Accounting Information Systems Exam 1
Accounting Cycle Controls
o Numbering source documents sequentially o Enforcing transaction limits o Using general ledger / other appropriate software for transaction processing
Disadvantages of the Systems Development Life Cycle
o Rigid o Time consuming o Costly o Does not fit every situation
Advantages of the Systems Development Life Cycle
o Structure o User input o Widely known
COSO Framework
• Committee of Sponsoring Organizations of the Treadway Commission on Fraudulent Financial Reporting. Original in 1995, updated in 2013. Five components: • Control environment • Risk assessment • Control activities • Information and communication • Monitoring
Types of Financial Risk
• Market risk • Credit risk • Liquidity risk
Purposes of Internal Control
• Safeguard assets, such as by depositing cash daily in the bank. • Ensure reliable financial reporting, such as through financial statement audits. • Promote operating efficiency, such as with a procedures manual. • Encourage compliance with management directives, such as by appropriate training & performance reviews.
Types of Operational Risk
• Systems risk • Human error risk
Measuring
- Historical cost, such as supplies - Present value, such as long-term bonds payable - Market value, such as certain investments in marketable securities - Net realizable value, such as accounts receivable
ERM Framework: Risk Assessment
- How likely is each event to occur? - Inherent and residual risk - Assessed qualitatively (high, moderate, low)
Examples of internal control
- Daily backup of data - separation of duties (custody, authority, and recordkeeping)
Types of Hazard Risk
- Directors' & officers' liability risk
ERM Framework
- Internal Environment - Objective Setting - Event Identification - Risk Assessment - Risk Response - Control Activities - Information and Communication - Monitoring
Types of Strategic Risk
- Legal & regulatory risk - Business strategy risk
Business Processes
- sales/collection process - acquisition/payment process - conversion process - financing process - human resources process
COSO Framework Examples
1. Control environment: Open door policy from CEO / CFO regarding internal control 2. Risk assessment: Wireless network may be compromised. 3. Control activities: Strong network security. Data encryption. Firewalls. Continuous monitoring. 4. Information & communication: Required annual training on internal control for all employees. 5. Monitoring: A cross-functional committee reviews and updates the plan annually based on employee and other input.
Example of how to apply the Systems Development Life Cycle
1) Initiation / planning. JKR Corporation has a lot of data in its AIS; it wants to use a data analytics tool to make sense of it. 2) Requirements analysis. The tool must be comprehensive and widely used in similar organizations. 3) Design. JKR wants to use decision trees, neural networks and various statistical tests to analyze its data. 4) Build. Rather than creating a tool from scratch, JKR evaluates several data analytics packages from various vendors: Excel, SAS Enterprise Miner and SAP HANA. 5) Test. After examining each package, JKR chose SAS Enterprise Miner. The software is installed on a few computers; users provide feedback on training and customization issues. 6) Implementation. JKR installs SAS Enterprise Miner throughout the organization, and provides training to staff who will use it. o Be sure to read about the different methods of Implementation! 7) Operations & maintenance. JKR's IT department supports users via its help desk and other means.
UMUC Criteria for Evaluating Information (Information Literacy)
1. Authority: Who created it? Why? 2. Accuracy: Is the source identified? Is the information accurate? 3. Objectivity: Does it include advertising? Is it available freely? 4. Currency: How old is the information? 5. Coverage: Does the information have sufficient depth?
AICPA Core Competencies
1. Broad business perspective competencies - strategic/critical thinking - resource management 2. Functional competencies - risk analysis - research 3. Personal competencies - problem solving/decision making - communication
**IMPORTANT ESSAY QUESTION** List 5 components of the COSO Framework; describe each component.
1. Control Environment • Organization's overall attitude about internal control • Must be established at the top of the organization (CEO, CFO) • Often called the "tone at the top" or "tone from the top" 2. Risk Assessment a. Organization's risk exposures b. Tools like the Brown framework can help ensure "all the bases are covered" 3. Control Activities a. Specific internal controls to address risks b. Preventive / detective / corrective c. A control may address multiple risks; a single risk may involve multiple controls. 4. Information and Communication a. How the entire internal control plan is disseminated throughout the organization b. This framework element relates to the plan in its totality. 5. Monitoring a. Ensuring the plan's ongoing effectiveness b. May be entrusted to the internal audit department
Accounting Cycle Steps Through the Fiscal Year
1. Obtain information about external transactions from source documents. 2. Analyze transactions. 3. Record the transactions in a journal. 4. Post from the journal to the general ledger accounts. 5. Prepare an unadjusted trial balance.
Accounting Cycle Steps After the Fiscal Year
6. Record adjusting journal entries and post to the ledger accounts. 7. Prepare an adjusted trial balance. 8. Prepare financial statements. 9. Close the temporary accounts to retained earnings. 10. Prepare a post-closing trial balance. - Some organizations prepare adjusting entries multiple times throughout the year, such as at the end of each quarter.
Which business process is associated with each of the following activities: a. Collecting cash from clients b. Issuing capital stock c. Manufacturing automobiles d. Paying employees e. Purchasing inventory on account
A - sales / collection, B - financing, C - conversion, D - human resource, E- acquisition / payment
Capability Maturity Model
A model developed by Watts Humphreys with five levels initially used to evaluate the sophistication of business processes in government contractors (can be used in other contexts). - Level One: Chaotic - Level Two: Repeatable - Level Three: Defined - Level Four: Managed - Level Five: Optimized
Internal Control
A process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting and compliance. *Key to remember: - process - effected by [various groups] (responsibility of the WHOLE organization) - reasonable assurance (NOT absolute) - objectives (operations, reporting, compliance)
Accounting Information System
A set of interrelated activities, documents, and technologies designed to collect data, process it and report information to a diverse group of internal and external decision makers in organizations.
Systems Development Life Cycle
A structured methodology for developing information systems. 1. Initiation/Planning 2. Requirements Analysis 3. Design 4. Build 5. Test 6. Implementation 7. Operations & Maintenance
ERM Framework: Risk Response
Generic response(s) to each risk. - Four alternatives: • Accept • Reduce • Avoid • Share *A single risk may have multiple generic risk responses.
Accounting
Accounting is the process of identifying, measuring, and communicating economic information to permit informed judgments and decisions by users of the information.
Mnemonic Coding Systems
Code is a reminder of its meaning. o Example: accounting certifications CPA, Certified Public Accountant CFE, Certified Fraud Examiner EA, Enrolled Agent CMA, Certified Management Accountant
Conceptual Framework Constraints
Cost-effectiveness, materiality, conservatism.
Human Judgement
Determining which events lead to journal entries. Often incorporated in AIS.
Sequential Coding Systems
Documents are numbered in sequence. o Example: checks in your checkbook
Conceptual Framework Assumptions
Economic entity, going concern, periodicity, monetary unit.
Enterprise Risk Management
Enterprise risk management is a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.
Block Coding Systems
First digit specifies a group o Example: simple chart of accounts. 101 Cash 103 Accounts Receivable 201 Equipment 301 Accounts Payable 305 Wages Payable 401 Bonds Payable 501 Capital Stock 505 Retained Earnings
Hierarchical Coding Systems
Groups of digits have meaning. o Example: more complex chart of accounts: "03.514.101" 03: Geographic Location 514: Department 101: Account Number
Conceptual Framework Principles
Historical cost, realization, matching, full disclosure.
Repeatable Level (CMM)
Level two. Business processes involve major milestones and specific deliverables. They may yield consistent results over time.
AIS Generic Structure
Internal Control Input > Process > Output > Storage
Optimized Level (CMM)
Level five. The organization uses a "total quality" philosophy for its business processes and other important elements.
Managed Level (CMM)
Level four. Processes are measured; that is, the organization uses metrics to evaluate their performance.
Chaotic Level (CMM)
Level one. Business processes are not standardized. Individuals develop their own processes, but they do not share them with others.
Defined Level (CMM)
Level three. Business processes are developed based on broader organizational standards. They are described in more detail.
Luca Pacioli
Mathematician, artist, author, teacher. Author of "The Summa", contained chapter on double entry accounting (1494). Teacher/colleague of Leonardo DaVinci.
Coding Systems (4 Types)
Methods for identifying source documents for easier reference later. Four broad types: - Sequential - Block - Hierarchical - Mnemonic
ERM Framework: Internal Environment
Organization's overall attitude toward managing risk. - ex. The Board of Directors forms a "risk assessment" committee, which includes both directors and employees.
Foreign Corrupt Practices Act (FCPA)
Passed in 1977. Deals with keeping US companies from giving/accepting bribes, maintaining internal controls, and reasonable assurance.
Sarbanes-Oxley Act
Passed in 2002. Management and the external auditors must assess the company's internal controls on an annual basis. Management must state that they are personally and organizationally responsible for the internal controls and what's in the financial statements.
Internal Controls
Policies, processes & procedures designed to: o Safeguard assets. o Ensure reliable financial reporting. o Promote operating efficiency. o Encourage compliance with management directives.
Brown's Taxonomy
Provides one good organizing structure for talking about risk. Four major categories: • Financial Risk • Operational Risk • Strategic Risk • Hazard Risk
Identifying
Recognizing events that give rise to journal entries vs. those that do not.
ERM Framework: Information and Communication
Similar to the same element of the internal control framework. - ex. A company's SEC filings and other external communications outline the ERM plan.
ERM Framework: Monitoring
Similar to the same element of the internal control framework. - ex. On a quarterly basis, a sample of employees completes a survey about the effectiveness of the ERM plan; the survey results are analyzed by the risk assessment committee.
How long have there been Internal Controls?
Since 1494.
ERM Framework: Control Activities
Specific ideas for implementing the generic response(s). - ex. Accept: Acknowledge and discuss the risk. Reduce: Ask each current donor to provide contact information for a potential new donor.
Information Technology
Spreadsheets, relational databases, general ledger software, ERP Systems. IT is NOT the system; it is a tool used in the system.
Accounting Cycle
Ten steps used to gather data, process it and create general purpose financial statements. Divided into two groups: steps that occur throughout the fiscal year, and steps that occur at the end of the fiscal year.
Bookkeeping
The part of accounting associated with identifying and measuring economic information.
Residual Risk
The risk remaining after management's response to the risk.
Inherent Risk
The risk to an entity in the absence of any actions management might take to alter either the risk's likelihood or impact.
What is the objective of financial reporting according to the conceptual framework?
To provide information needed for decision-making.
ERM Framework: Event Identification
What could happen to interfere with achieving those objectives? - ex. The Red Cross does not adequately identify potential new donors.
ERM Framework: Objective Setting
What the organization is trying to achieve (in general, not just with respect to risk management) - ex. The Red Cross wants to increase monetary donations by 10% in the coming year.
Carlos was developing an ERM plan based on the COSO framework. To reduce liquidity risk, he recommended investing in short-term securities that could be liquidated quickly & easily. Which element of the COSO framework is most related to his recommendation? a. Control Activities b. Internal Environment c. Monitoring d. Risk Response
a. Control Activities
Carlos was developing an ERM plan based on the COSO framework. Because a storm could destroy the roofs on several of the spec homes held as inventory before they could be sold, Carlos would recommend contacting an insurance company for a quote on insuring houses held as inventory. Which elements of the COSO framework are most related to his recommendation? a. Control Activities b. Internal Environment c. Monitoring d. Risk Response
a. Control Activities d. Risk Response
Which level of the capability maturity model best describes each of the following business processes? a) After consulting the company procedures manual and her supervisor for guidance, Ashley developed a more detailed description of the order taking process. b) Although GTL Corporation had a process for taking customer orders, Ashley thought it didn't work well. So, she used her own system without telling anyone. c) Sales staff attended a seminar on how to make their department more efficient and effective.
a. Defined (Level 3) b. Chaotic (Level 1) c. Optimized (Level 5)
TNS Corporation had an outdated, ineffective system for taking customer orders. You plan to use the Systems Development Life Cycle to improve it. Which phase of the SDLC is associated with each of the following questions? a) How should the data be organized in the system (e.g., in a database table)? b) How should the new system be implemented: direct cutover, parallel implementation or some other way? c) Should we built the new monitoring system from scratch, or buy one off the shelf? d) What business goals should the new system achieve?
a. Design b. Implementation c. Build d. Requirements Analysis
In his school's library, Raul found a textbook written in 1960 by a CPA that explained the principles of debit and credit. Which of the following statements is most true? a. The source is not current enough. b. A CPA has sufficient authority to write such a textbook. c. Both A and B are true. d. Neither A nor B is true.
b. A CPA has sufficient authority to write such a textbook.
Which of the following best pairs an element of the definition with an example? a. Technology; general journal b. Information; cost-volume-profit graph c. Business process; accounting cycle d. All of the above pair an element of the definition with an example
b. Information; cost-volume-profit graph