Accounting Information Systems: Marshall B. Romney Chapters 1-7
Normalization
Following relational database creation rules to design a relational database that is free from delete, insert and update anomalies.
Referential Integrity Rule
Foreign Keys which link rows in one table to rows in another table must have values that corresponds to the value of a primary key in another table.
Third Normal Form
Free of update, insert, and delete anomalies
Strategic Objectives
High-level goals that are aligned with and support the company's mission and create shareholder value.
Data Query Language (DQL)
High-level, English-like, DBMS language that contains powerful, easy-to-use commands that enable users to retrieve, sort, order, and display data.
Context Diagram
Highest-level DFD; a summary-level view of a system, showing the data processing system, its input(s) and output(s), and their sources and destinations.
segregation of systems duties
Implementing control procedures to clearly divide authority and responsibility within the information system function.
Insert Anomaly
Improper database organization that results in the inability to add records to a database.
Update Anomaly
Improper database organization where a non-primary key item is stored multiple times; updating the item in one location and not the others causes data inconsistencies.
Delete Anomaly
Improper organization of a database that results in the loss of all information about an entity when a row is deleted.
General Ledger and Reporting System
Information-processing operations involved in updating the general ledger and preparing reports for both management and external parties.
Internal control is defined as follows:
Internal control is a process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.
Online, real-time processing
The computer system processes data immediately after capture and provides updated information to users on a timely basis.
Information Technology (IT)
The computers and other electronic devices used to store, retrieve, transmit, and manipulate data.
Opportunity
The condition or situation that allows a person or organization to commit and conceal a dishonest act and convert it to personal gain.
Database System
The database, the DBMS, and the application programs that access the database through the DBMS.
Electronic input and output device (Flow Chart Input/Output Symbol)
The electronic data entry and output symbols are used together to show a device used for both
Data Source
The entity that produces or sends the data that is entered into a system.
Data Destination
The entity that receives data produced by a system.
Analytical Review
The examination of the relationships between different sets of data.
Rationalization
The excuse that fraud perpetrators use to justify their illegal behavior.
Documentation
Narratives, flowcharts, diagrams, and other written materials that explain how a system works.
Reporting Objectives
Objectives to help ensure the accuracy, completeness, and reliability of company reports; improve decision making; and monitor company activities and performance.
Compliance Objectives
Objectives to help the company comply with all applicable laws and regulations.
Factors influencing Design of the AIS
Organizational Culture Business Strategy Information Technology
Journal/Ledger (Flow Charting Storage Symbol)
Paper-based accounting journals and ledgers
Programmers
Peopel who take the analysts' design and develop, code, and test computer programs.
Security Manager
People that make sure systems are secure and protected from internal and external threats.
Computer Operations
People who operate the company's computers.
Users
People who record transactions, authorize data processing, and use system output.
Network Manager
Person responsible for ensuring that applicable devices are linked to the organization's networks and that the networks operate properly.
Systems Administrator
Person responsible for making sure a system operates smoothly and efficiently.
Project Milestones
Points where progress is reviewed and actual and estimated completion times are compared.
Control Activities
Polices, procedures, and rules that provide reasonable assurance that control objectives are met and risk responses are carried out.
Transaction Processing
Process of capturing transaction data, processing it, storing it for later use, and producing information output, such as a managerial report or a financial statement
Change management
Process of making sure changes are made smoothly and efficiently and do not negatively affect systems reliability, security, confidentiality, integrity, and availability.
Three Way Match
Purchase Order Receiving Report Invoice
Internal Control - Integrated Framework (IC)
A COSO framework that defines internal controls and provides guidance for evaluating and enhancing internal control systems.
Enterprise Risk Management - Integrated Framework (ERM)
A COSO framework that improves the risk management process by expanding (adds three additional elements) COSO's Internal Control - Integrated
Terminal (Flow Charting Flow and Miscellaneous Symbols)
A beginning, end, or point of interruption in a process; also used to indicate an external party
Public Company Accounting Oversight Board (PCAOB)
A board created by SOX that regulates the auditing profession; created as part of SOX.
Information system library
A collection of corporate databases, files, & programs stored in a separate storage area & managed by the system librarian.
Computer Processing (Flow Charting Processing Symbols)
A computer-performed processing function; usually resulting in a change in data or information.
Relational Database
A database built using the relational data model.
Decision (Flow Charting Flow and Miscellaneous Symbols)
A decision-making step
Schema
A description of the data elements in a database, the relationships among them, and the logical model used to organize and describe the data.
Policy and Procedures Manual
A document that explains proper business practices, describes needed knowledge and experience, explains document procedures, explains how to handle transactions, and lists the resources provided to carry out specific duties.
Project Development Plan
A document that shows how a project will be completed.
Transaction File
A file that contains the individual business transactions that occur during a specific fiscal period. A transaction file is conceptually similar to a journal in a manual AIS.
Data Flow Diagram (DFD)
A graphical description of the flow of data within an organization, including data sources/destinations, data flows, transformation processes, and data storage. Lines are labled
General Journal
A journal used to record infrequent or non-routine transactions. Examples: loan payments and end-of-period adjusting and closing entries.
General Ledger
A ledger that contains summary-level data for every asset, liability, equity, revenue, and expense account of the organization.
Subsidiary Ledger
A ledger used to record detained data fro a general ledger account with many individual subaccounts, such as accounts receivable, inventory, and accounts payable.
Chart of accounts
A listing of all the numbers assigned to balance sheet and income statement accounts. The account numbers allow transaction data to be coded, classified, and entered into the proper accounts. They also facilitate financial statement and report preparation.
Internal-Level Schema
A low-level view of the entire database describing how the data are actually stored and accessed.
Strategic Master Plan
A multiple year plan that lays out the projects the company must complete to achieve its long-range goals and the resources needed to achieve the plan.
Entity Integrity Rule
A non-null primary key ensures that every row in a table represents something and that it can be identified.
Audit Trail
A path that allows a transaction to be traced through a data processing system from point of origin to output or backwards from output to point of origin. It is used to check the accuracy and validity of ledger postings and to trace changes in general ledger accounts from their beginning balances to their ending balance.
Master File
A permanent file of records that stores cumulative data about an organization. As transactions take place, individual records within a master file are updated to keep them current
Computer Security officer
A person in charge of system security, independent of the information system function, and reports to the COO or the CEO
Pressure
A person's incentive or motivation for committing fraud.
Event
A positive or negative incident or occurrence from internal or external sources that affects the implementation of strategy or the achievement of objectives.
Committee of Sponsoring Organizations (COSO)
A private-sector group consisting of the American Accounting Association, the AICPA, the Institute of Internal Auditors, the Institute of Management Accountants, and the Financial Executives Institute.
Manual Operation (Flow Charting Processing Symbol)
A processing operation performed manually.
Document
A record of a transaction or other company data. Examples include checks, invoices, receiving reports, and purchase requisitions.
Tuple
A row in a table that contains data about a specific item in a database table.
Data Processing Schedule
A schedule that shows when each data processing task should be performed.
Control Objectives for Information and Related Technology (COBIT)
A security and control framework that allows (1) management to benchmark the security and control practices of IT environments, (2) users of IT services to be assured that adequate security and control exist, and (3) auditors to substantiate their internal control opinions and advise on IT security and control matters.
Record
A set of fields whose data values describe specific attributes of an entity, such as all payroll data relating to a single employee. An example is a row in a spreadsheet.
Database
A set of interrelated, centrally controlled data files that are stored with as little data redundancy as possible. A database consolidates records previously stored in separate files into a common pool and serves a variety of users and data processing applications.
File
A set of logically related records, such as the payroll records of all employees.
Business Process
A set of related, coordinated, and structured activities and tasks, preformed by a person, a computer, or a machine that help accomplish a specific organizational goal.
Computer forensics specialists
A specialist who discovers, extracts, safeguards, and documents computer evidence to ensure that its authenticity, accuracy, and integrity will not succumb to legal challenges.
Subschema
A subset of the schema; the way the user defines the data and the data relationships
Accounting Information System
A system that collects, records, stores, and processes data to produce information for decision makers. It includes people, procedures and instructions, data, software, information technology infrastructure, and internal controls and security measures.
Enterprise Resource Planning (ERP) System
A system that integrates all aspects of an organization's activities -- such as accounting, finance, marketing, human resources, manufacturing, inventory management -- into one system. An ERP system in modularized; companies can purchase the individual modules that meet their specific needs. An ERP facilitates information flow among the company's various business functions and manages communications with outside stakeholders.
Cookie
A text file created by a web site and stored on a visitor's hard drive. Cookies store information about who the user is and what the user has done on the site.
Control Account
A title given to a general ledger account that summarizes the total amounts recorded in a subsidiary ledger. For example, the accounts receivable control account in the general ledger represents the total amount owed by all customers. The balances in the accounts receivable subsidiary ledger indicate the amount owed by each specific customer.
Relational Data Model
A two-dimensional table representation of data; each row represents a unique entity (record) and each column is a field where record attributes are stored.
Business Process Diagram
A visual way to describe the different steps or activities in a business process.
Fraud
Any and all means a person uses to gain an unfair advantage over another person.
Computer Fraud
Any type of fraud that requires computer technology to perpetrate.
Source Data Automation
The collection of transaction data in machine-readable form at the time and place of origin. Examples are point-of-sale terminals and ATMs.
Internal Environment
The company culture that is the foundation for all other ERM components as it influences how organizations establish strategies and objectives; structure business activities; and identify, assess, and respond to risk.
Database Management System (DBMS)
The program that manages and controls the data and the interfaces between the data and the application programs that use the data stored in the database.
Attributes
The properties, identifying numbers, and characteristics of interest of an entity that is stored in a database. Examples are employee number, pay rate, name, and address.
Output Fraud
Computer fraud; displayed or printed output that can be stolen, copied, or misused (e.g. a perpetrator can scan a company paycheck, use desktop publishing software to erase the payee amount, and print fictitious checks)
Neural networks
Computing systems that imitate the brain's learning process by using a network of interconnected processors that perform multiple operations simultaneously and interact dynamically.
Lapping
Concealing the theft fo cash by means of a series of delays in posting collections to accounts receivable.
On-Page Connector (Flow Charting Flow and Miscellaneous Symbols)
Connects the processing flow on the same page; its usage avoids lines crisscrossing a page
CRIME
Control Environment Risk Assessment Information & Communication Monitoring Existing Control Activities
General Controls
Control designed to make sure an organization's information system and control environment is stable and well managed.
Detective Controls
Controls designed to discover problems that were not prevented.
Preventative Controls
Controls that deter problems before they arise.
Corrective Controls
Controls that identify and correct problems as well as correct and recover from the resulting errors.
Application Controls
Controls that prevent, detect, and correct transaction errors and fraud in application programs.
Collusion
Cooperation between two or more people in an effort to thwart internal controls.
Data Definition Language (DDL)
DBMS language that builds the data dictionary, creates the database, describes logical views, and specifies record or field security constraints.
Data Manipulation Language (DML)
DBMS language that changes database content, including data element creations, updates, insertions, and deletions.
Report Writer
DBMS language that simplifies report creation.
AIS Processes Data to Produce Information for Decision Makers
Data > AIS > Information > AIS/User > Decision
Document or processing flow (Flow Charting Flow and Miscellaneous Symbols)
Direction of processing or document flow; normal flow is down and to the right
Corruption
Dishonest conduct by those in power which often involves actions that are illegitimate, immoral, or incompatible with ethical standards. Examples: Bribery and bid rigging.
Record Layout
Document that shows the items stored in a file, including the order and length of the data fields and the type of data stored.
Source Documents
Documents used to capture transaction data at its source - when the transaction takes place. Examples include sales orders, purchase orders, and employee time cards.
Electronic Data Entry (Flow Chart Input/Output Symbol)
Electronic data entry device such as a computer, terminal, tablet, or phone
Authorization
Establishing policies for employees to follow and then empowering them to perform certain organizational functions. Authorizations are often documented by signing, initializing, or entering an authorization code on a document or record.
Information Overload
Exceeding the amount of information a human mind can absorb and process, resulting in a decline in decision-making quality and an increase in the cost of providing information
Data
Facts that are collected, recorded, stored, and processed by a system.
Paper Document File (Flow Charting Storage Symbol)
File of paper documents; letters indicate file-ordering sequence: N = numerically A = alphabetically D = by date
Threat/event
any potential adverse occurrence or unwanted event that could injure the AIS or the organization
Check Kiting
creating cash using the lag between the time a check is deposited and the time it clears the bank.
Inherent Risk
The susceptibility of a set of accounts or transactions to significant control problems in the absence of internal control.
Coding
The systematic assignment of numbers or letters to items to classify and organize them
Predictive Analysis
The use of data warehouses and complex algorithms to forecast future events, based on historical trends and calculated probabilities.
Physical View
The way data are physically arranged and stored in the computer system.
Misappropriation of Assets
Theft of company assets by employees.
System
Two or more interrelated components that interact to achieve a goal, often composed of subsystems that support the larger system.
Group Code
Two or more subgroups of digits that are used to code an item. A group code is often used in conjunction with a block code.
White-Collar Criminals
Typically, business people who commit fraud. White-collar criminals usually resort to trickery or cunning, and their crimes usually involve a violation of trust or confidence.
Processor Fraud
Unauthorized system use
Internal Control Flowchart
Used to describe, analyze, and evaluate internal controls, including identifying system strengths, weaknesses, and inefficiencies.
Data Mining
Using Sophisticated statistical analysis to "discover" un-hypothesized relationships in the data.
Semantic Data Modeling
Using knowledge of business processes and information needs to create a diagram that shows what to include in a fully normalized database (THIRD NORMAL FORM)
Online Analytical Processing (OLAP)
Using queries to investigate hypothesized relationships among data.
Support Activities
Value chain activities such as firm infrastructure, technology, purchasing, and human resources that enable primary activities to be performed efficiently and effectively.
Primary Activities
Value chain activities that produce, market, and deliver products and services to customers and provide post-delivery service and support.
Data Warehouse
Very large databases containing detailed and summarized data for a number of years that are used for analysis rather than transaction processing.
query
a request for the data base to provide the information needed to deal with a problem or answer a question. The information is retrieved, displayed or printed, and/or analyzed as requested.
Input Fraud
alter or falsify computer input
Operations Objective
deal with the effectiveness and efficiency of company operations and determine how to allocate resources.
Data Control Group
ensures that source data have been properly approved, monitors the flow of work through the computer, reconciles input and output, maintains a record of input errors to ensure their correction and resubmission, and distributes systems output.
Primary purpose of an accounting information system
gather, record, process, store, summarize, and communicate information about an organization.
Fraudulent Financial Reporting
intentional or reckless conduct, whether by act or omission, that results in materially misleading financial statements.
Systems Analysts
people who help users determine their information needs, study existing systems and design new ones, and prepare specifications used by computer programmers
Residual Risk
risk that remains after management implements internal controls.
Computer Instructions Fraud
tampering with company software, copying software illegally, using software in an unauthorized manner, and developing software to carry out an unauthorized activity.
Exposure/impact
the potential dollar loss should a particular threat become a reality
Value of Information
The benefit provided by information less the cost of producing it.
Likelihood
The probability that a threat will come to pass.
Treadway commission recommended four actions to reduce fraudulent financial reporting:
1. Establish an organizational environment that contributes to the integrity of the financial reporting process. 2. Identify and understand the factors that lead to fraudulent financial reporting. 3. Assess the risk of fraudulent financial reporting within the company. 4. Design and implement internal controls to provide reasonable assurance of preventing fraudulent financial reporting.
The Auditors Responsiblity to Detect Fraud
1. Understand fraud. 2. Discuss the risks of material fraudulent misstatements. 3. Obtain information. 4. Indentify, assess, and respond to risks. 5. Evaluate the results of their audit tests. 6. Document and communicate findings. 7. Incorporate a technology focus.
Batch Processing
Accumulating transaction records into groups or batches for processing at a regular interval such as daily or weekly. The records are usually sorted into some sequence (such as numerically or alphabetically) before processing.
Human Resources/Payroll Cycle
Activities associated with hiring, training, compensating, evaluating, promoting, and terminating employees.
Expenditure Cycle
Activities associated with purchasing inventory for resale or raw materials in exchange for cash or a future promise to pay cash.
Financing Cycle
Activities associated with raising money by selling shares in the company to investors and borrowing money as well as paying dividends and interest.
Revenue Cycle
Activities associated with selling goods and services in exchange for cash or a future promise to receive cash.
Production or Conversion Cycle
Activities associated with using labor, raw materials and equipment to produce finished goods.
Annotation
Addition of descriptive comments or explanatory notes as clarification FIELD GOAL SHAPE
Data Model
An abstract representation of database contents.
Transaction
An agreement between two entities to exchange goods or services, such as selling inventory in exchange for cash; any other even that can be measured in economic terms by an organization.
Flowchart
An analytical technique that uses a standard set of symbols to describe pictorially some aspect of an information system in a clear, concise, and logical manner.
Foreign Key
An attribute in a table that is also a primary key in another table; used to link the two tables.
Document (Flow Chart Input/Output Symbol)
An electronic or paper document or report
Chief Compliance Officer
An employee responsible for all the compliance tasks associated with SOX and other laws and regulatory rulings.
Off-Page Connector (Flow Charting Flow and Miscellaneous Symbols)
An entry form, or an exit to, another page
Steering Committee
An executive-level committee to plan and oversee the information systems function.
Supply Chain
An extended system that includes an organization's value chain as well as its suppliers, distributor, and customers.
External-Level Schema
An individual user's view of portions of a database; also called a subschema.
Sabotage
An intentional act where the intent is to destroy a system or some of its components.
Internal Control
An internal control. The internal controls are numbered and explained in an accompanying table. (Triangle)
Background Check
An investigation of a prospective or current employee that involves verifying their education and work experience, talking to references, checking for a criminal record or credit problems, and examining other publicly available information.
Systems Integrator
An outside party hired to manage a company's systems development effort.
Business Intelligence
Analyzing large amounts of data for strategic decision making.
Data Dictionary
Information about the structure of the database, including a description of each data element.
Block Code
Blocks of numbers that are reserved for specific categories of data, thereby helping to organize the data. An example is a chart of accounts.
Advantages of Database System
Data integration Data sharing Minimal data redundancy and data inconsistencies Data independence Cross-functional analysis
Database (Flow Charting Storage Symbol)
Data stored electronically in a database
Magnetic Tape (Flow Charting Storage Symbol)
Data stored on a magnetic tape; tapes are popular pack-up storage mediums
Information
Data that have been organized and processed to provide meaning and improve decision-making.
Primary Key
Database attribute, or combination of attributes, that uniquely identifies each row in a table.
System Flowchart
Depicts the relationships among system input, processing, storage, and output.
Electronic Output (Flow Chart Input/Output Symbol)
Information displayed by an electronic output device such as a terminal, monitor, or screen.
Response Time
How long it takes for a system to respond.
Logical View
How people conceptually organize, view, and understand the relationships among data items.
Data Fraud
Illegally using, copying, browsing, searching, or harming company data constitutes data fraud.
Multiple copies of one paper document (Flow Chart Input/Output Symbol)
Illustrated by overlapping the document symbol and printing the document number on the face of the document in the upper right corner.
Document Flowchart
Illustrates the flow of documents and data among areas of responsibility within an organization.
Program Flowchart
Illustrates the sequence of logical operations performed by a computer in executing a program.
Forensic investigators
Individuals who specialize in fraud, most of whom have specialized training with law enforcement agencies such as the FBI or IRS or have professional certifications such as Certified Fraud Examiner (CFE).
Sequence Codes
Items are numbered consecutively so that gaps in the sequence code indicate missing items that should be investigated. Examples include pre-numbered checks, invoices, and purchase orders.
Sarbanes-Oxley Act (SOX)
Legislation intended to prevent financial statement fraud, make financial reports more transparent, provide protection to investors, strengthen internal controls at public companies, and punish executives who perpetrate fraud.
Foreign Corrupt Practices Act (FCPA)
Legislation passed to prevent companies from bribing foreign officials to obtain business; also requires all publicly owned corporations maintain a system of internal accounting controls.
Mnemonic Code
Letters and numbers that are interspersed to identify an item. The mnemonic code is derived from the description of the item and is usually easy to memorize.
Value Chain
Linking together of all the primary and support activities in a business. Value is added as a product passes through the chain.
The Supply Chain Links
Raw Materials Supplier > Manufacture > Distributor > Retailer > Consumer
Turnaround document
Records of a company data sent to an external party and then returned to the system as input. Turn-around documents are in machine-readable form to facilitate their subsequent processing as input records. An example is a utility bill
ROC
Reporting Operations Compliance
Post implementation Review
Review, performed after a new system has been operating for a brief period, to ensure that it meets its planned objectives.
Segregation of Accounting Duties
Separating the accounting functions of authorization, custody, & recording to minimize an employee's ability to commit fraud.
Throughput
The amount of work performed by a system during a given period of time.
Specific authorization
Special approval an employee needs in order to be allowed to hand a transaction.
Report
System output, organized in a meaningful fashion, that is used by employees to control operational activities, and design strategies, and by investors and creditors to understand a company's business activities
Belief System
System that describes how a company creates value, helps employees understand management's vision, communicates company core values, and inspires employees to live by those values.
Boundary System
System that helps employees act ethically by setting boundaries on employee behavior.
Interactive Control System
System that helps managers to focus subordinates' attention on key strategic issues and to be more involved in their decisions.
Diagnostic Control System
System that measures, monitors, and compares actual company progress to budgets and performance goals.
General Authorization
The authorization given employees to hand routine transactions without special approval.
Data stores
The Storage of data is represented by two horizontal lines
Process
The action that transforms data into other data or information.
Data Value
The actual value stored in a field. It describes a particular attribute of an entity. For example, the customer name field would contain "ZYX Company" if that company was a customer.
Risk Appetite
The amount of risk a company is willing to accept to achieve its goals and objectives. To avoid undue risk, risk appetite must be in alignment with company strategy.
Data Flows
The flow of the data into or out of a process is represented by curved or straight lines with arrows.
Data Processing Cycle
The four operations (data input, data storage, data processing, and information output) performed on data to generate meaningful and relevant information
Internal controls
The processes and procedures implemented to provide reasonable assurance that control objectives are met.
Transformation processes
The processes that transform data from inputs into outputs are represented by circles. They are often referred to as bubbles
Entity
The item about which information is stored in a record. Examples include an employee, an inventory item, and a customer.
Business Processes or Transaction Cycles
The major give-get exchanges that occur frequently in most companies.
Expected Loss
The mathematical product of the potential dollar loss that would occur should a threat become a reality (called impact or exposure) and the risk or probability that the threat will occur (called likelihood).
Data Flow
The movement of data among processes, stores, sources, and destinations.
Conceptual-Level Schema
The organization-wide view of the entire database that lists all data elements and the relationships between them.
Audit Committee
The outside, independent board of director members responsible for financial reporting, regulatory compliance, internal control, and hiring and overseeing internal and external auditors.
Data Sources and Destinations
The people and organizations that send data to and receive data from the system are represented by square boxes. Data destinations are also referred to as data sinks.
Utilization
The percentage of time a system is used.
Database Administrator
The person responsible for coordinating, controlling, and managing the database.
Data Store
The place or medium where system data is stored.
Field
The portion of a data record where the data value for a particular attribute is stored. For example, in a spreadsheet each row might represent a customer and each column is an attribute of the customer. Each cell in a spreadsheet is a field.
Specialized Journals
a journal used to record a large number of repetitive transactions. Examples: credit sales, cash receipts, purchases, and cash disbursements.
Give-Get Exchange
Transactions that happen a great many times, such as giving up cash to get inventory from a supplier and giving employees a paycheck in exchange for their labor.
Communication Link (Flow Charting Flow and Miscellaneous Symbols)
Transmission of data from one geographic location to another via communication lines. ZIG ZAG LINE
System Performance Measurements
Ways to evaluate and assess a system.
Goal Congruence
When a subsystem achieves its goals while contributing to the organization's overall goal.
Goal Conflict
When a subsystem's goals are inconsistent with the goals of another subsystem or the system as a whole.
Digital Signature
a means of electronically signing a document with data that cannot be forged.
Narrative Description
Written, step-by-step explanation of system component and how they interact.
Fraud Hotline
a phone number employees can call to anonymously report fraud and abuse.