AIS Chapters 1-6
Distinguish between batch and real-time processing
Batch processing occurs when similar transactions are accumulated over time and processed together. Real-time processing captures each event or transaction and processes it before engaging in another transaction. If transactions are independent of one another, such as the processing of daily cash receipts, then batch processing is appropriate. If transactions are dependent on one another, such as credit sales, ticket sales, etc., then real-time processing is more appropriate.
Prepare cash disbursement
Before arrival of the voucher packet, cash disbursement function prepares a single check for the entire amount of the payroll and deposits it in the payroll imprest account. Payroll imprest account is where the paycheck are drawn from. General cash account deposits general cash account to this imprest before the paychecks can be cashed. Clerk then sends a copy of the check along with the disbursement vouch and payroll register to the ap department, where they are filed. Finally, journal voucher is prepared and sent to the update general ledger function.
What is billing (vendor) fraud?
Billing schemes, also known as vendor fraud, are perpetrated by employees who cause their employer to issue a payment to a false supplier or vendor. This is accomplished by submitting invoices for fictitious goods or services, inflated invoices, or invoices for personal purchases.
What are some of the more common uses of data codes in accounting information systems?
Block codes for the general ledger accounts, sequential codes for documents, and group codes for coding transactions.
What types of companies are potential customers for commercial software?
Both small and large firms that have standardized information needs are potential customers for commercial software.
Job Tickets
Capture the time that individual workers spend on each production job
What is a feedback, and how is it useful in an information system?
Feedback is output that is sent back to the system as a source of data. Feedback is useful because it can be used to initiate or adjust the system processes.
Accounting Records
Maintain an audit trail adequate for tracing a transaction from its source document to the financial statements. Documents needed includes: 1. Time cards, job tickets, and disbursement vouchers 2. Journal information, which comes from the labor distribution summary and the payroll register 3. Subsidiary ledger accounts, which contain the employee records, WIP, and various expense accounts. 4. GL accounts, which contain payroll control, cash, abd the payroll clearing (imprest) account. Focus is that Salaries are accurately and completely recorded and matched to the appropriate period.
What is management fraud?
Management fraud is usually more threatening to the organization than employee fraud. These frauds are usually committed at a level above the one to which internal controls generally relate. The frauds are usually complicated and are hidden in a nexus of transactions, which are difficult to disentangle.
Run-to-run controls
PROCESS CONTROL are controls that use batch figures to monitor the batch as it moves from one programmed procedure to another
Batch controls
PROCESS CONTROL manage high volumes of transaction data by tracking total number of records, total of dollar amounts and/or total of other nonfinancial data.
Transaction Authorization
Personnel action form helps payroll keep current employee records.
Name the three types of documents
Source documents, product documents, and turnaround documents
Name the two types of journals
Special journals and the general journal.
What does stewardship mean, and what is its role in an information system?
Stewardship is the responsibility of management to properly utilize the resources of the firm entrusted to them. Information systems provide management with reports to better manage the resources and also provide responsibility reports by which management may be evaluated.
What are the three fundamental tasks of database management?
Storage, retrieval, and deletion.
Five Internal Control Components (from COSO)
1. Control environment 2. Risk assessment 3. Information and communication 4. Monitoring 5. Control activities
actual cost inventory ledger
a ledger that records inventory values based on actual costs rather than standard costs
inventory subsidiary ledger
a ledger with inventory records updated from the stock release copy by the inventory control system
Centralized data processing
a model under which all data processing is performed by one or more large computers, housed at a central site, that serve users throughout the organization
Blind copy
a purchase order copy that contains no price or quantity information
check register
a record of all cash disbursements
voucher register
a register that reflects a firm's accounts payable liability
receiving report
a report that lists quantity and condition of the inventories received
audit trail
a set of accounting records that trace transactions from their source documents to the financial statements
Missing data check
identifies blank or incomplete input fields
Limit check
identifies values that exceed authorized limits
External users
include creditors, stockholders, potential investors, regulatory agencies, tax authorities, suppliers, and customers
Internal users
include management at all levels of the organization as well as operations personnel
Real-time
processing systems process individual transactions continuously as they occur
Turnaround documents
product documents of one system that become source documents for another system
Cash disbursement vouchers
provide improved control over cash disbursements and allow firms to consolidate several payments to the same supplier on a single voucher, thus reducing the number of checks written.
Customer order file
shows the status of customer orders
Proximity cards
similar to swipe cards but don't require the user to slide the card through a reader
Accounting information systems (AIS)
specialized subset of information systems that processes financial transactions
shipping log
specifies orders shipped during the period
Larceny
stealing assets or cash that are already in the company's books and records
Skimming
stealing cash before it enters the accounting records (most difficult to catch). May occur at cash register, or in mail room, or front desk, or many other locations
Embezzlement
stealing money that was entrusted to you (compared to burglary or robbery which is stealing money NOT entrusted to you)
Business Process Model Notation (BPMN)
targeted at the people who will implement the process, giving sufficient detail to enable precise implementation. It provides a standard, common language for all stakeholders, whether technical or non-technical: business analysts, process participants, managers and technical developers, as well as external teams and consultants. Ideally, it bridges the gap between process intention and implementation by providing sufficient detail and clarity into the sequence of business activities.
expenditure cycle
the acquisition of materials, property, and labor in exchange for cash
supplier's invoice
the bill sent from the seller to the buyer showing unit costs, taxes, freight, and other charges
data model
the blueprint for what ultimately will become the physical database
sales order (invoice copy)
the copy of a sales order to be reconciled with the shipping notice. It describes the products that were actually shipped to the customer
Statement on Auditing Standards (SAS) No. 99
the current authoritative document that defines fraud as an intentional act that results in a material misstatement in financial statements. The objective of SAS 99 is to seamlessly blend the auditor's consideration of fraud into all phases of the audit process.
revenue cycle
the cycle composed of sales order processing and cash receipts
conversion cycle
the cycle composed of the production system and the cost accounting system
Theft of Cash
the direct theft of cash on hand in the organization
approved credit memo
the document that is used to provide verification that a credit memo was appropriately authorized and issued
Fraud
the false representation of a material fact made by one party to another party, with the intent to deceive and induce the other party to justifiably rely on the material fact to his or her detriment
receiving report file
the file in which a copy of the receiving report (stating the quantity and condition of the inventories) is placed
Data collection
the first operational stage in the information system.
Goal of output controls
to ensure that system output is not lost, misdirected, or corrupted, and that privacy is not violated
Modern accounting systems store data in four types
1. A master file contains account data. 2. A transaction file is a temporary file that holds transaction records that will be used to change or update data in a master file. 3. A reference file is a file that stores the data used as standards for processing transactions. 4. An archive file is a file that contains records of past transactions that are retained for future reference
Legal definition of fraud (5)
1. False representation - false statement or disclosure 2. Material fact - a fact must be substantial in inducing someone to act 3. Intent to deceive must exist 4. The misrepresentation must have resulted in justifiable reliance upon information, which caused someone to act 5. The misrepresentation must have caused injury or loss
Prepare Payroll
1. Prepare Payroll Register, showing gross pay, deductions, overtime pay, and net pay. 2. Enters this information into the employee payroll records. 3. Prepares Employee Paychecks 4. Sends the paychecks to the "distribute paycheck" function. 5. Files the time cards, personnel action form, and copy of the payroll register.
EXPENDITURE CYCLE RISKS
1. Risk of Unauthorized Inventory Purchases 2. Risk of Receiving Incorrect Items/Quantities/Damaged Goods 3. Risk of Inaccurately Recording Transactions in Journals and Ledgers 4. Risk of Misappropriation of Cash and Inventory 5. Risk of Unauthorized Access to Accounting Records and Reports
Risks of Inaccurately Recording Transactions
1. Time and attendance data are incorrectly calculated 2. Wages payable go unrecorded or are recorded in the wrong period 3. Employee earnings and cash payments are inaccurately posted to employee records or are posted to the wrong employee 4. Payroll register, AP, and cash disbursements amounts are incorrectly posted to their respective GL accounts
Independent Verification
1. Time and attendance: before submitting time cards to payroll, the supervisor must verify their accuracy and sign them. 2. Account payable: The AP clerk verifies the accuracy of the payroll register before creating a disbursement voucher that transfers funds to the imprest account. 3. General Ledger: department provides verification of the overall process by reconciling the labor distribution summary and the payroll disbursement voucher.
Segregation of Functions: Three rules
1. Transaction authorization should be separate from transaction processing. 2. Asset custody should be separate from asset record-keeping. 3. The organization should be so structured that the perpetration of fraud requires collusion between two or more individuals.
Steps to the Payroll System
1. Update WIP 2. Prepare Payroll 3. Distribute Paycheck 4. Prepare Accounts Payable 5. Prepare Cash Disbursements 6. Update General Ledger
fraud triangle
1. situational pressure (includes personal or job-related stresses that could coerce an individual to act dishonestly); 2. opportunity (involves direct access to assets and/ or access to information that controls assets); and 3. ethics (pertains to one's character and degree of moral opposition to acts of dishonesty). (also known as "rationalization")
A documentation tool used to represent the logical elements of a system us a(n) A. Data flow diagram B. Programming flowchart C. Entity relationship diagram D. System flowchart E. All of the above
A
Application controls are classified as A. input, processing, and output B. input, processing, output and storage C. input, processing, output and control D. input, processing, output, storage and control E. collecting, sorting, summarizing and reporting
A
The production subsystem of the conversion cycle includes all of the following EXCEPT A. Make-or-buy decisions on component parts B. Determining raw materials requirements C. Release of raw materials into production D. Scheduling the goods to be produced
A
When viewed from the highest to most elemental level, the data hierarchy is... A. file, record, attribute B. attribute, record, file C. record, attribute, key D. table, record, key E. key, record, table
A
Which document triggers the billing function a. shipping notice b. customer order c. bill of lading d. sales order
A
Which function or department records a sale in the sales journal? A. Billing B. Warehouse C. Sales D. Inventory
A
Which of the following is NOT a financial transaction? A. Update valid vendor file B. Purchase of products C. Cash receipts D. Sale of inventory
A
Which of the following is NOT a purpose of the transaction processing system? A. Managing and reporting on the status of financial investments B. Converting economic events into financial transactions C. Distributing essential information to operations personnel to support their daily operations D. Recording financial transactions in the accounting records
A
Which of the following is NOT a true statement? A. Transactions are recorded on ledgers and are posted to journals B. Transactions are recorded in journals and are posted to ledgers C. Infrequent transactions are recorded in the general journal D. Frequent transactions are recorded in special journal
A
Which of the following is often called a compensating control a. supervision b. access control c. segregation of duties d. accounting records
A
Which of the following statements is most accurate? A. ERP systems are commercial software packages that are sometimes called turnkey systems because they can be implemented by the user with little or no modification B. Substantive tests provide evidence focused on the system controls C. Public accounting firms that provide attest services are not allowed under SOX to offer IT advisory services D. Both small and large firms that have standardized information needs are potential customers for commercial software E. External auditors may rely on the work of internal auditors only if they need report to the controller of the CEO of the company
A
Which of the following statements is not correct? A. The database approach uses one common database to promote the concept of a singer user view B. Database systems resolve task data dependency C. The flat-file model encourages data redundancy D. A primary goal of database systems is to minimize data redundancy E. Database systems provide increased accessibility to data and data integration
A
Which statement is NOT true? A.Manufacturing firms have a conversion cycle but retail firms do not B. The conversion cycle includes the task of determining raw materials requirements C. A payroll check is an example of a product document of the payroll system D. A general journal may be replaced by a collection of journal voucher E. Business activities begin with the acquisition of materials, property, and labor in exchange for cash
A
Which statement is NOT true? Batch processing... A. is subject to deadlocks when processing common accounts B. permits data to be edited in a separate computer run C. can use databases and flat files D. can be initiated from a terminal
A
What is a three-way match?
A comparison of transaction details between the Purchase Order (which established that the item was ordered), the Receiving Report (which showed that it was received), and the Invoice (which contains prices and other charges) is called a three-way match. Upon reconciliation of these documents, a company typically will record the liability
What is conflict of interest?
A conflict of interest occurs when an employee acts on behalf of a third party during the discharge of his or her duties or has self-interest in the activity being performed. When the employee's conflict of interest is unknown to the employer and results in financial loss, then fraud has occurred.
What document initiates the sales process?
A customer order usually in the form of a purchase order initiates the sales process
What is a flat-file model?
A flat-file model is one in which individual data files are not related to other files. End users in this environment own their data files rather than share them with other users. Data processing is thus performed by standalone applications rather than integrated systems
Asset Misappropriation
A fraud that involves the theft or misuse of an organization's assets - often employee fraud. Common examples include skimming cash, larceny, embezzlement, lapping, stealing inventory, and payroll fraud....
Distinguish between a general journal and journal vouchers
A general journal is used to record nonrecurring and infrequent transactions. Oftentimes, general journals are replaced with a journal voucher system. The journal voucher is used to record a single nonrecurring and infrequent transaction, and it is used as a special source document for the transaction. The total of journal vouchers processed is equivalent to the general journal.
What are key features of a POS system?
A point of sale system immediately records both cash and credit transactions and inventory information. The sales journal, accounts receivable, and inventory accounts may be updated in real-time, or a transaction file may be used to later update a master file
Differentiate between a purchase requisition and a purchase order
A purchase requisition is completed by the inventory control department when a need for inventory items is detected. Purchase requisitions for office supplies and other materials may also be completed by staff departments such as marketing, finance, accounting, and personnel. The purchasing department receives the purchase requisitions, and if necessary, determines the appropriate vendor. If various departments have requisitioned the same item, the purchasing department may consolidate all requests into one order so that any quantity discounts and lower freight charges may be taken. In any case, the purchasing department prepares the purchase order, which is sent to the vendor, accounts payable department, and the receiving department (blind copy).
What purpose does a purchasing department serve?
A purchasing department is able to research the quality and pricing of various vendors. Their job is to monitor various supply sources and choose the highest quality good for a given price that can be reliably delivered on-time. The purchasing department may also take advantage of quantity discounts, especially when two or more manufacturing facilities are involved.
How may batch processing be used to improve operational efficiency?
A single transaction may affect several different accounts. Some of these accounts, however, may not need to be updated in real time. In fact, the task of doing so takes time which, when multiplied by hundreds or thousands of transactions, can cause significant processing delays. Batch processing of non-critical accounts, however, improves operational efficiency by eliminating unnecessary activities at critical points in the process.
What is an audit trail
A trail that allows the auditor to begin with a summary total found on the financial statements and track it back to the individual transactions that make up this total. Conversely, an auditor should be able to track transactions to their final impact on the financial statements
What is the purpose of a valid vendor file?
A valid vendor file is used to ensure that the vendor logging on in an EDI system is authorized to conduct transactions with the trading firm
What is a validity check?
A validity check compares actual field values against known acceptable values. This control is used to verify such things as transaction codes, state abbreviations, or employee job skill codes.
List five functional areas and their sub-functions
A. Materials Management 1. purchasing 2. receiving 3. stores B. Production 1. production planning 2. quality control 3. maintenance C. Marketing 1. advertising 2. market research 3. sales order processing D. Distribution 1. warehousing 2. shipping E. Personnel 1. recruiting 2. training 3. benefits 4. counseling F. Finance 1. portfolio management 2. Treasury 3. credit 4. cash disbursement 5. cash receipt G. Accounting 1. inventory control 2. cost accounting 3. payroll 4. accounts payable 5. accounts receivable 6. billing 7. fixed-asset accounting 8. general ledger H. Computer Service 1. data processing 2. systems development and maintenance 3. database administration
What are the fundamental objectives of all information systems?
A. to support the stewardship function of management, B. to support the decision-making processes of managers, and C. to support the day-to-day operations of the firm.
Prepare Accounts Payable
A/P clerk reviews the payroll register for correctness and prepares copies of a cash disbursement voucher fro total amount of payroll. Clerk then records the voucher in the voucher register and submits the voucher packet (voucher and payroll register) to the prepare cash disbursements function. A copy of the disbursement voucher is sent to the update general ledger function.
Distinguish between AIS and MIS
AISs process financial transactions and certain nonfinancial transactions that directly affect the processing financial transactions. The external financial reporting documents of AIS are subject to legal and professional standards. Consequently, management and accountants have greater legal responsibility for AIS applications than for MIS applications. The MIS processes nonfinancial transactions that are outside the scope of the AIS. MIS applications expand the information set provided to such areas as production, sales, marketing, and inventory management. MIS often draws from and builds on data from the AIS.
What general ledger journal entries does the purchases system trigger? From which department will these journal entries arise?
AP: Inv control A/P Cash: A/P Cash
Access Controls
Access to assets and information (accounting records) should be limited Within the revenue cycle, the assets to protect are cash and inventories and access to records such as the accounts receivable subsidiary ledger and cash journal should be restricted
The Role of Accountants in AIS
Accountants are involved in both the design and the audit of AIS. Accountants play a prominent role on systems development teams as domain experts. The IT professionals on the team are responsible for the physical system.
For what purpose are entity relationship diagrams used?
An entity relationship (ER) diagram is a documentation technique used to represent the relationship between entities. One common use for ER diagrams is to model an organization's database, which we examine in detail in Chapter 9.
Distinguish between an AP file and a vouchers payable file.
An open accounts payable file contains all source documents, including invoices, organized by payment date. As the due dates become close to the current date, the invoices are pulled from the file and paid. Under the voucher system, the accounts payable clerk prepares a cash disbursements voucher upon receipt of all source documents. Each cash disbursements voucher represents payment to one vendor. Multiple invoices may be covered by one voucher. The voucher system thus allows fewer checks to be written and provides better control over cash disbursements since cash vouchers are assigned and tracked.
What is task-data dependency?
Another problem with the flat-file approach is the user's inability to obtain additional information as his or her needs change. This problem is called task-data dependency. The user's information set is constrained by the data that he or she possesses and controls. Users act independently rather than as members of a user community. In such an environment, it is difficult to establish a mechanism for the formal sharing of data. Therefore, new information needs tend to be satisfied by procuring new data files. This takes time, inhibits performance, adds to data redundancy, and drives data management costs even higher.
Risk of Unauthorized Access to Payroll records and confidential Employee Data
At risk to outsiders as well as employees of the organization. Motives are: malicious acts such as corrupting or deleting payroll data theft or confidential employee information such as social security, pay rates, and other personnel data Attempts to perpetrate a payroll fraud
EXPENDITURE CYCLE INTERNAL CONTROLS
Authorization Controls Segregation of Functions Supervision Accounting Records Access Controls Independent Verification
Revenue Cycle Internal Controls
Authorization Controls Segregation of Functions Supervision Accounting Records Access Controls Independent Verification
A coding scheme in the form of acronyms and other combination that convey meaning is a(n) A. sequential code B. mnemonic code C. alphabetic code D. block code
B
A documentation tool that depicts the physical flow of information relating to a particular transaction through an organization is a(n) A. ER diagram B. System flowchart C. Program flowchart D. Decision table E. Data flow chart
B
An employee in the receiving department keyed in shipment from a remote terminal and inadvertently omitted the purchase order number. The best application control to detect this error would be a A. Batch total B. Missing data check C. Completeness check D. Reasonableness test E. Compatibility test
B
Which functions should be segregated? A. Authorizing credit and determining reorder quantities B. Picking goods from the warehouse shelves and updating inventory subsidiary ledger C. Billing customers and posting the bills to the sales journal D. Providing information on inventory levels and reconciling the bank statement
B
Which is NOT an element of the fraud triangle? A. Ethics B. Justifiable reliance C. Situational pressure D. Opportunity E. All of the above
B
Which of the following are objectives of the data collection activity within the general model for AIS? A. Relevant and redundant B. Efficient and relevant C. Efficient and redundant D. Efficient and objective
B
Which of the following best describes that activities of the materials management function? A. Purchasing, receiving, and inventory control B. Purchasing, receiving, and storage C. Receiving, sales, distribution, and purchasing D. Receiving, storage, purchasing and accounts payable E. Purchasing, storage and distribution
B
Which of the following is NOT a characteristic of effective information? A. Relevance B. Precision C. Accuracy D. Summarization
B
Which of the following is NOT an independent verification control a. shipping dept verifies that goods sent from warehouse are correct type and quantity b. sales clerk verifies the creditworthiness of the customer before processing the sale c. gl clerks reconcile journal vouchers that were independently prepared in various depts d. billing dept reconciles shipping notice with sales invoice
B
Which of the following is NOT true of a turn-around document? A. It may reduce errors made by external parties B. It is used as internal documents only C. It is commonly used by utility companies D. It is both input and output document
B
Which of the following is least likely to be used as evidence by an external auditor? A. Substantive test results B. Work performance by internal auditors who organizationally report to the controller C. Tests of controls D. Work by internal auditors who report to the audit committee of the BOD
B
Which of the following is often called a compensating control? A. Transaction authorization B. Supervision C. Accounting records D. Segregation of duties
B
Which of the following is true of the relationship between subsidiary ledgers and general ledger accounts? A. The two contain different and unrelated data B. The relationship between the two constitute part of the audit trail C. All general ledger accounts have subsidiaries D. The total of subsidiary ledger accounts usually exceeds the total in the related general ledger account
B
Which of the following statements is NOT true? A. Sorting records that are coded alphabetically tends to be more difficult for users than sorting numeric sequences B. Mnemonic coding requires the user to memorize codes C. Mnemonic codes are limited in their ability to represent items within a class D. Sequential codes carry no information content beyond their order in the sequence
B
Which statement best cloud computing? A. Cloud computing involves long-term contracts B. Cloud computing is location-independent computing C. Cloud computing involves an organization selling its IT resources to a vendor and leasing back IT services from the vendor D. Cloud computing involves fixed price contracts E. Cloud computing involves entering into multiple contracts with several IP services providers to create a cloud of resources
B
What is bribery?
Bribery involves giving, offering, soliciting, or receiving things of value to influence an official in the performance of his or her lawful duties. Officials may be employed by government (or regulatory) agencies or by private organizations. Bribery defrauds the entity (business organization or government agency) of the right to honest and loyal services from those employed by it
What are the advantages of real-time data collection?
By collecting data in real-time, certain transaction errors can be prevented or detected and corrected at their source.
An example of a control designed to validate a transaction at point of data entry is A. recalculation of a batch total B. record count C. check digit D. checkpoints E. recalculation of hash total
C
In an automated payroll processing environment, a department manager substituted the time card for a terminated employee with a time card for a fictitious employee. The fictitious employee had the same pay rate and hours worked as the terminated employee. The best control to detect this action using employee identification numbers is a A. batch total B. record count C. hash total D. subsequent check E. financial total
C
The bill of lading is prepared by the A. Sales clerk B. Warehouse clerk C. Shipping clerk D. Billing clerk
C
The following are subsystems of the accounting information system, EXCEPT the... A. Transaction processing system B. GL/Financial reporting system C. HR system D. Management reporting system
C
The underlying assumption of reasonable assurance regarding implementation of IC means that A. auditors are reasonably assured that fraud has not occurred in the period B. auditors are reasonably assured that employee carelessness can weaken an internal control structure C. implementation of the control procedures should not have a significant adverse affect on efficiency or profitability D. management assertions about control effectiveness should provide auditors with reasonable assurance E. a control applies reasonable well to all forms of computer technology
C
Which is the least appropriate type of transaction for a real-time system? A. Airline reservations B. Point-of-sale transactions C. Weekly processing of payroll checks D. Air traffic control systems E. All of the above are real-time systems
C
Which of the following is NOT a database management task? A. Retrieval B. Storage C. Summarization D. Deletion
C
Which of the following is incompatible task? A. The AR clerk prepares customer statements every month B. The inventory control clerk updated the inventory subsidiary ledger C. The AR clerk authorizes the write-off of bad debts D. An accounting clerk updates both AR and AP subsidiary ledgers E. All of the above are incompatible tasks
C
which of the following sets of tasks should not be separated a. processing customer sales orders and approving credit b. receiving cash and updating the accts receivable sub ledger c. storing inventory in warehouse and updating the inventory stock records for internal used d. processing customer sales orders and posting to the sales order
C
What is it meant by cardinality in entity relationship diagrams used?
Cardinality refers to the numerical mapping between entity instances, and it is a matter of organization policy. The relationship can be one-to-one, one-to-many, or many-to-many.
Give and example of how cardinality relates to business policy
Cardinality reflects normal business rules as well as organizational policy. For instance, the 1:1 cardinality in the first example in Figure 2-16 suggests that each salesperson in the organization is assigned one automobile. If instead the organization's policy were to assign a single automobile to one or more salespeople that share it, this policy would be reflected by a 1:M relationship.
Define cash larceny.
Cash larceny involves schemes in which cash receipts are stolen from an organization after they have been recorded in the organization's books and records.
Define check tampering
Check tampering involves forging or changing in some material way a check that the organization has written to a legitimate payee.
What is cloud computing?
Cloud computing, a variant of IT outsourcing, is location-independent computing whereby shared data centers deliver hosted IT services over the Internet. These services fall into three categories: software as a service (SaaS), infrastructure as a service (IaaS), and platform as a service (PaaS). An organization pursuing cloud computing signs a contract with an IT service provider to provide computing resources. When demand exceeds the provider's IT capacity, it acquires additional capacity from data centers in the "cloud" that are connected via the Internet. Cloud computing contracts are flexible and relatively short term. In contrast, traditional outsourcing contracts tend to be fixed price, inflexible, and much longer term.
What is collusion?
Collusion involves two or more employees working together to perpetrate a fraudulent act that internal controls would have otherwise prevented. For example, the inventory control clerk and the warehouse clerk could collude to steal inventory and then adjust the inventory records to cover-up the act.
Distribute Paycheck
Companies use a paymaster to distribute paychecks to employees. This individual is independent of the payroll process aka not involved in payroll authorization or preparation tasks. If an employee does not pick up paycheck, paymaster returns to treasurer so it can be investigated.
Which doc defines terms for shipped goods ownership a. packing slip b. shipping notice c. customer invoice d. bill of lading
D
Advantages of data coding in AIS
Concisely representing large amounts of complex information that would otherwise be unmanageable. Providing a means of accountability over the completeness of the transactions processed. Identifying unique transactions and accounts within a file. Supporting the audit function by providing an effective audit trail.
SOX reforms include:
Creation of Public Company Accounting Oversight Board (PCAOB) Auditor independence—more separation between a firm's attestation and non-auditing activities Corporate governance and responsibility—audit committee members must be independent and the audit committee must oversee the external auditors Mgmt certification of Financial Statements and Internal Controls New federal crimes for the destruction of or tampering with documents, securities fraud, and actions against whistleblowers
Why are custom systems more expensive than commercial systems?
Custom systems are more expensive than commercial packages because the organization must absorb all the development costs, which commercial vendors are able to spread across the entire user population
An invoice file would be coded using a(n) coding _____________ scheme A. Alphabetic B. Mnemonic C. Block D. Sequential
D
Which control helps to ensure that the inventory items shipped to the customer are the correct type and the correct amount? A. Three way match B. Reconciliation of Bill Lading and receiving report C. Issuance of a blind copy of purchase order D. Reconcile stock release document and packing slip
D
Which of the following best describes the activities of the accounting function? A. Inventory control, cash receipts, accounts payable, cash disbursements, and payroll B. Fixed assets, accounts payable, cash disbursements and cost accounting C. Purchasing, cash receipts, accounts payable, cash disbursements and payroll D. Inventory control, accounts payable, fixes assets, and payroll E. Inventory control, cost accounting, accounts payable, cash disbursements and payroll
D
Which of the following best describes the activities of the production function? A. Maintenance, inventory control, and production planning B. Quality control, production planning, manufacturing, and payroll C. Maintenance, production planning, storage, and quality control D. Production planning, quality control, manufacturing and maintenance E. Manufacturing, quality control, and maintenance
D
Which of the following is NOT an advantage of real-time processing of files over batch processing? A. Shorter transaction processing time B. Reduction of inventory stocks C. Improved customer service D. All are advantages E. None of the above are advantages
D
Which of the following is NOT an objective of all information systems? A. Support for the stewardship function of management B. Support for management decision making C. Support for the day-to-day operations of the firm D. All of the above are objectives
D
What is the relationship among data, information and an information system?
Data are facts that are collected in a "raw" form and made meaningful through processes such as sorting, aggregating, classifying, mathematically manipulating, and summarizing. The meaningful data is considered to be information. Information Systems are the formal procedures by which data are collected, stored and processed into the system and distributed to users
DATA VERSUS INFORMATION
Data are facts, which may or may not be processed (edited, summarized, or refined) and which have no direct effect on the user. Information causes the user to take an action that he or she otherwise could not, or would not, have taken.
What are the levels of data hierarchy?
Data attribute (field), record, file, and database
What is distributed data processing?
Data processing is organized around several information processing units, which are distributed throughout the organization and placed under the control of end users. The central computer services are eliminated or minimized.
What is economic extortion?
Economic extortion is the use (or threat) of force (including economic sanctions) by an individual or organization to obtain something of value. The item of value could be a financial or economic asset, information, or cooperation to obtain a favorable decision on some matter under review.
What is employee fraud?
Employee fraud is an act committed by non-management employees, and it is generally designed to directly convert cash or other assets for the employee's personal benefit
Employee Payroll Records
Entered during the Prepare Payroll Section. Contains a record with individual Employee records to show wages, time off, withholding, and deductions. Contains the entire break down of employee salaries.
Labor Usage File
Entering job cost data in real time by cost accounting
What is an ERP system?
Enterprise Resource Planning (ERP) is an information system model that enables an organization to automate and integrate its key business processes. ERP breaks down traditional functional barriers by facilitating data sharing, information flows, and the introduction of common business practices among all organizational users.
What is an entity?
Entities are physical resources (automobiles, cash, or inventory), events (ordering inventory, receiving cash, shipping goods), and agents (salesperson, customer, or vendor) about which the organization wishes to capture data.
Distinguish between entity relationship diagrams, data flow diagrams, and system flowcharts
Entity relationship diagrams represent the relationship between entities (resources, events, and agents) in a system. Dataflow diagrams represent the logical elements (i.e. what is being done) of a system by illustrating processes, data sources, data flows, and entities. System flowcharts represent the physical elements being used (i.e., how the tasks are being conducted) by illustrating the relationship between input sources, program, and output products. System flowcharts can also represent both the logical and physical elements of manual systems and also illustrate the preparation and handling of documents.
How can external auditors attempt to uncover motivations for committing fraud?
External auditors can use a checklist of red-flag items that may help to uncover motivations for committing fraud.
Define the term financial services
Financial Services (Advisory Services) pertains to professional services that are designed to improve the quality of information, both financial and non-financial, used by decision makers. The domain of advisory services is intentionally unbounded so that it does not inhibit the growth of future services that are currently unforeseen. For example, advisory services may be contracted to provide information about the quality or marketability of a product. Advisory services are intended to help people make better decisions by improving information. This information may come as a by-product of the attest function, or it may ensue from an independently motivated review.
BPMN depicts four element types for business process diagrams:
Flow objects: events, activities, gateways Connecting objects: sequence flow, message flow, association Swimlanes: pool or lane Artifacts: data object, group, annotation
Name the two types of ledgers
General ledger and subsidiary ledger
The Control Environment
Integrity and ethics of management Organizational structure Role of the board of directors and the audit committee Management's policies and philosophy Delegation of responsibility and authority Performance evaluation measures External influences—regulatory agencies Policies and practices managing human resources
What is IT auditing?
IT auditing is part of a broader financial audit in which the auditor attests to the integrity of elements of the organization's information system that have become complicated by computer technology.
Cash Disbursements Activities
Identify liabilities due Prepare cash disbursement Update AP records Post to general ledger
Risk Assessment
Identify, analyze and manage risks relevant to financial reporting: changes in external environment risky foreign markets significant and rapid growth that strain internal controls new product lines restructuring, downsizing changes in accounting policies
Distinguish between the centralized and distributed approaches to organizing the IT functions
In a centralized data processing approach, the computer services function is centrally located. The databases are housed in one place where all of the data processing occurs by one or more main computers. Systems professionals perform all systems development and maintenance work for the entire organization. End users wishing to have new systems or features must submit a formal request to this group and are usually prioritized and placed in a queue. In a distributed data-processing approach, the CPUs are spread out and control over data and processing is at the information processing unit (IPU) level. Thus, end-users have more influence over the systems development projects, which are typically handled by systems professionals at the IPU level.
What are the advantages of real-time data processing?
In a real-time processing environment, the master files are updated as soon as the transaction is submitted and accepted into the system. Thus, reports are more accurate in the sense that the information is as current as possible. Faster operational response time to customer requests such as the shipping of an order is another, and very important, benefit. Finally, the reduction of paper and storage space of physical source documents is another benefit.
What two roles are played by accountants with respect to the information system?
In addition to being users, accountants also play key roles as system designers and system auditors
Distinguish the roles of internal and external auditors
Internal auditors are responsible for in-house appraisal of the financial reporting system. Internal auditors are concerned with deterring and detecting fraud and for conducting EDP audits. External auditors are independent CPAs engaged by the firm to attest to the completeness and accuracy of the financial statements. External auditors work together with the internal auditors.
Two Types of Time records
Job Tickets and Time Card
Update WIP
Labor Distribution Summary. Basically takes allocated labor costs to WIP accounts from cost accounting, summarizes them and sends them to the general ledger function.
What is lapping?
Lapping involves a cash receipts clerk stealing customer payments that are in the form of checks, by cashing the check him/ herself. Many employees view this as borrowing, since they plan to repay it someday.
Whats the purpose of a limit check?
Limit checks are used to identify field values that exceed an authorized limit.
Section 302
Management must "certify" financial statements Management must "certify" internal controls
Section 406
Management must adopt a Code of Ethics that applies to Senior officers (CEO, CFO, etc.) Code must address: conflicts of interest, full and fair disclosures, legal compliance, internal reporting of violations, accountability (appropriate discipline for violations)
Section 404
Management must assess internal controls Auditors must provide an opinion on effectiveness of internal controls
What are the 4 modifying assumptions that guide designers and auditors of IC systems?
Management responsibility, reasonable assurance, methods of data processing, and limitations.
Some organizations do not use an AP subsidiary ledger or a purchase journal. How is this possible?
Many companies engaged in business-to-business (B2B) transactions use the vendor invoice file as a substitute for the traditional purchases journal and accounts payable subsidiary ledger. The invoices in the file provide a chronological record of total purchases for the period (equivalent to the purchases journal), and the unpaid invoices at any point in time constitute the organization's accounts payable.
Whats the purpose of a range check?
Many times, data have upper and lower limits to their acceptable values. For example, if the range of pay rates for hourly employees in a firm is between 8 and 20 dollars, this control can examine the pay rate field of all payroll records to ensure that they fall within this range.
Give an example of a record for each of the four file types found in a computer-based system?
Master files correspond to general ledger accounts and subsidiary ledgers. Examples include accounts receivable and customer subsidiary accounts, accounts payable and vendor subsidiary accounts, inventory, etc. Transaction files correspond to general and special journals. Examples include the general journal, sales journals, cash receipts journals, payroll journals, etc. Reference files include lists of vendors, delinquent customers, tax tables, sales tax rates, discount rates, lists of customers granted specific discounts, etc. Archive files are typically composed of records that have been processed but are retained for their history. Examples include payroll transactions, sales transactions, etc.
Computer-based systems employ four types of files. Name them
Master files, transaction files, reference files, and archive files
Fraudulent Statements
Misstating the financial statements to make them appear better than reality - Usually occurs as management fraud - May be tied to focus on short-term financial measures for success - May also be related to management bonus packages being tied to financial statements
Purchasing Activities
Monitor inventory records Prepare purchase order Receive goods Update inventory records Set up accounts payable Update General Ledger
What is the role of network administration?
Network administration is responsible for the effective functioning of the software and hardware that constitute the organization's network. This involves configuring, implementing, and maintaining network equipment. In addition, network administration is responsible for monitoring network activity to ensure that the network is being used in accordance with company policies and that it is secure from attack by hackers from outside the organization as well as unauthorized individuals within the organization.
Is a data flow diagram an effective documentation technique for identifying who or what performs a particular task?
No. A DFD shows which tasks are being performed, but not who performs them. It depicts the logical system.
Why is fraud difficult to quantify?
Not all fraud is detected. Of that detected, not all is reported. In many fraud cases, incomplete information is gathered. Information is not properly distributed to management or law enforcement authorities. Too often, business organizations decide to take no civil or criminal action against the perpetrator(s) of fraud. In addition to the direct economic loss to the organization, indirect costs—including reduced productivity, the cost of legal action, increased unemployment, and business disruption due to investigation of the fraud—need to be considered.
Supervision
Often used when unable to enact appropriate segregation of duties. Supervision of employees serves as a deterrent to dishonest acts and is particularly important in the mailroom.
How can we prevent inventory from being reordered automatically each time the system detects a low inventory level?
Once an item is on order, control should be in place to ensure that it is not ordered again until the original order has been received from the supplier. One method of accomplishing this is to "flag" the inventory item "on order" by entering a value (e.g., the number of items ordered) in the on-order field of the inventory record. This field has a value of zero when the item in question is not on order.
Name two ways in which organizations acquire information systems
Organizations acquire information systems in two ways: they purchase commercial software and/or they build custom systems in-house from scratch.
What is the database model?
Organizations have overcome some of the problems associated with flat files by implementing the database model to data management. Figure 2-13 illustrates how this approach centralizes the organization's data into a common database that is shared by other users. With the organization's data in a central location, all users have access to the data they need to achieve their respective objectives. Access to the data resource is controlled by a database management system (DBMS)
Independent Verification
Physical procedures, as well as record-keeping, should be independently reviewed at various points in the system to check for accuracy and completeness -shipping verifies the goods sent from the warehouse are correct in type and quantity by reconciling the goods with the stock release document (picking slip) and packing slip -billing reconciles the shipping notice with the sales invoice -general ledger reconciles journal vouchers from billing, inventory control, cash receipts, and accounts receivable
Control Activities
Policies and procedures to ensure that the appropriate actions are taken in response to identified risks Fall into two distinct categories: Physical controls—primarily pertain to human activities IT controls—relate specifically to the computer environment
What two types of risk can close supervision of the receiving department?
Poor inspection and stealing inventory
Limitations of Internal Controls
Possibility of honest errors, collusion, management override, changing conditions
Payroll Register
Prepare Payroll Section. Has a record of every employee and their net pay for the period.
SALES RETURN ACTIVITIES
Prepare Return Slip Restock Goods (if necessary) Prepare Credit Memo Approve Credit Memo Update Sales Journal Update Inventory and Accounts Receivable Records Update (Post to) General Ledger
Production
Production planning involves scheduling the flow of materials, labor, and machinery to efficiently meet production needs. Quality control monitors the manufacturing process at various points to ensure that the finished products meet the firm's quality standards. Maintenance keeps the firm's machinery and other manufacturing facilities in running order.
Name the major subsystems of the conversion cycle.
Production system and cost accounting system.
Input Controls
Programmed procedures, often called edits, that perform tests on transaction data to ensure that they are free from errors. Goal of input controls is to ensure valid, accurate, and complete input data. Two common causes of input errors: Transcription errors - wrong character or value Transposition errors - 'right' character or value but in the wrong place
Name the major subsystems of the expenditure cycle.
Purchases/accounts payable system, cash disbursements system, fixed assets system, and payroll system.
Materials Management
Purchasing Receiving Stores
Sales Order Activities
Receive Order Check Credit Pick Goods Ship Goods Bill Customer Update Inventory Records Update Accounts Receivable Update (Post to) General Ledger
Update General Ledger
Recieves Labor Distribution Summary from cost accounting, the disbursement voucher from accounts payable, and the journal voucher from cash disbursements. The G/L clerk once this is received goes ahead and makes two entries.
What information is provided by a record layout diagram?
Record layout diagrams are used to reveal the internal structure of the records that constitute a file or database table. The layout diagram usually shows the name, data type, and length of each attribute (or field) in the record.
What rules govern data collection?
Relevance and efficiency
What are the characteristics of good or useful information?
Relevance, accuracy, completeness, summarization, and timeliness
What is discretionary reporting?
Reports used by management, which the company is not obligated by law, regulation, or contract to provide. These are often used for internal problem-solving issues rather than by external constituents.
What are the three cycles of transaction processing systems?
Revenue cycle, expenditure cycle, and conversion cycle.
Revenue Cycle Risks
Risk of Selling to Un-Creditworthy Customers Risk of Shipping Customers Incorrect Items or Quantities Risk of Inaccurately Recording Transactions in Journals and Accounts Risk of Misappropriation of Cash Receipts and Inventory Risk of Unauthorized Access to Accounting Records and Reports
Segregation of Functions
Sales Order Processing -credit authorization separate from Sales Order processing -inventory control separate from warehouse -accounts receivable sub-ledger separate from general ledger control account Cash Receipts Processing -cash receipts separate from accounting records -accounts receivable sub-ledger separate from general ledger
Name the major subsystems of the revenue cycle.
Sales order processing system and cash receipts system
What are management's responsibilities under sections 302 and 404?
Section 302 requires that corporate management (including the CEO) certify the organization's internal controls on a quarterly and annual basis. Section 404 requires the management of public companies to assess and formally report on the effectiveness of the organization's internal controls.
Paychecks
Sent out in the Prepare Payroll Section. Paycheck is made out to employees with amount earned in a certain time period.
Compare and contrast the relative advantages and disadvantages of sequential, block, group, alphabetic and mnemonic codes
Sequential codes are appropriate for items in either an ascending or descending sequence, such as the numbering of checks or source documents. An advantage is that during batch processing, any gaps detected in the sequence is a signal that a transaction may be missing. A disadvantage is that the codes carry little, if any, information other than the sequence order. Another disadvantage is that sequential codes are difficult to manage when items need to be added; the sequence needs either to be reordered or the items must be added to the end of the list. Block codes provide some remedies to sequential codes by restricting each class to a prespecified range. The first digit typically represents a class, whereas the following digits are sequential items which may be spaced in intervals in case of future additions. An example of block coding is a chart of accounts. A disadvantage of block coding is that the information content does not provide much meaning, i.e. an account number only means something if the chart of accounts is known. Group codes may be used to represent complex items or events involving two or more pieces of related data. The code is comprised of fields which possess specific meaning. The advantages of group codes over sequential and block codes are 1. they facilitate the representation of large amounts of diverse data, 2. they allow complex data structures to be represented in a hierarchical form that is logical and thus more easily remembered by humans, and 3. they permit detailed analysis and reporting both within an item class and across different classes of items. A disadvantage is that the codes may be overused to link classes which do not need to be linked, and thus create a more complex coding system than is necessary. Alphabetic codes may be used sequentially or in block or group codes. An advantage is that a system which uses alphabetic codes can represent far more situations than a system with numeric codes given a specific field size. Some disadvantages are that sequentially assigned codes mostly have little meaning. Also, humans typically find alphabetic codes more difficult to sort than numeric data. Lastly, mnemonic codes are alphabetic characters in the form of acronyms, abbreviations or other combinations that convey meaning. The meaning aspect is its advantage. A disadvantage of mnemonic codes is that they are limited in their ability to represents items within a class (i.e. names of all of American Express's customers).
Supervision
Should observe the timekeeping process and reconcile the time cards with actual attendance
Briefly explain accounting independence
Simply stated, accounting activities must be separate and independent of the functional areas that manage and maintain custody of physical resources.
What is skimming?
Skimming involves stealing cash from an organization before it is recorded on the organization's books and records.
Who initiates a fraud audit within the organization?
Sometimes fraud audits are initiated when corporate management suspects employee fraud. Alternatively, boards of directors may hire fraud auditors to investigate their own executives if theft of assets or financial fraud is suspected
Information and Communication
The AIS should produce high quality info. that: identifies and records all valid transactions provides timely information in appropriate detail to permit proper classification and financial reporting accurately measures the financial value of transactions accurately records transactions in the time period in which they occurred
What is the purpose of the DBMS?
The DBMS is a special software system that permits users to access authorized data only. The user's application program sends requests for data to the DBMS, which validates and authorizes access to the database in accordance with the user's level of authority. If the user requests data that he or she is not authorized to access, the request is denied.
Define the term attest function
The attest function is performed by an independent certified public accountant who expresses an opinion about the fairness of a client-firm's financial statements.
What are the 6 classes of physical activities defined by COSO?
Transaction authorization, supervision, accounting records, access control, independent verification and segregation of duties
What is the role of the audit committee of the board of directors?
The audit committee of the board of directors of publicly traded companies is a subcommittee that has special responsibilities regarding audits. The audit committee is usually composed of three people who should be outsiders (not associated with the families of executive management nor former officers, etc.). With the advent of the Sarbanes-Oxley Act, at least one member of the audit committee must be a "financial expert." The audit committee serves as an independent "check and balance" for the internal audit function and liaison with external auditors. SOX mandates that external auditors now report to the audit committee, which hires and fires auditors and resolves disputes. To be effective, the audit committee must be willing to challenge the internal auditors (or the entity performing that function) as well as management when necessary. Part of the role of committee members is to look for ways to identify risk. In general, they become an independent guardian of the entity's assets by whatever means is appropriate
Why does billing receive a copy of the sales order when the order is approved but does not bill until the goods are shipped?
The billing department's receipt of the sales order occurs in most instances before the goods are actually shipped; thus, the economic event is not complete. Some of the goods may not be available to ship; thus, the customer should not be billed until the goods are shipped and the economic event is complete.
What characteristic conceptually distinguishes internal and external auditing?
The characteristic that conceptually distinguishes external auditors from internal auditors is their respective constituencies: while external auditors represent outsiders, internal auditors represent the interests of the organization.
Distinguish between conceptual and physical systems
The conceptual system must first be determined. It specifies the nature of the information required, how and when it is to be collected, and who is the user. For each conceptual system, many different physical configurations may be possible. The physical system is the medium and method used to collect the data, process it, and disseminate the resulting information.
What is the confirmation process?
The confirmation process entails selecting customers and contacting them to determine whether the transactions recorded in the financial statements actually took place and are valid.
What information would a batch control contain?
The control record contains relevant information about the batch, such as A unique batch number
What is the role of a Database Administrator?
The database administrator is responsible for the security and integrity of data stored in a central database.
What is the purpose of a digital audit trail?
The digital audit trail, like the paper trail, allows us to trace transactions from the financial statement balance back to the actual transaction so we may: (1) compare balances, (2) perform reconciliations, (3) select and trace samples of entries, and (4) identify, pull, and verify specific transactions.
Name the tests that auditors perform to gather evidence
The evidence auditors gather comes from two types of tests that they perform: (1) tests of controls and (2) substantive tests
What three transaction cycles exist in all businesses?
The expenditure cycle, conversion cycle, and revenue cycle.
Flat files limit data integration. Why?
The flat-file approach is a single-view model. Files are structured, formatted, and arranged to suit the specific needs of the owner or primary user of the data. Such structuring, however, may exclude data needed by other users, thus preventing successful integration of data across the organization.
The general ledger clerk receives summary data from which departments? What form of summary data?
The general ledger clerk receives a total of all sales from the billing department in the form of a summary journal voucher. The accounts receivable department sends an account summary of the individual accounts receivable so that the accounts receivable control account can be verified against the accounts receivable ledger. The inventory control department sends summary information in the form of a journal voucher that reflects the total reductions of inventory in financial terms and the associated charges to cost of goods sold.
When can external auditors rely on the work performed by internal auditors?
The independence and competence of the internal audit staff determine the extent to which external auditors may cooperate with and rely on work performed by internal auditors. Some internal audit departments report directly to the controller. Under this arrangement, the internal auditor's independence is compromised, and the external auditor is prohibited by professional standards from relying on evidence provided by the internal auditors. In contrast, external auditors can rely in part on evidence gathered by internal audit departments that are organizationally independent and report to the board of directors' audit committee. A truly independent internal audit staff adds value to the audit process. For example, internal auditors can gather audit evidence throughout a fiscal period, which external auditors may then use at year end to conduct more efficient, less disruptive, and less costly audits of the organization's financial statements.
What is the objective of Statement on Auditing Standards No. 99?
The objective of SAS 99 is to seamlessly blend the auditor's consideration of fraud into all phases of the audit process.
Distinguish between a packing slip, a shipping notice and a bill of lading.
The packing slip travels with the goods to the customer, and it describes the contents on the order. Upon filling the order, the shipping department sends the shipping notice to the billing department to notify them that the order has been filled and shipped. The shipping notice contains additional information that the packing slip may not, such as shipment date and carrier and freight charges. The bill of lading is a formal contract between the seller and the transportation carrier; it shows legal ownership and responsibility for assets in transit.
Identify and distinguish between the physical and financial components of the expenditure cycle
The physical component includes the acquisition of goods, while the financial component includes the recognition of a liability owed to the supplier and the transfer of the payment to the supplier.
What are the primary objectives of a batch control?
The primary objectives of a batch control are to provide assurance that: a. all records in the batch are processed b. no records are processed more than once c. an audit trail of transactions is created from input through processing to the output stage of the system
Monitoring
The process for assessing the quality of internal control design and operation Separate procedures—test of controls by internal auditors Ongoing monitoring: computer modules integrated into routine operations management reports which highlight trends and exceptions from normal performance
What is the purpose of physical controls?
The purpose of physical controls is to control the actions of people.
What function does the receiving department serve in the revenue cycle?
The receiving department counts and inspects items that are returned by customers. The receiving department prepares a return slip, copies of which go to the warehouse for restocking, and to the sales order department so that a credit memo can be issued to the customer
What is the role of the accounting function in an organization?
The role of the accounting function is to manage the financial information resources of the firm. First, the accountants must capture and record business events of a firm and their financial impact. Secondly, the accounting function distributes transaction information to decision makers and operations personnel to help them coordinate their many tasks. The accountants must also assign accountability for each of these tasks
What is the purpose of a run-to-run have?
The run-to-run control is a control device to ensure that no records are lost, unprocessed, or processed more than for once for each of the computer runs (processes) that the records must flow through.
How are system flowcharts and program flowcharts related?
The system flowchart shows the relationship between two computer programs, the files that they use, and the outputs that they produce. However, this level of documentation does not provide the operational details that are sometimes needed. An auditor wishing to assess the correctness of a program's logic cannot do so from the system flowchart. A program flowchart provides this detail. Every program represented in a system flowchart should have a supporting program flowchart that describes its logic
What are the three logical steps of the cash disbursements system?
The three logical steps of the cash disbursements system are: a. authorization of cash disbursements for payment, b. preparation and distribution of checks, and c. preparation of summary information by cash disbursements and accounts payable, which are sent to the general ledger clerk.
What is the objective of a transaction log?
The transaction log serves as a journal, as it is a record of every transaction that the system successfully processes. One of the objectives of a transaction log is to create a separate, permanent record of all transactions, which have changed account balances.
Personnel Action Form
They identify employees authorized to receive a paycheck and are used to reflect changes in hourly pay rates, payroll deductions, and job classification.
What is (are) the purposes of maintaining a valid vendor file?
This control procedure helps to deter the purchasing agent from buying inventories at excessive costs and receiving kickbacks, or from buying from an entity in which the purchasing agent has a relationship, such as a relative or a friend. A valid vendor file also provides for a more efficient purchasing process when dealing with routine purchases.
Segregation of duties
Three forms of segregation of duties: 1. timekeeping function and personnel function should be separated. Personnel function provides the payroll function with pay rate information for authorized hourly employees. 2. For maximum efficiency payroll performs tasks that are in asset custody and record keeping responsibility. Creates opportunity for an individual to set up a false wages payable liability to himself, approve payment, and write the check. 3. Independent paymaster to distribute checks to verify existence of employees
What are the three general problems associated with data redundancy?
Three problems associated with data redundancy: Increased data storage since the same data is stored in multiple files Increased data updating since changes must be made to multiple files Possibility of noncurrent data caused by failure to update.
What are the four levels of activity in the pyramid representing the business organization?
Top management (stakeholders), Middle management, Operations management, Operations personnel (customers and suppliers)
Physical Controls
Transaction authorization is a procedure to ensure that employees process only valid transactions within the scope of their authority. Segregation of duties is the separation of employee duties to minimize incompatible functions. Supervision is a control activity involving the critical oversight of employees. Accounting records of an organization consist of documents, journals, or ledgers used in transaction cycles. Access controls are controls that ensure that only authorized personnel have access to the firm's assets. Verification procedures are independent checks of the accounting system to identify errors and misrepresentations
bill of lading
a formal contract between the seller and the shipping company that transports the goods to the customer
What factor influences the decision to employ real-time data collection with batch updating rather than purely real-time processing?
Transaction volume is the key factor. Large-scale systems that process high volumes of transactions often use real-time data collection and batch updating. Master file records that are unique to a transaction such as customer accounts and individual inventory records can be updated in real time without causing operational delays. Common accounts should be updated in batch mode. Real-time processing is better suited to systems that process lower transaction volumes and those that do not share common records.
Risk of Misappropriation of Cash through Payroll Fraud
Two forms 1. Nonexistent employee who receives a paycheck. Usually involves a current employee creating a phantom employee, submitting time cards and ultimately receiving the paycheck. 2. over payment of an employee. Usually accomplished by inflating the hours worked on time cards and is particularly a problem where employees self-report or supervision is inadequate.
Labor Distribution Summary
Update WIP Account. Summarization of labor costs in work-in-process accounts
Data processing
a group that manages the computer resources used to perform the day-to-day processing of transactions.
What does updating a master file record involve?
Updating a master file record involves changing the value of one or more of its variable fields to reflect the effects of a transaction.
Why might an auditor use a program flowchart?
When testing an application program, the auditor needs details about its internal logic provided by the program flowchart to design the audit tests.
Accounting Records
With a properly maintained audit trail, it is possible to track transactions through the systems and to find where and when errors were made: pre-numbered source documents special journals subsidiary ledgers general ledger files
Authorization Controls
Within the revenue cycle, authorization should take place when: - a sale is made on credit (authorization) - a cash refund is requested (authorization) - posting a cash payment received to a customer's account (cash pre-list)
Is a flowchart an effective documentation technique for identifying who or what performs a particular task?
Yes, A flowchart depicts the physical system and illustrates what type of and where a task is performed and who is performing it.
ledger
a book of accounts that reflects the financial effects of the firm's transactions after they are posted from the various journals
Trading partners
a category of external user, including customer sales and billing information, purchase information for suppliers, and inventory receipts information
journal voucher file
a compilation of all journal vouchers posted to the general ledger
check digit
a control digit is added to the code to allow the integrity of the code to be established during subsequent processing
ledger copy
a copy of the sales order received along with the customer sales invoice by the billing department clerk from the sales department
program flowchart
a diagram providing a detailed description of the sequential and logical operations of the program.
chase order (PO)
a document based on a purchase requisition that specifies items ordered from a vendor or supplier
return slip
a document recording the counting and inspect of items returned, prepared by the receiving department employee
stock release
a document that identifies which items of inventory must be located and picked from the warehouse shelves
purchase requisition
a document that requests a purchase transaction
packing slip
a document that travels with the goods to the customer to describe the contents of the order
credit memo
a document used to authorize the customer to receive credit for the merchandise returned
Internal Control System
a set of policies a firm employs to: 1. safeguard assets of the firm 2. ensure the accuracy and reliability of accounting records and information 3. promote the efficiency of operations 4. measure compliance with management's established policies and procedures.
database management system (DBMS)
a software system that controls access to the data resource
remittance advice
a source document that contains key information required to service the customers account
Sales Order
a source document that includes vital information such as the name and address, of the customer making the purchase; the customer's account number; the name, number, and description of the product; the quantities and unit price of the items sold; and other financial information
sales journal
a special journal used for recording completed sales transactions
Database management
a special software system that is programmed to know which data elements each user is authorized to access
database model
a symbolic model of the structure of, and the associations between, an organization's data entities
management information system (MIS)
a system that processes nonfinancial transactions not normally processed by traditional accounting information systems
general ledger/financial reporting system (GL/FRS)
a system that produces traditional financial statements, such as income statements, balance sheets, statements of cash flows, tax returns, and other reports required by law.
management reporting system (MRS)
a system that provides the internal financial information needed to manage a business.
deposit slip
a written notification accompanying a bank deposit that specifies and categorizes the funds (such as checks, bills, and coins) being deposited
At which points in the revenue cycle are independent verification system controls necessary?
a. Shipping department—verifies that the correct amount and types of goods are sent from the warehouse by reconciling the stock release document and the packing slip. b. Billing department—reconciles the shipping notice with the invoice to ensure that customers are appropriately billed. c. GL clerks—reconcile journal vouchers from various departments such as the billing department, the accounts receivable department, and inventory control
Name the three fraud-motivating forces?
a. Situational pressure b. Opportunities c. Personal characteristics (ethics)
What steps of independent verification does the general ledger department perform?
a. Total obligations recorded = total recoded increases in inventories, and b. Total reductions in accounts payable = total recorded disbursements of cash.
What are the three rules that ensure that no single employee or department processes a transaction in its entirety?
a. Transaction authorization should be separate from transaction processing. b. Asset custody should be separate from asset record keeping. c. The organization structure should be such that the perpetration of a fraud requires
What are the 5 IC components in the COSO framework?
a. control environment b. risk assessment c. information and communication d. monitoring e. control activities
What are three authorization controls
a. credit checks b. returns policy for granting cash refunds and credits, and c. cash prelists providing verification that customer checks and remittance advices match in amount.
What are the 5 common conditions that constitute fraud under common law?
a. false representation b. material fact c. intent d. justifiable reliance e. injury or loss
What are 4 objectives of IC?
a. to safeguard the assets of the firm. b. to ensure the accuracy and reliability of accounting records and information. c. to promote efficiency in the firm's operations. d. to measure compliance with management's prescribed policies and procedures.
Journal vouchers
accounting journal entries into an accounting system for the purposes of making corrections or adjustments to the accounting data. For control purposes, all JVs should be approved by the appropriate designated authority.
Access Control
asset associated with the payroll system are labor and cash. Both can be misappropriated through improper access to accounting records. A dishonest person can misrepresent the number of hours worked on the time cards and thus embezzle cash. Control over all journals, ledgers, employee data, and source documents in the payroll system is important, as it is in all transactions processing systems
Reasonable Assurance
assurance provided by the internal control system that the four objectives of internal control are met in a cost-effective manner
Mobile remote devices
allow employees to clock in using handheld devices or web browsers from laptop computers. The option is popular among businesses with employees in the field who travel between clients and with companies engaged in global business with foreign-based employees.
Alphabetic codes
alphabetic characters assigned sequentially
Mnemonic codes
alphabetic characters in the form of acronyms and other combinations that convey meaning
accounts receivable (AR) subsidiary ledger
an account record that shows activity by detail for each account type, and contains, at minimum: customer name; customer address; current balance; available credit; transaction dates; invoice numbers; and credits for payments, returns, and allowances.
transaction processing system (TPS)
an activity composed of three major subsystems—the revenue cycle, the expenditure cycle, and the conversion cycle.
voucher payable system
an alternative A/P system under which the A/P department uses cash disbursement vouchers and maintains a voucher register
financial transaction
an economic event that affects the assets and equities of the organization, is measured in financial terms, and is reflected in the accounts of the firm
flat-file model
an environment in which individual data files are not related to other files There are three significant problems in the flat-file environment: data storage, data updating, and currency of information
transaction
an event that affects or is of interest to the organization and is processed by its information system as a unit of work
voucher
an internal document used by a company's A/P department to collect and organize the necessary documentation before paying a supplier's invoice
Association of Certified Fraud Examiners (ACFE)
an international professional organization committed to detecting, deterring, and preventing fraud and white-collar crime
Sequential codes
are codes that represent items in some sequential order (ascending or descending)
Stakeholders
are entities either inside or outside an organization that have a direct or indirect interest in the firm
Nonfinancial transactions
are events that do not meet the narrow definition of a financial transaction
Information flows
are the flows of information into and out of an organization
Time Card
capture the time the employee is at work.
Human Resource Management system
captures and processes a wide range of personnel-related data, including employee benefits, labor resource planning, employee relations, employee skills, internal training, personnel actions, and payroll processing. H/R clerks enter things into real time from terminals. Includes additions of new employees, deductions of terminated employees, changes in dependents.
remittance list
cash prelist, where all cash received is logged
Expense Reimbursement
claiming reimbursement of fictitious or inflated business expenses
block code
coding scheme that assigns ranges of values to specific attributes such as account classifications
Reasonableness checks
compare one field to another to see if relationship is appropriate
Validity check
compares values to known or standard values
journal voucher
composed of accounting journal entries into an accounting system for the purposes of making corrections or adjustments to the accounting data. For control purposes, all JVs should be approved by the appropriate designated authority
purchase requisition file
comprises all purchase requisitions. It is created during the sales activity when the inventories drop to their predetermined reorder point
open purchase requisition file
contains a copy of all purchase requisitions that have not yet been fulfilled
open purchase order file
contains a copy of the PO along with the related purchase requisition
approved sales order
contains sales order information for the sales manager to review once the sales order is approved
cash disbursements journal
contains the voucher number authorizing each check and provides an audit trail for verifying the authenticity of each check written
Numerical alphabet ic check
control that identifies when data are in the wrong form
Five basic documentation techniques are:
data flow diagrams, entity relationship diagrams, system flowcharts, program flowcharts, and record layout diagrams
Transaction fraud
deleting, altering, or adding false transactions to steal assets [Example: making charges to expense accounts to cover theft of assets or cash]
entity relationship (ER)
diagram is a documentation technique used to represent the relationship among data entities in a system.
Payroll Fraud
distribution of fraudulent paychecks to existent and/or nonexistent employees
Source documents
documents that capture and formalize transaction data needed for processing by their respective transaction cycles
Product documents
documents that result from transaction processing
Accounting records
documents, journals, or ledgers used in transaction cycles
Range check
ensures data is between acceptable limits
AP pending file
file containing supporting documents needed to set up an account payable. Once the packet is completed it is kept in the open AP file until the A/P is paid
valid vendor file
file containing vendor mailing information
Data sources
financial transactions that enter the information system from either internal or external sources
Check Tampering
forging, or changing in some material way, a check that was written to a legitimate payee
shipping notice
form is a document that informs the billing department that the customer's order has been filled and shipped
Stock records
formal accounting records for controlling inventory assets
Fraud Schemes
fraudulent statements, corruption, and asset misappropriation
Batch processing
gathering transactions into groups or batches and then processing the entire batch as a single event.
Time and Attendance File
generated by employees directly entering timekeeping data in real time.
Corruption
involves an executive, a manager, or an employee of the organization in collusion with an outsider A. Bribery = giving, offering, soliciting, or receiving things of value to influence an official in the performance of his or her lawful duties. B. Illegal gratuity = giving, receiving, offering, or soliciting something of value because of an official act that has been taken. C. Conflicts of interest = actual or apparent conflicts of interest between personal and professional relationships.
Commercial software
is pre-coded software that a user purchases from a software vendor. Commercial software packages are sometimes called turnkey systems because they often can be implemented by the user with little or no modification.
Distributed data processing (DDP)
is reorganizing the IT function into small information processing units (IPUs) that are distributed to end users and placed under their control
Cardinality
is the numeric mapping between entities such as one-to-one (1:1), one-to-many (1:M), and many-to-many (M:M).
What's the biggest difference between a flat-file and a database model?
is the pooling of data into a common database that all organizational users share
chart of accounts
listing of an organization's accounts showing the account number and name
Methods of Data Processing
objectives of internal controls should be achieved regardless of method of data processing (manual, computerized, etc.)
Database
physical repository for financial data
AP packet
reconciled AP supporting documents (PO, receiving report, and invoice)
closed AP file
record of all accounts payable that have been discharged by making payment to the creditors
AP subsidiary ledger
records controlling the exposure in the cash disbursements subsystems
cash receipts journals
records that include details of all cash receipts transactions, including cash sales, miscellaneous cash receipts, and cash received
Back-orders
records that stay on file until the inventories arrive from the supplier. Back-ordered items are shipped before new sales are processed
Point-of-sale (POS) systems
revenue systems in which no customer accounts receivable are maintained and inventory is kept on the store's shelves, not in a separate warehouse. POS systems are used extensively in grocery stores, department stores, and other types of retail organizations (for example, an antiques store)
Sarbanes-Oxley Act (SOX)
the most significant federal securities law, with provisions designed to deal with specific problems relating to capital markets, corporate governance, and the auditing profession
Management fraud
the performance fraud that often uses deceptive practices to inflate earnings or to forestall the recognition of either insolvency or a decline in earnings.
Employee fraud
the performance of fraud by a nonmanagement employee generally designed to directly convert cash or other assets to the employee's personal benefit.
Management Responsibility
the responsibility for the establishment and maintenance of a system of internal control falls to management.
data flow diagram (DFD)
the use of a set of symbols in a diagram to represent the processes, data sources, data flows, and process sequences of a current or proposed system
Non-cash Misappropriation
theft or misuse of non-cash assets (e.g., inventory, confidential information)
Computer Fraud
theft, misuse, or misappropriation of assets by altering computer-readable records and files, or by altering the logic of computer software; the illegal use of computer-readable information; or the intentional destruction of computer software or hardware
Standard cost system
used in organizations that carry their inventories at a predetermined standard value regardless of the price actually paid to the vendor
register
used to denote certain types of special journals
Group codes
used to represent complex items or events involving two or more pieces of related data
system flowchart
used to show the relationship between the key elements—input sources, programs, and output products—of computer systems
S.O. pending file
used to store the sales order (invoice copy) from the receive-order task until receipt of the shipping notice
End users
users for whom the system is built
Lapping
using customer's check from one account to cover theft from a different account
Biometric time Clocks
verify employees' identities by using fingerprint or hand-vein scan technology
Magnetic swipe ID cards
work like a credit card. Each employee is issued an ID card that has a magnetic strip containing employee information. The employee swipes the card through the time clock to record start and end time on the job.