Accounting Information Systems: Marshall B. Romney Chapters 1-7

Normalization

Following relational database creation rules to design a relational database that is free from delete, insert and update anomalies.

Referential Integrity Rule

Foreign Keys which link rows in one table to rows in another table must have values that corresponds to the value of a primary key in another table.

Third Normal Form

Free of update, insert, and delete anomalies

Strategic Objectives

High-level goals that are aligned with and support the company's mission and create shareholder value.

Data Query Language (DQL)

High-level, English-like, DBMS language that contains powerful, easy-to-use commands that enable users to retrieve, sort, order, and display data.

Context Diagram

Highest-level DFD; a summary-level view of a system, showing the data processing system, its input(s) and output(s), and their sources and destinations.

segregation of systems duties

Implementing control procedures to clearly divide authority and responsibility within the information system function.

Insert Anomaly

Improper database organization that results in the inability to add records to a database.

Update Anomaly

Improper database organization where a non-primary key item is stored multiple times; updating the item in one location and not the others causes data inconsistencies.

Delete Anomaly

Improper organization of a database that results in the loss of all information about an entity when a row is deleted.

General Ledger and Reporting System

Information-processing operations involved in updating the general ledger and preparing reports for both management and external parties.

Internal control is defined as follows:

Internal control is a process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.

Online, real-time processing

The computer system processes data immediately after capture and provides updated information to users on a timely basis.

Information Technology (IT)

The computers and other electronic devices used to store, retrieve, transmit, and manipulate data.

Opportunity

The condition or situation that allows a person or organization to commit and conceal a dishonest act and convert it to personal gain.

Database System

The database, the DBMS, and the application programs that access the database through the DBMS.

Electronic input and output device (Flow Chart Input/Output Symbol)

The electronic data entry and output symbols are used together to show a device used for both

Data Source

The entity that produces or sends the data that is entered into a system.

Data Destination

The entity that receives data produced by a system.

Analytical Review

The examination of the relationships between different sets of data.

Rationalization

The excuse that fraud perpetrators use to justify their illegal behavior.

Documentation

Narratives, flowcharts, diagrams, and other written materials that explain how a system works.

Reporting Objectives

Objectives to help ensure the accuracy, completeness, and reliability of company reports; improve decision making; and monitor company activities and performance.

Compliance Objectives

Objectives to help the company comply with all applicable laws and regulations.

Factors influencing Design of the AIS

Organizational Culture Business Strategy Information Technology

Journal/Ledger (Flow Charting Storage Symbol)

Paper-based accounting journals and ledgers

Programmers

Peopel who take the analysts' design and develop, code, and test computer programs.

Security Manager

People that make sure systems are secure and protected from internal and external threats.

Computer Operations

People who operate the company's computers.

Users

People who record transactions, authorize data processing, and use system output.

Network Manager

Person responsible for ensuring that applicable devices are linked to the organization's networks and that the networks operate properly.

Systems Administrator

Person responsible for making sure a system operates smoothly and efficiently.

Project Milestones

Points where progress is reviewed and actual and estimated completion times are compared.

Control Activities

Polices, procedures, and rules that provide reasonable assurance that control objectives are met and risk responses are carried out.

Transaction Processing

Process of capturing transaction data, processing it, storing it for later use, and producing information output, such as a managerial report or a financial statement

Change management

Process of making sure changes are made smoothly and efficiently and do not negatively affect systems reliability, security, confidentiality, integrity, and availability.

Three Way Match

Purchase Order Receiving Report Invoice

Internal Control - Integrated Framework (IC)

A COSO framework that defines internal controls and provides guidance for evaluating and enhancing internal control systems.

Enterprise Risk Management - Integrated Framework (ERM)

A COSO framework that improves the risk management process by expanding (adds three additional elements) COSO's Internal Control - Integrated

Terminal (Flow Charting Flow and Miscellaneous Symbols)

A beginning, end, or point of interruption in a process; also used to indicate an external party

Public Company Accounting Oversight Board (PCAOB)

A board created by SOX that regulates the auditing profession; created as part of SOX.

Information system library

A collection of corporate databases, files, & programs stored in a separate storage area & managed by the system librarian.

Computer Processing (Flow Charting Processing Symbols)

A computer-performed processing function; usually resulting in a change in data or information.

Relational Database

A database built using the relational data model.

Decision (Flow Charting Flow and Miscellaneous Symbols)

A decision-making step

Schema

A description of the data elements in a database, the relationships among them, and the logical model used to organize and describe the data.

Policy and Procedures Manual

A document that explains proper business practices, describes needed knowledge and experience, explains document procedures, explains how to handle transactions, and lists the resources provided to carry out specific duties.

Project Development Plan

A document that shows how a project will be completed.

Transaction File

A file that contains the individual business transactions that occur during a specific fiscal period. A transaction file is conceptually similar to a journal in a manual AIS.

Data Flow Diagram (DFD)

A graphical description of the flow of data within an organization, including data sources/destinations, data flows, transformation processes, and data storage. Lines are labled

General Journal

A journal used to record infrequent or non-routine transactions. Examples: loan payments and end-of-period adjusting and closing entries.

General Ledger

A ledger that contains summary-level data for every asset, liability, equity, revenue, and expense account of the organization.

Subsidiary Ledger

A ledger used to record detained data fro a general ledger account with many individual subaccounts, such as accounts receivable, inventory, and accounts payable.

Chart of accounts

A listing of all the numbers assigned to balance sheet and income statement accounts. The account numbers allow transaction data to be coded, classified, and entered into the proper accounts. They also facilitate financial statement and report preparation.

Internal-Level Schema

A low-level view of the entire database describing how the data are actually stored and accessed.

Strategic Master Plan

A multiple year plan that lays out the projects the company must complete to achieve its long-range goals and the resources needed to achieve the plan.

Entity Integrity Rule

A non-null primary key ensures that every row in a table represents something and that it can be identified.

Audit Trail

A path that allows a transaction to be traced through a data processing system from point of origin to output or backwards from output to point of origin. It is used to check the accuracy and validity of ledger postings and to trace changes in general ledger accounts from their beginning balances to their ending balance.

Master File

A permanent file of records that stores cumulative data about an organization. As transactions take place, individual records within a master file are updated to keep them current

Computer Security officer

A person in charge of system security, independent of the information system function, and reports to the COO or the CEO

Pressure

A person's incentive or motivation for committing fraud.

Event

A positive or negative incident or occurrence from internal or external sources that affects the implementation of strategy or the achievement of objectives.

Committee of Sponsoring Organizations (COSO)

A private-sector group consisting of the American Accounting Association, the AICPA, the Institute of Internal Auditors, the Institute of Management Accountants, and the Financial Executives Institute.

Manual Operation (Flow Charting Processing Symbol)

A processing operation performed manually.

Document

A record of a transaction or other company data. Examples include checks, invoices, receiving reports, and purchase requisitions.

Tuple

A row in a table that contains data about a specific item in a database table.

Data Processing Schedule

A schedule that shows when each data processing task should be performed.

Control Objectives for Information and Related Technology (COBIT)

A security and control framework that allows (1) management to benchmark the security and control practices of IT environments, (2) users of IT services to be assured that adequate security and control exist, and (3) auditors to substantiate their internal control opinions and advise on IT security and control matters.

Record

A set of fields whose data values describe specific attributes of an entity, such as all payroll data relating to a single employee. An example is a row in a spreadsheet.

Database

A set of interrelated, centrally controlled data files that are stored with as little data redundancy as possible. A database consolidates records previously stored in separate files into a common pool and serves a variety of users and data processing applications.

File

A set of logically related records, such as the payroll records of all employees.

Business Process

A set of related, coordinated, and structured activities and tasks, preformed by a person, a computer, or a machine that help accomplish a specific organizational goal.

Computer forensics specialists

A specialist who discovers, extracts, safeguards, and documents computer evidence to ensure that its authenticity, accuracy, and integrity will not succumb to legal challenges.

Subschema

A subset of the schema; the way the user defines the data and the data relationships

Accounting Information System

A system that collects, records, stores, and processes data to produce information for decision makers. It includes people, procedures and instructions, data, software, information technology infrastructure, and internal controls and security measures.

Enterprise Resource Planning (ERP) System

A system that integrates all aspects of an organization's activities -- such as accounting, finance, marketing, human resources, manufacturing, inventory management -- into one system. An ERP system in modularized; companies can purchase the individual modules that meet their specific needs. An ERP facilitates information flow among the company's various business functions and manages communications with outside stakeholders.

Cookie

A text file created by a web site and stored on a visitor's hard drive. Cookies store information about who the user is and what the user has done on the site.

Control Account

A title given to a general ledger account that summarizes the total amounts recorded in a subsidiary ledger. For example, the accounts receivable control account in the general ledger represents the total amount owed by all customers. The balances in the accounts receivable subsidiary ledger indicate the amount owed by each specific customer.

Relational Data Model

A two-dimensional table representation of data; each row represents a unique entity (record) and each column is a field where record attributes are stored.

Business Process Diagram

A visual way to describe the different steps or activities in a business process.

Fraud

Any and all means a person uses to gain an unfair advantage over another person.

Computer Fraud

Any type of fraud that requires computer technology to perpetrate.

Source Data Automation

The collection of transaction data in machine-readable form at the time and place of origin. Examples are point-of-sale terminals and ATMs.

Internal Environment

The company culture that is the foundation for all other ERM components as it influences how organizations establish strategies and objectives; structure business activities; and identify, assess, and respond to risk.

Database Management System (DBMS)

The program that manages and controls the data and the interfaces between the data and the application programs that use the data stored in the database.

Attributes

The properties, identifying numbers, and characteristics of interest of an entity that is stored in a database. Examples are employee number, pay rate, name, and address.

Output Fraud

Computer fraud; displayed or printed output that can be stolen, copied, or misused (e.g. a perpetrator can scan a company paycheck, use desktop publishing software to erase the payee amount, and print fictitious checks)

Neural networks

Computing systems that imitate the brain's learning process by using a network of interconnected processors that perform multiple operations simultaneously and interact dynamically.

Lapping

Concealing the theft fo cash by means of a series of delays in posting collections to accounts receivable.

On-Page Connector (Flow Charting Flow and Miscellaneous Symbols)

Connects the processing flow on the same page; its usage avoids lines crisscrossing a page

CRIME

Control Environment Risk Assessment Information & Communication Monitoring Existing Control Activities

General Controls

Control designed to make sure an organization's information system and control environment is stable and well managed.

Detective Controls

Controls designed to discover problems that were not prevented.

Preventative Controls

Controls that deter problems before they arise.

Corrective Controls

Controls that identify and correct problems as well as correct and recover from the resulting errors.

Application Controls

Controls that prevent, detect, and correct transaction errors and fraud in application programs.

Collusion

Cooperation between two or more people in an effort to thwart internal controls.

Data Definition Language (DDL)

DBMS language that builds the data dictionary, creates the database, describes logical views, and specifies record or field security constraints.

Data Manipulation Language (DML)

DBMS language that changes database content, including data element creations, updates, insertions, and deletions.

Report Writer

DBMS language that simplifies report creation.

AIS Processes Data to Produce Information for Decision Makers

Data > AIS > Information > AIS/User > Decision

Document or processing flow (Flow Charting Flow and Miscellaneous Symbols)

Direction of processing or document flow; normal flow is down and to the right

Corruption

Dishonest conduct by those in power which often involves actions that are illegitimate, immoral, or incompatible with ethical standards. Examples: Bribery and bid rigging.

Record Layout

Document that shows the items stored in a file, including the order and length of the data fields and the type of data stored.

Source Documents

Documents used to capture transaction data at its source - when the transaction takes place. Examples include sales orders, purchase orders, and employee time cards.

Electronic Data Entry (Flow Chart Input/Output Symbol)

Electronic data entry device such as a computer, terminal, tablet, or phone

Authorization

Establishing policies for employees to follow and then empowering them to perform certain organizational functions. Authorizations are often documented by signing, initializing, or entering an authorization code on a document or record.

Information Overload

Exceeding the amount of information a human mind can absorb and process, resulting in a decline in decision-making quality and an increase in the cost of providing information

Data

Facts that are collected, recorded, stored, and processed by a system.

Paper Document File (Flow Charting Storage Symbol)

File of paper documents; letters indicate file-ordering sequence: N = numerically A = alphabetically D = by date

Threat/event

any potential adverse occurrence or unwanted event that could injure the AIS or the organization

Check Kiting

creating cash using the lag between the time a check is deposited and the time it clears the bank.

Inherent Risk

The susceptibility of a set of accounts or transactions to significant control problems in the absence of internal control.

Coding

The systematic assignment of numbers or letters to items to classify and organize them

Predictive Analysis

The use of data warehouses and complex algorithms to forecast future events, based on historical trends and calculated probabilities.

Physical View

The way data are physically arranged and stored in the computer system.

Misappropriation of Assets

Theft of company assets by employees.

System

Two or more interrelated components that interact to achieve a goal, often composed of subsystems that support the larger system.

Group Code

Two or more subgroups of digits that are used to code an item. A group code is often used in conjunction with a block code.

White-Collar Criminals

Typically, business people who commit fraud. White-collar criminals usually resort to trickery or cunning, and their crimes usually involve a violation of trust or confidence.

Processor Fraud

Unauthorized system use

Internal Control Flowchart

Used to describe, analyze, and evaluate internal controls, including identifying system strengths, weaknesses, and inefficiencies.

Data Mining

Using Sophisticated statistical analysis to "discover" un-hypothesized relationships in the data.

Semantic Data Modeling

Using knowledge of business processes and information needs to create a diagram that shows what to include in a fully normalized database (THIRD NORMAL FORM)

Online Analytical Processing (OLAP)

Using queries to investigate hypothesized relationships among data.

Support Activities

Value chain activities such as firm infrastructure, technology, purchasing, and human resources that enable primary activities to be performed efficiently and effectively.

Primary Activities

Value chain activities that produce, market, and deliver products and services to customers and provide post-delivery service and support.

Data Warehouse

Very large databases containing detailed and summarized data for a number of years that are used for analysis rather than transaction processing.

query

a request for the data base to provide the information needed to deal with a problem or answer a question. The information is retrieved, displayed or printed, and/or analyzed as requested.

Input Fraud

alter or falsify computer input

Operations Objective

deal with the effectiveness and efficiency of company operations and determine how to allocate resources.

Data Control Group

ensures that source data have been properly approved, monitors the flow of work through the computer, reconciles input and output, maintains a record of input errors to ensure their correction and resubmission, and distributes systems output.

Primary purpose of an accounting information system

gather, record, process, store, summarize, and communicate information about an organization.

Fraudulent Financial Reporting

intentional or reckless conduct, whether by act or omission, that results in materially misleading financial statements.

Systems Analysts

people who help users determine their information needs, study existing systems and design new ones, and prepare specifications used by computer programmers

Residual Risk

risk that remains after management implements internal controls.

Computer Instructions Fraud

tampering with company software, copying software illegally, using software in an unauthorized manner, and developing software to carry out an unauthorized activity.

Exposure/impact

the potential dollar loss should a particular threat become a reality

Value of Information

The benefit provided by information less the cost of producing it.

Likelihood

The probability that a threat will come to pass.

Treadway commission recommended four actions to reduce fraudulent financial reporting:

1. Establish an organizational environment that contributes to the integrity of the financial reporting process. 2. Identify and understand the factors that lead to fraudulent financial reporting. 3. Assess the risk of fraudulent financial reporting within the company. 4. Design and implement internal controls to provide reasonable assurance of preventing fraudulent financial reporting.

The Auditors Responsiblity to Detect Fraud

1. Understand fraud. 2. Discuss the risks of material fraudulent misstatements. 3. Obtain information. 4. Indentify, assess, and respond to risks. 5. Evaluate the results of their audit tests. 6. Document and communicate findings. 7. Incorporate a technology focus.

Batch Processing

Accumulating transaction records into groups or batches for processing at a regular interval such as daily or weekly. The records are usually sorted into some sequence (such as numerically or alphabetically) before processing.

Human Resources/Payroll Cycle

Activities associated with hiring, training, compensating, evaluating, promoting, and terminating employees.

Expenditure Cycle

Activities associated with purchasing inventory for resale or raw materials in exchange for cash or a future promise to pay cash.

Financing Cycle

Activities associated with raising money by selling shares in the company to investors and borrowing money as well as paying dividends and interest.

Revenue Cycle

Activities associated with selling goods and services in exchange for cash or a future promise to receive cash.

Production or Conversion Cycle

Activities associated with using labor, raw materials and equipment to produce finished goods.

Annotation

Addition of descriptive comments or explanatory notes as clarification FIELD GOAL SHAPE

Data Model

An abstract representation of database contents.

Transaction

An agreement between two entities to exchange goods or services, such as selling inventory in exchange for cash; any other even that can be measured in economic terms by an organization.

Flowchart

An analytical technique that uses a standard set of symbols to describe pictorially some aspect of an information system in a clear, concise, and logical manner.

Foreign Key

An attribute in a table that is also a primary key in another table; used to link the two tables.

Document (Flow Chart Input/Output Symbol)

An electronic or paper document or report

Chief Compliance Officer

An employee responsible for all the compliance tasks associated with SOX and other laws and regulatory rulings.

Off-Page Connector (Flow Charting Flow and Miscellaneous Symbols)

An entry form, or an exit to, another page

Steering Committee

An executive-level committee to plan and oversee the information systems function.

Supply Chain

An extended system that includes an organization's value chain as well as its suppliers, distributor, and customers.

External-Level Schema

An individual user's view of portions of a database; also called a subschema.

Sabotage

An intentional act where the intent is to destroy a system or some of its components.

Internal Control

An internal control. The internal controls are numbered and explained in an accompanying table. (Triangle)

Background Check

An investigation of a prospective or current employee that involves verifying their education and work experience, talking to references, checking for a criminal record or credit problems, and examining other publicly available information.

Systems Integrator

An outside party hired to manage a company's systems development effort.

Business Intelligence

Analyzing large amounts of data for strategic decision making.

Data Dictionary

Information about the structure of the database, including a description of each data element.

Block Code

Blocks of numbers that are reserved for specific categories of data, thereby helping to organize the data. An example is a chart of accounts.

Advantages of Database System

Data integration Data sharing Minimal data redundancy and data inconsistencies Data independence Cross-functional analysis

Database (Flow Charting Storage Symbol)

Data stored electronically in a database

Magnetic Tape (Flow Charting Storage Symbol)

Data stored on a magnetic tape; tapes are popular pack-up storage mediums

Information

Data that have been organized and processed to provide meaning and improve decision-making.

Primary Key

Database attribute, or combination of attributes, that uniquely identifies each row in a table.

System Flowchart

Depicts the relationships among system input, processing, storage, and output.

Electronic Output (Flow Chart Input/Output Symbol)

Information displayed by an electronic output device such as a terminal, monitor, or screen.

Response Time

How long it takes for a system to respond.

Logical View

How people conceptually organize, view, and understand the relationships among data items.

Data Fraud

Illegally using, copying, browsing, searching, or harming company data constitutes data fraud.

Multiple copies of one paper document (Flow Chart Input/Output Symbol)

Illustrated by overlapping the document symbol and printing the document number on the face of the document in the upper right corner.

Document Flowchart

Illustrates the flow of documents and data among areas of responsibility within an organization.

Program Flowchart

Illustrates the sequence of logical operations performed by a computer in executing a program.

Forensic investigators

Individuals who specialize in fraud, most of whom have specialized training with law enforcement agencies such as the FBI or IRS or have professional certifications such as Certified Fraud Examiner (CFE).

Sequence Codes

Items are numbered consecutively so that gaps in the sequence code indicate missing items that should be investigated. Examples include pre-numbered checks, invoices, and purchase orders.

Sarbanes-Oxley Act (SOX)

Legislation intended to prevent financial statement fraud, make financial reports more transparent, provide protection to investors, strengthen internal controls at public companies, and punish executives who perpetrate fraud.

Foreign Corrupt Practices Act (FCPA)

Legislation passed to prevent companies from bribing foreign officials to obtain business; also requires all publicly owned corporations maintain a system of internal accounting controls.

Mnemonic Code

Letters and numbers that are interspersed to identify an item. The mnemonic code is derived from the description of the item and is usually easy to memorize.

Value Chain

Linking together of all the primary and support activities in a business. Value is added as a product passes through the chain.

The Supply Chain Links

Raw Materials Supplier > Manufacture > Distributor > Retailer > Consumer

Turnaround document

Records of a company data sent to an external party and then returned to the system as input. Turn-around documents are in machine-readable form to facilitate their subsequent processing as input records. An example is a utility bill

ROC

Reporting Operations Compliance

Post implementation Review

Review, performed after a new system has been operating for a brief period, to ensure that it meets its planned objectives.

Segregation of Accounting Duties

Separating the accounting functions of authorization, custody, & recording to minimize an employee's ability to commit fraud.

Throughput

The amount of work performed by a system during a given period of time.

Specific authorization

Special approval an employee needs in order to be allowed to hand a transaction.

Report

System output, organized in a meaningful fashion, that is used by employees to control operational activities, and design strategies, and by investors and creditors to understand a company's business activities

Belief System

System that describes how a company creates value, helps employees understand management's vision, communicates company core values, and inspires employees to live by those values.

Boundary System

System that helps employees act ethically by setting boundaries on employee behavior.

Interactive Control System

System that helps managers to focus subordinates' attention on key strategic issues and to be more involved in their decisions.

Diagnostic Control System

System that measures, monitors, and compares actual company progress to budgets and performance goals.

General Authorization

The authorization given employees to hand routine transactions without special approval.

Data stores

The Storage of data is represented by two horizontal lines

Process

The action that transforms data into other data or information.

Data Value

The actual value stored in a field. It describes a particular attribute of an entity. For example, the customer name field would contain "ZYX Company" if that company was a customer.

Risk Appetite

The amount of risk a company is willing to accept to achieve its goals and objectives. To avoid undue risk, risk appetite must be in alignment with company strategy.

Data Flows

The flow of the data into or out of a process is represented by curved or straight lines with arrows.

Data Processing Cycle

The four operations (data input, data storage, data processing, and information output) performed on data to generate meaningful and relevant information

Internal controls

The processes and procedures implemented to provide reasonable assurance that control objectives are met.

Transformation processes

The processes that transform data from inputs into outputs are represented by circles. They are often referred to as bubbles

Entity

The item about which information is stored in a record. Examples include an employee, an inventory item, and a customer.

Business Processes or Transaction Cycles

The major give-get exchanges that occur frequently in most companies.

Expected Loss

The mathematical product of the potential dollar loss that would occur should a threat become a reality (called impact or exposure) and the risk or probability that the threat will occur (called likelihood).

Data Flow

The movement of data among processes, stores, sources, and destinations.

Conceptual-Level Schema

The organization-wide view of the entire database that lists all data elements and the relationships between them.

Audit Committee

The outside, independent board of director members responsible for financial reporting, regulatory compliance, internal control, and hiring and overseeing internal and external auditors.

Data Sources and Destinations

The people and organizations that send data to and receive data from the system are represented by square boxes. Data destinations are also referred to as data sinks.

Utilization

The percentage of time a system is used.

Database Administrator

The person responsible for coordinating, controlling, and managing the database.

Data Store

The place or medium where system data is stored.

Field

The portion of a data record where the data value for a particular attribute is stored. For example, in a spreadsheet each row might represent a customer and each column is an attribute of the customer. Each cell in a spreadsheet is a field.

Specialized Journals

a journal used to record a large number of repetitive transactions. Examples: credit sales, cash receipts, purchases, and cash disbursements.

Give-Get Exchange

Transactions that happen a great many times, such as giving up cash to get inventory from a supplier and giving employees a paycheck in exchange for their labor.

Communication Link (Flow Charting Flow and Miscellaneous Symbols)

Transmission of data from one geographic location to another via communication lines. ZIG ZAG LINE

System Performance Measurements

Ways to evaluate and assess a system.

Goal Congruence

When a subsystem achieves its goals while contributing to the organization's overall goal.

Goal Conflict

When a subsystem's goals are inconsistent with the goals of another subsystem or the system as a whole.

Digital Signature

a means of electronically signing a document with data that cannot be forged.

Narrative Description

Written, step-by-step explanation of system component and how they interact.

Fraud Hotline

a phone number employees can call to anonymously report fraud and abuse.