The Information System: An organization, is reflected in its accounts and is
measured in monetary terms.
Accountant’s Perspective
Terms:
Information is a business resource.
Operations management directly responsible for
controlling day-to-day operations.
Middle management accountable for short-term
planning and coordinating activities to
accomplish organizational objectives.
Top management responsible for longer-term
planning and setting organizational objectives
Information Objectives:
The goal of an information system is to support:
• The firm’s day to day operations
• Management decision making
• The stewardship function of management.
An Information Systems Framework
The information system is the set of formal
procedures by which data are collected,
processed into information, and distributed to
users.
A transaction is an event that affects or is of
interest to the organization and is processed by
its information system as a unit of work.
A financial transaction is an economic event
that affect the assets and equities of the
General ledger/financial reporting system
(GL/FRS) takes information from the TPS
and other input and:
A nonfinancial transaction is an event that
doesn’t meet the definition of a financial • Updates general ledger control accounts.
transaction.
• Handles nondiscretionary reporting
Accounting information system (AIS) requirements.
processes financial and some nonfinancial
Management reporting system (MRS)
transactions. Three subsections:
provides the internal
1. Transaction processing system (TPS)
information needed to manage a business and
which supports daily business operations.
handles discretionary reporting.
2. General ledger/financial reporting system
A General Model for AIS
(GL/FRS) which produces reports.
End users fall into two groups:
3. Management reporting system (MRS)
which provides information for decision • External users include creditors,
making. stockholders, government agencies, suppliers
and customers.
Management information system (MIS)
processes nonfinancial transactions not • Internal users include management and
processed by the AIS. operations personnel.
AIS SUBSYSTEM Distributes essential financial information to
support operations.
Transaction Processing System (TPS)
Data are facts which may or may not be
• Converts economic events into financial
processed and have no direct effect on a user’s
transactions.
actions.
• Records financial transactions in the
Information causes a user to take an action that
accounting records
would otherwise not have been taken.
• Distributes essential financial information to
Data sources are financial transactions that
support operations.
enter the information system for internal or
external sources.
The levels in the data hierarchy:
Data Attribute is the most elemental piece of
potentially useful data in the database.
Record is a complete set of attributes for a
single occurrence within an entity class.
File (or table) is a complete set of records of an
identical class.
Database management involves three
fundamental tasks: storage, retrieval and
deletion.
Operational Stages in the Information
System:
• Data collection
• First operational stage in the information
system. The objective is to ensure data are
valid, complete and free from material errors.
• Only relevant data should be captured.
• Efficient collection procedures designed to
collect data only once.
• Data processing tasks range from simple to
complex.
The organization’s database is its physical
repository for financial and nonfinancial data.
(Term could apply to a filing cabinet or
computer disk.)
• Information generation is the process of
compiling, arranging, formatting, and
presenting information to users.
Regardless of physical form, useful information
has:
Relevance: Content must serve a purpose.
Reliability: When it gives same repeated result
Timeliness: No older than time frame of
supported action.
Accuracy: Free from material errors.
Completeness: All essential information is
present.
Summarization: Aggregated for the user’s
needs.
Feedback is a form of output sent back to the
system as a source of data.
The Accounting Function
Accounting manages the financial resource of
the firm:
• Captures and records transactions
• Distributes transaction information to
operations personnel.
Value of information is determined by its
• Relevance
• Reliability
• Timeliness
• Accuracy
• Completeness
• Summarization
Unreliable information has no value.
Information reliability requires accounting
independence.
Accounting activities must be separate and
independent of the functional areas maintaining
custody of resources.
Accounting supports these functions with
information but does not participate in the
physical activities.
Information Technology
Systems Development is the process
organizations use to acquire information
systems. It can be purchased or built from
scratch.
Commercial software available for general
accounting and industry specific applications.
Sometimes called turnkey systems because can
be implemented with little modification.
Custom software is developed through a
formal process called the system development
life cycle. Requires an in-house team of
qualified individuals.
Systems maintenance may be trivial or
significant. Between 80% - 90% of system’s
total cost may be incurred because of
maintenance activities.
 The Role of Accountants in AIS
IT professionals determine the most economical
and effective technologies for the physical
system, including data storage.
Accountants play a prominent role on system
development teams as domain experts,
responsible for many aspects of the
conceptual system including specifying rules,
reporting requirements and internal control
objectives.
Types of Audits in AIS
External audit is an independent attestation
and opinion (audit report) regarding financial
statement presentation.
Requires auditors (independent CPAs) to test
internal controls and perform substantive tests
of data.
Critical element is auditor independence,
which means the auditor is free from factors
that might influence the audit report.
Prior to SOX, accounting firms were permitted
to provide both advisory and attest services to
clients.
SOX legislation restricts non-audit services that
auditors may provide and prohibits auditors
from providing these services:
• Other accounting services including
bookkeeping, financial information systems
design and implementation, appraisal or
valuation, actuarial, and internal audit
outsourcing.
• Management or human resources, broker or
dealer, investment adviser, or investment
banking services.
• Legal services and expert services unrelated to
the audit.
• Any other service that the Board determines,
by regulation, is impermissible.
Internal auditing is an independent appraisal
function within an organization to examine and
evaluate activities. External auditors represent
outsiders and internal auditors represent the
interests of the organization.
Fraud audits have increased in popularity as a
corporate governance tool.
It may be initiated by managers to investigate
employees or the board to investigate
management.
Audit Committees serves an independent
“check and balance” for internal audit functions
and a liaison with external auditors. Usually
three people, one of which must be a “financial
expert”.
Ethical Issues in Business
Computer ethics analyzes the social impact of
computer technology and formulation and
justification of policies for the ethical use of
technology.
Para computer ethics involves taking an interest
in computer ethics cases and acquiring some
level of skill and knowledge in the field.
Issues of concern include:
• Privacy and ownership in the personal
information industry.
• Security involving accuracy and
confidentiality.
• What can an individual or organization own?
• Equity of access issues related to economic
status, culture and safety.
• Environmental issues, artificial intelligence,
unemployment and displacement and computer
misuse.
Sarbanes-Oxley Act (SOX) Section 406
requires public companies to disclose to the
SEC if they have a code of ethics that applies to
the CEO, CFO and controller.
If a company does not have a code, it must
explain why.
Compliance with 406 requires a code of
ethics that addresses:
• Procedures for dealing with conflicts of
interest.
• Full and fair disclosures to ensure candid,
open, truthful disclosures
• Requiring employees to follow applicable
laws, rules and regulations.
• A mechanism to permit prompt internal
reporting of ethical violations.
• Taking appropriate actions when code
violations occur.
Fraud and Accountants
The Fraud Triangle factors that contribute to
fraud:
• Situational pressures that coerce an individual
to act dishonestly.
• Opportunity through direct access to assets.
• Rationalization (Ethics) which relate to one’s
character and moral compass.
Fraud losses equal 5% of revenue. Actual cost
difficult to quantify and do not include indirect
losses.
Most frauds are committed by employees than
managers, the losses are much higher for
managers and owners.
Collusion in the commission of a fraud is
difficult to prevent and detect.
Internal Control Concept and Techniques
The internal control system consists of
policies, practices and procedures to achieve
four broad objectives:
Safeguard assets of the firm.
Ensure accuracy and reliability of accounting
records and information.
Promote efficiency of the firm’s operations.
Measure compliance with management’s
prescribed policies and procedures.
Modifying Assumptions to the Internal
Control Objectives:
Management Responsibility
The establishment and maintenance of a system
of internal control is the responsibility of
management.
Reasonable Assurance
Cost of achieving objectives should not
outweigh the benefits.
Methods of Data Processing
Control techniques vary with different types of
technology.
Limitations
These include (1) possibility of error, (2)
circumvention, (3) management override and
(4) changing conditions.
The absence or weakness of a control is an
exposure:
May result in asset destruction or theft and
corruption or disruption of the information
system.
Preventive controls are passive techniques
designed to reduce undesirable events by
forcing compliance with prescribed or desired
actions. Preventing errors and fraud is more
cost-effective than detecting and correcting
them.
Detective controls are designed to identify
undesirable events that elude preventive
controls.
Corrective controls are actions taken to reverse
the effects of errors detected.
Public company management responsibilities
are codified in Sections 302 and 404 of SOX:
Section 302 requires management to certify
organization’s internal controls on a quarterly
and annual basis.
Section 404 requires management to assess
internal control effectiveness.
The control environment sets the tone for the
organization and influences control awareness.
COSO internal control framework five
components:
Organizations must perform a risk assessment
to identify, analyze and manage financial
reporting risks.
The quality of information the AIS generates
impacts management’s ability to take actions
and make decisions.
An effective system records all valid
transactions and provides timely and accurate
information.
Monitoring is the process by which the quality
of internal control design and operations can be
assessed.
Control activities are policies and procedures
to ensure appropriate actions are taken to deal
with identified risks.
IT controls relate to the computer environment:
• General control pertains to entity-wide IT
concerns.
• Application controls ensure the integrity of
specific systems.
Physical controls relate to human activities:
• Transaction authorization is to ensure all
material transactions processed are valid.
• Segregation of duties controls are designed to
minimize incompatible functions including
separating: (1) transaction authorization and
processing and (2) asset custody and record-
keeping. Successful fraud must require
collusion.
• Supervision is a compensating control in
organizations too small for sufficient
segregation of duties.
Discussion on IT Application Controls:
IT application controls are associated with
applications.
• Input control (edits) perform tests on
transactions to ensure they are free from errors.
* Check digit is a control digit(s) that is added • Batch controls manage the flow of high-
to the data code when originally assigned. volume transactions and reconcile system
Allows integrity to be established during output with original input.
processing and helps prevent two common
• Run-to-run controls monitor batch from one
errors
process to another.
*Transcription errors occur when (1) extra
• Output controls are procedures to ensure
digits are added to a code, (2) a digit is omitted
output is not lost, misdirected or corrupted and
from a code, or (3) a digit is recorded
that privacy is not violated. This can cause
incorrectly.
disruption, financial loss and litigation.
* Transposition errors occur when digits are
* Controlling hard-copy output:
reversed.
**Output data can become backlogged
* Missing data check identifies blank or
(spooling) requiring an intermediate output file
incomplete input fields.
in the printing process.
* Numeric-alphabetic check identifies data in
**Proper access and backup procedures must be
the wrong form.
in place to protect these files.
* Limit checks identify fields that exceed
* Print programs controls should be designed to
authorized limits.
prevent unauthorized copies and employee
* Range checks verify that all amounts fall browsing of sensitive data.
within an acceptable range.
* Sensitive computer waste should be shredded
* Reasonableness checks verify that amounts for protection.
that have based limit and range checks are
* Report distribution must be controlled.
reasonable.
* End-user should examine reports for
* Validity checks compare actual fields against
correctness, report errors and maintain report
acceptable values.
security
• Processing controls are programmed
procedures to ensure an application’s logic is
functioning properly.
Discussions on Physical Controls GFS (grandfather-father-son) backup is used
with systems that use sequential master files.
Physical controls relate to human activities:
The destructive update approach leaves no
• Accounting records consist of source
backup copy and requires a special recovery
documents, journals and ledgers which capture
program if data is destroyed or corrupted.
economic essence and provide an audit trail.
Real-time systems schedule backups at
• Access controls ensure that only authorized
specified daily intervals
personnel have access to firm assets.
• Independent verification procedures are
checks to identify errors and misrepresentations.
Management can assess (1) individual
performance, (2) system integrity and (3) data
correctness. Includes:
* Reconciling batch totals during transaction
processing.
* Comparing physical assets with accounting
records.
* Reconciling subsidiary accounts with control
accounts.
* Reviewing
Audit trail controls ensure every transaction
can be traced through each stage to processing
from source to financial statements.
Every transaction the system processes,
including automatic ones, should be recorded
on a transaction log.
Master file backup controls may be viewed as
either a general control or an application
control.
 Introduction to Transaction
Processing
What is Transaction Processing?
An economic event that affects the assets and
equities of the firm, is reflected in its accounts,
and is measured in monetary terms.
Is an activity consisting of three major
subsystems called cycles: the revenue cycle, the
expenditure cycle, and the conversion cycle.
Example includes…
• Sales of goods or services
• Purchases of inventory
• Discharge of Financial Obligations
• Receipts of cash
• Depreciation of PPE, Application of Labor,
Raw Material, overhead to the Production
Process and Transfer of inventory from one
department to another
Transaction Cycles
1. incurs expenditures in exchange for resources
(expenditure cycle),
2. provides value added through its products or
services (conversion cycle), and
3. receives revenue from outside sources
(revenue cycle)
Expenditure Cycle
Business activities begin with the acquisition of
materials, property, and labor in exchange for
cash
Purchase/ Accounts Payable System
This system recognizes the need to acquire
physical inventory (such as raw materials) and
places an order with the vendor. When the
goods are received, the purchases system
records the event by increasing inventory and
establishing an account payable to be paid at a
later date.
Cash Disbursement System
When the obligation created in the purchases
system is due, the cash disbursements system
authorizes the payment, disburses the funds to
the vendor, and records the transaction by
reducing the cash and accounts payable
accounts.
Payroll System
Collects labor usage data for each employee,
computes the payroll, and disburses paychecks
to the employees.
Fixed Asset
These are relatively permanent items that
collectively often represent the organization’s
largest financial investment.
Examples of fixed assets include land,
buildings, furniture, machinery, and motor
vehicles.
Conversion Cycle
This includes determining raw material
requirements, authorizing the work to be
performed and the release of raw materials into
production, and directing the movement of the
work-in-process through its various stages of
manufacturing
Production System
Involves the planning, scheduling, and
control of the physical product through the
manufacturing process
Cost Accounting System
Monitors the flow of cost information related to
production.
Revenue Cycle
Firms sell their finished goods to customers.
Sales Order Processing
The majority of business sales are made on
credit and involve tasks such as preparing sales
orders, granting credit, shipping products (or
rendering of a service) to the customer, billing
customers, and recording the transaction in the
accounts (accounts receivable, inventory,
expenses, and sales).
Accounting Records
 Manual System
This section describes the purpose of each type
of accounting record used in transaction cycles.
We begin with traditional records used in
manual systems (documents, journals, and
ledgers) and then examine their magnetic
counterparts in computer-based systems
Documents
A document provides evidence of an economic
event and may be used to initiate transaction
processing. Some documents are a result of
transaction processing. In this section, we discu
ss three types of documents: source documents,
product documents, and turnaround documents.
Product Documents
Are the result of transaction processing rather
than the triggering mechanism for the process.
For example, a payroll check to an employee is
a product document of the payroll system.
Turnaround Documents
Are product documents of one system that
become source documents for another system.
Journal
A record of a chronological entry. At some
point in the transaction process, when all
relevant facts about the transaction are known,
the event is recorded in a journal in
chronological order. Documents are the primary
source of data for journals.
Special Journals
Are used to record specific classes of
transactions that occur in high volume. Such
transactions can be grouped together in a special
journal and processed more efficiently than a
general journal permits.
Register
Used to denote certain types of special journals.
For example, the payroll journal is often called
the payroll register
General Journal
Firms use the general journal to record
nonrecurring, infrequent, and dissimilar
transactions. For example, we usually record
periodic depreciation and closing entries in the
general journal.
Ledger
Book of accounts that reflects the financial
effects of the firm’s transactions after they are
posted from the various journals. A ledger
indicates the increases, decreases, and current
balance of each account.
General Ledger
Summarizes the activity for each of the
organization’s accounts. The general ledger
department updates these records journal
vouchers prepared from special and other
sources located throughout the organization
Subsidiary Ledgers
Kept in various accounting departments of the
firm, including inventory, accounts payable,
payroll, and accounts receivable. This
separation provides better control and support
of operations.
Audit Trail
For tracing transactions from source documents
to the financial statements. Of the many
purposes of the audit trail, most important to
accountants is the year-end audit.
Computer Based System
Types of Files - Audit trails in computer-based
systems are less observable than in traditional
manual systems, but they still exist. Accounting
records in computer-based systems are
represented by four different types of magnetic
files: master files, transaction files, reference
files, and archive files.
Transaction File
Is a temporary file of transaction records used to
change or update data in a master file. Sales
orders, inventory receipts, and cash receipts are
examples of transaction files.
Reference File
Stores data that are used as standards for
processing transactions. For example, the
payroll program may refer to a tax table to
calculate the proper amount of withholding
taxes for payroll transactions.
Archive File
Contains records of past transactions that are
retained for future reference. These transactions
form an important part of the audit trail.
Archive files include journals, prior period
payroll information, lists of former employees,
records of accounts written off, and prior-period
ledgers.
Digital Audit Trail
1. Compare the accounts receivable balance in
the balance sheet with the master file AR
control account balance.
2. Reconcile the AR control figure with the AR
subsidiary account total.
3. Select a sample of update entries made to
accounts in the AR subsidiary ledger and trace
these transactions in the sales journal (archive
file).
4. From these journal entries, identify specific
source documents that can be pulled from their
files and verified. If necessary, the auditor can
confirm the accuracy and propriety of these
source documents by contacting the customers
in question.
Documentation Techniques
The old saying that a picture is worth a
thousand words is very applicable when it
comes to documenting systems. A written
description of a system can be wordy and
difficult to follow.
Data Flow Diagram
Uses symbols to represent the entities,
processes, data flows, and data stores that
pertain to a system.
Entity Relationship Diagram
Is a documentation technique used to represent
the relationship between entities. Entities are
physical resources (automobiles, cash, or
inventory), events (ordering inventory,
receiving cash, shipping goods), and agents
(salesperson, customer, or vendor) about which
the organization wishes to capture data.
System Flowchart
Is the graphical representation of the physical
relationships among key elements of a system.
These elements may include organizational
departments, manual activities, computer
programs, hard-copy accounting records
(documents, journals, ledgers, and files), and
digital records (reference files, transaction files,
archive files, and master files).
Flowcharting Manual Activities
•A clerk in the sales department receives a hard-
copy customer order by mail and manually
prepares four hard copies of a sales order.
• The clerk sends Copy 1 of the sales order to
the credit department for approval. The other
three copies and the original customer order are
filed temporarily, pending credit approval.
•The credit department clerk validates the
customer’s order against hard-copy credit
records kept in the credit department. The clerk
signs Copy 1 to signify approval and returns it
to the sales clerk.
• When the sales clerk receives credit approval,
he or she files Copy 1 and the customer order in
the department. The clerk sends Copy 2 to the
warehouse and Copies 3 and 4 to the shipping
department
• The warehouse clerk picks the products from
the shelves, records the transfer in the hardcopy
stock records, and sends the products and Copy
2 to the shipping department.
•The shipping department receives Copy 2 and
the goods from the warehouse, attaches Copy 2
as a packing slip, and ships the goods to the
customer. Finally, the clerk files Copies 3 and 4
in the shipping department.
Rules to be Observed
• The flowchart should be labeled to clearly
identify the system that it represents.
• The correct symbols should be used to
represent the various entities in the system.
• All symbols on the flowchart should be
labeled.
•Lines should have arrowheads to clearly show Mnemonic Codes are alphabetic characters in
the process flow and sequence of events. the form of acronyms and other combinations
that convey meaning.
•If complex processes need additional
explanation for clarity, a text description should
be included on the flowchart or in an attached
document referenced by the flowchart
Batch Processing
Permits the efficient management of a large
volume of transactions. A batch is a group of
similar transactions (such as sales orders) that
are accumulated over time and then processed
together.
Difference between Batch and Real-Time
System
Batch systems assemble transactions into
groups for processing.
Real-time systems process transactions
individually at the moment the event occurs
Numeric and Alphabetic Coding Scheme
Sequential Codes represent items in some
sequential order (ascending or descending).
Numeric Block Codes represent whole classes
of items by restricting each class to a specific
range within the coding scheme.
Alphabetic Codes may be assigned
sequentially (in alphabetic order) or may be
used in block and group coding techniques.
 Ethics, Fraud, and Internal
Control
Ethical issues in Business
•Ethical standards –derived from social mores
and deep-rooted personal beliefs about issues of
right and wrong that are not universally agreed
upon.
Business Ethics
• Why should we be concerned about ethics in
the business world?
• Ethics – the principles of conduct that
individual use in making choices and guiding
their behavior in situations that involve the
concept of right and wrong.
• Ethics are needed when conflicts arise—the
need to choose
• In business, conflicts may arise between
• Employees
• Management
• Stakeholders
• Litigation
•Business ethics involves finding the answers to
two questions: •How do managers decide on
what is right in conducting their business? •
Once managers have recognized what is right,
how do they achieve it?
Making Ethical Decisions Whistle-Blowing
• Proportionality. The benefit of the decisions Honesty
must outweigh the risks. Furthermore, there
Employee and Management Conflicts of
must be no alternative decision that provides the
Interest
same or greater benefit with less risk.
Security of Organization Data and Records
• Justice. The benefits of the decisions should
be distributed fairly to those who share risks. Misleading Advertising
Those who do not benefit should not carry the
burden of risk. Questionable Business Practices in Foreign
Countries
• Minimize risk. Even if judged acceptable by
the principles, the decision should be Accurate Reporting of Shareholder Interests
implemented so as to minimize all of the risk Exercise of Corporate Power
and avoid any unnecessary risks.
Political Action Committees
Four Main Areas of Business Ethics
Workplace Safety
Ethical Issues in Business
Product Safety
Equity
Environmental Issues
Executive Salaries
Divestment of Interests
Comparable Worth
Corporate Political Contributions
Product Pricing
Downsizing and Plant Closures
Rights
Computer Ethics
Corporate Due Process
• the analysis of the nature and social impact of
Employee Health Screening computer technology and the corresponding
formulation and justification of policies for the
Employee Privacy
ethical use of such technology.
Sexual Harassment
• concerns the social impact of computer
Diversity technology (hardware, software, and
telecommunications).
Equal Employment Opportunity
What are the main computer ethics issues?
• Privacy
• Security—accuracy and confidentiality
• Ownership of property
• Equity in access
• Environmental issues
• Artificial intelligence
• Unemployment and displacement
• Misuse of computer
Sarbanes – Oxley Act and Ethical Issues
• Sarbanes-Oxley Act (SOX), is the most
significant securities law since the Security and
Exchange Commission (SEC) Acts of 1933 and
1934. SOX has many provisions designed to
deal with specific problems relating to capital
markets, corporate governance, and the auditing
profession.
Section 406 – Code of Ethics for Senior
Financial Officers
• Conflict of Interest. The company’s code of
ethics should outline procedures for dealing
with actual or apparent conflicts of interest
between personal and professional relationship.
• Full and Fair Disclosures. This provisions
states that the organization should provide full,
fair, accurate, timely, and understandable
disclosure in the documents, reports, and
financial statements that it submits to the SEC
and to the public.
• Legal Compliance. Codes of ethics should
require employees to follow applicable
governmental laws, rules, and regulations.
• Internal Reporting of Code Violations. The
code of ethics must provide a mechanism to
permit prompt internal reporting of ethics
violations.
• Accountability. An effective ethics program
must take appropriate action when code
violations occur.
Fixed Assets
• Fraud –denotes a false representation of a
material fact made by one party to another party
with the intent to deceive and induce the other
party to justifiably rely on the fact to his or her
detriment.
• False representation – false statement or
disclosure
• Material fact – a fact must be substantial in
including someone to act
• Intent to deceive must exist
• The misrepresentation must have resulted
in justifiable reliance upon information, which
caused someone to act
• The misrepresentation must have
caused injury or loss
Auditor encounter fraud at two levels:
• Employee fraud –generally designed to
directly convert cash or other assets to the
employee’s personal benefit.
• Committed by non-management personnel
• Usually consists of: an employee taking cash
or other assets for personal gain by
circumventing a company’s system of internal
controls
• Involves three steps: stealing something of
value (an asset), converting the asset to a usable
form (cash), and concealing the crime to avoid
detection.
• Management fraud –more insidious than
employee fraud because it often escapes
detection until the organization has suffered
irreparable damage or loss.
• Perpetrated at levels of management above the
one to which internal control structure relates
• Frequently involves using financial statements
to create an illusion that an entity is more
healthy and prosperous than it actually is
• Involves misappropriation of assets, it
frequently is shrouded in a maze of complex
business transactions
The Fraud Triangle
• Consists of three factors that contribute to are
associated with management and employee
fraud:
• Situational pressure – includes personal or
job-related stresses that could coerce an
individual to act dishonestly.
• Opportunity – involves direct access to assets
and/or access to information that controls assets.
• Ethics – pertains to one’s character and degree
of moral opposition to acts of dishonesty
Enron, Worldcom, Adelphia Underlying
Problems
• Lack of Auditor Independence: auditing firms
also engaged by their clients to perform
nonaccounting activities
• Lack of Director Independence: directors who
serve on the boards of other companies, have a
business trading relationship, have a financial
relationship, have as stockholders or have
received personal loans, or have an operational
relationship as employees
• Questionable Executive Compensation
Schemes: short-term stock options as
compensation result in short-term strategies
aimed at driving up stock prices at the expense
of the firm’s long-term health
• Inappropriate Accounting Practices: a
characteristic common to many financial
statement fraud schemes.
• Enron made elaborate use of special purpose
entities
• WorldCom transferred transmission line costs
from current expense accounts to capital
accounts
Sarbanes – Oxley Act of 2002
• Its principal reforms pertain to:
• Creation of the Public Company Accounting
Oversight Board (PCAOB)
• Auditor independence –more separation
between a firm’s attestation and non-auditing
activities
• Corporate governance and responsibility –
audit committee members must be independent
and the audit committee must oversee the
external auditors
• Disclosure requirements –increase issuer and
management disclosure
• New federal crimes for the destruction of or
tampering with documents, securities fraud, and
actions against whistleblowers
Fraud Schemes
•Three categories of fraud schemes according to
the Association of Certified Fraud Examiners:
A. Fraudulent statements
• Misstating the financial statements to make
the copy appear better than it is
• Usually occurs as management fraud
• May be tied to focus on short-term financial
measures for success
• May also be related to management bonus
packages being tied to financial statements
B. Corruption
• Examples:
• Bribery
• Illegal gratuities
• Conflicts of interest
• Economic extortion
• Foreign Corrupt Practice Act of 1997:
• Indicative of corruption in business world
• Impacted accounting by requiring accurate
records and internal controls
C. Asset misappropriation
•Most common type of fraud and often occurs
as employee fraud
•Examples:
•Making charges to expense accounts to cover
theft of asset (especially cash)
•Lapping: using customer’s check from one
account to cover theft from a different account
•Transaction fraud: deleting, altering, or adding
false transactions to steal assets
• Skimming. Involves stealing cash from an
organization before it is recorded on the
organization’s books and records.
• Cash Larceny. Involves schemes in which
cash receipts are stolen from an organization
after they have been recorded in the
organization’s book and records.
• Billing Schemes. Also known as vendor fraud,
are perpetrated by employees who causes their
employer to issue a payment to a false supplier
or vendor by submitting invoices for fictitious
good or services, inflated invoices, or invoice
for personal purchases.
• Check tampering. involves forging or
changing in some material way a check that the
organization has written to a legitimate payee.
• Pay roll fraud. is the distribution of fraudulent
paychecks to existent and/ or nonexistent
employees.
• Expense reimbursement frauds. are schemes in
which an employee makes a claim for
reimbursement of fictitious or inflated business
expense.
• Thefts of cash. Are schemes that involve the
direct theft of cash on hand in o14rganization.
Computer Fraud Schemes
• Theft, misuse, or misappropriation of assets by
altering computerreadable records and files
• Theft, misuse, or misappropriation of assets by
altering logic of computer software
• Theft of illegal use of computer-readable
information
• Theft, corruption, illegal copying or
intentional destruction of software
• Theft, misuse, or misappropriation of
computer hardware
Data Collection Fraud
•This aspect of the system is the most
vulnerable because it is relatively easy to
change data as it is being entered into the
system.
•Also, the GIGO (garbage in, garbage out)
principle reminds us that if the input data is
inaccurate, processing will result in inaccurate
output.
Data Processing Fraud
•Program Frauds
•Altering programs to allow illegal access to
and/or manipulation of data files
•Destroying programs with a virus
•Operations Frauds
•Misuse of company computer resources, such
as using the computer for personal business
Data Management Fraud
•Altering, deleting, corrupting, destroying, or
stealing an organization’s data
•Oftentimes conducted by disgruntled or ex-
employee
Internal Control Objectives According to
AICPA SAS
1. Safeguard assets of the firm
2. Ensure accuracy and reliability of accounting
records and information
3. Promote efficiency of the firm’s operations
4. Measure compliance with management’s
prescribes policies and procedures
Information Generation Fraud
Stealing, misdirecting, or misusing computer
output
•Scavenging
• Searching through the trash cans on the
computer canter for discarded output (the output
should be shredded, but frequently in not)
Modifying Assumptions to the Internal
Control Objectives
• Management Responsibility The establishment
and maintenance of a system of internal control
is the responsibility of management.
• Reasonable Assurance the cost of achieving
the objectives of internal control should not
outweigh its benefits.
• Methods of Data Processing The techniques of
achieving the objectives will vary with different
types of technology
Limitations of Internal Controls
•Possibility of honest errors
•Circumvention via collusion
•Management override
•Changing conditions—especially in companies
with high growth
Exposure of Weak Internal Control (Risk)
•Destruction of an asset
•Theft of an asset
•Corruption of information
•Disruption of the information system
Computer-based System
Types of Files - Audit trails in computer-based
systems are less observable than in traditional
manual systems, but they still exist. Accounting
records in computer-based systems are
represented by four different types of magnetic
files: master files, transaction files, reference fil
es, and archive files.
The Preventive-Detective-Corrective Internal
Control
• Preventive Controls. Prevention is the first line
of defense in the control structure. Are passive
techniques designed to reduce the frequency or
occurrence of undesirable events.
• Detective Controls. These are devices,
techniques, and procedures designed to identify
and expose undesirable events that elude
preventive controls.
• Corrective Controls. Are action taken reverse
the effects of errors detected in the previous
step. There is an important distinction between
detective and corrective controls.
SAS 78/ COSO
Describes the relationship between the firm’s
• internal control structure,
• auditor’s assessment of risk, and
• the planning of audit procedures
How do these three interrelate?
The weaker the internal control structure, the
higher the assessed level of risk; the higher the
risk, the more auditor procedures applied in the
audit.
Five Internal Control Components: SAS
78/COSO
1. Control environment
• Integrity and ethics of management
• Organizational structure
• Role of the board of directors and the audit
committee
• Management’s policies and philosophy
• Delegation of responsibility and authority
• Performance evaluation measures
• External influences—regulatory agencies
• Policies and practices managing human
resources
2. Risk assessment
• Identify, analyze and manage risks relevant to
financial reporting:
• changes in external environment
• risky foreign markets
• significant and rapid growth that strain
internal controls • new product lines
• restructuring, downsizing
• changes in accounting policies
3. Information and communication
•The AIS should produce high quality
information which:
•identifies and records all valid transactions
• provides timely information on appropriate
detail to permit proper classification and
financial reporting
• accurately measures the financial value of
transactions
• accurately records transactions in the time
period in which they occurred
• Auditors must obtain sufficient knowledge of
the IS to understand:
• the classes of transactions that are material
• how these transactions are initiated [input]
• the associated accounting records and • Fall into two distinct categories: Physical Control
accounts used in processing [input]
•IT controls – relate specifically to the computer •Transaction Authorization
• the transaction processing steps involved from environment
• used to ensure that employees are carrying out
the initiation of a transaction to its inclusion in
•Physical controls – primarily pertain to human only authorized transactions
the financial statements [process]
activities
• general (everyday procedures) or specific
• the financial reporting process used to compile
Two Types of IT Controls (non-routine transactions authorizations
financial statements, disclosures, and
estimated [output] • General controls –pertain to the entity wide • Segregation of Duties
computer environment
[red shows relationship to the general AIS •In manual systems, separation between:
model] • Examples: controls over the data center,
• authorizing and processing a transaction
organization databases, systems development,
4. Monitoring
and program maintenance • custody and recordkeeping of the asset
• The process for assessing the quality of
• Application controls –ensure the integrity of • subtasks
internal control design and operation
specific systems
[this is the feedback in the general AIS model] •In computerized systems, separation between:
• Examples: controls over sales order
• Separate procedures – test of controls by processing, accounts payable, and payroll • program coding
internal auditors applications • program processing
• Ongoing monitoring: Six Types of Physical Control • program maintenance
• computer modules integrated into routine •Transaction Authorization •Supervision
operations
•Segregation of Duties •a compensation for lack of segregation; some
• Management reports which highlight trends may be built into computer systems
•Supervision
and exceptions from normal performance
•Accounting Records •Accounting Records
[red shows relationship to the general AIS
model] •Access Control •provide an audit trail

5. Control activities •Independent Verification • Access Controls

• Policies and procedures to ensure that the •Help to safeguard assets by restricting physical
appropriate actions are taken in response to access to them
identified risks
• Independent Verification •Independent Verification
•Reviewing batch totals or reconciling •When tasks are performed by the computer
subsidiary accounts with control accounts rather than manually, the need for an
independent check is not necessary
Physical Control in IT Contexts
•However, the programs themselves are
•Transaction Authorization
checked.
•The rules are often embedded within computer
programs
•EDI/JIT: automated re-ordering of inventory
without human intervention
•Segregation of Duties
•A computer may perform many tasks that are
deemed incompatible.
•Thus the crucial need to separate program
development, program operations, and program
maintenance.
•Accounting Records
•Ledger accounts and sometimes source
documents are kept magnetically
•No audit trail is readily apparent
•Supervision
•The ability to asses competent employees
becomes more challenging due to the greater
technical knowledge required.
•Access Control
•Data consolidation exposes the organization to
computer fraud and excessive losses from
disaster.
 The Revenue Cycle
Revenue Cycle Database
• Master files
• customer master file
• accounts receivable master file
• merchandise inventory master file
• Transaction and Open Document Files
• sales order transaction file
• open sales order transaction file
• sales invoice transaction file
• cash receipts transaction file
• Other Files
– shipping and price data reference file
– credit reference file (may not be needed)
• Sales information is released to:
•Billing
•Warehouse (stock release or picking ticket)
• Shipping (packing slip and shipping notice)
• The merchandise is picked from the
Warehouse and sent to Shipping.
• Stock records are adjusted.
• The merchandise, packing slip, and bill of
lading are prepared by Shipping and sent to the
customer.
• Shipping reconciles the merchandise
received from the Warehouse with the sales
information on the packing slip.
• Shipping information is sent to Billing. Billing
compiles and reconciles the relevant facts and
issues an invoice to the customer and updates
the sales journal. Information is transferred to:
Manual Cash Receipts Processes
• Customer checks and remittance advices are
received in the Mail Room.
• A mail room clerk prepares a cash prelist
and sends the prelist and the checks to Cash
Receipts.
• The cash prelist is also sent to A/R and the
Controller.
• Cash Receipts:
• verifies the accuracy and completeness of
the checks
• updates the cash receipts journal
• prepares a deposit slip
• prepares a journal voucher to send to G/L
•A/R posts from the remittance advices to the
accounts receivable subsidiary ledger.

– salesperson file (may be a master file) •Periodically, a summary of the postings is

– Sales history file – cash receipts history file
– accounts receivable reports file
Manual Sales Order Processing
•Begins with a customer placing an order
•The sales department captures the essential
details on a sales order form.
•The transaction is authorized by obtaining
credit approval by the credit department.
• Accounts Receivable (A/R)
sent to G/L.
• Inventory Control
•G/L department:
•A/R records the information in the customer’s
•reconciles the journal voucher from Cash
account in the accounts receivable subsidiary
Receipts with the summaries from A/R
ledger.
• updates the general ledger control accounts
•Inventory Control adjusts the inventory
subsidiary ledger. •The Controller reconciles the bank accounts.
•Billing, A/R, and Inventory Control submits Summary of Internal Controls
summary information to the General Ledger
dept., which then reconciles this data and posts
to the control accounts in the G/L.

Authorization Controls
•Proper authorization of transactions
(documentation) should occur so that only valid
transactions get processed.
•Within the revenue cycle, authorization should
take place when:
• a sale is made on credit (authorization)
• a cash refund is requested (authorization)
• posting a cash payment received to a
customer’s account (cash pre-list)
Segregation of Functions Three Rules
1. Transaction authorization should be separate
from transaction processing.
2. Asset custody should be separate from asset
record-keeping.
3. The organization should be so structured that
the perpetration of a fraud requires collusion
between two or more individuals.
Segregation of Functions
•Sales Order Processing
• credit authorization separate from SO
processing
•inventory control separate from warehouse
• accounts receivable sub-ledger separate from
general ledger control account
•Cash Receipts Processing
• cash receipts separate from accounting records
• accounts receivable sub-ledger separate from
general ledger
Supervision
•Often used when unable to enact appropriate
segregation of duties.
•Supervision of employees serves as a deterrent
to dishonest acts and is particularly important in
the mailroom.
Accounting Records
•With a properly maintained audit trail, it is
possible to track transactions through the
systems and to find where and when errors were
made:
• pre-numbered source documents
•special journals
•subsidiary ledgers
•general ledger
•files
Access Controls
•Access to assets and information (accounting
records) should be limited.
•Within the revenue cycle, the assets to protect
are cash and inventories and access to records
such as the accounts receivable subsidiary
ledger and cash journal should be restricted.
Independent Verification
• Physical procedures as well as record-keeping
should be independently reviewed at various
points in the system to check for accuracy and
completeness:
• shipping verifies the goods sent from the
warehouse are correct in type and quantity
• warehouse reconciles the stock release
document (picking slip) and packing slip
• billing reconciles the shipping notice with the
sales invoice
• general ledger reconciles journal vouchers
from billing, inventory control, cash receipts,
and accounts receivable
Automating the Revenue Cycle
•Authorizations and data access can be
performed through computer screens.
•There is a decrease in the amount of paper.
•The manual journals and ledgers are changed
to disk or tape transaction and master files.
•Input is still typically from a hard copy
document and goes through one or more
computerized processes.
•Processes store data in electronic files (the tape
or disk) or prepare data in the form of a
hardcopy report.
•Revenue cycle programs can include:
•formatted screens for collecting data
• edit checks on the data entered
•instructions for processing and storing the
data
•security procedures (passwords or user IDs)
•steps for generating and displaying output
•To understand files, you must consider the
record design and layout.
•The documents and the files used as input
sources must contain the data necessary to
generate the output reports.
Computer-based accounting system
•CBAS technology can be viewed as a
continuum with two extremes:
•automation - use technology to improve
efficiency and effectiveness
•reengineering – use technology to restructure
business processes and firm organization
Reengineering Sales Order Processing Using
Real-Time Technology
•Manual procedures and physical documents are
replaced by interactive computer terminals.
•Real time input and output occurs, with some
master files still being updated using batches.
•Real-time - entry of customer order, printout
of stock release, packing slip and bill of lading;
update of credit file, inventory file, and open
sales orders file
•Batch – printout of invoice, update of closed
sales order (journal), accounts receivable and
general ledger control account
Advantages of Real-Time Processing
•Shortens the cash cycle of the firm by reducing
the time between the order date and billing date
•Better inventory management which can lead
to a competitive advantage
•Fewer clerical errors, reducing incorrect items
being shipped and bill discrepancies
•Reduces the amount of expensive paper
documents and their storage costs
Reengineered Cash Receipt
•The mail room is a frequent target for
reengineering.
•Companies send their customers preprinted
envelopes and remittance advices.
•Upon receipt, these envelopes are scanned to
provides a control procedure against theft.
•Machines are open the envelopes, scan
remittance advices and checks, and separate the
checks.
•Artificial intelligence may be used to read
handwriting, such as remittance amounts and
signatures.
Point-of-Sales Systems
•Point of sale systems are used extensively in
retail establishments.
•Customers pick the inventory from the
shelves and take them to a cashier.
•The clerk scans the universal product code
(UPC). The POS system is connected to an
inventory file, where the price and description
are retrieved.
•The inventory levels are updated and reorder
needs can immediately be detected.
•The system computes the amount due.
Payment is either cash, check, ATM or credit
card in most cases.
•No accounts receivables
•If checks, ATM or credit cards are used, an on-
line link to receive approval is necessary.
•At the end of the day or a cashier’s shift, the
money and receipts in the drawer are reconciled
to the internal cash register tape or a printout
from the computer’s database.
•Cash over and under must be recorded
 Reengineering Using EDI
• EDI helps to expedite transactions.
• The customer’s computer:
• determines that inventory is needed
• selects a supplier with whom the business
has a formal business agreement
• dials the supplier’s computer and places the
order
• The exchange is completely automated.
• No human intervention or management
Reengineering Using the Internet
•Typically, no formal business agreements exist
as they do in EDI.
•Most orders are made with credit cards.
•Mainly done with e-mail systems, and thus a
turnaround time is necessary
•Intelligent agents are needed to eliminate this
time lag.
• Security and control over data is a concern
with Internet transactions.
CBAS Control Considerations
•Authorization - in real-time systems,
authorizations are automated
•Programmed decision rules must be closely
monitored.
•Segregation of Functions - consolidation of
tasks by the computer is common
•Protect the computer programs
•Coding, processing, and maintenance should
be separated.
• Supervision - in POS systems, the cash
register’s internal tape or database is an added
form of supervision
PC-Based Accounting System
•Access Control - magnetic records are
• Used by small firms and some large
vulnerable to both authorized and unauthorized
exposure and should be protected decentralized firms
•Must have limited file accessibility • Allow one or few individuals to perform entire
accounting function
•Must safeguard and monitor computer
programs • Most systems are divided into modules
controlled by a menu-driven program:
• Accounting Records - rest on reliability and
security of stored digitalized data • general ledger
• Accountants should be skeptical about the • inventory control
accuracy of hard-copy printouts. • payroll
• Backups - the system needs to ensure that • cash disbursements
backups of all files are continuously kept
• purchases and accounts payable
• Independent Verification – consolidating
accounting tasks under one computer program • cash receipts
can remove traditional independent verification • sales order
controls. To counter this problem:
• perform batch control balancing after each run
• produce management reports and summaries
for end users to review
 PC Control Issues
• Segregation of Duties - tend to be inadequate
and should be compensated for with increased
supervision, detailed management reports, and
frequent independent verification
• Access Control - access controls to the data
stored on the computer tends to be weak;
methods such as encryption and disk locking
devices should be used
• Accounting Records - computer disk failures
cause data losses; external backup methods
need to be implemented to allow data recovery