REVIEWER IN ACCOUNTING INFORMATION SYSTEM

Information System
-set of coordinated network of components, acting together to produce, distribute and or
process information.
Information Technology
-comprises all types of technology used to create, store, exchange, and utilize
information in its various forms, including business data, conversations, still images,
motion pictures, and multimedia presentation.
Accounting Information System
-procedures, and systems that capture accounting data from business processes;
record the accounting data in the appropriate records; process the detailed accounting
data by classifying, summarizing, and consolidating; and report the summarized
accounting data to internal and external users.
System
-A group of interrelated multiple components or subsystems that serve a common
purpose
-called a subsystem when it is viewed as a component of a larger system.
Subsystem
-considered a system when it is the focus of attention
AIS Systems
-Transaction processing system (TPS)
: supports daily business operations
-General Ledger/ Financial Reporting System (GL/FRS)
: produces financial statements and reports
-Management Reporting System (MRS)
: produces special-purpose reports for internal use
Transforming Data into Information
-Data collection
: Capturing transaction data, recording data onto forms, validating and editing data
-Data Processing
: Merging, calculating, summarizing, comparing
-Data Management
: Storing, retrieving, deleting
-Information Generation
: Compiling, arranging, formatting, presenting
Information System Objectives in Business Context
-to support the stewardship function of management
-to support management’s decision-making
-to support the firm’s day-to-day operations
Importance of AIS to Accountants
-as Information System Users
-as System Designers
-as System Auditors
Ethics, Fraud, and Internal Control
-Ethics
: Principles of conduct use in making choices that guide their behavior in situations
involving the concepts of right and wrong.
-Ethical standards
: From societal mores and deep-rooted personal beliefs about issues of right and
wrong that is not universally agreed upon.
-Business Ethics
: The principles of conduct that individuals use in making choices and guiding their
behavior in business situations that involve the concepts of right and wrong.
-Ethical Responsibility
: The responsibility of organization managers to seek a balance between the risks
and benefits to their constituents that result from their decisions.
-Proportionality
: Responses should be proportional to the good that can be achieved and the harm
that may be caused.
-Computer Ethics
: The analysis of nature & social impact of computer technology & corresponding
formulation and justification of policies for the ethical use of such technology, details
about software, hardware, networks connecting computers, and computers.
Issues:
-Privacy
: Control of what and how much information is available (to others and to whom it is
available).
-Ownership
: Exclusive rights and control over property.
-Security (Accuracy and Confidentiality)
-Equity in Access
-Environmental Issues
-Artificial Intelligence
-Unemployment and Displacement
-Misuse of Computers

-Fraud
: False representation of a material fact by one party to another party, with the intent
to deceive and induce the other party to justifiably rely on the material fact to his or her
detriment.
Committed by:
Employee fraud - fraud by non-management employee generally designed to directly
convert cash or other assets to the employee’s personal benefit.
Management fraud- is fraud that often uses deceptive practices to inflate earnings or to
forestall the recognition of either insolvency or a decline in earnings.
Fraud Triangle
-Pressure (Motivation or Incentive to commit fraud)
-Opportunity (The knowledge and ability to carry out fraud)
-Rationalization (Justification of Dishonest Actions)
Reasons for fraud to be hardly quantifiable:
-Not all fraud is detected.
-Of that detected, not all is reported.
-In many fraud cases, incomplete information is gathered.
-Information is not properly distributed to management or law enforcement authorities.
-Too often, business organizations decide to take no civil or criminal action against the
perpetrator(s) of fraud.
-Indirect cost needs to be considered (decreased productivity, cost and time of legal
action, business disruption, etc.).
Fraudulent statements
-Are statements associated with management fraud. In this class of fraud scheme, the
financial statement misrepresentation must itself bring direct or indirect financial benefit
to the perpetrator.
Fraud Schemes
Corruption
-involves an executive, a manager, or an employee of the organization in collusion with
an outsider.
Bribery
-involves giving, offering, soliciting, or receiving things of value to influence an official in
the performance of his or her lawful duties.
An illegal gratuity
-involves giving, receiving, offering, or soliciting something of value because of an
official act that has been taken.
A conflict of interest
-is an outline of procedures for dealing with actual or apparent conflicts of interest
between personal and professional relationships.
Economic extortion
-is the use (or threat) of force (including economic sanctions) by an individual or
organization to obtain something of value. The item of value could be a financial or
economic asset, information, or cooperation to obtain a favorable decision on some
matter under review.
Asset Misappropriation
Skimming
-involves stealing cash from an organization before it is recorded on the organization’s
books and records.
Mail Room Fraud
-in which an employee opening the mail steals a customer’s check and destroys the
associated remittance advice.
Cash Larceny
-is theft of cash receipts from an organization after those receipts have been recorded in
the organization’s books and records.
Lapping
-is the use of customer checks, received in payment of their accounts, to conceal cash
previously stolen by an employee.
Billing Schemes
-also known as vendor fraud, are schemes under which an employee causes the
employer to issue a payment to a false supplier or vendor by submitting invoices for
fictitious goods/services, inflated invoices, or invoices for personal purchases.
A shell company fraud
-is establishing a false vendor on the company’s books, and then making false purchase
orders, receiving reports, and invoices in the name of the vendor and submitting them to
the accounting system, creating the illusion of a legitimate transaction. The system
ultimately issues a check to the false vendor.
A pass-through fraud
-is similar to shell company fraud except that a transaction actually takes place. The
perpetrator creates a false vendor and issues purchase orders to it for inventory or
supplies. The false vendor purchases the needed inventory from a legitimate vendor,
charges the victim company a much higher than market price for the items, and pockets
the difference.
Pay-and-Return
-a clerk with heck writing authority pays a vendor twice for the same products received
& then intercepts & cashes the overpayment returned by the vendor.
Check Tampering
-involves forging, or changing in some material way, a check that was written to a
legitimate payee.
Payroll Fraud
-is the distribution of fraudulent paychecks to existent and/or nonexistent employees.
Expense Reimbursement
-involves claiming reimbursement of fictitious or inflated business expenses.
Thefts of Cash
-is the direct theft of cash on hand in the organization.
Noncash Fraud
-is the theft or misuse of non-cash assets (e.g., inventory, confidential information).
Computer Fraud
-involves theft, misuse, or misappropriation of assets by altering computer-readable
records and files, or by altering the logic of computer software; the illegal use of
computer-readable information; or the intentional destruction of computer software or
hardware.
Internal Control
-policies a firm employs to safeguard assets, ensure accurate and reliable accounting
records and information, promote efficiency, and measure compliance with established
policies
Modifying Assumptions
Management responsibility
-is the concept under which the responsibility for the establishment and maintenance of
a system of internal control falls to management.
Reasonable assurance
-is an assurance provided by the internal control system that the four broad objectives
of internal control are met in a cost-effective manner.
Methods of Data Processing and Limitations
Concepts and Techniques
Control weaknesses
-increase the firm’s risk to financial loss or injury from the threats.
The Preventive-Detective-Corrective Internal Control Model
Preventive controls
-are passive techniques designed to reduce the frequency of occurrence of undesirable
events.
Detective controls
-are devices, techniques, and procedures designed to identify and expose undesirable
events that elude preventive controls.
Corrective controls
-are actions taken to reverse the effects of errors detected.
Internal Control Framework
Control Environment
-is the foundation of internal control.
Risk Assessment
-is the identification, analysis, and management of risks relevant to financial reporting.
Information and Communication
Monitoring
-is the process by which the quality of internal control design and operation can be
assessed.
Control activities
-are the policies and procedures to ensure that appropriate actions are taken to deal
with the organization’s risks.
IT Controls:
General controls
-are controls that pertain to entity-wide concerns such as controls over the data center,
organization databases, systems development, and program maintenance.
Application controls
-are controls that ensure the integrity of specific systems.
Physical Controls
-Transaction authorization is a procedure to ensure that employees process only valid
transactions within the scope of their authority.
Segregation of duties
-is the separation of employee duties to minimize incompatible functions.
Supervision
-is a control activity involving the critical oversight of employees.
The accounting records of an organization
-consist of documents, journals, or ledgers used in transaction cycles.
Access controls
-are controls that ensure that only authorized personnel have access to the firm’s
assets.
Verification procedures
-are independent checks of the accounting system to identify errors and
misrepresentations
IT Application Controls
Input controls
-are programmed procedures, often called edits that perform tests on transaction data
to ensure that they are free from errors.
Check Digit:
Transcription errors
-are the type of errors that can corrupt a data code and cause processing errors.
Transposition errors
-are errors that occur when digits are transposed.
A check digit
-is a method for detecting data coding errors in which a control digit is added to the
code when it is originally designed to allow the integrity of the code to be established
during subsequent processing.
Missing Data Check
Numeric-Alphabetic Check
Limit Check
Range Check
Reasonableness Check
Validity Check
Processing Controls
Batch controls
-is an effective method of managing high volumes of transaction data through a system.
Run-to-run controls
-are controls that use batch figures to monitor the batch as it moves from one
programmed procedure to another.
Hash total
-is a control technique that uses nonfinancial data to keep track of the records in a
batch.
Audit trail controls
-ensures that every transaction can be traced through each stage of processing from its
economic source to its presentation in financial statements.
Transactions Logs
Log of Automatic Transaction
Master File Backup Controls

GFS Technique
-The grandfather-father-son (GFS) is a back-up technique employed by systems that
use sequential master files (whether tape or disk).
-It is an integral part of the master file update process.
-The systems designer determines the number of backup master files needed for each
application.
-Two factors influence this decision: (1) the financial significance of the system and (2)
the degree of file activity.
Output Control
Output Spooling
-is directing an application’s output to a magnetic disk file rather than to the printer
directly.
Print Programs
Waste
Report Distribution
End-User Controls
Controlling Digital Output