIS. Special emphasis is given to the following areas: computer operating systems database management systems electronic data interchange (EDI) electronic commerce systems ERP systems systems development and program change processes the organization of the computer function the security of data processing centers verifying computer application integrity EXPOSURE TO SYSTEMS DESIGN AND DOCUMENTATION TOOLS This book examines various approaches and methodologies used in systems analysis and design, including: structured design object-oriented design computer-aided software engineering (CASE) prototyping Preface xix In conjunction with these general approaches, professional systems analysts and pro- grammers use a number of documentation techniques to specify the key features of sys- tems. The modern auditor works closely with systems professionals during IT audits and must learn to communicate in their language. The book deals extensively with documentation techniques such as data flow diagrams (DFDs) and entity relation- ship diagrams (ERDs), as well as system and program flowcharts. It contains numerous systems design and documentation cases and assignments intended to develop students’ competency with these tools. Significant Changes in the Seventh Edition Chapter 2, ‘‘Introduction to Transaction Processing’’ This chapter has been updated to include a discussion of data coding schemes and their role in transaction processing and AIS as a means of coordinating and managing a firm’s transactions. The chapter presents the advantages and disadvantages of the major types of numeric and alphabetic coding schemes. In the sixth edition, this material was included in Chapter 8; it was moved in this edition because of its relevance as an ele- ment of transaction processing. Chapter 3, ‘‘Ethic, Fraud, and Internal Control’’ This chapter has been revised to include the most recent research results published by the Association of Certified Fraud Examiners (ACFE). The ACFE study provides esti- mates of losses due to fraud, categorizes fraud by various factors, and creates a profile of fraud perpetrators. In addition, the chapter presents an expanded discussion of com- mon fraud schemes. Chapter 4, ‘‘The Revenue Cycle’’; Chapter 5 ‘‘The Expenditure Cycle Part I: Purchases and Cash Disbursements Procedures’’; Chapter 6, ‘‘The Expenditure Cycle Part II: Payroll Processing and Fixed Asset Procedures’’ The end-of-chapter material for these chapters has been significantly revised. This entailed revising all the end-of-chapter internal control cases and creating several new ones, In particular, great attention was given to internal control case solutions to ensure consistency in appearance and an accurate reflection of the cases in the text. In the sev- enth edition, all case solution flowcharts are numerically coded and cross-referenced to text that explains the internal control issues. This approach, which has been classroom tested, facilitates effective presentation of internal control case materials. Chapter 8, ‘‘Financial Reporting and Management Reporting Systems’’ This chapter has been revised to include a discussion of the expanding role of XBRL (Extendable Business Reporting Language). The chapter outlines the technological fea- tures of XBRL and points to the advantages it offers organizations for which online reporting of financial data has become a competitive necessity. It also presents a num- ber of internal control and audit implications that accountants should recognize. Chapter 11, ‘‘Enterprise Resource Planning Systems’’ A significant change to this chapter has been the addition of a SAP internal control case, available online to all schools that are members of the SAP University Alliance Program. This case teaches students how to navigate the SAP system and allows them to process revenue, expenditure, and conversion cycle transactions for a hypothetical company that manufactures and sells classic sports car parts and accessories. Important aspects of the case are its focuses on internal controls and on the establishment of roles in a SAP environment. xx Preface Chapter 15, ‘‘IT Controls Part I: Sarbanes-Oxley and IT Governance’’ A major new section in this chapter deals with IT outsourcing. It examines the motiva- tions and theories underlying outsourcing decisions and speaks to a number of risk issues that auditors need to understand. The chapter has also been expanded to include a discus- sion of several computer fraud techniques. Computer fraud loss estimates vary greatly among researchers. Uncertainty exists, in part, because computer fraud is itself not well defined. All agree, however, that computer fraud is a rapidly growing phenomenon. Organization and Content PART I: OVERVIEW OF ACCOUNTING INFORMATION SYSTEMS Chapter 1, ‘‘The Information System: An Accountant’s Perspective’’ Chapter 1 places the subject of accounting information systems in perspective for accountants. It is divided into four major sections, each dealing with a different aspect of information systems. The first section explores the information environment of the firm. It introduces ba- sic systems concepts, identifies the types of information used in business, describes the flow of information through an enterprise, and presents a framework for viewing accounting information systems in relation to other information systems compo- nents. The second section deals with the impact of organizational structure on AIS. The centralized and distributed models are used to illustrate extreme cases. The third section reviews the evolution of information systems models. Accounting information systems are represented by a number of different approaches or models. Five dominant models are examined: manual processes; flat-file systems; the data- base approach; the resources, events, agents (REA) model; and enterprise resource planning (ERP) systems. The final section discusses the role of accountants as users, designers, and auditors of AIS. The nature of the responsibilities shared by accountants and computer pro- fessionals for developing AIS applications are examined. Chapter 2, ‘‘Introduction to Transaction Processing’’ Chapter 2 divides the treatment of transaction processing systems into five major sec- tions. The first section provides an overview of transaction processing, showing its vital role as an information provider for financial reporting, internal management report- ing, and the support of day-to-day operations. Three transaction cycles account for most of a firm’s economic activity: the revenue cycle, the expenditure cycle, and the conversion cycle. The second section describes the relationship among accounting records in both manual and computer-based systems. The third section of the chapter presents an overview of documentation techniques used to describe the key features of systems. Five types of documentation are com- monly used: data flow diagrams, entity relationship diagrams, system flowcharts, program flowcharts, and record layout diagrams. The fourth section presents two computer-based transaction processing systems— batch processing using real-time data collection and real-time processing—and the operational efficiency issues associated with each. The final section examines data coding schemes, their role in transaction processing and AIS as a means of coordinating and managing a firm’s transactions, and the Preface xxi advantages and disadvantages of the major types of numeric and alphabetic coding schemes. Chapter 3, ‘‘Ethics, Fraud, and Internal Control’’ Chapter 3 deals with the related topics of ethics, fraud, and internal control. The chapter first examines ethical issues related to business and specifically to computer systems. The questions raised are intended to stimulate class discussions. Next, the chapter addresses fraud. There is perhaps no area of greater controversy for accountants than their responsibility to detect fraud. Part of the problem stems from confusion about what constitutes fraud. This section distinguishes between management fraud and employee fraud. The chapter presents techniques for identi- fying unethical and dishonest management and for assessing the risk of management fraud. Employee fraud can be prevented and detected by a system of internal con- trols. The section discusses several fraud techniques that have been perpetrated in both manual and computer-based environments. The results of a research study con- ducted by the Association of Certified Fraud Examiners as well as the provisions of the Sarbanes-Oxley Act are presented. The final section of the chapter describes the internal control structure and control activities specified in SAS 78/COSO. The control concepts discussed in this chapter are applied to specific applications in chapters that follow. PART II: TRANSACTION CYCLES AND BUSINESS PROCESSES Chapter 4, ‘‘The Revenue Cycle’’; Chapter 5, ‘‘The Expenditure Cycle Part I: Purchases and Cash Disbursements Procedures’’; and Chapter 6, ‘‘The Expenditure Cycle Part II: Processing and Fixed Asset Procedures’’ The approach taken in all three chapters is similar. First, the business cycle is reviewed conceptually using data flow diagrams to present key features and control points of each major subsystem. At this point the reader has the choice of either continuing within the context of a manual environment or moving directly to computer-based examples. Each system is examined under two alternative technological approaches: Each system is first examined under automation. Automation preserves basic func- tionality by replacing manual processes with computer programs. Next, each system is reengineered to incorporate real-time technology. Reengineer- ing involves radically rethinking the business process and the work flow. The objec- tive of reengineering is to improve operational performance and reduce costs by identifying and eliminating non–value-added tasks. Under each technology, the effects on operational efficiency and internal controls are examined. This approach provides the student with a solid understanding of the business tasks in each cycle and an awareness of how different technologies influence changes in the operation and control of the systems. Chapter 7, ‘‘The Conversion Cycle’’ Manufacturing systems represent a dynamic aspect of AIS. Chapter 7 discusses the technologies and techniques used in support of two alternative manufacturing environ- ments: traditional mass production (batch) processing and lean manufacturing. These environments are driven by information technologies such as materials requirements planning (MRP), manufacturing resources planning (MRP II), and enterprise resource planning (ERP). The chapter addresses the shortcomings of the traditional cost account- ing model as it compares to two alternative models: activity-based costing (ABC) and value stream accounting. xxii Preface Chapter 8, ‘‘Financial Reporting and Management Reporting Systems’’ Chapter 8 examines an organization’s nondiscretionary and discretionary reporting systems. First, it focuses on the general ledger system (GLS) and on the files that constitute a GLS database. Next, it examines how financial statement information is provided to both external and internal users through a multistep reporting process. The emerging technology of XBRL is changing traditional financial reporting for many organizations. The key features of XBRL and the internal control implications of this technology are considered. The chapter then looks at discretionary reporting systems that constitute the Man- agement Reporting System (MRS). Discretionary reporting is not subject to the pro- fessional guidelines and legal statutes that govern nondiscretionary financial reporting. Rather, it is driven by several factors, including management principles; management function, level, and decision type; problem structure; responsibility accounting; and behavioral considerations. The impact of each factor on the design of the management reporting system is investigated. PART III: ADVANCED TECHNOLOGIES IN ACCOUNTING INFORMATION Chapter 9, ‘‘Database Management Systems’’ Chapter 9 addresses the design and management of an organization’s data resources. The first section demonstrates how problems associated with traditional flat-file sys- tems are resolved under the database approach. The second section describes in detail the functions and relationships among four primary elements of the database environment: the users, the database management system (DBMS), the database administrator (DBA), and the physical database. The third section is devoted to an in-depth explanation of the characteristics of the relational database model. A number of database design topics are covered, includ- ing data modeling, deriving relational tables from ER diagrams, the creation of user views, and data normalization techniques. The chapter concludes with a discussion of distributed database issues. It examines three possible database configurations in a distributed environment: centralized, partitioned, and replicated databases. Chapter 10, ‘‘The REA Approach to Database Modeling’’ Chapter 10 presents the resources, events, and agents REA model as a means of speci- fying and designing accounting information systems that serve the needs of all users within an organization. The chapter is composed of five major sections. The chapter begins by defining the key elements of REA. The basic model employs a unique form of ER diagram called an REA diagram. The diagram consists of three entity types (resources, events, and agents) and a set of associations linking them. Next the rules for developing an REA diagram are explained and illustrated in detail. An important aspect of the model is the concept of economic duality, which specifies that each economic event must be mirrored by an associated economic event in the opposite direction. The chapter illustrates the development of an REA database for a hypothetical firm following a multistep process called view modeling. The result of this process is an REA diagram for a single organizational function. Preface xxiii The chapter’s fourth section explains how multiple REA diagrams (revenue cycle, purchases, cash disbursements, and payroll) are integrated into a global or enterprisewide model. The enterprise model is then implemented into a relational database structure, and user views are constructed. The chapter concludes with a discussion of how REA modeling can improve com- petitive advantage by allowing management to focus on the value-added activities of their operations. Chapter 11, ‘‘Enterprise Resource Planning Systems’’ Chapter 11 presents a number of issues related to the implementation of enterprise resource planning (ERP) systems. It is composed of five major sections and an appendix. The first section outlines the key features of a generic ERP system by comparing the function and data storage techniques of a traditional flat-file or database system to that of an ERP. The second section describes various ERP configurations related to servers, data- bases, and bolt-on software. Data warehousing is the topic of the third section. A data warehouse is a rela- tional or multidimensional database that supports online analytical processing (OLAP). Issues discussed include data modeling, data extraction from opera- tional databases, data cleansing, data transformation, and loading data into the warehouse. The fourth section examines risks associated with ERP implementation. These include ‘‘big bang’’ issues, opposition to change within the organization, choosing the wrong ERP model, choosing the wrong consultant, cost overrun issues, and dis- ruptions to operations. The fifth section reviews several control and auditing issues related to ERPs. The discussion follows the SAS 78/COSO framework. The chapter appendix provides a review of the leading ERP software products, including SAP, Oracle E-Business Suite, Oracle | PeopleSoft, JD Edwards, EnterpriseOne, SoftBrands, MAS 500, and Microsoft Dynamics. Chapter 12, ‘‘Electronic Commerce Systems’’ Driven by the Internet revolution, electronic commerce is dramatically expanding and undergoing radical changes. Although electronic commerce has brought enormous opportunities for consumers and businesses, its effective implementation and control present urgent challenges to organizations’ management teams and accountants. To evaluate the potential exposures and risks in this environment properly, the modern accountant must be familiar with the technologies and techniques that underlie elec- tronic commerce. Chapter 12 and its associated appendix deal with several aspects of electronic commerce. The body of the chapter examines Internet commerce including business-to- consumer and business-to-business relationships. It presents the risks associated with electronic commerce and reviews security and assurance techniques to reduce risk and promote trust. The chapter concludes with a discussion of how Internet commerce impacts the accounting and auditing profession. The internal usage of networks to support distributed data processing and traditional business-to-business transactions conducted via EDI systems are presented in the appendix. xxiv Preface PART IV: SYSTEMS DEVELOPMENT ACTIVITIES Chapter 13, ‘‘Managing the Systems Development Life Cycle,’’ and Chapter 14, ‘‘Construct, Deliver, and Maintain Systems Projects’’ The chapters in Part IV examine the accountant’s role in the systems development process. Chapter 13 begins with an overview to the systems development life cycle (SDLC). This multistage process guides organization management through the development and/or purchase of information systems. Next, Chapter 13 presents the key issues pertaining to developing a systems strat- egy, including its relationship to the strategic business plan, the current legacy situa- tion, and feedback from the user community. The chapter provides a methodology for assessing the feasibility of proposed projects and for selecting individual projects to go forward for construction and delivery to their users. The chapter concludes by reviewing the role of accountants in managing the SDLC. Chapter 14 covers the many activities associated with in-house development, which fall conceptually into two categories: (1) constructing the system and (2) delivering the system. Through these activities, systems selected in the project initiation phase (discussed in Chapter 13) are designed in detail and implemented. This involves cre- ating input screen formats, output report layouts, database structures, and application logic. Finally, the completed system is tested, documented, and rolled out to the user. Chapter 14 then examines the increasingly important option of using commercial software packages. Conceptually, the commercial software approach also consists of construct and delivery activities. In this section we examine the pros, cons, and issues involved in selecting off-the-shelf systems. Chapter 14 also addresses the important activities associated with systems mainte- nance and the associated risks that are important to managers, accountants, and auditors. Several comprehensive cases designed as team-based systems development projects are available online at www.cengage.com/accounting/hall. These cases have been used effectively by groups of three or four students working as a design team. Each case has sufficient details to allow analysis of user needs, preparation of a conceptual solution, and the development of a detailed design, including user views (input and output), processes, and databases. PART V: COMPUTER CONTROLS AND AUDITING Chapter 15, ‘‘IT Controls Part I: Sarbanes-Oxley and IT Governance’’ Chapter 15 provides an overview of management and auditor responsibilities under Sections 302 and 404 of the Sarbanes-Oxley Act (SOX). The design, implementation, and assessment of internal control over the financial reporting process form the central theme for this chapter and the two chapters that follow. This treatment of internal con- trol complies with SAS 78 and the Committee of Sponsoring Organizations of the Treadway Commission (COSO) control framework. Under the SAS 78/COSO model, IT controls are divided into application controls and general controls. Chapter 15 presents risks, controls, and tests of controls related to IT governance, including organ- izing the IT function, controlling computer center operations, designing an adequate disaster recovery plan, and IT outsourcing. Chapter 16, ‘‘IT Controls Part II: Security and Access’’ Preface xxv Chapter 16 continues the treatment of IT controls as described by the SAS 78/COSO control framework. The focus of the chapter is on SOX compliance regarding the secu- rity and control of operating systems, database management systems, and communica- tion networks. This chapter examines the risks, controls, audit objectives, and tests of controls that may be performed to satisfy either compliance or attest responsibilities. Chapter 17, ‘‘IT Controls Part III: Systems Development, Program Changes, and Application Controls’’ Chapter 17 concludes the examination of IT controls as outlined in the SAS 78/COSO control framework. The chapter focuses on SOX compliance regarding systems devel- opment, program changes, and applications controls. It examines the risks, controls, audit objectives, and tests of controls that may be performed to satisfy compliance or attest responsibilities. The chapter examines five computer-assisted audit tools and techniques (CAATT) for testing application controls: the test data method base case system evaluation tracing integrated test facility parallel simulation It also reviews two substantive testing techniques: embedded audit modules and generalized audit software. SUPPLEMENTS Product Website Additional teaching and learning resources, including access to additional internal con- trol and systems development cases, are available by download from the book’s web- site at http://academic.cengage.com. PowerPoint¤ Slides The PowerPoint¤ slides, prepared and completely updated by Patrick Wheeler of the University of Missouri, provide colorful lecture outlines of each chapter of the text, incorporating text graphics and flowcharts where needed. The PowerPoint¤ presenta- tion is available for download from the text website. Test Bank The Test Bank, available in Word and written and updated by the text author, contains true/false, multiple-choice, short answer, and essay questions. The files are available for download from the text website. Solutions Manual The Solutions Manual, written by the author, contains solutions to all end-of-chapter problems and cases. Adopting instructors may download the Solutions Manual under password protection at the Instructor’s Resource page of the book’s website. Acknowledgments I want to thank the Institute of Internal Auditors, Inc., and the Institute of Certified Management Accountants, for permission to use problem materials from past examinations. I would also like to thank Dave Hinrichs, my colleague at Lehigh University, for his careful work on the text and the verification of the Solutions Manual for this edition. I am grateful to the following people for reviewing the book in recent editions and for providing helpful comments: Beth Brilliant Helen M. Savage Kean University Youngstown State University Kevin E. Dow James Holmes Kent State University University of Kentucky H.P. Garsombke Jerry D. Siebel University of Nebraska, Omaha University of South Florida Alan Levitan Frank Ilett University of Louisville Boise State University Sakthi Mahenthiran Richard M. Sokolowski Butler University Teikyo Post University Jeff L. Payne Andrew D. Luzi University of Kentucky California State University, Fullerton Sarah Brown Patrick Wheeler Southern Arkansas University University of Missouri, Columbia H. Sam Riner Srini Ragothaman University of North Alabama University of South Dakota David M. Cannon Grand Valley State University James A. Hall Lehigh University xxvi Dedication T o my wife Eileen, and my children Elizabeth and Katie xxvii This page intentionally left blank Overview of part I Accounting Information Systems Chapter 1 The Information System: An Accountant’s Perspective 3 Chapter 2 Introduction to Transaction Processing 41 Chapter 3 Ethics, Fraud, and Internal Control 111 1 This page intentionally left blank chapter 1 The Information System: An Accountant’s Perspective U nlike many other accounting subjects, such as intermediate accounting, accounting information systems (AIS) lacks a well-defined body of knowl- edge. Much controversy exists among college faculty as to what should and should not be covered in the AIS course. I To some extent, however, the controversy is being resolved I Learning Objectives through recent legislation. The Sarbanes-Oxley Act (SOX) After studying this chapter, you should: of 2002 established new corporate governance regulations I Understand the primary infor- and standards for public companies registered with the mation flows within the business Securities and Exchange Commission (SEC). This wide- environment. sweeping legislation impacts public companies, their man- agement, and their auditors. Of particular importance to AIS I Understand the difference between students is the impact of SOX on internal control standards accounting information systems and and related auditing procedures. Whereas SOX does not management information systems. define the entire content of the AIS course, it does identify I Understand the difference between a critical areas of study that need to be included for account- financial transaction and a non- ants. These topics and more are covered in several chapters financial transaction. of this text. I Know the principal features of the The purpose of this chapter is to place the subject of AIS general model for information in perspective for accountants. Toward this end, the chapter systems. is divided into four major sections, each dealing with a I Be familiar with the functional areas different aspect of information systems. The first section of a business and their principal explores the information environment of the firm. It intro- activities. duces basic systems concepts, identifies the types of infor- mation used in business, and describes the flows of I Understand the stages in the evolu- information through an organization. This section also tion of information systems. presents a framework for viewing AIS in relation to other I Understand the relationship between information systems components. The second section of the external auditing, internal auditing, chapter deals with the impact of organizational structure on and information technology AIS. Here we examine the business organization as a system auditing. of functional areas. The accounting function plays an impor- tant role as the purveyor of financial information for the rest of the organization. The third section reviews the evolution of information systems. Over the years, AIS has been repre- sented by a number of different approaches or models. 4 PART I Overview of Accounting Information Systems Five AIS models are examined. The final section discusses the role of accountants as users, designers, and auditors of AIS. The Information Environment We begin the study of AIS with the recognition that information is a business resource. Like the other business resources of raw materials, capital, and labor, information is vital to the survival of the contem- porary business organization. Every business day, vast quantities of information flow to decision makers and other users to meet a variety of internal needs. In addition, information flows out from the organiza- tion to external users, such as customers, suppliers, and stakeholders who have an interest in the firm. Figure 1-1 presents an overview of these internal and external information flows. The pyramid in Figure 1-1 shows the business organization divided horizontally into several levels of activity. Business operations form the base of the pyramid. These activities consist of the product-ori- ented work of the organization, such as manufacturing, sales, and distribution. Above the base level, the organization is divided into three management tiers: operations management, middle management, and top management. Operations management is directly responsible for controlling day-to-day operations. Middle management is accountable for the short-term planning and coordination of activities necessary to accomplish organizational objectives. Top management is responsible for longer-term planning and set- ting organizational objectives. Every individual in the organization, from business operations to top man- agement, needs information to accomplish his or her tasks. Notice in Figure 1-1 how information flows in two directions within the organization: horizontally and vertically. The horizontal flow supports operations-level tasks with highly detailed information about the many business transactions affecting the firm. This includes information about events such as the sale and shipment of goods, the use of labor and materials in the production process, and internal transfers of resour- ces from one department to another. The vertical flow distributes information downward from senior manag- ers to junior managers and operations personnel in the form of instructions, quotas, and budgets. In addition, summarized information pertaining to operations and other activities flows upward to managers at all levels. Management uses this information to support its various planning and control functions. F I G U R E 1-1 INTERNAL AND EXTERNAL FLOWS OF INFORMATION Top Stakeholders Management Middle Management Pe cti ation rfo rm s on ns form an Operations ce tru an get In Inf Management Suppliers orm dI d Bu ati Customers on Operations Personnel Day-to-Day Operations Information CHAPTER 1 The Information System: An Accountant’s Perspective 5 A third flow of information depicted in Figure 1-1 represents exchanges between the organization and users in the external environment. External users fall into two groups: trading partners and stakeholders. Exchanges with trading partners include customer sales and billing information, purchase information for suppliers, and inventory receipts information. Stakeholders are entities outside (or inside) the organi- zation with a direct or indirect interest in the firm. Stockholders, financial institutions, and government agencies are examples of external stakeholders. Information exchanges with these groups include finan- cial statements, tax returns, and stock transaction information. Inside stakeholders include accountants and internal auditors. All user groups have unique information requirements. The level of detail and the nature of the infor- mation these groups receive differ considerably. For example, managers cannot use the highly detailed in- formation needed by operations personnel. Management information is thus more summarized and oriented toward reporting on overall performance and problems rather than routine operations. The infor- mation must identify potential problems in time for management to take corrective action. External stake- holders, on the other hand, require information very different from that of management and operations users. Their financial statement information, based on generally accepted accounting principles (GAAP), is accrual based and far too aggregated for most internal uses. WHAT IS A SYSTEM? For many, the term system generates mental images of computers and programming. In fact, the term has much broader applicability. Some systems are naturally occurring, whereas others are artificial. Natural systems range from the atom—a system of electrons, protons, and neutrons—to the universe—a system of galaxies, stars, and planets. All life forms, plant and animal, are examples of natural systems. Artificial systems are man-made. These systems include everything from clocks to submarines and social systems to information systems. Elements of a System Regardless of their origin, all systems possess some common elements. To specify: A system is a group of two or more interrelated components or subsystems that serve a common purpose. Let’s analyze the general definition to gain an understanding of how it applies to businesses and infor- mation systems. MULTIPLE COMPONENTS. A system must contain more than one part. For example, a yo-yo carved from a single piece of wood and attached to a string is a system. Without the string, it is not a system. RELATEDNESS. A common purpose relates the multiple parts of the system. Although each part func- tions independently of the others, all parts serve a common objective. If a particular component does not contribute to the common goal, then it is not part of the system. For instance, a pair of ice skates and a vol- leyball net are both components; however, they lack a common purpose, and thus do not form a system. SYSTEM VERSUS SUBSYSTEM. The distinction between the terms system and subsystem is a mat- ter of perspective. For our purposes, these terms are interchangeable. A system is called a subsystem when it is viewed in relation to the larger system of which it is a part. Likewise, a subsystem is called a system when it is the focus of attention. Animals, plants, and other life forms are systems. They are also subsystems of the ecosystem in which they exist. From a different perspective, animals are systems com- posed of many smaller subsystems, such as the circulatory subsystem and the respiratory subsystem. PURPOSE. A system must serve at least one purpose, but it may serve several. Whether a system pro- vides a measure of time, electrical power, or information, serving a purpose is its fundamental justifica- tion. When a system ceases to serve a purpose, it should be replaced. 6 PART I Overview of Accounting Information Systems An Example of an Artificial System An automobile is an example of an artificial system that is familiar to most of us and that satisfies the def- inition of a system provided previously. To simplify matters, let’s assume that the automobile system serves only one purpose: providing conveyance. To do so requires the harmonious interaction of hun- dreds or even thousands of subsystems. For simplicity, Figure 1-2 depicts only a few of these. In the figure, two points are illustrated of particular importance to the study of information systems: system decomposition and subsystem interdependency. SYSTEM DECOMPOSITION. Decomposition is the process of dividing the system into smaller sub- system parts. This is a convenient way of representing, viewing, and understanding the relationships among subsystems. By decomposing a system, we can present the overall system as a hierarchy and view the relationships between subordinate and higher-level subsystems. Each subordinate subsystem performs one or more specific functions to help achieve the overall objective of the higher-level system. Figure 1-2 shows an automobile decomposed into four primary subsystems: the fuel subsystem, the propulsion sub- system, the electrical subsystem, and the braking subsystem. Each contributes in a unique way to the sys- tem’s objective, conveyance. These second-level subsystems are decomposed further into two or more subordinate subsystems at a third level. Each third-level subsystem performs a task in direct support of its second-level system. SUBSYSTEM INTERDEPENDENCY. A system’s ability to achieve its goal depends on the effective functioning and harmonious interaction of its subsystems. If a vital subsystem fails or becomes defective and can no longer meet its specific objective, the overall system will fail to meet its objective. For exam- ple, if the fuel pump (a vital subsystem of the fuel system) fails, then the fuel system fails. With the fail- ure of the fuel system (a vital subsystem of the automobile), the entire system fails. On the other hand, when a nonvital subsystem fails, the primary objective of the overall system can still be met. For instance, if the radio (a subsystem of the electrical system) fails, the automobile can still convey passengers. Designers of all types of systems need to recognize the consequences of subsystem failure and provide the appropriate level of control. For example, a systems designer may provide control by designing a F I G U R E 1-2 PRIMARY SUBSYSTEM OF AN AUTOMOBILE Automobile Fuel Propulsion Electrical Brake System System System System Brake Fuel Tank Engine Lights Pedal Trans- Master Fuel Pump Ignition mission Cylinder Rear Brake Fuel Injector Radio Axle Lines Wheels Battery Disk CHAPTER 1 The Information System: An Accountant’s Perspective 7 backup (redundant) subsystem that comes into play when the primary subsystem fails. Control should be provided on a cost-benefit basis. It is neither economical nor necessary to back up every subsystem. Backup is essential, however, when excessive negative consequences result from a subsystem failure. Hence, virtually every modern automobile has a backup braking system, whereas very few have backup stereo systems. Like automobile designers, information system designers need to identify critical subsystems, antici- pate the risk of their failure, and design cost-effective control procedures to mitigate that risk. As we shall see in subsequent chapters, accountants feature prominently in this activity. AN INFORMATION SYSTEMS FRAMEWORK The information system is the set of formal procedures by which data are collected, processed into infor- mation, and distributed to users. Figure 1-3 shows the information system of a hypothetical manufacturing firm decomposed into its elemental subsystems. Notice that two broad classes of systems emerge from the decomposition: the accounting information system (AIS) and the management information system (MIS). We will use this framework to identify the domain of AIS and distinguish it from MIS. Keep in mind that Figure 1-3 is a conceptual view; physical information systems are not typically organized into such discrete packages. More often, MIS and AIS functions are integrated to achieve operational efficiency. The distinction between AIS and MIS centers on the concept of a transaction, as illustrated by Figure 1-4. The information system accepts input, called transactions, which are converted through various processes into output information that goes to users. Transactions fall into two classes: financial transactions and nonfinancial transactions. Before exploring this distinction, let’s first broadly define: A transaction as an event that affects or is of interest to the organization and is processed by its infor- mation system as a unit of work. This definition encompasses both financial and nonfinancial events. Because financial transactions are of particular importance to the accountant’s understanding of information systems, we need a precise def- inition for this class of transaction: A financial transaction is an economic event that affects the assets and equities of the organization, is reflected in its accounts, and is measured in monetary terms. Sales of products to customers, purchases of inventory from vendors, and cash disbursements and receipts are examples of financial transactions. Every business organization is legally bound to correctly process these types of transactions. Nonfinancial transactions are events that do not meet the narrow definition of a financial transaction. For example, adding a new supplier of raw materials to the list of valid suppliers is an event that may be processed by the enterprise’s information system as a transaction. Important as this information obviously is, it is not a financial transaction, and the firm has no legal obligation to process it correctly—or at all. Financial transactions and nonfinancial transactions are closely related and are often processed by the same physical system. For example, consider a financial portfolio management system that collects and tracks stock prices (nonfinancial transactions). When the stocks reach a threshold price, the system places an automatic buy or sell order (financial transaction). Buying high and selling low is not against the law, but it is bad for business. Nevertheless, no law requires company management to design optimal buy- and-sell rules into their system. Once the buy-or-sell order is placed, however, the processing of this financial transaction must comply with legal and professional guidelines. The Accounting Information System AIS subsystems process financial transactions and nonfinancial transactions that directly affect the proc- essing of financial transactions. For example, changes to customers’ names and addresses are processed by the AIS to keep the customer file current. Although not technically financial transactions, these changes provide vital information for processing future sales to the customer. 8 PART I Overview of Accounting Information Systems F I G U R E 1-3 A FRAMEWORK FOR INFORMATION SYSTEMS Information System (IS) Accounting Management Information Information System (AIS) System (MIS) General Transaction Management Financial Human Ledger/Financial Processing Reporting Marketing Distribution Management Resource Reporting System System System Systems Systems Systems Systems (GL/FRS) (TPS) (MRS) (Chapter 8) (Chapter 2) (Chapter 8) Expenditure Conversion Revenue Cycle Cycle Cycle (Chapters 5 & 6) (Chapter 7) (Chapter 4) Cost Sales Purchase Accounting Processing System System System Production Cash Cash Planning and Disbursement Receipts Control System System System Payroll Processing System Fixed Asset System F I G U R E 1-4 TRANSACTIONS PROCESSED BY THE INFORMATION SYSTEM Financial Transactions Information Information User System Decisions Nonfinancial Transactions CHAPTER 1 The Information System: An Accountant’s Perspective 9 The AIS is composed of three major subsystems: (1) the transaction processing system (TPS), which supports daily business operations with numerous reports, documents, and messages for users throughout the organization; (2) the general ledger/financial reporting system (GL/FRS), which produces the tradi- tional financial statements, such as the income statement, balance sheet, statement of cash flows, tax returns, and other reports required by law; and (3) the management reporting system (MRS), which pro- vides internal management with special-purpose financial reports and information needed for decision making such as budgets, variance reports, and responsibility reports. We examine each of these subsys- tems later in this chapter. The Management Information System Management often requires information that goes beyond the capability of AIS. As organizations grow in size and complexity, specialized functional areas emerge, requiring additional information for production planning and control, sales forecasting, inventory warehouse planning, market research, and so on. The man- agement information system (MIS) processes nonfinancial transactions that are not normally processed by traditional AIS. Table 1-1 gives examples of typical MIS applications related to functional areas of a firm. Why Is It Important to Distinguish between AIS and MIS? SOX legislation requires that management design and implement internal controls over the entire finan- cial reporting process. This includes the financial reporting system, the general ledger system, and the transaction processing systems that supply the data for financial reporting. SOX further requires that man- agement certify these controls and that the external auditors express an opinion on control effectiveness. Because of the highly integrative nature of modern information systems, management and auditors need a conceptual view of the information system that distinguishes key processes and areas of risk and legal responsibility from the other (nonlegally binding) aspects of the system. Without such a model, critical management and audit responsibilities under SOX may not be met. AIS SUBSYSTEMS We devote separate chapters to an in-depth study of each AIS subsystem depicted in Figure 1-3. At this point, we briefly outline the role of each subsystem. T A B L E 1-1 EXAMPLES OF MIS APPLICATIONS IN FUNCTIONAL AREAS Function Examples of MIS Applications Finance Portfolio management systems Capital budgeting systems Marketing Market analysis New product development Product analysis Distribution Warehouse organization and scheduling Delivery scheduling Vehicle loading and allocation models Personnel Human resource management systems n Job skill tracking system n Employee benefits system 10 PART I Overview of Accounting Information Systems Transaction Processing System The TPS is central to the overall function of the information system by converting economic events into financial transactions, recording financial transactions in the accounting records (journals and ledgers), and distributing essential financial information to operations personnel to support their daily operations. The TPS deals with business events that occur frequently. In a given day, a firm may process thou- sands of transactions. To deal efficiently with such volume, similar types of transactions are grouped to- gether into transaction cycles. The TPS consists of three transaction cycles: the revenue cycle, the expenditure cycle, and the conversion cycle. Each cycle captures and processes different types of finan- cial transactions. Chapter 2 provides an overview of transaction processing. Chapters 4, 5, 6, and 7 exam- ine in detail the revenue, expenditure, and conversion cycles. General Ledger/Financial Reporting Systems The general ledger system (GLS) and the financial reporting system (FRS) are two closely related subsys- tems. However, because of their operational interdependency, they are generally viewed as a single integrated system—the GL/FRS. The bulk of the input to the GL portion of the system comes from the transaction cycles. Summaries of transaction cycle activity are processed by the GLS to update the general ledger control accounts. Other, less frequent, events such as stock transactions, mergers, and lawsuit settlements, for which there may be no formal processing cycle in place, also enter the GLS through alternate sources. The FRS measures and reports the status of financial resources and the changes in those resources. The FRS communicates this information primarily to external users. This type of reporting is called non- discretionary because the organization has few or no choices in the information it provides. Much of this information consists of traditional financial statements, tax returns, and other legal documents. Management Reporting System The MRS provides the internal financial information needed to manage a business. Managers must deal immediately with many day-to-day business problems, as well as plan and control their operations. Man- agers require different information for the various kinds of decisions they must make. Typical reports pro- duced by the MRS include budgets, variance reports, cost-volume-profit analyses, and reports using current (rather than historical) cost data. This type of reporting is called discretionary reporting because the organization can choose what information to report and how to present it. A GENERAL MODEL FOR AIS Figure 1-5 presents the general model for viewing AIS applications. This is a general model because it describes all information systems, regardless of their technological architecture. The elements of the gen- eral model are end users, data sources, data collection, data processing, database management, informa- tion generation, and feedback. End Users End users fall into two general groups: external and internal. External users include creditors, stockhold- ers, potential investors, regulatory agencies, tax authorities, suppliers, and customers. Institutional users such as banks, the SEC, and the Internal Revenue Service (IRS) receive information in the form of finan- cial statements, tax returns, and other reports that the firm has a legal obligation to produce. Trading part- ners (customers and suppliers) receive transaction-oriented information, including purchase orders, billing statements, and shipping documents. Internal users include management at every level of the organization, as well as operations personnel. In contrast to external reporting, the organization has a great deal of latitude in the way it meets the needs of internal users. Although there are some well-accepted conventions and practices, internal reporting is governed primarily by what gets the job done. System designers, including accountants, must balance the desires of internal users against legal and economic concerns such as adequate control and security, proper accountability, and the cost of providing alternative forms of information. Thus, internal reporting poses a less structured and generally more difficult challenge than external reporting. CHAPTER 1 The Information System: An Accountant’s Perspective 11 F I G U R E 1-5 GENERAL MODEL FOR ACCOUNTING INFORMATION SYSTEM The External Environment The Information System Database Management External Data Data Information External Sources of Collection Processing Generation End Users Data Feedback Internal Internal Sources End Users of Data The Business Organization Feedback DATA VERSUS INFORMATION. Before discussing the data sources portion of Figure 1-5, we must make an important distinction between the terms data and information. Data are facts, which may or may not be processed (edited, summarized, or refined) and have no direct effect on the user. By contrast, information causes the user to take an action that he or she otherwise could not, or would not, have taken. Information is often defined simply as processed data. This is an inadequate definition. Information is determined by the effect it has on the user, not by its physical form. For example, a purchasing agent receives a daily report listing raw material inventory items that are at low levels. This report causes the agent to place orders for more inventory. The facts in this report have information content for the purchas- ing agent. However, this same report in the hands of the personnel manager is a mere collection of facts, or data, causing no action and having no information content. We can see from this example that one person’s information is another person’s data. Thus, informa- tion is not just a set of processed facts arranged in a formal report. Information allows users to take action to resolve conflicts, reduce uncertainty, and make decisions. We should note that action does not neces- sarily mean a physical act. For instance, a purchasing agent who receives a report showing that inventory levels are adequate will respond by ordering nothing. The agent’s action to do nothing is a conscious de- cision, triggered by information and different from doing nothing because of being uninformed. The distinction between data and information has pervasive implications for the study of information systems. If output from the information system fails to cause users to act, the system serves no purpose and has failed in its primary objective. Data Sources Data sources are financial transactions that enter the information system from both internal and external sources. External financial transactions are the most common source of data for most organizations. These are economic exchanges with other business entities and individuals outside the firm. Examples include the sale of goods and services, the purchase of inventory, the receipt of cash, and the disbursement of cash (including payroll). Internal financial transactions involve the exchange or movement of resources within the organization. Examples include the movement of raw materials into work-in-process (WIP), the 12 PART I Overview of Accounting Information Systems application of labor and overhead to WIP, the transfer of WIP into finished goods inventory, and the depre- ciation of plant and equipment. Data Collection Data collection is the first operational stage in the information system. The objective is to ensure that event data entering the system are valid, complete, and free from material errors. In many respects, this is the most important stage in the system. Should transaction errors pass through data collection undetected, the system may process the errors and generate erroneous and unreliable output. This, in turn, could lead to incorrect actions and poor decisions by the users. Two rules govern the design of data collection procedures: relevance and efficiency. The information system should capture only relevant data. A fundamental task of the system designer is to determine what is and what is not relevant. He or she does so by analyzing the user’s needs. Only data that ultimately contribute to information (as defined previously) are relevant. The data collection stage should be designed to filter irrelevant facts from the system. Efficient data collection procedures are designed to collect data only once. These data can then be made available to multiple users. Capturing the same data more than once leads to data redundancy and inconsistency. Information systems have limited collection, processing, and data storage capacity. Data redundancy overloads facilities and reduces the overall efficiency of the system. Inconsistency among redundant data elements can result in inappropriate actions and bad decisions. Data Processing Once collected, data usually require processing to produce information. Tasks in the data processing stage range from simple to complex. Examples include mathematical algorithms (such as linear program- ming models) used for production scheduling applications, statistical techniques for sales forecasting, and posting and summarizing procedures used for accounting applications. Database Management The organization’s database is its physical repository for financial and nonfinancial data. We use the term database in the generic sense. It can be a filing cabinet or a computer disk. Regardless of the database’s physical form, we can represent its contents in a logical hierarchy. The levels in the data hierarchy— attribute, record, and file—are illustrated in Figure 1-6. DATA ATTRIBUTE. The data attribute is the most elemental piece of potentially useful data in the database. An attribute is a logical and relevant characteristic of an entity about which the firm captures data. The attributes shown in Figure 1-6 are logical because they all relate sensibly to a common entity— accounts receivable (AR). Each attribute is also relevant because it contributes to the information content of the entire set. As proof of this, the absence of any single relevant attribute diminishes or destroys the information content of the set. The addition of irrelevant or illogical data would not enhance the informa- tion content of the set. RECORD. A record is a complete se
