Professional Documents
Culture Documents
Figure below illustrates an AIS for the sales The sales invoice reflects the product or products
process in a systems flowchart. This view purchased, the price, and the terms of payment.
assumes an online sales order. Notice that emails When the customer makes a payment, a
and electronic images replace many of the paper remittance advice may accompany the payment.
documents. The flowchart also assumes that the When you pay your Visa or MasterCard bill, for
AIS uses a centralized database that integrates example, the portion of the bill you return with
all data files. The following fictitious example your check is a remittance advice.
describes the sales process shown below.
In addition to sales orders, sales invoices, checks,
and remittance advices, shipping notices are
another input to sales processing. When the within a university manage course enrollments,
warehouse releases goods for shipment, the communications, and invoice and payment
warehouse clerk prepares a shipping notice. A processing, and perhaps most importantly help
copy of this notice may serve as a packing slip them stay connected with graduates who will
and would be included in the package with the potentially become donors.
goods. A copy of this document is also sent to the
Outputs of the Revenue Process
accounts receivable department and is used as a
prompt for the department to bill the customer. Processing sales transactions creates several
outputs. An AIS uses some of these outputs to
Debit/credit memoranda are source documents
produce external accounting reports (such as
affecting both the sales and purchasing
financial statements) as well as internal reports
processes. An organization issues these
(such as management reports). Management
memoranda to denote the return of damaged
reports can be in any format and contain any
goods or discrepancies in the amount owed. For
type of information managers need for decision-
example, let’s assume that Hiroshi’s package
making.
with the textbooks arrived, but two of the books
were damaged and two were the wrong One output of the sales process is a customer
textbooks. Hiroshi would return the four books billing statement. This statement summarizes
(worth $400) to Textbooks4U.com. However, outstanding sales invoices for a particular
Hiroshi must wait until the company receives the customer and shows the amount currently
books and processes the return before he will be owed. Other reports generated by the sales
issued a credit to his account (credit card) for the revenue process include aging reports, bad debt
$400. reports, cash receipts forecasts, approved
customer listings, and various sales analysis
If a company finds that it has charged a customer
reports. The aging report shows the accounts
too little for goods sold, the company would
receivable balance broken down into categories
issue a debit memorandum. This debit
based on time outstanding (see Figure 10-9). The
memorandum signifies a debit to the customer’s
bad debt report contains information about
account receivable with the company to reflect
collection follow-up procedures for overdue
the amount not charged originally. The customer
customer accounts. In the event that a
now owes more to the company.
customer’s account is uncollectible, the account
Business organizations use the data they collect is written off to an allowance account for bad
about their customers and sales transactions to debts. A detailed listing of the allowance account
improve customer satisfaction and increase may be another output of the sales process.
profitability. As a result, firms are purchasing or
All of the data gathered from source documents
developing customer relationship management
in processing sales transactions serve as inputs
(CRM) software to gather, maintain, and use
to a cash receipts forecast. Data such as sales
customer data to provide better customer
amounts, terms of sale, prior payment
service and enhance customer loyalty. However,
experience for selected customers, and
think broadly here about potential uses of CRM
information from aging analysis reports and cash
software. For example, many universities are
collection reports are all inputs to this forecast.
now purchasing CRM solutions to help them
better manage their current and potential Recall that maintaining customer records is an
customers (i.e., students). These software important function of the AIS in the sales
packages help various schools and colleges process. The billing or accounts receivable
function should approve new customers, both to that underpin the cycle are discussed and then
ensure that the customers exist and to assess the data produced and consumed during the
their bill-paying ability. This may require cycle activities are identified. Typical business
obtaining a credit report from a reputable credit process decisions are examined, along with
agency. The billing function assigns each new some of the primary considerations related to
customer a credit limit based on credit history. those decisions. An expenditure cycle is fully
From time to time, the AIS produces an approved documented using process maps, data flow
customer listing report. This report is likely to diagrams (DFDs) and flowcharts.
show such information as customer ID numbers
Expenditure cycle overview and key objectives
(for uniquely identifying each customer), contact
name(s), shipping and billing addresses, credit In order to achieve overall business objectives
limits, and billing terms. and remain profitable, the expenditure cycle
needs to be well designed and tightly controlled.
If an AIS captures (or converts) appropriate sales
Poorly controlled expenditure can lead to cash
data electronically, it can also produce various
flow and liquidity problems. An additional
sales analysis reports. These include sales
consideration for the expenditure cycle is the
classified by product line, type of sale (cash,
need to balance the supply and demand for
credit, or debit card), or sales region. However,
products within the organization. The revenue
the sales process can only produce effective
cycle sales phase discussed previously
sales analysis reports if the AIS captures
determines the demand for the goods and
appropriate sales data. A customer relationship
services provided by the company. The primary
management solution can help managers take
responsibility of the expenditure cycle
advantage of this data to maximize revenue and
purchasing phase is to ensure the supply of
to provide better customer service.
goods balances this demand.
Transaction cycle — the expenditure cycle
Similarly to the revenue cycle described
Expenditure-related activities are strategically previously, the expenditure cycle is generally
and operationally important for all thought of as two separate elements. The first of
organizations. The expenditure cycle these is purchasing. This phase interacts
commences when a section of the organization extensively with external suppliers of goods and
signals a need for goods or services to be services; the overall objective is to procure the
provided and ends when the goods or services right goods at the right amount, and to receive
have been paid for. During the cycle, demand for those goods at the right time. In order to achieve
requested goods or services needs to be this outcome, initiated purchases need to be
correctly established and any resulting purchase properly approved and authorized; goods and
orders need to be accurate and appropriately services need to be obtained from authorized or
authorized. Delivered goods must be received in pre-vetted suppliers; all purchase commitments
a timely fashion and both the quality and and obligations need to be recorded accurately;
quantity of goods delivered need to be checked and accepted goods and services must meet
before acceptance. Payments made to suppliers quality and delivery specifications. Errors in the
must be both timely and accurate. purchasing phase can lead to a situation where
goods are not available to meet customer needs
This topic commences with an overview of the
if demand is underestimated, or to the
expenditure cycle and then considers the
organization incurring unnecessary inventory
strategic implications of that cycle. Technologies
holding costs if demand is overestimated.
Following the purchasing phase is the accounts relevant modules such as sales, production,
payable phase, where the objective is to pay the accounts payable, cash budgeting and general
right people the right amount at the right time. ledger. In essence, an ERP system acts to provide
The activities in this phase are typically tighter connections between demand and supply
conducted by back--office staff who will not functions within the organization.
necessarily have had previous contact with the
The expenditure cycle can benefit greatly from
suppliers of the goods. In order to ensure
technologies that provide an efficient means of
ongoing good relationships with suppliers and
data exchange with suppliers of goods and
minimize the risk of improper payments, it is
services. Some of the ‘paperwork’ associated
essential that all relevant information relating to
with the expenditure cycle (e.g. purchase orders,
the purchasing phase is shared with the accounts
purchase requisitions) originates in-house and is
payable phase. Additionally, the quality of the
sent outwards to customers, and the remainder
goods received, although not a data point
is generated externally by suppliers (e.g. price
conventionally thought of as related to
quotes, invoices, delivery dockets). Use of
accounting, is a vital indicator when deciding
technologies such as electronic data
whether a payment should be made to a
interchange (EDI) can provide accurate, timely
supplier. The accounts payable phase needs to
and cost-effective data sharing.
ensure that payments are made by authorized
employees only, and that those payments are The expenditure cycle involves many activities
both accurate and timely, while ensuring that related to the physical handling and movement
favorable settlement terms are used to of goods. Where volumes are sufficiently high to
advantage. In order to ensure the integrity of warrant the use of printed barcodes or radio
financial reporting and financial statements, all frequency identification (RFID) tags, hand-held
accounts payable liabilities must be recorded scanning devices can cut stock handling and
accurately and promptly. recording costs and improve the accuracy and
timeliness of inventory and expenditure data.
Technologies underpinning the expenditure
cycle Specialized supply chain management software
(SCM) can be used to improve both the planning
There are a number of technologies suitable for
(identifying demand for products) and execution
supporting activities within the expenditure
(receiving orders, routing goods) of the supply
cycle and improving the overall functioning of
chain by providing detailed supply chain
the process. A range of inventory management
analytics. SCM can be incorporated as an
tools are available to help improve the ability to
integrated module within an existing ERP
balance supply and demand for goods and
system, or acquired and operated independently
services. Transparency and management of cash
using a best-of-breed supplier such as
payments and cash flows can also be improved
Manhattan Associates or i2 Technologies.
by the use of appropriate technologies.
The ability to make electronic payments provides
Enterprise resource planning (ERP) systems
a fast and comparatively inexpensive way for
assist with enabling and integrating the activities
organizations to settle their accounts with
within the expenditure cycle. The expenditure
suppliers. When using electronic payment
cycle links into many areas within the
facilities such as those provided by the major
organization, and an ERP system can not only
banks it is important to consider the timing and
improve the integration of enterprise-wide data
cash flow implications. A payment made
but also provide tighter linkages between
electronically will take funds from a company received data are also used to verify invoice
bank account immediately, whereas a payment validity during the accounts payable phase.
made via cheque may take up to ten working • Accounts payable data – both created and
days before any funds are withdrawn from the updated by activities within the expenditure
company account. In addition to these payment cycle; invoices received from suppliers are
timing issues, it is vital to consider and recorded in accounts payable, as are details
appropriately design access security over online of payments made during the accounts
payment facilities. payable phase. More detailed information
about payments made is recorded in the
Data and objectives in the expenditure cycle
cash payments data store.
• Inventory data – expenditure cycle activities
Objectives of the Expenditure cycle
require access to data related to inventory to
help identify existing stock levels. In order to Credit transactions create accounts payable.
correctly identify how much to purchase it is Accounts payable processing closely resembles
important to be familiar with both the accounts receivable processing; it is the flip side
current demand for the goods (which comes of the picture. With accounts receivable,
from the sales process) and how much companies keep track of amounts owed to them
inventory is currently available for sale. from their customers. An accounts payable
Expenditure cycle activities ultimately result application tracks the amounts owed by a
in an increase in the amount of inventory on company to vendors. The objective of accounts
hand. Inventory data should ideally be payable processing is to pay vendors at the
updated regularly by expenditure activities optimal time. Companies want to take
to indicate the current status code of goods advantage of cash discounts offered and also
that have been ordered but not yet received. avoid finance charges for late payments.
Inventory data typically include many non-
Maintaining vendor records is as important to
financial indicators, such as quality of the
the purchasing process as maintaining customer
goods received. There are also a number of
records is for the sales process. The purchasing
dates of significance when analyzing
department is responsible for maintaining a list
inventory and supplier performance, such as
of authorized vendors to ensure the authenticity
date ordered, date confirmed, date
of vendors as well as finding reputable vendors
expected, and date delivered.
who offer quality goods and services at
• Supplier data – the expenditure cycle
reasonable prices. Vendor shipping policies,
requires access to data about suppliers,
billing policies, discount terms, and reliability are
including both basic name and address
also important variables in the approval process.
details and information about preferred
Businesses today are strengthening their
suppliers, including past performance.
relationships with their vendors or suppliers,
• Purchase order data – records details of all
recognizing that they are partners in a supply
open (incomplete) purchase orders,
chain. One of the most successful supply chain
including the current status of each of the
management “partnerships” is that of Walmart
items on the order
and Procter & Gamble.
• Goods received data – lists items received
from suppliers and typically updates the The purchase of goods affects inventory control.
inventory status of those goods. Goods The objective of inventory control is to ensure
that an AIS records all goods purchased for and
dispensed from inventory. The inventory control for the goods received. The clerk then enters
component of the purchasing process interfaces information about the receipt (e.g., date, time,
with production departments, the purchasing count, and condition of merchandise) to create
department, the vendor, and the receiving an electronic receiving report. Upon receipt of an
department. electronic vendor invoice and the receiving
report, the accounts payable system remits
A final objective of the purchasing process is
payment to the vendor.
forecasting cash outflows. The addition of
outstanding purchase requisitions, purchase The economic and business events in the
invoices, and receiving reports provides an university’s purchasing process are the purchase
estimate of future cash requirements. With the request, purchase order, receipt of goods, and
forecast of cash receipts produced by the sales payment to the vendor. The university’s AIS
process, this estimate allows an organization to records information about each of these events
prepare a cash budget. and produces a variety of reports. The next two
sections describe the information inputs and
some of the reports associated with the
Events in the expenditure cycle purchasing process.
Figure below shows a systems flowchart that Inputs to the Expenditure cycle
describes the purchasing process. As with the
sales process, the flowchart assumes a
As explained earlier, the purchasing process
centralized database and a mix of paper
often begins with a requisition from a production
documents and electronic images. The following
department for goods or services. Sometimes, an
fictitious example describes the purchasing
AIS triggers purchase orders automatically when
process shown below
inventories fall below prespecified levels. The
purchase requisition shows the item(s)
requested and may show the name of the vendor
Example: Benjamin Controller is an employee at who supplies the goods.
a large state university. He needs to purchase a
new computer, so he pulls up the purchase In above about the events of the expenditure
requisition form on the university’s website and cycle, the accounts payable system matches
fills in the appropriate information. He sends the three source documents before remitting
completed form to his supervisor for approval, payment to the vendor: the purchase order, the
who approves the request and clicks the receiving report, and the purchase invoice. A
“Submit” button to forward the request purchase invoice is a copy of the vendor’s sales
electronically to the purchasing department. A invoice. The purchasing organization receives
purchasing agent creates an electronic purchase this copy as a bill for the goods or services
order based on the information provided. The purchased. The purpose of matching the
agent consults the vendor file to locate an purchase order, receiving report, and purchase
authorized vendor for the requested computer. invoice is to maintain the best possible control
The AIS then sends an electronic version of the over cash payments to vendors. For example, the
order to the receiving department and another absence of one of these documents could signify
copy to the vendor. When the computer arrives a duplicate payment. A computerized AIS can
from the vendor, a receiving clerk consults the search more efficiently for duplicate payments
AIS system to verify that a purchase order exists than a manual system.
For example, auditors can search for intentional merchandise package. This document indicates
(or unintentional) errors by instructing an AIS to the specific quantities and items in the shipment
print a list of duplicate invoice numbers, vendor and any goods that are on back order. The next
checks for like dollar amounts, and similar time you order goods through a catalog or over
control information. the Internet, look for a packing slip.
The purchase requisition initiates the purchase Outputs of the Expenditure cycle
order. Besides the information on the
Typical outputs of the purchasing process are
requisition, the purchase order includes vendor
vendor checks and accompanying check register,
information and payment terms. The purchasing
discrepancy reports, and a cash requirements
department typically prepares several copies (or
forecast. The check register lists all checks issued
images) of the purchase order. In a paper-based
for a particular period. Accounts payable
system, the purchasing clerk sends one copy of
typically processes checks in batches and
the purchase order to the receiving department
produces the check register as a by-product of
to serve as a receiving report or, preferably, to
this processing step. Discrepancy reports are
prompt the receiving department to issue a
necessary to note any differences between
separate receiving report. This copy of the
quantities or amounts on the purchase order,
purchase order is specially coded (or color-
the receiving report, and the purchase invoice.
coded) to distinguish it from other copies of the
purchase order if there is no separate receiving The purpose of a discrepancy report is to ensure
report. The receiving department copy might that no one authorizes a vendor check until the
leave out the quantities ordered that are appropriate manager properly reconciles any
identified in the purchase order. This is done for differences. For example, assume that a
control purposes, so that workers receiving the receiving report indicates the receipt of 12 units
goods must do their own counts, rather than of product, whereas the purchase order shows
simply approving the amounts shown on the that a company ordered 20 units and the
purchase order. purchase invoice bills the company for all 20
units. The accounts payable function records the
Another source document, a bill of lading,
liability for 20 units and notes the situation on a
accompanies the goods sent. The freight carrier
discrepancy report for management. This report
gives the supplier a bill of lading as a receipt,
would trigger an investigation. For example, it is
which means the carrier assumes responsibility
possible that the vendor made two shipments of
for the goods. It may contain information about
merchandise, and one shipment has yet to be
the date shipped, the point of delivery for freight
received. If this is the case, receipt of the second
payment (either shipping point or destination),
shipment clears this discrepancy from the next
the carrier, the route, and the mode of shipment.
report. However, if this is not the case, it is
The customer may receive a copy of the shipping
important for management to determine the
notice with the purchase invoice. This is
cause of the discrepancy as soon as possible.
important to the accounts payable subsystem,
since accounts payable accruals include a liability The purchasing process produces a cash
for goods shipped free on board (FOB) from the requirements forecast in the same manner that
shipping point. Goods shipped this way have left the sales process produces a cash receipts
the vendor, but the customer has not yet forecast. By looking at source documents such as
received them. Another source document, the outstanding purchase orders, unbilled receiving
packing slip, is usually included in the
reports, and vendor invoices, an AIS can predict When reporting and monitoring using variance
future cash payments and their dates. analysis (budget estimates compared to actual
results), it is important to identify the root cause
of any variances observed. As an example, an
Transaction cycle — the general ledger and unfavorable variance between budgeted and
financial reporting cycle actual data may be the result of poor
performance, or it is possible that budget
The general ledger and financial reporting cycle estimates were set at an unrealistic or
summarizes, adjusts and reports on data from all unachievable level. It is necessary to identify
the previous operational cycles. During the which of these circumstances apply, as differing
general ledger and financial reporting cycle, remedial actions are appropriate. An incorrect
budgets are created and agreed upon, and budget estimate should be corrected and
transactional-level data are accumulated, analysis should be undertaken to determine how
summarized, adjusted and, finally, reported to the estimation error occurred in order to prevent
internal and external users. Most decision recurrence. If the budget is realistic but poor
making by managers within the organization is performance is the underlying cause of the
based on data supplied by the financial reporting variance, the poor performance should be
cycle; investors rely on these reports when addressed via performance management of the
making investment decisions; and reports are individual or division involved.
also supplied to external regulators for assessing
compliance with relevant corporate legislation. Once budgets have been finalized, the ongoing
Assuring the timeliness, validity, accuracy and work of extracting transactional data generated
completeness of reported data is critical to during the operational transaction cycles
organizational success. (revenue, expenditure, production and payroll)
and transferring a summarized version of these
General ledger and financial reporting cycle transaction streams into the relevant general
overview and key objectives ledger accounts takes place. This initial set of
The first part of the financial reporting and activities creates a trial balance of the accounts.
general ledger cycle involves creating an It is important to note that this extraction activity
operational budget for the organization. Budgets does not provide any assurance that the original
are usually created on an annual basis and transactions were recorded accurately. If an
updated monthly or more frequently if required. operational process has a control weakness that
The purpose of budgeting is to facilitate results in inaccurate data being recorded at a
organizational planning and control. Creating transactional level, this same flawed data will be
budgets requires careful estimation of future transferred into the general ledger accounts.
activity levels and the associated potential costs At periodic intervals, a bank reconciliation is
and revenues; finalized budgets are then used as performed in order to independently verify the
a control measure to help ascertain and monitor balances of the cash-based general ledger
required organizational and individual accounts. After this reconciliation is successfully
performance levels. In order to motivate completed, adjusting journal entries are
desirable behavior by managers within the prepared and input. These adjusting journals
organization, budgets should be framed so that create an adjusted trial balance, where the
activity targets are achievable but challenging. values contained in the accounts comply with
the requirements for recognizing revenues and
expenses contained in the accounting standards. Technologies underpinning the general ledger
Once the adjusted trial balance has been and financial reporting cycle
finalized, financial reporting can take place.
Enterprise resource planning (ERP) systems
Typically, we divide reports into two major assist with integrating the general ledger into the
categories: management reports, which are operational cycles that precede general ledger
used within the organization, and general and financial reporting processes in the overall
purpose financial statements, which are business transaction cycle. The general ledger
distributed externally. Management reports links back into most areas within the
tend to be far more detailed in terms of content, organization, so an ERP system acts to improve
and are not intended for sharing outside the enterprise data integration and facilitate
organization. General purpose financial stronger controls over the extraction and posting
statements are constructed in accordance with of data from subsidiary ledgers.
the requirements of the relevant accounting
A robust, user-friendly report-generating tool
standards and contain far less detailed
such as Cognos or Crystal Reports is essential for
information, but are freely available to a wider
the production of both ad hoc and standard
range of users.
financial reports. These business intelligence
The objective of the general ledger and financial tools typically provide a simplified user interface
reporting cycle is to synthesize and report data to allow interrogation of the underlying data and
that accurately represents business transactions data dictionary, and the creation of reports using
and activities. In order to achieve this objective, a drag-and-drop-style interface. The deployment
budgets must be accurately and completely of these user-friendly tools is particularly useful
determined and recorded, and transactions in an environment where end-users of financial
extracted and posted must be complete and systems take responsibility for designing and
accurate. In addition, any adjustments that are producing their own financial reports.
required must be made prior to financial
Access to online banking is helpful in terms of
reporting taking place. Any financial report that
being able to monitor and reconcile cash
is based on accrual accounting assumptions can
transactions more easily. Access to online
only be relied upon if it is generated using
banking can also be helpful for organizations that
correctly adjusted data.
wish to automate bank reconciliations. The
An exception is where an operational report (e.g. ability to download files in electronic format
a simple transaction listing) is required by directly from a bank website presents an
management — basic reports can be generated opportunity to compare bank statement and
at any time after a transaction is recorded; it is cash transaction files electronically, improving
not necessary to wait until end-of-period both the timeliness and accuracy of bank
adjustments have been completed. These types reconciliations.
of detailed reports usually extract and report
As described previously, eXtensible Business
data directly from more detailed subsidiary
Reporting Language (XBRL) is a data standard
ledgers (e.g. accounts receivable and cash sales)
used when generating financial reports. The
rather than the summarized general ledger.
importance of this standard is that it allows
semantics, or meaning, to be embedded within
strings of financial data, allowing more in-depth
analysis to be conducted by users or recipients of
the data. This meaning is conveyed by inserting entries. Although small in volume, these
embedded tags that identify where separate adjusting journals can have a huge financial
pieces of data start and end within strings of impact on the financial results subsequently
data. Corporate regulators worldwide are reported. General journal data is typically stored
gradually moving towards mandating XBRL data in a separate journal voucher data store, as well
for corporate filings and reporting. as in the relevant general ledger accounts.
Data in the general ledger and financial Data produced by the general ledger and
reporting cycle financial reporting cycle are used by all levels of
management within the organization and by
Budget data is often initially created based on
investors, analysts and regulators external to the
prior year data, then manually adjusted and
organization. Access to financial data usually
entered into the financial system by finance
occurs by means of paper or electronic reports
personnel and operational managers. Budget
for users within the organization. External
data is held in the general ledger chart of
reporting has traditionally been paper based
accounts, and is used in reporting, largely as a
only, with recent augmentation by electronic
target or benchmark level against which actual
reporting.
results are compared.
General ledger and financial reporting
The general ledger and financial reporting cycle
processes
initially extracts existing transactional data from
subsidiary ledgers. These subsidiary ledgers Each of the business processes of an
include the accounts receivable ledger (which organization feed financial transactional data
contains details of customer invoices raised and into the general ledger. The general ledger
payments received) and the accounts payable provides details for all the accounts within the
ledger (which contains details of supplier chart of accounts. Recall from your accounting
invoices received and payments approved and courses that the general ledger is the entire set
made). The payroll data store provides details of of T‐accounts for the organization. Each set of
salary and wage transactions. The raw materials, processes affects general ledger accounts. For
labor and overheads data stores from the example, sales and sales return processes affect
production cycle provide details of production the accounts receivable, sales, inventory, and
costs incurred. The general ledger uses all this cost of goods sold accounts. For manual
transactional data to create summarized accounting systems, the process in which
transactions in the accounts within the general transactions are posted to the general ledger is
ledger. These general ledger accounts are called the accounting cycle. Figure below is a
conventionally referred to as the chart of summary of the processes in the accounting
accounts for the organization. cycle:
A typical general ledger account code will Business processes in an organization consist of
contain a string of indicators representing items various accounting transactions. When an event
such as the transaction type (e.g. revenue, occurs, the accountant must decide whether the
expense or equity), the division or section of the transaction is a regular, recurring transaction. If
organization the transaction relates to, and the the transaction is regular and recurring, it would
nature of the transaction (e.g. chart of accounts). be recorded in a special journal. Special journals
are established to record specific types of
The only new data created by the general ledger
transactions. For example, a sale to a customer
and financial reporting cycle are general journal
would be recorded in a special journal called the ledger. This ends the accounting cycle for the
sales journal. The sales journal is the appropriate current fiscal period, and the cycle begins anew
place to record all credit sales. A typical sales in the next fiscal period.
journal is formatted with columns to record the
These examples of accounting records focus only
amount of the sale and the corresponding
on sales and receivables. There are similar
receivable. That is, one column exists for sales
special journals and subsidiary ledgers for other
dollar amounts (a credit), and one column for
regular, recurring transactions such as
accounts receivable amounts (a debit). In
purchases, cash receipts, cash disbursements,
addition, regular, recurring transactions are
and payroll. Also, there are other subsidiary
posted to subsidiary ledgers. Subsidiary ledgers
ledgers such as accounts payable, inventory,
maintain the detail information regarding
payroll, and fixed assets. When a transaction
routine transactions, with an account
occurs, the accountant must choose the correct
established for each entity. For example, a credit
set of special journals and subsidiary ledgers in
sale to a customer must be recorded in the
which to record the transaction. In an automated
accounts receivable subsidiary ledger. This
ERP system, when a transaction is entered, the
subsidiary ledger maintains transaction details
appropriate special journals and subsidiary
and balances for each individual customer. At
ledgers are automatically updated.
regular intervals, such as the end of each day or
end of each week, the totals from the special Reporting as an Output of the General ledger
journals are posted to general ledger accounts. and financial reporting processes
Some transactions are not regular, recurring The information in the general ledger accounts
transactions, and thus are not recorded in provides important feedback for both internal
special journals and subsidiary ledgers. The and external parties. External parties such as
transactions in capital and investment processes investors and creditors use summarized
are examples of nonroutine transactions, which accounting data in the general purpose financial
are entered in the general journal and posted to statements to evaluate business performance.
the general ledger. Internal managers need financial and
nonfinancial feedback for proper planning and
At period end, it is important to ensure that all
control of operations. Internal managers need
revenue, expenditure, payroll, payable, and
much more frequent and detailed reports than
receivable transactions have been posted to the
external users. The sections that follow describe
general ledger. After all these transactions are
the external and internal reporting concepts.
recorded for the month, accruals and other
adjusting entries are recorded in the general External Reporting
journal and then posted to the general ledger.
After all transactions are accrued and posted, a The four general purpose financial statements—
trial balance is prepared from the general ledger balance sheet, income statement, statement of
account balances. cash flows, and statement of retained earnings—
are created from general ledger account
The financial statements are prepared from the balances. These financial statements are
adjusted balances in the general ledger. To generated at the end of the accounting cycle.
prepare the general ledger for the next The dollar amounts reported are all derived from
accounting period, and to transfer earnings to general ledger account balances. Usually,
retained earnings, closing entries are recorded in accounts are combined and summarized when
the general journal and posted to the general reported in general purpose financial
statements. External users do not need detailed fall into three categories: the type of
balance information on every existing account in organization, the underlying function managed,
the general ledger. For example, a large and the time horizon.
company may have several general ledger
Type of Organization
accounts for various types of cash and cash
equivalents. These individual cash accounts are Although this may seem obvious, the type of
combined, or “rolled up,” into one dollar amount organization affects the type of reports that are
reported as Cash on the balance sheet. This same needed to manage the organization. For
summary process occurs for all of the line items example, manufacturing firms need different
on the general purpose financial statements. reports than retail firms or service firms.
Sales revenue as reported on the income Manufacturing firms must have internal reports
statement may be a combination of many to help manage the flow of raw materials, work
revenue accounts in the general ledger. There in process, and manufacturing labor. Retail firms
may be a revenue account for each product or do not have these processes. However, both
product line so that managers can track sales of retail and manufacturing firms manage
individual products. However, external users inventories, while service firms do not.
would be overwhelmed by the detail in several Therefore, service firm internal reports are more
revenue accounts. Therefore, the revenue likely to focus on sales and the status of projects.
accounts are rolled up into one or a few lines on Certainly, all three types of firms use revenue
the income statement. and profitability reports. Some organizations,
such as governmental or charitable foundations,
The IT accounting systems are programmed to
are not profit‐oriented, so their internal reports
combine, or roll up, accounts when the system
tend to focus on cash flows, funding sources, and
processes the financial statements. The financial
expenditures.
statements are designed and programmed into
the IT system when the system is implemented. Function Managed
When these financial statement reports are
needed at the end of the period, they may be The type of business function that a manager
printed by the IT system. Prior to the printing and oversees also affects the type of reports needed.
distribution of these reports, the CFO and the An operations manager needs reports about
accounting staff oversee the closing process to operations, such as reports about machine
ensure that the dollar amounts are correct and hours, down time of machines, units produced,
complete, usually by printing various reports in defective units, and material usage. These types
the IT system and reconciling them to ensure of operational reports may not be prepared from
their accuracy. data in the general ledger. However, as
transactions are recorded in the accounting
Internal Reporting processes, financial as well as nonfinancial data
are accumulated. Therefore, the accounting
The internal reports to be provided to managers
system often records both financial and
vary greatly depending on several factors.
operational data that can be used in reports.
Internal reports are usually not general‐purpose
financial statements, but reports that are Managers who direct financial aspects of a
tailored to the specific needs of each business need financial data in reports. For
management level and function. The many example, an accounts receivable manager needs
factors that affect the type of report provided to reports that show aged accounts receivable.
internal users can be summarized so that they Higher‐level managers examine financial reports
regularly to properly manage sales,
expenditures, cash flows, inventories, and many
other financial aspects. These financial reports
are prepared directly from ledgers, journals, and
other accounting records.
Time Horizon
A user may have access to several different Given that most system users will have multiple
systems or modules within a system. If each of passwords, the tendency is for these to be
these requires a password, the potential exists written down. From a control perspective, the
for the user to have to remember numerous writing down of passwords should raise
passwords. Again, this may lead to confusion for questions about where the document
the user in trying to remember their various containing the passwords is then stored. For
access codes. The temptation for users may be example, storing the passwords in a notebook
to use the same password for various systems. that is locked in a desk drawer or filing cabinet
For example, you may use the same password is preferable to recording them on a post-it
for your email, eBay, Amazon and YouTube note affixed to the computer screen where
accounts. Ives, Walsh and Schneider cite anyone can access them. Security threats and
research that found that a typical internet user our responses to those threats are evolving, and
may have access to as many as 15 different security advice can become obsolete. For
accounts, each requiring a user identification example, users of information systems are
and password. With so many accounts, it makes encouraged to use long, complex passwords.
sense to use the same password to reduce the However, accounts are compromised regularly
potential for a forgotten password. However, (see, for example, data breaches discussed later
the risk is that, if your password for one account in this section) through password reuse, which
is discovered, it can obviously be used to access is a bigger threat today than password cracking.
multiple accounts. As such, the potential Therefore, the better advice is to use different
consequences of the password breach are passwords for different sites rather than
magnified. creating a complex password, memorizing it and
using it for all the systems you use.
When a login is unsuccessful
CEB’s 2015 Audit Plan Hot Spots lists
If a user forgets their password, they will not be
information security to be a key area because of
able to access their account. A system should be
insecure employee behaviors. For example, 93
configured to log unsuccessful login attempts.
per cent of employees admitted to violating
Keeping a log of unsuccessful login attempts can
information security policies. Importantly, the
be useful for following up on potential attacks.
report notes that organizations that focus on
Analysis may reveal that attempts happen at a
technical controls at the expense of proactively
particular time or through a particular user
managing secure employee behaviors (for
name. This could prompt further investigation.
example, appropriate password protection) can
In addition, some systems may freeze an
lead not only to financial consequences but also
account after a number of consecutive failed
to reputational, operational and legal
login attempts. Typically, after three
consequences. Recent research has suggested
unsuccessful login attempts, an account may be
two ways to deter users (or insiders) from
frozen. This control works to stop systematic
fraudulent behavior. The first is to ensure
attempts at determining a user’s password.
employees understand the risk of detection.
Once an account is frozen, the fact should be
Those employees who believe there is a high
chance of being caught will desist from
committing a fraudulent act. The second is to 6. Data storage procedures
create a fair work environment where
Information is stored on servers about
employees believe they are treated fairly.
customers, staff and intellectual property. If a
competitor was able to access this information
it could cause serious consequences for the
4. System development procedures
organization, both financially and non-
A number of different information systems can financially (for example, reputational damage).
exist in the organization that will require Increasingly, management in organizations need
maintenance and development at various to manage the risks associated with data
points in time. It is important to have in place storage either locally on their premises or in a
set policies and procedures to be followed in data center, or in the cloud. Two major risks are
the design and implementation of new software associated with cloud storage. The first is the
or systems. These should include designated inability to audit and monitor at file level. The
procedures and stages as part of the systems second is the inability to access the internet to
development process as well as restrictions on access data.
who is able to initiate and execute the
Being clear on what data is needed by different
development and installation of new programs
parts of the organization, and setting up access
within the information system. Within an
rights accordingly, is also an important control
organizational network you will see this
step. In addition, where data is of a sensitive
represented, at a simple level, by different user
nature, logs that record when the data is
privileges granted across the organization. For
accessed and who accesses the data can be an
example, the system administrator will have the
important resource used by auditors and
ability to install software, whereas a business
investigators.
user will not have such rights. Restricting users’
ability to install and modify software can be Another dimension that raises control concerns
seen as a preventive control since it provides related to data and technology resources is
reasonable assurance that untested or increased mobility. IT executives and Chief
incompatible software and software that has Information Officers may be reluctant to adopt
not been appropriately reviewed or licensed will cloud services, particularly mobile cloud,
not be placed on the system. because of security and privacy concerns. The
unresolved security issues relating to mobile
5. User awareness of risks
cloud environments include data security,
Another organizational control strategy is to network security, data locality, data integrity,
ensure that management makes their web application security, data segregation, data
employees aware of the various information access, authentication, authorization, data
system risks by investing in security education confidentiality, data breach issues, and various
training and awareness (SETA) programs. This other factors.
can include briefing sessions about password
Accordingly, control procedures relating to the
policies and computer monitoring.
access, duplication and sending of data are an
Management should ensure users of
important aspect of general control policies,
organizational information systems are aware
particularly as more organizations decide to
of the security threats and issues, and
adopt cloud-based services for storing data.
understand organizational security policies and
the policies for detection of fraud.
Examples of such control policies include, but that extra degree of security should something
are not limited to: go wrong at a main site.
Application controls
Backup policies are also important as backups
may be the only means of recovery in the event Application controls ‘are manual or automated
of destruction or corruption of data. The procedures that typically operate at a business
frequency of backups is an organizational process level and apply to the processing of
decision, based on the extent of data and the transactions by individual applications. As this
extent to which data change on a day-to-day definition indicates, application controls are
basis. However, important aspects to keep in designed around the control objectives of a
mind when developing a backup policy are: specific business process or system (e.g., the
sales process, ordering process, manufacturing
• keeping multiple backups process or cash receipts process) and relate to
• storing backups off site or in the cloud processing within individual applications. That
• keeping multiple versions of backups is, application controls are specific to a
• deciding what and how frequently to particular business process in that they will be
back up. implemented to address the risks and threats
unique to that process. Application controls
Several organizations now offer services such as
operate within the scope of general controls. In
offsite storage and backup facilities, making use
a computerized environment, application
of internet technology as a way of transferring
controls will typically be classified as input,
backup data to remote locations and adding
processing or output.
INPUT controls prenumbering the source documents, a control
is built that helps identify any omitted or
Standardized forms
unrecorded transactions (the assertion of
The use of standardized forms can help ensure completeness) and also provides a control over
completeness. The design of the form that users the source documents.
interact with when entering data into a system
Where the source documents are potentially
is also an important consideration. There is
valuable, for example cheques, it is also useful
benefit in designing the screen to resemble
to keep a record of cancelled source
closely its paper-based equivalent in the real
documents. Cancelled source documents are
world. This makes it easier for users to navigate
those that are removed from circulation by the
the screen and ensure completeness in their
organization. For example, document number
input. Proper form design can also ensure
10 012, which may have been previously
accuracy, since the form will specify the data
identified as missing, could have been cancelled
that is required, the expected length of the data
by the organization because of an error while
(e.g. six boxes for a six-digit customer ID) and
filling out the form or cancellation of the order
any specific instructions for the data provider.
before sending the purchase order. If a record is
Standardized forms can be seen as a preventive
maintained of cancelled source documents,
control (they work towards ensuring all relevant
then reconciling gaps in the sequence of source
data is provided by specifying what must be
documents also becomes easier.
completed, reducing the chance of incomplete
forms) and a detective control (a visual Prenumbering documents can also be a useful
inspection of a completed form will quickly control to address concern about transactions
detect if any key components have not been being classified in the correct reporting period.
filled in or have been filled in inaccurately). As an organization approaches the end of the
financial year it can note the last number of key
Prenumbering documents
source documents, for example, sales invoices,
Prenumbering important documents, such as and set up procedures to make sure that
invoices, purchase orders and cheques, can be a documents after that number are allocated to
simple but effective way of helping ensure the the next period. The use of prenumbering and
objective of completeness. When documents classification filters and ranges within
are prenumbered, any missing or unaccounted accounting software can work towards this goal.
for documents can easily be identified simply by For example, if we know that the first source
looking for a gap in the sequence. For example, document issued in the period was number 299
an organization may prenumber its purchase and that the last one issued at the end of the
order forms. If an examination of the purchase period was 542 then, combining knowledge of
records shows that issued purchase orders on these numbers with the beginning and end
record go from form number 10 011 to 10 013, dates for the financial period, we can filter and
with no record of 10 012, then potentially a sort the documents to check that all documents
purchase order has gone missing. This missing before 299 have been recorded in the previous
document could be explained by honest period and all documents after 542 have been
misplacement, fraudulent use by an employee recorded in subsequent periods. The ability to
or simple cancellation. However, if documents filter transactions in this way is present within
were not prenumbered, this missing document various accounting packages, as well as through
would never have been identified. By
the downloading of data into a spreadsheet and aircraft, because an aircraft will not take off if a
manually sorting the data. passenger has checked in luggage but not
boarded the flight. This presents the issue of
how to best capture the data about which
Sequence checks passengers have boarded the flight. One option
could be to have boarding staff rekey data into
In a computer-based information system, the system as passengers present their boarding
prenumbering can be further enforced through pass. However, this is not the most efficient way
the use of sequence checks. If transactions are — the data have already been captured
entered directly into the system, with no paper elsewhere, so why rekey them? Instead, the
documentation, then the document number airline magnetizes boarding passes that it
can be assigned automatically. This will ensure issues, enabling a computer to read the data
no missing numbers in sequence checks for that were stored when the passenger checked
transactions and reduces the risk of incomplete in. This has several benefits. The obvious
data (i.e. transactions not being entered). It benefit is that staff members do not have to
could also be argued that sequence checks rekey passenger data, meaning that boarding
contribute towards ensuring the correct can be completed in less time. Second, the risk
valuation of assets since, for example, if a sale is of error is reduced since there is no opportunity
not recorded, the associated increase in for human error when rekeying the data. The
accounts receivable will not be recorded. data are accessed electronically from the
Turnaround documents boarding pass, so the risk of inconsistent data
(mismatches between what was captured when
Turnaround documents are documents that the passenger checked in and when the
originate as the output of one system and passenger boards the plane) are reduced. This
become the input for another system. There are increases the chances of input validity.
literally hundreds of examples of turnaround
documents that you would have been exposed The boarding pass is a specific example of a
to. If you have ever flown with a major airline turnaround document. Another example of a
you will have unwittingly been exposed to turnaround document is a remittance advice.
turnaround documents. Think about what When you receive a bill or a credit card
happens when you travel by air. You arrive at statement you will often notice that it has a
the airport and check your baggage in at the detachable slip attached at the bottom. This slip
baggage counter. While there you will also is designed to be returned to the organization
present the relevant identification, including a that originally sent you the bill, accompanied by
passport if travelling overseas. The attendant the payment. Take a closer look at the
will check your baggage in and allocate you to a remittance slip and you will notice that a lot of
seat, and then issue you with a boarding pass. the data are already filled in, for example,
The boarding pass contains details of your customer number, amount owed and due date.
flight, departure gate, boarding time, seat Why prepare remittance slips? When returned
allocation and any other relevant details. When with the payment to the organization, these
you then proceed to the boarding gate you slips allow payments to be linked to customers,
present your boarding pass, which is scanned so the organization knows which customer the
through a machine. What is the benefit of using cash receipts come from. Additionally, the
this document at the boarding point? Airlines details of the cash receipt are on the remittance
need to keep lists of who actually boards slip and just have to be entered by the relevant
person. The benefit is that there is no reliance organizations. In a relational database
on the customer to fill in the slip, reducing the environment, a control of this nature can be
possibility of errors and helping ensure valid established using primary and foreign keys and
and complete inputs are entering the system. through the enforcement of referential
integrity. Validity checks can contribute towards
Use of turnaround documents helps achieve
data accuracy (e.g. does the customer exist in
completeness of data entry, with all required
our customer table?), ensuring data are entered
data contained in the turnaround document.
correctly.
Turnaround documents that contain values or
monetary amounts also help contribute Completeness checks ensure that all required
towards the correct valuation and data are entered. If a user is entering a sale into
measurement of transactions (assertion of the sales system and the sales screen has ten
accuracy). different fields to be completed, then it needs
to be ensured that the user completes all ten
Data entry routines
fields. Failure to do so will lead to incomplete
A computerized information system can also data about the transactions being entered. A
have built-in programs that ensure inputs are completeness check will ensure that all required
valid and in the correct format. Examples of data are entered before the user can advance
such routines are field checks, validity checks, to later screens or move to a new sale. A
completeness checks, limit checks, range practical example of such a check can be found
checks, reasonableness checks and redundant in a lot of website store fronts and web-based
data checks. forms. If you have ever completed an online
form or made an online purchase, you will have
Validity checks take a given input for a field and probably noticed that some of the fields are
ensure that it is an acceptable value. For marked to designate them as required fields. If
example, if a customer number is being entered you try to proceed without putting data into the
when recording a sale, the program may take required fields, the site will return an error
the customer number that is input and check it message and not allow you to go any further
against a master list of customers contained in until the required fields are completed. This is a
the customer table of the database. If the way of trying to enforce input completeness for
customer number appears on the master list online forms and will contribute to the goal of
then the input is valid and the input stage can completeness. Again, this control can contribute
proceed. However, if the customer number to the accuracy of the data that has been
does not appear on the list then an invalid recorded; if necessary data about a transaction
customer number has been entered. Obviously, is not recorded then the details about the
this is not acceptable, so the system will alert transaction cannot be deemed to be accurate.
the user to this error and refuse the input. This
removes the potential for invalid or nonexistent Limit checks will check values input into a field
customer numbers entering the system, helping to make sure they fit within a predetermined
attain existence and occurrence. KPMG’s Fraud, upper limit. For example, there may be a firm
Bribery and Corruption Survey 2012: Australia policy that orders must be a maximum of 50
and New Zealand found that false invoicing was reams of paper at any one time. A limit check
the main fraud category for management, will detect any amount greater than 50 entered
making the issue of being able to validate in the quantity field and reject it. The
transactions an important one for application of limit checks is a technique for
attaining the correct valuation or measurement Automated form completion
of transactions.
A step forward from the validity checks
Range checks function in a manner similar to mentioned above is to automate part of the
limit checks, with the exception that the checks data entry routine. For example, when entering
apply to both upper and lower limits. Returning customer details to record a sale, once the
to the paper ordering example, if store policy is customer number is entered the computer can
that anywhere between 30 and 50 reams of automatically fill in other customer-related data
paper can be ordered at one time, then the fields (customer name, address, phone number
range check will detect any amount outside and so on). This is done by looking up the
these upper and lower limits. Similarly to limit customer number in the customer data table
checks, range checks help reasonably assure the and retrieving all related data. The benefit of
correct valuation or measurement of this control is that it makes data entry more
transactions. efficient, since less time is spent keying in
details. In addition, by reducing the amount of
Reasonableness checks operate to check that
data entry the chances of data entry errors are
the numeric input for a field is within a
reduced (i.e. as long as the customer number is
reasonable numeric range. For example, if a
correct all related data items will be correct). Of
field requires you to enter your number of
course, this assumes that the customer details
hours worked for a week and you key in 400
in the database are up to date.
instead of 40, a reasonableness check should
identify this value as outside reasonable values The input controls mentioned above aim to
for weekly hours and prompt you to correct the provide reasonable assurance about the
value. Once again, this check will contribute accuracy and validity of data that is entered into
towards the aims that relate to the valuation the system. Data entry errors that make it
and measurement of transactions. through the input stage can have costly
consequences.
If data are being entered for a critical event or
important transaction, then a control that can Transaction authorization procedures
be used to help ensure correctness of inputs is a
This control can help to prevent unauthorized
redundant data check. This control operates by
transactions entering the system. Risks
having the data entered twice and then
presented by unauthorized transactions can be
checking the two sets of inputs and making sure
quite large, for example, the National Australia
that they are identical. Ideally, different people
Bank announced a loss of $360 million as a
will perform the two inputs, making the
result of unauthorized foreign currency
system’s comparison of inputs more
transactions executed by staff. The issue of
meaningful. Obviously, this control has the
authorization and access rights has become
disadvantage of being costly to implement,
important for organizations with the increased
since data are required to be entered twice.
emergence of ERP systems. Because of the
Accordingly, a key factor in determining
integrated nature of an ERP system, along with
whether to implement this control will be the
the ‘interconnectivity and automation of
cost–benefit principle. If the cost of having the
processes’, correctly authorizing employees’
data entered twice exceeds the benefits, then
access and privileges is an ongoing, time-
this control would not be applied.
consuming and complex process. Authorization
procedures can also help in the attainment of
the objectives of existence and occurrence, invoices. This overcomes the limitation of the
particularly if a separate person provides the document count approach.
authorization. They can also include the review
Independent reviews
of event data before the execution of the event.
An independent review is a useful monitoring
Batch totals
technique that involves the work of one person
Batch totals are another effective input control. being reviewed by a different person to ensure
In a batch environment, transactions are completeness, accuracy and correctness, and
accumulated and, at some set interval, can potentially make information more
processed. In a sales system, for example, valuable. If the same person performs the work
invoices may be accumulated until the end of and checks the work for errors, the review is of
the day and then processed upon the little value. Consider if students were able to
completion of the day’s trading hours. A mark their own exam papers — there would be
concern in this environment is making sure that a chance that errors would not be detected or
all of the invoices are recorded in the system at that proper marking procedures would not be
the end of the day (completeness). This can be followed. For example, data about banking
helped by the use of batch totals. For example, transactions may be processed into a bank
the sales staff may accumulate their invoices reconciliation report for review by an
and at the end of the day count how many independent person, who then compares it
invoices they have. This batch of invoices, against cash receipts and payments listings and
together with a batch header form detailing bank statements to verify the reliability of the
who prepared the batch and the number of bank reconciliation process.
documents in the batch, could then be sent to
PROCESSING controls
the data entry staff, where they would be
entered in the system. Staff in data entry should Processing controls aim to ensure that data
check to ensure that they received the number within the system is correctly and accurately
of documents indicated in the batch header processed. An example is sales data entered
form, and that all these documents were throughout the day being transferred to
entered. This is an example of a document accounts receivable to update the account
count batch total. It operates to make sure no balances. Controls relate to how the computer
documents are missing, but it has limitations. handles the data in transferring it from one file
While the data entry staff may enter all the to another, and assurance is needed that (1) all
invoices, they may key in details different from sales have been transferred to accounts
those on the invoices, for example, they may receivable and (2) all sales have been correctly
key in sales of $100 instead of $1000. This will transferred to accounts receivable.
not be detected by the batch totals based on
the number of documents. Run-to-run totals
Developing effective accounting information Who actually performs a systems study? This
systems requires the collaboration of a wide varies from organization to organization as well
range of individuals, including analysts, system as from project to project. Many large
designers, and managers. Accountants, both as organizations have IT professionals to perform
auditors and as general information users, this work. In contrast, smaller organizations with
should be part of all IT studies involving limited technical expertise as well as larger
accounting information systems. organizations with other priorities are more
likely to hire outside consultants for this work.
Learning Outcomes
(Note: The Sarbanes-Oxley Act of 2002 expressly
• Understand the roles of accountants, forbids a CPA firm from performing such systems
analysis teams, and steering committees work for a client with whom it already has an
in systems studies. audit relationship.) Our discussion assumes that
• Understand why systems analysts must most of the work is performed by a generic
identify the strategic and operational “study team” of experts who may or may not be
goals of an accounting information outside consultants.
system.
Four Stages in the Systems Development Life
• Become familiar with the deliverables in Cycle
systems analysis work, especially the
systems analysis report. Traditionally, we can identify four major steps or
• Be able to help plan and complete the phases of a systems study:
analysis and design phases of a systems
1. Planning and investigation. This step
study.
involves organizing a systems study
• Know what a feasibility evaluation is and
team, performing a preliminary
how to conduct one.
investigation of the existing system, and
• Understand some of the costs, benefits, developing strategic plans for the
tools, and techniques associated with remainder of the study.
systems design work. 2. Analysis. This step involves analyzing the
• Be able to evaluate alternative systems company’s current system to identify
proposals and make a selection or the information needs, strengths, and
choose to outsource. weaknesses of the existing system.
3. Design and acquisition. In this step, an
organization designs changes that
eliminate (or minimize) the current replacing or modifying existing information
system’s weak points while preserving systems. Typically, altering an accounting
its strengths. The organization also information system also affects work flows, data
decides what system is best and how to gathering and recording tasks, employee
acquire it. responsibilities, and even the way an
4. Implementation, follow-up, and organization rewards its managers. Thus, one
maintenance. This phase includes reason why organizations perform systems
installing re- sources for the new system studies is because such studies are part of the
as well as training new or existing greater task of business process reengineering
employees to use it. Companies conduct (BPR)—that is, the task of making major
follow-up studies to determine whether modifications to one of an organization’s core
the new system is successful and, of systems. Because the accommodation involves
course, to identify any new problems so many changes, employee resistance is
with it. Finally, organizations must common and often quite strong—especially
maintain the system, which means that where jobs are at stake. This is also one reason
they correct minor flaws and update the why so many new systems fail.
system as required.
SYSTEMS PLANNING
These four phases are the system development
The first phase of a systems study involves
life cycle (SDLC) of a business information
systems planning and an initial investigation.
system. Logically, the activities in these phases
Think you can skip this phase? Think again. Just
flow from stage to stage in only one direction,
as you would not build a house without first
like water flowing in a stream. This is why earlier
determining what rooms you’d need in that
descriptions of the SDLC referred to it as the
house, organizations are well advised to plan
waterfall model. In practice, there is usually
carefully.
much overlap between phases in the life cycle
and the steps in a systems study don’t Planning for Success
necessarily occur in sequence. Instead, system
developers often perform two or more stages in In large organizations, system redesigns (or new
parallel with each other. development work) typically involve millions of
dollars, making mistakes very costly. In smaller
Systems Studies and Accounting Information organizations, major errors can be catastrophic,
Systems leading a firm to bankruptcy. What else can
happen when organizations do not plan
A systems study looks at all systems in an
carefully? Here are some examples:
organization’s applications portfolio. This
portfolio may include an integrated enterprise • Systems do not meet users’ needs,
resource planning (ERP) system, along with other causing employee frustration,
specialized information systems, or it may resistance, and even sabotage.
consist of many separate systems for functional • Systems are not flexible enough to meet
areas such as accounting, marketing, and human the business needs for which they were
resources. Accounting information systems designed and are ultimately scrapped.
(AISs) are prime targets for systems studies—for • Project expenditures significantly
example, because older ones may not comply overrun what once seemed like very
with new governmental regulations. But in adequate budgets.
general, a systems study means more than just
• The time required to complete the new company’s information system—its members
system vastly exceeds the development must first understand the system’s goals. Of
schedule—often by years. special importance is determining which goals
• Systems solve the wrong problems. are not being achieved under the present system
• Top management does not approve or and why this happens. Organization goals
support the new systems. • Systems are include: (1) general systems goals, (2) top
difficult and costly to maintain. management systems goals, and (3) operating
management systems goals.
Studies of unsuccessful information systems
projects suggest that mistakes made at the General Systems Goals
outset of a systems study are a common reason
General systems goals apply to most
why such projects ultimately fail. Careful systems
organization’s information systems and help an
planning and an initial investigation can avoid
AIS contribute to an efficient and effective
critical missteps that lead to disaster. “Planning
organization. Principles contributing to these
for success” means beginning a systems study
goals are: (1) awareness that the benefits of a
with a focused investigation that: (1) approaches
new system should exceed its costs, (2) concern
specific organizational problems from a broad
that the outputs of the system help managers
point of view, (2) uses an interdisciplinary study
make better decisions, (3) commitment to a
team to evaluate an organization’s information
system that allows optimal access to
systems, and (3) makes sure the company’s
information, and (4) flexibility so that the system
study team works closely with a steering
can accommodate changing informational
committee (described below) and end users in all
needs.
phases of the work.
The study team must determine whether the
SYSTEMS ANALYSIS
current information system helps to achieve
The basic purpose of the systems analysis phase these general systems goals. For example, if an
is to examine a system in depth. The study team AIS has excessive costs associated with using
will familiarize itself with the company’s current traditional paper documents (e.g., purchase
accounting system, identify specific inputs and orders, receiving reports, and vendor invoices),
outputs, identify system strengths and this will violate goal number one (cost
weaknesses, and eventually make awareness), and the study team might
recommendations for supplementary work. recommend that the company use an online
Figure 6-2 shows the logical procedures that the system instead.
team should follow.
Top Management Systems Goals
In performing its work, the study team should
AISs typically play key roles in satisfying top
avoid overanalyzing a company’s system.
management goals. For instance, AISs usually
Instead, the team should try to identify and
provide top managers with long-range budget
understand the organization’s goals for the
planning data so they can make effective
system, perform a systems survey, and prepare
strategic decisions about future product-line
one or more reports that describe its findings.
sales or similar business activities. Similarly,
Understanding Organizational Goals periodic performance reports provide top
management with vital control information
For the study team to do an adequate job—for
about corporate operations— for example, how
example, determine the real problems within a
sales of new product lines are doing. Finally, top
management needs to know about the short- systems study must gain the full cooperation and
range operating performance of its support of those employees who are crucial to
organization’s subsystems—for example, the success of a new system.
summary information about individual
Data Gathering. A systems survey requires the
department operating results and how these
study team to gather data about the existing
results compare with budgetary projections.
system. There are several ways of doing this,
Operating Management Systems Goals including:
Economic Feasibility. Economic feasibility seeks Designing System Outputs, Processes, and
assurance that the anticipated benefits of the Inputs
system exceed its projected costs. This requires
Once the design team determines that a system
accountants to perform a cost-benefit analysis.
is feasible and creates a general design, it can
This analysis takes into account all costs,
focus on developing the system’s input,
including indirect costs such as time spent by
processing, and output requirements. When
current employees on implementing the new
performing design tasks, it is perhaps curious
system. It also considers benefits, which are
that the design team first focuses on the
sometimes difficult to foresee or estimate. A
outputs—not the inputs or processing
common mistake is underestimating the costs of
requirements—of the new system.
implementation and continuing operations. The
accountants conducting the analysis need to The reason for this is that the most important
separately identify one-time costs versus objective of an AIS is to satisfy users’ needs.
recurring ones. The point of the economic Preparing output specifications first lets these
feasibility analysis is to get a “best estimate” of requirements dictate the inputs and processing
the worthiness of a project. tasks required to produce them.
During the analysis phase and general system rather than how the system can provide it. After
design, the study team must develop boundaries designing the outputs, their next step is to
for the new system that define the project’s identify the processing procedures required to
scope. Failing to do so causes scope creep—that produce them. This involves deciding which
is, expands the scope of a project and costs application programs are necessary and what
money. Outside consultants often handle these data processing tasks each program should
requests by drafting proposals showing the perform.
additional costs associated with them. These
There are a large number of tools for modeling
costs can include delays in meeting the schedule
computer processes. Among them are the
for delivering the project.
system flowcharts, data flow diagrams, program
System Outputs. The design team will use the flowcharts, process maps, and decision tables
data gathered from the prior systems analysis discussed in Module 4. Another popular tool is
work to help it decide what kinds of outputs are the entity-relationship (E-R) diagram discussed in
needed as well as the for- mats that these Module 2. Common to all these design
outputs should have. Although it is possible for methodologies is the idea of structured, top-
the design team to merely copy the outputs of down design, in which system designers begin at
an older system, this would make little sense— the highest level of abstraction and then “drill
the new system would be just like the old one. down” to lower, more detailed levels until the
Instead, the team will attempt to create better system is completely specified.
outputs—that is, design outputs that will better
Designing System Inputs. Once the design team
satisfy their users’ information needs than did
has specified the outputs and processing
the old system.
procedures for a new project, its members can
Outputs may be classified according to which think about what data the system must collect to
functional area uses them (e.g., marketing, satisfy these output and processing
human resources, accounting, or manufacturing) requirements. Thus, the team must identify and
as well as how frequently they must be produced describe each data element in the systems
(e.g., daily or weekly). Where a specific report is design (e.g., “alphabetic,” “maximum number of
not needed on a regular basis, the system should characters,” and “default value”) as well as
be able to provide it when requested (a demand specify the way data items must be coded. This
report) or triggered when a certain condition is is no easy task, because there are usually a large
met (an exception report). For example, an number of data items in even a small business
accounts receivable report on a specific application. Chapter 7 discusses the subject of
customer’s payment history might be issued on data modeling in detail.
demand or generated automatically when a
After the design team identifies and describes
customer owes more than a specified amount.
the input data, it can determine the source of
Although many organizations still rely heavily on
each data element. For example, customer
hard-copy (printed) reports, systems designers
information such as name, address, and
should also consider the possibility of creating
telephone numbers may be gathered directly
soft-copy (screen) reports as an alternative,
from web screens, while the current date can be
which use less paper and, of course, do not
accessed from the computer system itself.
require a printer for viewing.
Wherever possible, the design team will attempt
Process Design. Until now, the system designers to capture data in computer-readable formats.
have focused on what the system must provide As noted in Chapter 4, this avoids costly, time-
consuming data transcription as well as the vendors to submit bid proposals for such a
errors such transcription typically introduce into complete system, or alternatively, can ask each
the job stream. vendor to provide separate bids for hardware
and software.
The System Specifications Report
Choosing an Accounting Information System
After the design team completes its work of
specifying the inputs, outputs, and processing Because internal project management and
requirements of the new system, the members systems development are beyond the scope of
will summarize their findings in a (typically large) this text, we’ll assume here that the steering
systems specification report. It provides some committee opts to acquire most of its system
representative information in such a report. The resources from outside vendors. This is the most
design team submits this report to the steering common choice today. If the committee takes
committee for review, comment, and approval. this course of action, the systems specifications
report can help them create a request for
The Make or Buy Decision. The project is now at
proposal (RFP) outlining the specific
a critical juncture. If the steering committee
requirements of the desired system. Upon
approves the detailed design work, it now faces
finalizing the systems specifications, the
a make-or-buy decision. In large organizations,
committee (with the help of the design team and
one possibility is to use internal IT staff to
perhaps outside consultants) will send a copy to
develop the system. This choice offers the
appropriate vendors. Typically, the RFP also
tightest control over project development, the
contains a deadline for bidding, the length of
best security over sensitive data, the benefits of
which varies—for example, just a few weeks for
a custom product that has been tailor-made for
hardware, and longer periods of time for systems
the exact requirements of the application, the
requiring custom development tasks.
luxury of replacing the old system piecemeal as
modules become available, and a vote of After the deadline has passed, an evaluation
confidence for the organization’s IT staff. But this committee supervised by the steering
choice also uses valuable employee time and can committee will review vendor submissions and
divert the organization’s resources from its main schedule separate meetings with those vendors
objectives—for example, manufacturing who provide viable system proposals. The
products. participants at each meeting include
representatives from the vendor,
Another possibility is to outsource the project’s
representatives from the steering committee,
development to a contractor. This choice is
and representatives from the evaluation team.
useful when an organization lacks internal
The vendor’s role is to present its proposal and
expertise to do the work or simply wishes to
to answer questions from the other participants.
avoid the headaches of internal project
The evaluation committee’s role is to listen to
development. Finally, the steering committee
the vendor proposals, ask questions, provide
can purchase prewritten software (commonly
input to the steering committee about the pros
called canned software) and perhaps modify it to
and cons of each one, and perhaps make a
suit the organization’s needs. If the organization
recommendation for a preferred provider.
requires both hardware and software, the
committee may also choose to shop for a Selection Criteria. The steering committee’s
complete, “ready-to-go” turnkey system. The responsibility is to make a final selection and is
steering committee can ask the computer not restricted in its choices. It can accept one bid
totally or spread its purchases among two or charge extra for enhanced services.
more providers. Here are five key factors that a Although a vendor’s reputation is relative, a
steering committee might consider, listed in buyer can also check with the Better
order of importance according to a recent survey Business Bureau or speak with some of the
of 160 international financial officers: vendor’s other clients.
4. Costs and benefits of each proposed
1. The functionality and performance
system. The accountants on the design team
capabilities of each proposed system. An
will analyze the costs of every vendor’s
accounting system must be able to process
proposed system in relation to the system’s
an organization’s data and provide users
anticipated performance benefits. They will
with the outputs they need. Examples of
also consider the differences between
performance measures include the types of
purchasing and leasing each vendor’s
normal and customizable information the
system. If the steering committee elects to
system can provide, response time, and
purchase a system, the accountants should
maximal number of simultaneous online
then advise the committee on a realistic
users supported.
depreciation schedule for the new system.
2. Compatibility of each proposed system with
5. Maintainability of each proposed system.
existing systems. The new system must
Maintainability means the ease with which a
interface and work with existing computer
system can be modified. For example, a
hardware, software, and operating
flexible system enables a firm to alter a
procedures. In some instances, this comes
portion of a payroll system to reflect new
down to hardware issues—for example, it
federal tax laws. Because the costs of
may not be possible to run the new software
maintaining large systems are typically five
on the company’s older local area networks,
times as much as the costs of initially
which will consequently have to be
acquiring or developing a system, evaluators
upgraded. But compatibility issues can also
should emphasize this dimension in its
involve the operating system, existing
deliberations for custom-built systems.
application software, or operational
concerns—for example, requiring Making a Final Decision. If a company finds
employees to learn new procedures for several software packages that appear to satisfy
inputting data or generating reports. its needs, how should it decide on the best one?
3. Vendor stability and support. Vendor Two methods for this are (1) point scoring
support includes such things as (1) training analysis and (2) hands-on testing.
classes that familiarize employees with the
Point-Scoring Analysis. Figure below illustrates
operating characteristics of the new system,
an example of a point-scoring analysis for an
(2) help in implementing and testing the new
accounts-payable system. Here, an organization
system, (3) assistance in maintaining the
finds three independent vendors whose
new system through a maintenance
packages appear to satisfy current needs.
contract, (4) backup systems and
Because the cost to lease each vendor’s software
procedures, and (5) telephone assistance for
package is about the same, “cost” is not an issue
answering user questions. The availability of
in this selection process.
“business-hours-only” versus “round-the-
clock” support and the avail- ability of To perform a point-scoring analysis, the
domestic versus offshore customer support evaluation committee first assigns potential
are other considerations. Most vendors points to each of the selection criteria based on
its relative importance. In figure above, for Outsourcing
example, the committee feels that “adequate
An alternative to developing and installing
controls” (10 possible points) is more important
accounting information systems is to out- source
than whether users are satisfied with the
them. Outsourcing occurs when a company hires
software (8 possible points). After developing
an outside organization to handle all or part of
these selection criteria, the evaluation
the operations for a specific business function.
committee proceeds to rate each vendor or
Accounting tasks have long been a target for
package, awarding points as it deems fit. The
outsourcing, including accounts payable,
highest point total determines the winner. In
accounts receivable, payroll, general ledger,
figure above the evaluation indicates that
accounting for fixed assets, and financial
Vendor B’s accounts payable software package
reporting. Even preparing US income tax returns
has the highest total score (106 points) and the
are outsourced, typically to English-speaking
committee should therefore acquire this
countries such as India. Two popular types of
vendor’s system.
outsourcing are business process outsourcing
Although point-scoring analyses can provide an (BPO) and knowledge process outsourcing (KPO).
objective means of selecting a final system, many
Business Process Outsourcing (BPO). Business
experts believe that evaluating software is more
process outsourcing means contracting with
art than science. There are no absolute rules in
outside firms to perform such normal tasks as
the selection process, only guidelines for
preparing payrolls. Companies commonly sign
matching user needs with software capabilities.
such contracts for 5- to 10-year periods. The
This is one reason why user input in the selection
annual costs depend on the amount of
process is so important.
processing work required and range from
Hands-On Testing. Even after selecting a finalist, “thousands” to “millions” of dollars. However,
an organization might still be hesitant to commit. “outsourcing” does not necessarily mean
With hands-on testing, potential buyers “test “offshoring” as much of such business goes to
drive” a software package to further evaluate domestic consultants or data-processing
the system. Figure below provides a list of tests concerns.
that AIS shoppers can use for this purpose. Note
Knowledge Process Outsourcing (KPO).
especially benchmark testing.
Businesses have been outsourcing such
Selecting a Finalist. After each vendor presents processes as sales order processing for years.
its proposal and perhaps additional hands-on With knowledge process outsourcing (KPO), a
testing, the steering committee must make its business contracts with an outside company to
final selection. If a clear winner emerges from perform research or other knowledge-related
these activities, the organization can commence work. Four examples are (1) intellectual property
to the implementation stage. But it is also research related to developing and filing a patent
possible that none of the proposed systems is application, (2) data mining of consumer data,
satisfactory. At this point, the organization’s (3) preparing US tax returns, and (4) research
steering committee can (1) request the design related to medical drugs and biotechnology. The
team to obtain additional systems proposals growth of KPO has been high, with companies in
from other vendors, (2) abandon the project, or countries such as India and Ireland doing much
(3) consider outsourcing needed services. of the work.
IMPLEMENTATION, FOLLOW-UP, AND D. Train personnel. Both the implementation
MAINTENANCE team and computer vendors can help train
company employees to work with the new
Systems implementation is often called the
system, while seminars can acquaint other
“action phase” of a systems study because the
employees with the new system’s advantages
recommended changes from the prior analysis,
and capabilities. Vendors may provide technical
design, and development work are now put into
training for free, or at reduced costs, to
operation. Alternatively, the organization
corporate users as incentives to use their
commits to, and now must implement, a new
products.
system.
E. Acquire and install computer equipment.
Systems implementation can be a stressful time.
After preparing the physical site location for the
As the time draws near for installing the new
new computer system, the company must
software, end users and clerical personnel
acquire computer equipment such as
become nervous about their jobs, middle
microcomputers, web servers, routers, modems,
managers wonder if the new system will deliver
and printers from outside vendors.
the benefits as promised, and top managers
become impatient if installations run longer than F. Establish internal controls. Organizations
anticipated or go over budget. Even if an must install control procedures that safeguard
organization does a perfect job of analyzing, its assets, ensure the accuracy and reliability of
designing, and developing a new system, the accounting data, promote operating efficiency,
entire project can fail if its implementation is and encourage employee compliance with
poor. prescribed managerial policies. Again, these
controls should be built into a system rather than
Implementation Activities
added later.
Implementing a new accounting information
G. Convert data files. When converting to a new
system involves many tasks that will vary in
system, an organization may have to convert its
number and complexity depending on the scale
data files to alternate, more-useful formats. This
of the system and the development approach.
activity is also common when merging two
Some of the steps that may be involved are:
systems—for example, when consolidating
A. Prepare the physical site. An organization formerly separate divisions of a company or
must have physical space for any new hardware merging the systems from two separate
and personnel. companies into one.
SUMMARY
Finally, a company can use social media for Perhaps the most obvious benefit of XBRL is the
monitoring purposes—for example, to gauge ability to transmit financial information in a
the effectiveness of a new ad campaign or to standard format. This facilitates communications
assess customer feelings about the company between suppliers and their buyers, companies
itself. Similarly, when accounting firms offer and their shippers, and even retailers and their
new services, they can now scan social media customers. The same standardization applies to
sites in search of honest reactions to the new financial filings. Another important advantage of
offerings. Organizations can also hire outside XBRL is that it defines data items uniquely.
firms to perform such monitoring for them. In Consider, for example, how a spreadsheet stores
total, experts suggest that businesses are just financial information. The only way we know
beginning to tap the value stored in social that a particular number in a spreadsheet is, say,
media commentary. “net revenue” is because we also see a label that
identifies it as such. Move the number
4. XBRL—FINANCIAL REPORTING ON THE
somewhere else in the spreadsheet and you also
INTERNET
lose its meaning. In contrast, a “net revenue”
While the Internet supports general financial figure remains “net revenue” no matter where it
reporting, exchanging financial information appears in XBRL instance documents as long as it
between trading partners often requires more remains within its tags. It is for this reason that
detailed specifications. XML, or eXtensible some experts predict that some accounting
Markup Language, is similar to HTML in that it systems will begin collecting and storing their
also uses tags to format data. But there are two data in XBRL formats, redefining XBRL as a
important differences between HTML and XML. formatting language as much as a reporting
One is that XML tags are “extensible,” allowing language. XBRL’s standardized tags also make
users to define their own tags. The other searching for items in XBRL financial documents
difference is that the XML tags actually describe relatively easy. If you know the standard tag for
the data rather than simply indicate how to an item of interest, you can unambiguously find
display it. and extract the information from those
documents. In business environments, the term
The XBRL International Consortium creates XBRL semantic meaning refers to the fact that the
standards that anyone can use, license-free. In
financial data are related to one another through perform e-business over the Internet, but
such formulas as “Assets = Liabilities + Equity.” businesses can also use virtual private networks
An additional advantage of XBRL is its ability to (VPNs) or proprietary data trans- mission lines.
express such relationships in formulas, thereby
Some general categories of electronic business
making the data self-checking. This is important
are (1) e-accounting, (2) retail sales, (3) e-
because organizations often need to transmit
payments and e-wallets, (4) electronic data
financial data to others, and XBRL provides a
interchange, and (5) a variety of cloud-
means of internal control.
computing services, each of which we examine
Companies using XBRL-enabled software can briefly in the paragraphs that follow.
save their financial information in standard XBRL
5.1. e-Accounting
format, thus avoiding the errors that may come
from reentering data multiple times from The term e-accounting means performing
multiple sources. Companies can then directly accounting functions on the Internet. This
upload their business information in this format includes normal accounting tasks such as
onto their websites, avoiding costly rekeying processing payroll or accounts receivable data,
costs. Another advantage is that XBRL permits as well as preparing financial reports or
the automatic and reliable exchange of financial completing income tax returns using online
information across all software platforms and software. Often the web server is not even in the
technologies, including the Internet. Thus, same country as the user but in Ireland or India
anyone interested in comparing the cash and instead of the United States or Canada. At the
cash equivalents of several companies can personal level, e-accounting allows users to
search for the data and export it to a perform familiar accounting tasks such as
spreadsheet for analysis purposes. preparing budgets or writing reports that others
can see and modify as desired. The application
XBRL also has several disadvantages. Perhaps the
moves online, allowing users to share files that
most important is the fact that a common
formerly had to be emailed. Hybrid versions of
reporting language requires its users to learn,
such processes are also possible, in which users
and conform to, the standards of that language.
retain complete control of sensitive data, but
Usually, accountants achieve this task by
who use the newest and most robust versions of
acquiring software that can output data in XBRL
online software for processing tasks. An
formats. Another problem is that evolving XBRL
additional accounting use of the Internet is as a
standards require users to conform to changing
medium for publishing accounting documents
specifications—a drawback, for example, that
such as financial statements. Posting financial
may require organizations to update their
information on the web is relatively fast and
accounting software more often. A third concern
inexpensive, compared to printing and mailing
is that, at present, there is no requirement for
them. Such information can also be revised,
auditors to provide assurance on the XBRL filings.
replaced, or deleted easily and quickly.
Finally, the transition to XBRL reporting is not
without costs.
Companies that access specialized software One of the most important types of cloud
(e.g., tax- preparation applications) on the computing is creating and maintaining copies of
critical data and files for both individuals and greatest weakness—vulnerability. This means
organizations. Vendors include Amazon, that someone who poses as an authorized user
Backblaze, Carbonite, Drop Box, SkyDrive, may be able to access any email, web page, or
JungleDisk, and Mozy. Most of these vendors computer file that an authorized user can access
provide low cost, and even free, backup services on the Internet. This section of the chapter
for individual customers. In commercial, fee-for- discusses Internet privacy and security in detail.
service settings, most backups are synchronized
6.1. Identity Theft and Privacy
and therefore occur at the same time a
computerized system gathers and stores the Identity theft refers to crimes in which someone
original data, thereby creating mirror, off-site uses another person’s personal identification
copies of vital accounting data. Additional, and (credit card, social security card, or similar
usually optional, services for home computing identifier) in some way that involves fraud or
applications include encryption, fixed-time deception (usually for economic benefit). The
backup schedules, expandable storage options, most common complaint related to identity theft
and Mac computer support. is credit card fraud.
Educational Services A related issue is personal privacy. Businesses
need to protect the payroll data they send to
You probably already use such web search
service providers electronically. Online shoppers
engines as Google or Bing to answer personal
want to know that their privacy is protected.
questions of interest. Professional accountants
None of us wants our emails read by hackers. But
do the same thing, using these same engines to
all these needs often conflict with other
answer asset classification, depreciation, or tax
objectives. For example, managers feel they
questions. In addition, the Internet provides a
have the right to view all the email messages of
host of specialized educational services. One
employees who use company computers during
category is “software tutorials.” For example,
working hours, and companies doing business on
you can find explanations and videos explaining
the web are sometimes hard pressed not to use
how to perform a wide variety of spreadsheet
the wealth of data that online shoppers provide
tasks by searching the term “Excel Tutorials.”
them. Most websites accessed by online users
Similar tutorials also explain how to use
collect personal information. What they collect
Microsoft Access, complete specific tax forms, or
and how they use it are dictated by their privacy
create PowerPoint presentations. Another
policies. Because businesses vary widely in the
category of online educational services is
amount of privacy protection for customers, it is
complete degree programs—i.e., institutions of
important to read a company’s policy statements
higher education that offer online courses of
carefully. State governments, prompted by
study leading to accounting degrees. You can
concerns over consumer privacy rights,
earn an associate’s degree, bachelor’s degree,
particularly in the financial and health care
and even a master’s of science degree in
industries, are introducing a variety of privacy
accounting through such “distance-learning”
legislation. Groups such as the Electronic
offerings. A partial listing of them may be found
Frontier Foundation and the Online Privacy
at eLearners.com.
Alliance are also working to protect the privacy
6. PRIVACY AND SECURITY ON THE INTERNET of data transmitted over the Internet.
The most important advantage of the Internet While companies need strong preventive
and World Wide Web—accessibility—is also its controls to help protect customer information,
individuals should also exercise reasonable that provides you physical access to information
caution in protecting their personal information. or a restricted area. Examples are your ATM
Unscrupulous individuals, posing as a company card, debit card, or employee card that gives you
or bank employee, might call or send email access to certain premises.
messages to solicit personal information. To
What you know refers to unique information you
protect yourself, be skeptical. If you are
possess, such as a password or your mother’s
uncertain about the authenticity of a request for
maiden name. You can authenticate who you are
personal information, ask the person to send the
with a unique physical characteristic such as your
request in writing on company letterhead. If you
fingerprint or the pattern of the retina in your
question the authenticity of a particular website,
eye. As you might guess, using security that
do more research on the company before
forces a user to prove who they are is the highest
purchasing goods or services through it—
level of authentication. Two-factor
especially if you must give your credit card
authentication (TFA) systems require a
number. Social media also pose interesting
combination of authentication techniques—for
privacy concerns because what you post online
example, requiring both your debit card and your
is neither private nor retractable. Moreover,
password to withdraw cash from an ATM.
employers often check postings on social
networking sites in search of “red flags”—for 6.3. Spam and Phishing
example, substance abuse, large amounts of
debt, criminal activity, or membership in A current Internet problem is the increasing
fanatical groups. Organizations use all this amount of spam—those annoying, unsolicited
information to help them evaluate employees or email messages that clog your email inbox.
disqualify job applicants. Like it or not, managers However, spam is more than a simple bother—it
regularly screen the postings of their is distracting, often illegal, and increasingly
subordinates, and more than one person has lost costly to organizations. AOL and Microsoft, two
his or her job by accidentally posting candid and of the biggest Internet service providers,
offensive materials that the boss could see. estimate that they each block over 2 billion spam
emails per day.
6.2. Security