Home Uncategorized Accounting Essay 2 pages must answer all questions

Uncategorized

Accounting Essay 2 pages must answer all questions

(TCO A) With the explosion of technological advances in the last 15 years, AIS skills are important for career success in accounting. Provide three reasons or benefits of AIS skills to any accounting-related career

(TCO C) Several years ago a ring of foreign-based hackers broke into South Pacific Bank’s system and stole $ 15 million from its customers’ accounts. Discuss how systems can become vulnerable to computer crimes and then evaluate controls that strengthen those weaknesses. (a) Provide at least three weaknesses of AIS that hackers can exploit for gain and then (b) suggest at least one control for each weakness.

(TCO D) Describe typical credit approval procedures.

(TCO E) The owner of a small family-owned business prepares his own payroll but rapid expansion is making demands for his time in other areas. He hires you to design payroll procedures with the proper internal controls that a small payroll department can handle. Design (using words) how payroll data should flow within the company, and in your design, make sure you address the control objectives.

(TCO F) Identify what tools are used to assess organizational performance and explain they are used.

(TCO G) Discuss redundancy as it applies to database design, and explain how redundancy can be reduced.

(TCO H) Provide an argument in support of a company’s decision to outsource its information system.

CT571

inal

xam Study

uide

YOU MAY WANT TO PRINT T

IS GUI

1. The Final Exam is open book and open notes. The maximum time you can spend in the exam is 3 hours, 30 minutes. If you have not clicked the Submit for Grading button by then, you will be exited from the exam automatically. In the Final Exam environment, the Windows clipboard is disabled, so you will not be able to copy exam questions or answers to or from other applications.

2. You should click the Save Answers button in the exam frequently. This helps prevent connection timeouts that might occur with certain Internet service providers and also minimizes lost answers in the event of connection problems. If your Internet connection does break, when you reconnect, you will normally be able to get back into your Final Exam without any trouble. Remember, though, that the exam timer continues to run while students are disconnected, so students should try to log in again as quickly as possible. The Help Desk cannot grant any student additional time on the exam.

3. See the Syllabus section “Due Dates for Assignments & Exams” for due date information.

4. Reminders

· You will only be able to enter your online Final Exam one time.

· Click the Save Answers button often.

· If you lose your Internet connection during your Final Exam, log on again and try to access it. If you are unable to enter the Final Exam, first contact the Help Desk and then your instructor.

· You will always be able to see the time remaining in the Final Exam at the top right of the page.

5. Assessments With Multiple Pages

· Make sure to click the Save Answers button before advancing to the next page (we also suggest clicking on Save Answers while you are working).

· Complete all of the pages before submitting your Final Exam for instructor review.

· Do not use your browser’s

ack and Forward buttons during the Final Exam.

· Please use the provided links for navigation.

6. Submitting Your Final Exam

· When you are finished with the Final Exam, click on the Submit for Grading button.

· Please note: Once you click the Submit for Grading button, you will not be able to edit or change any of your answers.

7. Exam Questions

· There are eight randomly selected essay questions each worth 25–30 points, for a total of 230 points.

· The Final Exam covers all course TCOs and Weeks A–H.

· The Final Exam consists of two pages, which can be completed in any order. You may go back and forth between the pages.

· The Final Exam questions are pooled. This means that not everyone will have the same questions. Even if you do have some of the same questions, they may not be in the same order. These questions are distributed among the TCOs. The entire exam is worth 230 points.

· On the essay questions, your answers should be succinct, should fully address each part of the question, and should demonstrate your knowledge and understanding in a concise but complete manner. Most essay questions require answers that are a couple of paragraphs (not a couple of sentences) that directly speak to each part of the question. Some students opt to work on the essay questions first, due to their higher point value and the length of time needed to adequately address each question, but this is entirely your choice.

· Remember to always use proper citation when quoting other sources. This means that any borrowed material (even a short phrase) should be placed in quotation marks with the source (URL, author/date/page number) immediately following the end of the passage (the end quote). Changing a few words in a passage does not constitute putting it in your own words, and proper citation is still required. Borrowed material should not dominate a student’s work; it should only be used sparingly to support the student’s thoughts, ideas, and examples. Heavy usage of borrowed material (even if properly cited) can jeopardize the points for that question. Uncited material can jeopardize a passing grade on the exam. As a part of our commitment to academic integrity, your work may be submitted to turnitin.com, an online plagiarism-checking service. So please be very mindful of proper citation.

8. Some of the key study areas are shown below. Although these are key areas, remember that the exam is comprehensive for all of the assigned course content and this study guide may not be all-inclusive.

1. The benefit of AIS skills and how AIS provides value to business

1. Designing a coding system

1. COSO’s internal control framework

1. Controls in an AIS system

1. The revenue and expenditure cycles and related controls

1. Benefits of XBRL

1. Databases

1. AIS outsourcing decision

9. Areas that were discussed in the Discussion areas will be prime targets.

10. Assignments will also be prime targets for revisiting.

11. Reviewing the TCOs, which are listed below for your convenience, will also be a great preparation for the Final Exam.

A	Given an automated accounting system, discuss the key components of the system, key components of transaction process, and how the components are identified into separate/distinct business processes.
B	Given an environment of computer fraud and the resulting effect on an organization, evaluate the different types of control frameworks that can be implemented to reduce the risk of fraud activities that might impact an organization’s automated accounting system.
C	Given an environment of computer crimes and the resulting effect on an organization, determine the control processes and procedures required to safeguard assets and secure accounting information systems whether mandated by law or not.
D	Given an organization’s accounting information system, evaluate the key components of the revenue and expenditure cycle business processes and recommend processing and control procedures that provide reasonable assurance of information processing integrity and resource security.
E	Given an automated accounting system, evaluate the key components of business processes, such as payroll, production, etc., that comprise an organization’s core accounting information system and recommend processing and control procedures that provide reasonable assurance of information processing integrity and resource security.
F	Given an organization’s need to rely on a stable accounting information system, evaluate financial reporting information requirements of an accounting information system and recommend processing and control procedures that provide reasonable assurance of information processing integrity and resource security.
G	Given an automated accounting system, demonstrate how data can be organized, stored, and analyzed.
H	Given the demand for advanced technology and an organization’s need to maintain and upgrade its accounting information systems, determine the proper steps for implementing/upgrading an organization’s accounting information systems.

Accounting Information Systems

Fourteenth Edition

Chapter 18

Implementing an REA Model in a Relational Database

Copyright © 2018 Pearson Education, Inc.
Chapter 18: Implementing an REA Model in a Relational Database
Slide 1 – ‹#›
If this PowerPoint presentation contains mathematical equations, you may need to check that your computer has the following installed:
1) MathType Plugin
2) Math Player (free versions available)
3) NVDA Reader (free versions available)
1

Learning Objectives
Integrate separate REA diagrams for individual business cycles into a single, comprehensive, organization-wide REA diagram.
Build a set of tables to implement an REA model of an AIS in a relational database.
Use the REA data model to write queries to retrieve information from an AIS relational database built according to the REA data model.

Combining REA Diagrams
Individual REA diagrams can be combined to form an integrated REA diagram by:
Merging redundant resource entities (e.g., inventory is acquired in expenditure cycle and reduced in the sales cycle)
Merging redundant event entities (e.g., disburse cash event appears in the expenditure cycle and the payroll cycle)

Integrated REA Diagram Rules
Every event must be linked to at least one resource.
Every event must be linked to two agents who participate in that event.
Every event that involves the disposition of a resource must be linked to an event that involves the acquisition of a resource (give-get exchange).
Every resource must be linked to at least one event that increments that resource and to at least one event that decrements that resource.
If event A can be linked to more than one other event, but cannot be linked simultaneously to all of those other events, then the REA diagram should show that event A is linked to a minimum of 0 of each of the other events.
If an event can be linked to any one of a set of agents, then the ERA diagram should show that event is linked to a minimum of 0 of each of those agents.

Copyright © 2018 Pearson Education, Inc.
Chapter 18: Implementing an REA Model in a Relational Database
Slide 1 – ‹#›
Using an REA Diagram to Build a Relational Database
Create tables for each distinct entity and M:N relationship
Assign attributes to each table
Identify primary keys
Concatenated keys for M:N relationship table
Use foreign keys to implement 1:1 and 1:N relationships

Using REA Diagrams to Retrieve Information
Journals
Information contained in event tables
Ledgers
Information contained in resource tables (increment and decrements of events)
Financial statements
Information contained in resources and events using a set of queries
Management reports
Financial and nonfinancial information

Key Term
Concatenated keys

Accounting Information Systems

Fourteenth Edition

Chapter 11

Auditing Computer-Based Information Systems

Copyright © 2018 Pearson Education, Inc.
Chapter 11: Auditing Computer-Based Information Systems
Slide 1 – ‹#›
If this PowerPoint presentation contains mathematical equations, you may need to check that your computer has the following installed:
1) MathType Plugin
2) Math Player (free versions available)
3) NVDA Reader (free versions available)
1

Learning Objectives
Describe the nature, scope, and objectives of audit work, and identify the major steps in the audit process.
Identify the six objectives of an information system audit, and describe how the risk-based audit approach can be used to accomplish these objectives.
Describe computer audit software, and explain how it is used in the audit of an AIS.
Describe the nature and scope of an operational audit.

Copyright © 2018 Pearson Education, Inc.
Chapter 11: Auditing Computer-Based Information Systems
Slide 1 – ‹#›
Auditing
The process of obtaining and evaluating evidence regarding assertions about economic actions and events in order to determine how well they correspond with established criteria.

Major Steps in the Auditing Process
Audit planning
Why, how, when, and who
Establish scope and objectives of the audit; identify risk
Collection of audit evidence
Evaluation of evidence
Communication of results

Risk-Based Audit Approach
Determine the threats (fraud and errors) facing the company
Identify control procedures (prevent, detect, correct the threats)
Evaluate control procedures
Review to see if control exists and is in place
Test controls to see if they work as intended
Determine effect of control weaknesses
Compensating controls

Information Systems Audit
Using the risk-based framework for an information systems audit allows the auditor to review and evaluate internal controls that protect the system to meet each of the following objectives:
Protect overall system security (includes computer equipment, programs, and data)
Program development and acquisition occur under management authorization
Program modifications occur under management authorization
Accurate and complete processing of transactions, records, files, and reports
Prevent, detect, or correct inaccurate or unauthorized source data
Accurate, complete, and confidential data files

1. Overall Information System Security
Threats
Controls
Theft of hardware
Damage of hardware (accidental and intentional)
Loss, theft, unauthorized access to
Programs
Data
Other system resources
Unauthorized modification or use of programs and data files
Loss, theft, or unauthorized disclosure of confidential data
Interruption of crucial business activities
Information security/protection plan
Limit physical access to computer equipment
Limit logical access to system using authentication and authorization controls
Data storage and transmission controls
Virus protection and firewalls
File backup and recovery procedures
Fault tolerant systems design
Disaster recovery plan
Preventive maintenance
Firewalls
Casualty and Business Interruption Insurance

Copyright © 2018 Pearson Education, Inc.
Chapter 11: Auditing Computer-Based Information Systems
Slide 1 – ‹#›
2. Program Development and Acquisition
Threat
Controls
Inadvertent programming errors
Unauthorized program code
Review software license agreements
Management authorization for:
Program development
Software acquisition
Management and user approval of programming specifications
Testing and user acceptance of new programs
Systems documentation

Copyright © 2018 Pearson Education, Inc.
Chapter 11: Auditing Computer-Based Information Systems
Slide 1 – ‹#›
3. Program Modification
Threat
Controls
Inadvertent programming errors
Unauthorized program code
List program components to be modified
Management authorization and approval for modifications
User approval for program change specifications
Test changes to program
System documentation of changes
Changes by personnel independent of users and programmers
Logical access controls

Copyright © 2018 Pearson Education, Inc.
Chapter 11: Auditing Computer-Based Information Systems
Slide 1 – ‹#›
4. Computer Processing
Threats
Controls
Failure to detect incorrect, incomplete, or unauthorized input data
Failure to correct errors identified from data editing procedures
Introduction of errors into files or databases during updating
Improper distribution of output
Inaccuracies in reporting
Data editing routines
Proper use of internal and external file labels
Reconciliation of batch totals
Error correction procedures
Understandable documentation
Competent supervision
Effective handling of data input and output by data control personnel
File change listings and summaries for user department review
Maintenance of proper environmental conditions in computer facility

Copyright © 2018 Pearson Education, Inc.
Chapter 11: Auditing Computer-Based Information Systems
Slide 1 – ‹#›
5. Source Data
Threat
Controls
Inaccurate source data
Unauthorized source data
User authorization of source data input
Batch control totals
Log receipt, movement, and disposition of source data input
Turnaround documents
Check digit and key verification
Data editing routines
User department review of file change listings and summaries
Effective procedures for correcting and resubmitting erroneous data

6. Data Files
Threats
Controls
Destruction of stored data from
Errors
Hardware and software malfunctions
Sabotage
Unauthorized modification or disclosure of stored data
Secure storage of data and restrict physical access
Logical access controls
Write-protection and proper file labels
Concurrent update controls
Data encryption
Virus protection
Backup of data files (offsite)
System recovery procedures

Audit Techniques Used to Test Programs
Integrated Test Facility (ITF)
Uses fictitious inputs
Snapshot Technique
Master files before and after update are stored for specially marked transactions
System Control Audit Review File (SCARF)
Continuous monitoring and storing of transactions that meet pre-specifications
Audit Hooks
Notify auditors of questionable transactions
Continuous and Intermittent Simulation (CIS)
Similar to SCARF for DBMS

Software Tools Used to Test Program Logic
Automated flowcharting program
Interprets source code and generates flowchart
Automated decision table program
Interprets source code and generates a decision table
Scanning routines
Searches program for specified items
Mapping programs
Identifies unexecuted code
Program tracing
Prints program steps with regular output to observe sequence of program execution events

Computer Audit Software
Computer assisted audit software that can perform audit tasks on a copy of a company’s data. Can be used to:
Query data files and retrieve records based upon specified criteria
Create, update, compare, download, and merge files
Summarize, sort, and filter data
Access data in different formats and convert to common format
Select records using statistical sampling techniques
Perform analytical tests
Perform calculations and statistical tests

Operational Audits
Purpose is to evaluate effectiveness, efficiency, and goal achievement. Although the basic audit steps are the same, the specific activities of evidence collection are focused toward operations such as:
Review operating policies and documentation
Confirm procedures with management and operating personnel
Observe operating functions and activities
Examine financial and operating plans and reports
Test accuracy of operating information
Test operational controls

Copyright © 2018 Pearson Education, Inc.
Chapter 11: Auditing Computer-Based Information Systems
Slide 1 – ‹#›
Key Terms (1 of 2)
Auditing
Internal auditing
Financial audit
Information systems (internal control) audit
Operational audit
Compliance audit
Investigative audit
Inherent risk
Control risk
Detection risk
Confirmation
Reperformance
Vouching
Analytical review
Materiality
Reasonable assurance
Systems review
Test of controls
Compensating controls
Source code comparison program
Reprocessing
Parallel simulation
Test data generator
Concurrent audit techniques
Embedded audit modules
Integrated test facility (ITF)
Snapshot technique
System control audit review file (SCARF)
Audit log

Copyright © 2018 Pearson Education, Inc.
Chapter 11: Auditing Computer-Based Information Systems
Slide 1 – ‹#›
Key Terms (2 of 2)
Audit hooks
Continuous and intermittent simulation (CIS)
Automated flowcharting program
Automated decision table program
Scanning routines
Mapping programs
Program tracing
Input controls matrix
Computer-assisted audit techniques (CAAT)
Generalized audit software (GAS)

Accounting Information Systems

Fourteenth Edition

Chapter 15

The Human Resources Management and Payroll Cycle

Copyright © 2018 Pearson Education, Inc.
Chapter 15: The Human Resources Management and Payroll Cycle
Slide 1 – ‹#›
If this PowerPoint presentation contains mathematical equations, you may need to check that your computer has the following installed:
1) MathType Plugin
2) Math Player (free versions available)
3) NVDA Reader (free versions available)
1

Learning Objectives
Describe the major business activities, key decisions, and information needs in the HRM/payroll cycle, the general threats to those activities, and the controls that can mitigate those threats.
Explain the payroll cycle activities, key decisions, and information needs, the threats to those activities, and the controls that can mitigate those threats.
Discuss and evaluate the options for outsourcing HRM/payroll cycle activities.

Human Resource Management Process
Recruit and hire new employees
Training
Job assignment
Compensation (payroll)
Performance evaluation
Discharge of employees (voluntary or involuntary)

General Issues HRM/Payroll
Threats
Controls
Inaccurate or invalid data
Unauthorized disclosure of sensitive information
Loss or destruction of data
Hiring unqualified or larcenous employees
Violations of employment laws
1 a. Data processing integrity controls
b. Restrict access to master data
c. Review changes to master data
2 a. Access controls
b. Encryption
3 a. Backup and Disaster recovery
4 a. Sound hiring procedures
5 a. Documentation of hiring
b. Continuing education on changes to employment laws

Copyright © 2018 Pearson Education, Inc.
Chapter 15: The Human Resources Management and Payroll Cycle
Slide 1 – ‹#›
Payroll Cycle Activities
Update payroll master data
Validate time and attendance data
Source document: time sheets
Prepare payroll
Payroll register and deduction register
Disburse payroll
Disburse taxes and miscellaneous deductions

Copyright © 2018 Pearson Education, Inc.
Chapter 15: The Human Resources Management and Payroll Cycle
Slide 1 – ‹#›
1. Update Master Payroll Data
2. Validate Time and Attendance Data
3. Prepare Payroll
Threats
Controls
Unauthorized changes to payroll master data
Inaccurate updating of master data
Inaccurate time and attendance data
Errors in processing payroll
1 a. Access controls and segregation of duties
2 a. Data processing integrity controls
3 a. Supervisory review
b. Source data automation for data capture
4 a. Data processing integrity
controls
b. Supervisory review

Copyright © 2018 Pearson Education, Inc.
Chapter 15: The Human Resources Management and Payroll Cycle
Slide 1 – ‹#›
4. Disburse Payroll
5. Disburse Payroll Taxes
Threats
Controls
Theft or fraudulent distribution of paychecks
Failure to make required payments
Untimely payments
Inaccurate payments
1 a. Restrict access to blank payroll checks and check signing machine
b. Use separate account (imprest fund)
2 a. Configure system to make automatic payments on time
3 a. Configure system to make automatic payments on time
4 a. Process integrity controls
b. Supervisory review

Copyright © 2018 Pearson Education, Inc.
Chapter 15: The Human Resources Management and Payroll Cycle
Slide 1 – ‹#›
Reasons to Outsource Payroll
Reduce costs
Cost of processing and minimize errors
Broader range of benefits
Administration of benefits
Free up computer resources

Key Terms
Human resource management (HRM)/payroll cycle
Knowledge management systems
Time card
Time sheet
Payroll register
Deduction register
Earnings statement
Payroll clearing account
Flexible benefits plan
Payroll service bureau
Professional employer organization (PEO)

Accounting Information Systems

Fourteenth Edition

Chapter 13

The Expenditure Cycle: Purchasing to Cash Disbursements

Copyright © 2018 Pearson Education, Inc.
Chapter 13: The Expenditure Cycle: Purchasing to Cash Disbursements
Slide 1 – ‹#›
If this PowerPoint presentation contains mathematical equations, you may need to check that your computer has the following installed:
1) MathType Plugin
2) Math Player (free versions available)
3) NVDA Reader (free versions available)
1

Learning Objectives (1 of 2)
Discuss the basic business activities and related information processing operations in the expenditure cycle, explain the general threats to those activities, and describe the controls that can mitigate those threats.
Explain the process and key decisions involved in ordering goods and services, identify the threats to those activities, and describe the controls that can mitigate those threats.
Explain the process and key decisions involved in receiving goods and services, identify the threats to those activities, and describe the controls that can mitigate those threats.

Copyright © 2018 Pearson Education, Inc.
Chapter 13: The Expenditure Cycle: Purchasing to Cash Disbursements
Slide 1 – ‹#›

Learning Objectives (2 of 2)
Explain the process and key decisions involved in approving supplier invoices, identify the threats to those activities, and describe the controls that can mitigate those threats.
Explain the process and key decisions involved in cash disbursements to suppliers, identify the threats to those activities, and describe the controls that can mitigate those threats.

Copyright © 2018 Pearson Education, Inc.
Chapter 13: The Expenditure Cycle: Purchasing to Cash Disbursements
Slide 1 – ‹#›

Basic Expenditure Cycle Activities
Order materials, supplies, and services
Receive materials, supplies, and services
Approve supplier (vendor) invoice
Cash disbursement

Copyright © 2018 Pearson Education, Inc.
Chapter 13: The Expenditure Cycle: Purchasing to Cash Disbursements
Slide 1 – ‹#›

Key decisions
What is the optimal level of inventory?
Which suppliers provide the best quality at the best price?
How can IT be used to improve efficiency and accuracy of logistics?
How can we take advantage of vendor discounts?
How can we maximize cash flow?

Copyright © 2018 Pearson Education, Inc.
Chapter 13: The Expenditure Cycle: Purchasing to Cash Disbursements
Slide 1 – ‹#›

General Threats and Controls
Threats
Control
Inaccurate or invalid master data
Unauthorized disclosure of sensitive information
Loss or destruction of data
Poor performance
1 a. Data processing integrity controls
1 b. Restriction of access to master data
1 c. Review of all changes to master data
2 a. Access controls
b. Encryption
3 a. Backup and disaster recovery procedures
4 a. Managerial reports

Copyright © 2018 Pearson Education, Inc.
Chapter 13: The Expenditure Cycle: Purchasing to Cash Disbursements
Slide 1 – ‹#›

Order Goods (Materials/Supplies) or Services Processing Steps
Identify what, when, and how much to purchase
Source document: purchase requisition
Choose a supplier
Source document: purchase order

Copyright © 2018 Pearson Education, Inc.
Chapter 13: The Expenditure Cycle: Purchasing to Cash Disbursements
Slide 1 – ‹#›

Ordering Goods/Services (1 of 2)
Threats
Controls
Stockouts and excess inventory
Purchasing items not needed
Purchasing items at inflated prices
Purchasing goods of poor quality
1 a. Perpetual inventory system
b. Bar-coding, RFID
c. Periodic physical counts
2 a. Perpetual inventory systems
b. Review and approval of purchase requisitions
c. Centralized purchasing
3 a. Price lists
b. Competitive bids
c. Review purchase orders
4 a. Use approved suppliers
b. review and approve purchases from new suppliers
c. Monitor product quality by supplier
d. hold purchasing managers responsible for rework and scrap cost

Copyright © 2018 Pearson Education, Inc.
Chapter 13: The Expenditure Cycle: Purchasing to Cash Disbursements
Slide 1 – ‹#›

Ordering Goods/Services (2 of 2)
Threats
Controls
Unreliable suppliers
Purchasing from unauthorized suppliers
Kickbacks
5 a. Monitor supplier performance
b. Require quality certification
6 a. Purchase from approved suppliers
b. Review approval from purchases of new suppliers
c. EDI specific controls
7 a. Supplier audits
b. Prohibit gifts
c. Job rotation & mandatory vacations
d. Required disclosure of financial and personal interests in suppliers

Copyright © 2018 Pearson Education, Inc.
Chapter 13: The Expenditure Cycle: Purchasing to Cash Disbursements
Slide 1 – ‹#›

Receiving Process
Goods arrive
Verify goods ordered against the purchase order (what, how much, quality)
Source document: receiving report

Copyright © 2018 Pearson Education, Inc.
Chapter 13: The Expenditure Cycle: Purchasing to Cash Disbursements
Slide 1 – ‹#›

Receiving Goods or Services
Threats
Controls
Accepting unordered items
Mistakes in counting
Verifying receipt of services
Inventory theft
1 a. Authorized purchase orders needed before receiving goods
2 a. Bar codes or RFID
b. Receiving employees sign receiving report
c. Do not inform receiving of quantity ordered
3 a. Budget controls and audits
4 a. Restrict physical access to inventory
b. Document all inventory transfers
c. Segregate custody vs. receiving of inventory

Copyright © 2018 Pearson Education, Inc.
Chapter 13: The Expenditure Cycle: Purchasing to Cash Disbursements
Slide 1 – ‹#›

Approve Supplier Invoice and Cash Disbursements
Match the supplier invoice to:
Purchase order
Receiving report
supplier invoice + purchase order + receiving report = voucher
Approve supplier invoice for payment
Source document: disbursement voucher
Pay vendor

Copyright © 2018 Pearson Education, Inc.
Chapter 13: The Expenditure Cycle: Purchasing to Cash Disbursements
Slide 1 – ‹#›
Approve Supplier Invoice
Threats
Control
Errors in supplier invoice
Mistakes in posting to accounts payable
1 a. Verify invoice accuracy
b. Require detailed receipts for p-cards
c. Restrict access to supplier master data
2 a. Data entry edit controls
b. Reconcile detailed accounts payable records to the general ledger accounts payable account

Copyright © 2018 Pearson Education, Inc.
Chapter 13: The Expenditure Cycle: Purchasing to Cash Disbursements
Slide 1 – ‹#›

Cash Disbursements
Threats
Controls
Failure to take discounts
Pay for items not received
Duplicate payments
Theft of cash
Check alteration
Cash flow problems
1 a. File invoices by due date to take advantage of discounts
2 a. Match supplier invoice to supporting documents (purchase order, receiving report)
3 a. Pay only original invoices
b. Cancel supporting document when payment is made
4 a. Physical security of checks
b. Separation of duties
c. Reconcile bank accounts
5 a. Check Protection machines
b. special inks / papers
6 a. Cash flow budget

Copyright © 2018 Pearson Education, Inc.
Chapter 13: The Expenditure Cycle: Purchasing to Cash Disbursements
Slide 1 – ‹#›

Key Terms
Expenditure cycle
Economic order quantity (EOQ)
Reorder point
Materials requirement planning (MRP)
Just-in-time (JIT) inventory system
Purchase requisition
Purchase order
Blanket purchase order/blanket order
Vendor-managed inventory (VMI)
Kickbacks
Receiving report
Debit memo
Voucher package
Nonvoucher system
Voucher system
Disbursement voucher
Evaluated receipt settlement (ERS)
Procurement card
Imprest fund

Copyright © 2018 Pearson Education, Inc.
Chapter 13: The Expenditure Cycle: Purchasing to Cash Disbursements
Slide 1 – ‹#›

Accounting Information Systems

Fourteenth Edition

Chapter 12

The Revenue Cycle: Sales to Cash Collections

Copyright © 2018 Pearson Education, Inc.
Chapter 12: The Revenue Cycle: Sales to Cash Collections
Slide 1 – ‹#›
If this PowerPoint presentation contains mathematical equations, you may need to check that your computer has the following installed:
1) MathType Plugin
2) Math Player (free versions available)
3) NVDA Reader (free versions available)
1

Learning Objectives (1 of 2)
Describe the basic business activities in the revenue cycle and discuss the general threats to that process and the controls that can be used to mitigate those threats.
Explain the sales order entry process, the key decisions that need to be made, and threats to that process, and describe the controls that can be used to mitigate those threats.
Explain the shipping process, key decisions that need to be made, and threats to that process, and describe the controls that can be used to mitigate those threats.

Learning Objectives (2 of 2)
Explain the billing process, key decisions that need to be made, and threats to that process, and describe the controls that can be used to mitigate those threats.
Explain the cash collections process, the key decisions that need to be made, and threats to that process, and describe the controls that can be used to mitigate those threats.

Basic Revenue Cycle Activities
Sales order entry
Shipping
Billing
Cash Collections

General Threats and Controls to Revenue Cycle
Threats
Controls
Inaccurate or invalid master data
Unauthorized disclosure of sensitive information
Loss or destruction of data
Poor performance
1 a. Data processing integrity controls
b. Restrict access to master data
c. Review of all changes to master data
2 a. Access controls
b. Encryption
c. Tokenization of customer personal information
3 a. Backup and disaster recovery procedures
4 a. Managerial reports

Sales Order Entry Processing Steps
Take the customer order
Source document: sales order
Approve customer credit
Check inventory availability
Respond to customer inquiries

Sales Order Entry Processing
Threats
Controls
Incomplete/inaccurate orders
Invalid orders
Uncollectible accounts
Stockouts and excess inventory
Loss of customers
1 a. Data entry edit controls
b. Restrict access to master data to maintain accuracy
2 a. Signature to authorize sale
3 a. Credit limits checked and if sale exceeds limit, specific authorization needed
b. Aging of accounts receivable
4 a. Perpetual inventory system
b. RFID or bar code technology
c. Physical inventory counts
d. Sales forecast and activity reports

Shipping Process (1 of 2)
Pick and pack the order
Source documents: picking ticket
Ship the order
Source documents: Packing slip, Bill of lading

Shipping Process (2 of 2)
Threats
Controls
Picking wrong item or quantity to ship
Theft
Shipping errors (fail to ship the goods, wrong quantities, wrong items, ship to wrong address, duplication)
1 a. Bar code technology
b. Reconcile picking list to sales order
2 a. Restrict physical access to inventory
b. Document inventory transfers
c. Physical counts of inventory and reconcile to quantities recorded
3 a. Reconcile shipping documents to sales orders, picking lists, and packing slips
b. Data entry edit controls

Billing Process (1 of 2)
Invoicing the customer
Source document: sales invoice
Updating accounts receivable
Source document: credit memo and monthly statements

Billing Process (2 of 2)
Threats
Controls
Failure to bill customer
Billing errors
Posting errors in accounts receivable
Inaccurate or invalid credit memos
1 a. Reconcile invoices with sales orders and shipping documents
b. Separate shipping and billing functions
2 a. Data entry edit controls
b. Configure system for automatically enter price data
c. Data entry edit controls
d. reconciliation of shipping documents to sales orders
3 a. Reconcile subsidiary accounts receivable balance to the amount for accounts receivable in the general ledger
b. Mail monthly statements to customers
4 a. Segregation of authorization and recording function for credit memos

Cash Collection Process (1 of 2)
Process customer payment and update their account balance
Remittance
Deposit payments to the bank

Cash Collection Process (2 of 2)
Threats
Control
Theft of cash
Cashflow problems
1 a. Proper segregation of cash handling and posting to customer accounts, authorize credit memos, or reconcile bank account
b. Use lockbox
c. Immediately open mail, prompt
endorsement and deposit all cash
receipts daily
d. Use cash registers
2 a. Lockbox
b. Discounts for early payment
c. Cash flow budgeting

Key Terms
Revenue cycle
Sales order
Electronic data interchange (EDI)
Credit limit
Accounts receivable aging report
Back order
Picking ticket
Customer relationship management systems (CRM)
Packing slip
Bill of lading
Sales invoice
Open-invoice method
Remittance advice
Balance-forward method
Monthly statement
Cycle billing
Credit memo
Remittance list
Lockbox
Electronic lockbox
Electronic funds transfer (EFT)
Financial electronic data interchange (FEDI)
Universal payment identification code (UPIC)
Cash flow budget

Accounting Information Systems

Fourteenth Edition

Chapter 6

Computer Fraud and Abuse Techniques

Copyright © 2018 Pearson Education, Inc.
Chapter 6: Computer Fraud and Abuse Techniques
Slide 1 – ‹#›
If this PowerPoint presentation contains mathematical equations, you may need to check that your computer has the following installed:
1) MathType Plugin
2) Math Player (free versions available)
3) NVDA Reader (free versions available)
1

Learning Objectives
Compare and contrast computer attack and abuse tactics.
Explain how social engineering techniques are used to gain physical or logical access to computer resources.
Describe the different types of malware used to harm computers.

Types of Attacks
Hacking
Unauthorized access, modification, or use of an electronic device or some element of a computer system
Social Engineering
Techniques or tricks on people to gain physical or logical access to confidential information
Malware
Software used to do harm

Hacking
Hijacking
Gaining control of a computer to carry out illicit activities
Botnet (robot network)
Zombies
Bot herders
Denial of Service (DoS) Attack
Spamming
Spoofing
Makes the communication look as if someone else sent it so as to gain confidential information.

Copyright © 2018 Pearson Education, Inc.
Chapter 6: Computer Fraud and Abuse Techniques
Slide 1 – ‹#›
Forms of Spoofing
E-mail spoofing
Caller ID spoofing
IP address spoofing
Address Resolution (ARP) spoofing
SMS spoofing
Web-page spoofing (phishing)
DNS spoofing

Hacking with Computer Code
Cross-site scripting (XSS)
Uses vulnerability of Web application that allows the Web site to get injected with malicious code. When a user visits the Web site, that malicious code is able to collect data from the user.
Buffer overflow attack
Large amount of data sent to overflow the input memory (buffer) of a program causing it to crash and replaced with attacker’s program instructions.
SQL injection (insertion) attack
Malicious code inserted in place of a query to get to the database information

Copyright © 2018 Pearson Education, Inc.
Chapter 6: Computer Fraud and Abuse Techniques
Slide 1 – ‹#›
Other Types of Hacking
Man in the middle (MITM)
Hacker is placed in between a client (user) and a host (server) to read, modify, or steal data.
Masquerading/impersonation
Piggybacking
Password cracking
War dialing and driving
Phreaking
Data diddling
Data leakage
Podslurping

Hacking Used for Embezzlement
Salami technique:
Taking small amounts at a time
Round-down fraud
Economic espionage
Theft of information, intellectual property, and trade secrets
Cyber-extortion
Threats to a person or business online through e-mail or text messages unless money is paid

Copyright © 2018 Pearson Education, Inc.
Chapter 6: Computer Fraud and Abuse Techniques
Slide 1 – ‹#›
Hacking Used for Fraud
Internet misinformation
E-mail threats
Internet auction
Internet pump and dump
Click fraud
Web cramming
Software piracy

Social Engineering Techniques
Identity theft
Assuming someone else’s identity
Pretexting
Using a scenario to trick victims to divulge information or to gain access
Posing
Creating a fake business to get sensitive information
Phishing
Sending an e-mail asking the victim to respond to a link that appears legitimate that requests sensitive data
Pharming
Redirects Web site to a spoofed Web site
URL hijacking
Takes advantage of typographical errors entered in for Web sites and user gets invalid or wrong Web site
Scavenging
Searching trash for confidential information
Shoulder surfing
Snooping (either close behind the person) or using technology to snoop and get confidential information
Skimming
Double swiping credit card
Eavesdropping

Why People Fall Victim
Compassion
Desire to help others
Greed
Want a good deal or something for free
Sex appeal
More cooperative with those that are flirtatious or good looking
Sloth
Lazy habits
Trust
Will cooperate if trust is gained
Urgency
Cooperation occurs when there is a sense of immediate need
Vanity
More cooperation when appeal to vanity

Copyright © 2018 Pearson Education, Inc.
Chapter 6: Computer Fraud and Abuse Techniques
Slide 1 – ‹#›
Minimize the Threat of Social Engineering
Never let people follow you into restricted areas
Never log in for someone else on a computer
Never give sensitive information over the phone or through e-mail
Never share passwords or user IDs
Be cautious of someone you don’t know who is trying to gain access through you

Copyright © 2018 Pearson Education, Inc.
Chapter 6: Computer Fraud and Abuse Techniques
Slide 1 – ‹#›
Types of Malware
Spyware
Secretly monitors and collects information
Can hijack browser, search requests
Adware, Scareware
Ransomware
Locks you out of all your programs and data using encryption
Keylogger
Software that records user keystrokes
Trojan Horse
Malicious computer instructions in an authorized and properly functioning program
Trap door
Set of instructions that allow the user to bypass normal system controls
Packet sniffer
Captures data as it travels over the Internet
Virus
A section of self-replicating code that attaches to a program or file requiring a human to do something so it can replicate itself
Worm
Stand alone self replicating program

Cellphone Bluetooth Vulnerabilities
Bluesnarfing
Stealing contact lists, data, pictures on bluetooth compatible smartphones
Bluebugging
Taking control of a phone to make or listen to calls, send or read text messages

Key Terms (1 of 3)
Hacking
Hijacking
Botnet
Zombie
Bot herder
Denial-of-service (DoS) attack
Spamming
Dictionary attack
Splog
Spoofing
E-mail spoofing
Caller ID spoofing
IP address spoofing
MAC address
Address Resolution Protocol (ARP) spoofing
SMS spoofing
Web-page spoofing
DNS spoofing
Zero day attack
Patch
Cross-site scripting (XSS)
Buffer overflow attack
SQL injection (insertion) attack
Man-in-the-middle (MITM) attack
Masquerading/impersonation
Piggybacking

Key Terms (2 of 3)
Password cracking
War dialing
War driving
War rocketing
Phreaking
Data diddling
Data leakage
Podslurping
Salami technique
Round-down fraud
Economic espionage
Cyber-extortion
Cyber-bullying
Sexting
Internet terrorism
Internet misinformation
E-mail threats
Internet auction fraud
Internet pump-and-dump fraud
Click fraud
Web cramming
Software piracy
Social engineering
Identity theft
Pretexting
Posing
Phishing
vishing

Key Terms (3 of 3)
Carding
Pharming
Evil twin
Typosquatting/URL hijacking
QR barcode replacements
Tabnapping
Scavenging/dumpster diving
Shoulder surfing
Lebanese looping
Skimming
Chipping
Eavesdropping
Malware
Spyware
Adware
Torpedo software
Scareware
Ransomware
Keylogger
Trojan horse
Time bomb/logic bomb
Trap door/back door
Packet sniffers
Steganography program
Rootkit
Superzapping
Virus
Worm
Bluesnarfing
Bluebugging

Accounting Information Systems

Fourteenth Edition

Chapter 21

AIS Development Strategies

Copyright © 2018 Pearson Education, Inc.
Chapter 21: AIS Development Strategies
Slide 1 – ‹#›
If this PowerPoint presentation contains mathematical equations, you may need to check that your computer has the following installed:
1) MathType Plugin
2) Math Player (free versions available)
3) NVDA Reader (free versions available)
1

Learning Objectives
Describe how organizations purchase application software, vendor services, and hardware.
Explain how information system departments develop custom software.
Explain why organizations outsource their information systems, and evaluate the benefits and risks of this strategy.
Explain how business process management (BPM), prototyping, agile development, and computer-aided software engineering can help improve system development.

How to Obtain an AIS
Purchase
Develop in-house
Outsource to outside organization

Purchasing
Select a vendor (from referrals, trade shows, etc.)
Request for proposal (RFP) that meets needs
Evaluate proposals
Top vendors invited to give demonstrations on how their system will fit your needs
Make a final selection based upon your criteria

Develop Software In-House
Advantages
Provides a significant competitive advantage
Risks
Requires significant amounts of time
Complexity of the system
Poor requirements defined
Insufficient planning
Inadequate communication and cooperation
Lack of qualified staff
Poor top management support

End-User Computing
Advantages
Disadvantages
Allows for end-users to create, control, and implement simple systems
More likely to meet user needs
Saves time
Frees up system resources
Easy to use and understand
Lack of testing of application and possible calculation errors
Inefficient systems
Poorly controlled
Poorly documented
System incompatibilities
Duplication of data
Increase costs in later years with upgrades

Outsourcing
Advantages
Disadvantage
Allows companies to concentrate on core competencies
Asset utilization
Access to greater expertise and better technology
Lower costs by standardizing user applications and splitting development and maintenance costs between projects
Less development time
Elimination of peaks-and-valleys usage
Facilitates downsizing
Inflexibility
Loss of control
Reduced competitive advantage
Locked-in system
Unfulfilled goals
Poor service
Increased risk

Copyright © 2018 Pearson Education, Inc.
Chapter 21: AIS Development Strategies
Slide 1 – ‹#›
Business Process Management Systems
Automate and facilitate business process improvements using:
Process engine to model and execute applications and business rules
Business analytics to identify issues, trends, and opportunities
Collaboration tools to remove communication barriers
Content manager to store electronic documents and images

Prototyping
Advantages
Disadvantages
Results in well-defined user needs
Higher user satisfaction and involvement
Faster development time
Fewer errors
Opportunities to suggest changes
Less costly
Requires significant user time
Resource efficiency may not be achieved
Inadequate testing and documentation
Negative behavioral reactions
Continuous development of iterations leaves a feeling of no project completion

Computer-Aided Software (or Systems) Engineering (CASE)
Advantages
Disadvantages
Improved productivity
Improved program quality
Cost savings
Improved control procedures
Simplified documentation
Incompatibility with other systems
Unmet expectations

Copyright © 2018 Pearson Education, Inc.
Chapter 21: AIS Development Strategies
Slide 1 – ‹#›
Key Terms
Canned software
Turnkey systems
Application service provider (ASP)
Request for proposal (RFP)
Benchmark problem
Point scoring
Requirement costing
Custom software
End-user computing (EUC)
Help desk
Outsourcing
Business process reengineering (BPR)
Business process management (BPM)
Business Process Management System (BPMS)
Prototyping
Operational prototype
Nonoperational (throwaway) prototype
Computer-aided software (or systems) engineering (CASE)

Accounting Information Systems

Fourteenth Edition

Chapter 16

General Ledger and Reporting System

Copyright © 2018 Pearson Education, Inc.
Chapter 16: General Ledger and Reporting System
Slide 1 – ‹#›
If this PowerPoint presentation contains mathematical equations, you may need to check that your computer has the following installed:
1) MathType Plugin
2) Math Player (free versions available)
3) NVDA Reader (free versions available)
1

Learning Objectives
Describe the activities, information needs, and key decisions made in the general ledger and reporting system, explain the general threats in the cycle, and describe the controls that can be used to mitigate those threats.
Explain the process for updating the general ledger, the threats to that process, and the controls that can be used to mitigate those threats.
Explain the purpose and nature of posting adjusting entries, the threats to that process, and the controls that can be used to mitigate those threats.
Explain the process of preparing financial statements, the threats to that process, the controls that can be used to mitigate those threats, and how IT developments such as XBRL can improve the efficiency and effectiveness of preparing financial statements.
Describe the process for producing various managerial reports, the threats to that process, and how tools like responsibility accounting, the balanced scorecard, and well-designed graphs can help mitigate those threats.

General Ledger and Reporting System Process
Update general ledger
Post adjusting entries
Prepare financial statements
Produce managerial reports

General Threats Throughout the General Ledger and Reporting Cycle
Threats
Controls
Inaccurate or invalid general ledger data
Unauthorized disclosure of financial statement
Loss or destruction of data
1 a. Data processing integrity
controls
b. Restriction of access to G/L
c. Review of all changes to G/L
data
2 a. Access controls
b. Encryption
3 a. Backup and disaster recovery
procedures

Copyright © 2018 Pearson Education, Inc.
Chapter 16: General Ledger and Reporting System
Slide 1 – ‹#›
Update General Ledger
Threats
Controls
Inaccurate updating of general ledger
Unauthorized journal entries
1 a. Data entry processing
integrity controls
b. Reconciliations and control
reports
c. Audit trail creation and review
2 a. Access controls
b. Reconciliations and control
reports
c. Audit trail creation and review

Adjusting Entries
Accruals
Made at end of accounting period to reflect events that have occurred but are not in the financial statements (e.g., wages payable)
Deferrals
Made at end of accounting period to reflect exchange of cash prior to performance of related event (e.g., rent)
Estimates
Portion of expenses expected to occur over a number of accounting periods (e.g., depreciation)
Revaluations
Entries made to reflect differences between actual and recorded value of an asset or change in accounting principle
Corrections
Entries made to counteract effects of errors found in the general ledger

Copyright © 2018 Pearson Education, Inc.
Chapter 16: General Ledger and Reporting System
Slide 1 – ‹#›
Post Adjusting Entries
Threats
Controls
Inaccurate adjusting entries
Unauthorized adjusting entries
1 a. Data entry processing
integrity controls
b. Spreadsheet error protection
controls
c. Standard adjusting entries
d. Reconciliations and control
reports
e. Audit trail creation and review
2 a. Access controls
b. Reconciliations and control
reports
c. Audit trail creation and review

Copyright © 2018 Pearson Education, Inc.
Chapter 16: General Ledger and Reporting System
Slide 1 – ‹#›
Prepare Financial Statements
Produce Managerial Reports
Threats
Controls
Inaccurate financial statements
Fraudulent financial reporting
Poorly designed reports and graphs
1 a. Processing integrity controls
b. Use of packaged software
c. Training and experience in
applying IFRS and XBRL
d. Audits
2 a. Audits
3 a. Responsibility accounting
b. Balanced scorecard
c. Training on proper graph
design

Copyright © 2018 Pearson Education, Inc.
Chapter 16: General Ledger and Reporting System
Slide 1 – ‹#›
Regulatory & Technological Developments That Affect Financial Reporting
International Financial Reporting Standards (IFRS)
Understand the systems implications due to the fact that the IFRS is different in financial reporting than Generally Accepted Accounting Principles (GAAP)
eXtensible Business Reporting Language (XBRL)
Specifically used for communicating financial data (required by the Securities and Exchange Commission (SEC) if public company)

Managerial Reports & Evaluating Performance
Responsibility accounting
Reporting results based upon managerial responsibilities in an organization
Flexible budget
Budget formula based upon level of activity (e.g., production levels)
Balanced scorecard
Measures financial and nonfinancial performance using four dimensional goals:
Financial
Customer
Internal Operations
Innovation and Learning
Graphs
Data visualization and proper graph design

Key Terms
Journal voucher file
Trial balance
Audit trail
XBRL
Instance document
Element
Taxonomy
Schema
Linkbases
Style sheet
Extension taxonomy
Responsibility accounting
Flexible budget
Balanced scorecard

Accounting Information Systems

Fourteenth Edition

Chapter 22

Systems Design, Implementation, and Operation

Copyright © 2018 Pearson Education, Inc.
Chapter 22: Systems Design, Implementation, and Operation
Slide 1 – ‹#›
If this PowerPoint presentation contains mathematical equations, you may need to check that your computer has the following installed:
1) MathType Plugin
2) Math Player (free versions available)
3) NVDA Reader (free versions available)
1

Learning Objectives
Discuss the conceptual systems design process and the activities in this phase.
Discuss the physical systems design process and the activities in this phase.
Discuss the systems implementation process and the activities in this phase.
Discuss the systems conversion process and the activities in this phase
Discuss the systems operation and maintenance process and the activities in this phase.

Phase 2: Conceptual Systems Design

Copyright © 2018 Pearson Education, Inc.
Slide 1 – ‹#›
Chapter 22: Systems Design, Implementation, and Operation
Copyright © 2018 Pearson Education, Inc.
Chapter 22: Systems Design, Implementation, and Operation
Slide 1 – ‹#›

Phase 3: Physical Systems Design
Output design (e.g., reports)
File and database design
Input design (e.g., forms, computer screen input)
Program design
Procedures design
Control design

Program Design
Determine user needs
Create and document development plan
Write the computer code
Test the program
Document the program
Train users
Install the system (including components and hardware)
Use and modify the system

Phase 4: Systems Implementation
Implementation plan
Select and train personnel
Complete documentation
Development documentation
Operations documentation
User documentation
Testing the system

Copyright © 2018 Pearson Education, Inc.
Chapter 22: Systems Design, Implementation, and Operation
Slide 1 – ‹#›
Testing the System
Walk-throughs
Step by step review
Processing test data
Test all valid transactions and error conditions
Acceptance tests
Use copies of real data

Copyright © 2018 Pearson Education, Inc.
Chapter 22: Systems Design, Implementation, and Operation
Slide 1 – ‹#›
Systems Conversion
Direct conversion
Terminates the old and begins with the new system
Parallel conversion
Operate old and new systems for a period of time
Phase-in conversion
Gradual replacement of old elements with new system elements
Pilot conversion
Implement a system in a part of an organization (e.g., a branch)

Copyright © 2018 Pearson Education, Inc.
Chapter 22: Systems Design, Implementation, and Operation
Slide 1 – ‹#›
Phase 5: Operations and Maintenance
Conduct post-implementation review includes answering these questions:
Does the system meet the organization’s goals?
Are user’s satisfied?
Were expected benefits achieved?
Were actual costs inline with expected costs?
Is the system reliable?
Does the system produce accurate and complete data and on a timely basis?
Is the system compatible with existing systems?
Is the system safeguarded from errors, fraud, and intrusion?
Are there adequate error-handling procedures in place?
Is everyone trained to use the new system?
Is systems documentation complete and accurate?

Key Terms
Conceptual design specifications
Conceptual systems design report
Scheduled report
Special-purpose analysis report
Triggered exception report
Demand report
Structured programming
Debugging
Program maintenance
Physical systems design report
Systems implementation
Implementation plan
Walk-through
Processing test data
Acceptance test
Conversion
Direct conversion
Parallel conversion
Phase-in conversion
Pilot conversion
Post-implementation review
Post-implementation review report

Accounting Information Systems

Fourteenth Edition

Chapter 9

Confidentiality and Privacy Controls

Copyright © 2018 Pearson Education, Inc.
Chapter 9: Confidentiality and Privacy Controls
Slide 1 – ‹#›
If this PowerPoint presentation contains mathematical equations, you may need to check that your computer has the following installed:
1) MathType Plugin
2) Math Player (free versions available)
3) NVDA Reader (free versions available)
1

Learning Objectives
Describe the controls that can be used to protect the confidentiality of sensitive information.
Explain the controls that organization’s use to protect the privacy of personal information they collect from customers, suppliers, and employees, and discuss how the Generally Accepted Privacy Principles (GAPP) framework provides guidance in developing a comprehensive approach to protecting privacy.
Discuss how different types of encryption systems work, and explain how digital signatures provide the means for creating legally-enforceable contracts.

Protecting Confidentiality and Privacy of Sensitive Information
Identify and classify information to protect
Where is it located and who has access?
Classify value of information to organization
Encryption
Protect information in transit and in storage
Access controls
Information Rights Management (IRM)
Data loss prevention (DLP)
Digital watermarks
Training

Privacy Concerns
Spam-unsolicited e-mail that contains either advertising or offensive content.
Identity theft-assuming someone’s identity, usually for financial gain.

Generally Accepted Privacy Principles
Management
Procedures and policies with assigned responsibility and accountability
Notice
Provide notice of privacy policies and practices prior to collecting data
Choice and consent
Opt-in versus opt-out approaches
Collection
Only collect needed information
Use, retention, and disposal
Use information only for stated business purpose. When no longer useful, dispose in a secure manner.
Access
Customer should be able to review, correct, or delete information collected on them
Disclosure to third parties
Security
Protect from loss or unauthorized access
Quality
Monitoring and enforcement
Procedures in responding to complaints
Compliance

Encryption
Preventative control
Factors that influence encryption strength:
Key length (longer = stronger)
Algorithm
Management policies
Stored securely

Copyright © 2018 Pearson Education, Inc.
Chapter 9: Confidentiality and Privacy Controls
Slide 1 – ‹#›
Encryption Steps
Takes plain text and with an encryption key and algorithm, converts to unreadable ciphertext (sender of message)
To read ciphertext, encryption key reverses process to make information readable (receiver of message)

Copyright © 2018 Pearson Education, Inc.
Chapter 9: Confidentiality and Privacy Controls
Slide 1 – ‹#›
Types of Encryption
Symmetric
Asymmetric
Uses one key to encrypt and decrypt
Both parties need to know the key
Need to securely communicate the shared key
Cannot share key with multiple parties, they get their own (different) key from the organization
Uses two keys
Public—everyone has access
Private—used to decrypt (only known by you)
Public key can be used by all your trading partners
Can create digital signatures

Digital Signatures
Used to create legally binding agreements (two steps to create)
Document creator uses a hashing algorithm to generate a hash of the original document
Document creator uses private key to encrypt step 1 above

Virtual Private Network
Securely transmits encrypted data between sender and receiver
Sender and receiver have the appropriate encryption and decryption keys.

Copyright © 2018 Pearson Education, Inc.
Chapter 9: Confidentiality and Privacy Controls
Slide 1 – ‹#›
Key Terms
Information rights management (IRM)
Data loss prevention (DLP)
Digital watermark
Data masking
Tokenization
Spam
Identity theft
Cookie
Encryption
Plaintext
Ciphertext
Decryption
Symmetric encryption systems
Asymmetric encryption systems
Public key
Private key
Key escrow
Hashing
Hash
Nonrepudiation
Digital signature
Digital certificate
Certificate authority
Public key infrastructure (PKI)
Virtual private network (VPN)

Accounting Information Systems

Fourteenth Edition

Chapter 7

Control and Accounting Information Systems

Copyright © 2018 Pearson Education, Inc.
Chapter 7: Control and Accounting Information Systems
Slide 1 – ‹#›
If this PowerPoint presentation contains mathematical equations, you may need to check that your computer has the following installed:
1) MathType Plugin
2) Math Player (free versions available)
3) NVDA Reader (free versions available)
1

Learning Objectives (1 of 2)
Explain basic control concepts and why computer control and security are important.
Compare and contrast the COBIT, COSO, and ERM control frameworks.
Describe the major elements in the internal environment of a company.
Describe the control objectives that companies need to set and how to identify events that affect organizational uncertainty.

Learning Objectives (2 of 2)
Explain how to assess and respond to risk using the Enterprise Risk Management model.
Describe control activities commonly used in companies.
Describe how to communicate information and monitor control processes in organizations.

Why Is Control Needed?
Any potential adverse occurrence or unwanted event that could be injurious to either the accounting information system or the organization is referred to as a threat or an event.
The potential dollar loss should a particular threat become a reality is referred to as the exposure or impact of the threat.
The probability that the threat will happen is the likelihood associated with the threat.

A Primary Objective of an AIS
Is to control the organization so the organization can achieve its objectives
Management expects accountants to:
Take a proactive approach to eliminating system threats.
Detect, correct, and recover from threats when they occur.

Copyright © 2018 Pearson Education, Inc.
Chapter 7: Control and Accounting Information Systems
Slide 1 – ‹#›
Internal Controls
Processes implemented to provide assurance that the following objectives are achieved:
Safeguard assets
Maintain sufficient records
Provide accurate and reliable information
Prepare financial reports according to established criteria
Promote and improve operational efficiency
Encourage adherence with management policies
Comply with laws and regulations

Functions of Internal Controls
Preventive controls
Deter problems from occurring
Detective controls
Discover problems that are not prevented
Corrective controls
Identify and correct problems; correct and recover from the problems

Foreign Corrupt Practices (FCPA) and Sarbanes–Oxley Acts (SOX)
FCPA is legislation passed (1977) to
Prevent companies from bribing foreign officials to obtain business
Requires all publicly owned corporations to maintain a system of internal accounting controls.
SOX is legislation passed (2002) applies to publicly held companies and their auditors to
Prevent financial statement fraud
Financial report transparent
Protect investors
Strengthen internal controls
Punish executives who perpetrate fraud

Control Frameworks
COBIT
Framework for IT control
COSO
Framework for enterprise internal controls (control-based approach)
COSO-ERM
Expands COSO framework taking a risk-based approach

Copyright © 2018 Pearson Education, Inc.
Chapter 7: Control and Accounting Information Systems
Slide 1 – ‹#›
COBIT Framework
Current framework version is COBIT5
Based on the following principles:
Meeting stakeholder needs
Covering the enterprise end-to-end
Applying a single, integrated framework
Enabling a holistic approach
Separating governance from management

COBIT5 Separates Governance from Management

Copyright © 2018 Pearson Education, Inc.
Chapter 7: Control and Accounting Information Systems
Slide 1 – ‹#›
Copyright © 2018 Pearson Education, Inc.
Chapter 7: Control and Accounting Information Systems
Slide 1 – ‹#›

Components of COSO Frameworks
COSO
COSO-ERM
Control (internal) environment
Risk assessment
Control activities
Information and communication
Monitoring
Internal environment
Objective setting
Event identification
Risk assessment
Risk response
Control activities
Information and communication
Monitoring

Internal Environment
Management’s philosophy, operating style, and risk appetite
Commitment to integrity, ethical values, and competence
Internal control oversight by Board of Directors
Organizing structure
Methods of assigning authority and responsibility
Human resource standards

Objective Setting
Strategic objectives
High-level goals
Operations objectives
Effectiveness and efficiency of operations
Reporting objectives
Improve decision making and monitor performance
Compliance objectives
Compliance with applicable laws and regulations

Event Identification
Identifying incidents both external and internal to the organization that could affect the achievement of the organizations objectives
Key Management Questions:
What could go wrong?
How can it go wrong?
What is the potential harm?
What can be done about it?

Risk Assessment
Risk is assessed from two perspectives:
Likelihood
Probability that the event will occur
Impact
Estimate potential loss if event occurs
Types of risk
Inherent
Risk that exists before plans are made to control it
Residual
Risk that is left over after you control it

Risk Response
Reduce
Implement effective internal control
Accept
Do nothing, accept likelihood, and impact of risk
Share
Buy insurance, outsource, or hedge
Avoid
Do not engage in the activity

Control Activities
Proper authorization of transactions and activities
Segregation of duties
Project development and acquisition controls
Change management controls
Design and use of documents and records
Safeguarding assets, records, and data
Independent checks on performance

Copyright © 2018 Pearson Education, Inc.
Chapter 7: Control and Accounting Information Systems
Slide 1 – ‹#›
Segregation of Accounting Duties

Segregation of Systems Duties
Segregation of systems duties as to divide authority and responsibility between the following systems functions
System administration
Network management
Security management
Change management
Users
Systems analysts
Programmers
Computer operators
Information system librarian
Data control

Monitoring
Perform internal control evaluations (e.g., internal audit)
Implement effective supervision
Use responsibility accounting systems (e.g., budgets)
Monitor system activities
Track purchased software and mobile devices
Conduct periodic audits (e.g., external, internal, network security)
Employ computer security officer
Engage forensic specialists
Install fraud detection software
Implement fraud hotline

Copyright © 2018 Pearson Education, Inc.
Chapter 7: Control and Accounting Information Systems
Slide 1 – ‹#›
Key Terms (1 of 3)
Threat/Event
Exposure/impact
Likelihood/risk
Internal controls
Preventive controls
Detective controls
Corrective controls
General controls
Application controls
Belief system
Boundary system
Diagnostic control system
Interactive control system
Foreign Corrupt Practices Act (FCPA)
Sarbanes-Oxley Act (SOX)
Public Company Accounting Oversight Board (PCAOB)
Control Objectives for Information and Related Technology (COBIT)
Committee of Sponsoring Organizations (COSO)
Internal control-integrated framework (IC)
Enterprise Risk Management Integrated Framework (ERM)
Internal environment

Key Terms (2 of 3)
Risk appetite
Audit committee
Policy and procedures manual
Background check
Strategic objectives
Operations objectives
Reporting objectives
Compliance objectives
Event
Inherent risk
Residual risk
Expected loss
Control activities
Authorization
Digital signature
Specific authorization
General authorization
Segregation of accounting duties
Collusion
Segregation of systems duties
Systems administrator
Network manager
Security management
Change management
Users
Systems analysts
Programmers
Computer operators
Information system library

Key Terms (3 of 3)
Data control group
Steering committee
Strategic master plan
Project development plan
Project milestones
Data processing schedule
System performance measurements
Throughput
Utilization
Response time
Postimplementation review
Systems integrator
Analytical review
Audit trail
Computer security officer (CSO)
Chief compliance officer (CCO)
Forensic investigators
Computer forensics specialists
Neural networks
Fraud hotline

Accounting Information Systems

Fourteenth Edition

Chapter 5

Computer Fraud

Copyright © 2018 Pearson Education, Inc.
Chapter 5: Computer Fraud
Slide 1 – ‹#›
If this PowerPoint presentation contains mathematical equations, you may need to check that your computer has the following installed:
1) MathType Plugin
2) Math Player (free versions available)
3) NVDA Reader (free versions available)
1

Learning Objectives
Explain the threats faced by modern information systems.
Define fraud and describe both the different types of fraud and the auditor’s responsibility to detect fraud.
Discuss who perpetrates fraud and why it occurs, including the pressures, opportunities, and rationalizations that are present in most frauds.
Define computer fraud and discuss the different computer fraud classifications.
Explain how to prevent and detect computer fraud and abuse.

Threats to AIS
Natural and Political disasters
Software errors and equipment malfunctions
Unintentional acts
Intentional acts

Fraud
Any means a person uses to gain an unfair advantage over another person; includes:
A false statement, representation, or disclosure
A material fact, which induces a victim to act
An intent to deceive
Victim relied on the misrepresentation
Injury or loss was suffered by the victim
Fraud is white-collar crime

Two Categories of Fraud
Misappropriation of assets
Theft of company assets which can include physical assets (e.g., cash, inventory) and digital assets (e.g., intellectual property such as protected trade secrets, customer data)
Fraudulent financial reporting
“cooking the books” (e.g., booking fictitious revenue, overstating assets, etc.)

Copyright © 2018 Pearson Education, Inc.
Chapter 5: Computer Fraud
Slide 1 – ‹#›
Auditor’s Responsibility
SAS No. 99 (AU-C Section 240) requires auditor’s to:
Understand fraud
Discuss the risks of material fraudulent misstatements
Obtain information
Identify, assess, and respond to risks
Evaluate the results of their audit tests
Document and Communicate findings
Incorporate a technology focus

Conditions for Fraud
These three conditions must be present for fraud to occur:
Pressure
Employee
Financial
Lifestyle
Emotional
Financial Statement
Financial
Management
Industry conditions

Opportunity to:
Commit
Conceal
Convert to personal gain
Rationalize
Justify behavior
Attitude that rules don’t apply
Lack personal integrity

Fraud Triangle

Copyright © 2018 Pearson Education, Inc.
Chapter 5: Computer Fraud
Slide 1 – ‹#›
Copyright © 2018 Pearson Education, Inc.
Chapter 5: Computer Fraud
Slide 1 – ‹#›

Computer Fraud
If a computer is used to commit fraud it is called computer fraud.
Computer fraud is classified as:
Input
Processor
Computer instruction
Data
Output

Preventing and Detecting Fraud
1. Make Fraud Less Likely to Occur
Organizational
Systems
Create a culture of integrity
Adopt structure that minimizes fraud, create governance (e.g., Board of Directors)
Assign authority for business objectives and hold them accountable for achieving those objectives, effective supervision and monitoring of employees
Communicate policies
Develop security policies to guide and design specific control procedures
Implement change management controls and project development acquisition controls

Preventing and Detecting Fraud
2. Make It Difficulty to Commit
Organizational
Systems
Develop strong internal controls
Segregate accounting functions
Use properly designed forms
Require independent checks and reconciliations of data
Restrict access
System authentication
Implement computer controls over input, processing, storage and output of data
Use encryption
Fix software bugs and update systems regularly
Destroy hard drives when disposing of computers

Copyright © 2018 Pearson Education, Inc.
Chapter 5: Computer Fraud
Slide 1 – ‹#›
Preventing and Detecting Fraud
3. Improve Detection
Organizational
Systems
Assess fraud risk
External and internal audits
Fraud hotline
Audit trail of transactions through the system
Install fraud detection software
Monitor system activities (user and error logs, intrusion detection)

Copyright © 2018 Pearson Education, Inc.
Chapter 5: Computer Fraud
Slide 1 – ‹#›
Preventing and Detecting Fraud
4. Reduce Fraud Losses
Organizational
Systems
Insurance
Business continuity and disaster recovery plan
Store backup copies of program and data files in secure, off-site location
Monitor system activity

Copyright © 2018 Pearson Education, Inc.
Chapter 5: Computer Fraud
Slide 1 – ‹#›
Key Terms
Sabotage
Cookie
Fraud
White-collar criminals
Corruption
Investment fraud
Misappropriation of assets
Fraudulent financial reporting
Pressure
Opportunity
Rationalization
Lapping
Check kiting
Computer fraud

Accounting Information Systems

Fourteenth Edition

Chapter 14

The Production Cycle

Copyright © 2018 Pearson Education, Inc.
Chapter 14: The Production Cycle
Slide 1 – ‹#›
If this PowerPoint presentation contains mathematical equations, you may need to check that your computer has the following installed:
1) MathType Plugin
2) Math Player (free versions available)
3) NVDA Reader (free versions available)
1

Learning Objectives (1 of 2)
Describe the major business activities and key decisions that must be made in the production cycle, the threats to accomplishing production cycle objectives, and the controls that can mitigate those threats.
Explain the key decisions and information needs in product design, the threats to those activities, and the controls that can mitigate those threats.
Explain the key decisions and information needs in planning and scheduling production, the threats to those activities, and the controls that can mitigate those threats.

Learning Objectives (2 of 2)
Explain the key decisions and information needs in production operations, the threats to those activities, and the controls that can mitigate those threats.
Explain the key decisions and information needs for accurate cost accounting, threats to those activities, and the controls that can mitigate those threats.

Production Cycle Process (1 of 2)
Product Design
Source documents: bill of materials and operations list
Planning and Scheduling
Source documents: Master production schedule, production order, and materials requisition
Production Operations
Cost Accounting

Production Cycle Process (2 of 2)

Copyright © 2018 Pearson Education, Inc.
Chapter 14: The Production Cycle
Slide 1 – ‹#›
General Issues
Threats
Controls
Inaccurate/Invalid master data
Unauthorized disclosure of sensitive information
Loss or destruction of data
1 a. Data processing integrity controls
b. Restrict access to master data
c. Review changes to master data
2 a. Access controls
b. Encryption
3 a. Backup and disaster recovery procedures

Product Design
Create a product that meets customer requirements
Generates two output documents:
Bill of materials
Operations list

Planning and Scheduling
Two types of production planning
Manufacturing resource planning (MRP-II)
Lean manufacturing
Documents from Planning and Scheduling
Production order
Materials requisition
Move tickets

1. Product Design
2. Planning and Scheduling
Threats
Controls
Poor product design resulting in excess costs
Over and under production
1 a. Analysis of costs arising from product design choices
b. Analysis of warranty and repair costs
2 a. Production planning systems
b. Review and approve production orders and schedules
c. Restrict access to orders and schedules

3. Production Operations
Threats
Controls
Inventory theft
Fixed asset theft
Poor performance
Suboptimal investments in fixed assets
Loss of inventory or fixed assets due to fire or disasters
Disruption of operations
1 a. Restrict physical access
b. Document movement of inventory
c. Segregation of custody duties
from authorization and recording
2 a. Restrict access to fixed assets
b. Keep detailed records of fixed assets including disposals
3 a. Performance reporting
4 a. Solicit competitive bids
5 a. Insurance and physical safeguards
6 a. Backup and disaster recovery plans

Cost Accounting Systems
Provide information for planning, controlling, and evaluating the performance of production operations
Provide accurate cost data about products for use in pricing and product mix decisions
Collect and process the information used to calculate the inventory and cost of goods sold values that appear in organization’s financials

4. Cost Accounting
Threats
Controls
Inaccurate cost data
Inappropriate allocation of overhead costs
Misleading reports
1 a. Source data automation
b. Data processing integrity controls
2 a. Time-driven activity-based costing
3 a. Performance metrics

Key Terms
Production cycle
Bill of materials
Operations list
Manufacturing resource planning (MRP-II)
Lean manufacturing
Master production schedule (MPS)
Production order
Materials requisition
Move ticket
Computer-integrated manufacturing (CIM)
Request for proposal (RFP)
Job-order costing
Process costing
Job-time ticket
Manufacturing overhead
Activity-based costing
Cost driver
Throughput

Accounting Information Systems

Fourteenth Edition

Chapter 8

Controls for Information Security

Copyright © 2018 Pearson Education, Inc.
Chapter 8: Controls for Information Security
Slide 1 – ‹#›
If this PowerPoint presentation contains mathematical equations, you may need to check that your computer has the following installed:
1) MathType Plugin
2) Math Player (free versions available)
3) NVDA Reader (free versions available)
1

Learning Objectives (1 of 2)
Explain how security and the other four principles in the Trust Services Framework affect systems reliability.
Explain two fundamental concepts; why information security is a management issue, and the time-based model of information security.
Discuss the steps criminals follow to execute a targeted attack against an organization’s information system.

Learning Objectives (2 of 2)
Describe the preventive, detective, and corrective controls that can be used to protect an organization’s information.
Describe the controls that can be used to timely detect that an organization’s information system is under attack.
Discuss how organizations can timely respond to attacks against their information system.
Explain how virtualization, cloud computing, and the Internet of Things affect information security.

Trust Services Framework
Security
Access to the system and data is controlled and restricted to legitimate users.
Confidentiality
Sensitive organizational data is protected.
Privacy
Personal information about trading partners, investors, and employees are protected.
Processing integrity
Data are processed accurately, completely, in a timely manner, and only with proper authorization.
Availability
System and information are available.

Copyright © 2018 Pearson Education, Inc.
Chapter 8: Controls for Information Security
Slide 1 – ‹#›
Copyright © 2018 Pearson Education, Inc.
Chapter 8: Controls for Information Security
Slide 1 – ‹#›

Security Life Cycle
Security is a management issue

Copyright © 2018 Pearson Education, Inc.
Chapter 8: Controls for Information Security
Slide 1 – ‹#›
Security Approach
Time-based model, security is effective if:
P > D + C where
P is time it takes an attacker to break through preventive controls
D is time it takes to detect an attack is in progress
C is time it takes to respond to the attack and take corrective action

Understanding Targeted Attacks
Conduct reconnaissance
Attempt social engineering
Scan and map the target
Research
Execute the attack
Cover tracks

How to Mitigate Risk of Attack
Preventive Controls
Detective Controls
People
Process
IT Solutions
Physical security
Log analysis
Intrusion detection systems
Continuous monitoring
Response
Computer Incident Response Teams (CIRT)
Chief Information Security Officer (CISO)

Copyright © 2018 Pearson Education, Inc.
Chapter 8: Controls for Information Security
Slide 1 – ‹#›
Preventive: People
Culture of security
Tone set at the top with management
Training
Follow safe computing practices
Never open unsolicited e-mail attachments
Use only approved software
Do not share passwords
Physically protect laptops/cellphones
Protect against social engineering

Copyright © 2018 Pearson Education, Inc.
Chapter 8: Controls for Information Security
Slide 1 – ‹#›
Preventive Process: User Access Controls
Authentication—verifies the person
Something person knows
Something person has
Some biometric characteristic
Combination of all three
Authorization—determines what a person can access

Preventive Process: Change Controls and Change Management
Formal process used to ensure that modifications to hardware, software, or processes do not reduce systems reliability
Good change management and control requires
Documentation
Approval
Testing
Develop “backout” plan
Monitoring

Preventive: IT Solutions
Antimalware controls
Network access controls
Device and software hardening controls
Encryption

Copyright © 2018 Pearson Education, Inc.
Chapter 8: Controls for Information Security
Slide 1 – ‹#›
Preventive: Physical Security: Access Controls
Physical security access controls
Limit entry to building
Restrict access to network and data

Copyright © 2018 Pearson Education, Inc.
Chapter 8: Controls for Information Security
Slide 1 – ‹#›
Detecting Attacks
Log Analysis—examining logs to identify evidence of possible attacks
Intrusion Detection Systems (IDSs) —system that creates logs of network traffic that was permitted to pass the firewall and then analyzes those logs for signs of attempted or successful intrusions
Continuous Monitoring—employee compliance with organization’s information security policies and overall performance of business processes

Copyright © 2018 Pearson Education, Inc.
Chapter 8: Controls for Information Security
Slide 1 – ‹#›
Responding to Attacks
Computer Incident Response Team (CIRT)
Chief Information Security Officer (CISO)

Copyright © 2018 Pearson Education, Inc.
Chapter 8: Controls for Information Security
Slide 1 – ‹#›
Security Implications of Virtualization, Cloud Computing, and the Internet of Things
Virtualization and Cloud Computing
Positive impact on security
Implementing strong access controls is good security over all the systems
Negative impact on security
Reliability issues
Risk of theft or destruction if unsupervised physical access

Key Terms
Time-based model of security
Defense-in-depth
Social engineering
Authentication
Biometric identifier
Multifactor authentication
Multimodal authentication
Authorization
Access control matrix
Compatibility test
Penetration test
Change control and change management
Border router
Firewall
Demilitarized zone (DMZ)
Routers
Access control list (ACL)
Packet filtering
Deep packet inspection
Intrusion prevention system
Endpoints
Vulnerabilities
Vulnerability scanners
Exploit
Patch
Patch management
Hardening
Log analysis
Intrusion detection system (IDS)
Computer incident response team (CIRT)
Virtualization
Cloud Computing

Accounting Information Systems

Fourteenth Edition

Chapter 17

Database Design Using the REA Data Model

Copyright © 2018 Pearson Education, Inc.
Chapter 17: Database Design Using the REA Data Model
Slide 1 – ‹#›
If this PowerPoint presentation contains mathematical equations, you may need to check that your computer has the following installed:
1) MathType Plugin
2) Math Player (free versions available)
3) NVDA Reader (free versions available)
1

Learning Objectives
Discuss the steps for designing and implementing a database system.
Explain the nature and use of Entity-Relationship (E-R) diagrams.
Explain the content and purpose of the REA data model.
Read an REA diagram and explain what it reveals about the business activities and policies of the organization being modeled.

Database Design Process

Copyright © 2018 Pearson Education, Inc.
Slide 1 – ‹#›
Chapter 17: Database Design Using the REA Data Model
Copyright © 2018 Pearson Education, Inc.
Chapter 17: Database Design Using the REA Data Model
Slide 1 – ‹#›

Data Modeling
Process of defining a database so that it faithfully represents all aspects of the organization, including its interactions with the external environment.
Entity-relationship (E-R) diagrams
REA data model

Entity-Relationship Diagrams
Entity-Relationship (E-R) diagrams are a graphical way to diagram the relationships between entities
An entity is anything that the organization wants to collect and store information
For AIS database design, the decision is understanding what entities should be included.
REA diagrams are E-R diagrams specifically designed for AIS.

REA Modeling
Resources
Things that have economic value to the organization (e.g., inventory, cash)
Events
Various business activities that management wants to collect information on
Agents
People and organizations that participate in events (both internal (e.g., employees) and external (e.g., customers/vendors) to the organization)

REA Basic Template

Creating an REA Model
Identify relevant events
Give-get exchange (economic duality)
Identify resources and agents
Resource reduced in give event
Resource acquired in get event
Determine cardinalities of relationships
Nature of the relationship between the two entities

Cardinality Notation Methods
Graphical symbols
Graphical symbols represent minimum–maximum cardinalities
(Min, Max) notation
Pairs representing the minimum–maximum cardinalities
UML notation
Pairs representing the minimum–maximum cardinalities
Maximums only (Microsoft Access)

Key Terms
Data modeling
Entity-relationship (E-R) diagram
REA data model
Resources
Events
Agents
Cardinalities
Minimum cardinality
Maximum cardinality
One-to-One (1:1) relationship
One-to-Many (1:N) relationship
Many-Many (M:N) relationship

Accounting Information Systems

Fourteenth Edition

Chapter 20

Introduction to Systems Development and Systems Analysis

Copyright © 2018 Pearson Education, Inc.
Chapter 20: Introduction to Systems Development and Systems Analysis
Slide 1 – ‹#›
If this PowerPoint presentation contains mathematical equations, you may need to check that your computer has the following installed:
1) MathType Plugin
2) Math Player (free versions available)
3) NVDA Reader (free versions available)
1

Learning Objectives
Explain the five phases of the systems development life cycle, and discuss the people involved in systems development and the roles they play.
Explain the importance of systems development planning, and describe the types of plans and planning techniques used.
Discuss the various types of feasibility analysis, and calculate economic feasibility using capital budgeting techniques.
Explain why system changes trigger behavioral reactions, what form this resistance to change takes, and how to avoid or minimize the resulting problems.
Discuss the key issues and steps in systems analysis.

Copyright © 2018 Pearson Education, Inc.
Chapter 20: Introduction to Systems Development and Systems Analysis
Slide 1 – ‹#›

Systems Development Life Cycle (SDLC)

Copyright © 2018 Pearson Education, Inc.
Slide 1 – ‹#›
Chapter 20: Introduction to Systems Development and Systems Analysis
Copyright © 2018 Pearson Education, Inc.
Chapter 20: Introduction to Systems Development and Systems Analysis
Slide 1 – ‹#›

Who Is Involved in the SDLC?
Information Systems Steering Committee
Executive level, plans and oversees IS function; facilitates coordination with integration of systems activities
Project Development Team
Plan and monitor project progress
Programmers
Write and test programs according to analysts specifications
Systems Analysts
Determine information needs, prepare specifications for programmers
Management
Get users involved in the process, provide support for development projects, align projects to meet organizations strategic needs
Users
Communicate needs to system developers, help design and test to ensure complete and accurate processing of data

Systems Development Planning
Proper planning provides for achieving goals and objectives
For systems development, two plans needed:
Project Development Plan
Specific to a project and authored by the project team identifies people, hardware, software, and financial resources needed
Master Plan
Long-range and authored by steering committee outlining prioritized projects and timetables

Planning Techniques
Program evaluation and review technique (PERT)
Diagram that depicts all project activities that require time and resources with completion estimates. Determines critical path.
Gantt chart
Bar chart that organizes activities on the left hand side and project time scheduled with a bar drawn to show the progress to date for that particular activity.

Business Case (Feasibility Analysis)
Economic
Do benefits of new system justify the costs (time and resources) to implement?
Technical
Can we use existing technology?
Legal
Does a new system comply with regulations, laws, and contractual obligations?
Scheduling
Can the system be developed in the time allotted?
Operational
Do we have the people to design and implement the system? Will people use the new system?

Capital Budgeting
Payback period
Calculate the number of years required for the net savings to equal the initial cost of investment
Net Present Value (NPV)
Estimate future cash flows with discounted rate for time value of money
Internal Rate of Return (IRR)
Calculates the interest rate that makes the present value of total costs equal to the present value of total earnings

Why Behavioral Problems Occur?
Fear
Of failure, the unknown, losing status
Lack of top-management support
If the top management is not supportive why should the employee change?
Bad prior experiences
Bad experience with prior IS changes
Poor communication
Employees need to understand why change is necessary
Disruption
Additional requests for information and additional burdens of time is distracting and prompts negative feelings
Manner change is introduced
Approaches are different for top level and lower level employees
Biases and emotions
Personal characteristics and background
Age
Open to technology and comfortable with it

How to Prevent Behavioral Problems
Management support
Provide resources and motivation
Satisfy user needs
Involve users
Participation improves communication and commitment
Reduce fears, emphasize opportunities
Avoid emotionalism
Provide training
Performance evaluation
Reevaluate to ensure performance standards are consistent with the new system
Keep open communications
Test the system prior to implementation
Keep system simple
Avoid radical changes
Control user’s expectations
Be realistic

Key Terms (1 of 2)
Systems development life cycle (SDLC)
Systems analysis
Conceptual design
Physical design
Implementation and conversion
Operations and maintenance
Information systems steering committee
Systems analyst
Computer programmer
Project development plan
Master plan
Program evaluation and review technique (PERT)
Critical path
Gantt chart
Feasibility study
Economic feasibility
Technical feasibility
Legal feasibility
Scheduling feasibility
Operational feasibility
Capital budgeting model
Payback period

Copyright © 2018 Pearson Education, Inc.
Chapter 20: Introduction to Systems Development and Systems Analysis
Slide 1 – ‹#›
Key Terms (2 of 2)
Net present value (NPV)
Internal Rate of Return (IRR)
Behavioral aspects of change
Aggression
Projection
Avoidance
Request for systems development
Initial investigation

Accounting Information Systems

Fourteenth Edition

Chapter 3

Systems Documentation Techniques

Copyright © 2018 Pearson Education, Inc.
Chapter 3: Systems Documentation Techniques
Slide 1 – ‹#›
If this PowerPoint presentation contains mathematical equations, you may need to check that your computer has the following installed:
1) MathType Plugin
2) Math Player (free versions available)
3) NVDA Reader (free versions available)
1

Learning Objectives
Prepare and use data flow diagrams to understand, evaluate, and document information systems.
Prepare and use flowcharts to understand, evaluate, and document information systems.
Prepare and use business process diagrams to understand, evaluate, and document information systems.

Why Document Systems?
Accountants must be able to read documentation and understand how a system works (e.g., auditors need to assess risk)
Sarbanes–Oxley Act (SOX) requires management to assess internal controls and auditors to evaluate the assessment
Used for systems development and changes

Data Flow Diagrams (DFD)
Focuses on the data flows for:
Processes
Sources and destinations of the data
Data stores
DFD are visually simple and can be used to represent the same process at a high abstract (summary) or detailed level.

Basic Guidelines for Creating a DFD
Understand the system that you are trying to represent.
A DFD is a simple representation meaning that you need to consider what is relevant and what needs to be included.
Start with a high level (context diagram) to show how data flows between outside entities and inside the system. Use additional DFD’s at the detailed level to show how data flows within the system.
Identify and group all the basic elements of the DFD.
Name data elements with descriptive names, use action verbs for processes (e.g., update, edit, prepare, validate, etc.).
Give each process a sequential number to help the reader navigate from the abstract to the detailed levels.
Edit/Review/Refine your DFD to make it easy to read and understand.

Flowcharts
Describe an information system showing:
Inputs and Outputs
Information activities (processing data)
Data storage
Data flows
Decision steps
Key strengths of flowcharts are that they can easily capture control via decision points, show manual vs. automated processes.

Copyright © 2018 Pearson Education, Inc.
Chapter 3: Systems Documentation Techniques
Slide 1 – ‹#›
Copyright © 2018 Pearson Education, Inc.
Chapter 3: Systems Documentation Techniques
Slide 1 – ‹#›
Types of Flowcharts
Document: shows the flow of documents and data for a process, useful in evaluating internal controls
System: depicts the data processing cycle for a process
Program: illustrates the sequence of logic in the system process

Copyright © 2018 Pearson Education, Inc.
Chapter 3: Systems Documentation Techniques
Slide 1 – ‹#›
Guidelines for Drawing Flowcharts
Understand the system you are trying to represent.
Identify business processes, documents, data flows, and data processing procedures.
Organize the flowchart so as it reads from top to bottom and left to right.
Clearly label all symbols.
Use page connectors (if it cannot fit on a single page).
Edit/Review/Refine to make it easy to read and understand.

Copyright © 2018 Pearson Education, Inc.
Chapter 3: Systems Documentation Techniques
Slide 1 – ‹#›
Business Process Diagrams
Is a visual way to represent the activities in a business process.
Intent is that all business users can easily understand the process from a standard notation (BPMN: Business Process Modeling Notation).
Can show the organizational unit performing the activity.

Guidelines for Drawing Data Flow Diagrams
Identify and understand the business process.
Decide the level of detail (summary or detailed DFD).
Organize diagram using as many rows needed to explain the process.
Enter each business process on the diagram showing where it begins and ends.
Draw a rough sketch, refine, and finalize.

Key Terms
Documentation
Narrative description
Data flow diagram (DFD)
Data source
Data destination
Data flow
Process
Data store
Context diagram
Flowchart
Document flowchart
Internal control flowchart
System flowchart
Program flowchart
Business process diagram (BPD)

Accounting Information Systems

Fourteenth Edition

Chapter 1

Accounting Information Systems: An Overview

Copyright © 2018 Pearson Education, Inc.
Chapter 1: Accounting Information Systems: An Overview
Slide 1 – ‹#›
If this PowerPoint presentation contains mathematical equations, you may need to check that your computer has the following installed:
1) MathType Plugin
2) Math Player (free versions available)
3) NVDA Reader (free versions available)
1

Learning Objectives
Distinguish between data and information:
Discuss the characteristics of useful information.
Explain how to determine the value of information.
Explain the decisions an organization makes:
The information needed to make them.
The major business processes present in most companies.
Explain how an AIS adds value to an organization.
How it affects and is affected by corporate strategy.
The role of AIS in a value chain.

Distinguishing Between Data and Information
Data are facts collected, recorded, and stored in the system
A fact could be a number, date, name, and so on.
For example:
2/22/14
ABC Company, 123,
99, 3, 20, 60

Data vs. Information
The previous slide just showed data, if we organize the data within a context of a sales invoice, for example, it is meaningful and considered information.
Invoice Date : 2/22/14 Invoice #: 123
Customer: ABC company
Item # Qty Price
99 3 $20
Total Invoice Amount $60

Decision Quality
Information helps us make better decisions.
Too much information causing information overload can reduce decision quality.
Information Technology (IT) is used to help decision makers more effectively filter and condense information.

Value of Information
Information is valuable when the benefits exceed the costs of gathering, maintaining, and storing the data.
Benefit (i.e., improved decision making) – Cost (i.e., time and resources used to get the information) = value of information

What Makes Information Useful? (1 of 2)
There are seven general characteristics that make information useful:
Relevant: information needed to make a decision (e.g., the decision to extend customer credit would need relevant information on customer balance from an A/R aging report)
Reliable: information free from bias
Complete: does not omit important aspects of events or activities
Timely: information needs to be provided in time to make the decision

What Makes Information Useful? (2 of 2)
Understandable: information must be presented in a meaningful manner
Verifiable: two independent people can produce the same conclusion
Accessible: available when needed

Copyright © 2018 Pearson Education, Inc.
Chapter 1: Accounting Information Systems: An Overview
Slide 1 – ‹#›
Information Needs and Business Processes
Business organizations use business processes to get things done. A business process is a set of related, coordinated, and structured activities and tasks performed by people, machines, or both to achieve a specific organizational goal.
Key decisions and information needed often come from these business processes.

Transactional Information Between Internal and External Parties in an AIS
Business organizations conduct business transactions which is an agreement between two entities to exchange goods, services, or any other event that can be measured in economic terms by an organization.
Transaction data is used to create financial statements and is called transaction processing.
The flow of information between these users for the various business activities involves a give-get exchange grouped into business processes or transaction cycles.

Interactions Between AIS and Internal and External Parties

Copyright © 2018 Pearson Education, Inc.
Chapter 1: Accounting Information Systems: An Overview
Slide 1 – ‹#›
Copyright © 2018 Pearson Education, Inc.
Chapter 1: Accounting Information Systems: An Overview
Slide 1 – ‹#›

Basic Business Processes
Transactions between the business organization and external parties fundamentally involve a “give–get” exchange. These basic business processes are:
Revenue cycle: give goods / give service—get cash
Expenditure cycle: get goods / get service—give cash
Production cycle: give labor and give raw materials—get finished goods
Payroll cycle: give cash—get labor
Financing cycle: give cash—get cash

What Is an Accounting Information System (AIS)?
AIS is a system that collects, records, stores, and processes data to produce information for decision makers.
Consists of
People who use the system
Processes (procedures and instructions)
Technology (data, software, and information technology)
Controls to safeguard information
Thus, an AIS collects and stores data, transforms that data into information, and provides adequate controls.

How Does an AIS Add Value to an Organization?
A well thought out AIS can add value by:
Improving the quality and reducing the costs of products or services
Improving efficiency
Sharing knowledge
Improving efficiency and effectiveness of its supply chain
Improving the internal control structure
Improving decision making

AIS and Corporate Strategy
An AIS is influenced by an organization’s strategy.
A strategy is the overall goal the organization hopes to achieve (e.g., increase profitability).
Once an overall goal is determined, an organization can determine actions needed to reach their goal and identify the informational requirements (both financial and nonfinancial) necessary to measure how well they are doing in obtaining that goal.

AIS in the Value Chain
The value chain links together the different activities within an organization that provide value to the customer.
Value chain activities are primary and support activities.
Primary activities provide direct value to the customer.
Support activities enable primary activities to be efficient and effective.
A supply chain is an extended system that includes the organizations value chain as well as its suppliers, distributors, and customers.

Key Terms
System
Goal conflict
Goal congruence
Data
Information
Information technology (IT)
Information overload
Value of information
Business process
Transaction
Transaction processing
Give-get exchange
Revenue cycle
Expenditure cycle
Production (conversion) cycle
Human resource/payroll cycle
Financing cycle
General ledger and reporting system
Accounting information system (AIS)
Predictive analysis
Value chain
Primary activities
Support activities
Supply chain

Accounting Information Systems

Fourteenth Edition

Chapter 2

Overview of Transaction Processing and Enterprise Resource Planning Systems

Copyright © 2018 Pearson Education, Inc.
Chapter 2: Overview of Transaction Processing and Enterprise Resource Planning Systems
Slide 1 – ‹#›
If this PowerPoint presentation contains mathematical equations, you may need to check that your computer has the following installed:
1) MathType Plugin
2) Math Player (free versions available)
3) NVDA Reader (free versions available)
1

Learning Objectives
Describe the data processing cycle used to process transactions, including how data is input, stored, and processed and how information is outputted.
Discuss how organizations use enterprise resource planning (ERP) systems to process transactions and provide information.

Data Processing Cycle

Data Input
Steps in Processing Input are:
Capture transaction data triggered by a business activity (event).
Make sure captured data are accurate and complete.
Ensure company policies are followed (e.g., approval of transaction).

Copyright © 2018 Pearson Education, Inc.
Chapter 2: Overview of Transaction Processing and Enterprise Resource Planning Systems
Slide 1 – ‹#›
Data Capture
Information collected for an activity includes:
Activity of interest (e.g., sale)
Resources affected (e.g., inventory and cash)
People who participated in the activity (e.g., customer and employee)
Information comes from source documents.

Source Documents
Captures data at the source when the transaction takes place
Paper source documents
Turnaround documents
Source data automation (captured data from machines, e.g., Point of Sale scanners at grocery store)

Data Storage
Important to understand how data is organized
Chart of accounts
Coding schemas that are well thought out to anticipate management needs are most efficient and effective
Transaction journals (e.g., Sales)
Subsidiary ledgers (e.g., Accounts receivable)
General ledger
Note: With the above, one can trace the path of the transaction (audit trail)

Coding Techniques
Sequence codes—items numbered consecutively to account for all items (i.e., prenumbered forms)
Block code—blocks of numbers reserved for specific categories of data (i.e., product numbers that start with a 2 are refrigerators)
Group codes—two or more subgroups of digits used to code items (i.e., car vin #’s)
Mnemonic codes—letters and numbers interspersed to identify an item (i.e. Dry300W05 is low end (300), white (W) dryer (DRY) made by Sears (05))

Audit trail for Invoice #156 for $1,876.50 sold to KDR Builders

Computer-Based Storage
Data is stored in master files or transaction files.

Data Processing
Four types of processing (CRUD):
Creating new records (e.g., adding a customer)
Reading existing data
Updating previous record or data
Deleting data
Data processing can be batch processed (e.g., post records at the end of the business day) or in real-time (process as it occurs).

Copyright © 2018 Pearson Education, Inc.
Chapter 2: Overview of Transaction Processing and Enterprise Resource Planning Systems
Slide 1 – ‹#›
Information Output
The data stored in the database files can be viewed
Online (soft copy)
Printed out (hard copy)
Document (e.g., sales invoice)
Report (e.g., monthly sales report)
Query (question for specific information in a database, e.g., Which division had the most sales for the month?)

Enterprise Resource Planning (ERP) Systems
Integrates activities from the entire organization
Revenue Cycle
Expenditure Cycle
Production Cycle
H/R Payroll Cycle
General Ledger and Reporting System

Advantages of ERP System
Integrated enterprise-wide single view of the organization’s data which streamlines the flow of information
Data captured once (i.e., no longer need sales to enter data about a customer and then accounting to enter same customer data for invoicing)
Greater visibility and monitoring capabilities for management
Improve access of control of the data through security settings
Standardization of procedures and reports
Improves customer service
Increases productivity through automation

Copyright © 2018 Pearson Education, Inc.
Chapter 2: Overview of Transaction Processing and Enterprise Resource Planning Systems
Slide 1 – ‹#›
Disadvantages of ERP System
Costly
Significant amount of time to implement
Customizing or standardizing a business process
Complexity
User resistance (learning new things is sometimes hard for employees)

Key Terms
Data processing cycle
Source documents
Turnaround documents
Source data automation
General ledger
Subsidiary ledger
Control account
Coding
Sequence code
Block code
Group code
Mnemonic code
Chart of accounts
Specialized journal
Audit trail
Entity
Attributes
Field
Record
Data value
File
Master file
Transaction file
Database
Batch processing
Online, real-time processing
Document
Report
Query
Enterprise resource planning (ERP) system

Accounting Information Systems

Fourteenth Edition

Chapter 4

Relational Databases

Copyright © 2018 Pearson Education, Inc.
Chapter 4: Relational Databases
Slide 1 – ‹#›
If this PowerPoint presentation contains mathematical equations, you may need to check that your computer has the following installed:
1) MathType Plugin
2) Math Player (free versions available)
3) NVDA Reader (free versions available)
1

Learning Objectives
Explain the importance and advantages of databases, as well as the difference between database and file-based legacy systems.
Explain database systems, including logical and physical views, schemas, the data dictionary, and DBMS languages.
Describe what a relational database is, how it organizes data, and how to create a set of well-structured relational database tables.

What Is a Database?
Efficiently and centrally coordinates information for a related group of files
A file is a related group of records
A record is a related group of fields
A field is a specific attribute of
interest for the entity (record)

Advantages of Databases
Data is integrated
Data sharing
Minimize data redundancy and inconsistencies
Data is independent of the programs that use the data
Data is easily accessed for reporting and cross-functional analysis

Database Users and Designers
Different users of the database information are at an external level of the database. These users have logical views of the data.
At an internal level of the database is the physical view of the data which is how the data is actually physically stored in the system.
Designers of a database need to understand user’s needs and the conceptual level of the entire database as well as the physical view.

Schemas
Conceptual-level—organization wide view
External-level—individual user’s view
Internal-level—low level view

Database Design
To design a database, you need to have a conceptual view of the entire database. The conceptual view illustrates the different files and relationships between the files.
The data dictionary is a “blueprint” of the structure of the database and includes data elements, field types, programs that use the data element, outputs, and so on.

DBMS Languages
Data Definition Language (DDL)
Builds the data dictionary
Creates the database
Describes logical views for each user
Specifies record or field security constraints
Data Manipulation Language (DML)
Changes the content in the database
Creates, updates, insertions, and deletions
Data Query Language (DQL)
Enables users to retrieve, sort, and display specific data from the database

Copyright © 2018 Pearson Education, Inc.
Chapter 4: Relational Databases
Slide 1 – ‹#›
Relational Database
Represents the conceptual and external schema as if that “data view” were truly stored in one table.
Although the conceptual view appears to the user that this information is in one big table, it really is a set of tables that relate to one another.

Conceptual View Example
Customer Name Sales Invoice # Invoice Total
D. Ainge 101 $1,447
G. Kite 102 $4,394
D. Ainge 103 $ 898
G. Kite 104 $ 789
F. Roberts 105 $3,994

Relational Data Tables (1 of 2)

Relational Data Tables (2 of 2)

Primary Keys
Foreign Key (Customer # is a Foreign key in the Sales table because it is a Primary key that uniquely identifies Customers in the Customer table). Because of this, the Sales table can relate to the Customer table (see red arrow above).

Why Have a Set of Related Tables?
Data stored in one large table can be redundant and inefficient causing the following problems:
Update anomaly
Insert anomaly
Delete anomaly

Relational Database Design Rules

Every column in a row must be single valued
Primary key cannot be null (empty) also known as entity integrity
If a foreign key is not null, it must have a value that corresponds to the value of a primary key in another table (referential integrity)
All other attributes in the table must describe characteristics of the object identified by the primary key
Following these rules allows databases to be normalized and solves the update, insert, and delete anomalies.

Queries
Users may want specific information found in a relational database and not have to sort through all the files to get that information. So they query (ask a question) the data.
An example of a query might be: What are the invoices of customer D. Ainge and who was the salesperson for those invoices?

Creating the Query

Query Answer

Copyright © 2018 Pearson Education, Inc.
Chapter 4: Relational Databases
Slide 1 – ‹#›
Copyright © 2018 Pearson Education, Inc.
Chapter 4: Relational Databases
Slide 1 – ‹#›
Key Terms (1 of 2)
Database
Database management system (DBMS)
Database system
Database administrator (DBA)
Data warehouse
Business intelligence
Online analytical processing (OLAP)
Data mining
Record layout
Logical view
Physical view
Schema
Conceptual-level schema
External-level schema
Subschema
Internal-level schema
Data dictionary
Data definition language (DDL)
Data manipulation language (DML)
Data query language (DQL)
Report writer
Data model
Relational data model
Tuple
Primary key
Foreign key

Key Terms (2 of 2)
Update anomaly
Insert anomaly
Delete anomaly
Relational database
Entity integrity rule
Referential integrity rule
Normalization
Semantic data modeling

Turn in your highest-quality paper
Get a qualified writer to help you with

“ Accounting Essay 2 pages must answer all questions ”

Get high-quality paper

NEW! AI matching with writer

Hire a Writer

Client Reviews

4.9

Sitejabber

4.6

Trustpilot

4.8

Our Guarantees

100% Confidentiality

Information about customers is confidential and never disclosed to third parties.

Original Writing

We complete all papers from scratch. You can get a plagiarism report.

Timely Delivery

No missed deadlines – 97% of assignments are completed in time.

Money Back

If you're confident that a writer didn't follow your order details, ask for a refund.

New to Your Trusted Assignment Help Service? Sign up & Save

Calculate the price of your order

Type of paper needed:

Pages:

You will get a personal manager and a discount.

Academic level:

We'll send you the first draft for approval by at

Total price:

$0.00

Power up Your Academic Success with the
Team of Professionals. We’ve Got Your Back.

Power up Your Study Success with Experts We’ve Got Your Back.

Order Now Order Now