ACC200 Lecture Notes Sem 3 2019

ACC200 - Accounting
Information Systems
Sem 3 2019
Topic 1- Introduction to
Accounting Information
Systems
1-1
Learning Objectives
1. Explain what an accounting information
system (AIS) is and describe the basic
functions it performs.
2. Discuss why studying the design and
management of an AIS is important.
3. Discuss ways that the AIS can add value to a
business.
1-2
What Is Accounting?
 It is the principal way of organizing and reporting
financial information. It has been called the “language
of business.”
 Accounting and information systems comprise the
functional area of business responsible for providing
information to the other areas to enable them to do
their jobs and for reporting the results to interested
parties.
 To that end, an accounting system is used to identify,
analyze, measure, record, summarize, and
communicate relevant economic information to
interested parties.
1-3
Information and
Decision Making
 What is information?
 The term data refers to any and all of
the facts that are collected, stored,
and processed by an information
system.
 Information is data that has been
organized and processed so that it is
meaningful.
1-4
Information and Decisions
Top-Level
Management
Strategic
Summarization
Middle and Filtration
Management Tactical
Lower-Level Operational
Management
Transaction Oriented
1-5
Information and Decision
Making
Characteristics of Useful Information
Relevant Timely
Reliable Understandable
Complete Verifiable
1-6
Ten Most Important Activities
Performed By Accountants
1. Accounting systems 6. Financial and
and financial reporting economic analyses
2. Long-term strategic 7. Process improvement
planning 8. Computer systems
3. Managing the and operations
accounting and 9. Performance
finance function evaluation
4. Internal Consulting 10. Customer and product
5. Short-term budgeting profitability analyses
1-7
What Is an Information
System?
 An Information system is a framework in which data on a
companies business processes is collected, processed,
controlled and managed through stages in order to provide
information to users
 It can be a manual or computerized system
 Firms depend on information systems in order to survive and
stay competitive
1-8
What Is the function of an
AIS?
What important functions does the
AIS perform in an organization?
1 It collects and stores data about
activities and transactions.
2 It processes data into information that
is useful for making decisions.
3 It provides adequate controls to
safeguard the organization’s assets.
1-9
The Three Basic Functions
Performed by an AIS
1 To collect and store data about the
organization’s business activities and
transactions efficiently and effectively:
 Capture transaction data on source documents.
 Record transaction data in journals, which present
a chronological record of what occurred.
 Post data from journals to ledgers, which sort data
by account type.
1-10
Performed by an AIS
2 To provide management with
information useful for decision
making:
 In manual systems, this information is
provided in the form of reports that fall
into two main categories:
– financial statements
– managerial reports
1-11
Performed by an AIS
3 To provide adequate internal controls:
 Ensure that the information produced
by the system is reliable.
 Ensure that business activities are
performed efficiently and in
accordance with management’s
objectives.
 Safeguard organizational assets.
1-12
Why Study AIS?
 To understand how the accounting
system works.
 How to collect data about an organization’s
activities and transactions
 How to transform that data into information
that management can use to run the
organization
 How to ensure the availability, reliability, and
accuracy of that information
1-13
Why Study AIS?
 Auditors need to understand the

systems that are used to produce a
company’s financial statements.
 Tax professionals need to understand
enough about the client’s AIS to be
confident that the information used for
tax planning and compliance work is
complete and accurate.
1-14
Steps in Transforming Data
into Information
 Data collection - capturing, recording,
validating and editing data for completeness
and accuracy
 Data Maintenance/Processing - classifying,
sorting, calculating data
 Data Management - storing, maintaining and
retrieving data
 Data Control - safeguarding and securing
data and ensuring the accuracy and
completeness of the same
 Information Generation - interpreting,
reporting, and communicating information
1-15
Information Systems
 The term information system suggests

the use of computer technology in an
organization.
 What is a computer-based information
system?
 It is a collection of computer hardware
and software designed to transform
data into useful information.
1-16
What Is An Accounting
Information System (AIS)?
 An accounting information system (AIS)

consists of:
 People
 Procedures
 Data
 Software
 Information technology infrastructure (Hardware)
1-17
Information System -Basic Stages
Data
storage
Data Data Information

input processing output
1-18
Capturing Inputs
 Manual keying
 Scanning through barcode technology
 Scanning through image scanners
 Magnetic ink character recognition [MICR]
 Voice recognition
 Optical mark readers
1-19
Processes
 Processes are the sets of activities that are

performed on the inputs into the system
Examples:
o Performing calculations
o Validity checks
o Hash checks
1-20
Outputs
 Outputs refer to what is obtained from a
system, or the result of what the system does
Examples:
oReceipts
oInvoices
 Outputs are normally the starting point when

designing a system
1-21
Resources Required for an
AIS
 Processor(s): Manual or Computerized
 Data Base(s): Data Repositories
 Procedures: Manual or Computerized
 Input/Output Devices
 Miscellaneous Resources
1-22
Roles of Accountants
With Respect to an AIS
 Financial accountants prepare financial information for

external decision-making in accordance with MASB
 Managerial accountants prepare financial information

for internal decision-making
1-23
Financial Reporting
Balance Sheet
Income Statement
The primary
Statement of Cash Flows
financial
statements.
1-24
Accounting Information
Systems
Cost & Revenue

Determination
 Job Costing
Information Users Process Costing
Decision Support
 Investors  CVP Analysis
 ABC
 Creditors  Performance
 Sales
 Managers Evaluation
 Owners Assets & Liabilities  Increment
Customers Plant & Equipment al
 Employees Loans & Equity Analysis
Regulatory Agencies  Receivables,  Budgeting
-SC Payables & Cash  Capital Allocation
-IRB Cash Flows  Earnings per Share
-KLSE From Operations  Ratio Analysis
From Financing
From Investing
1-25
Roles of Accountants
With Respect to an AIS
 Auditors - evaluate controls and attest to the fairness
of the financial statements.
 Accounting managers - control all accounting
activities of a firm.
 Tax specialists - develop information that reflects tax
obligations of the firm.
 Consultants - devise specifications for the AIS.
1-26
How An AIS Can Add Value
To An Organization
– An AIS adds value by:
– improving the quality and reducing the costs of
products or services.
– improving efficiency.
– Improving decision making capabilities.
– increasing the sharing of knowledge.
A well-designed AIS can also help an organization

profit by improving the efficiency and effectiveness
of its supply chain.
1-27
The Supply Chain
Raw Materials
Supplier
Manufacturer
Distributor
Retailer
Consumer
1-28
The Value Chain
 The ultimate goal of any business is to

provide value to its customers.
 A business will be profitable if the
value it creates is greater than the
cost of producing its products or
services.
1-29
The Value Chain
 An organization’s value chain consists of

nine interrelated activities that collectively
describe everything it does.
 The five primary activities consist of the
activities performed in order to create,
market, and deliver products and services
to customers and also to provide post-sales
services and support.
1-30
The Value Chain
Primary Activities
Inbound Outbound
Operations
Logistics Logistics
Marketing
Service
and Sales
1-31
The Value Chain
 The four support activities in the value

chain make it possible for the primary
activities to be performed efficiently
and effectively.
1-32
The Value Chain
Support Activities
Infrastructure Technology
Human
Purchasing
Resources
1-33
The Value System
 The value chain concept can be

extended by recognizing that
organizations must interact with
suppliers, distributors, and customers.
 An organization’s value chain and the
value chains of its suppliers,
distributors, and customers
collectively form a value system.
1-34
Gains from Computerised AIS
for Accountants
 Faster processing of transactions and other data
 Greater accuracy in computations of and comparisons
with data
 Lower cost of processing each transaction
 More timely preparation of reports and other outputs
 More concise storage of data, with greater accessibility
when needed
 Wider range of choices for entering data and providing
outputs
 Higher productivity for employees and managers, who
learn to use computers effectively in their routine and
decision-making responsibilities
1-35
End of Lecture 1
ACC200 - Accounting Information
Systems
Sem 3 2019
Topic 2 – Modelling Business Processes
(Mid term short essay question)

Learning Objectives
1. Differentiate between the Functional vs Business Process

Perspective
2. Describe basic subsystems in AIS
3. Explain the four stages of the data processing cycle
4. Describe the documents and procedures used in an AIS to
collect and process transaction data
5. Discuss the types of files used by an AIS.
2-2
Functional Business Model
 Alfred P. Sloan developed the functional organizational model in

the 1930s as chairman of General Motors
 The functional model was very successful for decades, but foreign
competition in the 1980s highlighted problems with the model:
 Flexibility and rapid decision-making were not possible
 Organizations had become overstaffed and top-heavy
 Ability to respond to change was limited
3
Information Flow
Marketing
Information Flow
Sales
Information Flow
Manufacturing
Top Management
Material & Product Flow
4 Information Flow
Logistics
Information and material flows in a functional business model
Functional Business Model
Information Flow
Finance & Accounting

Functional Perspective of the
Organisation
2-5
The Functional Perspective of the
Organisation (Cont)
 Benefits
o Control and coordination: provides sound organisational
control
o Specificity: highly defined and specified tasks exist
 Problems and limitations

o Not reflective of the reality of today
o Information and communication problems
o Slow to react to the environment
o Focuses on the wrong things 2-6
What is a Business Process ?
 A business process is a series of interlocking

activities that work together, across the
organisation, to achieve some predetermined
organisational goal (typically defined around
satisfying customer needs)
2-7
Business Process Model
 In a process-oriented company, the flow of

information and management activity are
“horizontal”—across functions
 The “horizontal” flow promotes flexibility and
rapid decision-making
 Michael Hammer’s Reengineering the
Corporation encouraged managers to take a
“horizontal” business process view of their
companies
8
Top Management
Accounts Finance & Accounts
Payable Accounting Receivable
Marketing & Sales
Customers
Procurement Manufacturing Logistics
Suppliers
Information Flow
Supplies Conversion Storage & Shipping

Material & Product Flow
Information and material flows in a process business model
9
Business Processes
Primary Business Processes
Inbound Sales Outbound Sales

Logistics Logistics
Operations Marketing/Sales
Service
1-10 2-10
Business Processes
Supporting Business Processes
Technology
Procurement
Development
Human Firm
Resources Infrastructure
2-11
Functional vs Process
Functional Process
perspective perspective
Focus What is done How it is done
Orientation Vertical, hierarchical Horizontal, across

the organisation
Objective Task driven Customer driven
Personnel Specialists – highly Generalists – tasks

defined tasks across the process
2-12
Basic Subsystems in the AIS
1. The revenue cycle: involves activities of
selling goods or services and collecting
payment for those sales.
2. The expenditure cycle: involves activities of
buying and paying for goods or services
used by the organization.
3. The human resources/payroll cycle:
involves activities of hiring and paying
employees.
2-13
4. The production cycle: involves activities
converting raw materials and labor into
finished goods.
5. Inventory cycle: involves the receipt and
issue of stock items
2-14
Inventory Expenditure Human
Cycle Cycle Resource Cycle
General Ledger & Reporting System
Production Revenue
Cycle Cycle
2-15
The Expenditure Cycle
 Activities and information processing related to:
 Purchasing and payment of
• Goods and services
 Primary objective:
 Minimize the total cost of acquiring and
maintaining inventories, supplies, and the
various services the organization needs to
function
2-16
Expenditure Cycle Activities
1. Ordering materials,
supplies, and services
2. Receiving materials,
supplies, and services
3. Approving supplier
invoices
4. Cash disbursements
2-17
The Revenue Cycle
 Provides goods and services to customers
 Collects cash in payment for those sales
 Primary Objective:
 Provide the right product
 In the right place
 At the right time for the right price
2-18
Revenue Cycle Activities
1. Sales order entry
2. Shipping
3. Billing
4. Cash collections
2-19
General Ledger and Reporting Activities
1. Update general ledger

2. Post adjusting entries
3. Prepare financial statements
4. Produce management reports
2-20
The Data Processing Cycle
 The data processing cycle consists of
four steps:
1. Data input
2. Data storage
3. Data processing
4. Information Output
2-21
Four Stages of the Data
Processing Cycle
Data
storage
Data Data Information

input processing output
2-22
Data Input
 The first step in the data processing cycle
is data input.
 During the data input stage, transaction
data are captured and converted to
machine-processible form.
 Traditionally, transaction data has been
captured on preprinted source
documents.
 What are some source documents?
2-23
Data Input
– purchase requisitions
– checks and remittances from customers
 Data input may also require the following

preparation:
– classification by assigning identification
codes
– verification to ensure data accuracy
– transmittal from one location to another
2-24
Data Input
 How can data input accuracy and
efficiency be improved?
 Have a well-designed computer screen
resembling that of source documents.
 Have the system prompt the user to input
all necessary data.
 Use scanning devices instead of keying.
 Have source data automation like ATMs.
2-25
Data Processing Cycle:
Data Input
 Historically, most businesses used paper
source documents to collect data and
then transferred that data into a
computer.
 Today, most data are recorded directly
through data entry screens.
2-26
Data Input
 Control over data collection is improved
by:
 pre-numbering each source document
and using turnaround documents
 having the system automatically assign a
sequential number to each new
transaction
 employing source data automation
2-27
Data Input
 A number of actions can be taken to
improve the accuracy and efficiency of
data input:
 Turnaround documents
• EXAMPLE: The stub on your telephone bill that you tear off and return with
your check when you pay the bill.
• The customer account number is coded on the document, usually in machine-
readable form, which reduces the probability of human error in applying the
check to the correct account.
2-28
Data Input
 A number of actions can be taken to
improve the accuracy and efficiency of
data input:
 Turnaround documents
 Source data automation
• Capture data with minimal human intervention.

• EXAMPLES:
– ATMs for banking
– Point-of-sale (POS) scanners in retail stores
– Automated gas pumps that accept your credit card
2-29
Common Source
Documents and Functions
REVENUE CYCLE
Source Document Function
Sales order Take customer order.

Delivery note Deliver or ship order
Sales Invoice Bill customer
Remittance advice Receive cash.
Deposit slip Deposit cash receipts.
Credit/Debit memo or note Adjust customer accounts 2-30

Common Source
EXPENDITURE CYCLE
Purchase requisition Request items.
Purchase order Order items.

Delivery Note Take goods into stock .
Supplier Invoice Record amount due
Goods received note Receive items.
Cheque Pay for items. 2-31
Common Source
HUMAN RESOURCES CYCLE
Time cards Record time worked

by employees.
Job time tickets Record time spent

on specific jobs.
2-32
Common Source Documents
and Functions
GENERAL LEDGER AND
REPORTING SYSTEM
Journal voucher Record entry posted to
general ledger.
2-33
Data Storage
 A company’s data is one of its most
important resources.
 An organization must have ready and
easy access to its data in order to
function properly.
 Accountants need to know how to
manage data for maximum corporate use.
2-34
DATA STORAGE
 Data needs to be organized for easy and
efficient access.
 Let’s start with some vocabulary terms
with respect to data storage.
2-35
DATA STORAGE
 Ledger
A ledger is a file used to store cumulative information

about resources and agents. We typically use the
word ledger to describe the set of t-accounts. The t-
account is where we keep track of the beginning
balance, increases, decreases, and ending balance
for each asset, liability, owners’ equity, revenue,
expense, gain, loss, and dividend account.
2-36
DATA STORAGE
 Ledger
 Following is an example of a ledger
account for accounts receivable:
GENERAL LEDGER
ACCOUNT: Accounts Receivable Account Number: 120
Date Description Post Ref Debit Credit Balance

01/01/05 42,069.00
01/03/05 Sales S03 1,300.00 43,369.00
01/13/05 Cash collections CR09 4,600.00 38,769.00
01/23/05 Sales S04 5,600.00 44,369.00 2-37
DATA STORAGE
 Ledger
 General ledger
The general ledger is the summary level information

for all accounts. Detail information is not kept in this
account.
2-38
DATA STORAGE
 Ledger
 General ledger
Example: Suppose XYZ Co. has three customers.

Anthony Adams owes XYZ $100. Bill Brown owes
$200. And Cory Campbell owes XYZ $300. The
balance in accounts receivable in the general ledger
will be $600, but you will not be able to tell how much
individual customers owe by looking at that account.
The detail isn’t there.
2-39
DATA STORAGE
 Ledger
 General ledger
 Subsidiary ledger
The subsidiary ledgers contain the detail accounts

associated with the related general ledger account.
The accounts receivable subsidiary ledger will
contain three separate t-accounts—one for Anthony
Adams, one for Bill Brown, and one for Cory
Campbell.
2-40
DATA STORAGE
 Ledger
 General ledger
The related general ledger account is often called

a “control” account.
The sum of the subsidiary account balances
should equal the balance in the control account.
2-41
DATA STORAGE
 Ledger
 General ledger
 Coding techniques
• Coding is a method of systematically assigning numbers or letters to data

items to help classify and organize them. There are many types of codes
including:
– Sequence codes
– Block codes
– Group codes
2-42
DATA STORAGE
 Ledger
 General ledger
• With sequence codes, items (such as checks or invoices) are numbered

consecutively to ensure no gaps in the sequence. The numbering helps
ensure that:
– All items are accounted for
– There are no duplicated numbers, which would suggest errors or fraud
2-43
DATA STORAGE
 Ledger
 General ledger
• When block codes are used, blocks of numbers within a numerical sequence are reserved for a
particular category. (pg 27 Sunrise Pharmaceuticals)
• EXAMPLE: The first digit represents the major account category (eg . 1000 series are assets.
Thee 2nd represent current or fixed asset, & 3rd and 4th digit represents the specific asset.
-1000-1999 Assets
- 2000-2999 Liabilities
- 3000-3999 Equity
2-44
DATA STORAGE
 Ledger
 General ledger
• When group codes are used, two or more subgroups of digits are used
to code an item.
• EXAMPLE: Product item codes:
– Digits 1-2 Type of Stock (RM, FG, WIP)
– Digit 3 Colour
– Digits 4-7 Year of manufacture
– Digits 8-9 Location in warehouse 2-45
DATA STORAGE
 Ledger
 General ledger
• Group coding schemes are often used in assigning general ledger
account numbers. The following guidelines should be observed:
– The code should be consistent with its intended use, so make sure you
know what users need.
– Provide enough digits to allow room for growth.
– Keep it simple in order to:
• Minimize costs
• Facilitate memorization
• Ensure employee acceptance
– Make sure it’s consistent with:
• The company’s organization structure
• Other divisions of the organization
2-46
• The chart of accounts is a list of all general ledger accounts an organization uses.
• Group coding is often used for these numbers, e.g.:
– The first section identifies the major account categories, such as asset, liability, revenue,
DATA STORAGE etc.
– The second section identifies the primary sub-account, such as current asset or long-
term investment.
 Ledger
– The third section identifies the specific account, such as accounts receivable or
inventory.
 General ledger
– The fourth section identifies the subsidiary account, e.g., the specific customer code for
 Subsidiary ledger an account receivable.
• The structure of this chart is an important AIS issue, as it must contain sufficient detail to
 Coding techniques meet the organization’s needs.
 Chart of accounts
2-47
DATA STORAGE
• In manual systems and some accounting packages, the first place that
 Ledger
transactions are entered is the journal.
– A general
 General ledger
journal is used to record:
• Non-routine transactions, such as loan payments
• Summaries of routine transactions
• Adjusting entries
• Closing entries
– A special journal is used to record routine transactions. The most common special
 Chart of accounts
journals are:
• Cash receipts
• Cash disbursements
• Credit sales
• Credit purchases
 Journals
2-48
Fundamental Data Storage
Concepts and Definitions
 What is an entity?
 An entity is something about which
information is stored.
 What are some examples of entities?
– employees
– inventory items
– customers
– suppliers
2-49
 What are attributes?
 Each entity has attributes, or
characteristics of interest, which need to
be stored.
 What are some examples?
– employee pay rates
– customer addresses
– supplier credit terms
2-50
 Computers store data by organizing
smaller units of data into large, more
meaningful ones.
 A field is the smallest element of data
storage.
 A number of fields are grouped together
to form a record, which is a collection of
data values that describe specific
attributes of one entity.
2-51
 Related records are grouped together to
form a file.
 What is an example of a file?
– the accounts receivable file
 Files containing related data are

combined to form a data base.
2-52
Data base
File
Record
Field 2-53
Accounts Receivable File
Attributes
Customer Customer Address Credit Balance
Number name limit
301 ABC Co. Box 5 1,000 400

555 XYZ Co. Box 9 6,000 2,000
2 Entities 2 Data
Individual fields values
Records
2-54
Types of Files
 Two basic types of files are used to store
data.
1 The master file, which is conceptually
similar to a ledger in a manual system.
(eg customer addresses, general ledger)
2 The transaction file, which is conceptually
similar to a journal in a manual system.
(eg journals,sales invoices, purchase
invoices)
2-55
The Data Processing Cycle
 The trigger for data input is usually
business activity. Data must be
collected about:
1. Each event of interest
2. The resources affected by each event
3. The agents who participate in each
event
2-56
Data Processing
 Additions insert new records into a master file.

 Deletions remove records from a master file.
 Updates revise current balances in master files.
 Changes modify the data values of other fields in

master files.
2-57
Data Processing
 The most common data processing activity is
data maintenance.
 Data maintenance is the periodic processing
of transactions to update stored data.
 What are some commonly used types of data
maintenance?
2-58
Data Processing Methods
 Batch processing is the periodic updating
of the data stored about resources and
agents
 On-line, real-time processing is the
immediate updating as each transaction
occurs
2-59
Batch Processing
 Batch processing is updating master files
periodically to reflect all transactions that
occurred during a given time period.
 The master file is updated at set times or
whenever a manageable number of
transactions are gathered.
 Transaction data can either be entered as
a batch or as each transaction occurs.
2-60
Batch Processing
Group source documents into batches.
Master
file
2-61
On-line, Real-Time Processing
 In on-line, real-time processing, the
computer captures data electronically,...
– edits it for accuracy and completeness,
and...
– immediately processes it.
 The computer also processes information

requests from users.
2-62
On-line, Real-Time Processing
Enter transactions into system as they occur.
Master
file
2-63
Advantages of Each Method
 The main advantage of batch processing
was efficiency in processing.
 On-line data entry is more accurate than
periodic batch input because the system
can refuse incomplete of erroneous
entries.
 Real-time processing ensures that the
information in master files is always
current.
2-64
Information Output
 The final step in the data processing
cycle is information output.
2-65
Forms of Information Output
 Information is presented in three forms:
1 Documents
2 Reports
3 Responses to a query
2-66
Purpose of Information Output
 External users:
 Financial statements are produced to
meet stewardship requirements.
 Income tax returns and filings with the
Securities Commission are produced to
comply with legal requirements.
2-67
Purpose of Information Output
 Internal users:
 Budgets, sales forecasts, and projected
cash flow statements are prepared for
planning purposes.
 Production and delivery schedules, open
purchase orders, and inventory stock
status reports are prepared to help
effectively manage day-to-day operations.
2-68
What is an Audit Trail?
Documentation with appropriate reference numbers

which provide the means for locating and examining
the appropriate source documents in order to verify
that the transactions did occur and was recorded
accurately.
2-69
End of Lecture
ACC200 - Accounting
Information Systems
Sem 3 2019
Topic 3 - Systems Documentation

Techniques (Flowcharting)
Learning Objectives
1 Prepare and use data flow diagrams

to understand, evaluate, and design
information systems.
2 Draw flowcharts to understand,
evaluate, and design information
systems.
3-2
What is the current system?
 Need to understand the information needs of the
company more clearly.
1 What types of tools and techniques should a Co
use to document its existing system so it is easy
to understand and evaluate?
2 What development tools and techniques should a
Co use to design its new computer-based
information system?
3-3
Introduction
 This chapter explains the most

common systems documentation tools
and techniques.
 They include data flow diagrams and
flowcharts.
 These tools save both time and
money, adding value to an
organization.
3-4
Overview
 Systems techniques are tools used in the

analysis, design, and documentation of
system and subsystem relationships.
 They are largely graphical (pictorial) in nature.
 Systems techniques are used by accountants

who do systems work.
3-5
Documentation Tools
 The chapter discusses the following four

documentation tools:
1 Data flow diagrams
2 Document flowcharts
3 Computer system flowcharts
4 Program flowcharts (Process Map)
3-6
Learning Objective 1
Prepare and use data flow

diagrams to understand,
evaluate, and design
information systems.
3-7
Data Flow Diagrams
 A data flow diagram (DFD) graphically

describes the flow of data within an
organization.
 It is used to document existing systems
and to plan and design new ones.
 There is no ideal way to develop a DFD.
3-8
Data-Flow Diagrams
 A data-flow diagram shows the physical and
logical flows of data through a transaction
processing system without regard to the time
period when each occurs
 Physical devices that transform data are not
used in the logical diagrams
 Because of the simplified focus, only
four symbols are needed
3-9
Data Flow Diagrams
 A data flow diagram (DFD) is

composed of the following four basic
elements:
1 Data sources and destinations
2 Data flows
3 Transformation processes
4 Data stores
3-10
Data Flow Diagram Symbols
Data Source and destinations
Data Flows
Transformation Processes
Data Stores
3-11
Data Flow Diagram Symbols
 A data source or data destination symbol on the
DFD represents an organization or individual that
sends or receives data that they system uses or
produces.
 A data flow represents the flow of data between
processes, data stores and data sources and
destinations.
 A transformation process represents the
transformations of data.
 A data store is a temporary or permanent repository
of data.
 A data dictionary contains description of all the
elements, stores, and flows in a system.
3-12
Guidelines for
Drawing a DFD
1. Understand the system.
2. Ignore certain aspects of the system.
3. Determine system boundaries.
4. Develop a context diagram.
5. Identify data flows.
6. Group data flows.
7. Identify transformation processes.
8. Group transformation processes.
3-13
Guidelines for
Drawing a DFD, continued
9. Identify all files or data stores.
10. Identify all data sources and destinations.
11. Name all DFD elements.
12. Subdivide the DFD.
13. Give each process a sequential number.
14. Repeat the process.
15. Prepare a final copy.
3-14
The Hierarchy of Data-Flow
Diagrams
The Hierarchy of Data Flow Diagrams
Context Diagram
Physical DFD Level-0 logical DFD

No lower levels Lower levels possible
Level 1 diagram(s)
Level 2 diagrams(s), etc.
3-15
Context Diagram
 The context diagram provides a

representation of the system and the entities
that provide inputs to, or receive outputs from,
the system of interest
 It is an overview of the data flow and says

nothing about what actually happens in the
process
3-16
Level 0 & Level 1 DFDs
 Level 0 data flow diagram: the highest level

logical data flow diagram providing an
overarching view of the processes that occur
 Level 1 data flow diagram: the second level

logical data flow diagram that takes one of the
process bubbles from the level 0 diagram and
expands it to provide detail about the activities
that occur within the process
3-17
Revenue Cycle- Context
Diagram
3-18
DFD - Level 0
3-19
DFD- Level1
3-20
.
Draw flowcharts to understand,
evaluate, and design information
systems.
3-21
Flowcharts
Describe an information system showing:
 Inputs and Outputs
 Information activities (processing data)
 Data storage
 Data flows
 Decision steps
Key strengths of flowcharts are that they can easily capture

control via decision points, show manual vs. automated
processes.
3-22
Types of Flowcharts
 Document: shows the flow of documents and
data for a process, useful in evaluating
internal controls
 System: depicts the data processing cycle
for a process
 Program/Process Map: illustrates the
sequence of logic in the system process
3-23
Flowcharts Symbols
3-24
Document Flowcharts
 Flowcharts are pictorial representations of

transaction processing systems that portray flows
of some type
 A Document Flowchart emphasizes the
hardcopy inputs and outputs and their flows
through organizational units
 Auditors and accountants may use document
flowcharts when analyzing a current system for
weaknesses in controls and reports
3-25
What are Document
Flowcharts?
 A document flowchart illustrates the flow of
documents and information between areas
of responsibility within an organization.
 A document flowchart is particularly useful
in analyzing the adequacy of control
procedures.
 Flowcharts that describe and evaluate
internal controls are often referred to as
internal control flowcharts.
3-26
A Sample Document
Flowchart
Requesting Department Central Supplies Department
12 A
Goods Requisition
Form
1
Goods Requisition
Form
File
3-27
A Sample Document
Flowchart
Accounts Payable Purchasing Agent Receiving Stores
Purchase Purchase
Purchase Requisition Requisition
Requisition 1 1
2
2
Purchase
To Vendor Purchase Order
Order 3
1
2
Purchase 3 Purchase
Order 4 Order
5 4
5
3-28
What are System
Flowcharts?
 System flowcharts depict the
relationship among the input,
processing, and output of an AIS.
 A system flowchart begins by
identifying both the inputs that enter
the system and their origins.
 The input is followed by the
processing portion of the flowchart.
3-29
What are Computer
System Flowcharts?
 The resulting new information is the
output component.
 System flowcharts are an important
tool of system analysis, design, and
evaluation.
3-30
What are Computer
System Flowcharts?
Input
Storage Process
Output
3-31
Systems Flowchart Example: Automated
Batch Sales
3-32
Differences Between
DFDs and Flowcharts
 DFDs emphasize the flow of data and
what is happening in a system,
whereas a flowchart emphasizes the
flow of documents or records
containing data.
 A DFD represents the logical flow of
data, whereas a flowchart represents
the physical flow of data.
3-33
Differences Between
DFDs and Flowcharts
 Flowcharts are used primarily to
document existing systems.
 DFDs, in contrast, are primarily used
in the design of new systems and do
not concern themselves with the
physical devices used to process,
store, and transform data.
3-34
Differences Between
DFDs and Flowcharts
 DFDs make use of only four symbols.
 Flowcharts use many symbols and
thus can show more detail.
3-35
Program/Process Maps
 A program or process
map is a simple
graphical representation
of a business process
3-36
Process Map Basic Symbols
3-37
Rules for Reading Process
Maps
1. The functional areas appear down the left-

hand side of the diagram
2. The functional areas are separated with a

solid line
3. The subfunctions are separated with a

dashed line
3-38
Rules for Reading Process Maps (Cont)
4. Two standard symbols are used: a rectangle

for a process and a diamond for a decision
5. Lines that connect processes are labelled with

documents
3-39
Rules for Reading Process Maps (Cont)
6. Process rectangles describe processes not

documents
7. The process map reads left to right and top to

bottom
3-40
Process Map
3-41
End of Lecture
ACC200 - Accounting
Information Systems
Sem 3 2019
Topic 4 :The Expenditure Cycle:

Purchasing and Cash
Disbursements
Learning Objectives
1. Describe the basic business activities and related
data processing operations performed in the
expenditure cycle.
2. Discuss the key decisions to be made in the
expenditure cycle, and identify the information
needed to make those decisions.
3. Document your understanding of the expenditure
cycle.
4. Identify major threats in the expenditure cycle,
4-2
 Describe the basic business activities

and related data processing
operations performed in the
expenditure cycle.
4-3
Expenditure Cycle:
Main Objective
 The expenditure cycle is a recurring set of
business activities and related data
processing operations associated with the
purchase of and payment for goods and
services.
 The primary objective of the expenditure
cycle is to minimize the total cost of
acquiring and maintaining inventories,
supplies, and the various services
necessary for the organization to function.
4-4
 Discuss the key decisions that

need to be made in the
expenditure cycle, and identify the
information needed to make those
decisions.
4-5
Expenditure Cycle:
Key Decisions
 What is the optimal level of inventory and
supplies to carry?
 Which suppliers provide the best quality and
service at the best prices?
 Where should inventories and supplies be
held?
 How can the organization consolidate
purchases across units to obtain optimal
prices?
4-6
Expenditure Cycle:
Key Decisions
 How can information technology be used to
improve both the efficiency and accuracy of
the inbound logistics function?
 Is sufficient cash available to take
advantage of any discounts suppliers offer?
 How can payments to vendors be managed
to maximize cash flow?
4-7
Information Needs
 The third function of the AIS is to

provide information useful for decision
making.
4-8
EXPENDITURE CYCLE
INFORMATION NEEDS
 Information is needed for the following
operational tasks in the expenditure cycle,
including:
 Deciding when and how much inventory to order
 Deciding on appropriate suppliers
 Determining if vendor invoices are accurate
 Deciding whether to take purchase discounts
 Determining whether adequate cash is available to
meet current obligations
4-9
EXPENDITURE CYCLE
INFORMATION NEEDS
 Information is also needed for the following
performance evaluation & strategic decisions:
 Setting prices for products/services
 Establishing policies on returns and warranties
 Deciding on credit terms
 Determining short-term borrowing needs
 Planning new marketing campaigns
4-10
EXPENDITURE CYCLE
INFORMATION NEEDS
 The AIS needs to provide information to
evaluate the following:
 Purchasing efficiency and effectiveness
 Supplier performance
 Time taken to move goods from receiving to
production
 Percent of purchase discounts taken
 Both financial and operating information are
needed to manage and evaluate these activities.
 Both external and internal information are
needed.
4-11
EXPENDITURE CYCLE
INFORMATION NEEDS
 When the AIS integrates information from the
various cycles, sources, and types, the reports
that can be generated are unlimited. They
include reports on:
 Supplier performance
 Outstanding invoices
 Performance of expenditure cycle employees
 Number of POs processed by purchasing agent
 Number of invoices processed by A/P clerk
 Number of deliveries handled by receiving clerk
4-12
EXPENDITURE CYCLE
INFORMATION NEEDS
 Number of inventory moves by warehouse worker
 Inventory turnover
 Classification of inventory based on contribution to
profitability
 Accountants should continually refine and
improve these performance reports.
4-13
 Document your understanding of the

expenditure cycle.
4-14
Expenditure Cycle:
Business Activities
 What are the three basic business
activities in the expenditure cycle?
1. Ordering goods, supplies and
services
2. Receiving and storing goods,
supplies and services
3. Paying for goods, supplies and
services
4-15
Expenditure Cycle:
Business Activities
Purchase Purchase GRN & Suppier Payment

Requisition Order Delivery Invoice Voucher
Note 4-16
The Expenditure Cycle
4-17
ORDERING GOODS,
SUPPLIES, AND SERVICES
 Key decisions in this process involve
identifying what, when, and how much to
purchase and from whom.
 Weaknesses in inventory control can create
significant problems with this process:
 Inaccurate records cause shortages.
 One of the key factors affecting this process
is the inventory control method to be used.
4-18
ORDERING GOODS,
 Alternate inventory control methods
 We will consider three alternate approaches to
inventory control:
• Economic Order Quantity (EOQ)
• Just in Time Inventory (JIT)
• Materials Requirements Planning (MRP)
4-19
ORDERING GOODS,
inventory control:
4-20
ORDERING GOODS,
 EOQ is the traditional approach to managing
inventory.
 Goal: Maintain enough stock so that production doesn’t get
interrupted.
 Under this approach, an optimal order size is calculated by
minimizing the sum of several costs:
• Ordering costs
• Carrying costs
• Stockout costs
 The EOQ formula is also used to calculate reorder point, i.e., the
inventory level at which a new order should be placed.
 Other, more recent approaches try to minimize or eliminate the amount
of inventory carried. 4-21
ORDERING GOODS,
inventory control:
4-22
ORDERING GOODS,
 MRP seeks to reduce inventory levels by
improving the accuracy of forecasting
techniques and carefully scheduling
production and purchasing around that
forecast.
Forecast Production Qty = Forecast Sales –
Opening Stocks + Forecast Closing Stocks
4-23
ORDERING GOODS,

inventory control:
4-24
ORDERING GOODS,
 JIT systems attempt to minimize or eliminate
inventory by purchasing or producing only in
response to actual (as opposed to forecasted) sales.
 These systems have frequent, small deliveries of
materials, parts, and supplies directly to the location
where production will occur.
 A factory with a JIT system will have multiple
receiving docks for their various work centers.
4-25
ORDERING GOODS,
 Similarities and differences between MRP
and JIT:
 Scheduling production and inventory
accumulation.
• MRP schedules production to meet estimated sales and
creates a stock of finished goods inventory to be available
for those sales.
• JIT schedules production in response to actual sales and
virtually eliminates finished goods inventory, because
goods are sold before they’re made.
4-26
ORDERING GOODS,
and JIT:
accumulation
 Nature of products
• MRP systems are better suited for products that have
predictable demand, such as consumer staples.
• JIT systems are particularly suited for products with
relatively short life cycles (e.g., fashion items) and for
which demand is difficult to predict (e.g., toys associated
with movies).
4-27
ORDERING GOODS,
and JIT:
accumulation
 Costs and efficiency
• Both can reduce costs and improve efficiency over
traditional EOQ approaches.
4-28
ORDERING GOODS,
and JIT:
accumulation
 Costs and efficiency
 Too much or too little
• In either case, you must be able to:
– Quickly accelerate production if there is unanticipated
demand.
– Quickly stop production if too much inventory is
accumulating. 4-29
ORDERING GOODS,
 Whatever the inventory control system, the order
processing typically begins with a purchase request
followed by the generation of a purchase order.
 A request to purchase goods or supplies is triggered
by either:
 The inventory control function; or
 An employee noticing a shortage.
 Advanced inventory control systems automatically
initiate purchase requests when quantity falls below
the reorder point.
4-30
Source Documents
1. Purchase requisition
2. Purchase order-Item A :15 units
3. Vendor list
4. Purchase invoice/ Supplier invoice
4-31
Source Documents (Cont)
5. Goods packing slip/ Packing List/ Delivery Note

– Item A 17 units
6. Receiving report/ Goods Received Note (GRN)

– Item A 15 units
Payment voucher & cheque
Dr Purchase Cr Supplier
5. Remittance advice
6. Supplier Statement 4-32
Ordering Goods, Supplies
And Services
 Documents and procedures:
 The purchase requisition is a
document that identifies the following:
– requisitioner and item number
– specifies the delivery location and
date needed
– specifies descriptions, quantity, and
price of each item requested
– may suggest a vendor
4-33
Expenditure Cycle
Reorder point
Request
Various Goods Inventory
departments (Purchase requisition) control
Order goods
4-34
Purchase Requisition -
Example
4-35
Expenditure Cycle
Back Orders
Revenue
Order goods cycle
Purchase
order Needs
Inventory Vendor Production

cycle
Receiving report Receive Receipt of goods

goods
4-36
And Services
 The purchase order is a document that
formally requests a vendor to sell and
deliver specified products at designated
prices.
 It is also a promise to pay and becomes a
contract once it is accepted by the vendor.
 Frequently, several purchase orders are
generated to fill one purchase requisition.
4-37
And Services
 What is a key decision?
– determine vendor
 What factors should be considered?
– price
– quality of materials
– dependability in making deliveries
(How fast?)
4-38
Purchase Order - Example
4-39
Receiving and Storing Goods,
Supplies and Services
 The second major business activity
involves the receipt and storage of
ordered items.
 Key decisions and information needs:
 The receiving department has two

major responsibilities:
1 Deciding whether to accept a delivery
2 Verifying quantity and quality
4-40
Expenditure Cycle
RECEIVING
From purchasing From suppliers
Packing Slip/
Purchase Order
Delivery Note
Verify order,
A count, and
inspect
4-41
Receiving and Storing Goods,
Supplies and Services
 The receiving report (Goods
Received Note) documents details
about each delivery, including the
date received, shipper, vendor, and
purchase order number.
 For each item received, it shows the
item number, description, unit of
measure, and count of the quantity
received.
4-42
Receiving Report / Goods
Received Note (GRN)
4-43
Example - Picking/Packing
List
5-44
Pay for Goods and Services:
Approve Vendor Invoices
 The third activity entails approving
vendor invoices for payments.
 The accounts payable department
approves vendor invoices for payment
 The cashier is responsible for making
the payment
4-45
PAYING FOR GOODS AND
SERVICES
 There are two basic sub-processes
involved in the payment process:
 Approval of vendor invoices
 Actual payment of the invoices
4-46
SERVICES
 There are two basic sub-processes
involved in the payment process:
 Approval of vendor invoices
 Actual payment of the invoices
4-47
SERVICES
 Approval of vendor invoices is done by
the accounts payable department,
which reports to the controller.
 The legal obligation to pay arises when
goods are received.
 But most companies pay only after
receiving and approving the invoice.
 This timing difference may necessitate
adjusting entries at the end of a fiscal
period.
4-48
SERVICES
 Objective of accounts payable:
 Authorizepayment only for goods and
services that were ordered and actually
received.
 Requires information from:
 Purchasing—about existence of valid
purchase order
 Receiving—for receiving report indicating
goods were received
4-49
Expenditure Cycle
ACCOUNTS PAYABLE
From From From

vendor purchasing stores
Purchase Receiving
Invoice order report
Compare, review,
verify N
accuracy
4-50
Expenditure Cycle
Cashier
From A/P A
Batch totals
Invoice
Receiving
report Compare and
Purchase reconcile
order
Disbursement Review and
voucher compute Batch
batch total total
4-51
Approve Vendor Invoices
 The objective of accounts payable is
to authorize payment only for goods
and services that were ordered and
actually received.
 There are two ways to process
vendor invoices:
1. Non-voucher system
2. Voucher system
4-52
SERVICES
 Thereare two basic approaches to
processing vendor invoices:
 Non-voucher system
• Each invoice is stored in an open invoice file.
• When a check is written, the invoice is marked “paid” and
then stored in a paid invoice file.
4-53
SERVICES
 Non-vouchersystem
 Voucher system
• A disbursement voucher is prepared which lists:
– Outstanding invoices for the supplier
– Net amount to be paid after discounts and allowances
• The disbursement voucher effectively shows which
accounts will be debited and credited, along with the
account numbers.
4-54
SERVICES
 Non-vouchersystem
 Voucher system
• Advantages of a voucher system:
– Several invoices may be paid at once, which reduces
number of checks written
– Vouchers can be pre-numbered which simplifies the audit
trail for payables
– Invoice approval is separated from invoice payment, which
makes it easier to schedule both to maximize efficiency
4-55
Improving Accounts Payable
Processing efficiency can be improved
by:
 Requiring suppliers to submit invoices
electronically, either by EDI or via the
Internet
 Eliminating vendor invoices. This
“invoiceless” approach is called
evaluated receipt settlement (ERS).
4-56
Evaluated receipt settlement
(ERS).
ERS is a business process between trading

partners that conduct commerce without
invoices.
In an ERS transaction, the supplier ships goods
based upon an Advance Shipping Notice (ASN), and
the purchaser, upon receipt, confirms the existence
of a corresponding purchase order or contract,
verifies the identity and quantity of the goods. The
purchaser authorizes supplier payment upon
confirmation of arrival of goods, making the4-57
invoice
redundant
Pay for Goods: Pay
Approved Invoices
 The cashier approves invoices
 The combination of vendor invoice
and supporting documentation is
called a voucher package.
 A key decision in the cash
disbursement process is determining
whether to take advantage of
discounts for prompt payment.
4-58
Disbursement / Payment
Voucher - Example
4-59
 Identify major threats in the

expenditure cycle
4-60
Control Objectives,
Threats, and Procedures
 The second function of a well-designed AIS
is to provide adequate controls to ensure
that the following objectives are met:
 Transactions are properly authorized.
 Recorded transactions are valid.
 Valid, authorized transactions are recorded.
 Transactions are recorded accurately.
12-61
Control Objectives,
 Assets (cash, inventory, and data) are
safeguarded from loss or theft.
 Business activities are performed
efficiently and effectively.
12-62
Control Objectives,
 What are some threats?
– stockouts
– purchasing too many or unnecessary
goods
– purchasing goods at inflated prices
– purchasing goods of inferior quality
– purchasing from unauthorized vendors
– kickbacks
12-63
Control Objectives,
– receiving unordered goods
– errors in counting goods
– theft of inventory
– failure to take available purchasing
discounts
– errors in recording and posting
purchases and payments
– loss of data
12-64
Control Objectives,
 What are some exposures?
– production delays and lost sales
– increased inventory costs
– cost overruns
– inferior quality of purchased goods
– inflated prices
– violation of laws or import quotas
– payment for items not received
12-65
Control Objectives,
– inaccurate inventory records
– loss of assets
– cash flow problems
– overstated expenses
– incorrect data for decision
making
12-66
Control Objectives,
 What are some control procedures?
– inventory control system-MRP, EOQ, JIT
– vendor performance analysis
– approved purchase requisitions
– restricted access to blank purchase
requisitions
– price list consultation
– budgetary controls
12-67
Control Objectives,
– use of approved vendor lists
– approval of purchase orders
– prenumbered purchase orders
– prohibition of gifts from vendors
– incentives to count all deliveries
– physical access control
– recheck of invoice accuracy
– cancellation of voucher package
12-68
End of Lecture
4-69
ACC200 - Accounting
Information Systems
Sem 3 2019
Topic 5 :The Revenue Cycle:
Sales and Cash Collections
Learning Objectives
1. Describe the basic business activities and
related data processing operations performed
in the revenue cycle.
2. Discuss the key decisions that need to be
made in the revenue cycle and identify the
information needed to make those decisions.
3. Document your understanding of the revenue
cycle
4. Identify major threats in the revenue cycle and
evaluate the adequacy of various control
procedures for dealing with those threats..
5-2
Describe the basic business activities

and related data processing
operations performed in the revenue
cycle.
5-3
Revenue Cycle
Business Activities
The revenue cycle is a recurring set of
business activities and related
information processing operations
associated with providing goods and
services to customers and collecting
cash in payment for those sales.
5-4
Revenue Cycle
Business Activities
 What are the five basic revenue cycle
business activities?
1 Sales Order Entry
2 Shipping/Delivery
3 Billing - Accounts Receivable & GL
4 Cash collections
5 Other Adjustments -Dr & Cr Note,
Provisions for Bad Debts
5-5
Overview of the Revenue
Cycle
5-6
The Revenue Cycle
5-7
Revenue Cycle Business Activities:
Sales Order Entry
Sales order entry process entails three steps:

1. Taking the customer’s order
2. Checking and approving the customer’s credit
3. Checking inventory availability
Sales order
5-8
Shipping
The second basic activity in the revenue

cycle – filling customer orders and
shipping the desired merchandise –
entails two steps:
1. Picking and packing the order
2. Shipping the order
5-9
Billing and Accounts Receivable
The third basic activity in the revenue

cycle involves:
1. Billing customers
2. Updating accounts receivable
5-10
Cash Collections
The fourth step in the revenue cycle is

cash collections. It involves:
1. Handling customer remittances
2. Depositing remittances in the bank
5-11
Discuss the key decisions that need to

be made in the revenue cycle and
identify the information required to
make those decisions.
5-12
Revenue Cycle –
Key Decisions
 The revenue cycle’s primary objective is
to provide the right product in the right
place at the right time for the right price.
 How does a company accomplish this
objective?
• To accomplish the revenue cycle’s primary
objective, management must make the
following key decisions:
5-13
Revenue Cycle –
Key Decisions
 To what extent can and should products be
customized to individual customers’ needs
and desires?
 How much inventory should be carried, and
where should that inventory be located?
 How should merchandise be delivered to
customers? Should the company perform
the shipping function itself or outsource it to
a third party that specializes in logistics?
5-14
Revenue Cycle –
Key Decisions
Key decisions, continued
 Should credit be extended to customers?
 How much credit should be given to
individual customers?
 What credit terms should be offered?
 How can customer payments be processed
to maximize cash flow?
5-15
Document your understanding of the

revenue cycle.
5-16
Revenue Cycle- Functions
 What are these functions?

– order entry
– credit
– finished goods
5-17
Revenue Cycle- Functions
– Shipping/deliver of goods
– billing
– accounts receivable
– general ledger
5-18
Sales Order Entry (Activity 1)
 This step includes all the activities involved

in soliciting and processing customer
orders.
– decisions concerning credit policies,
including the approval of credit
– information about inventory availability and
customer credit status from the inventory
control and accounting functions,
respectively
5-19
 The sales order entry function

involves three main activities:
1 Responding to customer inquiries
2 Checking and approving customer
credit
3 Checking inventory available
5-20
Information Needs
and Procedures
 The AIS should provide the operational
information needed to perform the following
functions:
 Respond to customer inquires about account
balances and order status.
 Decide whether to extend credit to a customer.
Decide what types of credit terms to offer.
 Set prices for products and services.
 Set policies regarding sales returns and
warranties. 5-21
 Next, the system checks whether the inventory
is sufficient to fill accepted orders.
- Determine inventory availability.
- Select methods for delivering merchandise.
 Internally generated documents produced by
sales order entry:
– Sales order
– Packing slip
– Picking ticket/Delivery Note
5-22
Shipping (Activity 2)
 Warehouse workers are responsible

for filling customer orders by removing
items from inventory.
 Determine the delivery method.
– in-house
– outsource
5-23
Shipping (Activity 2)
 Documents, records, and procedures:

 The picking ticket/delivery note printed by the
sales order entry triggers the shipping process
and is used to identify which products to
remove from inventory.
 A physical count is compared with the
quantities on the picking ticket and packing
slip.
 Some spot checks are made and a bill of
lading is prepared.
5-24
Billing and Accounts
Receivable (Activity 3)
 Two activities are performed at this stage
of the revenue cycle:
1 Invoicing customers
2 Maintaining customer accounts
• Accurate billing is crucial and requires
information identifying the items and
quantities shipped, prices, and special sales
terms.
5-25
 The sales invoice notifies customers of the
amount to be paid and where to send
payment.
 A monthly statement summarizes
transactions that occurred and informs
customers of their current account balance.
 A credit memo authorizes the billing
department to credit a customer’s account.
5-26
 Types of billing systems:
 In a postbilling system, invoices are
prepared after confirmation that the items
were shipped.
 In a prebilling system, invoices are prepared
(but not sent) as soon as the order is
approved.
 The inventory, accounts receivable, and
general ledger files are updated at this time.
5-27
 Methods for maintaining accounts receivable:
– open invoice method (Payments are applied
against a client’s individual invoices)
– balance-forward method (Payments are applied
against a client’s total outstanding balance).
 To obtain a more uniform flow of cash receipts,

many companies use a process called cycle
billing (send out larger invoices first).
5-28
Cash Collections (Activity 4)
 Two areas are involved in this activity:

1 The cashier
2 The accounts receivable function
5-29
Cash Collections (Activity 4)
 Documents, records, and procedures:
 Checks are received and deposited.
 The accounts receivable function must be able
to identify the source of any remittances and the
applicable invoices that should be credited.
 A remittance advice is prepared and entered
on-line showing the customer, invoice number,
and the amount of each payment.
 The system performs a number of on-line edit
checks to verify the accuracy of data entry.
5-30
Information Needs
and Procedures
 What are examples of additional information
the AIS should provide?
– response time to customer inquires
– time required to fill and deliver orders
– percentage of sales that require back orders
– customer satisfaction
– analysis of market share and trends
– profitability analyses by product, customer,
and sales region
5-31
Source Documents
1. Customer order
2. Order acknowledgement
3. Credit application
4. Sales order
5. Goods packing slip

Source Documents
6. Bill of lading
7. Shipping notice
8. Sales invoice
9. Remittance advice
10. Customer service log

Example - Customer
Purchase Order
5-34
Sales Order Document -
Example
5-35
Delivery Note/Order -
Example
5-36
Invoice - Example
Refer to note page below
5-37
Example - Picking/Packing
List
5-38
Bill of Lading/Delivery Note -
Example
5-39
Example - Remittance
Advice
5-40
Example - Official Receipt
5-41
Example - Debtors Statement
5-42
Example - Credit Note
5-43
 Identify major threats in the revenue

cycle and evaluate the adequacy of
various control procedures for dealing
with those threats.
5-44
Control Objectives,
 The second function of a well-
designed AIS is to provide adequate
controls to ensure that the following
objectives are met:
 Transactions are properly authorized.
 Recorded transactions are valid.
 Valid, authorized transactions are
recorded.
 Transactions are recorded accurately.
11-45
Control Objectives,
 Assets (cash, inventory, and data) are
 Business activities are performed
11-46
Control Objectives,
 What are some threats?
– credit sales to customers with poor
credit
– shipping errors
– theft of cash and inventory
– failure to bill customers
– billing errors
– loss of data
11-47
Control Objectives,
 What are some exposures?
– uncollectible sales and losses due to
bad debts
– customer dissatisfaction
– loss of assets and overstated assets
– loss of revenue and inventory
– incorrect records and poor decision
making
– loss of confidential information
11-48
Control Objectives,
 What are some control procedures?
– credit approval by credit manager and sales
function
– reconciliation of sales order with picking
ticket and packing slip
– restriction of access to inventory and data
– lockbox arrangement
– segregation of duties
11-49
Control: Objectives,
 The second function of a well-
designed AIS is to provide adequate
controls to ensure that the following
objectives are met:
 Transactions are properly authorized.
 Recorded transactions are valid.
5-50
Objectives, continued
 Valid, authorized transactions are
recorded.
 Transactions are recorded accurately.
 Assets (cash, inventory, and data) are
 Business activities are performed
5-51
Other Computer Controls
 need to develop (or update) a security policy
 orders - how do you authenticate the customer? /
require registration and login with password.
 customers with credit - they need to secure
passwords / if they wish to use the service,
security / confidentiality of orders (including
transmission of credit card details) / use
encrypted secure method (eg SSL).
 verification of credit card data and authorisation of
credit card payment / need link to credit card
companies and record their authorisation code for
each transaction.
5-52
Other Computer Control
 need to keep all new customer data secure /
physical security and logical security including
encryption of passwords.
 need to keep customers' credit card data secure /
separate server with restricted access by limited
number of own staff and encryption should be
used.
 need to keep web site secure / firewall, secure
architecture, and intrusion detection system, keep
all system software versions up to date, consider
also vulnerability testing.
 need to keep servers free of any virus/ firewall,
virus protection software and virus definitions
continuously kept up to date.
5-53
End of Lecture
5-54
ACC200 - Accounting
Information Systems
Sem 3 2019
Topic 6 : General
Ledger Reporting
System
Learning Objectives
1. Describe the information processing operations required to
update the general ledger and to produce other reports for
internal and external users.
2. Describe how the business processes provide data required
for general ledger (GL) updates.
3. Understand how the GL and business reporting capabilities
support an organization’s external and internal reporting
functions.
4. Understand the threats and controls to the GL Reporting
system
5. Appreciate the technologies underpinning the GL & Financial
Reporting Cycle
6-2
Introduction
 This topic discusses the

information processing
operations involved in updating
the general ledger and preparing
reports that summarize the
results of an organization’s
activities.
6-3
The Accounting Cycle
Make end-of-
Journalize month/year
transactions. Post entries to the Prepare trial
adjustments.
ledger accounts. balance.
Journalize and Prepare financial

Prepare after closing trial
post closing statements. Prepare
6-4 adjusted trial
balance. balance.
entries.
General Ledger and
Reporting Activities
 What are the four basic activities
performed in the general ledger
and reporting system?
1. Update the general ledger
2. Post adjusting entries
3. Prepare financial statements
4. Produce managerial reports
6-5
Update The General Ledger
(Activity 1)
 The first activity in the general ledger system is
to update the general ledger.
 Updating consists of posting journal entries
that originated from two sources:
1. Accounting sub-systems (revenue, expenditure,
production, payroll cycle)
2. The treasurer (purchase or sale of investments)
6-6
Update The General Ledger
(Activity 1)
Accounting Journal entry Update the

subsystems general ledger
Journal
entry
Treasurer Journal General

voucher ledger
6-7
The Ledger
Accounts are individual
Fixed Assets records showing increases
Inventory, Cash and decreases.
Accounts Receivable
Cash
Accounts
Payable, Loans
The entire group of accounts
is kept together in an
accounting record called a
ledger.
Share Capital &
Long Term
Liabilities
6-8
What is the
Chart of Accounts?
 The chart of accounts is a list of all
general ledger accounts used by an
organization.
 It is important that the chart of
accounts contains sufficient detail to
meet the information needs of the
organization.
6-9
Example of Chart of
Accounts
The design of the structure of the chart of
accounts is of crucial importance in AIS
because it affects and information content and
presentation of the financial statements.
The chart of account will differ from one

organisation to the next depending on the form
or nature of the organisation ie sole trader,
partnership, company or trading,
manufacturing, consultancy etc
6-10
Forms of Business
Organizations
Sole
Proprietorship Partnership Companies
6-11
Specimen Chart of Accounts
- Trading Co
6-12
Specimen Chart of Accounts -
Partnership
6-13
IS Functions of the General
Ledger System
All general ledgers should (must):
 collect transaction data promptly and accurately
Input
 classify/code data and accounts
 validate collected transactions/ maintain
accounting controls (e.g., equal debits and credits)
Process
 process transaction data
• post transactions to proper accounts
• update general ledger accounts and transaction files
Output
• record adjustments to accounts
 store transaction data
 generate timely financial reports 6-14
Record Transaction Data
in Journals
 After transaction data have been
captured on source documents, the
next step is to record the data in a
journal.
 A journal entry is made for each
transaction showing the accounts and
amounts to be debited and credited.
6-15
in Journals
 The general journal records infrequent
or non-routine transactions (eg
depreciation).
 Specialized journals simplify the
process of recording large numbers of
repetitive transactions ( eg sales
invoices, purchases, bank payments
& receipts).
 What are the four most common types
6-16
of transactions?
in Special Journals
1 Credit sales
2 Cash receipts
3 Purchases on account
4 Cash disbursements
6-17
The General Journal
In an actual accounting system, transactions are initially

recorded in the journal.
GENERAL JOURNAL
Date Account Titles and Explanation Debit Credit

2001
May 1 Ca sh 8,000
Jill Jones, Capital 8,000
O wner invested cash in the business. 6-18
Modifying an Accounting
System
Most businesses use special journals rather than a
general journal to record routine transactions that
occur frequently.
GENERAL JOURNAL
6-19
Sales Journal/Sales Day
Book
Date Particulars Inv No Amount
June 1 Jake Sparks 0001 3,000
June 1 Heather Jacobs 0002 7,000
Transferred to Sales A/C 10,000
6-20
Post Transactions to
Ledgers
Types of Ledgers
 General Ledger - summary level data

 Subsidiary Ledger - detailed data
- Accounts Receivable
- Account Payable
- Inventory
- Fixed Assets
- Cashbook
6-21
Ledgers
 A subsidiary ledger records all the
detailed data for any general ledger
account that has many individual sub-
accounts.
 What are some commonly used
subsidiary ledgers?
– accounts receivable
– inventory
– accounts payable
6-22
Subsidiary Ledgers: A
Source of Needed Details
General Ledger
Controlling Account Accounts Receivable
Date Debit Credit Balance
2001
June 1 10,000 10,000
15 3,000 7,000
Subsidiary Ledger
Jake Sparks
2001
June 1 3,000 3,000
15 1,000 2,000
Subsidiary Ledger
Heather Jacobs
2001
June 1 7,000 7,000 6-23
15 2,000 5,000
Ledgers
 Ledgers are used to summarize the
financial status, including the current
balance, of individual accounts.
 The general ledger contains
summary-level data for every asset,
liability, equity, revenue, and expense
account of an organization.
6-24
Ledgers
 What is the general ledger account
corresponding to a subsidiary ledger
called?
– Control account
 A control account contains the total
amount for all individual accounts in
the subsidiary ledger.
6-25
Subsidiary Ledgers: A
Source of Needed Details
General Ledger
Credit Sales
2001
June 1 10,000.00 10,000
6-26
Controlling Account in Unit of Organization Within the
the General Ledger Subsidiary Ledger
Inventory Each type of product offered for
sale
Plant assets Each asset (or group ofsimilar
assets)
Accounts payable Each creditor
Capital stock Each stockholder
Sales Each department, branch
location, or product line
Cost of goods sold Same organization as the sales
ledger
Many expense accounts Each department incurring these
types of expenses
6-27
Payroll expenses Each employee
Post Adjusting Entries
(Activity 2)
 The second activity in the general

ledger system involves posting
various adjusting entries.
 Adjusting entries originate from the
controller’s office, after the initial trial
balance has been prepared.
6-28
(Activity 2)
Journal Post adjusting
voucher entries
Adjusting Adjusted trial

entries balance
Prepare
Accountant Financial statements financial
statements
6-29
(Activity 2)
 What are the five basic categories of
adjusting entries?
1 Accruals (wages payable)
2 Prepayments (rent, interest, insurance)
3 Estimates (depreciation, provision for
doubtful debts)
4 Revaluation (change in inventory method)
5 Correction of errors
6-30
Entries to Apportion
Unrecorded Costs
$2,400 Insurance Policy Coverage for
12 Months
$200 Monthly Insurance Expense
Jan. 1 Dec. 31
On January 1, Webb, Co. purchased a one-year insurance

policy for $2,400.
6-31
Unrecorded Costs
Initially, costs that benefit more than one accounting period
are recorded as assets.
GENERAL JOURNAL

Jan. 1 Unexpired Insurance 2,400
Cash 2,400
Purchase a one-year insurance policy.
6-32
Unrecorded Costs
The costs are expensed as they are used to generate
revenue.
GENERAL JOURNAL

Monthly Adjusting Entry for Insurance
Jan. 31 Insurance Expense 200
Unexpired Insurance 200
Insurance expense for January. 6-33
Unrecorded Costs
Balance Sheet Income Statement
Cost of assets that Cost of assets used this
benefit future periods. period to generate revenue.
Unexpired Insurance Insurance Expense

1/1 2,400 1/31 200 1/31 200
Bal. 2,200
6-34
Prepare Financial
Statements (Activity 3)
 The third activity in the general ledger
and reporting system involves the
preparation of financial statements.
 The income statement is prepared
first.
 The balance sheet is prepared next.
 The cash flows statement is prepared
last.
6-35
Financial Statements
Companies prepare interim

financial statements and
annual financial
statements.
2000
X
6-36
Introduction to Financial
Statements
Describes where the
Balance Sheet enterprise stands at a
specific date.
Income Statement
6-37
Statements
Balance Sheet
Depicts the revenue

Income Statement and expenses for a
designated period of
Statement of Cash Flows time.
6-38
Relationships Among
Financial Statements
Beginning of End of
period period
Time
Balance Balance
Sheet Sheet
Income Statement
6-39
Statements
Balance Sheet
Net income (or net

Income Statement loss) is simply the
difference between
Statement of Cash Flows revenues and
expenses.
6-40
Statements
Balance Sheet
Income Statement
Statement of Cash Flows Depicts the ways cash

has changed during a
designated period of
time.
6-41
Produce Managerial Reports
(Activity 4)
 The final activity in the general
ledger and reporting system involves
the production of various managerial
reports.
 What are the two main categories of
managerial reports?
1. General ledger control reports
2. Budgets
6-42
(Activity 4)
 What are examples of control reports?
– lists of journal vouchers by numerical
sequence, account number, or date
– listing of general ledger account
balances
 What are examples of budgets?
– operating budget
– capital expenditures budget
6-43
(Activity 4)
 Budgets and performance reports
should be developed on the basis of
responsibility accounting.
 What is responsibility accounting?
 It involves reporting financial results
on the basis of managerial
responsibilities within an organization.
6-44
Identify the major threats in

general ledger and reporting
activities, and evaluate the
adequacy of various internal
control procedures for dealing
with them.
6-45
 What are the control objectives in
the general ledger and reporting
system?
1. Updates to the general ledger are
properly authorized.
2. Recorded general ledger
transactions are valid.
3. Valid, authorized general ledger
transactions are recorded.
6-46
4. General ledger transactions are

accurately recorded.
5. General ledger data are
6. General ledger system activities are
performed efficiently and effectively.
6-47
Technologies Underpinning the
GL & Financial Reporting Cycle
 ERP (Enterprise Resource Planning)

o Improves the integration of enterprise - wide data
 Online banking
 XBRL (eXtensible Business Reporting

Language)
o A data standard used when generating financial
reports
6-48
WHAT IS ERP?
 Those activities supported by multi-module
application software that help a company
manage the important parts of its business in
an integrated fashion
 Key features include:

 Smooth and seamless flow of information
across organizational boundaries
 Standardized environment with shared
database independent of applications and
integrated applications 6-49
ERP System BUSINESS ENTERPRISE
Legacy
Data Warehouse Systems
ERP System
On-Line Analytical Processing Bolt-On Applications

(OLAP) (Industry Specific Functions)
Customers Suppliers
Core Functions [On-Line Transaction Processing (OLTP)]
Sales
Business Shop Floor
& Logistics
Planning Control
Distribution
Operational Database
Customers, Production,
Vendor, Inventory, etc.
6-50
XBRL: REVOLUTIONIZING THE
REPORTING PROCESS
 Although financial statements appear
electronically in a variety of formats, until
recently disseminating this information was
cumbersome and inefficient.
 Recipients (SEC, IRS, etc.) required the information
in a variety of formats which was time-consuming.
 Also conducive to errors, because re-entry of the
information was often necessary.
 Underlying problem: Lack of standards for
identifying the content of data.
6-51
REPORTING PROCESS
 Solution: Extensible Business Reporting
Language (XBRL)
 A variant of XML designed specifically to communicate
the contents of financial data.
 Creates tags for each data item much like HTML tags.
• Tag names specify line items in financial statements.
• Other fields in the tag provide information such as the year,
units of measure, etc.
 Major software vendors are developing tools to
automatically generate XBRL codes so
accountants won’t need to write code.
6-52
REPORTING PROCESS
 XBRL provides two major benefits:
 Organizations can publish their financial
statements on time in a format that anyone
can use.
 Recipients will no longer need to manually re-
enter data they acquired electronically so that
decision support tools can analyze them.
• Means search for data on the Internet will be more
efficient and accurate.
6-53
End of Chapter 6
ACC200 - Accounting
Information Systems
Sem 3 2019
Topic 7 : Risk & Controls
7-1
Learning Objectives
1. Describe the risks/threats to an AIS and

discuss why these threats are growing.
2. Explain the basic concepts of control as
applied to business organizations.
3. Describe the major classification/types of
controls is a computerized system.
4. Describe the techniques used to analyze
internal control systems.
7-2
Risks/Threats to Accounting
Information Systems
 natural and political disasters
 software errors and equipment malfunctions
 unintentional acts (accidents caused by
human carelessness)
 intentional acts (fraud)
7-3
Overview of Control
Concepts
What is the traditional definition of internal
control?
Internal control is the plan of organization
and the methods a business uses to
safeguard assets, provide accurate and
reliable information, promote and improve
operational efficiency, and encourage
adherence to prescribed managerial policies.
7-4
Overview of Control
Concepts
What is management control?
 Management control encompasses the
following three features:
1 It is an integral part of management
responsibilities.
2 It is designed to reduce errors, irregularities,
and achieve organizational goals.
3 It is personnel-oriented and seeks to help
employees attain company goals.
7-5
Internal Control Classifications
 The specific control procedures used in the

internal control and management control systems
may be classified using the following four internal
control classifications:
1 Preventive, detective, and corrective controls
2 General and application controls
3 Administrative and accounting controls
4 Input, processing, and output controls
7-6
AIS Controls
 COSO and COSO-ERM address general

internal control
 COBIT addresses information technology
internal control
7-7
Committee of Sponsoring
Organizations
 The Committee of Sponsoring
Organizations (COSO) is a private sector
group consisting of five organizations:
1 American Accounting Association
2 American Institute of Certified Public
Accountants
3 Institute of Internal Auditors
4 Institute of Management Accountants
5 Financial Executives Institute
7-8
Organizations
 In 1992, COSO issued the results of a study to
develop a definition of internal controls and to
provide guidance for evaluating internal control
systems.
 The report has been widely accepted as the
authority on internal controls.
7-9
Organizations
 The COSO study defines internal control as
the process implemented by the board of
directors, management, and those under their
direction to provide reasonable assurance
that control objectives are achieved with
regard to:
– effectiveness and efficiency of operations
– reliability of financial reporting
– compliance with applicable laws and
regulations
7-10
Computer Processing
and Exposures
 What are some aspects of computer
processing that can increase the risk
and/or potential dollar loss of exposures?
– Mechanical/electronic processing of data
– mechanical/electronic data storage
– complexity of processing
7-11
Organizations
 COSO’s internal control model has
five crucial components:
1. Control environment
2. Control activities
3. Risk assessment
4. Information and communication
5. Monitoring
7-12
Describe the major
elements in the control
environment of a
business organization.
7-13
COSO 1- The Control
Environment
 The first component of COSO’s internal control
model is the control environment.
 The control environment consists of many
factors, including the following:
1 Commitment to integrity and ethical
values
2 Management’s philosophy and operating
style
3 Organizational structure
7-14
COSO 1 - The Control
Environment
4 The audit committee of the board of directors
5 Methods of assigning authority and
responsibility
6 Human resources policies and practices
7 External influences
7-15
External Influences
Concerning an Entity and
Internal Control
• make and keep books, records, and accounts,
which in reasonable detail, accurately and fairly
reflect the transactions and dispositions of the
assets of the issuer;
• devise and maintain a system of internal
accounting controls sufficient to provide
reasonable assurance that :-
7-16
External Influences
Concerning an Entity and
Internal Control
1 transactions are executed in accordance
with management’s authorization;
2 transactions are recorded as necessary-
validity;
3 access to assets is permitted only in
accordance with management’s
authorization- custody;
4 the recorded accountability for assets is
compared with the existing assets -
completeness.
7-17
COSO 2- Control Activities
 The second component of COSO’s

internal control model is control
activities.
 Generally, control procedures fall into
one of five categories:
1 Proper authorization of transactions
and activities
2 Segregation of duties
7-18
COSO 2 - Control Activities
3 Design and use of adequate

documents and records
4 Adequate safeguards of assets and
records
5 Independent checks on performance
7-19
COSO 2-Proper Authorization
of Transactions and Activities
 Authorization is the empowerment
management gives employees to
perform activities and make decisions.
 Digital signature or fingerprint is a
means of signing a document with a
piece of data that cannot be forged.
 Specific authorization is the granting
of authorization by management for
certain activities or transactions.
7-20
COSO 2 - Control Activities
 Segregation of duties involves…

– segregation of authorization from
recording of transactions.
– segregation of authorization from
custody of assets.
– segregation of recording transactions
from custody of assets.
7-21
COSO 2 - Segregation of
Duties
 Good internal control demands that no
single employee be given too much
responsibility.
 An employee should not be in a
position to perpetrate and conceal
fraud or unintentional errors.
7-22
COSO 2- Segregation of
Duties
Custodial Functions
Handling cash
Handling assets
Writing checks
Receiving checks in mail Authorization Functions
Authorization of
Recording Functions transactions
Preparing source documents
Maintaining journals
Preparing reconciliations
Preparing performance reports
7-23
Duties
 If two of these three functions are the
responsibility of a single person,
problems can arise.
 Segregation of duties prevents employees
from falsifying records in order to conceal
theft of assets entrusted to them.
 Prevent authorization of a fictitious or
inaccurate transaction as a means of
concealing asset thefts.
7-24
Duties
Segregation of duties prevents an
employee from falsifying records to
cover up an inaccurate or false
transaction that was inappropriately
authorized.
7-25
COSO 2 - Design and Use
of Adequate Documents and
Records
 The proper design and use of documents
and records helps ensure the accurate and
complete recording of all relevant
transaction data.
 Documents that initiate a transaction should
contain a space for authorization.
7-26
7-27
COSO 2 - Adequate Safeguards
of Assets and Records
 What can be used to safeguard assets?
– cash registers
– safes, lockboxes
– safety deposit boxes
– restricted and fireproof storage areas
– controlling the environment
– restricted access to computer rooms,
computer files, and information
7-28
COSO 2 - Adequate Safeguards of
Assets and Records
 The following procedures safeguard assets
from theft, unauthorized use, and
vandalism:
– effectively supervising and segregating
duties
– maintaining accurate records of assets,
including information
– restricting physical access to cash and paper
assets
– having restricted storage areas
7-29
COSO 2 - Independent
Checks on Performance
Independent checks ensure that
transactions are processed accurately are
another important control element.
7-30
 What are various types of
independent checks?
– reconciliation of two independently
maintained sets of records
– comparison of actual quantities with
recorded amounts (i.e. stock-take)
– double-entry accounting
– batch totals
7-31
 Five batch totals are used in computer
systems:
1 A financial total is the sum of a dollar
field.
2 A hash total is the sum of a field that
would usually not be added.
7-32
3 A record count is the number of
documents processed.
4 A line count is the number of lines of
data entered.
5 A cross-footing balance test compares
the grand total of all the rows with the
grand total of all the columns to check
that they are equal.
7-33
COSO 3 - Risk Assessment
 The third component of COSO’s internal control

model is risk assessment.
 Companies must identify the threats they face:
– strategic — doing the wrong thing
– financial — having financial resources lost,
wasted, or stolen
– information — faulty or irrelevant information, or
unreliable systems
7-34
COSO Enterprise Risk
Management – 8 components
1. Internal Environment - the overall culture, atmosphere,
and tone of the organization.
2. Objective Setting - management's process for setting
objectives in a way that is consistent with their tolerance
for risk.
3. Event identification - the process of identifying internal
and external events that affect the entity's opportunities
and risks as they relate to achieving management
objectives.
4. Risk assessment - the process of analyzing risks, the
likelihood of identified events, and their potential impact.
7-35
COSO Enterprise Risk
Management
5. Risk response - the process of responding to risks and
identified events.
6. Control activities - the policies and procedures that are
implemented to effect risk responses.
7. Information and communication - the overall flow of
information as it's applied to managing risks in support of
the other ERM components.
8. Monitoring - the process of monitoring the entire ERM
process.
7-36
Companies that implement electronic data

interchange (EDI) must identify the threats the
system will face, such as:
1 Choosing an inappropriate technology
2 Unauthorized system access
3 Tapping into data transmissions
4 Loss of data integrity
7-37
5 Incomplete transactions
6 System failures
7 Incompatible systems
7-38
 Risk assessment is the process of

identifying, analyzing, and managing
risks that affect the company’s
objectives.
 Probably the most critical step in risk
assessment is identifying internal and
external changing conditions.
7-39
Some threats pose a greater risk because the
probability of their occurrence is more likely.
For example:
 A company is more likely to be the victim of a
computer fraud rather than a terrorist attack.
 Risk and exposure must be considered
together.
7-40
COSO 3 - Components of
the Internal Control Process
 Responsibility has to do with management
and the board of directors being
responsible for establishing and maintaining
the internal control process.
 Reasonable assurance has to do with the
relative costs and benefits of controls.
7-41
COSO 3 - Estimate Cost
and Benefits
 No internal control system can provide
foolproof protection against all internal
control threats.
 The cost of a foolproof system would be
prohibitively high.
 One way to calculate benefits involves
calculating expected loss.
7-42
COSO 3 - Estimate Cost
and Benefits
The benefit of a control procedure is the
difference between the expected loss with
the control procedure(s) and the expected
loss without it.
Expected loss = risk × exposure
7-43
Risk Management
Strategies
Once risks have been identified and assessed, all
techniques to manage the risk fall into one or more
of these four major categories:
 Avoidance (eliminate, withdraw from or not
become involved)
 Reduction (optimize – mitigate)
 Sharing (transfer – outsource or insure)
 Retention (accept and budget)
7-44
COSO 4 - Information and
Communication
The fourth component of COSO’s internal control
model is information and communication.
 Accountants must understand the following:
1 How transactions are initiated
2 How data are captured in machine-readable
form or converted from source documents
7-45
Communication
3 How computer files are accessed and
updated
4 How data is processed to prepare
information
5 How information is reported
6 How transactions are initiated
 All of these items make it possible for the system to
have an audit trail.
 An audit trail exists when individual company
transactions can be traced through the system7-4.6
Communication
 Information refers to the organization’s
accounting system.
 The accounting system consists of the
methods and records established to identify,
assemble, analyze, classify, record, and
report the organization’s transactions...
7-47
Communication
– and to maintain accountability for the
related assets and liabilities.
 What is an audit trail?
 An audit trail is comprised of the

documentary evidence of the various
control techniques that a transaction
was subject to during its processing.
7-48
Communication
 Communication relates to providing a
clear understanding regarding all
policies and procedures relating to
controls.
 Good communication requires
effective oral communication,
adequate procedure manuals, policy
manuals, and other types of
documentation.
7-49
COSO 5 - Monitoring
Performance
The fifth component of COSO’s internal
control model is monitoring.
What are the key methods of monitoring
performance?
– effective supervision
– responsibility accounting
– internal auditing
7-50
COSO 5 - Monitoring
Performance
 It involves the ongoing process of
assessing the quality of internal
controls over time and taking
corrective actions when necessary.
 Monitoring is accomplished through
ongoing activities and separate
evaluations.
7-51
Computer Controls and
Security
7-52
COBIT
 COBIT (Control Objectives for Information

and Related Technologies) is a good-
practice framework created by international
professional association ISACA for information
technology (IT) management and IT
governance.
 COBIT provides an implementable "set of
controls over information technology and
organizes them around a logical framework of
IT-related processes and enablers." 7-53
COBIT
 Is my information technology organisation

doing the right things?
 Are we doing them the right way?
 Are we getting them done well?
 Are we getting the benefits?

7-54
COBIT Framework
7-55
COBIT Benefits
• More effective tools for IT to support

business goals
• More transparent and predictable full life-
cycle IT costs
• More timely and reliable information from IT
• Higher quality IT services and more
successful projects
• More effective management of IT-related
risks
7-56
Introduction to Controls
Controls may relate to manual AIS’s, to computer-
based AIS’s, or both
Controls may be grouped into
 General controls,
 Application controls, and
 Security measures
 Controls may also be grouped in terms of risk
aversion: Corrective, Preventive, and Detective
Controls
 These categories are intertwined and an appropriate
balance is needed for an effective internal control
structure 7-57
General vs Application
Controls
 A company designs general controls
to ensure that its overall computer
system is stable and well managed.
 Application controls prevent, detect

and correct errors in transactions as
they flow through the various stages
of a specific data processing program.
7-58
General Controls
 General controls concern the overall

environment of transaction processing.
 They comprise the following:
– the plan of data processing organization
– general operating procedures
– equipment control features
– equipment and data-access controls
7-59
General Controls
 A company designs general controls

to ensure that its overall computer
system is stable and well managed.
 The following are categories of
general controls:
1 Developing a security plan
2 Segregation of duties within the

systems function
7-60
General Controls
3 Project development controls

4 Physical access controls
5 Logical access controls
6 Data storage controls
7 Data transmission controls
8 Documentation standards
9 Minimizing system downtime
7-61
General Controls
10 Disaster recovery plans

11 Protection of personal computers and
client/server networks
12 Internet controls
7-62
Developing a Security Plan
 Developing and continuously updating a

comprehensive security plan is one of the
most important controls a company can
identify.
 What questions need to be asked?
 Who needs access to what information?
 When do they need it?
 On which systems does the information

reside? 7-63
Physical Access Controls
 How can physical access security be

achieved?
– placing computer equipment in locked rooms
and restricting access to authorized personnel
– having only one or two entrances to the
computer room
– requiring proper employee ID
– requiring that visitors sign a log
– installing locks on PCs 7-64
Logical Access Controls
 Users should be allowed access only

to the data they are authorized to
use and then only to perform
specific authorized functions.
 What are some logical access
controls?
– passwords
– physical possession identification
– biometric identification 7-65

Data Storage Controls
 Information is generally what gives a

company a competitive edge and
makes it viable.
 A company should identify the types
of data maintained and the level of
protection required for each.
 A company must also document the
steps taken to protect data.
7-66
Data Storage Controls
 A properly supervised file library is one

essential means of preventing loss of data.
 A file storage area should also be protected
against fire, dust, excess heat, or humidity.
 Following are types of file labels that can be
used to protect data files from misuse:
– external labels
– internal labels (volume, header, trailer)
7-67
Minimizing System
Downtime
 Significant financial losses can be
incurred if hardware or software
malfunctions cause an AIS to fail.
 What are some methods used to
minimize system downtime?
– preventive maintenance
– uninterruptible power system (UPS)
7-68
Disaster Recovery Plan
 Every organization should have a disaster

recovery plan so that data processing capacity can
be restored as smoothly and quickly as possible in
the event of a major disaster.
 What are the objectives of a recovery plan?
1 Minimize the extent of the disruption, damage, and

loss.
2 Temporarily establish an alternative means of
processing information.
7-69
3 Resume normal operations as soon as

possible.
4 Train and familiarize personnel with
emergency operations.
 A sound disaster plan should contain the
following elements:
1 Priorities for the recovery process
2 Backup data and program files
7-70
3 Specific assignments
4 Complete documentation
5 Backup computer and telecommunications
facilities
 reciprocal agreements
 hot and cold sites
7-71
Protection of PCs
 Why are PCs more vulnerable to security

risks than are mainframes?
 It is difficult to restrict physical access.
 PC users are usually less aware of the

importance of security and control.
 Many people are familiar with the operation
of PCs.
 Segregation of duties is very difficult.
7-72
Protection of PCs
 Many of the policies and procedures for

mainframe control are applicable to PCs
and networks.
The following controls are also important:
 Train users in PC-related control concepts.
 Restrict access by using locks and keys on

PCs.
 Establish policies and procedures.
7-73
Protection of PCs
 Portable PCs should not be stored in cars.

 Back up hard disks regularly.
 Encrypt or password protect files.
 Use multilevel password controls to limit

employee access to incompatible data.
7-74
IT Governance
IT governance is concerned with whether IT is
being used within the organisation in the
manner intended
 Four main objectives

1. Ensuring consistency with organisation goals
2. Ensuring IT used to optimise business opportunities
3. To ensure responsible usage
4. Ensuring appropriate risk management strategies are
in place
Application Controls
 Application controls are specific to individual
applications.
 Application controls pertain directly to the transaction
processing systems. The objectives of application
controls are to ensure that all transactions are
legitimately authorized and accurately recorded,
classified, processed, and reported
Application controls are categorized as follows:
– input
– processing
– output
7-76
Input Controls
Aims to ensure data is correctly and accurately input
o Standardised forms o Transaction authorisation

o Pre-numbered procedures
documents o Batch totals
o Sequence Checks o Independent review
o Turnaround
documents
Input Controls
Data Entry Checks  Validity check
 Field check • Input compared with
• Characters proper type? Text, master data to confirm
integer, date, and so on existence
 Sign check  Reasonableness check
• Proper arithmetic sign? • Logical comparisons
 Limit check  Check digit verification
• Input checked against fixed • Computed from input value
value? to catch typo errors
 Range check  Prompting
• Input within low and high range • Input requested by system
value?  Close-loop verification
 Size check • Uses input data to retrieve
• Input fit within field? and display related data
 Completeness check
• Have all required data been
entered?
7-78
Processing Controls
Aims to ensure data is correctly and accurately

processed
oRun-to-run totals
oReconciliations
oBatch totals
oSequence checks
oHash totals
Processing Controls
 Data Matching
 Multiple data values must match before processing occurs.
 File Labels
 Ensure correct and most current file is being updated.
 Batch Total Recalculation
 Compare calculated batch total after processing to input totals.
 Cross-Footing and Zero Balance Tests
 Compute totals using multiple methods to ensure the same
results.
 Write Protection
 Eliminate possibility of overwriting or erasing existing data.
 Concurrent Update
 Locking records or fields when they are being updated so
multiple users are not updating at the same time.
7-80
Output Controls
 User Review
 Verify reasonableness, completeness, and routed to intended
individual
 Reconciliation
 Data Transmission Controls
 Check sums
• Hash of file transmitted, comparison made of hash before
and after transmission
 Parity checking
• Bit added to each character transmitted, the characters can
then be verified for accuracy
7-81
Application Controls
 Application controls may also be

classified as follows:
– preventive
– detective
– corrective
7-82
Preventive Control
 Training
 User access controls (authentication
and authorization)
 Physical access controls (locks,
guards, etc.)
 Network access controls (firewalls,
intrusion prevention systems, etc.)
 Device and software hardening
controls (configuration options) 7-83
Preventive Controls
 Another control is installing a firewall
(hardware and software) that control
communications between a company’s
internal network (trusted network) and an
external network.
 The firewall is a barrier between the
networks that does not allow information to
flow into and out of the trusted network.
7-84
PREVENTIVE CONTROLS
 Users can be authenticated by verifying:
 Something they know, such as passwords or
PINs.
 Something they have, such as smart cards or
ID badges.
 Some physical characteristic (biometric
identifier), such as fingerprints or voice.
7-85
PREVENTIVE CONTROLS
 Passwords are probably the most commonly
used authentication method and also the
most controversial.
 An effective password must satisfy a number
of requirements:
• Length
 Longer is better.
 Should be at least 8 characters.
7-86
PREVENTIVE CONTROLS
most controversial.
of requirements:
• Length
• Multiple character types
 Use a mix of upper-and lower-case
alphabetic, numeric, and special
characters.
7-87
PREVENTIVE CONTROLS
• Passwords should not be words found in the
most controversial.
dictionary or dictionary words preceded or followed
by a number such as 4dog or dog4.
 An ef fective password must satisfy a number
• Should not be related to the employee’s personal
of requirements:
interests or hobbies, because special-purpose,
• Lengthpassword-cracking dictionaries can be found on the
Internet containing the most common passwords
• Multiplerelated
character types
to various topics.
• Random
7-88
PREVENTIVE CONTROLS
most controversial.
of requirements:
• Length
• • Thecharacter
Multiple types
most important requirement.
• • A password must be kept secret to be effective.
Random
• Secret
7-89
PREVENTIVE CONTROLS
 A password that meets the preceding criteria is
typically difficult to memorize—exacerbated by
the typical requirement that the password be
changed every 90 days.
 So most people either:
 Select passwords that can be easily guessed but can
be memorized; or
 Select passwords that meet the criteria for a strong
password but write them down.
 When the password is written down, it changes from
something the employee knows to something the
employee has, which can be stolen and used.
7-90
PREVENTIVE CONTROLS
 Authorization controls are implemented by
creating an access control matrix.
 Specifies what part of the IS a user can
access and what actions they are permitted to
perform.
 When an employee tries to access a
particular resource, the system performs a
compatibility test that matches the user’s
authentication credentials against the matrix
to determine if the action should be allowed.
7-91
PREVENTIVE CONT ROLS
 Who has
User Identification Files Programs
Code the
Number Password A B C 1 2 3 4 authority
12345 ABC 0 0 1 0 0 0 0 to delete
12346 DEF 0 2 0 0 0 0 0
12354 KLM 1 1 1 0 0 0 0 Program
12359 NOP 3 0 0 0 0 0 0 2?
12389 RST 0 1 0 0 3 0 0
12567 XYZ 1 1 1 1 1 1 1
Codes for type of access:

0 = No access permitted
1 = Read and display only
2 = Read, display, and update
3 = Read, display, update, create, and delete
7-92
Detective Controls
 Log Analysis
 Process of examining logs to identify evidence
of possible attacks
 Intrusion Detection
 Sensors and a central monitoring unit that
create logs of network traffic that was
permitted to pass the firewall and then analyze
those logs for signs of attempted or successful
intrusions
 Managerial Reports
7-93
 Security Testing
Firewall
7-94
Corrective Controls
 Computer Incident Response Team
 Chief Information Security Officer (CISO)
 Independent responsibility for information security
assigned to someone at an appropriate senior
level
 Patch Management
 Fix known vulnerabilities by installing the latest
updates
• Security programs
• Operating systems 7-95
• Applications programs
Describe the techniques
used to analyze internal
control systems.
7-96
Analysis of Internal Control
Processes
 The analysis of an internal control
process requires an understanding of
the process both as it is designed and
as it actually operates.
 Internal control processes routinely
collect information concerning the
following:
– fulfillment of duties
– transfer of authority
7-97
Analysis of Internal Control
Processes
– approval
– verification
 This documentation of internal control
duties must be examined to evaluate
the reliability of the system’s
operations.
 Reliability is dependent on the people
who administer internal control
procedures.
7-98
Analytical Techniques
 The internal control questionnaire is a

common analytical technique used in
internal control analysis.
 Internal control questionnaires have
been a central element in an audit
program.
 Questionnaires are a standard form in
public accounting firms and internal
audit departments.
7-99
Analytical Techniques
 Questionnaires are essentially

checklists to ensure that a review
does not omit an area of major
importance.
 What are other forms of analysis?
– write-ups
– flowcharts
– application control matrix
7-100
End of Lecture
7-101
ACC200 - Accounting
Information Systems
Sem 3 2019
Topic 8: Ethics & Computer Fraud

MCQ only
Learning Objectives
1. Broad issues pertaining to business ethics

2. Ethics in accounting information systems
3. Describe fraud and describe the process one follows to
perpetuate a fraud.
4. Discuss why fraud occurs, including the pressures,
opportunities, and rationalizations that are present in most
frauds.
5. Compare and contrast the approaches and techniques
that are used to commit computer fraud.
6. Describe how to deter and detect computer fraud.
8-2
The Importance of Ethics
 Ethics are the implicit rules that guide us in our
everyday behaviour, thoughts and actions. Ethics is
how we act to make the ‘right’ choice and produce
‘good’ behaviour
 Ethical theories are used to assist in deciding on the
best course of action:
o Consequentialist theories: action is best that produces the greatest good for the
greatest number. The criterion might be satisfied by an action that causes great
harm to a small number of people while giving a small benefit to a great number.
o Non – consequentialist theories: rightness or wrongness of an action based on
properties intrinsic to the action, not on its consequences. People should be free
to do as they like as long as they respect the freedom of others to do the same.
8-3
Computer Ethics
It concerns the social impact of computer technology
(hardware, software, and telecommunications).
What are the main computer ethics issues?
 Privacy Artificial intelligence
 Security and accuracy  Unemployment and displacement

 Computer misuse
 Ownership of property
 Internal control integrity
 Environmental issues
 Equity in access
8-4
COMPUTER ETHICAL ISSUES
1. Privacy:
 Ownership of personal information
 Policies
2. Security:
 have potential to disseminate inaccurate info to authorized users.
Systems attempt to prevent fraud and abuse of computer systems,
furthering the legitimate interests of firm
 Shared databases
3. Ownership of Property - Federal copyright laws

4. Race - African-Americans and Hispanics constitute 20% of population
but 7% of MIS professionals 8-5
Privacy - Cookies
 Cookies are small electronic files placed on a

computer to record sites viewed and viewing
preferences
 Cookies are linked with data mining and

customer profiling
 Customer profiling is the building up of detailed

customer information based on data gathered
from various sources and combined 8-6
5. Equity in Access:
 Some barriers are avoidable, some are not
 Factors: economic status, affluence of firm, documentation
language, cultural limitations
6. Environmental Issues:
 Should firms limit non-essential hard copies?
 What is non-essential?
 Disposal of equipment and supplies (toner)
7. Artificial Intelligence:
 Who is responsible for faulty decisions from an Expert
System? 8-7
 What is the extent of AI/ES in decision-making processes?
8. Unemployment & Displacement:
 Computers and technology sometimes replace jobs
(catch-22, productivity)
 Some people unable to change with IT, get displaced a
find it difficult to obtain new job
9. Misuse of Computer:
 Copying proprietary software
 Using a firm’s computers for personal benefit
 Snooping through firm’s files
8-8
10. Internal Control Responsibility:
 Unreliable information leads to bad decision, possible
financial distress
 Management must establish and maintain a system of
appropriate internal controls to ensure integrity and
reliability of data (antithetical)
 IS professionals and accountants are central to adequate
internal controls
8-9
What is Fraud?
Statement of Auditing Standards - use of deception to obtain an unjust
or illegal financial advantage and intentional misrepresentation
affecting the financial statements by one or more individuals among
management, employees or 3rd parties. Fraud may involve:-
• falsification or alteration of accounting records or documents
• misappropriation of assets or theft
• suppression or omission of the effects of transactions from records or
documents
• intentional misapplication of accounting policies
• wilful misrepresentation of transactions or the entity’s state of affairs
• recording transactions without substance – eg sale did no8t-1t0akeplace
Common Exposures
Excessive Deficient
Costs Revenue
EXPOSURES
Loss of Inaccurate
Assets Accounting
8-11
Common Exposures
Business Statutory
Interruption Sanctions
EXPOSURES
Competitive Fraud and

Disadvantages Embezzlement
8-12
FRAUD SCHEMES
 Fraudulent financial statements
 Corruption
 Bribery
 Illegal gratuities
 Conflicts of interest
 Economic extortion
8-13
FRAUD SCHEMES
Asset misappropriation
 Charges to expense accounts
 Lapping
 Kiting
 Transaction fraud
8-14
EMPLOYEE FRAUD
Employee Theft
1) Theft of asset
2) Conversion of asset (to cash, to
fraudster)
3) Concealment of fraud
8-15
Red Flags in Cash/Accounts
Receivable
 Abnormal number of expense items,
supplies, or reimbursement to the employee
 Presence of employee checks in the petty
cash for the employee in charge of petty cash
 Excessive or unjustified cash transactions
 Large number of write-offs of accounts
 Bank accounts that are not reconciled on a
timely basis
Common Types of Fraud
Including, but not limited to:

 Falsifying timesheets for a higher amount of pay
 Pilfering stamps
 Stealing of any kind (e.g., cash, petty cash,
supplies, equipment, tools, data, records, etc.)
 Forgery (not just check forgery, e.g. forging
department head signatures on purchase orders)
 Lapping collections on customers’ accounts
 Check Kiting
 Pocketing payments on customers’ accounts,
issuing receipts on self-designed receipt books
Common Types of Fraud
 Not depositing all cash receipts (deposits are not “intact”)
 Creating fictitious employees and collecting the paychecks
(impersonation)
 Failing to end personnel assignments for terminated
employees and collecting the paychecks
 Paying for personal expenses with business funds
 Increasing vendor invoices through collusion
 Paying fictitious suppliers
 Billing for services not rendered and collecting the cash
 Seizing checks payable to vendors
 Recording fictitious transactions on the books to cover up
theft
MANAGEMENT FRAUD
Special Characteristics:
1. Perpetrated at levels of management above the one where internal

controls relate
2. Frequently involves using the financial statements to create false

image of corporate financial health
3. If fraud involves misappropriation of assets, it frequently is

shrouded in a complex maze of business transactions, and often
involves third parties.
8-19
Management Fraud Red
Flags
 Reluctance to provide information to auditors
 Managers engage in frequent disputes with
auditors
 Management decisions are dominated by an
individual or small group
 Managers display significant disrespect for
regulatory bodies
 There is a weak internal control environment
 Accounting personnel are lax or inexperienced in
their duties
 Decentralization without adequate monitoring
Management Red Flags
 Excessive number of checking accounts

 Frequent changes in banking accounts
 Frequent changes in external auditors
 Company assets sold under market value
 Significant downsizing in a healthy market
 Continuous rollover of loans
 Excessive number of year end transactions
 High employee turnover rate
Why Fraud Occurs
What are some common characteristics

of fraud perpetrators?
 Most spend their illegal income rather than

invest or save it.
 Once they begin the fraud, it is very hard for
them to stop.
 They usually begin to rely on the extra income.
8-22
Why Fraud Occurs
 Perpetrators of computer fraud tend to be

younger and possess more computer
knowledge, experience, and skills.
 Some computer fraud perpetrators are more
motivated by curiosity and the challenge of
“beating the system.”
 Others commit fraud to gain stature among
others in the computer community.
8-23
Why Fraud Occurs
Three conditions are necessary for

fraud to occur:
1. A pressure or motive – low salary
2. An opportunity – poor internal
controls
3. A rationalization - No one will ever
know/ Everyone does it.
8-24
Fraud Triangle
Pressure
Co Circumstances Making
Fraud Easier
Among the several opportune situations, in which fraud
is easier to commit and detection is less likely, the
following three are very important.
• Weak or non-existent internal accounting controls.
•Accounting estimates requiring significant judgment
by company management.
• Unusual or complex transactions.
• Poor hiring and firing practices
8-26
Organisational structure and
its effect on internal controls
 Centralisation or decentralisation of authority
 Assignment or responsibility for specific tasks
 Whether there is direct reporting relationship or more of
a matrix structure
 Organisation by industry, product line, geographical
location, or by a particular distribution or marketing
network
 The way responsibility allocation affects management’s
information requirements
 The organisations of the accounting and information
system functions
8-27
 The size and nature of company activities.
Compare and contrast the
fraud schemes and
techniques that are used to
commit computer fraud.
8-28
Fraud Schemes
 Three categories of fraud schemes

according to the Association of
Certified Fraud Examiners:
A. fraudulent statements
B. corruption
C. asset misappropriation
8-29
Fraudulent Statements
 Misstating the financial statements to

make the copy appear better than it is
 Usually occurs as management fraud
 May be tied to focus on short-term

financial measures for success
 May also be related to management
bonus packages being tied to financial
statements
8-30
Corruption
 Examples:
 bribery
 illegal gratuities
 conflicts of interest
 economic extortion
8-31
Asset Misappropriation
 Most common type of fraud and often occurs
as employee fraud.
 Examples:
 making charges to expense accounts to cover
theft of asset (especially cash)
 lapping: using customer’s check from one
account to cover theft from a different account
 transaction fraud: deleting, altering, or adding
false transactions to steal assets
8-32
Asset Misappropriation-The
Process
Most frauds involve three steps.
The theft of
something
The conversion
to cash
The
concealment
8-33
Asset Misappropriation - The
Fraud Process
 What is a common way to hide a theft?
– to charge the stolen item to an expense
account
 What is a payroll example?
– to add a fictitious name to the company’s
payroll
8-34
Asset Misappropriation - The
Fraud Process
 What is lapping?
 In a lapping scheme, the perpetrator
steals cash received from customer A
to pay its accounts receivable.
 Funds received at a later date from
customer B are used to pay off
customer A’s balance, etc.
8-35
Asset Misappropriation -The
Fraud Process
What is kiting?
 In a kiting scheme, the perpetrator
covers up a theft by creating cash
through the transfer of money
between banks.
 The perpetrator deposits a check from
bank A to bank B and then withdraws
the money.
8-36
Asset Misappropriation -The
Fraud Process
 Since there are insufficient funds in bank A
to cover the check, the perpetrator deposits
a check from bank C to bank A before his
check to bank B clears.
 Since bank C also has insufficient funds,
money must be deposited to bank C before
the check to bank A clears.
 The scheme continues to keep checks from
bouncing.
8-37
Computer Fraud
 The U.S. Department of Justice defines

computer fraud as any illegal act for which
knowledge of computer technology is
essential for its perpetration, investigation,
or prosecution.
 What are examples of computer fraud?
– unauthorized use, access, modification,
copying, and destruction of software or data
8-38
Computer Fraud/Abuse
 Theft, misuse, or misappropriation of assets by
altering computer data
 Theft, misuse, or misappropriation of assets by
altering software programming
 Theft or illegal use of computer data/information
 Theft, corruption, illegal copying or destruction of
software or hardware
 Theft, misuse, or misappropriation of computer
hardware
8-39
The Rise in Computer Fraud
 Organizations that track computer

fraud estimate that 80% of U.S.
businesses have been victimized by
at least one incident of computer
fraud.
8-40
The Rise in Computer Fraud
No one knows for sure exactly how much

companies lose to computer fraud. Why?
 There is disagreement on what computer fraud is.
 Many computer frauds go undetected, or
unreported.
 Most networks have a low level of security.
 Many Internet pages give instructions on how to
perpetrate computer crimes.
 Law enforcement is unable to keep up with fraud.
8-41
Computer Fraud
Classifications
Data fraud
Input Output
fraud Processor fraud fraud
Computer
instruction fraud 8-42
Individuals Posing a Threat
to the Information System
 A successful attack on an information
system requires access to hardware,
sensitive data file, or critical programs.
 Three groups of individuals could be
involved in an information system’s
attack:
1 Information systems personnel
2 Users
3 Intruders 8-43
 Information systems personnel
include the following:
– computer maintenance persons
– programmers
– network operators
– information systems administrative
personnel
– data control clerks
8-44
 Users are composed of
heterogeneous groups of people and
can be distinguished from the others
because their functional area does not
lie in data processing.
 An intruder is anyone who accesses
equipment, electronic data, or files
without proper authorization.
 Who are hackers?
8-45
 A hacker is an intruder who attacks a
system for fun and challenge.
 What are other types of intruders?
– unnoticed intruders
– wiretappers
– piggybackers
– impersonating intruders
– eavesdroppers
8-46
Data Collection Fraud
 This phase of the system is most vulnerable
because it is very easy to change data as it
is being entered into the system.
 Also, GIGO (garbage in, garbage out)
reminds us that if the input data is
inaccurate, processing will result in
inaccurate output.
8-47
Data Processing Fraud
Program Frauds
 altering programs to allow illegal access
to and/or manipulation of data files
 destroying programs with a virus
Operations Frauds
 misuse of company computer resources,
such as using the computer for personal
business
8-48
Database Management
Fraud
Altering, deleting, corrupting, destroying,
or stealing an organization’s data
 Oftentimes conducted by disgruntled
or ex-employee
8-49
Information Generation
Fraud
Stealing, misdirecting, or misusing computer output
Scavenging
- searching through the trash cans on the computer
center for discarded output (the output should be
shredded, but frequently is not)
8-50
Examples of Computer
Crime - Cybercrime
 Cybercrime: a crime committed using a computer
and/or the internet
 Cybercrime is often used interchangeably with terms

such as:
o Computer crime
o Computer related crime
o E-crime
o High tech crime
o Cyber fraud
o Internet crime
8-51
Examples of Computer Crime
 Malware: malicious code designed to damage, steal
data or disrupt computer systems and networks
 Viruses: a program or code that is designed to infect

a program, boot sector, partition sector or document
 Trojans: are harmful pieces of software that look

legitimate
 Bots: when used maliciously a bot is designed to

infect the host and connect back to a remote server
that is not controlled by the organisation
8-52
 Spam is the sending of unsolicited emails or junk

email
 Phishing and identity fraud is a technique of online

deception that has users go to a fraudulent website
and leave personal details
 Denial of Service (DoS) attack - an attack meant to
shut down a machine or network, making it
inaccessible to its intended users. DoS attacks
accomplish this by flooding the target with traffic, or
sending it information that triggers a crash. 8-53
Social Engineering involves manipulating an individual

into providing personal information that can be used to
break into a computer network or to assume their identity
Examples:
 Piggybacking — latching onto a legitimate user in
data communications.
 Masquerading or Impersonation — the perpetrator
gains access to the system by pretending to be an
authorized user.
 Identity theft — illegally assuming someone else's
identity, usually with the social security number.
8-54
Social Engineering Techniques
 Posing — fraudsters try to collect personal information

by pretending to be legitimate business colleagues.
 Phishing — a technique of online deception that has
users go to a fraudulent website and leave personal
details such as requesting user ID or password or other
confidential data.
 Vishing — pretending to be a legitimate business
colleague and attempting to get a victim to provide
confidential information over the phone.
 Carding — using stolen credit card information.
 Pharming — redirecting website traffic to a spoofed
website. 8-55
Social engineering techniques
 Typosquatting — setting up websites with names
similar to real websites.
 Scavenging — gaining access to confidential data by
searching corporate records in dumpsters or
computer storage.
 Shoulder surfing — looking over a person's shoulder
in a public place to see PIN or passwords.
 Skimming — manually swiping a credit card through a
handheld card reader and storing the data for future
use.
 Eavesdropping — observation of private
communications by wiretapping or other surveillance
techniques. 8-56
How to deter and
detect computer
fraud.
8-57
Company Policies to prevent
and detect Computer &
Employee Fraud
1 Make fraud less likely to occur.- Preventive

 Use proper hiring and firing practices.
 Manage disgruntled employees.
 Train employees in security and fraud
prevention.
 Manage and track software licenses.
 Require signed confidentiality agreements.
8-58
Employee Fraud
2 Increase the difficulty of committing fraud.-

Preventive
 Develop a strong system of internal
controls.
 Segregate duties.
 Require vacations and rotate duties.
 Restrict access to computer equipment
and data files.
8-59
 Encrypt data and programs.
Employee Fraud
3 Improve detection methods.- Detective
 Protect telephone lines and the system
from viruses.
 Control sensitive data.
 Control laptop computers.
 Monitor hacker information.
8-60
Employee Fraud
4 Reduce fraud losses.- Corrective
 Maintain adequate insurance.
 Store backup copies of programs and
data files in a secure, off-site location.
 Develop a contingency plan for fraud
occurrences.
 Use software to monitor system
activity and recover from fraud.
8-61
Employee Fraud
5 Encourage integrity, ethical values and
competence through its managerial
practices. - Preventive
 Through organisational culture that stresses integrity and
commitment to both ethical values and competence.
 Through the examples set by the CEO and other members of
the management because company employees tend to adopt
top management’s attitudes about risks and controls.
 By endorsing integrity as basic operating principle by actively
teaching and requiring it such as placing priorities for an
honest report than favourable ones.
8-62
Employee Fraud
5 (Continued)
 By avoiding unrealistic expectations, incentives, or temptations
that motivate employees to engage in dishonest, illegal or
unethical acts such as implying the acquisition of revenues at
any price, overly aggressive sales practices and unfair or
unethical negotiations tactics
 Through consistent rewards and encouragement of honesty
 By developing clearly stated policies that explicitly describe
honest and dishonest behaviours, in the form of a written code of
conduct, and communicate them to employees.
 By requiring employees to report any incident of dishonest, illegal
or unethical acts and discipline employees who knowingly fail to
report violations.
8-63
Forensic Accounting
 What is forensic accounting?

 Forensic accounting is one of several
terms used to describe the activities of
persons who are concerned with
preventing and detecting fraud and white-
collar crime. – Forensic Accountants
8-64
End of Lecture
8-65
ACC200 - Accounting
Information Systems
Sem 3 2019
Topic 9 -Database Concepts

Learning Objectives
 Explain the importance and advantages of databases.
 Describe the difference between database systems and
file-based legacy systems.
 Explain the difference between logical and physical
views of a database.
 Explain fundamental concepts of database systems
such as DBMS, schemas, the data dictionary, and
DBMS languages.
 Describe what a relational database is and how it
organizes data.
 Create a set of well-structured tables to store data in a
relational database.
9-2
Data Bases
 For many years, companies created

new files and programs each time an
information need arose.
 This proliferation of master files
created problems:
1 Often the same data was stored in
two or more separate files.
2 The specific data values stored in the
different files was not always
9-3
consistent.
Data Bases
 Data base management system

(DBMS) is the program that manages
and controls access to the data base.
 Data base system is the combination
of the data base, the DBMS, and the
application program that uses the data
base.
 Data base administrator (DBA) is the
person responsible for the data base.
9-4
File-Oriented/Flat File
Approach to Data Storage
 In the file-oriented(flat file) approach to
data storage computer applications
maintain their own set of files
 This traditional approach focuses
on individual applications, each
of which have a limited number
of users, who view the data as
being “owned” by them
9-5
File-Oriented or Flat File
Approach
File # 1
Item A Application
Item B program #1
Item C
File # 2
Item B Application
Item D program #2
Item E 9-6
Deficiencies of the File-
Oriented Approach
 Files and data elements used in more than one application
must be duplicated, which results in data redundancy
 As a result of redundancy, the characteristics of data
elements and their values are likely to be inconsistent
 Outputs usually consist of preprogrammed reports instead of
ad-hoc queries provided upon request. This results in
inaccessibility of data
 Changes to current file-oriented applications cannot be made
easily, nor can new developments be quickly realized, which
results in inflexibility
 It is difficult to represent complex objects using file processing
systems.
9-7
Data Bases
 The data base approach views data
as an organizational resource that
should be used by, and managed for,
the entire organization, not just the
originating department or function.
 Its focus is data integration and data
sharing.
 Integration is achieved by combining
master files into larger pools of data
that can be accessed by many
application programs. 9-8
Data Base Approach
Data base Application

program #1
Item A Data base

Item B Application
management program #2
Item C system
Item D
Item E Application
program #3
9-9
Characteristics of the
Database Approach
 Data Independence - the separation of the
data from the various application programs
and other accesses by users
 Data Standardization - data elements
within a database have standard
definitions, thus stored data are compatible
with every application program that
accesses the data
 One-Time Data Entry and Storage -
individual data values are entered into the
database only once; consequently,
redundancy is reduced and inconsistencies
between data elements are eliminate9d-10
Characteristics of the
Database Approach
 Data Integration - data sets integrate the data, which
enables all affected data sets to be updated
simultaneously
 Shared Data Ownership - all data within a database are
owned in common by the users. The portion of the
database that is of interest to each user is known as the
sub-schema
 Centralized Data Management - the database
management system stands guard over the database and
presents the logical view to users and application
programs
9-11
Advantages of the
Database Approach
 Efficient use of computerized storage space
 Each subsystem has access to the other’s information (data sharing)
 Minimizing Data Redundancy and Data Inconsistency - Eliminates the
same data being stored in multiple files, thus reducing inconsistency in
multiple versions of the same data.
 Data Independence - Data is separate from the programs that access it.
Changes can be made to the data without necessitating a change in the
programs and vice versa.
 All application programs utilize the same computer file, thereby
simplifying operations
 Fewer backup files for security purposes
 Relieves some users from data-gathering responsibilities in
situations where these users previously gathered their own data
9-12
Disadvantages of the
Database Approach
 Databases can be expensive to implement
because of hardware and software costs.
 Additional software, storage, and network
resources must be used
 A DBMS can only run in certain operating
environments, which makes some unsuitable
for certain alternate hardware/operating system
configurations
 Because it is radically different from the file-oriented
approach, the database approach may cause initial
inertia, or complications and resistance
9-13
Logical and Physical
Views of Data
 A major advantage of data base
systems over file-oriented systems is
that the data base systems separate
the logical and physical view of data.
 What is the logical view?
 It is how the user or programmer

conceptually organizes and
understands the data.
9-14
Views of Data
 What is the physical view?
 It refers to how and where the data
are physically arranged and stored on
disk, tape, CD-ROM, or other
media.
 The DBMS controls the data base so
that users can access, query, or
update it without reference to how or
where the data are physically stored.
9-15
Views of Data
Logical View User A Logical View User B
Past Due Accounts
Name Balance Days Sales by Region
Jones 2100 50
Perez 1000 60
Data
Operating base
DBMS system 9-16
Views of Data
 What is program-data independence?
 It is the separation of the logical and
physical views of data.
9-17
Identify the three levels of
database architecture.
9-18
Database Management Systems
and Their Architecture
Database contents
Uses of database
Conceptual Desired reports
Level Information to be reviewed
Eg Inventory, Purchases, Sales,

Payroll
9-19
Logical data structures:

•Tree (hierarchical)
Logical/External
•Network
Level
•Relational
eg Debtors reports,Creditors
reports
9-20
Access methods:
•Sequential
Physical •Indexed-sequential
Level •Direct
•eg - Inventory Record- field

lengths, field types
9-21
Documenting Data in Data-
Base Systems
 The Conceptual Data Model is the logical
grouping of data on entities
 Two common Conceptual Data Modeling
techniques are:
 The Data Dictionary
 Entity-Relationship Diagrams
9-22
Data Dictionary
 A data dictionary is a computer file that maintains
descriptive information about the items in a
database It contains information about the structure
of the data base.
 For each data element/field stored in the data base,
such as the customer number, there is a
corresponding record in the data dictionary
describing it. Examples of information that might be
stored in a data dictionary are source document(s)
used to create the data item, programs that update
the data item and classification information about
the item’s length and data type 9-23
The Data Dictionary
 The data dictionary is often one of the

first applications of a newly
implemented data base system.
 What are some inputs to the data
dictionary?
– records of any new or deleted data
elements
– changes in names, descriptions, or
uses of existing data elements
9-24
The Data Dictionary
 What are some outputs of the data

dictionary?
– reports useful to programmers, data base
designers, and users of the information
system
 What are some sample reports?
– lists of programs in which a data item is used
– lists of all synonyms for the data elements in
a particular file
9-25
Data Dictionary Format
Items in a Data Dictionary Occurrence

Specifications Utilization
n Name Owner
n Definition Where used
n Aliases Security code
Last update
Characteristics
n Size
n Range of Values
n Encoding
n Editing Data
9-26
Data Dictionary
9-27
Logical Data Structures
 The relationships that exist between

the segments in the database are
determined by the logical data
structure, also called the schema or
database model.
9-28
Schemas
 What are schemas?

 A schema describes the logical
structure of a data base.
 There are three levels of schemas:
1 Conceptual-level schema
2 External-level schema
3 Internal-level schema
9-29
Schemas
 The conceptual-level schema is an

organization-wide view of the entire
data base.
 The external-level schema consists of
a set of individual user views of
portions of the data base, also
referred to as a subschema.
 The internal-level schema provides a
low-level view of the data base.
9-30
Schemas
Subschema A Surbschema B Surbschema C
Jones 210 xxxxxxx
Perez 100 xxxxxxx
Mapping external level views to conceptual level schema
Inventory Sales Customer
Cash receipt 9-31

Schemas
Inventory Sales Customer
Cash receipt
Mapping conceptual level items

to internal level descriptions
Inventory Record
Item number – integer (5), non-null, index = item x
Description – character (15), Cost – curren9c-3y2 (6,2)
DBMS Languages
 Every DBMS must provide a means of

performing the three basic functions:
1 Creating the data base – Data Definition
2 Changing the data base – Data Manipulation
3 Querying the data base – Data query
 The sets of commands used to perform these
functions are referred to as the data definition, data
manipulation, and data query languages.
9-33
DDL Language
 The data definition language (DDL) is used

to...
– build the data dictionary.
– initialize or create the data base.
– describe the logical views for each
individual user or programmer.
– specify any limitations or constraints on
security imposed on data base record or
fields.
9-34
Eg - Data Definition
Language (DDL) Command
9-35
DML Language
 The data manipulation language

(DML) is used for data maintenance.
 What does it include?
– updating portions of the data base
– inserting portions of the data base
– deleting portions of the data base
9-36
Eg- Data Manipulation
Language (DML)
9-37
DQL Language
 The data query language (DQL) is

used to interrogate the data base.
 The DQL retrieves, sorts, orders, and
presents subsets of the data base in
response to user queries.
9-38
Eg - Data Query Language
(DQL) Command
9-39
Query a Relational Data
Base
Operations available to the user of a relational DBMS are:
3 Fundamental Operations performed on tables:-

•Project - Creates a New Table by selecting specified columns
•Restrict - Creates tables that meet criteria
•Join - Joining two or more tables together by specifying rows
& Columns
1-40
RELATIONAL DATABASES
 There are two basic ways to design well-
structured relational databases.
 Normalization
 Semantic data modeling
9-41
 Normalization
 Starts with the assumption that everything is
initially stored in one large table (aka
relations).
 A set of rules is followed to decompose that
initial table into a set of normalized tables.
 Objective is to produce a set of tables in third-
normal form (3NF) because such tables are
free of update, insert, and delete anomalies.
 Approach is beyond the scope of this book
but can be found in any database textbook.
9-42
Semantic data modeling
 Database designer uses knowledge about
how business processes typically work and
the information needs associated with
transaction processing to draw a graphical
picture of what should be included in the
database. (ER & REA Diagrams)
 The resulting graphic is used to create a set
of relational tables that are in 3NF.
9-43
 The relational data model represents
everything in the database as being stored in
the forms of tables (aka, relations).
9-44
STUDENTS
Last First Phone
Stu dent ID Name Name No.
333-3 3-3333 Relation
Simpson Alice 333-3333
111-11-1111 Sanders Ned 444-4444
123-45-6789 Moore Artie 555-5555
COURSES
Course ID Course Section Day Time
1234 ACCT-3603 1 MWF 8:30
1235 ACCT-3603 2 TR 9:30
1236 MGMT-2103 1 MW 8:30
STUDENT x COURSE
SCID Student ID Course
333333333-1234 333-33-3333 1234
333333333-1236 333-33-3333 1236
111111111-1235 111-11-1111 1235
111111111-1236 111-11-1111 1235 9-45
 This model only describes how the data
appear in the conceptual- and external-level
schemas.
 The data are physically stored according to
the description in the internal-level schema.
9-46
STUDENTS Each row is called
Last First Phone a tuple, which
Stu dent ID Name Name No. rhymes with
333-3 3-3333 Simpson Alice 333-3333 “couple.”
111-11-1111 Sanders Ned 444-4444
123-45-6789 Moore Artie 555-5555
COURSES
1234 ACCT-3603 1 MWF 8:30
1235 ACCT-3603 2 TR 9:30
1236 MGMT-2103 1 MW 8:30
STUDENT x COURSE
SCID
333333333-1234
333333333-1236
111111111-1235
111111111-1236 9-47
Each row
STUDENTS
contains data
Last First Phone
about a specific
333-3 3-3333 occurrence of the
Simpson Alice 333-3333
type of entity in
111-11-1111 Sanders Ned 444-4444
the table.
123-45-6789 Moore Artie 555-5555
COURSES
1234 ACCT-3603 1 MWF 8:30
1235 ACCT-3603 2 TR 9:30
1236 MGMT-2103 1 MW 8:30
STUDENT x COURSE
SCID
333333333-1234
333333333-1236
111111111-1235
111111111-1236 9-48
STUDENTS Each column in a
Last First Phone table contains
Stu dent ID Name Name No. information about
333-3 3-3333 Simpson Alice 333-3333 a specific attribute
111-11-1111 Sanders Ned 444-4444 of the entity.
123-45-6789 Moore Artie 555-5555
COURSES
1234 ACCT-3603 1 MWF 8:30
1235 ACCT-3603 2 TR 9:30
1236 MGMT-2103 1 MW 8:30
STUDENT x COURSE
SCID
333333333-1234
333333333-1236
111111111-1235
111111111-1236 9-49
STUDENTS
Last First Phone
333-3 3-3333 Simpson Alice 333-3333
111-11-1111 Sanders Ned 444-4444
123-45-6789 Moore Artie 555-5555
COURSES
1234 ACCT-3603 1 MWF 8:30
1235 ACCT-3603 2 TR 9:30
1236 MGMT-2103 1 MW 8:30
STUDENT x COURSE
A primary key is the
SCID attribute or combination of
333333333-1234 attributes that uniquely
333333333-1236 identifies a specific row in
111111111-1235 a table.
111111111-1236 9-50
STUDENTS
Last First Phone
333-3 3-3333 Simpson Alice 333-3333
111-11-1111 Sanders Ned 444-4444
123-45-6789 Moore Artie 555-5555
COURSES
1234 ACCT-3603 1 MWF 8:30
1235 ACCT-3603 2 TR 9:30
1236 MGMT-2103 1 MW 8:30
STUDENT x COURSE
SCID
333333333-1234 In some tables, two or more attributes
333333333-1236 may be joined to form the primary key.
111111111-1235
111111111-1236 9-51
STUDENTS
First Advisor
Student ID Last Name Name Phone No. No.
333-33-3333 Simpson Alice 333-3333 1418
111-11-1111 Sanders Ned 444-4444 1418
123-45-6789 Moore Artie 555-5555 1503
ADVISORS
Advisor No. Last Name First Name Office No.
1418 Howard Glen 420
1419 Melton Amy 316
1503 Zhang Xi 202
1506 Radowski J.D. 203
A foreign key is an attribute in one table that is a primary key in

another table.
9-52
STUDENTS
First Advisor
333-33-3333 Simpson Alice 333-3333 1418
111-11-1111 Sanders Ned 444-4444 1418
123-45-6789 Moore Artie 555-5555 1503
ADVISORS
1419 Melton Amy 316
1503 Zhang Xi 202
Foreign keys are used to link tables together.
9-53
STUDENTS
First Advisor
333-33-3333 Simpson Alice 333-3333 1418
111-11-1111 Sanders Ned 444-4444 1418
123-45-6789 Moore Artie 555-5555 1503
ADVISORS
1419 Melton Amy 316
1503 Zhang Xi 202
Other non-key attributes in each table store important

information about the entity.- Secondary Keys
9-54
 Alternatives for Storing Data
 One possible alternate approach would be to
store all data in one uniform table.
 For example, instead of separate tables for
students and classes, we could store all data
in one table and have a separate line for each
student x class combination.
9-55
Last First Sectio
Student I D Name Name Phone No. Course No. n Day Time
333-33-3333 Simpson Alice 333-3333 ACCT-3603 1 M 9:00 AM
333-33-3333 Simpson Alice 333-3333 FIN-3213 3 Th 11:00 AM
333-33-3333 Simpson Alice 333-3333 MGMT-3021 11 TH 12:00 PM
111-11-1111 Sanders Ned 444-4444 ACCT-3433 2 T 10:00 AM
111-11-1111 Sanders Ned 444-4444 MGMT-3021 5 W 8:00 AM
111-11-1111 Sanders Ned 444-4444 ANSI-1422 7 F 9:00 AM
123-45-6789 Moore Artie 555-5555 ACCT-3433 2 T 10:00 AM
123-45-6789 Moore Artie 555-5555 FIN-3213 3 Th 11:00 AM
• Using the suggested approach, a student taking three classes would

need three rows in the table.
• In the above, simplified example, a number of problems arise.
9-56
Last First
Student I D Name Name Phone No. Course No. Sect. Day Time
• Suppose Alice Simpson changes her phone number. You need to make
the change in three places. If you fail to change it in all three places or
change it incorrectly in one place, then the records for Alice will be
inconsistent.
• This problem is referred to as an update anomaly.
9-57
Last First
• What happens if you have a new student to add, but he hasn’t signed
up for any courses yet?
• Or what if there is a new class to add, but there are no students enrolled
in it yet? In either case, the record will be partially blank.
• This problem is referred to as an insert anomaly.
9-58
Last First
• If Ned withdraws from all his classes and you eliminate all three of his
rows from the table, then you will no longer have a record of Ned. If
Ned is planning to take classes next semester, then you probably didn’t
really want to delete all records of him.
• This problem is referred to as a delete anomaly.
9-59
Record-Key
 Record keys: These are data elements within
records that serve as sort keys. e.g., customer-
account number
 Two types of keys often used in master and
transaction file records are a primary key and one or
more secondary keys
 A Primary key (also called a record key) is the
attribute that uniquely identifies a specific record.
They are usually of numeric or alphanumeric modes,
e.g., customer number
 A Secondary key is an attribute other than the
primary key and represents an alternative way to sort
or access records in a file, e.g., customer last name
1-60
Primary & Secondary Keys
1-61
Basic Requirements of the
Relational Data Model
1 Primary keys must be unique – Entity
Integrity Rule
2 Every foreign key must either be null
or have a value corresponding to the
value of a primary key in another
relation- Referential Integrity Rule
3 Each column in a table must describe
a characteristic of the object identified
by the primary key.
9-62
Basic Requirements of the
Relational Data Model
4 Each column in a row must be single-
valued.
5 The value in every row of a specific
column must be of the same data
type.
6 Neither column order nor row order is
significant.
9-63
SCHEMATIC DATA MODELLING :
ENTITY-RELATIONSHIP
DIAGRAMS
 Anentity-relationship (E-R)
diagram is a graphical technique for
portraying a database schema.
 Showsthe various entities being
modeled and the important relationships
among them.
9-64
SCHEMATIC DATA MODELLING :
ENTITY-RELATIONSHIP
DIAGRAMS
 An entity is anything about which the
organization wants to collect and store
information.
 Example: Your university collects and stores
information about students, courses, enrollment
activity, etc.
 In a relational database, separate tables would
be created to store information about each
distinct entity.
 In an object-oriented database, separate classes
would be created for each distinct entity.9-65
ENTITY-RELATIONSHIP
DIAGRAMS
• In an E-R diagram, entities are depicted as rectangles.
• But there are no industry standards for other aspects of
these diagrams.
Enrollment Students
9-66
ENTITY-RELATIONSHIP
DIAGRAMS
 Some data modelers, tools, and authors use
diamonds to depict relationships.
Line
Enrollment Items Students
9-67
Possible Entity
Relationships
9-68
The REA Accounting Model
 Another way to model data is to use the REA

Accounting Model
 This model is based on the premise that in

every exchange in a process there is a
resource, event and agent involved
9-69
THE REA DATA MODEL
 Can you identify the resources in this diagram?
Inventory Sales Employee
Customer
Cash Receive
Employee
Accounts Cash
9-70
THE REA DATA MODEL
 Can you identify the events in this diagram?
Customer
Cash Receive
Employee
Accounts Cash
9-71
THE REA DATA MODEL
 Can you identify the agents in this diagram?
Customer
Cash Receive
Employee
Accounts Cash
9-72
REA: DETERMINE CARDINALITIES
OF RELATIONSHIPS
Sale Customer
• The minimum cardinality can be either

zero or one.
• The symbols for the minimum
cardinalities are shown above in red.
9-73
OF RELATIONSHIPS
Sale Customer
• The minimum cardinality symbol next

to customer is the symbol for one.
• This symbol means that for every
occurrence of a sale, there must be a
minimum of one customer involved.
9-74
OF RELATIONSHIPS
Sale Customer
• The minimum cardinality symbol next to sale is the symbol

for zero.
• This symbol means that for every customer in the database,
there must be a minimum of zero sales. This minimum of
zero allows the company to add a customer to its database
before any sales have been made to that customer, i.e., a
prospective customer can be included.
9-75
OF RELATIONSHIPS
Sale Customer
• The maximum cardinality can be either

one or N (many).
• The symbols for the maximum
cardinalities are shown above in red.
9-76
OF RELATIONSHIPS
Sale Customer
• The maximum cardinality symbol next

to customer is the symbol for one.
• This symbol means that for every
occurrence of a sale, there can be no
more than one customer involved.
9-77
OF RELATIONSHIPS
Sale Customer
• The maximum cardinality symbol next to sale is the symbol

for many.
• This symbol means that for every customer in the database,
there can be many sales involved. Obviously, a company can
make multiple sales to an individual customer.
9-78
DATABASE SYSTEMS AND THE
FUTURE OF ACCOUNTING
 Database systems may profoundly affect the
fundamental nature of accounting:
 May lead to abandonment of double-entry
accounting, because the redundancy of the
double entry is not necessary in computer
data processing.
 May also alter the nature of external reporting.
• EXAMPLE: External users could have access to
the company’s database and manipulate the data
to meet their own reporting needs.
9-79
 The use of accounting information in decision
making will be enhanced by:
 Powerful querying capabilities that
accompany database packages.
 The ability to accommodate multiple views of
the same underlying phenomenon.
 The ability to integrate financial and
operational data.
9-80
 Accountants must become knowledgeable
about databases so they can participate in
developing the AIS of the future.
 They must help ensure that adequate
controls are included to safeguard the data
and assure its reliability.
9-81
End of Lecture
ACC200 - Accounting
Information Systems
Sem 3 2019
Topic 10 :Systems Planning,

Development & Implementation
Section B
Learning Objectives
 Discusses ways to obtain a new

information system (purchase, develop in
house, outsource )
 Explain the five phases of the systems

development life cycle.
10-2
Why Update Systems?
 User or business changes

 Technology changes
 To improve business process
 Create competitive advantage
 Increase productivity gains
 Integrate multiple systems
 Aging systems need replacement
10-3
Software Development
Problems
 Most software development projects deliver less, cost
more, and take longer than expected.
 Standish Group found that:
• 70 percent of software development projects were
late
• 54 percent were over budget
• 66 percent were unsuccessful
• 30 percent were canceled before completion
 American Management Systems found that:
• 75 percent of all large systems are not used
• Not used as intended, or
1 0- 4
• Generate meaningless reports or inaccurat e d ata
How to Obtain an AIS
 Purchase
 Develop in-house
 Outsource to outside organization
10-5
Purchase Software
 Canned software is written by

computer manufacturers or software
development companies.
 It is sold on the open market to a
broad range of users with similar
requirements.
 Turnkey systems are a combination of
software and hardware sold as a
package.
10-6
Purchasing Software
and The SDLC
 Companies that buy rather than
develop AIS software still go through
the systems development life cycle
(SDLC).
1. Systems analysis
2. Conceptual design
3. Physical design
4. Implementation and conversion
5. Operation and maintenance
10-7
Development by In-House
IS Department
 In the past, most organizations had
their information system departments
develop custom software, because
canned software that fit their specific
needs was not available.
 Developing custom software is difficult
and error-prone.
 It also consumes a great deal of time
and resources.
10-8
IS Department
 Custom software is usually developed and
written in house.
 Alternatively, organizations may engage an
outside company to develop a package or
assemble it from their inventory of program
modules.
 When contracting with an outside
organization, a company should maintain
control over the development process.
10-9
IS Department
 What guidelines are recommended?
– carefully select a developer
– sign a contract
– plan and monitor each step
– maintain effective communication
– control all costs
10-10
End-User-Developed
Software
 End-user computing (EUC) is the hands-on
development, use, and control of computer-
based information systems by users.
 When end users began to meet their initial
information needs two things happened:
1) Users realized computers could be used to
meet more and more information needs.
2) Increased access to data created many
new uses and needs for information.
10-11
End-User-Developed
Software
 What are some examples of end-user
development uses?
– retrieving information from company
databases to produce simple reports or to
answer one-time queries
– performing “what if” sensitivity or statistical
analyses
– developing applications using prewritten
software (spreadsheet or database system)
10-12
End-User-Developed
Software
Benefits of End-User Computing
User creation, control, and implementation
Systems that meet user needs
Timeliness
Freeing up IS resources
Versatility and ease of use
10-13
End-User-Developed
Software
Risks of End-User Computing
Logic and development errors
Inadequately tested applications
Inefficient systems
Poorly controlled and documented systems
Systems incompatibility
Duplication of systems
Increased costs
10-14
Outsource the System
 What is outsourcing?
 It is hiring an outside company to
handle all or part of an organization’s
data processing activities.
 In a mainframe outsourcing
agreement, the outsourcers buy their
client’s computers and hire all or most
of the client’s employees.
10-15
 In a client/server or PC outsourcing
agreement, an organization
outsources a particular service, a
segment of its business, a particular
function, or PC support.
10-16
Benefits of Outsourcing
A business solution
Asset utilization
Access to greater expertise and
more advanced technology
Lower costs
Improved development time
Elimination of peaks and valleys usage
Facilitation of downsizing 10-17
Risks of Outsourcing
Inflexibility
Loss of control
Reduced competitive advantage
Locked-in system
Unfulfilled goals
10-18
Systems Development Life
Cycle (SDLC)
Coming out in
System exam (system
Analysis analysis)
Operations & Conceptual

Maintenance Design
Implementation Physical
& Conversion Design
10-19
SDLC Steps
 System Analysis
 Information about system needs, costs, and so on are gathered.
 Conceptual Design
 Gather system/user requirements.
 Physical Design
 Concepts are translated into detailed specifications.
 Implementation and Conversion
 New hardware and software are installed and tested.
 Employees are hired and trained or existing employees relocated.
 Processing procedures are tested and modified.
 Standards and controls for the new system are established and
system documentation completed.
 Operation and Maintenance
 New system is periodically reviewed.
 Modifications are made as problems arise or as new needs become
evident. 10-20
Systems Analysis Activities Section B
Initial Systems Feasibility Information Systems

Investigation Survey Study needs and Analysis
• What’s the • Gain • Determine System Report
Problem Understanding Project Viability Requirements • Summarize and
• What’s the of Company • What do Users Document
Scope • Preliminary Need Activities
Assessment of • Document
Needs & System
Changes Requirements
Required
• Develop
Working
Relationships
• Collect Data
10-21
People Interacting in SDLC
 Management
 Accountants
 Users
 Information systems steering

committee
 Project development team
 Systems analysts and programmers
10-22
Planning SDLC
 Project Development Plan
 Cost/benefit analysis
 Developmental and operational requirements (people,
hardware, software, and financial)
 Schedule of the activities required to develop and operate
the new application
 Master Plan
 What the system will consist of
 How it will be developed
 Who will develop it
 How needed resources will be acquired
10-23
 Where the AIS is headed
Systems Development
Management Tools
Commonly used tools:

o Gantt charts
o Critical path analysis/PERT charts
o CASE (Computer-Aided Software
Engineering)
10-24
Planning Technique—PERT
Chart
 Program Evaluation and Review Technique
(PERT)
 Network of arrows and nodes representing
project activities that require an expenditure of
time and resources and the completion and
initiation of activities
 Completion time estimates made
 Critical path—the path requiring the greatest
amount of time is determined
10-25
Critical Path Analysis/PERT
Chart
 PERT charts
o Are also known as critical path

charts
o Provide a way of controlling

projects
10-26
Critical Path Diagram
1. ABIJK – 20 days
2. ABFGHJK – 21 days
3. ACDEIJK- 35 days
4. ACDEFGHJK – 41 days (Ans) 10-27
Planning Technique—GANTT Chart
 A bar chart with project activities on the left-hand
side and units of time across the top
 Graphically shows the entire schedule for a large,
complex project
10-28
Feasibility Analysis
 Does it make sense to proceed with new system?
 Economic:
 Will system benefits justify the time, money, and resources required to
implement it?
 Technical:
 Can the system be developed and implemented using existing
technology?
 Legal:
 Does the system comply with all applicable federal and state laws,
administrative agency regulations, and contractual obligations?
 Scheduling
 Can the system be developed and implemented in the time allotted?
 Operational
 Does the organization have access to people who can design,
implement, and operate the proposed system? Will people use the
system? 10-29
Capital Budgeting:
Economic Feasibility
Cost-Benefit Analysis Techniques
 Benefits and costs are estimated and  Payback Period
compared to determine whether the  Number of years required for
the net savings to equal the
system is cost beneficial. initial cost of the investment.
 Benefits and costs that are not easily  Net Present Value (NPV)
quantifiable are estimated and  Future benefits are discounted
included. back to the present.
 Initial cost is subtracted.
 If they cannot be accurately  Positive NPV = economically
estimated, they are listed, and their feasible.
likelihood and expected impact on  NPV= net cashflow (inflow-
outflow) /(1 + I )
the organization evaluated.  Internal Rate of Return (IRR)
 The effective interest rate that
results in an NPV of zero.
 A project’s IRR is compared
with a minimum acceptable
rate to determine acceptance
or rejection. 10-30
Methods to Develop an AIS
 Business Process Redesign

 Prototyping
 Computer-Aided Software
Engineering (CASE) Tools
10-31
Business Processes
Reengineering
 What is business process reengineering
(BPR)?
 It is the thorough analysis and complete
redesign of business process and
information systems to achieve
performance improvements.
 It is a process that challenges traditional
organizational values and cultures
associated with underperformance.
10-32
Business Processes
Reengineering
 BPR reduces a company to its
essential business processes and
focuses on why they are done rather
than on the details of how they are
done.
 It completely reshapes organizational
work practices and information flows
to take advantage of technological
advancements.
10-33
Principles of Reengineering
 What are the seven principles
of business processing
reengineering?
1) Organize around outcomes,
not tasks.
2) Have output users perform the
process.
3) Have those who produce
information process it.
10-34
Principles of Reengineering
4) Centralize and disperse data.

5) Integrate parallel activities.
6) Empower workers, use built-in
controls, and flatten the organization
chart.
7) Capture data once, at its source.
10-35
Prototyping
 What is prototyping?
– an approach to systems design in
which a simplified working model of a
system is developed.
 A prototype, or “first draft,” is quickly
and inexpensively built and provided
to users for testing.
10-36
Prototyping
 What four steps are involved in developing

a prototype?
1. Identify basic systems requirements.
2. Develop an initial prototype that meets the
agreed-on requirements.
3. Users identify changes, developers make
changes, and the system is turned over to
the user.
4. Use the system approved by the users.
10-37
Computer-Aided Software
Engineering (CASE)
 CASE is an integrated package of
computer-based tools that automate
important aspects of the software
development process.
 CASE tools are used to plan, analyze,
design, program, and maintain an
information system.
 CASE software typically has tools for
strategic planning, project and system
management, database design, screen
and report layout, and automatic code
generation.
10-38
Conceptual Systems Design
Systems
analysis
Prepare
Evaluate Prepare
conceptual
design design
systems
alternatives specifications
design report
10-39
Evaluate design alternatives:

 The design team should identify and
evaluate design alternatives using the
following criteria:
1. How well it meets organizational and
system objectives
2. How well it meets users’ needs
3. Whether it is economically feasible
4. Its advantages and disadvantages
10-40
Prepare design specifications:
 Output
 How often?
 What should reports contain?
 What should reports look like?
 Should reports be online or hard copy or both?
 Data Storage
 What data elements must be stored to produce a report?
 How they should be stored?
 What type of file or database should be used?
 Input
 Where, when, and how to collect the data?
 Processing Procedures and Operations 10-41
Prepare conceptual systems design report:

1) At the end of the conceptual design a
conceptual systems design report is
developed and submitted.
1. To guide physical systems design activities
2. To communicate how management and
user information needs will be met
3. To help assess systems’ feasibility
10-42
Physical Systems Design
 Physical design translates the broad,

user-oriented AIS requirements of
conceptual design into detailed
specifications that are used to code
and test the computer program.
Conceptual Physical
systems design systems design
10-43
Output Program
design design
File and data Procedures

base design design
Input Controls
design design
10-44
Output design:
 The objective of output design is to
determine the characteristics of
reports, documents, and screen
displays.
 Output fits into one of four categories:
1. Scheduled reports
2. Special-purpose analysis
3. Triggered exception reports
4. Demand reports
10-45
File and database design:

 What are some file and database
design considerations?
– medium of storage
– organization and access
– processing mode
– maintenance
– size and activity level
10-46
Input design:
 When evaluating input design, the
design team must identify the
different types of data input and
optimal input method.
 What are the two principal types of
data input?
1. Forms
2. Computer screens
10-47
Program design is one of the most time-

consuming activities in the entire SDLC.
 Programs should be subdivided into small,
well-defined modules to reduce complexity.
 What is this referred to as?
– structured programming
 Modules should interact with a control
module rather than with each other.
10-48
Procedures design should answer the
who, what, where, and how questions
related to all AIS activities.
 What should procedures cover?
– input preparation
– transaction processing
– error detection and corrections
– control
10-49
Control design:
 What are some control design
considerations?
– validity
– authorization
– accuracy
– access
– numerical control
– audit trail
10-50
 At the end of the physical design

phase the team prepares a physical
systems design report.
 This report becomes the basis for
management’s decision whether to
proceed to the implementation phase.
10-51
Systems Implementation
 Systems implementation is the

process of installing hardware and
software and getting the AIS up and
running.
Physical Implementation
systems design and conversion
10-52
Implementation planning
Develop and Prepare site; Select

test software install and and train
programs test hardware personnel
Complete Test system

documentation
10-53
Conversion
Implementation planning:
 An implementation plan consists of
implementation tasks, expected
completion dates, cost estimates,
and the person or persons
responsible for each task.
 Planning should include
adjustments to the company’s
organizational structure.
10-54
Develop and test software programs:

 Seven steps are followed when developing
and testing software programs.
1. Determine user needs
2. Develop a plan
3. Write program instructions (code)
4. Test the program
5. Document the program
10-55
6. Train program users

7. Install and use the system
Prepare site; install and test hardware:
 A PC requires little site preparation.
 A large system may require extensive

changes, such as additional electrical
outlets.
 Site preparation should begin well in
advance of the installation date.
10-56
Select and train personnel:

 Employees can be hired from outside
the company or transferred internally.
 Effective AIS training should include
employees’ orientation to new policies
and operations.
 Training should occur before systems
testing and conversion.
10-57
Complete documentation:
 Three types of documentation must
be prepared for new systems.
1. Development documentation
2. Operations documentation
3. User documentation
10-58
Types of Documentation
 Development Documentation
 A system description; copies of output, input, and file
and database layouts; program flowcharts; test results;
and user acceptance forms
 Operations Documentation
 Includes operating schedules; files and databases
accessed; and equipment, security, and file-retention
requirements
 User Documentation
 Teaches users how to operate the AIS; it includes a
procedures manual and training materials
10-59
Test system:
 There are three common forms of
testing.
1. Walk-through
2. Processing of test transactions
3. Acceptance tests
10-60
Types of System Testing
 Walk-Through
 Step-by-step reviews of procedures or program logic to find
incorrect logic, errors, omissions, or other problems
 Processing Test Data
 Using both valid transactions and all possible error
conditions
 Acceptance Tests
 Real transactions (live data) and files rather than
hypothetical ones, users develop the acceptance criteria and
make the final decision whether to accept the AIS
10-61
User Acceptance Testing
Once the hardware and software has been installed it is possible for
the user to undertake formal acceptance of the system. The user
will undertake tests to ensure that:
 The software performs as stated in the requirement specification
The software is easy to use within the context of the whole

business process.
 The software accurately performs calculations on real data and so
correctly produces the predicted outputs of the system.
User acceptance tests may also include tests on large volumes of
data allowing the user to assess the performance, timing and
capacity of the system.
10-62
 Conversion:
 There are four conversion
approaches.
1. Direct conversion
2. Parallel conversion
3. Phase-in conversion
4. Pilot conversion
10-63
Types of Conversions
 Direct
 Terminates the old AIS when the new one is introduced
 Parallel
 Operates the old and new systems simultaneously for a
period
 Phase-in/Modular
 Gradually replaces elements of the old AIS with the new one
 Pilot
 Implements a system in one part of the organization, such
as a branch location
 Localizes conversion problems and allows training in a live
environment 10-64
Operation and Maintenance
 The final step in the SDLC is to

operate and maintain the new system.
 A post implementation review should
be conducted on a newly installed
system.
Implementation Operation and

and conversion maintenance
10-65
Post Implementation Review
A post implementation review is held at a certain point after the
system has gone live. In this review the users and developers
have the opportunity to establish:
 Does the system meets the intended performance and
functional requirements established at the start of the
project.
 Does the system meets the requirements of the users. This
will include both functional requirements and technical
objectives.
 Consider how the project was managed and lessons learnt
will be fed back into the project and systems development
processes.
 Conclude with a report that summarises the finding1s0-6a6nd
makes recommendations
 What are some factors to consider during

the post implementation review?
– goals and objectives
– satisfaction
– benefits
– costs
– reliability
– controls and security
10-67
 What are some questions to answer during

the post implementation review?
– Does the system produce accurate
and complete data?
– Is the system safeguarded against
unintentional errors, fraud, and
unauthorized intrusion?
– Is the system documentation complete
and accurate?
10-68
Systems Maintenance
 Systems maintenance is the term used for changes

made to software after implementation.
 It concerns changes in the software that are made to
correct programming errors and to reflect changes in
requirements. In the early days of system use it is
inevitable that errors will be found.
 These errors may be due to incorrect programming
or due to a misunderstanding of the initial functional
requirements. Programming errors will have to be
corrected and appropriate changes will have to be
made so that the system is brought into line with the
user’s requirements. 10-69
Systems Maintenance
As time passes, the user’s requirements will begin to

change and so the system will have to be changed to
meet these new, emerging requirements. These
changes are due to changes in the business
environment, new legislative requirements or simply
because new users require different outputs and
information from the system.
10-70
End of Lecture
ACC200 - Accounting
Information Systems
Sem 3 2019
Topic 11 & 12 :Enterprise &

Other Contemporary Information
Systems
Learning Objectives
 Explain what are ERP systems and state why they
are important
 Describe the distinguishing modular characteristics
of ERP software
 Explain why ERP is essential to the success of a
company engaged in e-commerce
 Discuss other applications of information technology
in organizations
11-2
ERP Overview
 Enterprise Resource Planning (ERP) programs

are software used by companies to manage
information in every area of the business.
 ERP programs help manage company-wide
business processes using a common database
and shared management reporting tools.
 ERP software supports the efficient operation
of business processes by integrating activities
throughout a business.
11-3
Functional Areas of Operation
 Most companies have four main functional areas:

 Marketing and Sales (M/S)
 Supply Chain Management (SCM)
 Accounting and Finance (A/F)
 Human Resources (HR)
 Each main functional area consists of a number of narrower
business functions specific to the functional area.
 Historically, businesses have organized themselves
according to business functions.
 Business Schools continue to be similarly organized.
11-4
Functional Areas of Operation
11-5
5
Functional Area Information
Systems
6
Systems
7
Systems
8
Systems
9
Customer Relationship
Management
 Customer Relationship Management (CRM) helps a company
streamline interactions with customers and make them
consistent
 Goal is to provide a “single face to the customer”
 Any employee in contact with a customer should have
access to all information on past interactions
 Information about a customer should reside in the ERP
system, not with the employee
 CRM also provides a company with tools to analyze the vast
quantities of sales data available from the ERP system
10
Core CRM Activities
 One-to-One Marketing:
 Customers are categorized and products, promotions, and pricing
are tailored accordingly.
 Sales may be increased by cross-selling and upselling
 Sales Force Automation (SFA):
 New customers are automatically routed to the appropriate sales
representative
 Customer needs are forecasted based on the customer’s
history and transactions
 Sales Campaign Management:
 Helps a company organize a marketing campaign and compile its
results.
Core CRM Activities
 Marketing Encyclopedias:
 Database of promotional literature
 Material can be routed to sales
representatives or customers as needed
 Call Center Automation:

 Customer support can be improved with the
assistance of a knowledge management database
 New solutions to unique customer query can
be added to the knowledgebase, making it
“smarter”
12
Business Processes
 A business process is a collection of activities that takes

one or more inputs and creates an output that is of value to
the customer
 The customer may be the traditional external customer
who buys the product or service, or an internal customer (a
colleague in another department)
 The business process view is the customer’s perspective.
 The customer does not care that different functions are
involved in processing their order, and will not tolerate
mistakes and delays caused by poor coordination of
business functions
11-13
Sales
Functio
n
Accounting
Function
Purchasing
Function
Production
Customer Order Process
Function
Logistics
Process View of Business
Material Order Process
11-14
Function
Integration of Business
Functions
 Sharing data efficiently and effectively
within and between functional areas
leads to more efficient business
processes
 Information systems that share data
between functional areas are called
Integrated Information Systems
11-15
ERP System Business Enterprise
Data Warehouse
ERP System
On-Line Analytical Processing Bolt-On Applications
(OLAP) (Industry Specific Functions)
Customers Suppliers
Core Functions [On-Line Transaction Processing(OLTP)]
Sales
Business Shop Floor
& Logistics
Planning Control
Distribution
Operational Database
Customers, Production,
Vendor, Inventory, etc.
Two Main ERP Applications
Core applications
 a.k.a. Online Transaction Processing (OLTP)
 transaction processing systems
 support the day-to-day operational activities of
the business
 support mission-critical tasks through simple
queries of operational databases
 include Sales and Distribution, Business
Planning, Production Planning, Shop Floor
Control, and Logistics modules
17
Two Main ERP Applications
Business analysis applications
 a.k.a. Online Analytical Processing (OLAP)
 decision support tool for management-critical tasks
through analytical investigation of complex data
associations
 supplies management with “real-time” information and
permits timely decisions to improve performance and
achieve competitive advantage
 includes decision support, modeling, information
retrieval, ad-hoc reporting/analysis, and what-if
analysis
18
Transaction Processing
Systems (TPS)
Transaction processing systems (TPS) are the basic business systems that
serve the operational level of the organization. A transaction processing
system is a computerized system that performs and records the dai1ly1-r1o9utine
transactions necessary to conduct business.
Management Information
Systems (MIS)
Management information systems (MIS) serve the management level of the

organization, providing managers with reports and often online access to the
organization’s current performance and historical records
11-20
Decision Support
Systems(DSS)
DSS help managers make decisions that are unique, rapidly

changing, and not easily specified in advance (Eg how to optimize
11-21
production capacity, how to schedule company deliveries) .
Executive Support Systems
(ESS)
Senior managers use executive support systems (ESS) to help them make
decisions. ESS serve the strategic level of the organization. They address
non-routine decisions requiring judgment, evaluation, and insight because
there is no agreed-on procedure for arriving at a solution. In what business
should we be? What are the competitors doing? What new acquisitions would
protect us from cyclical business swings? Which units should we sell to raise
cash for acquisitions? 11-22
Expert Systems
Expert system, a computer program that uses

artificial-intelligence methods to solve problems
within a specialized domain that ordinarily requires
human expertise.
 assist bankers in determining whether to make
loans to businesses and individuals.
 Insurance companies use it to assess the risk
presented by the customer and to determine a
price for the insurance.
11-23
 foreign exchange trading.
Data Warehouse vs Data
Mining
 Data Warehouse is electronic storage of a
large amount of information by a business
which is designed for query and analysis
instead of transaction processing
 Data mining is looking for hidden, valid, and
potentially useful patterns in huge data sets.
Data Mining is all about discovering
unsuspected/ previously unknown relationships
amongst the data.
11-24
ERP Systems:
Aim: To pull together all the functions of an organisation, place

them onto a single system, and then allow all relevant
departments to draw information from the integrated system
Benefits
• The ability to quickly and easily access information to
support decision making
• Integration of functions across the organisation so there is a
vastly reduced amount of duplicated software
• Potential user and database efficiencies across the
organisation.
• Consistency of processes across the organisation
11-25
Integration
 ERP systems can integrate a company’s operations by

providing a company-wide computing environment that:
 Includes a single database shared by all functions
 Can deliver consistent data to all business functions in
real-time
 ERP systems can dramatically reduce costs and increase
operational efficiency
 With ERP system can:
- Reprice inventory in 5 minutes instead of 5 days
- Ships a replacement part in 3 days instead of 22
- Checks customer credit in 3 seconds instead of 20 minutes
11-26
Implementation Problems
 Some executives naively hope ERP systems will cure fundamenta

business problems
 Some executives and IT managers don’t take enough time for
proper analysis and planning for implementation
 Some executives and IT managers skimp on education and
training
 Sometimes the ownership of the implementation project is not
given to the employees who will use the system
 Top executive support is not always given
 The organizational change process is not managed well
11-27
ERP - Bolt-On Software
 Bolt-on Software - third-party vendors

provide specialized functionality software
Eg. Supply-Chain Management (SCM) links
vendors, carriers, third-party logistics
companies, and information systems providers
11-28
Why Use Bolt-On Software?
ERP software alone cannot drive all the

processes of the company. Hence firms use a
variety of bolt-on software provided by third
party vendors.
Example:
Electronic commerce supported ERP systems use bolt-on
packages that upload product information files from the ERP
database and present them on the web page for customers.
The bolt-on system collects the Internet orders and creates a
transaction batch file, which is periodically downloaded to the
ERP system for processing. 11-29
Enterprise system scalability
Presentation
Application
Scalability
Database
11-30
Goodness of Fit
No ERP system is best for all industries. ERP provides a

generic business model for the company to follow. The
problem with most businesses is the fact that their
business processes do not fit directly into the model.
Since the ERP software can only be customized so
much, many businesses need to try to fit the model of
the ERP. The customization of the ERP software is an
expensive process and companies can incur large costs
with high software customization
11-31
Computer Hardware and
Software
 Computer systems began as mainframe computers-
Legacy Systems
 One large computer shared by many users who
communicated with the system by paper-punched
cards or paper tapes
 Terminals—primarily a monitor and keyboard with no
computing capability—were later used to communicate
with the mainframe computer
 The personal computer (PC) allowed individuals more
control over their computing
 Unique applications like word processing, spreadsheets
and presentation software were developed for the PC
 Sharing expensive peripheral equipment let to the
11-32
development of computer networks
Computer Files
Networks
File Server
A network is
a group of Node
computers Node
connected LAN
together that
allow users
to share
information
and
equipment
Node Printer Server
Node
11-33 Printer
Local Area Networks
(LAN)
 A grouping of computers located close together (on the
same floor or in the same building) linked together to share
data and hardware
 The physical connection of workstations to the LAN is
achieved through a network interface card (NIC) which fits
into a PC’s expansion slot and contains the circuitry necessary
for inter-node communications.
 A server is used to store the network operating system,
application programs, and data to be shared.
11-34
Wide Are Network (WAN)
A Wide Area Network, or WAN, is a collection of computers and
other devices, as for a LAN, but one that takes the local
organisation beyond the narrow geographical confines of a LAN
into a wider system. In practice a WAN is typically made up by
creating connections between a number of local LANs.
The connections of the network could be between other offices of

the organisation if it has geographically dispersed sites around
the country or in other countries around the world. Alternatively
the organisation may also wish to connect to other organisation’s
networks or to connect to public services such as the Internet.
11-35
Computer Networks
 Many WANs, and most LANs, are set up as

client/server systems.
 Each desktop computer is referred to as a client.
 The client sends requests for data to the servers.
 The servers perform preprocessing on the
database and send only the relevant subset of
data to the client for local processing.
11-36
Client/Server Networks
 This model splits data processing between

a user workstation (client) and one or more
servers
 Majority of servers are dedicated database
servers, thereby enabling client to share
data and files, conduct database searches,
and update the database
11-37
Client-Server Topology
Client Client
Data Manipulation Data Manipulation
Capabilities Capabilities Server
Record
Searching
Capabilities
Client
Data Manipulation
Capabilities
Common
Files
Client Client
Data Manipulation
Data Manipulation Capabilities 11-38
Capabilities
Software
 Sharing and managing important corporate data became an
even more important issue as PCs became more common
 Client-server systems were developed to manage data
sharing. A central computer (server) managed the storage
and sharing of common data
 Client-server systems provided scalability. The capacity of
the network could be increased inexpensively by adding a new
server computer to the existing network
 Mainframe systems were generally not scalable. Increasing
capacity meant buying a new system
 Client-server systems are much more cost effective over the
11-39
long run
Software
 A common database is a key component of an ERP system
 Relational database systems were introduced in the 1970s
 These systems allowed for more efficient storage and
retrieval of data
 To support ERP systems, relational databases needed to be
able to find specific data quickly from a large, complex
database
 By the 1990s, the hardware, networks and database software
were in place to make large scale ERP systems feasible
11-40
Technology Driven Process
Improvements
 Organisations that achieve the most significant

benefits from information technology exploit
new capabilities to reform business processes
and create new business opportunities
 Areas in which an organisation can benefit:

o Information
o Strategy
o Transaction
o Change 11-41
Examples of IT Driven
Process Improvements
1. E-Commerce
2. Electronic Data Interchange (EDI)
3. Financial Electronic Data Interchange (FEDI)
4. Cloud Computing
5. RFID or bar coding

11-42
E-commerce and ERP
 E-commerce and ERP technologies are

complements
 If the competition is using the Internet
effectively, then a company needs to develop an
Internet strategy
 Without integrated information systems,
companies cannot support e-commerce
effectively
11-43
Electronic Commerce
Background
 E-commerce is the conduct of business over the
internet
 Most business growth on the Internet has been
business-to-business (B2B) e-commerce, rather
than business-to-consumer (B2C) e-commerce
 B2B sales are expected to approach $1 Trillion
in Europe by 2006
 B2B e-commerce is transforming the way
companies work with each other—especially for
commodity products 11-44
Categories of E-Business
Type of E-Business Characteristics
B2C • Organization-individual
•Smaller dollar value
•One-time or infrequent transactions
•Relatively simple
B2B •Interorganizational
B2G •Larger dollar value
B2E •Established, on-going relationships
•Extension of credit by seller to customer
•More complex
11-45
Information Flows in
Electronic Commerce
1. Inquiries
Buyer Seller
2. Responses
3. Orders
4. Acknowledgment
5. Billing
6. Remittance data
Explanations:
EDI = Steps 1-6 7. Payments
EFT = Step 7
FEDI = Steps 1-7
11-46
E-Business Effects on
Business Processes
 Electronic Data Interchange (EDI):
Standard protocol, available since the
1970s, for electronically transferring
information between organizations and
across business processes.
 EDI:
 Improves accuracy
 Cuts costs
11-47
Recent EDI Facilitators
 Traditional EDI was expensive. New

developments that have removed this cost
barrier are:
 The Internet: Eliminates the need for special
proprietary third-party networks.
 XML: Extensible Markup Language – Set of
standards for defining the content of data on
Web pages.
11-48
Recent EDI Facilitators
ebXML:
 ebXML stands for Electronic Business
Extensible Markup Language. It is a global
standard for electronic business that enables
anyone, anywhere to do business
transactions with anyone over the Internet.
 Defines standards for coding common
business documents.
 Eliminates need for complex software to
translate documents created by different
11-49
companies.
Integrated Electronic Data
Interchange (EDI)
 Reaping the full benefits of EDI
requires that it be fully integrated with
the company’s AIS.
EDI
Company
Suppliers
Purchase orders AIS
EDI
Customers Customer orders
The trouble with EDI is that it is very expensive and originally it was created for the mainframe 11-50
world. Now ebXML is replacing EDI.
Financial Electronic Data
Interchange (FEDI)
 The use of EDI to exchange information is
only part of the buyer-seller relationship in
business-to-business electronic commerce.
 Electronic funds transfer (EFT) refers to
making cash payments electronically, rather
than by check.
 EFT is usually accomplished through the
banking system’s Automated Clearing House
(ACH) network.
11-51
Interchange (FEDI)
 An ACH credit is an instruction to your bank
to transfer funds from your account to
another account.
 An ACH debit is an instruction to your bank to
transfer funds from another account into
yours.
11-52
Interchange (FEDI)
Company A/Customer Company B/Supplier
Remittance data
and payment
instruction
Company A’s Company B’s
bank bank
Remittance data
and funds
11-53
Why is FinTech important?
Financial technology (FinTech or fintech) is the new technology and
innovation that aims to compete with traditional financial methods in
the delivery of financial services in:
• Borrowing
• Investing
• Foreign currency
• Money transfer
• Credit reports
• Fraud protection
• Payments/e-commerce
• Financial advice
• Insurance
11-54
Why is FinTech important?
• FinTech is the new applications, processes, products, or

business models in the financial services industry,
composed of one or more complementary financial
services and provided as an end-to-end process via the
Internet.
• It uses technology to improve activities in finance. The
use of smartphones for mobile banking, investing
services and cryptocurrency are examples of
technologies aiming to make financial services more
accessible to the general public. 11-55
Application Service Providers
 An Application Service Provider (ASP) provides

management of application programs over a
network
 Companies using the ASP do not have to purchase
the hardware or software or higher people to
operate systems
 ASPs can also provide consulting services for
software applications like ERP
 ASPs can provide access to expensive applications
like ERP with much lower startup costs 11-56
Factors to Consider When
Evaluating ASPs
Advantages Disadvantages
 Lower costs  Viability of ASP
 Automatic upgrading to current  Security and privacy of data
version of software  Availability and reliability of
 Need fewer in-house IT staff service
 Reduced hardware needs  Inadequate support or poor
 Flexibility responsiveness to problems
 Knowledge support  Standard software that may
not meet all customized needs
 Security and privacy of data
11-57
Cloud Computing
 Increased trend for data processing capabilities to be
provided as a service via the Internet.
 Cloud => Internet
 Users can access their data anytime and anywhere they

can access the Internet.
 Cloud computing outsources data processing and
computing costs are incurred on a usage basis.
11-58
Cloud Computing
11-59
Block Chain Accounting
Modern financial accounting is based on a double entry
system. In a traditional database, a client can perform four
functions on data: Create, Read, Update, and Delete
The blockchain is designed to be an append only structure. A

user can only add more data, in the form of additional blocks.
All previous data is permanently stored and cannot be altered.
Therefore, the only operations associated with blockchains
are:
• Read Operations: these query and retrieve data from the
blockchain
• Write Operations: these add more data onto the blockchain
11-60
Blockchain & Distributed
Ledgers
• A distributed or shared ledger is a digital database of records
where all participants are looking at a common view – in contrast
to a typical situation currently where participants (for example, in
different organisations) are looking at different databases that are
independently managed and updated.
• When a change or update to any participant’s record is confirmed,

the technology ensures that the view seen by each participant in
the network synchronises to reflect the latest update.
• This is a peer-to-peer network where the participants are

themselves responsible for the validation of records – without the
use of a central authority for this purpose.
11-61
• The network itself may be public or private.
Block Chain Accounting vs
Traditional Databases
• Blockchain databases consist of several decentralized nodes/ledgers.

Each node/ledger participates in administration: all nodes verify new
additions to the blockchain, and are capable of entering new data into
the database.
• For an addition to be made to the blockchain, the majority of nodes
must reach consensus. This consensus mechanism guarantees the
security of the network, making it difficult to tamper with. 11-62
Block Chain Accounting vs
Traditional Databases
• Traditional Databases :Anybody with sufficient access to a
centralized database can destroy or corrupt the data within it. Users
are therefore reliant on the security infrastructure of the database
administrator
• Blockchain technology uses decentralized data storage to sidestep
this issue, thereby building security into its very structure.
• Blockchain will reduce errors. If the participants in a certain
transaction are identified, the time and date of the transaction is
verified, and the associated data is secured, the possibility of errors
decreases dramatically.
• Specifically, the number of transposition corrections, verification of
payments, and other lower-value activities can be automated by
blockchain and ultimately replaced with higher-value activities
11-63
Implications of blockchain
for accountants
Blockchain has the potential to enhance the accounting
profession by:
• Reducing the costs of maintaining and reconciling
ledgers, and providing absolute certainty over the
ownership and history of assets.
• Can help accountants gain clarity over the available
resources and obligations of their organisations
• Free up resources to concentrate on planning and
valuation, rather than recordkeeping.
11-64
for accountants
• Will lead to more and more transactional-level
accounting being done – but not by accountants.
Instead, successful accountants will be those that
work on assessing the economic reality and valuation.
For example, blockchain might make the existence of
a debtor certain, but its recoverable value and
economic worth are still debateable. And an asset’s
ownership might be verifiable by blockchain records,
but its condition, location and true worth will still
need to be assured.
11-65
for accountants
• Blockchain is a replacement for bookkeeping and

reconciliation work. This could threaten the work of
accountants in these areas but allows more time
to be spent on judgemental areas and advice.
• Performing confirmations of a company’s financial
status would be less necessary if some or all of
the transactions that underlie that status are
visible on blockchains.
11-66
for auditors
• A blockchain solution, when combined with appropriate data
analytics, could help with the transactional level assertions
involved in an audit, and the auditor’s skills would be better
spent considering higher-level questions. For example, auditing
is not just checking the detail of whom a transaction was
between and the monetary amount, but also how it is recorded
and classified. If a transaction credits cash, is this outflow due to
cost of sales or expenses, or is it paying a creditor, or creating an
asset?
11-67
Radio Frequency Identification
 Radio Frequency Identification (RFID)

technology is becoming an efficient way of
tracking items in the supply chain
 An RFID device is a small package, or tag, with
a microprocessor and antenna
 Information from the RFID tag is transmitted via
radio waves to a receiver when interrogated by
an RFID reader
 Does not require line-of-site contact like a bar
11-68
code reader
End of Lecture

ACC200 Lecture Notes Sem 3 2019

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ACC200 Lecture Notes Sem 3 2019

Uploaded by

Copyright:

Available Formats

ACC200 - Accounting

 Auditors need to understand the

 The term information system suggests

 An accounting information system (AIS)

Data Data Information

 Processes are the sets of activities that are

 Outputs are normally the starting point when

 Financial accountants prepare financial information for

 Managerial accountants prepare financial information

Cost & Revenue

A well-designed AIS can also help an organization

 The ultimate goal of any business is to

 An organization’s value chain consists of

 The four support activities in the value

 The value chain concept can be

Topic 2 – Modelling Business Processes

(Mid term short essay question)

1. Differentiate between the Functional vs Business Process

 Alfred P. Sloan developed the functional organizational model in

Material & Product Flow

Finance & Accounting

 Problems and limitations

 A business process is a series of interlocking

 In a process-oriented company, the flow of

Supplies Conversion Storage & Shipping

Information and material flows in a process business model

Primary Business Processes

Inbound Sales Outbound Sales

Supporting Business Processes

Orientation Vertical, hierarchical Horizontal, across

Objective Task driven Customer driven

Personnel Specialists – highly Generalists – tasks

General Ledger & Reporting System

1. Update general ledger

Data Data Information

 Data input may also require the following

– transmittal from one location to another

 Have source data automation like ATMs.

• Capture data with minimal human intervention.

Sales order Take customer order.

Deposit slip Deposit cash receipts.

Credit/Debit memo or note Adjust customer accounts 2-30

Purchase order Order items.

Time cards Record time worked

Job time tickets Record time spent

A ledger is a file used to store cumulative information

ACCOUNT: Accounts Receivable Account Number: 120

Date Description Post Ref Debit Credit Balance

The general ledger is the summary level information

Example: Suppose XYZ Co. has three customers.

The subsidiary ledgers contain the detail accounts

The related general ledger account is often called

• Coding is a method of systematically assigning numbers or letters to data

• With sequence codes, items (such as checks or invoices) are numbered

– employee pay rates

– supplier credit terms

– the accounts receivable file

 Files containing related data are

301 ABC Co. Box 5 1,000 400

 Additions insert new records into a master file.

 Updates revise current balances in master files.

 Changes modify the data values of other fields in

 The computer also processes information