Accounting Information Systems
What items are used to prepare a bank reconciliation?(5)(BRDCP)
1. Bank statement 2. Cash receipts journal 3. Cash disbursements journal 4. cash-in-bank general ledger account 5. prior months bank reconciliation
Materiality of risk
How significantly will risk affect the firm's financial statements What are the chances of this going wrong and how much might I lose
What are special journals used for?(5) (SCCPP)
They summarize similar, repetitive types of transactions -sales -cash receipts -purchases -cash disbursements -payroll Provide chronological listings and monthly summaries of the related transactions.
SOX Section 404
requires management to assess internal control effectiveness and auditor must attest and report on management evaluation of internal control
What does REA stand for
resources, events, agents
Responsibilities of management
- establishing and maintaining internal controls for financial reporting - reports must include assessments of the effectiveness of the internal controls and the financial reporting procedures. -risk assessment
Responsibilities of auditors
-provide quarterly certification of financial statements and attest to completeness and accuracy -disclose any material weakness in internal control
What are the red flags discussed in the videos
-financial pressures -personality changes -poor money management -living beyond means -outside business interests -poor internal control -rising business costs -too much trust in key employees -failure to pre-screen employees
4 examples of subsidiary ledgers
1. A/R 2. A/P 3. fixed asset 4. employee earnings
COSO framework (CRIME)(5 Components)
1. Control activities- policies in place to prevent error/fraud 2. Risk assessment- what internal and external risks might allow fraud/errors 3. Information and communication- financial statements and policy manuals 4. Monitoring- checking to see if everything is working as well as it should 5. control Environment- tone/culture of the organization
Limitations of Internal Control (3)
1. Errors: unintentional mistakes due to misunderstanding or carelessness 2. Fraud: intention; management override allows for controls to be avoided. 3. Collusion: people may work together
What are the five ITGC control areas
1. IT management 2. System development 3. Data security 4. Change management 5. Business continuity planning
COSO 3 Categories of Objectives
1. Operations: effectiveness and efficiency of operations (including operational performance, financial performance, safeguarding of assets) 2. Reporting: internal & external, financial & non-financial (including reliability, timeliness, transparency characteristics) 3. Compliance: follow applicable laws & regulations
3 types of controls
1. Preventive- controls focus on preventing an error 2. Detective- control focuses on identifying when an error occurred. 3. Corrective- controls focus on recovering from, repairing the damage from, or minimizing the cost of an error
Steps in the accounting process
1. Transactions Occur 2. Prepare Documents 3. Record in Journals 4. Post to Ledgers 5. Prepare Unadjusted General Ledger Trial Balance 6. Prepare and Post Adjusting Entries 7. Prepare Adjusted Trial Balance 8. Prepare Financial Statements 9. Prepare Closing Entries
3 audit issues for NOS controls as well as application software
1. User account settings- passwords, logon and logout settings, special consideration for sensitive users 2. Group account settings- do group members have accurate job responsibilities and are access permission updated when job responsibilities change? 3. Policies- companies should have a policy statement that may be compared with what the NOS actually enforces.
Which of these is an example of an economy risk?
A change in the financial market
Which of these is an example of an enterprise risk?
A merger with or acquisition of another enterprise
Internal controls
A system of interrelated components established by management and/or those charged with governance to mitigate the risk of loss while gaining the advantages afforded by risky or opportunistic activity a process, affected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.
What identifies the functions each user is allowed to perform and specifies which data and programs the user can access after gaining access to the system?
Access control matrix
After WHAT are closing entries prepared
After all the transactions and adjusting entries are posted to the general ledgers
How are cash receipts controlled?
After receiving a check, it is restrictively endorsed and then entered on the cash receipts prelist.
Which of the following can best be described as a master file?
An accounts payable subsidiary ledger
What accounts need to be closed and when?
At the end of each year (annually) All revenue accounts to income summary All expense accounts to income summary The income summary to stock holders equity
Who does PCAOB AS#2201 require to evaluate the effectiveness of publicly traded companies' internal control over financial reporting?
Auditors
One difference between BPMN diagrams and flowcharts is:
BPMN diagrams may have multiple points of view, whereas flowcharts always have an internal point of view
In which processing method does processing occur after a group of transaction data is collected?
Batch
What does BPMN stand for
Business Process Modeling and Notation
SOX Section 302
CEO and CFO certify and take responsibility for accuracy of F/S and disclosure of materiality
What is a master file
Contain balances that are updated with event or activity data ex. customer, employee, inventory, fixed assets, supplier master files
What 3 factors interact to influence the likelihood of fraud and how do they interact?
Financial pressure Opportunity (due to low - weak - internal control) Integrity If financial pressure is high, opportunity is high, and integrity is low, fraud is very likely
In BPMN, the element that shows either a divergence control of branching or forking or a convergence control of merging and joining is a
Gateway
Each closing entry is posted individually to the _______ ______ account
General ledger
The right to be forgotten portion of the General Data Protection Regulation means what?
Individuals may request data controllers to erase their personal data, stop distributing data, and may have third parties stop processing their data
Which of these risks are associated primarily with recording, maintaining, and reporting information about resources, events, agents and relationships among them?
Information Process risks
Inputs/outputs for computer processes
Inputs: Single document, input device, disk storage, and magnetic tape storage Outputs: Single document, display ,disk storage, magnetic tape storage
In a system flowchart, which symbol should be used to represent a backup of the general ledger master file that can only be accessed sequentially?
Magnetic tape storage symbol
How do fraud perpetrators rationalize their acts?
Most fraud perpetrators rationalize it as a loan they intend to pay back.
What does NOS stand for?
Network Operating System
What is posted from the specialized journals to the general ledger?
Only the monthly totals for each account
In BPMN, the grouping tasks into areas of responsibility is done with
Pools and lanes
How are the financial statements prepared and what is the role of the general ledger?
Prepared directly from the income statement and balance sheet and must include a cash flow statement to summarize the transactions in the journals by account balances. Includes the net total of all the transactions since the inception of the company
What kind of control is bonding? (i.e. buying insurance to protect against theft by cash-handling employees)
Primarily corrective
Systems flowcharts combine these three simple graphical elements to represent various types of physical information flows and processes:
Symbols, flow lines, and areas of responsibility
What is the common subject of all twenty principles of the COSO ERM framework?
Risk
The control environment component of the COSO Internal Control Integrated framework is also called
Tone at the top
Flow of relationships among financial statements, trial balances, ledgers, journals, documents, and transactions (8)
Transactions -> documents -> journals ->* general ledger accounts -> unadjusted trial balance -> adjusting entries -> adjusted trial balance -> financial statements *Most of the time the journals move to subsidiary ledgers and THEN general ledger accounts
IT general controls (ITGC)
Used to ensure the proper development and implementation of applications and the integrity of program, data files, and of computer operations relates to the environment within which computer-based application systems are developed, maintained and operated, and that is therefore applicable to all applications.
when you show data entered into and retrieved from a computer file you need to also show _________ first.
a processing operation (a computer program)
In BPMN, which symbol represents an activity
a rectangle
The subsidiary ledger acts as.... and agrees in total to....
a support to the general ledger and agrees in total to the corresponding general ledger account
Batch processing
accumulates transaction data for a period of time to collect a batch of transaction data. Then all of the transactions in the transaction file are posted to the master file in one processing run.
How do you identify "exception" procedures in a flowchart
annotation symbol
What duties should be segregated in an effort to prevent fraud?
authorization, custody, recording
application controls can....
can mitigate risks of error and fraud by controlling what people can view, add, edit, and delete (included in the software programs that help to ensure that transactional data are authorized, complete and accurate)
What is a transaction file
contain activity data that are used to update balances on master files. ex.cash disbursements, receipts, payroll, etc.
Report-time processing
data needed to generate the requested report is processed as the report is created.
In the flowchart segment, the most likely action to take with the customer remittance advices once they've been keyed into the system, AND the corresponding symbol to replace oval A is
file them by customer number, triangle symbol
Closing entries are recorded initially in the ______ ______ and then the _____ ______
general JOURNAL general LEDGER
All transactions must be transferred and must be posted from the journals to the ________ ,periodically.
general ledger
In posting from journals to ledgers for accounts with subsidiary ledgers, it is necessary to post the same amounts to both the ______ and related ______
general ledger subsidiary ledgers
Types of application controls
input processing output
Inputs/Outputs of Manual Processes
inputs: single document, calculator/register tape outputs: the same as above + files for stored paper
_________ _______ is not an outcome, rather it is an ongoing commitment by management to take actions and ensure objectives are met
internal control
What is a bank reconciliation used for
its used to determine the reasons for the differences between the cash in the bank balance as stated on the bank statement and on the general ledger at a point in time. -can also be used to locate errors and fraud in the accounting records and bank errors.
The net amount transferred into the income summary account equals the __________ that the business incurred during the period.
net profit/ net loss
Single document symbol and explanation
paper documents and reports of all types
Segregation of duties
prohibits one employee from performing two or more of the following: authorizations, custody, recording, or reconciliations
Purpose of ITGC
provide foundation for reliance on information produced
Purpose of application controls
provide incremental reliance on information produced by a specific application
Which type of processing occurs during the course of a business event and provides immediate response to an information users' request
real-time processing
Computer processes
represent tasks that are done by computer systems that results in the modification of data and/or information
Manual Processes
represent the performance by a human of any processing function which causes a change in value, form, or location of information
When general ledger accounts have too much activity and detail to be efficiently used as one general ledger account, detail is usually kept in the _____
subsidiary ledger account
What does the general ledger do?
summarizes the transactions in journals by account balances.
What is collusion
the act of two or more employees acting together to conspire in a fraud
What are general journals used for?(3)
the initial recording of individual transactions -error corrections -adjusting entries -closing entries (non-repetitive transactions)
The purpose of task level modeling in the REA ontology is
to represent the specific workflow activities that combine to form events in a business process, and to document the flow of data through an enterprise
Where do you place document numbers of multiple copies of documents (flow chart)
top right-hand corner
What should the general flow of the flow chart look like?
top to bottom and left to right
Real-time processing
updates the master files as business activities occur, which requires data be entered into the system as the business activities occur. ex. using debt card, affects your account balance immediately
What is a sensitive user
•An account that has universal access to every part of the system •They hold the "keys to the kingdom"