ACCOUNTING INFORMATION SYSTEMS

MANDATORY INFORMATION

information that must be supplied

ESSENTIAL INFORMATION

Info that is simply needed to do business

EXAMPLE OF ESSENTIAL INFORMATION

the price of a product or a shipping address

DISCRETIONARY INFORMATION

information that a company might or might not choose to produce

____ info and ____ info are provided to external users while ____ info is provided to internal users

essential; mandatory; discretionary

what are the 6 components of AIS

people (cost of info. Function) 2. procedures/instructions 3. data 4.software 5.information technology structure 6.internal controls/security measures

three AIS important business functions

collects and data (about organizational activities, resources, and personnel)Transforms data into information that is useful (for making decisions so managemtn can plan, execute, control, and evaluate activities, resources, and personnel)provide adequate controls (to safeguard the organizations assets and data and ensure the assets and data are available when needed and the data are accurate and reliable

transaction

An agreed upon exchange between 2 or more parties at an agreed upon amount

strike price

the agreed upon amount in a transaction

Transaction processing

recording data, organizing data in ways that are useful, storing data, giving data

The output of a transaction processing system is usually associated with helping management to do what? Also, the most common type?

To make better decisions; financial statements

12. The field that specializes in transaction processing?

Accounting *”transaction processing specializers”

13. Accountants are also ___

Information professionals

14. What do accountants do with the information?

Record, structure, analyze

15. 4 steps in the data processing cycle?

Date input, data storage, data processing, data output

16. Data must be collected about:

Each activity of interest: resources affected by activity and people who participate in activity

Source document

17. Type of document used for data input (ensures that all information gets into the system)

18. Example of a source doc

Sales order

Turnaround document (ie, bill *improves effectiveness and serves as input)

20. Created by company to customer, then sent back to company

Coding

21. Systematic assignment of numbers or letters to items to classify and organize them

Sequence coding

22. Pre-numbered in order

23. What does sequence coding allow for user to know?

When something is missing

24. Block coding is usually used for ____

Efficiency

25. Example of block coding

100 is cash; 200 is expense

26. Example of suffix with block coding

100.01-store #1… 100.02 store #2

27. Coding best practices

Code should be consistent with intended use Code should allow for growth Make coding system as simple as possible Code should be consistent across the organization

Chart of accounts

28. List of all general ledger accounts an organization uses with each general ledger account being assigned a specific number (block coding)

Audit trail

29. ____ provides the means to check the accuracy and validity of ledger postings

Tracing

30. Pick a sample source document and track all the way to output

Vouching (*ex. A/R=1,000, now show me the source docs)

31. Start at the BS and work all the way back to source document

Entity

32. Something about which information is stored

33. Each entity has ____ or characteristics of interest, which need to be stored

Attributes

Field

34. Physical space in which data values are stored

Record

35. Group of fields that contain data about various attributes of the same entity

File

36. A group of related records

37. 2 types of files

Master file- similar to ledger in manual AIS system & Transaction file-similar to journal (cash receipts journal, sales journal, etc)

38. Updating data implies that the data

Already exists

39. Adding data implies that the data

Didn’t already exist

Forms of output:

documents- operational vs source docs?

41. What is the purpose of output?

To help decision makers make better decisions

ERP (enterprise resource planning system)

42. ____ are designed to integrate all aspects of the organization’s operations with its traditional AIS “one system to rule them all”

43. How are internal controls operationalized?

Through an info. System*Accounting IS an information system and internal controls are operationalized though an info. System, so accountants play huge role in helping management design internal control systems

Internal controls

44. Processes implemented to ensure that business objectives are achieved

Threat or event

45. Any potential adverse occurrence or unwanted event that could be injurious to either the AIS or the organization

Exposure or impact

46. The potential dollar loss should a particular threat become a reality

Likelihood

47. The probability that the threat will happen

Expected contingency

48. Exposure x Likelihood

Corrective *ex. ADT calls police

49. Type of control to remedy what you don’t want; get you back to a good state

50. Dean doesn’t want to ELMO stolen so he puts lock on door; this is an ex. Of what type of control?

Preventative

51. When something is happening, lets you know Ex. Alarm goes off when someone breaks in

Detective

52. A ___ control applies to the entire organization Ex. Checkpoint at pentagon

General

53. An ___ control centers around a specific application or document Ex. Password on Excel

Application control

54. Foreign corrupt practices act-why is it important here?

Public companies now had to establish a system of internal controls

55. Other 2 provisions of the FCPA-

No bribing foreign officials and accounting records must be kept

3 components added to the ERM framework

Objective setting, event identification, risk response

COSO (committee of sponsoring organizations)

56. Built in 1991 and is the most commonly used framework

57. What is the most important factor in a framework?

The internal control environment *consists of management’s philosophy, human resource standards, commitment to integrity etc

58. A private-sector group consisting of the American Accounting Association, the AICPA, the institute of internal auditors, the institute of management accountants and the financial executives institute

n Issued the Internal Control – Integrated Framework in 1992 COSO

59. 5 components of COSO:

Control environment, risk assessment, control activities, info and communication, monitoring

Inherent risk

60. Risk before anything is done to adjust it

Residual risk

61. Risk that remains after internal controls are implemented

62. 4 ways to respond to risk

S-hare risk A-ccept risk R-educe risk A-void risk

63. Segregation of duties?

Authorization, record-keeping, custody

64. At the heart of every fraud is an improper ___

Segregation of duties

65. Surrounding the control activity with an information system Ex. Dean’s lock, have to make sure its still there

Information and communication

ERM (enterprise risk management)

66. ___ is more specific to risk than COSO and is COSO plus 3 steps

Monitoring

67. Actively reviewing the entire internal control process

69. ____ sets the company’s objectives

Management *these objectives form the basis for applying the ERM internal control framework

Event identification

70. “An incident or occurrence emanating from internal or external sources that affects implementation strategy or achievement objectives…” (COSO definition) Management needs to identify those events that could have a material impact on firm objectives

Risk response (sara)

71. How a firm will identify to each identified material risk

72. ERM vs. COSO

ERM is more risk-based and forward-looking and COSO is very narrow, most common though (specifically mentioned in SOX)

73. 1 type of threat company faces to their info. Systems

Intentional acts (computer crime)

Fraud

74. Any and all means a person uses to gain unfair advantage over another person

75. In most cases, to be considered fraudulent, an act must involve:

1-A false statement (writing or oral) 2-A material fact (would change the decision of a reasonable person) 3-Knowledge that the statement was false 4-The victim must place justifiable reliance 5-victim must have suffered financial loss

76. Definition is the same for criminal and civil fraud, only difference is burden of proof

For criminal-beyond a reasonable doubt For civil-a preponderance of evidence

99. How can a co. reduce fraud losses?

Insurance, fraud contingency disaster recovery and business continuity plans, store back-up copies in secure off site location, use software to monitor system activity

77. 3 types of occupational fraud

Misappropriation of assets (theft), corruption, fraudulent statements

78. ____ percent of occupational frauds involved asset misappropriation at median cost of ___

92; 93,000

79. Wrongful use of a position for personal gain

Corruption *about 30% of occupational frauds include corruption schemes at a median cost of 250,000

Financial statement fraud

80. Involves misstating the financial condition of an entity by intentionally misstating amounts or disclosures in order to deceive users

81. About ___ of occupational frauds involve fraudulent statements at a median cost of ___

8%; 1 million

82. The Treadway Commission recommended 4 actions to reduce the possibility of fraudulent financial reporting:

1-Establish an organizational environment that contributes to the integrity of the financial reporting process 2-idenify/understand the factors that lead to fraudulent financial reporting 3-assess the risk of fraudulent financial reporting within the co. 4-design and implement internal controls to provide reasonable assurance that fraudulent financial reporting id prevented

83. SAS-99 requires auditors to ___ fraud

Understand

84. The fraud triangle

Pressure, opportunity, rationalization

85. A perceived non-sharable need

Pressure *perception is key

86. According to research, an individual’s propensity to commit fraud is more related to ___

Person’s worrying about his financial position

87. ___ is the opening or gateway that allows an individual to

Commit the fraud, conceal the fraud, convert the proceeds

88. Commit the fraud=___, Conceal the fraud=____, convert the proceeds=_____

Authorization, record-keeping, custody

Rationalize

89. To recast a fraudulent action as “morally acceptable” behavior

90. US Dept. of Justice defines ____ as any illegal act for which knowledge of computer technology is essential for its perpetration, investigation, or prosecution

Computer fraud

Input fraud

91. Altering data before it gets input into a system

Processor fraud

92. Using processing power for something other than intended

Computer instructions fraud

93. Altering programming or developing a software program or module to carry out an unauthorized activity

Data fraud

94. Involves damaging files that exist already (scramble, alter, or destroy, steal)

Output fraud

95. Stealing or misusing output (ex. UN spy-ring)

96. Some of the most common opportunities that enable fraud:

Lack of controls, failure to enforce controls

97. A ___ requires a human to spread

Virus

98. A ___can spread on its own

Worm