AIS – Final Study Chapter Highlights Chapter 1 – ACCOUNTING SYSTEM INSIGHTS 1. Enterprise system – A system that supports business activities throughout the enterprise, including inputs, processing, and outputs 2. Integrated enterprise system – Shares data across functional areas within the enterprise 3. Business processes – Related activities performed by an enterprise to create value by transforming input into output 4.Value chain – An organizing framework for business processes, beginning with vendors and ending with customers Baseline accounting system – A model that provides an enterprise-wide view of the firm`s accounting system 1.
Transaction cycles – Accounting transactions related to specific business processes (1) Purchasing cycle – Transactions related to purchasing items from vendors (2) Payroll cycles – Transactions with employees (3) Sales cycle – Exchange or transactions between an enterprise and its customers 2.Vendors module – A module related to purchasing goods and services 3. Customers module – A module related to selling the customer a product or service 4. Employee module – A module related to the payroll cycle 5. Banking module – A module that involves cash received and cash paid 6. Financial module – A module that includes adjusting and correcting entries (1) Adjusting entries – Entries to bring accounts up to date at year end (2) Correcting entries – Entries to correct errors (3) Closing entries – Zeros out income and expense accounts at year end 7.Reports module – A module that relates to output from the accounting system (1) Financial reports – Reports that include a company`s income statement, balance sheet, and statement of cash flows (2) Tax reports – Reports used when filling federal, state, and local returns (3) Management reports – Reports prepared to assist managers in making decisions (4) Sustainability reports – Reports used to evaluate an enterprise`s sustainability performance What is the importance and value of information as an asset? Today, the value of information assets for some business exceeds the value of other assets, such as land and buildings What is the role of the accounting system within the larger enterprise system? * The accounting system spans the entire value chain of an enterprise, tracking transaction information from the purchase of items from vendors through the sale of products or services to customers.
Business processes are associated with the related accounting transactions known as transaction cycles.The purchasing cycle consists of employee and payroll transactions. The sales cycle involves exchanges or transactions between an enterprise and its customers. In addition to the accounting system, other modules or subsystem can include supply chain management (SCM), operations/production system (OPS), human resource management (HRM), and customer relationship management (CRM).
What are the database essentials that today’s accounting professional needs to know? 1) A field is a piece of data, such as customer first name (2) A record is a collection of related fields, such as a customer record (3) A table is a collection of related records, such as a CUSTOMER table (4) A database is a collection of related tables, such as an accounting database (5) A database form is a computer-based form for entering data into the database (6) A database query is used to extract data from a database, such as searching for a customer’s account balance. (7) A database report is a computer-based output to display What are the SDLC (Software Development Life Cycle) phases? The system development life cycle organizes the activities involved in developing a new system into the following six distinct phases: (1) Plan the system project including scheduling, budgeting, and staffing (2) Analyze the new system requirements, such as what reports are required and what data needs to be collected by the system (3) Design business processes and databases for the new system (4) Build/buy and test databases and computer programs for the new system (5) Install new IT hardware, software, and databases 6) Deploy the new system, using the system on an ongoing basis and maintaining and updating it as necessary. Why is it important to safeguard information assets? * To protect information assets, organizations implement security and controls to prevent fraud, unauthorized access, modification, destruction, or disclosure. Internal control is the set of policies and procedures enterprises use to safeguard assets, including information assets, and to prevent and detect errors. What are the three functions of an accounting system in today’s business environment? 1) Collecting, recording, and storing financial and accounting data (2) Providing financial analytics and business intelligence for improved decision making and business performance (3) Safeguarding information assets stored in accounting systems using security, controls, and risk management Chapter 2 – ACCOUNTING DATABASES 1. Operational database – Databases used to store data related to business operations and transactions 2. Data warehouse – Stores data from a variety of sources and is used for business intelligence 3. Database administrator (DBA) – Responsible for managing the enterprise’s databases 4.
Intersection table – Placed at the junction of two tables to eliminate a many-to-many relationship 5. Composite primary key – Used when more than one field is required to uniquely identify a record 6. Normalization – A process for removing database anomalies or problems 7. Database integrity – Ensures that the database contains accurate, valid data Rule 1: Entity integrity Each record in the database must have a unique identifier. No two records in the database can have the same primary key value. Rule 2: Primary key integrity The primary key value cannot be null (empty).Rule 3: Domain integrity The field values must be from a pre-defined domain. Rule 4: Referential integrity Data referenced and stored in related tables must be consistent across the database.
DBMS is a software used to (1) Create database tables (2) Transfer data from the accounting software to the database (3) Update data in the database (4) Delete data from the database (5) Sort database tables (6) Run queries What data is stored in accounting databases? * Organizations store data about assets, liabilities, operations, transactions, employees, customers, vendors, and more in databases.Accounting databases needs to be well structured, redundancy-free, consistent, and current What are the three tiers in accounting system architecture? (1) Database tier: The back-end accounting database stores accounting data in database tables. A back-end database management system (DBMS) sorts, stores, inserts, updates, and deletes accounting data and runs queries (2) Application tier: Accounting software applications interact with the DBMS to access the back-end accounting database (3) User tier: The user tier consists of the interface appearing on the accountant’s computer screen.The user interface consists of database forms and reports. What are enterprise databases? * Enterprise databases used by an enterprise for business purposes can be considered as one of two types: internal databases or external databases (1) Internal databases are databases in which the data belongs to the organization. Internal databases consist of two varieties: operational databases and data warehouses. Operational databases, such as an accounting database, store enterprise transactions.
Data warehouses store data from a variety of sources. 2) External databases are databases containing data collected by other organizations. What problems can result from poorly designed databases? * Poorly designed databases may contain database problems or anomalies, such as problems with inserting, updating, and deleting data. This can result in inaccurate, unreliable accounting data. * Three types of database anomalies (problems) are DUI: Deletion, Update, Insertion What are the steps used to build an accounting database? (1) Identify and build database tables (2) Identify and enter fields in each database table (3) Select the primary key for each table 4) Identify and build relationships among database tables, removing any many-to-many relationships by creating intersection tables Chapter 3 – ACCOUNTING INTERFACE 1.
Graphical User Interface (GUI) – User interface containing images and icons 2. Data validation – Tools used to minimize data entry errors, such as drop-down lists 3. Real-time reports – Reports that provide up-to-the-minute data without a time lag 4. Live reports – Reports that provide up-to-the-minute data continuously 5. Structured query language (SQL) – Code used to search and retrieve data 6.Query Builder Tools – Streamlines query development What is the role of the accounting system interface? * The accounting system user interface plays an important role in entering accounting data and retrieving accounting information.
The accountant views the interface on the screen, and the RDBMS and database are behind the screen. The accounting software interface interacts with the RDBMS using database forms, queries, and reports. Features of a well-designed interface include user-friendly, effortless navigation, and customizable preferences. What is the role of database forms? Database forms are commonly used to input data into accounting system. The database forms are frequently designed to look like commonly used and familiar items, such as an invoice or a check. What is the role of database reports? * The output of the accounting system is typically displayed in a report format.
The report displayed on the user’s computer screen is actually a database report that is formatted to meet accounting requirements. The database report uses information from the database to populate the report. What is the role of database queries? * One component of the user interface is retrieval or query.
Sometimes the interface will call this a search and provide a form where the search question can be entered. In other instances, a query may be run to prepare a report, retrieving data from the database to enter into the database report that appears on the user’s computer screen. Well-designed database forms are designed to save time and minimize data entry errors.
A few general guidelines for database form design include the following: (1) Enter data once (2) Use data validation (3) Enable auto entry (4) Mirror paper forms (5) Design user-friendly forms (6) Implement appropriate security Chapter 4 – ACCOUNTING SYSTEMS AND B.PROCESSES 1. Data flow diagrams (DFDs) – a technique used to document business processes using agent, event, data store, and data flow symbols 2. Data flows – shows how data enter, moves, and exits a system 3. Data stores – a database table represented by an open rectangle 4.
Events – a process represented by a rounded rectangle 5. Agents – a person or department represented by a square symbol 6. External agent – an agent outside the enterprise 7. Internal agent – employees within the organization 8. Event-agent-database (EAD) table – each row in this table corresponds to an event in a DFD 9.DFD Fragment – a DFD of a single event 10. Black hole – a DFD error that occurs when data goes into a process but no data exists 11.
Gray hole – a DFD error that occurs when the input data does not correspond to the output data 12. Miracle – a DFD error that occurs when there is no input to a process The approach to reading a DFD is to use the following four steps (1) Identify the agents (internal and external) (2) Identify events (3) Identify database tables (4) Trace the data flows How are accounting systems developed today? * Today, most accounting systems are developed in two stages.First, baseline accounting software is selected. Then the accounting software is customized to meet the enterprise’s specific needs. How is customization of accounting systems documented? * Customizing an accounting system involves documenting the specific needs of the enterprise using data flow diagrams to provide a detailed view of the enterprise’s business processes.
Each module of the baseline model can be customized to meet the enterprise’s needs. Additional modules might also be needed to provide the required customization, such as a production module to track manufacturing costs.Chapter 5 – BUSINESS PROCESSES 1. Gap Analysis refers to analyzing the gap between the baseline modules and the customization required to meet enterprise-specific needs. 2. Big Bang refers to when all system modules are built and implemented for the entire enterprise at the same time. 3.
Stages refers to when modules or locations for a new system are built and implemented stage by stage instead of all at once. How are business processes documented? * The baseline accounting system can be customized using data flow diagrams (DFDs) to document the enterprise’s business processes.What is gap analysis? * A gap analysis identifies the gap between the selected baseline system, such as SAP, and the customization required by the specific enterprise. What is the difference between the big bang approach and stages approach to customization? * The two approaches to customization are big bang and stages. The big bang approach is used when all the modules are built and implemented for the entire enterprise at the same time. The stages approach involves completing modules or locations stage by stage instead of all at once.
What is a workflow management system? Workflow management systems automate workflow by automatically forwarding the electronic document to the next step in the business process. Chapter 6 – INTEGRATED ENTERPRISE SYSTEMS 1. Order-to-cash – corresponds to the sales cycle 2.
Procure-to-pay – corresponds to the purchasing cycle 3. Spaghetti code – programming code used to connect stand-alone systems 4. Three-tier architecture – when an enterprise system uses layers of IT components: enterprise database, application, and client computers 5. Firewall – software programs on a router that monitor network traffic 6.Business process management (BPM) – transforming business processes to improve efficiency Top Reasons for Failed ERPs include the following: (1) Unrealistic budget. Underestimated costs. Overestimated benefits. (2) Unrealistic schedule.
Not enough time allowed for project completion. (3) Not a good fit. User requirements are not net.
Baseline system not a good fit with business processes. (4) Too much change. Failure to educate employees on changes to expect. Lack of adequate change management.
(5) Lack of project champion at the top. Commitment by top management is lacking to champion the project.What are advantages of an integrated enterprise system? * The integrated enterprise system offers many advantages over the functional silo approach to enterprise systems. The accounting functions are integrated into the larger enterprise system, permitting accounting to share data with other functional areas and better coordinate activities. What are challenges associated with an integrated enterprise system? * Challenges of an integrated enterprise system include business processes that may need to be redesigned and managing the changes required by the new system. How is data entered in an integrated enterprise system? Database forms that relate to business process activities permit users to enter data once into the IES and have the data shared throughout the enterprise, eliminating the need for different functional areas to rekey the same data. How does an integrated enterprise system relate to the accounting system? * Integrated enterprise system use a modular approach that is consistent with the baseline accounting system model.
The basic module names may vary but the functions are basically the same. Integrated enterprise systems integrate accounting with other modules for an enterprise.Customer and vendor systems can also be integrated. Chapter 10 – FRAUD AND INTERNAL CONTROL 1. Entity-level IT controls – processes, organization structure, and leadership for IT to support an organization’s business strategy and objectives, such as internal audits 2. IT general controls – controls that apply to IT services in general and ensure continued IT operation and availability, such as change and access controls 3. Application controls – controls embedded within business process applications, such as accounting software controls A.Classification by the control objectives specified in the COSO internal control framework: i.
Operation controls – controls to ensure that operations are completed appropriately, such as the timing of cash disbursements to ensure that late fees are avoided ii. Financial controls – controls to ensure that external financial reports are prepared on a timely basis in compliance with laws, regulation, or contractual agreements iii. Compliance controls – controls to maintain confidentiality of information in accordance with all applicable laws and regulations B.Classification by how the process is completed: iv.
Manual controls – controls performed without the assistance of technology v. Automated controls – controls performed automatically by computers 1. Input controls – controls over data entered into the system 2. Processing controls – controls to ensure that amounts have been processed appropriately 3. Output controls – controls to ensure that reports are distributed only to appropriate users vi. Hybrid controls – a combination of manual and automated controls What is SOX and how does it affect the accounting system? Sarbanes-Oxley (SOX) legislation resulted from the accounting scandals of 2002. This legislation requires organizations to use recognized framework for internal controls. As a result, many organizations adopted COSO’s Internal Control – Integrated Framework and the COBIT framework for IT controls What is IT control architecture? * IT control architecture is a blueprint for IT controls in the organization.
This blueprint shows that internal control impacts IT at three levels within the organization resulting in three levels of IT controls: * Entity-level IT controls Application controls * IT general controls How can control weaknesses be documented? (1) Build a DFD (2) Document preventive and selective controls on the DFD (3) Document control HotSpots on the DFD Fraud and abuse can be classified into three broad categories: (1) Corruption, such as bribery (2) Misappropriation of assets, including theft of cash, fraudulent disbursements, or stealing merchandise (3) Fraudulent financial reporting, such as misstating financial statements in order to meet earning targets. Three elements required to prove fraud are the followings: 1) A material false statement is made with the intent to deceive (2) A victim relies upon the false statement (3) The victim incurs damages The fraud triangle depicts the three conditions that typically must exist in order for a fraud to be perpetrated (1) Motive – reason for committing the fraud, such as financial difficulties (2) Opportunity – access to the asset or financial statements in order to carry out the fraud (3) Means – knowledge or skills that permit the perpetrator to commit the crime Internal Control is a process, effected by an entity’s board of directors, management, and other personnel.This process is designed to provide reasonable assurance regarding the achievement of objectives in effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations. SOX (Sarbanes-Oxley Act) emphasize a strong system of internal control as a means of avoiding Enron-sized accounting frauds. SOX Requirements to remember (1) Section 302. Corporate responsibility for financial reports (2) Section 404. Management assessment of internal controls (3) Section 806.
Protection for employees of publicly traded companies who provide evidence of fraud (4) Section 906. Corporate responsibility for financial reports Audit and Internal Controls (SOX) (1) Audit of internal control – tests of controls to obtain evidence that internal control over financial reporting has operated effectively (2) Audit of financial statements – tests of controls to assess risk and substantive procedures to collect evidence regarding the accuracy, completeness (3) IT audit – audit of IT controls 4) Integrated audit – integrates an audit of internal control with an audit of financial statements There are two types of deficiencies that may be found in internal control over financial reporting: (1) Material weakness – deficiency that results in a reasonable possibility that a material misstatement of financial statements will not be prevented or detected on a timely basis (2) Significant deficiency – a deficiency in internal control over financial reporting that is less severe than a material weakness COSO (Committee of Sponsoring Organization of the Treadway Commission) Internal Control Objectives 1) Effectiveness and efficiency of operations (2) Reliability of financial reporting (3) Compliance with laws and regulation Internal Control Components (1) Control environment – control environment factors include integrity and ethical values, importance of board directors, management philosophy and operating style, organization structure, commitment to financial reporting competencies, authority and responsibility, and human resources (2) Risk assessment – involves identifying, analyzing, and managing risks that affect a company’s ability to record, process, summarize, and report financial data properly.Risk assessment control objectives include the following: A. Importance of financial reporting objectives B.
Identification and analysis of financial reporting risks C. Assessment of fraud risk (3) Control activities – include policies and procedures to mitigate risks including financial, operational, and compliance controls. Control activities include the following: D. Segregation of duties – to divide authorization, recording, and asset custody among different individuals E. Independent reconciliations of assets and accounting records – such as bank statement reconciliations and inventory reconciliations F.Physical controls – to provide for physical security of assets, such as security cameras and restricted access to corporate buildings G.
IT controls – to ensure appropriate information processing, authorization, and data integrity. (E. g. Data validation) (4) Information and communication – includes the accounting system for identifying, recording, processing, and reporting transactions and financial data. An organization’s system produces reports, containing operational, financial, and compliance information.Internal control principles related to this component include information technology, information needs, information control, management communication, upstream communication, board communication, and communication with external parties (5) Monitoring – involves assessing internal controls as well as the process for taking corrective action if needed. Effective monitoring includes: H.
Ongoing monitoring – such as controls over purchasing I. Separate evaluations – such as an internal audit that assesses internal controls. J.Upstream communication to report internal control deficiencies COBIT (Control Objectives for Information and related Technology) Three Dimensions (1) IT Resources can be divided into the following four categories: A. Application – consists of manual and programmed procedures to process information B. Information – includes structured and unstructured data in any form, such as text, graphics, pictures, audio and video.
Data is input, processed, and output by the system C. Infrastructure – refers to IT technology including hardware and software. It may also include physical structures, such as a data center facility D.
People – includes staff members as well as their knowledge and skills to plan, organize, acquire, implement, deliver, support, monitor, and evaluate IT processes and systems (2) IT Processes deliver information, run applications, and use infrastructure and people to accomplish IT goals in light of business requirements. IT processes are grouped into the following four domains E. Plan and Organize (PO) domain – relates to IT strategy and tactics to contribute to attaining business goals F. Acquire and Implement (AI) domain – identifies, acquires (built or bought), and implements IT solutions.Also ensures that the SDLC phases and activities are used when upgrading and modifying current systems G. Deliver and Support (DS) domain – concerned with the delivery of IT services. Encompasses IT operations, security and training.
Assures the continued support and maintenance of these services H. Monitor and Evaluate (ME) domain – monitors IT processes for compliance with control requirements. Includes management oversight of control processes as well as independent assurance services provided by internal and external audits (3) Business Requirements (Information Criteria) I.Three criteria relate to the information security: confidentiality, integrity, availability (CIA) J. For the remaining four criteria, COBIT relies upon definitions used by COSO’s Internal Control – Integrated Framework (Effectiveness, Efficiency, Reliability, Compliance) Chapter 11 – CYBERSECURITY What are the 10 domains of cybersecurity? (1) Legal, regulations, compliance, and investigations (2) Information security and risk management (3) Security architecture and design (4) Telecommunications, network, and Internet security (5) Control access (6) Operations security (7) Physical and environmental security 8) Application security (9) Business continuity and disaster recovery (10) Cryptography What is the scope of cybersecurity in the accounting system? * Cybersecurity in an enterprise is not limited to just guarding against hackers and cyberattacks. It involves many aspects of enterprise operations, including how you train and educate your employees about security awareness to safeguarding information assets, how to implement new technologies in a security conscious manner, how to maintain backups in order to recover and continue business operations, and how to provide the highest level of security in a cost-effective wayWhy is encryption important in securing accounting data? * For accounting purposes, encryption provides an especially valuable tool offering increased data integrity and confidentiality. Encryption can be used for accounting data in transit and for accounting data stored in the database.
If an attacker is successful in penetrating the enterprise security and reaches the database, encryption of the stored data is an additional line of defense *Refer to Lecture PPT slides for more detailed information regarding key terms.Chapter 12 – THE RISK INTELLIGENT ENTERPRISE What is a risk intelligent enterprise? * The risk intelligent enterprise moves beyond security and controls to managing risk and then to using risk to create value What is the enterprise risk management (ERM) framework? * The ERM framework offers guidance to enterprises implementing enterprise risk management. ERM units may consist of entity-level units, divisions, business units, and/or subsidiaries * The four ERM objectives are Strategic – relate to goals that support the entity’s mission * Operational – relate to the effective and efficient use of the entity’s resources * Reporting – relate to the reliability of the enterprise’s reporting, both internal and external * Compliance – relates to the entity’s compliance with all applicable laws and regulations * The eight ERM components consist of * Internal environment – involves the risk management philosophy of the enterprise, including the tone set by top management. Risk resilience, risk appetite, risk tolerance, integrity, and ethical values also affect the nternal environment * Objective setting – setting objectives that are consistent with the entity’s mission and risk appetite * Event identification – involves identifying potential events that might affect the entity.
Events can be either internal events or external events that might affect the entity’s ability to achieve objectives. * Risk assessment – the process of assessing the extent to which events would impact an entity’s ability to achieve its objectives (impact/likelihood) * Risk response (avoidance/reduction/sharing/acceptance) * Control activities Information and communication * Monitoring What is spreadsheet risk management? * A significant risk for many enterprises is the widespread use of spreadsheets with limited controls. A spreadsheet risk management program includes using access and change controls with spreadsheets in order to be SOX compliant Chapter 13 – ACCOUNTING SYSTEM DEVELOPMENT * This chapter explains stages of SDLC (Software Development Life Cycle) and SDM (Software Development Methodologies). Refer to Lecture PPT slides for more information.