figure 13.1 a framework for studying an ais
TRANSCRIPT
Chapter 12 presented a framework for studying an AIS in the larger
context of business strategy and the IT environment. As noted in
Chapter 12, this broader framework can help you better understand
and apply AIS knowledge in the current professional environment.
Our focus in Chapters 1–11 was on two of the boxes in Figure
13.1—business process and AIS applications—and the related risks
and con- trols. Two additional components are shown in Figure
13.1—business strategy and information technology (IT)
environment.
ACCOUNTING SYSTEMS: MANAGING THE IT ENVIRONMENT
13 LEARNING OBJECTIVES After completing this chapter, you should understand: U1. IT architectures for multi-user systems. U2. General controls. U3. Information systems planning—IT strategy, IT
architecture, IT function, and systems develop- ment process.
U4. The organization of the IT function—location of the IT function, segregation of duties for IT functions, and personnel controls.
U5. Systems development methodology, program development and testing, and documentation.
U6. Accounting systems—techniques for control- ling access and ensuring the continuity of IT operations.
After completing this chapter, you should be able to: P1. Identify key components of an IS plan. P2. Develop an access control matrix for an appli-
cation.
635
Figure 13.1 A Framework for Studying an AIS
In Chapter 12, we defined the IT environment in terms of the four elements in Exhibit 13.1.
62006_JonesRama_CH13.qxd 5/23/2002 12:55 PM Page 635
639Accounting Systems: Managing the IT Environment Chapter 13
User User
Distributed Data Entry
Computer
User
Computer
User
Focus on Problem Solving 13.a
IT Architectures (U1)
Required: Consider the alternative processes for registering for classes. Indicate which of the four IT configurations apply to the following examples.
1. The student visits the chairperson of each department to register for just the classes taught in that department. The chairperson registers the student for classes taught in that department using the department’s computer.
2. The student must go the registrar’s office in the administration building. A clerk in the registrar’s office registers students. Chairpersons or faculty are unable to do any registering for students.
3. The student visits the chairperson of the department for his or her major. The chairperson uses a personal computer to review the graduation requirements stored in a spreadsheet. The computer is connected to the mainframe enabling the chairperson to register the student in all of the classes that the student will take.
4. The chairperson uses a terminal connected to the mainframe to register the student.
The solution to this Focus on Problem Solving box appears on page 661. Check your answer and make sure you understand the solution before reading further.
It should be noted that a single company may use all four of the configurations for different functions. For example, payroll duties may be centralized to limit access
62006_JonesRama_CH13.qxd 5/23/2002 12:55 PM Page 639
Locate the IT Function Appropriately The location of the IT function should be appropriate, given business goals and needs. If information systems are of strategic importance to an organization’s current or fu- ture operations, the organization should have a separate IT function. The IT function should not be under any user department (e.g., marketing manager or controller) to ensure that the IT staff are independent and support the needs of all user groups.
Furthermore, the IT function should be located high in the organizational hi- erarchy. Figure 13.3 shows a typical organization for the IT function with tradi- tional centralized systems. As seen from this figure, the IT function is under the authority of a vice president of Computer Services. Another possible title is chief information officer (CIO). The VP of Computer Services could report to the CEO along with the other key players (e.g., VP of Production and VP of Marketing).
If information systems are not that crucial to an organization’s operations, the function could be under a user group. The organization may not even have an IT function; the responsibilities may be distributed to user groups. Or the IT function may be under the control of a single user group such as the controller’s staff.
Segregate Incompatible Functions Review Figure 13.3 to see the way in which responsibilities are allocated to vari- ous groups under the VP of Computer Services. The actual job titles and exact or- ganization will vary from organization to organization.
Figure 13.3 Organization of IT Function for Centralized Systems
647Accounting Systems: Managing the IT Environment Chapter 13
Vice President Computer Services
Data Library
Computer Operations
Networks & Telecommunications
Database Administration Quality Control
The purpose of our discussion is to help you understand the basic principles used to segregate duties in the IT function. We now identify four opportunities for implementing the segregation of duties involving users, computer operations, sys- tems development, and systems maintenance.
Separating Users from Computer Operations. Recall that the idea behind segregation of duties is to separate responsibilities for (1) authorization, (2) execu- tion, (3) recording, and (4) custody of assets. In a computerized AIS, the IT func- tion should only be responsible for the third step. User departments are responsible
62006_JonesRama_CH13.qxd 5/23/2002 12:55 PM Page 647
Prepare tax returns (E3) The information is entered9 into Mega-Tax, a tax software product used at the company. The recording and storage of tax information is handled by the Mega- Tax software and is separate from the rest of the revenue cycle. The company is not planning to integrate the tax preparation software with the rest of the revenue cycle. Thus, in this case, you can disregard the recording, updating, and processing of detailed tax return information.
Bill client (E4) As soon as the tax return is finished, the accountant gives10 the Service Request Form, client information sheet, and tax return to the secretary. The secretary im- mediately enters11 the services provided into the computer system. If the client is new, a client record is first set12 up in the computer system. As each service code is entered, the computer looks13 up the description and price. The system com- putes14 and displays the total amount at the bottom. A record is created15 in the Invoice Table, and the status is set to “open.” The services provided are recorded16
in the Invoice_Detail Table. The secretary then prints17 the invoice. The secretary selects18 the “Post the invoice to master tables” option. The customer’s balance is then increased.19 The Year-to-Date_Revenues amount for each service provided is also updated.20 She then notifies21 the client that the return is ready.
Collect cash (E5) When the customer arrives to pick up the returns, he gives22 a check to the secre- tary. The secretary enters23 the Invoice#, Check#, Date, and Amount_Paid. The sec- retary selects24 the “Post the invoice to master tables” option. The computer then reduces25 the customer balance to reflect the amount of the payment. The status of the invoice is set26 to “closed.”
654 Part IV Managing Information Technology and Systems Development
Exhibit 13.4 Concluded
Revenue Cycle Menu
C. Process Data
D. Display/Print Reports
Event Reports
1. Invoice 2. Services provided 3. Services provided by Service# 4. Services provided by Service# (Summary) Reference Lists
5. Services reference list Summary and Detailed Status Reports
6. Detailed client status report 7. Summary client status report 8. Single client status report
E. Exit
Figure 13.4 Revenue Cycle Menu for H & J Tax Preparation Service
62006_JonesRama_CH13.qxd 5/23/2002 12:55 PM Page 654
Figure 13.6 shows the screen used in Peachtree Complete Accounting to limit access. As the screen indicates, the user has full access for maintaining customers in the sales module. The user can also enter transactions (Tasks) and read reports.
657Accounting Systems: Managing the IT Environment Chapter 13
Figure 13.5 Security Screen from Great Plains Dynamics
Figure 13.6 Peachtree Complete Accounting Screen for Password Protection
Limiting access to computers and computer data is one way to avoid computer downtime that could result from errors by unqualified users and deliberate fraud or destruction of data. However, the integrity of the data could also be damaged by hard disk failures and accidents. The next section discusses techniques for min- imizing breaks in the continuity of IT operations.
Ensure Continuity of Service During operation of an AIS, ensuring continuous service is an important objective. The unavailability of the system for even a short time may cause significant losses
62006_JonesRama_CH13.qxd 5/23/2002 12:55 PM Page 657
Figure 13.6 shows the screen used in Peachtree Complete Accounting to limit access. As the screen indicates, the user has full access for maintaining customers in the sales module. The user can also enter transactions (Tasks) and read reports.
657Accounting Systems: Managing the IT Environment Chapter 13
Figure 13.5 Security Screen from Great Plains Dynamics
Figure 13.6 Peachtree Complete Accounting Screen for Password Protection
Limiting access to computers and computer data is one way to avoid computer downtime that could result from errors by unqualified users and deliberate fraud or destruction of data. However, the integrity of the data could also be damaged by hard disk failures and accidents. The next section discusses techniques for min- imizing breaks in the continuity of IT operations.
Ensure Continuity of Service During operation of an AIS, ensuring continuous service is an important objective. The unavailability of the system for even a short time may cause significant losses
62006_JonesRama_CH13.qxd 5/23/2002 12:55 PM Page 657
ACCOUNTING SYSTEMS: MANAGING THE IT ENVIRONMENT
13 LEARNING OBJECTIVES After completing this chapter, you should understand: U1. IT architectures for multi-user systems. U2. General controls. U3. Information systems planning—IT strategy, IT
architecture, IT function, and systems develop- ment process.
U4. The organization of the IT function—location of the IT function, segregation of duties for IT functions, and personnel controls.
U5. Systems development methodology, program development and testing, and documentation.
U6. Accounting systems—techniques for control- ling access and ensuring the continuity of IT operations.
After completing this chapter, you should be able to: P1. Identify key components of an IS plan. P2. Develop an access control matrix for an appli-
cation.
635
Figure 13.1 A Framework for Studying an AIS
In Chapter 12, we defined the IT environment in terms of the four elements in Exhibit 13.1.
62006_JonesRama_CH13.qxd 5/23/2002 12:55 PM Page 635
639Accounting Systems: Managing the IT Environment Chapter 13
User User
Distributed Data Entry
Computer
User
Computer
User
Focus on Problem Solving 13.a
IT Architectures (U1)
Required: Consider the alternative processes for registering for classes. Indicate which of the four IT configurations apply to the following examples.
1. The student visits the chairperson of each department to register for just the classes taught in that department. The chairperson registers the student for classes taught in that department using the department’s computer.
2. The student must go the registrar’s office in the administration building. A clerk in the registrar’s office registers students. Chairpersons or faculty are unable to do any registering for students.
3. The student visits the chairperson of the department for his or her major. The chairperson uses a personal computer to review the graduation requirements stored in a spreadsheet. The computer is connected to the mainframe enabling the chairperson to register the student in all of the classes that the student will take.
4. The chairperson uses a terminal connected to the mainframe to register the student.
The solution to this Focus on Problem Solving box appears on page 661. Check your answer and make sure you understand the solution before reading further.
It should be noted that a single company may use all four of the configurations for different functions. For example, payroll duties may be centralized to limit access
62006_JonesRama_CH13.qxd 5/23/2002 12:55 PM Page 639
Locate the IT Function Appropriately The location of the IT function should be appropriate, given business goals and needs. If information systems are of strategic importance to an organization’s current or fu- ture operations, the organization should have a separate IT function. The IT function should not be under any user department (e.g., marketing manager or controller) to ensure that the IT staff are independent and support the needs of all user groups.
Furthermore, the IT function should be located high in the organizational hi- erarchy. Figure 13.3 shows a typical organization for the IT function with tradi- tional centralized systems. As seen from this figure, the IT function is under the authority of a vice president of Computer Services. Another possible title is chief information officer (CIO). The VP of Computer Services could report to the CEO along with the other key players (e.g., VP of Production and VP of Marketing).
If information systems are not that crucial to an organization’s operations, the function could be under a user group. The organization may not even have an IT function; the responsibilities may be distributed to user groups. Or the IT function may be under the control of a single user group such as the controller’s staff.
Segregate Incompatible Functions Review Figure 13.3 to see the way in which responsibilities are allocated to vari- ous groups under the VP of Computer Services. The actual job titles and exact or- ganization will vary from organization to organization.
Figure 13.3 Organization of IT Function for Centralized Systems
647Accounting Systems: Managing the IT Environment Chapter 13
Vice President Computer Services
Data Library
Computer Operations
Networks & Telecommunications
Database Administration Quality Control
The purpose of our discussion is to help you understand the basic principles used to segregate duties in the IT function. We now identify four opportunities for implementing the segregation of duties involving users, computer operations, sys- tems development, and systems maintenance.
Separating Users from Computer Operations. Recall that the idea behind segregation of duties is to separate responsibilities for (1) authorization, (2) execu- tion, (3) recording, and (4) custody of assets. In a computerized AIS, the IT func- tion should only be responsible for the third step. User departments are responsible
62006_JonesRama_CH13.qxd 5/23/2002 12:55 PM Page 647
Prepare tax returns (E3) The information is entered9 into Mega-Tax, a tax software product used at the company. The recording and storage of tax information is handled by the Mega- Tax software and is separate from the rest of the revenue cycle. The company is not planning to integrate the tax preparation software with the rest of the revenue cycle. Thus, in this case, you can disregard the recording, updating, and processing of detailed tax return information.
Bill client (E4) As soon as the tax return is finished, the accountant gives10 the Service Request Form, client information sheet, and tax return to the secretary. The secretary im- mediately enters11 the services provided into the computer system. If the client is new, a client record is first set12 up in the computer system. As each service code is entered, the computer looks13 up the description and price. The system com- putes14 and displays the total amount at the bottom. A record is created15 in the Invoice Table, and the status is set to “open.” The services provided are recorded16
in the Invoice_Detail Table. The secretary then prints17 the invoice. The secretary selects18 the “Post the invoice to master tables” option. The customer’s balance is then increased.19 The Year-to-Date_Revenues amount for each service provided is also updated.20 She then notifies21 the client that the return is ready.
Collect cash (E5) When the customer arrives to pick up the returns, he gives22 a check to the secre- tary. The secretary enters23 the Invoice#, Check#, Date, and Amount_Paid. The sec- retary selects24 the “Post the invoice to master tables” option. The computer then reduces25 the customer balance to reflect the amount of the payment. The status of the invoice is set26 to “closed.”
654 Part IV Managing Information Technology and Systems Development
Exhibit 13.4 Concluded
Revenue Cycle Menu
C. Process Data
D. Display/Print Reports
Event Reports
1. Invoice 2. Services provided 3. Services provided by Service# 4. Services provided by Service# (Summary) Reference Lists
5. Services reference list Summary and Detailed Status Reports
6. Detailed client status report 7. Summary client status report 8. Single client status report
E. Exit
Figure 13.4 Revenue Cycle Menu for H & J Tax Preparation Service
62006_JonesRama_CH13.qxd 5/23/2002 12:55 PM Page 654
Figure 13.6 shows the screen used in Peachtree Complete Accounting to limit access. As the screen indicates, the user has full access for maintaining customers in the sales module. The user can also enter transactions (Tasks) and read reports.
657Accounting Systems: Managing the IT Environment Chapter 13
Figure 13.5 Security Screen from Great Plains Dynamics
Figure 13.6 Peachtree Complete Accounting Screen for Password Protection
Limiting access to computers and computer data is one way to avoid computer downtime that could result from errors by unqualified users and deliberate fraud or destruction of data. However, the integrity of the data could also be damaged by hard disk failures and accidents. The next section discusses techniques for min- imizing breaks in the continuity of IT operations.
Ensure Continuity of Service During operation of an AIS, ensuring continuous service is an important objective. The unavailability of the system for even a short time may cause significant losses
62006_JonesRama_CH13.qxd 5/23/2002 12:55 PM Page 657
Figure 13.6 shows the screen used in Peachtree Complete Accounting to limit access. As the screen indicates, the user has full access for maintaining customers in the sales module. The user can also enter transactions (Tasks) and read reports.
657Accounting Systems: Managing the IT Environment Chapter 13
Figure 13.5 Security Screen from Great Plains Dynamics
Figure 13.6 Peachtree Complete Accounting Screen for Password Protection
Limiting access to computers and computer data is one way to avoid computer downtime that could result from errors by unqualified users and deliberate fraud or destruction of data. However, the integrity of the data could also be damaged by hard disk failures and accidents. The next section discusses techniques for min- imizing breaks in the continuity of IT operations.
Ensure Continuity of Service During operation of an AIS, ensuring continuous service is an important objective. The unavailability of the system for even a short time may cause significant losses
62006_JonesRama_CH13.qxd 5/23/2002 12:55 PM Page 657