Professional Documents
Culture Documents
One basic function of AIS is to provide information which is useful for decision-making
purpose. Information produced by AIS, which includes financial statements, management
reports, etc. must provide an accurate, complete and timely picture of the organisation’s
activities. To provide this type of information, Accounting Information Systems must be
reliable.
i. Confidentiality
“Encryption: Process of transforming normal text, called plain text, into unreadable
gibberish, called cipher text. It is important particularly when confidential data is
being transmitted from remote terminals because data transmission lines can be
electronically be monitored without user’s knowledge”
ii. Privacy
Integrity of the system to ensure that processing is complete, accurate, timely, and
authorized. Data is accurately and completely processed in a timely manner.
Controls which can be used include: (source data controls)
Form designs
Cancellation and storage of documents
Authorisation and segregation of duties
Scanning (visual)
Data matching
File labels
Batch totals
Reviews and reconciliations, etc.
iv. Availability
How to control:
v. Security
Security of the system against unauthorized physical and logical access. It is the
most important of all principles. Information security is the foundation of system’s
reliability
Security procedures reserve system access to authorised users only hence
protecting the confidentiality of sensitive organizational data and the
privacy of the personal identifying information collected from customers
Security procedures provide for processing integrity by preventing
submission of unauthorised or fictitious transactions as well as
unauthorized change to stored data and programs.
Security procedures provide protection against a variety of attacks such as
viruses, and worms hence ensuring that the system is available
Given this introduction, one will pause and ask whether we need controls in AIS
Before dwelling on control for AIS, we must recognize the fact that controlling is one
of the primary functions performed by the managers. And the application of the controls
in any systems is like that in management functions.
In systems, the major reason for controls are:
a. To provide reasonable assurance that the goal of each system are being achieved
b. To mitigate (alleviate/lessen/ease) the risk the organisation will be exposed to some
type of harm, danger or loss.
c. To provide reasonable assurance that certain legal obligations are being met.
i. Erroneous Record-keeping
Recording of transactions contrary to established accounting principles
Caused by incomplete or inaccurate processing of transactions
ii. Unacceptable accounting
Establishment/implementation of accounting policies that are not generally
acceptable or inappropriate to the circumstances
Caused by improper interpretation or wilful disregard of IFRS or other sets
of accounting standards
iii. Fraud and embezzlement
May be perpetrated at different levels (against management or by
management)
Caused by direct misappropriation of funds or by deliberate communication
of misinformation to management/investors
Unintentional loss of physical resources (cash, etc.)
Due to lack of adequate safeguards of resources.
iv. Business interruption
v. Erroneous management decisions
vi. Statutory sanctions
vii. Excessive costs e.g. unnecessary expenses involves in running organisation caused
by failure to approved limit of expenditure.
viii. Loss or destruction of resources
ix. Competitive disadvantages
Hence organisations need to adopt internal control policies and procedures to ensure that
systems (AIS) achieve its objectives or mitigate the risks to the system. i.e. to maintain accurate
information and reliable operations.
Internal Controls
What are internal controls?
The users of accounting information rely on the accuracy of the system's reports and displays.
Organisations adopt internal control policies and procedures to maintain accurate information
and reliable operations. Internal control is a process, effected by an entity's board of directors,
management and other personnel, designed to provide reasonable assurance regarding the
achievement of objectives in the following categories:
ii. People - make internal controls work. Management, board of directors and
accountants. Accountants by participating in system design help to create internal
control
iii. Objectives
a. Safeguarding assets
b. Ensuring accurate and reliable accounting data
The above are important to accountants and hence, accounting controls
c. Promoting operational efficiency
d. Encouraging managers to follow management policies
The above are important to managers and hence administrative controls
It is a CRIME not to have good internal controls, therefore to have good internal controls
we would see:
1. Control Activities
These are policies and procedures that management adopts to provide reasonable assurance
that management directives are carried out. They help ensure that actions are taken to address
risks to the achievement of the organization's objectives. ACCA MAPS [Mnemonic].
Management's process of identifying and analysing the risks that might prevent the
organization from achieving its objectives. If the entity has robust procedures for assessing the
business risks it faces, the risk of misstatement or fraud will be low.
1
Committee of Sponsoring Organizations of the Treadway Commission
Risks includes:
1. Competition
2. Economic or technological change
3. Government regulation
4. Natural catastrophes
5. Risks from internal factors
The information system is the set of formal procedures by which data are collected, processed
into information, and distributed to users. The system accepts input, called transactions, which
are converted through various processes into output information that goes to users.
Good communication system is crucial for efficient financial control systems, transaction
cycles, application controls and general controls.
Control Implications of Manual Systems - weaknesses (the bad news about manual
systems)
Manual systems are operated by people and are therefore more prone to simple errors
and mistakes
Information is transferred from document to document leading to misposting or other
transcription errors
Controls can be more easily bypassed, ignored or overridden
Control Implications of manual systems - strengths (the good news about manual systems
is that they are better at:)
Consistent processing
Accurate calculation
Capacity to handle high volumes
4. Monitoring of controls
A component that assesses the quality of internal control performance over time. If a control is
either ineffective or simply does not function (permanent supervision and special evaluation).
5. Control Environment
Sets the tone for the organisation. Management should have the right attitude. Base for all other
components and creates conditions (discipline and structure) for efficient controls. The control
environment is defined in ISA 315 as being made up of:
Accounting Manual
A manual that contains pertinent accounting rules and other information for a business or
organization. Accounting manuals can contain guidelines for various policies and procedures.
They also often specify organizational rules and standards for corporate accounts.
The classification of the various types of accounts used by a company or organization is
frequently referred to as a chart of accounts. This chart is also usually included in an
accounting manual. These manuals will differ from one organization to another depending on
the type and size of the organization.