Chapter 1: AIS an Overview

System: set of two or more interrelated components that interact to achieve a goal Data: facts collected, recorded, stored, and processed by information system Information: data that has been organized and processed to provide meaning and improve decision-making process

Value of information = benefit produced cost of producing Characteristics of useful information: relevant, reliable, complete, timely, understandable, verifiable, and accessible

Business process: set of related, coordinated, structured activities and tasks that are performed by person, company or machine to accomplish a specific organizational goal Transaction: agreement between two entities to exchange goods or services that can be measured in economic terms by an organization

5 major business processes/transaction cycles: 1. Revenue cycle 2. Expenditure cycle 3. Production/conversion cycle 4. Human resource/payroll cycle 5. Financing cycle

General ledger and reporting system: used to generate information for management and external parties

AIS: Accounting Information System Information providing vehicle 6 components of AIS: 1. People 2. Procedures and instructions 3. Data 4. Software 5. Information technology infrastructure 6. Internal controls and security measures

Used to: How value is added: collect and store data improve quality, efficiency, effectiveness, decision making transform data into information internal control provide controls sharing knowledge decrease costs

5 primary activities in a value chain 1. Inbound logistics 4. Marketing and sales 2. Operations 5. Service 3. Outbound logistics

Chapter 2 Overview of Transaction Processing and Enterprise Resource Planning Systems

Data processing cycle: The operations performed on data to generate meaningful and relevant information. The process consists of four steps: Data input Data storage Data processing Information output

Data input Data must be collected about three facets of each business activity: 1) Each activity of interest 2) The resource affected by each activity 3) The people who participate in each activity

Data storage There are different data storage concepts and definitions.

Ledgers Cumulative accounting information is stored in general and subsidiary ledgers. General ledger: Contains summary-level data for every asset, liability, equity, revenue and expense account Subsidiary ledger: contains detailed data for any general ledger account with many individual subaccounts.

Coding techniques Coding is the systematic assignment of numbers or letters to items to classify and organize them. Sequence codes: Items are numbered consecutively to account for all items. Block code: Blocks of numbers are reserved for specific categories of data. Group codes: Which are two or more subgroups of digits used to code items, are often used in conjunction with block codes. Mnemonic codes: Letters and numbers are interspersed to identify an item.

Chart of accounts Is a list of the numbers assigned to each general ledger account. These account numbers allow transaction data to be coded, classified and entered into proper accounts. Journals A journal entry shows the accounts and amounts to be debited and credited General journal: Is used to record infrequent or nonroutine transactions, such as loan payments and end-of-period adjusting and closing entries. Specialized journal: Records large numbers or repetitive transactions such as sales, cash receipts and cash disbursements.

Audit trial Is a traceable path of a transaction through a data processing system from point of origin to final output, or backwards from final output to point of origin. Computer-based storage concepts Entity: Is something about which information is stored, such as employees, inventory items, and customers. Attributes: Each entity has attributes, or characteristics of interest, that are stored such as pay rate and address. Data processing 1) Creating new data records, such as adding a newly hired employee to the payroll database. 2) Reading, retrieving or viewing existing data. 3) Updating previously stored data 4) Deleting data, such as purging the vendor master file of all vendors the company no longer does business with.

Information output Information is usually presented in one of three forms: Documents: Are records of transaction or other company data. Reports: Are used by employees to control operational activities and by managers to make decisions and to formulate business strategies. Query: Is used to provide the information needed to deal with problems and questions that need rapid action or answers.

Enterprise Resource Planning (ERP) Systems In the book, an overview of an ERP system is shown in Figure 2-6 on page 56. Basically there is a revenue cycle, expenditure cycle, production cycle, HR/Payroll cycle and a general ledger and reporting system integrated in an ERP system.

Chapter 3 System Documentation Techniques

Documentation encompasses the narratives, flowcharts, diagrams, and other written materials that explain how a system works. This information covers the who, what, when, where, why and how of data entry, processing, storage, information output and system controls.

Data Flow Diagrams: Graphically describes the flow of data within a system Four basic elements: Entity, Data Flow, Data Store, Process

Entity: Represents a source of data or input into the system or represents a destination of data or output from the system Data Flows: Movement of data among: Entities (sources or destinations), Processes, Data stores Label should describe the information moving Process: Represents the transformation of data Data Store: Represents data at rest

Data Flow Diagram Levels: Highest level (most general)

Purpose: show inputs and outputs into system Characteristics: one process symbol only, no data stores Level-0

Purpose: show all major activity steps of a system Characteristics: processes are labeled 1.0, 2.0, and so on

DFD Creation Guidelines 1. Understand the system 2. Ignore certain aspects of the system 3. Determine system boundaries 4. Develop a context DFD 5. Identify data flows 6. Group data flows 7. Number each process 8. Identify transformational processes 9. Group transformational processes 10. Identify all data stores 11. Identify all sources and destinations 12. Label all DFD elements 13. Subdivide DFD

Flowcharts: Use symbols to logically depict transaction processing and the flow of data through a system. Using a pictorial representation is easier to understand and explain versus a detailed narrative. Flowchart Symbol Categories: Input/Output, Processing, Storage, Miscellaneous Types of Flowcharts: Document: Illustrates the flow of documents through an organization Useful for analyzing internal control procedures System: Logical representation of system inputs, processes, and outputs Useful in analysis and designProgram: Represent the logical sequence of program logic

Summary Chapter 4: File: a set of related records such as all customer records,

Database: A set of interrelated, centrally coordinated files forms a database Database management system (DBMS): Is the interface between the database abd rge various application programs.

Data system: the database, the DBMS, and the application programs that access the database through the DBMS are referred to as the database system. Database administrator (DBA): id responsible for the database.

Data warehousing: contains both detailed and summarized data for a number of years and is used for analysis rather than transaction processing (it is not unusual for data warehouses to contain hundreds of terabytes of data). Data warehouses do not replace transaction processing databases they compliment them by providing support to strategic decision making.

Business Intelligence: using a data warehouse for strategic decision making id often referred to as business intelligence. Two main techniques used in business intelligence: - Online analytical processing (OLAP) - Data mining

Online Analytical Processing (OLAP): is using queries to guide the investigation of hypothesized relationship in data.

Data Mining: using sophisticated statistical analysis, including artificial intelligence techniques such as neural networks, to discover unhypothesized relationship in the data.

The Advantages of Database Systems: - Data integration: master files are combined into large pools of data that many application programs access.

- Data sharing: Integrated data are more easily shared with authorized users. - Minimal data redundancy and data inconsistencies: because data items are usually stored only once, data redundancy and data inconsistencies are minimized.

- Data independence: because data and the programs that use them are independent of each other, each can be changed without changing the other.

- Cross-functional analysis: in a database system, relationship, such as the association between selling costs and promotional campaigns, can be explicitly defined and used in the preparation of management reports.Record layout: See page 110 figure 4-3. Logical view: is how people conceptually organize and understand the data. Physical view: refers to how and where data are physically arranged and stored in the computer system.

Schema: describes the logical structure of a database.

Conceptual-level schema: the organization wide view of the entire database, lists all data elements and the relationship among them.

External-level schema: consists of individual users views of portions of the database, each of which is referred to as a subschema.

Internal-level schema: a low-level view of the database, describes how the data are stored and accessed, including record layouts, definitions, addresses, and indexes.

Data dictionary: contains information about the structure of the database.

Data definition language (DDL): builds the data dictionary creates the databases, describes logical views for each user, and specifies records or field security constraints.

Data manipulation language (DML): changes databases content, including data element updates, insertions, and deletions.

Data query language (DQL): contains powerful easy-to-use commands that enable users to retrieve, sort, order and display data.

Report writer: simplifies report creation.

Relationship data model: represents conceptual-and external-level schemas as if the data are stored in tables.

Tuple: each row in a table.

Primary key: is the database attribute, or combination of attributes, that uniquely identifies a specific row in the table.

Foreign key: is an attribute that is a primary key in another table, is used to link tables.

Problems: Update anomaly: because data value updates are not correctly recorded. Insert anomaly: occurs in our example because there is no way to store information about prospective customers until they make a purchase Delete anomaly: occurs when deleting a row has unintended consequences. Basic Requirements of a Relationship Database: - Every column in a row must be single valued - Primary keys cannot be null - Foreign keys, if not null, must have values that correspond to the value of a primary key in another table - All nonkey attributes in a table must describe a characteristic of the object identified by the primary key

Normalization: assumes that everything is initially stored in one large table. Semantic data modelling: the designer uses knowledge of business processes and information needs to create a diagram that shows what to include in the database.

Chapter 12 The Revenue Cycle: Sales to Cash Collections The Revenue Cycle Below is the scheme of the Revenue Cycle

This cycle aims to provide goods and services to customers. Also, the cycle enable company to collect cash in payment for those sales. Primary Objective: Provide the right product In the right place At the right time for the right price

General Revenue Cycle Threats In order to ensure that the cycle runs well, a company needs to know the possible threats that they may face such as: Inaccurate or invalid master data Unauthorized disclosure of sensitive information Loss or destruction of master data Poor performance

General Revenue Cycle Controls After the possible threats are known, then it will be easier for a company to control the whole process by applying some regulations such as mentioned below: Data processing integrity controls Restriction of access to master data Review of all changes to master data Access controls Encryption Backup and disaster recovery procedures Managerial reports

General Revenue Cycles Activities It is basically the integration of four activities which are mentioned and illustrated below. 1. Sales Order Entry 2. Shipping 3. Billing 4. Cash Collection

Sales Order Entry The Sales Order Entry activity is consisting of three main steps which are mentioned and illustrated below: 1. Take order 2. Check and approve credit 3. Check inventory availability

Sales Order Entry Threats In order to ensure that the sales order activity runs well, a company needs to know the possible threats that they may face such as: Incomplete/inaccurate orders Invalid orders Uncollectible accounts Stockouts or excess inventory Loss of customers

General Revenue Cycle Controls After the possible threats are known, then it will be easier for a company to control the whole sales order entry process by applying some regulations such as mentioned below: Data entry edit controls (see Chapter 10) Restriction of access to master data Digital signatures or written signatures Credit limits Specific authorization to approve sales to new customers or sales that exceed a customers credit limit Aging of accounts receivable Managerial reports Perpetual inventory control system Use of bar-codes or RFID Training Periodic physical counts of inventory Sales forecasts and activity reports CRM systems, self-help Web sites, and proper evaluation of customer service ratings

Shipping The Sales Order Entry activity is consisting of two main steps which are mentioned and illustrated below: 1. Picking and packing the order 2. Shipping the order

Shipping Threats In order to ensure that the shipping activity runs well, a company needs to know the possible threats that they may face such as: Picking the wrong items or the wrong quantity Theft of inventory Shipping errors (delay or failure to ship, wrong quantities, wrong items, wrong addresses, duplication)

Shipping Controls After the possible threats are known, then it will be easier for a company to control the whole shipping process by applying some regulations such as mentioned below: Bar-code and RFID technology Reconciliation of picking lists to sales order details Restriction of physical access to inventory Documentation of all inventory transfers RFID and bar-code technology Periodic physical counts of inventory and reconciliation to recorded quantities Reconciliation of shipping documents with sales orders, picking lists, and packing slips Use RFID systems to identify delays Data entry via bar-code scanners and RFID Data entry edit controls (if shipping data entered on terminals) Configuration of ERP system to prevent duplicate shipments

Billing The Billing activity is consisting of two main steps which are mentioned and illustrated below: 1. Invoicing 2. Updating accounts receivable

Billing Threats In order to ensure that the billing activity runs well, a company needs to know the possible threats that they may face such as: Failure to bill Billing errors Posting errors in accounts receivable Inaccurate or invalid credit memos

Billing Controls After the possible threats are known, then it will be easier for a company to control the whole billing process by applying some regulations such as mentioned below: Separation of billing and shipping functions Periodic reconciliation of invoices with sales orders, picking tickets, and shipping documents Configuration of system to automatically enter pricing data Restriction of access to pricing master data Data entry edit controls Reconciliation of shipping documents (picking tickets, bills of lading, and packing list) to sales orders Data entry controls Reconciliation of batch totals Mailing of monthly statements to customers Reconciliation of subsidiary accounts to general ledger Segregation of duties of credit memo authorization from both sales order entry and customer account maintenance Configuration of system to block credit memos unless there is either corresponding documentation of return of damaged goods or specific authorization by management

Cash Collection The last activity in the revenue cycle will be the cash collection from the customers. Although it is rather a simple activity, there are several threats for a company to conduct this activity such as mentioned below.

Cash Collection Threats In order to ensure that the cash collection activity runs well, a company needs to know the possible threats that they may face such as: Theft of cash Cash flow problems

Cash Collection Controls After the possible threats are known, then it will be easier for a company to control the whole cash collection activities by applying some regulations such as mentioned below: Separation of cash handling function from accounts receivable and credit functions Regular reconciliation of bank account with recorded amounts by someone independent of cash collections procedures Use of EFT, FEDI, and lockboxes to minimize handling of customer payments by employees Prompt, restrictive endorsement of all customer checks Having two people open all mail likely to contain customer payments Use of cash registers Daily deposit of all cash receipts Lockbox arrangements, EFT, or credit cards Discounts for prompt payment by customers Cash flow budgets

Summary Chapter-13 (AIS): The Expenditure Cycle This chapter contains detailed information about the expenditure cycle from purchasing to cash disbursements, which is comprised of four important steps respectively:1. Ordering send orders of materials, supplies, and services to suppliers 2. Receiving receive merchandise or service from suppliers3. Approving review and approve invoices from suppliers4. Cash Disbursements process payments to suppliers

Effect and impact on: timely production quality quantity other relevant issues

Using a proper IT system for controlling the expenditure cycle can: minimize time, energy, mistakes and theft improve performance and efficiency reducing costs associated with processing payments

Expenditure Cycle general Threats Inaccurate or invalid master data Unauthorized disclosure of sensitive information Loss or destruction of data Poor performance

Threats in ordering Inaccurate inventory records Purchasing items not needed Purchasing at inflated prices Purchasing inferior quality goods Unreliable suppliers Purchasing from unauthorized suppliers Kickbacks

Ordering Controls Perpetual inventory system Bar coding or RFID tags Physical counts of inventory Review and approval of purchase requisitions Review of purchase orders Budgets Purchasing only by approved suppliers Tracking and monitoring product quality by supplier Requiring suppliers to possess quality certification Collecting and monitoring supplier delivery performance List of approved suppliers and permit system purchase order only by them EDI-specific controls (access, review, encryption, policy) Supplier audits

Receiving threats Accepting unordered items Mistakes counting Verifying receipt of services Theft of inventory

Receiving controls Requiring existence of approved purchase order prior to accepting any delivery Do not inform receiving employees about quantity ordered Incentives Receiving employees need to sign receiving report Use bar codes Physical count of inventories ERP system configuration Documentation of all transfers of inventory Restriction of physical access to inventory Segregation of duties: custody of inventory vs. receiving employees

Approving supplier invoices threats Errors in supplier invoices Mistakes in posting to accounts payableApproving supplier invoices control Verification of invoice accuracy Detailed receipt for procurement card purchases ERS Restriction of access to supplier master data Verification of freight bill and use of approved delivery channels Data entry edit controls Reconciliation of detailed accounts payable records with the general ledger control accountCash disbursement threats Failure to take advantage of discounts for prompt payment Paying for items not received Duplicate payments Theft of cash Check alteration Cash flow problemsCash disbursement control Filing of invoices by due date for discounts Cash flow budget Requiring all suppliers invoices be matched to documents that are acknowledged by receiving and inventory control Budgets Receipts for travel expenses Use of corporate credit cards for travel expenses Requiring a complete voucher package for all payments Policy to pay only from original copies of supplier invoices Use of dedicated computer for online banking Requiring dual signatures on checks greater than a specific amount Restriction to supplier master file Limit the number of employees with ability to create one-time-suppliers and to process invoices from one-time-suppliers Running petty cash as an imprest fund Surprise audits of petty cash fund Use of special inks and papers Positive Pay arrangements with banks Cash flow budgetSummary Chapter 14 Production cycle The Production cycle

Business activities and information processing activities, related to manufacturing of products Production cycle activities 1. Product Design 2. Planning and Scheduling 3. Production Operations 4. Cost Accounting

Production Cycle General Threats Inaccurate or invalid master data Unauthorized disclosure of sensitive information Loss or destruction of data

Production Cycle General Controls Data processing integrity controls Restriction of access to master data Review of all changes to master data Access control Encryption (is the process of transforming information (referred to as plaintext) using an algorithm (called a cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key.) Backup and disaster recovery procedures

Product Design Product design Threats Poor product design resulting in excess costs

Product design controls Accounting analysis of costs arising from product design choices Analysis of warranty and repair costs

Planning and scheduling threats Over- underproduction

Planning and Scheduling Controls Production planning systems Review and approval of production schedules and orders Restriction of access to production orders and production schedules

Production Operations Threats Theft of inventory Theft of fixed asset Poor performance Suboptimal investment in fixed assets Loss of inventory or fixed assets due to fire or other disasters Disruption of operations

Production Operations Control Physical access control Documentation of all inventory movement Segregation of dutiescustody of assets from recording and authorization of removal Restriction of access to inventory master data Periodic physical counts of inventory and reconciliation of those counts to recorded quantities Physical inventory of all fixed assets Restriction of physical access to fixed assets Maintaining detailed records of fixed assets, including disposal Training Performance reports Proper approval of fixed asset acquisitions, including use of requests for proposals to solicit multiple competitive bids Physical safeguards (e.g., fire sprinklers) Insurance Backup and disaster recovery plans

Cost accounting Threats Inaccurate cost data Inappropriate allocation of overhead costs Misleading reports

Cost Accounting controls Source data automation Data processing integrity controls Time-driven activity-based costing Innovative performance metrics

Assigning Production Costs Job-Order Costing Assigns costs to specific production batches, or jobs -If the product or service is uniquely identifiable Process Costing Assigns costs to each process, or work center, in the production cycle, and then calculates the average cost for all units produced. -If the product or service is similar and produced in mass quantities Activity-Based Costing Traces costs to the activities that create them Uses a greater number of overhead pools -Batch -Product -Organization Identifies cost drivers Cause-and-effect relationship

Summary : Chapter 15 the human resources management and payroll cycle The human resources management(HRM)/ payroll cycle The human resources management(HRM)/ payroll cycle is a recruiting set of business activities and related data processing operations associated with effectively managing the employee workforce. These are the more important tasks: 1. Recruiting and hiring new employees 2. Training 3. Job assignment 4. Compensation 5. Performance evaluation 6. Discharge of employees due to voluntary or involuntary termination.

The fourth point is done by the payroll cycle, while the rest is done by the HRM department.

Threats and controls in the Payroll/HRM cycle 1. General issues throughout entire HRM/payroll cycle Threat Controls

Inaccurate or invalid master data Data processing integrity controls Restriction of access to master data Review of all changes to master data

Unauthorized disclosure of sensitive information Access controls Encryption

Loss or destruction of data Backup and disaster recovery procedures

Hiring unqualified or larcenous employees Sound hiring procedures, including verification of job applicants credentials, skills, references, and employment history Criminal background investigation checks of all applicants for finance-related positions

Violations of employments laws Thorough documentation of hiring, performance evaluation, and dismissal procedures Continuing education on changes in employment laws

2. Update payroll master data Threat Controls

Unauthorized changes to payroll master data Segregation of duties: HRM department updates master data, but only payroll department issues paychecks Access controls

Inaccurate updating of payroll master data Data processing integrity controls Regular review of all changes to master payroll data

3. Validate time and attendance data Threat Controls

Inaccurate time and attendance data Source data automation for data capture Biometric authentication Segregation of duties (reconciliation of job-time tickets to time

4. Prepare payroll Threat Controls

Errors in processing payroll Data processing integrity controls: batch totals, cross-footing of the payroll register, use of a payroll clearing account and a zero-balance check Supervisory review of payroll register and other reports Issuing earnings statements to employees Review or IRS guidelines to ensure proper classification of workers as either employees

5. Disburse payroll Threat Controls

Theft or fraudulent distribution of paychecks Restriction of physical access to blank payroll checks and the check signature machine Restriction of access to the EFT system Prenumbering and periodically accounting for all payroll checks and review of all EFT direct deposit transactions Require proper supporting documentation for all paychecks Use of a separate checking account for payroll, maintained as an imprest fund Segregation of duties (cashier versus accounts payable; check distribution from hiring/firing; independent reconciliation of the payroll checking account) Restriction of access to payroll master database Verification of identity of all employees receiving paychecks Redepositing unclaimed paychecks

6. Disburse payroll taxes and miscellaneous deductions Threat Controls

Failure to make required payments Configuration of system to make required payments using current instructions from IRS

Untimely payments Configuration of system to make required payments using current instructions from IRS

Inaccurate payments Processing integrity controls Supervisory review of reports Employee review of earnings statement

Chapter 16 general ledger and reporting system General ledger: is the principal book or computer file for recording and totalling monetary transactions by account, with debits and credits in separate columns and a beginning balance and ending balance for each account. A general ledger representing the five major account types: Assets Liabilities Income Expenses equity

Primary function is to collect and organize The accounting cycle activities Financing activities Investing activities Budget activities Adjustments

The centralized database must be organized in a manner that facilitates meeting the varied information needs of both internal and external users. Managers need timely detailed information about the results of operations in their particular area of responsibility. So, how is it controlled?

1. Update general ledger, comes forward from two main sources: - Accounting subsystems that creates a journal entry to update the general ledger - Treasurer that provides information for journal entries to update the general ledger for non routine transactions such as the issuance or retirement of debt, the purchase or sale of investment securities, or the acquisition of treasury stock.

2. Post adjusting entries, there are 5 basic balance adjusting entries named: - Accruals: are entries made at the end of the accounting period to reflect events that have occurred but for which cash has not yet been received or disbursed - Deferrals: are entries made at the end of the accounting period to reflect the exchange of cash prior to performance of the related event - Estimates are entries that reflect a portion of expenses expected to occur over a number of accounting periods - Revaluations: are entries made to reflect either differences between the actual and recorded value of an asset or a change in accounting principle. - Corrections are entries made to counteract the effects of errors found in the general ledger

3. Prepare financial statements: to produce financial statements both monthly and annually.

4. Produce managerial reports to; - Responsibility accounting - Balanced scorecard - Training on proper graph design