ACCOUNTING VwFORMATION SYSTEMS Controls and Processes
-O LESLIE TURHER
uiEicKGEnnnnr
WILEY John Wiley £t Sons, Inc.
Contents MODULE 1
The Importance of Accounting Information Systems to Accountants
INTRODUCTION Defines business processes, AIS, and all foundational concepts. This module provides the knowledge building blocks to support the remaining chapters.
USERS OF THE AIS 22 DESIGN OR IMPLEMENTATION TEAM AN AUDITOR OF THE AIS
22
22
22
The Relation of Ethics to Accounting Information Systems
22
CHAPTER
Summary of Study Objectives
24
Introduction to AIS
Key Terms
25
End of Chapter Material
26
Overview of Business Processes
2
Overview of an Accounting Information System
4
Business Process Linkage Throughout the Supply Chain
6
IT Enablement of Business Processes
8
Basic Computer and IT Concepts BASIC COMPUTER DATA STRUCTURES 11 FILE ACCESS AND PROCESSING MODES 12 DATA WAREHOUSE AND DATA MINING 13 NETWORKS AND THE INTERNET 14
10
Examples of IT Enablement E-BUSINESS 15 ELECTRONIC DATA INTERCHANGE 15 POINT OF SALE SYSTEM 15 AUTOMATED MATCHING 16 EVALUATED RECEIPT SETTLEMENT 16 E-PAYABLES AND ELECTRONIC INVOICE PRESENTMENT AND PAYMENT 16 ENTERPRISE RESOURCE PLANNING SYSTEMS 16
15
The Internal Control Structure of Organizations ENTERPRISE RISK MANAGEMENT 18 A CODE OF ETHICS 20 COSO ACCOUNTING INTERNAL CONTROL STRUCTURE 20 IT CONTROLS 20 CORPORATE GOVERNANCE 20 IT GOVERNANCE 21
Foundational Concepts of the AIS Interrelationships of Business Processes and the AIS Types of Accounting Information Systems MANUAL SYSTEMS 43 LEGACY SYSTEMS 44 MODERN, INTEGRATED SYSTEMS
39
41 43
47
Accounting Software Market Segments
48
Input Methods Used in Business Processes SOURCE DOCUMENTS AND KEYING 50 BAR CODES 50 POINT OF SALE SYSTEMS 51 ELECTRONIC DATA INTERCHANGE 52 E-BUSINESS AND E-COMMERCE 52
50
XVIII
Contents
Processing Accounting Data
52
BATCH PROCESSING 53 ONLINE AND REAL-TIME PROCESSING
54
Policies to Assist in the Avoidance of Fraud and Errors
89
Maintenance of a Code Of Ethics
89
Outputs from the AIS Related to Business Processes
55
THE DETAILS OF THE COSO REPORT
Documenting Processes and Systems
55
REASONABLE ASSURANCE OF INTERNAL CONTROLS
PROCESS MAPS 56 SYSTEM FLOWCHARTS 57 DOCUMENT FLOWCHARTS 59 DATA FLOW DIAGRAMS 60 ENTITY RELATIONSHIP DIAGRAMS
Maintenance of Accounting Internal Controls
90
92 100
Key Terms
101 103 105
63
Appendix A: Recent History of Internal Control Standards
105
Ethical Considerations at the Foundation of Accounting Information Systems
65
Appendix B: Control Objectives for Information Technology (COBIT)
Summary of Study Objectives
66
End of Chapter Material
Key Terms
67
Appendix: Resources Events Agents (REA) in Accounting Information Systems
67
End of Chapter Material
69
Maintenance of Information Technology Controls Summary of Study Objectives 62
CHAPTER 4 Internal Controls and Risks in IT Systems
75
MODULE 2 CONTROL ENVIRONMENT Describes the proper control environment to oversee and control processes.
CHAPTER
Fraud, Ethics, and Internal Control
77
78
Accounting Related Fraud
80
CATEGORIES OF ACCOUNTING-RELATED FRAUD
82
The Nature of Management Fraud
82
The Nature of Employee Fraud
84
The Nature of Customer Fraud
86
The Nature of Vendor Fraud
86
The Nature of Computer Fraud
86 87 87
119
An Overview of Internal Controls for IT Systems
120
General Controls for IT Systems
122
AUTHENTICATION OF USERS AND LIMITING UNAUTHORIZED USERS 123 HACKING AND OTHER NETWORK BREAK-INS 125 ORGANIZATIONAL STRUCTURE 128 PHYSICAL ENVIRONMENT AND SECURITY 129 BUSINESS CONTINUITY 131
General Controls from an AICPA Trust Services Principles Perspective
Introduction to the Need for a Code of Ethics and Internal Controls
INTERNAL SOURCES OF COMPUTER FRAUD EXTERNAL SOURCES OF COMPUTER FRAUD
RISKS IN NOT LIMITING UNAUTHORIZED USERS RISKS FROM HACKING OR OTHER NETWORK BREAK-INS 136 RISKS FROM ENVIRONMENTAL FACTORS 136 PHYSICAL ACCESS RISKS 137 BUSINESS CONTINUITY RISKS 137
Hardware and Software Exposures in IT Systems THE OPERATING SYSTEM
139
THE DATABASE 141 THE DATABASE MANAGEMENT SYSTEM LANS AND WANS 143 WIRELESS NETWORKS 143
Elements of the Systems Design Phase of the SDLC IN-HOUSE DESIGN 218 CONCEPTUAL DESIGN 219 EVALUATION AND SELECTION DETAILED DESIGN 222
216
220
Elements of the Systems Implementation Phase of the SDLC
224
SOFTWARE PROGRAMMING 224 TRAINING EMPLOYEES 224 SOFTWARE TESTING 224 DOCUMENTING THE SYSTEM 225 DATA CONVERSION 226 SYSTEM CONVERSION 226 USER ACCEPTANCE 227 POST-IMPLEMENTATION REVIEW 227
Elements of the Operation and Maintenance Phase of the SDLC
227
The Critical Importance of IT Governance in an Organization
228
SDLC AS PART OF STRATEGIC MANAGEMENT SDLC AS AN INTERNAL CONTROL 228
228
Ethical Considerations Related to IT Governance 196
XIX
ETHICAL CONSIDERATIONS FOR MANAGEMENT 230 ETHICAL CONSIDERATIONS FOR EMPLOYEES 230 ETHICAL CONSIDERATIONS FOR CONSULTANTS 231
230
XX
Contents
Summary of Study Objectives
232
Key Terms
233
business processes and the internal controls in organizations. With process maps, document flowcharts, and data flow diagrams, the core business processes are described and the necessary controls to manage risk are discussed.
AUTHORIZATION OF TRANSACTIONS 293 SEGREGATION OF DUTIES 293 ADEQUATE RECORDS AND DOCUMENTS 293 SECURITY OF ASSETS AND DOCUMENTS 294 INDEPENDENT CHECKS AND RECONCILIATIONS 294 COST-BENEFIT CONSIDERATIONS 294
AUTHORIZATION OF TRANSACTIONS 296 SEGREGATION OF DUTIES 296 ADEQUATE RECORDS AND DOCUMENTS 299 SECURITY OF ASSETS AND DOCUMENTS 300 INDEPENDENT CHECKS AND RECONCILIATION 300 COST-BENEFIT CONSIDERATIONS 300
Cash Collection Processes
302
Risks and Controls in Cash Collection Processes
302
AUTHORIZATION OF TRANSACTIONS 302 SEGREGATION OF DUTIES 305 ADEQUATE RECORDS AND DOCUMENTS 306 SECURITY OF ASSETS AND DOCUMENTS 306 INDEPENDENT CHECKS AND RECONCILIATIONS 307 COST-BENEFIT CONSIDERATIONS 307
IT Enabled Systems of Revenue and Cash Collection Processes
309
E-Business Systems and the Related Risks and Controls
Contents Electronic Data Interchange (EDI) Systems and the Risks and Controls Point of Sale (POS) Systems and the Related Risks and Controls Ethical Issues Related to Revenue Processes Corporate Governance in Revenue Processes Summary of Study Objectives Key Terms End of Chapter Material CONCEPT CHECK 326 DISCUSSION QUESTIONS 329 BRIEF EXERCISES 329 PROBLEMS 330 CASES 337 CONTINUING CASE: SPATELLI'S PIZZERIA SOLUTIONS TO CONCEPT CHECK 344
315 319 320 323 324 325 326
SECURITY OF ASSETS AND DOCUMENTS 373 INDEPENDENT CHECKS AND RECONCILIATIONS COST-BENEFIT CONSIDERATIONS 374
O
xxi
374
IT Systems of Expenditures and Cash Disbursement Processes
375
Computer-Based Matching
377
Risks and Controls in Computer-Based Matching SECURITY AND CONFIDENTIALITY RISKS 379 PROCESSING INTEGRITY RISKS 379
379
Evaluated Receipt Settlement
380
Risks and Controls in Evaluated Receipt Settlement SECURITY AND CONFIDENTIALITY 382 PROCESSING INTEGRITY 382 AVAILABILITY 382
381
E-Business and Electronic Data Interchange (EDI)
382
Risks and Controls in E-Business and EDI SECURITY AND CONFIDENTIALITY 383 PROCESSING INTEGRITY 384 AVAILABILITY 384