THE INFORMATION SYSTEM: AN ACCOUNTANT’S
PERSPECTIVE
 Information is a business resource.
 Operations management directly responsible
for controlling day-to-day operations.
 Middle management accountable for short-
term planning and coordinating activities to
accomplish organizational objectives.
 Top management responsible for longer-term
planning and setting organizational objectives.
Information Objectives
 The goal of an information system is to
support
o The firm’s day to day operations.
o Management decision making.
o The stewardship function of
management.
Information Systems Framework
 The information system is the set of formal
procedures by which data are collected,
processed into information, and distributed to
users.
 A transaction is an event that affects or is of
interest to the organization and is processed
by its information system as a unit of work.
 A financial transaction is an economic event
that affect the assets and equities of the
organization, is reflected in its accounts and is
measured in monetary terms.
 A nonfinancial transaction is an event that
doesn’t meet the definition of a financial
transaction.
 Accounting information system (AIS)
processes financial and some nonfinancial
transactions. Three subsections:
o The transaction processing system
(TPS) which supports daily business
operations.
o The general ledger/financial reporting
system (GL/FRS) which produces
reports.
o The management reporting system
(MRS) which provides information for
decision making.
 Management information system (MIS)
processes nonfinancial transactions not
processed by the AIS.
AIS Subsystem
 The transaction processing system (TPS)
o Converts economic events into
financial transactions.
o Records financial transactions in the
accounting records.
o Distributes essential financial
information to support operations.
 The general ledger/financial reporting
system (GL/FRS) takes information from the
TPS and other input and:
o Updates general ledger control
accounts.
o Handles nondiscretionary reporting
requirements.
 The management reporting system (MRS)
provides the internal information needed to
manage a business and handles discretionary
reporting.
General Model for AIS
 End users fall into two groups :
o External users include creditors,
stockholders, government agencies,
suppliers and customers.
o Internal users include management
and operations personnel.
 Distributes essential financial information to
support operations.
 Data are facts which may or may not be
processed and have no direct effect on a
user’s actions.
 Information causes a user to take an action
that would otherwise not have been taken.
 Data sources are financial transactions that
enter the information system for internal or
external sources.
  The levels in the data hierarchy:
1. The data attribute is the most
elemental piece of potentially useful
data in the database.
2. A record is a complete set of attributes
for a single occurrence within an entity
class.
3. A file (or table) is a complete set of
records of an identical class.
 Database management involves three
fundamental tasks: storage, retrieval and
deletion.
 Data collection is the first operational stage
in the information system:
o Objective is to ensure data are valid,
complete and free from material
errors.
o Only relevant data should be captured.
o Efficient collection procedures
designed to collect data only once.
 Data processing tasks range from simple to
complex.
 The organization’s database is its physical
repository for financial and nonfinancial data.
(term could apply to a filing cabinet or
computer disk.)
 Information generation is the process of
compiling, arranging, formatting, and
presenting information to users.
 Regardless of physical form, useful
information has:
o Relevance: Content must serve a
purpose.
o Timeliness: No older than time frame
of supported action.
o Accuracy: Free from material errors.
o Completeness: All essential
information is present.
o Summarization: Aggregated for the
user’s needs.
 Feedback is a form of output sent back to the
system as a source of data.
The Accounting Function
 Accounting manages the financial resource of
the firm:
o Captures and records transactions.
o Distributes transaction information to
operations personnel.
 Value of information is determined by its
reliability.
o Relevance, accuracy, completeness,
summarization and timeliness.
o Unreliable information has no value.
 Information reliability requires accounting
independence.
o Accounting activities must be separate
and independent of the functional
areas maintaining custody of
resources.
o Accounting supports these functions
with information but does not
participate in the physical activities.
Information Technology
 Systems development is the process
organizations use to acquire information
systems.
o Can be purchased or built from
scratch.
o Commercial software available for
general accounting and industry
specific applications. Sometimes called
turnkey systems because can be
implemented with little modification.
o Custom software is developed
through a formal process called the
system development life cycle.
Requires an in-house team of qualified
individuals.
o Systems maintenance may be trivial or
significant. Between 80% - 90% of
system’s total cost may be incurred
because of maintenance activities.
The Role of Accountants in AIS
 Accountants play a prominent role on system
development teams as domain experts,
responsible for many aspects of the
conceptual system including specifying rules,
reporting requirements and internal control
objectives.
 IT professionals determine the most
economical and effective technologies for the
physical system, including data storage.
 Accountants perform audits which typically
involve the AIS.
o External audit is an independent
attestation and opinion (audit report)
regarding financial statement
presentation.
o Requires auditors (independent CPAs)
to test internal controls and perform
substantive tests of data.
o Critical element is auditor
independence, which means the
auditor is free from factors that might
influence the audit report.
  Prior to SOX, accounting firms were permitted
to provide both advisory and attest services to
clients.
 SOX legislation restricts non-audit services
that auditors may provide and prohibits
auditors from providing these services:
o Other accounting services including
bookkeeping, financial
information systems design
and implementation, appraisal or
valuation, actuarial, and internal audit
outsourcing.
o Management or human resources,
broker or dealer, investment adviser,
or investment banking services.
o Legal services and expert services
unrelated to the audit.
o Any other service that the Board
determines, by regulation, is
impermissible.
 Internal auditing is an independent appraisal
function within an organization to examine
and evaluate activities. External auditors
represent outsiders and internal auditors
represent the interests of the organization.
 Fraud audits have increased in popularity as a
corporate governance tool.
 May be initiated by managers to investigate
employees or the board to investigate
management.
 Audit committees serves an independent
“check and balance” for internal audit
functions and a liaison with external auditors.
Usually three people, one of which must be a
“financial expert”.
Ethical Issues in Business
 Computer ethics analyzes the social impact of
computer technology and formulation and
justification of policies for the ethical use of
technology.
 Para computer ethics involves taking an
interest in computer ethics cases and
acquiring some level of skill and knowledge in
the field.
 Issues of concern include:
o Privacy and ownership in the
personal information industry.
o Security involving accuracy and
confidentiality.
o What can an individual or organization
own?
o Equity of access issues related to
economic status, culture and safety.
o Environmental issues, artificial
intelligence, unemployment and
displacement and computer misuse.
 Sarbanes-Oxley Act (SOX) Section 406
requires public companies to disclose to the
SEC if they have a code of ethics that applies to
the CEO, CFO and controller.
 If a company does not have a code, it must
explain why.
 Compliance with 406 requires a code of ethics
that addresses:
o Procedures for dealing with conflicts
of interest.
o Full and fair disclosures to ensure
candid, open, truthful disclosures.
o Requiring employees to follow
applicable laws, rules and regulations.
o A mechanism to permit prompt
internal reporting of ethical violations.
o Taking appropriate actions when code
violations occur.
Fraud and Accountants
 The fraud triangle factors that contribute to
fraud:
o Situational pressures that coerce an
individual to act dishonestly.
o Opportunity through direct access to
assets.
o Rationalization (Ethics) which relate to
one’s character and moral compass.
 Fraud losses equal 5% of revenue. Actual cost
difficult to quantify and do not include indirect
losses.
 Most frauds are committed by employees than
managers, the losses are much higher for
managers and owners.
 Collusion in the commission of a fraud is
difficult to prevent and detect.
Internal Control Concepts and Techniques
 The internal control system consists of
policies, practices and procedures to achieve
four broad objectives:
 Safeguard assets of the firm.
 Ensure accuracy and reliability of
accounting records and information.
 Promote efficiency of the firm’s operations.
 Measure compliance with management’s
prescribed policies and procedures.
 Modifying Assumptions to the Internal Control
Objectives:
o Management Responsibility
 The establishment and
maintenance of a system of
 internal control is the
responsibility of management.
o Reasonable Assurance
 Cost of achieving objectives
should not outweigh the
benefits.
o Methods of Data Processing
 Control techniques vary with
different types of technology.
o Limitations
 These include (1) possibility of
error, (2) circumvention, (3)
management override and (4)
changing conditions.
 The absence or weakness of a control is an
exposure:
o May result in asset destruction or theft
and corruption or disruption of the
information system.
 Preventive controls are passive techniques
designed to reduce undesirable events by
forcing compliance with prescribed or desired
actions. Preventing errors and fraud is more
cost-effective than detecting and correcting
them.
 Detective controls are designed to identify
undesirable events that elude preventive
controls.
 Corrective controls are actions taken to
reverse the effects of errors detected.
 Public company management responsibilities
are codified in Sections 302 and 404 of SOX:
o Section 302 requires management to
certify organization’s internal controls
on a quarterly and annual basis.
o Section 404 requires management to
assess internal control effectiveness.
 The control environment sets the tone for
the organization and influences control
awareness.
 COSO internal control framework five
components:
o Organizations must perform a risk
assessment to identify, analyze
and manage financial reporting risks.
o The quality of information the AIS
generates impacts management’s
ability to take actions and make
decisions.
o An effective system records all valid
transactions and provides timely
and accurate information.
o Monitoring is the process by which
the quality of internal control design
and operations can be assessed.
o Control activities are policies and
procedures to ensure appropriate
actions are taken to deal with
identified risks.
 IT controls relate to the computer
environment:
o General control pertain to entity-
wide IT concerns.
o Application controls ensure the
integrity of specific systems.
 Physical controls relate to human activities:
o Transaction authorization is to
ensure all material transactions
processed are valid.
o Segregation of duties controls are
designed to minimize incompatible
functions including separating: (1)
transaction authorization and
processing and (2) asset custody and
record-keeping. Successful fraud must
require collusion.
o Supervision is a compensating
control in organizations too small for
sufficient segregation of duties.
o Accounting records consist of source
documents, journals and ledgers
which capture economic essence and
provide an audit trail.
o Access controls ensure that only
authorized personnel have access to
firm assets.
o Independent verification
procedures are checks to identify
errors and misrepresentations.
Management can assess (1) individual
performance, (2) system integrity and
(3) data correctness. Includes:
 Reconciling batch totals during
transaction processing.
 Comparing physical assets
with accounting records.
 Reconciling subsidiary
accounts with control
accounts.
 Reviewing management
reports that summarize
business activities.
 IT application controls are associated with
applications.
 Input control (edits) perform tests on
transactions to ensure they are free from
errors.
o Check digit is a control digit(s) that is
added to the data code when originally
assigned. Allows integrity to be
 established during processing and o Output data can become backlogged
helps prevent two common errors: (spooling) requiring an intermediate
 Transcription errors occur output file in the printing process.
when (1) extra digits are  Proper access and backup
added to a code, (2) a digit is procedures must be in place to
omitted from a code, or (3) a protect these files.
digit is recorded incorrectly. o Print programs controls should be
 Transposition errors occur designed to prevent unauthorized
when digits are reversed. copies and employee browsing of
o Missing data check identifies blank or sensitive data.
incomplete input fields. o Sensitive computer waste should be
o Numeric-alphabetic check identifies shredded for protection.
data in the wrong form. o Report distribution must be
o Limit checks identify fields that controlled.
exceed authorized limits. o End-user should examine reports for
o Range checks verify that all amounts correctness, report errors and
fall within an acceptable range. maintain report security.
o Reasonableness checks verify that 
amounts that have based limit and
range checks are reasonable.
o Validity checks compare actual fields
against acceptable values.
 Processing controls are programmed
procedures to ensure an application’s logic is
functioning properly.
o Batch controls manage the flow of
high volume transactions and
reconcile system output with original
input .
o Run-to-run controls monitor batch
from one process to another.
 Audit trail controls ensure every transaction
can be traced through each stage to processing
from source to financial statements.
 Every transaction the system processes,
including automatic ones, should be recorded
on a transaction log.
 Master file backup controls may be viewed
as either a general control or an application
control.
o GFS (grandfather-father-son)
backup is used with systems that use
sequential master files.
o The destructive update approach
leaves no backup copy and requires a
special recovery program if data is
destroyed or corrupted.
o Real-time systems schedule backups at
specified daily intervals.
 Output controls are procedures to ensure
output is not lost, misdirected or corrupted
and that privacy is not violated. Can cause
disruption, financial loss and litigation.
 Controlling hard-copy output: