Chapter 1: AIS an Overview

System: set of two or more interrelated components that interact to achieve

a goal
Data: facts collected, recorded, stored, and processed by information system
Information: data that has been organized and processed to provide
meaning and improve decision-making process
Value of information = benefit produced cost of producing
Characteristics of useful information:
relevant, reliable, complete, timely, understandable, verifiable, and accessible
Business process: set of related, coordinated, structured activities and
tasks that are performed by person, company or machine to accomplish a
specific organizational goal
Transaction: agreement between two entities to exchange goods or services
that can be measured in economic terms by an organization
5 major business processes/transaction cycles:
1. Revenue cycle
2. Expenditure cycle
3. Production/conversion cycle
4. Human resource/payroll cycle
5. Financing cycle
General ledger and reporting system: used to generate information for
management and external parties
AIS: Accounting Information System Information providing
vehicle
6 components of AIS:
1. People
2. Procedures and instructions
3. Data
4. Software
5. Information technology infrastructure
6. Internal controls and security measures
Used

to: How value is added:

collect and store data
improve quality, efficiency, effectiveness, decision making
transform data into information
internal control
provide controls
sharing knowledge
decrease costs

5 primary activities in a value chain

1. Inbound logistics
4. Marketing and sales
2. Operations
5. Service
3. Outbound logistics

Chapter 2 Overview of Transaction Processing and

Enterprise Resource Planning Systems
Data processing cycle: The operations performed on data to generate
meaningful and relevant information. The process consists of four steps:
Data input
Data storage
Data processing
Information output
Data input
Data must be collected about three facets of each business activity:
1) Each activity of interest
2) The resource affected by each activity
3) The people who participate in each activity
Data storage
There are different data storage concepts and definitions.
Ledgers
Cumulative accounting information is stored in general and subsidiary ledgers.
General ledger: Contains summary-level data for every asset, liability, equity,
revenue and expense account
Subsidiary ledger: contains detailed data for any general ledger account with
many individual subaccounts.
Coding techniques
Coding is the systematic assignment of numbers or letters to items to classify
and organize them.
Sequence codes: Items are numbered consecutively to account for all items.
Block code: Blocks of numbers are reserved for specific categories of data.
Group codes: Which are two or more subgroups of digits used to code items, are
often used in conjunction with block codes.
Mnemonic codes: Letters and numbers are interspersed to identify an item.
Chart of accounts
Is a list of the numbers assigned to each general ledger account. These account
numbers allow transaction data to be coded, classified and entered into proper
accounts.
Journals
A journal entry shows the accounts and amounts to be debited and credited
General journal: Is used to record infrequent or nonroutine transactions, such
as loan payments and end-of-period adjusting and closing entries.
Specialized journal: Records large numbers or repetitive transactions such as
sales, cash receipts and cash disbursements.
Audit trial
Is a traceable path of a transaction through a data processing system from point
of origin to final output, or backwards from final output to point of origin.
Computer-based storage concepts
Entity: Is something about which information is stored, such as employees,
inventory items, and customers.

Attributes: Each entity has attributes, or characteristics of interest, that are

stored such as pay rate and address.

Data processing
1) Creating new data records, such as adding a newly hired employee to the
payroll database.
2) Reading, retrieving or viewing existing data.
3) Updating previously stored data
4) Deleting data, such as purging the vendor master file of all vendors the
company no longer does business with.
Information output
Information is usually presented in one of three forms:
Documents: Are records of transaction or other company data.
Reports: Are used by employees to control operational activities and by
managers to make decisions and to formulate business strategies.
Query: Is used to provide the information needed to deal with problems and
questions that need rapid action or answers.
Enterprise Resource Planning (ERP) Systems
In the book, an overview of an ERP system is shown in Figure 2-6 on page 56.
Basically there is a revenue cycle, expenditure cycle, production cycle, HR/Payroll
cycle and a general ledger and reporting system integrated in an ERP system.

Chapter 3 System Documentation Techniques

Documentation encompasses the narratives, flowcharts, diagrams, and
other written materials that explain how a system works. This information
covers the who, what, when, where, why and how of data entry, processing,
storage, information output and system controls.
Data Flow Diagrams: Graphically describes the flow of data within a system
Four basic elements: Entity, Data Flow, Data Store, Process
Entity: Represents a source of data or input into the system or represents a
destination of data or output from the system
Data Flows:
Movement of data among: Entities (sources or destinations), Processes, Data
stores
Label should describe the information moving
Process: Represents the transformation of data
Data Store: Represents data at rest
Data Flow Diagram Levels:
Highest level (most general)
Purpose: show inputs and outputs into system
Characteristics: one process symbol only, no data stores
Level-0
Purpose: show all major activity steps of a system
Characteristics: processes are labeled 1.0, 2.0, and so on

DFD Creation Guidelines

1. Understand the system
2. Ignore certain aspects of the system
3. Determine system boundaries
4. Develop a context DFD
5. Identify data flows
6. Group data flows
7. Number each process
8. Identify transformational processes
9. Group transformational processes
10. Identify all data stores
11. Identify all sources and destinations
12. Label all DFD elements
13. Subdivide DFD
Flowcharts: Use symbols to logically depict transaction processing and the
flow of data through a system. Using a pictorial representation is easier to
understand and explain versus a detailed narrative.
Flowchart Symbol Categories: Input/Output, Processing, Storage,
Miscellaneous
Types of Flowcharts:
Document: Illustrates the flow of documents through an organization
Useful for analyzing internal control procedures
System: Logical representation of system inputs, processes, and outputs
Useful in analysis and design
Program: Represent the logical sequence of program logic

Summary Chapter 4:
File: a set of related records such as all customer records,
Database: A set of interrelated, centrally coordinated files forms a database
Database management system (DBMS): Is the interface between the
database abd rge various application programs.
Data system: the database, the DBMS, and the application programs that
access the database through the DBMS are referred to as the database
system.
Database administrator (DBA): id responsible for the database.
Data warehousing: contains both detailed and summarized data for a
number of years and is used for analysis rather than transaction processing (it
is not unusual for data warehouses to contain hundreds of terabytes of data).
Data warehouses do not replace transaction processing databases they
compliment them by providing support to strategic decision making.
Business Intelligence: using a data warehouse for strategic decision
making id often referred to as business intelligence.
Two main techniques used in business intelligence:
- Online analytical processing (OLAP)
- Data mining

Online Analytical Processing (OLAP): is using queries to guide the

investigation of hypothesized relationship in data.
Data Mining: using sophisticated statistical analysis, including artificial
intelligence techniques such as neural networks, to discover unhypothesized
relationship in the data.
The Advantages of Database Systems:
- Data integration: master files are combined into large pools of data that
many application programs access.
- Data sharing: Integrated data are more easily shared with authorized
users.
- Minimal data redundancy and data inconsistencies: because data items are
usually stored only once, data redundancy and data inconsistencies are
minimized.
- Data independence: because data and the programs that use them are
independent of each other, each can be changed without changing the other.
- Cross-functional analysis: in a database system, relationship, such as the
association between selling costs and promotional campaigns, can be
explicitly defined and used in the preparation of management reports.

Record layout: See page 110 figure 4-3.

Logical view: is how people conceptually organize and understand the data.
Physical view: refers to how and where data are physically arranged and
stored in the computer system.
Schema: describes the logical structure of a database.
Conceptual-level schema: the organization wide view of the entire
database, lists all data elements and the relationship among them.
External-level schema: consists of individual users views of portions of the
database, each of which is referred to as a subschema.
Internal-level schema: a low-level view of the database, describes how the
data are stored and accessed, including record layouts, definitions, addresses,
and indexes.
Data dictionary: contains information about the structure of the database.
Data definition language (DDL): builds the data dictionary creates the
databases, describes logical views for each user, and specifies records or field
security constraints.
Data manipulation language (DML): changes databases content,
including data element updates, insertions, and deletions.
Data query language (DQL): contains powerful easy-to-use commands that
enable users to retrieve, sort, order and display data.
Report writer: simplifies report creation.
Relationship data model: represents conceptual-and external-level
schemas as if the data are stored in tables.
Tuple: each row in a table.
Primary key: is the database attribute, or combination of attributes, that
uniquely identifies a specific row in the table.
Foreign key: is an attribute that is a primary key in another table, is used to
link tables.
Problems:
Update anomaly: because data value updates are not correctly recorded.
Insert anomaly: occurs in our example because there is no way to store
information about prospective customers until they make a purchase
Delete anomaly: occurs when deleting a row has unintended consequences.

Basic Requirements of a Relationship Database:

- Every column in a row must be single valued
- Primary keys cannot be null
- Foreign keys, if not null, must have values that correspond to the value of a
primary key in another table
- All nonkey attributes in a table must describe a characteristic of the object
identified by the primary key
Normalization: assumes that everything is initially stored in one large table.
Semantic data modelling: the designer uses knowledge of business
processes and information needs to create a diagram that shows what to
include in the database.

Chapter 12 The Revenue Cycle: Sales to Cash

Collections
The Revenue Cycle
Below is the scheme of the Revenue Cycle

This cycle aims to provide goods and services to customers. Also, the cycle
enable company to collect cash in payment for those sales.
Primary Objective:
Provide the right product

In the right place

At the right time for the right price

General Revenue Cycle Threats

In order to ensure that the cycle runs well, a company needs to know the
possible threats that they may face such as:
Inaccurate or invalid master data
Unauthorized disclosure of sensitive information

Loss or destruction of master data

Poor performance

General Revenue Cycle Controls

After the possible threats are known, then it will be easier for a company to
control the whole process by applying some regulations such as mentioned
below:
Data processing integrity controls
Restriction of access to master data

Review of all changes to master data

Access controls

Encryption

Backup and disaster recovery procedures

Managerial reports

General Revenue Cycles Activities

It is basically the integration of four activities which are mentioned and
illustrated below.
1. Sales Order Entry
2. Shipping

3. Billing
4. Cash
Collection

Sales Order Entry

The Sales Order Entry activity is consisting of three main steps which are
mentioned and illustrated below:
1. Take order
2. Check and approve credit
3. Check inventory availability
Sales Order Entry Threats
In order to ensure that the sales
order activity runs well, a
company needs to know the
possible threats that they may
face such as:
Incomplete/inaccurate

orders

Invalid orders

Uncollectible accounts

Stockouts or excess
inventory
Loss of customers

General Revenue Cycle Controls

After the possible threats are known, then it will be easier for a company to
control the whole sales order entry process by applying some regulations
such as mentioned below:
Data entry edit controls (see Chapter 10)

Restriction of access to master data

Digital signatures or written signatures

Credit limits

Specific authorization to approve sales to new customers or sales that

exceed a customers credit limit

Aging of accounts receivable

Managerial reports

Perpetual inventory control system

Use of bar-codes or RFID

Training
Periodic physical counts of inventory
Sales forecasts and activity reports
CRM systems, self-help Web sites, and proper evaluation of customer
service ratings

Shipping
The Sales Order Entry activity is consisting of two main steps which are
mentioned and illustrated below:
1. Picking and packing the order
2. Shipping the order
Shipping Threats
In order to ensure that the shipping
activity runs well, a company
needs to know the possible threats
that they may face such as:
Picking the wrong items or
the wrong quantity

Theft of inventory

Shipping errors (delay or

failure to ship, wrong
quantities, wrong items,
wrong addresses,
duplication)

Shipping Controls
After the possible threats are known, then it will be easier for a company to
control the whole shipping process by applying some regulations such as
mentioned below:
Bar-code and RFID technology

Reconciliation of picking lists to sales order details

Restriction of physical access to inventory

Documentation of all inventory transfers

RFID and bar-code technology

Periodic physical counts of inventory and reconciliation to recorded

quantities

Reconciliation of shipping documents with sales orders, picking lists,

and packing slips

Use RFID systems to identify delays

Data entry via bar-code scanners and RFID

Data entry edit controls (if shipping data entered on terminals)

Configuration of ERP system to prevent duplicate shipments

Billing
The Billing activity is consisting of two main steps which are mentioned and
illustrated below:
1. Invoicing
2. Updating accounts receivable
Billing Threats
In order to ensure that the billing
activity runs well, a company needs
to know the possible threats that
they may face such as:
Failure to bill

Billing errors

Posting errors in accounts

receivable

Inaccurate or invalid credit

memos

Billing Controls
After the possible threats are known, then it will be easier for a company to
control the whole billing process by applying some regulations such as
mentioned below:
Separation of billing and shipping functions

Periodic reconciliation of invoices with sales orders, picking tickets, and

shipping documents

Configuration of system to automatically enter pricing data

Restriction of access to pricing master data

Data entry edit controls

Reconciliation of shipping documents (picking tickets, bills of lading,

and packing list) to sales orders

Data entry controls

Reconciliation of batch totals

Mailing of monthly statements to customers

Reconciliation of subsidiary accounts to general ledger

Segregation of duties of credit memo authorization from both sales

order entry and customer account maintenance

Configuration of system to block credit memos unless there is either

corresponding documentation of return of damaged goods or specific
authorization by management

Cash Collection
The last activity in the revenue cycle will be the cash collection from the
customers. Although it is rather a simple activity, there are several threats for
a company to conduct this activity such as mentioned below.
Cash Collection Threats
In order to ensure that the cash collection activity runs well, a company needs
to know the possible threats that they may face such as:
Theft of cash

Cash flow problems

Cash Collection Controls

After the possible threats are known, then it will be easier for a company to
control the whole cash collection activities by applying some regulations such
as mentioned below:
Separation of cash handling function from accounts receivable and
credit functions

Regular reconciliation of bank account with recorded amounts by

someone independent of cash collections procedures

Use of EFT, FEDI, and lockboxes to minimize handling of customer

payments by employees

Prompt, restrictive endorsement of all customer checks

Having two people open all mail likely to contain customer payments

Use of cash registers

Daily deposit of all cash receipts

Lockbox arrangements, EFT, or credit cards

Discounts for prompt payment by customers

Cash flow budgets

Summary Chapter-13 (AIS): The Expenditure Cycle

This chapter contains detailed information about the expenditure cycle from
purchasing to cash disbursements, which is comprised of four important steps
respectively:
1. Ordering send orders of materials, supplies, and services to
suppliers
2. Receiving receive merchandise or service from suppliers
3. Approving review and approve invoices from suppliers
4. Cash Disbursements process payments to suppliers
Effect and impact on:
timely production
quality
quantity
other relevant issues
Using a proper IT system for controlling the expenditure cycle can:
minimize time, energy, mistakes and theft
improve performance and efficiency

reducing costs associated with processing payments

Expenditure Cycle general Threats

Inaccurate or invalid master data
Unauthorized disclosure of sensitive information
Loss or destruction of data
Poor performance
Threats in ordering
Inaccurate inventory records
Purchasing items not needed
Purchasing at inflated prices
Purchasing inferior quality goods
Unreliable suppliers
Purchasing from unauthorized suppliers
Kickbacks
Ordering Controls
Perpetual inventory system
Bar coding or RFID tags
Physical counts of inventory
Review and approval of purchase requisitions
Review of purchase orders
Budgets
Purchasing only by approved suppliers
Tracking and monitoring product quality by supplier
Requiring suppliers to possess quality certification
Collecting and monitoring supplier delivery performance
List of approved suppliers and permit system purchase order only by them
EDI-specific controls (access, review, encryption, policy)
Supplier audits
Receiving threats
Accepting unordered items
Mistakes counting
Verifying receipt of services
Theft of inventory
Receiving controls
Requiring existence of approved purchase order prior to accepting any
delivery
Do not inform receiving employees about quantity ordered
Incentives
Receiving employees need to sign receiving report
Use bar codes
Physical count of inventories
ERP system configuration
Documentation of all transfers of inventory
Restriction of physical access to inventory
Segregation of duties: custody of inventory vs. receiving employees

Approving supplier invoices threats

Errors in supplier invoices

Mistakes in posting to accounts payable

Approving supplier invoices control

Verification of invoice accuracy

Detailed receipt for procurement card purchases
ERS
Restriction of access to supplier master data
Verification of freight bill and use of approved delivery channels
Data entry edit controls
Reconciliation of detailed accounts payable records with the general
ledger control account

Cash disbursement threats

Failure to take advantage of discounts for prompt payment

Paying for items not received
Duplicate payments
Theft of cash
Check alteration
Cash flow problems

Cash disbursement control

Filing of invoices by due date for discounts

Cash flow budget
Requiring all suppliers invoices be matched to documents that are
acknowledged by receiving and inventory control
Budgets
Receipts for travel expenses
Use of corporate credit cards for travel expenses
Requiring a complete voucher package for all payments
Policy to pay only from original copies of supplier invoices
Use of dedicated computer for online banking
Requiring dual signatures on checks greater than a specific amount
Restriction to supplier master file
Limit the number of employees with ability to create one-time-suppliers
and to process invoices from one-time-suppliers
Running petty cash as an imprest fund
Surprise audits of petty cash fund
Use of special inks and papers
Positive Pay arrangements with banks
Cash flow budget

Summary Chapter 14 Production cycle

The Production cycle

Business activities and information processing activities, related to

manufacturing of products
Production cycle activities
1. Product Design
2. Planning and Scheduling
3. Production Operations
4. Cost Accounting

Production Cycle General Threats

Inaccurate or invalid master data

Unauthorized disclosure of sensitive information

Loss or destruction of data

Production Cycle General Controls

Data processing integrity controls
Restriction of access to master data
Review of all changes to master data
Access control
Encryption (is the process of transforming information (referred to as
plaintext) using an algorithm (called a cipher) to make it unreadable to
anyone except those possessing special knowledge, usually referred to as
a key.)
Backup and disaster recovery procedures

Product Design
Product design Threats
Poor product design resulting in excess costs
Product design controls
Accounting analysis of costs arising from product design choices

Analysis of warranty and repair costs

Planning and scheduling threats

Over- underproduction
Planning and Scheduling Controls
Production planning systems
Review and approval of production schedules and orders
Restriction of access to production orders and production schedules
Production Operations Threats
Theft of inventory
Theft of fixed asset
Poor performance
Suboptimal investment in fixed assets
Loss of inventory or fixed assets due to fire or other disasters
Disruption of operations
Production Operations Control
Physical access control
Documentation of all inventory movement
Segregation of dutiescustody of assets from recording and
authorization of removal
Restriction of access to inventory master data
Periodic physical counts of inventory and reconciliation of those counts
to recorded quantities
Physical inventory of all fixed assets
Restriction of physical access to fixed assets
Maintaining detailed records of fixed assets, including disposal
Training
Performance reports
Proper approval of fixed asset acquisitions, including use of requests for
proposals to solicit multiple competitive bids
Physical safeguards (e.g., fire sprinklers)
Insurance
Backup and disaster recovery plans
Cost

accounting Threats
Inaccurate cost data
Inappropriate allocation of overhead costs
Misleading reports

Cost

Accounting controls
Source data automation
Data processing integrity controls
Time-driven activity-based costing
Innovative performance metrics

Assigning Production Costs

Job-Order Costing
Assigns costs to specific production batches, or jobs
-If the product or service is uniquely identifiable
Process Costing
Assigns costs to each process, or work center, in the production
cycle, and then calculates the average cost for all units produced.
-If the product or service is similar and produced in mass
quantities
Activity-Based Costing
Traces costs to the activities that create them
Uses a greater number of overhead pools
-Batch
-Product
-Organization
Identifies cost drivers
Cause-and-effect relationship

Summary : Chapter 15 the human resources

management and payroll cycle
The human resources management(HRM)/ payroll cycle
The human resources management(HRM)/ payroll cycle is a recruiting set of
business activities and related data processing operations associated with
effectively managing the employee workforce. These are the more important
tasks:
1. Recruiting and hiring new employees
2. Training
3. Job assignment
4. Compensation
5. Performance evaluation
6. Discharge of employees due to voluntary or involuntary
termination.
The fourth point is done by the payroll cycle, while the rest is done by the
HRM department.
Threats and controls in the Payroll/HRM cycle
1. General issues throughout entire HRM/payroll cycle
Threat
Controls
Inaccurate or invalid master data

Unauthorized disclosure of sensitive

information

Data processing integrity

controls
Restriction of access to master
data
Review of all changes to master
data

Access controls
Encryption

Loss or destruction of data

Backup and disaster recovery

procedures

Hiring unqualified or larcenous

employees

Sound hiring procedures,

including verification of job
applicants credentials, skills,
references, and employment
history
Criminal background
investigation checks of all
applicants for finance-related
positions

Violations of employments laws

2. Update payroll master data

Threat
Unauthorized changes to payroll
master data

Controls

Inaccurate updating of payroll master

data

Thorough documentation of
hiring, performance evaluation,
and dismissal procedures
Continuing education on
changes in employment laws

Segregation of duties: HRM

department updates master
data, but only payroll
department issues paychecks
Access controls

Data processing integrity

controls
Regular review of all changes
to master payroll data

3. Validate time and attendance data

Threat
Controls
Inaccurate time and attendance data
Source data automation for
data capture
Biometric authentication

4. Prepare payroll
Threat
Errors in processing payroll

Controls

5. Disburse payroll
Threat
Theft or fraudulent distribution of
paychecks

Segregation of duties
(reconciliation of job-time
tickets to time

Data processing integrity

controls: batch totals, crossfooting of the payroll register,
use of a payroll clearing
account and a zero-balance
check
Supervisory review of payroll
register and other reports
Issuing earnings statements to
employees
Review or IRS guidelines to
ensure proper classification of
workers as either employees

Controls

Restriction of physical access to

blank payroll checks and the
check signature machine
Restriction of access to the EFT
system
Prenumbering and periodically
accounting for all payroll
checks and review of all EFT
direct deposit transactions
Require proper supporting
documentation for all
paychecks
Use of a separate checking
account for payroll, maintained
as an imprest fund
Segregation of duties (cashier
versus accounts payable; check
distribution from hiring/firing;
independent reconciliation of
the payroll checking account)
Restriction of access to payroll
master database
Verification of identity of all
employees receiving paychecks
Redepositing unclaimed
paychecks

6. Disburse payroll taxes and miscellaneous deductions

Threat
Controls

Failure to make required payments

Untimely payments

Configuration of system to
make required payments using
current instructions from IRS
Configuration of system to
make required payments using
current instructions from IRS

Inaccurate payments

Processing integrity controls

Supervisory review of reports
Employee review of earnings
statement

Chapter 16 general ledger and reporting system

General ledger: is the principal book or computer file for recording and
totalling monetary transactions by account, with debits and credits in
separate columns and a beginning balance and ending balance for each
account.
A general ledger representing the five major account types:
Assets
Liabilities
Income
Expenses
equity

Primary function is to collect and organize

The accounting cycle activities
Financing activities
Investing activities
Budget activities
Adjustments

The centralized database must be organized in a manner that facilitates

meeting the varied information needs of both internal and external users.
Managers need timely detailed information about the results of operations in
their particular area of responsibility. So, how is it controlled?
1. Update general ledger, comes forward from two main sources:
- Accounting subsystems that creates a journal entry to update the general
ledger
- Treasurer that provides information for journal entries to update the general
ledger for non routine transactions such as the issuance or retirement of debt,
the purchase or sale of investment securities, or the acquisition of treasury
stock.
2. Post adjusting entries, there are 5 basic balance adjusting entries
named:
- Accruals: are entries made at the end of the accounting period to reflect
events that have occurred but for which cash has not yet been received or
disbursed
- Deferrals: are entries made at the end of the accounting period to reflect the
exchange of cash prior to performance of the related event
- Estimates are entries that reflect a portion of expenses expected to occur
over a number of accounting periods
- Revaluations: are entries made to reflect either differences between the
actual and recorded value of an asset or a change in accounting principle.
- Corrections are entries made to counteract the effects of errors found in the
general ledger
3. Prepare financial statements: to produce financial statements both
monthly and annually.
4. Produce managerial reports to;
- Responsibility accounting
- Balanced scorecard
- Training on proper graph design