Licensed to: ichapters User

(1)

(2)

JAMES A. HALL

Peter E. Bennett Chair in

Business and Economics

Lehigh University

Australia • Brazil • Japan • Korea • Mexico • Singapore • Spain • United Kingdom • United States

Accounting

Information

Systems

SIXTH EDITION

60893_00_FM_pi-xxviii.indd i 60893_00_FM_pi-xxviii.indd i 11/9/07 11:11:10 PM11/9/07 11:11:10 PM

(3)

Accounting Information Systems, Sixth Edition James A. Hall

VP/Editorial Director: Jack W. Calhoun Publisher: Rob Dewey

Acquisitions Editor: Matt Filimonov Developmental Editor: Aaron Arnsparger Marketing Manager: Kristin Hurd Production Project Manager: Darrell Frye Manufacturing Coordinator: Doug Wilke Production House: Pre-PressPMG Printer: Edwards Brothers Art Director: Stacy Jenkins Shirley

Cover and Internal Designer: C. Miller Design Cover Images: © Getty Images

ALL RIGHTS RESERVED. No part of this work covered by the copyright herein may be reproduced, transmitted, stored or used in any form or by any means graphic, electronic, or mechanical, including but not limited to photocopying, recording, scanning, digitizing, taping, Web distribution, information networks, or information storage and retrieval systems, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without the prior written permission of the publisher.

For more information about our products, contact us at:

Cengage Learning Academic Resource Center, 1-800-423-0563

For permission to use material from this text or product, submit a request online at http://www.cengage.com/permissions.

South-Western Cengage Learning, a part of Cengage Learning. Cengage, the Star logo, and South-Western are trademarks used herein under license.

Library of Congress Control Number: 2007937812 ISBN-13: 978-0-324-56089-3 ISBN-10: 0-324-56089-3 Cengage Learning 5191 Natorp Boulevard Mason, OH 45040 USA

Printed in the United States of America 1 2 3 4 5 09 08 07 06

60893_00_FM_pi-xxviii.indd ii

60893_00_FM_pi-xxviii.indd ii 11/9/07 11:11:11 PM11/9/07 11:11:11 PM

(4)

Brief Contents

Part I

Overview of Accounting Information Systems 1

CHAPTER 1 The Information System: An Accountant’s Perspective 2 CHAPTER 2 Introduction to Transaction Processing 44

CHAPTER 3 Ethics, Fraud, and Internal Control 112

Part II

Transaction Cycles and Business Processes 161

CHAPTER 4 The Revenue Cycle 162

CHAPTER 5 The Expenditure Cycle Part I: Purchases and Cash Disbursements Procedures 234

CHAPTER 6 The Expenditure Cycle Part II: Payroll Processing and Fixed Asset Procedures 285

CHAPTER 7 The Conversion Cycle 332

CHAPTER 8 Financial Reporting and Management Reporting Systems 381

Part III

Advanced Technologies in Accounting

Information 429

CHAPTER 9 Database Management Systems 430

CHAPTER 10 The REA Approach to Database Modeling 496 CHAPTER 11 Enterprise Resource Planning Systems 528 CHAPTER 12 Electronic Commerce Systems 563

Part IV

Systems Development Activities 623

CHAPTER 13 Managing the Systems Development Life Cycle 624 CHAPTER 14 Construct, Deliver, and Maintain Systems Project 659

Part V

Computer Controls and Auditing 723

CHAPTER 15 IT Controls Part I: Sarbanes-Oxley and IT Governance 724 CHAPTER 16 IT Controls Part II: Security and Access 759

CHAPTER I7 IT Controls Part III: Systems Development, Program Changes, and Application Controls 797

GLOSSARY G-1

INDEX I-1

60893_00_FM_pi-xxviii.indd iii

60893_00_FM_pi-xxviii.indd iii 11/9/07 11:11:11 PM11/9/07 11:11:11 PM

(5)

Part I

Overview of Accounting Information Systems 1

Chapter 1 The Information System: An Accountant’s

Perspective 2

The Information Environment 3

What Is a System? 4

An Information Systems Framework 6

AIS Subsystems 9

A General Model for AIS 10

Acquisition of Information Systems 15

Organizational

Structure 16

Business Segments 16 Functional Segmentation 17 The Accounting Function 20

The Information Technology Function 21

The Evolution of Information System Models 26

The Manual Process Model 26 The Flat-File Model 27 The Database Model 29

The REA Model 31

Enterprise Resource Planning Systems 34

The Role of the Accountant 34

Accountants as Users 35

Accountants as System Designers 35 Accountants as System Auditors 36

Summary 37

Chapter 2 Introduction to Transaction Processing 44

An Overview of Transaction Processing 45

Transaction Cycles 45 The Expenditure Cycle 45 The Conversion Cycle 46 The Revenue Cycle 47

Accounting

Records 47

Manual Systems 47

The Audit Trail 54

Computer-Based Systems 55

Documentation

Techniques 57

Data Flow Diagrams and Entity Relationship Diagrams 58

Computer-Based Accounting Systems 73

Differences between Batch and Real-Time Systems 74 Alternative Data Processing Approaches 75

Batch Processing Using Real-Time Data Collection 78 Real-Time Processing 80

Summary 82

Appendix 82

Chapter 3 Ethics, Fraud, and Internal Control 112

Ethical Issues in Business 113

Business Ethics 113

Computer Ethics 114

Sarbanes-Oxley Act and Ethical Issues 117

Fraud and Accountants 119

Definitions of Fraud 119

Factors that Contribute to Fraud 120 Financial Losses from Fraud 122 The Perpetrators of Frauds 122

Fraud Schemes 125

Internal Control Concepts and Techniques 134

SAS 78/COSO Internal Control Framework 139

Summary 145

Part II

Transaction Cycles and Business Processes 161

Chapter 4 The Revenue Cycle 162

The Conceptual System 163

Overview of Revenue Cycle Activities 163 Sales Return Procedures 170

Cash Receipts Procedures 173 Revenue Cycle Controls 177

Physical

Systems 181

Manual

Systems 182

Sales Order Processing 182 Sales Return Procedures 185 Cash Receipts Procedures 185

Table of Contents v

60893_00_FM_pi-xxviii.indd v

60893_00_FM_pi-xxviii.indd v 11/9/07 11:11:11 PM11/9/07 11:11:11 PM

(7)

Computer-Based Accounting Systems 188

Automating Sales Order Processing with Batch Technology 188

Keystroke 191

Edit Run 191

Update Procedures 191

Reengineering Sales Order Processing with Real-Time Technology 193

Transaction Processing Procedures 194 General Ledger Update Procedures 194 Advantages of Real-Time Processing 195 Automated Cash Receipts Procedures 195 Reengineered Cash Receipts Procedures 197 Point-of-Sale (POS) Systems 197

Daily Procedures 198 End-of-Day Procedures 199 Reengineering Using EDI 200 Reengineering Using the Internet 200 Control Considerations for Computer-Based

Systems 201

PC-Based Accounting Systems 203

PC Control Issues 204

Summary 204

Appendix 205

Chapter 5 The Expenditure Cycle Part I: Purchases and

Cash Disbursements Procedures 234

The Conceptual System 235

Overview of Purchases and Cash Disbursements Activities 235

The Cash Disbursements Systems 243 Expenditure Cycle Controls 245

Physical

Systems 249

A Manual System 249

The Cash Disbursements Systems 251

Computer-Based Purchases and Cash Disbursements

Applications 252

Automating Purchases Procedures Using Batch Processing Technology 253

Cash Disbursements Procedures 258

vi Table of Contents

60893_00_FM_pi-xxviii.indd vi

60893_00_FM_pi-xxviii.indd vi 11/9/07 11:11:11 PM11/9/07 11:11:11 PM

(8)

Reengineering the Purchases/Cash Disbursements System 259

Control Implications 261

Summary 263

Chapter 6 The Expenditure Cycle Part II: Payroll

Processing and Fixed Asset

Procedures 285

The Conceptual Payroll System 286

Payroll Controls 294

The Physical Payroll System 296

Manual Payroll System 297

Computer-Based Payroll Systems 298

Automating the Payroll System Using Batch Processing 298

Reengineering the Payroll System 298

The Conceptual Fixed Asset System 301

The Logic of a Fixed Asset System 302

The Physical Fixed Asset System 305

Computer-Based Fixed Asset System 305 Controlling the Fixed Asset System 307

Summary 310

Chapter 7 The Conversion Cycle 332

The Traditional Manufacturing

Environment 333

Batch Processing System 334

Controls in the Traditional Environment 344

World-Class Companies and Lean

Manufacturing 347

What Is a World-Class Company? 348 Principles of Lean Manufacturing 348

Techniques and Technologies that Promote

Lean Manufacturing 350

_{Physical Reorganization of the Production} Facilities 350

Automation of the Manufacturing Process 350

Table of Contents vii

60893_00_FM_pi-xxviii.indd vii

60893_00_FM_pi-xxviii.indd vii 11/9/07 11:11:12 PM11/9/07 11:11:12 PM

(9)

Accounting in a Lean Manufacturing

Environment 355

What’s Wrong with Traditional Accounting Information? 355

Activity-Based Costing (ABC) 356 Value Stream Accounting 358

Information Systems that Support Lean

Manufacturing 360

_{Materials Requirement Planning (MRP) 360} Manufacturing Resource Planning (MRP II) 360 Enterprise Resource Planning (ERP) Systems 363

Summary 364

Chapter 8 Financial Reporting and Management

Reporting Systems 381

Data Coding Schemes 382

A System without Codes 382 A System with Codes 383

Numeric and Alphabetic Coding Schemes 383

The General Ledger System 387

The Journal Voucher 387 The GLS Database 388

GLS Procedures 389

The Financial Reporting System 389

Sophisticated Users with Homogeneous Information Needs 389

Financial Reporting Procedures 389

Controlling the FRS 391

COSO

/

SAS 78 Control Issues 392

The Management Reporting System 394

Factors that Influence the MRS 394

Management Principles 395 Management Function, Level, and

Decision Type 398 Problem Structure 401

Types of Management Reports 403 Responsibility Accounting 405 Behavioral Considerations 409

Summary 412

viii Table of Contents

60893_00_FM_pi-xxviii.indd viii

60893_00_FM_pi-xxviii.indd viii 11/9/07 11:11:12 PM11/9/07 11:11:12 PM

(10)

Part III

Advanced Technologies in Accounting

Information 429

Chapter 9 Database Management Systems 430

Overview of the Flat-File vs. Database

Approach 431

Data Storage 431

Data Updating 431

Currency of Information 431 Task-Data Dependency 431 The Database Approach 432 Flat-File Problems Solved 432

Controlling Access to the Database 433 The Database Management System 433 Three Conceptual Models 434

Elements of the Database Environment 434

Users 435

Database Management System 436 Database Administrator 438 The Physical Database 441

The Relational Database Model 442

Relational Database Concepts 443 Anomalies, Structural Dependencies, and

Data Normalization 447

Designing Relational Databases 454

Identify Entities 455

Construct a Data Model Showing Entity Associations 457

Add Primary Keys and Attributes to the Model 458 Normalize Data Model and Add Foreign Keys 459 Construct the Physical Database 460

Prepare the User Views 463 Global View Integration 464

Databases in a Distributed Environment 464

Centralized Databases 464 Distributed Databases 466

Summary 470

Appendix 471

Table of Contents ix 60893_00_FM_pi-xxviii.indd ix 60893_00_FM_pi-xxviii.indd ix 11/9/07 11:11:12 PM11/9/07 11:11:12 PM

(11)

Chapter 10 The REA Approach to Database

Modeling 496

The

REA

Approach 497

The REA Model 497

Developing an REA Model 501

Differences between ER and REA Diagrams 501 View Modeling: Creating an Individual REA

Diagram 502

View Integration: Creating an Enterprise-Wide REA

Model

509

Step 1. Consolidate the Individual Models 510 Step 2. Define Primary Keys, Foreign Keys, and

Attributes 513

Step 3. Construct Physical Database and Produce User Views 516

REA and Value Chain Analysis 520 REA Compromises in Practice 521

Summary 521

Chapter 11 Enterprise Resource Planning

Systems 528

What Is an ERP? 529

ERP Core Applications 531 Online Analytical Processing 531

ERP System Configurations 532

Server Configurations 532 OLTP Versus OLAP Servers 532 Database Configuration 535 Bolt-on Software 535

Data

Warehousing 537

Modeling Data for the Data Warehouse 537 Extracting Data from Operational Databases 538 Cleansing Extracted Data 540

Transforming Data into the Warehouse Model 540 Loading the Data into the Data Warehouse

Database 541

Decisions Supported by the Data Warehouse 542 Supporting Supply Chain Decisions from the

Data Warehouse 542

x Table of Contents

60893_00_FM_pi-xxviii.indd x

60893_00_FM_pi-xxviii.indd x 11/9/07 11:11:12 PM11/9/07 11:11:12 PM

(12)

Risks Associated with ERP Implementation 543

Big Bang Versus Phased-in Implementation 544 Opposition to Changes in the Business’s

Culture 544

Choosing the Wrong ERP 545 Choosing the Wrong Consultant 546 High Cost and Cost Overruns 547 Disruptions to Operations 548

Implications for Internal Control and

Auditing 549

Transaction Authorization 549 Segregation of Duties 549 Supervision 549 Accounting Records 550 Access Controls 550

Auditing the Data Warehouse 551

Summary 552

Appendix 553

Chapter 12 Electronic Commerce Systems 563

Intra-Organizational Networks and EDI 564

Internet

Commerce 564

Internet Technologies 564

Protocols 567

Internet Protocols 569

Benefits from Internet Commerce 577

Risks Associated with Electronic Commerce 578

Intranet Risks 580

Internet Risks 581

Risks to Consumers 581

Security, Assurance, and Trust 587

Encryption 588

Digital Authentication 588

Firewalls 590

Seals of Assurance 591

Implications for the Accounting Profession 592

Privacy Violation 593

Audit Implications of XBRL 594 Continuous Auditing 594 Electronic Audit Trails 594

Table of Contents xi

60893_00_FM_pi-xxviii.indd xi

60893_00_FM_pi-xxviii.indd xi 11/9/07 11:11:12 PM11/9/07 11:11:12 PM

(13)

Confidentiality of Data 595

Authentication 595

Nonrepudiation 595

Data Integrity 595

Access Controls 595

A Changing Legal Environment 596

Summary 596

Appendix 597 Part IV

Systems Development Activities 623

Chapter 13 Managing the Systems Development Life

Cycle 624

The Systems Development Life Cycle 625

Participants in Systems Development 626

Systems

Strategy 627

Assess Strategic Information Needs 627

Strategic Business Needs 627

Legacy Systems 628

User Feedback 629

Develop a Strategic Systems Plan 631

Create an Action Plan 632

The Learning and Growth Perspective 634 The Internal Business Process Perspective 634 The Customer Perspective 634

The Financial Perspective 634

Balanced Scorecard Applied to IT Projects 634

Project

Initiation 635

Systems

Analysis 635

The Survey Step 636 The Analysis Step 638

Conceptualization of Alternative Designs 640

How Much Design Detail Is Needed? 640

Systems Evaluation and Selection 642

Perform a Detailed Feasibility Study 642 Perform Cost-Benefit Analysis 643 Prepare Systems Selection Report 649

xii Table of Contents

60893_00_FM_pi-xxviii.indd xii

60893_00_FM_pi-xxviii.indd xii 11/9/07 11:11:13 PM11/9/07 11:11:13 PM

(14)

Announcing the New System Project 650

User Feedback 650

The Accountant’s Role in Managing the

SDLC 651

How Are Accountants Involved with SDLC? 651 The Accountant’s Role in Systems Strategy 651 The Accountant’s Role in Conceptual Design 652 The Accountant’s Role in Systems Selection 652

Summary 652

Chapter 14 Construct, Deliver, and Maintain Systems

Project 659

In-House Systems Development 660

Tools for Improving Systems Development 660

Construct the System 664

The Structured Design Approach 664 The Object-Oriented Design Approach 667

System Design 669

Data Modeling, Conceptual Views, and Normalized Tables 670

Design Physical User Views 670 Design the System Process 677 Design System Controls 681

Perform a System Design Walk-Through 681 Program Application Software 682

Software Testing 683

Deliver the System 684

Testing the Entire System 684 Documenting the System 685 Converting the Databases 687 Converting to the New System 688 Post-Implementation Review 689 The Role of Accountants 690

Commercial

Packages 691

Trends in Commercial Packages 691

Advantages of Commercial Packages 693 Disadvantages of Commercial Packages 693

Choosing a Package 693

Table of Contents xiii

60893_00_FM_pi-xxviii.indd xiii

60893_00_FM_pi-xxviii.indd xiii 11/9/07 11:11:13 PM11/9/07 11:11:13 PM

(15)

Maintenance and Support 698

User Support 698

Knowledge Management and Group Memory 698

Summary 699

Appendix 699 Part V

Computer Controls and Auditing 723

Chapter 15 IT Controls Part I: Sarbanes-Oxley and IT

Governance 724

Overview of Sections 302 and 404 of SOX 725

Relationship between IT Controls and Financial Reporting 725

Audit Implications of Sections 302 and 404 726

IT Governance Controls 728

Organizational Structure Controls 728

Segregation of Duties within the Centralized Firm 729

The Distributed Model 731

Creating a Corporate IT Function 732 Audit Objectives Relating to Organizational

Structure 734

Audit Procedures Relating to Organizational Structure 734

Computer Center Security and Controls 734

Computer Center Controls 735

Disaster Recovery Planning 737

Providing Second-Site Backup 738 Identifying Critical Applications 739 Performing Backup and Off-Site Storage

Procedures 740

Creating a Disaster Recovery Team 740 Testing the DRP 740

Audit Objective: Assessing Disaster Recovery Planning 741

Audit Procedures for Assessing Disaster Recovery Planning 741

Summary 742

Appendix 743

xiv Table of Contents

60893_00_FM_pi-xxviii.indd xiv

60893_00_FM_pi-xxviii.indd xiv 11/9/07 11:11:13 PM11/9/07 11:11:13 PM

(16)

Chapter 16 IT Controls Part II: Security and

Access 759

Controlling the Operating System 760

Operating System Objectives 760 Operating System Security 760

Threats to Operating System Integrity 761 Operating System Controls and Test of

Controls 762

Controlling Database Management Systems 767

Access Controls 767

Backup Controls 770

Controlling

Networks 771

Controlling Risks from Subversive Threats 771 Controlling Risks from Equipment Failure 780

Electronic Data Interchange (EDI) Controls 782

Transaction Authorization and Validation 783

Access Control 783

EDI Audit Trail 783

Summary 785

Appendix 786

Chapter 17 IT Controls Part III: Systems Development,

Program Changes, and Application

Controls 797

Systems Development Controls 798

Controlling Systems Development Activities 798 Controlling Program Change Activities 800 Source Program Library Controls 801 The Worst-Case Situation: No Controls 802 A Controlled SPL Environment 802

Application

Controls 806

Input Controls 806

Processing Controls 809

Output Controls 812

Testing Computer Application Controls 815

Black Box Approach 815 White Box Approach 816

White Box Testing Techniques 818

Table of Contents xv

60893_00_FM_pi-xxviii.indd xv

60893_00_FM_pi-xxviii.indd xv 11/9/07 11:11:13 PM11/9/07 11:11:13 PM

(17)

The Integrated Test Facility 822 Parallel Simulation 823

Substantive Testing Techniques 824

The Embedded Audit Module 825 Generalized Audit Software (GAS) 826

Summary 830

G

LOSSARY

G-1

I

NDEX

I-1

xvi Table of Contents

60893_00_FM_pi-xxviii.indd xvi

60893_00_FM_pi-xxviii.indd xvi 11/9/07 11:11:14 PM11/9/07 11:11:14 PM

(18)

Welcome to the Sixth Edition

The sixth edition of Accounting Information Systems includes a full range of new and revised homework assignments, up-to-date content changes, as well as several reorga-nized chapters. All of these changes add up to more student and instructor enhancements than ever before. As this preface makes clear, we have made these changes to keep stu-dents and instructors as current as possible on issues such as business processes, systems development methods, IT governance and strategy, security, internal controls, and rel-evant aspects of Sarbanes-Oxley legislation.

Focus and Flexibility in Designing

Your AIS Course

Among accounting courses, accounting information systems (AIS) courses tend to be the least standardized. Often the objectives, background, and orientation of the instructor, rather than adherence to a standard body of knowledge, determines the direction the AIS course takes. Therefore, we have designed this text for maximum flexibility:

This textbook covers a full range of AIS topics to provide instructors with fl exibility in setting the direction and intensity of their courses.

At the same time, for those who desire a structured model, the fi rst nine chapters of the text, along with the chapters on electronic commerce and computer controls, pro-vide what has proven to be a successful template for developing an AIS course. Earlier editions of this book have been used successfully in introductory, advanced,

and graduate-level AIS courses.

The topics in this book are presented from the perspective of the managers’ and

accountants’ AIS-related responsibilities under the Sarbanes-Oxley Act.

While the book was written primarily to meet the needs of accounting majors about to enter the modern business world, we have also developed it to be an effective text

for general business and industrial engineering students who seek a thorough under-standing of AIS and internal control issues as part of their professional education.

Key Features

Conceptual Framework

This book employs a conceptual framework to emphasize the professional and legal responsibility of accountants, auditors, and management for the design, operation, and control of AIS applications. This responsibility pertains to business events that are narrowly defined as financial transactions. Systems that process nonfinancial transac-tions are not subject to the new standards of internal control under Sarbanes-Oxley

• • • • •

Preface

60893_00_FM_pi-xxviii.indd xvii 60893_00_FM_pi-xxviii.indd xvii 11/9/07 11:11:14 PM11/9/07 11:11:14 PM

(19)

legislation. Supporting the information needs of all users in a modern organization, however, requires systems that integrate both accounting and nonaccounting functions. While providing the organization with unquestioned benefit, a potential consequence of such integration is a loss of control due to the blurring of the lines that tradition-ally separate AIS from non-AIS functions. The conceptual framework presented in this

book distinguishes AIS applications that are legally subject to specific internal control standards.

Evolutionary Approach

Over the past 50 years, accounting information systems have been represented by a num-ber of different approaches or models. Each new model evolved because of the shortcom-ings and limitations of its predecessor. An interesting feature in this evolution is that older models are not immediately replaced by the newest technique. Thus, at any point in time, various generations of legacy systems exist across different organizations and often coexist within a single enterprise. The modern accountant needs to be familiar with the operational characteristics of all AIS approaches that he or she is likely to encounter.

Therefore, this book presents the salient aspects of five models that relate to both legacy and state-of-the-art systems:

1. manual processes

2. flat-file systems

3. the database approach

4. the resources, events, and agents (REA) model

5. enterprise resource planning (ERP) systems

Emphasis on Internal Controls

The book presents a conceptual model for internal control based on COSO and State-ment on Auditing Standards (SAS) No. 78. This model is used to discuss control issues for both manual processes and computer-based information systems (CBIS). Three chapters

(Chapters 15, 16 and 17) are devoted to the control of CBIS. Special emphasis is given to the following areas:

computer operating systems database management systems electronic data interchange (EDI) electronic commerce systems ERP systems

systems development and program change processes the organization of the computer function

the security of data processing centers verifying computer application integrity

• • • • • • • • • xviii Preface 60893_00_FM_pi-xxviii.indd xviii 60893_00_FM_pi-xxviii.indd xviii 11/9/07 11:11:14 PM11/9/07 11:11:14 PM

(20)

Exposure to Systems Design and Documentation Tools

The book examines various approaches and methodologies used in systems analysis and

design, including the following: structured design

object-oriented design

computer-aided software engineering (CASE) prototyping

In conjunction with these general approaches, professional systems analysts and program-mers use a number of documentation techniques to specify the key features of systems. The modern auditor works closely with systems professionals during IT audits and must learn to communicate in their language. The book deals extensively with documentation

techniques such as data flow diagrams (DFDs), entity relationship diagrams (ERDs), as

well as system, program, and document flowcharts. The book contains numerous systems

design and documentation cases and assignments intended to develop the students’

com-petency with these tools.

Significant Changes in the Sixth Edition

Chapter 4, “The Revenue Cycle”; Chapter 5 “The Expenditure Cycle

Part I: Purchases and Cash Disbursements Procedures”; Chapter 6,

“The Expenditure Cycle Part II: Payroll Processing and Fixed Asset

Procedures”

The end-of-chapter material to these chapters has been significantly revised. This entailed the creation of many new multiple-choice questions and problems. In particular, great attention was given to internal control case solutions to ensure that they were consistent in appearance and accurately reflect the cases in the text. In the 6th edition all case solu-tion flowcharts are numerically coded and cross referenced to text that explains the inter-nal control issues. This approach, which has been classroom tested, facilitates effective presentation of internal control case materials.

Chapter 7, “The Conversion Cycle”

This chapter has been completely rewritten to include issues, techniques, and technol-ogies pertinent to the popular philosophy of lean manufacturing. The revised chapter pre sents the key features of two alternative cost accounting models: (1) activity-based costing (ABC) and (2) value stream accounting. The latter is gaining acceptance as a supe-rior accounting technique for lean manufacturing companies.

Chapter 9, “Database Management Systems”

The body of this chapter has been revised to better integrate traditional data model-ing techniques with REA modelmodel-ing, which is discussed in Chapter 10. This integration

• • • • Preface xix 60893_00_FM_pi-xxviii.indd xix 60893_00_FM_pi-xxviii.indd xix 11/9/07 11:11:14 PM11/9/07 11:11:14 PM

(21)

facilitates distinguishing the modeling techniques that are unique to each approach while avoiding redundant treatment of issues that they have in common. The chapter appendix provides a new and easy-to-understand, business-based data normalization example.

Chapter 10, “The REA Approach to Database Modeling”

This is an entirely new chapter on REA data modeling. The chapter begins by present-ing the theoretical REA model, which is based on an economic exchange. This model is then developed step by step into functional databases for revenue and expenditure cycle applications.

Chapter 11, “Enterprise Resource Planning Systems”

The significant change to this chapter is a revised appendix that presents the key features of the leading large-scale, midsized, and small business ERP systems.

Chapter 12, “Electronic Commerce Systems”

This chapter was revised to emphasize the growing and changing threats from denial of service Dos attacks. While such attacks can be aimed at any type of website, they are par-ticularly devastating to business entities that are prevented from receiving and processing business transactions from their customers. Three common types of DOS attacks—SYN flood, smurf, and distributed denial of service (DDOS)—are discussed.

Organization and Content

Part I: Overview of Accounting Information Systems

Chapter 1, “The Information System: An Accountant’s Perspective”

This chapter places the subject of accounting information systems in perspective for accountants. It is divided into four major sections, each dealing with a different aspect of information systems.

The fi rst section explores the information environment of the fi rm. It introduces basic systems concepts, identifi es the types of information used in business, and describes the fl ows of information through an enterprise. This section also presents a frame-work for viewing accounting information systems in relation to other information systems components.

The second section of the chapter deals with the impact of organizational structure

on AIS. The centralized and distributed models are used to illustrate extreme cases in

point.

The third section reviews the evolution of information systems models. Accounting information systems have been represented by a number of different approaches or models. Five dominant models are examined: manual processes; fl at-fi le systems; the database approach; the resources, events, agents (REA) model; and enterprise resource planning (ERP) systems.

• • • xx Preface 60893_00_FM_pi-xxviii.indd xx 60893_00_FM_pi-xxviii.indd xx 11/9/07 11:11:14 PM11/9/07 11:11:14 PM

(22)

The fi nal section discusses the role of accountants as users, designers, and auditors of

AIS. The nature of the responsibilities shared by accountants and computer

profes-sionals for developing AIS applications are examined.

Chapter 2, “Introduction to Transaction Processing”

The second chapter expands on the subject of transaction cycles introduced in Chapter 1.

While the operational details of specific transaction cycles are covered in subsequent chapters, this chapter presents material that is common to all cycles. Topics covered include:

the relationship between source documents, journals, ledgers, and fi nancial state-ments in both manual and computer-based systems;

system documentation techniques, such as data fl ow diagrams, entity relationship (ER) diagrams, document systems, and program fl owcharts; and

data processing techniques, including batch and real-time processing.

The techniques and approaches presented in this chapter are applied to specific business cycle applications in later chapters. The chapter is supported by material in the appendix and on the website.

Chapter 3, “Ethics, Fraud, and Internal Control”

Chapter 3 deals with the related topics of ethics, fraud, and internal control.

The chapter fi rst examines ethical issues related to business and specifi cally to com-puter systems. The questions raised are intended to stimulate class discussions. The chapter then addresses the subject of fraud. There is perhaps no area of greater controversy for accountants than their responsibility to detect fraud. Part of the prob-lem stems from confusion about what constitutes fraud. This section distinguishes between management fraud and employee fraud. The chapter presents techniques for identifying unethical and dishonest management and for assessing the risk of man-agement fraud. Employee fraud can be prevented and detected by a system of internal controls. The section discusses several fraud techniques that have been perpetrated in both manual and computer-based environments. The results of a research study conducted by the Association of Certifi ed Fraud Examiners as well as the provisions of the Sarbanes-Oxley Act are presented.

The fi nal section of the chapter describes the internal control structure and control activities specifi ed in SAS 78 and the COSO framework. The control concepts dis-cussed in this chapter are applied to specifi c applications in chapters that follow.

Part II: Transaction Cycles and Business Processes

Chapters 4, 5, and 6, The Revenue and Expenditure Cycles

The approach taken in all three chapters is similar. First, the business cycle is reviewed conceptually using data flow diagrams to present key features and control points of each major subsystem. At this point the reader has the choice of either continuing within the

• • • • • • • Preface xxi 60893_00_FM_pi-xxviii.indd xxi 60893_00_FM_pi-xxviii.indd xxi 11/9/07 11:11:14 PM11/9/07 11:11:14 PM

(23)

context of a manual environment or moving directly to computer-based examples. Each system is examined under two alternative technological approaches:

First examined is automation, which preserves the basic functionality by replacing manual processes with computer programs.

Next, each system is reengineered to incorporate real-time technology.

Under each technology, the effects on operational efficiency and internal controls are examined. This approach provides the student with a solid understanding of the business tasks in each cycle and an awareness of how different technologies influence changes in the operation and control of the systems.

Chapter 7, “The Conversion Cycle”

Manufacturing systems represent a dynamic aspect of AIS. Chapter 7 discusses the tech-nologies and techniques used in support of two alternative manufacturing environments:

traditional mass production (batch) processing lean manufacturing

These environments are driven by information technologies such as materials require-ments planning (MRP), manufacturing resources planning (MRP II), and enterprise resource planning (ERP). The chapter addresses the shortcomings of the traditional cost accounting model as it compares to two alternative models: activity-based costing (ABC) and value stream accounting.

Chapter 8, “Financial Reporting and Management Reporting Systems”

Chapter 8 begins with a review of data coding techniques used in transaction processing

systems and for general ledger design. It explores several coding schemes and their respective advantages and disadvantages. Next it examines the objectives, operational features, and control issues of three related systems: the general ledger system (GLS), the financial report-ing system (FRS), and the management reportreport-ing system (MRS). The emphasis is on opera-tional controls and the use of advanced computer technology to enhance efficiency in each of these systems. The chapter distinguishes the MRS from the FRS in one key respect: financial reporting is mandatory and management reporting is discretionary. Management reporting information is needed for planning and controlling business activities. Organization manage-ment implemanage-ments MRS applications at their discretion, based on internal user needs.

The chapter examines a number of factors that influence and shape information needs. These include management principles, decision type and management level, prob-lem structure, reports and reporting methods, responsibility reporting, and behavioral issues pertaining to reporting.

Part III: Advanced Technologies in Accounting Information

Chapter 9, “Database Management Systems”

Chapter 9 deals with the design and management of an organization’s data resources.

It begins by demonstrating how problems associated with traditional fl at-fi le systems are resolved under the database approach.

• • • • • xxii Preface 60893_00_FM_pi-xxviii.indd xxii 60893_00_FM_pi-xxviii.indd xxii 11/9/07 11:11:15 PM11/9/07 11:11:15 PM

(24)

The second section describes in detail the functions and relationships among four primary elements of the database environment: the users, the database management system (DBMS), the database administrator (DBA), and the physical database. The third section is devoted to an in-depth explanation of the characteristics of the relational model. A number of database design topics are covered, including data modeling, deriving relational tables from ER diagrams, the creation of user views, and data normalization techniques.

The fourth section concludes the chapter with a discussion of distributed database issues. It examines three possible database confi gurations in a distributed environ-ment: centralized, partitioned, and replicated databases.

Chapter 10, “The REA Approach to Database Modeling”

Chapter 10 presents the REA model as a means of specifying and designing accounting

information systems that serve the needs of all users within an organization. The chapter is composed of the following major sections.

It begins by defi ning the key elements of REA. The basic model employs a unique form of ER diagram called an REA diagram that consists of three entity types (resources, events, and agents) and a set of associations linking them.

Next the rules for developing an REA diagram are explained and illustrated in detail. An important aspect of the model is the concept of economic duality, which specifi es that each economic event must be mirrored by an associated economic event in the opposite direction.

The chapter goes on to illustrate the development of an REA database for a hypo-thetical fi rm following a multistep process called view modeling. The result of this process is an REA diagram for a single organizational function.

The next section in the chapter explains how multiple REA diagrams (revenue cycle, purchases, cash disbursements, and payroll) are integrated into a global or enterprise-wide model. The enterprise model is then implemented into a relational database structure, and user views are constructed.

The chapter concludes with a discussion of how REA modeling can improve com-petitive advantage by allowing management to focus on the value-added activities of their operations.

Chapter 11, “Enterprise Resource Planning Systems”

This chapter presents a number of issues related to the implementation of enterprise

resource planning (ERP) systems. It is composed of five major sections.

The fi rst section outlines the key features of a generic ERP system by comparing the function and data storage techniques of a traditional fl at-fi le or database system to that of an ERP.

The second section describes various ERP confi gurations related to servers, databases, and bolt-on software.

• • • • • • • • • • Preface xxiii 60893_00_FM_pi-xxviii.indd xxiii 60893_00_FM_pi-xxviii.indd xxiii 11/9/07 11:11:15 PM11/9/07 11:11:15 PM

(25)

Data warehousing is the topic of the third section. A data warehouse is a relational or multidimensional database that supports online analytical processing (OLAP). A number of issues are discussed, including data modeling, data extraction from operational databases, data cleansing, data transformation, and loading data into the warehouse.

The fourth section examines risks associated with ERP implementation. These include “big bang” issues, opposition to change within the organization, choosing the wrong ERP model, choosing the wrong consultant, cost overrun issues, and disruptions to operations. The fi fth section reviews several control and auditing issues related to ERPs. The discussion follows the SAS 78 framework.

The chapter appendix provides a review of the leading ERP software products includ-ing SAP, Oracle E-Business Suite, Oracle | PeopleSoft, JD Edwards, EnterpriseOne, SoftBrands, MAS 500, and Microsoft Dynamics.

Chapter 12, “Electronic Commerce Systems”

Driven by the Internet revolution, electronic commerce is dramatically expanding and undergoing radical changes. While electronic commerce promises enormous opportuni-ties for consumers and businesses, its effective implementation and control are urgent challenges facing organization management and accountants. To properly evaluate the potential exposures and risks in this environment, the modern accountant must be famil-iar with the technologies and techniques that underlie electronic commerce. This chapter

and the associated appendix deal with several aspects of electronic commerce.

The body of the chapter examines Internet commerce including business-to-consumer and business-to-business relationships. It presents the risks associated with electronic commerce and reviews security and assurance techniques used to reduce risk and to promote trust.

The chapter concludes with a discussion of how Internet commerce impacts the accounting and auditing profession. The internal usage of networks to support dis-tributed data processing and traditional business-to-business transactions conducted via EDI systems are presented in the appendix.

Part IV: Systems Development Activities

Chapter 13, “Managing the Systems Development Life Cycle” and

Chapter 14, “Construct, Deliver, and Maintain Systems Projects”

These chapters examine the accountant’s role in the systems development process.

Chapter 13 begins with an overview to the systems development life cycle (SDLC).

This multistage process guides organization management through the development and/or purchase of information systems.

Next, Chapter 13 presents the key issues pertaining to developing a systems strategy, including its relationship to the strategic business plan, the current legacy situation,

• • • • • • • xxiv Preface 60893_00_FM_pi-xxviii.indd xxiv 60893_00_FM_pi-xxviii.indd xxiv 11/9/07 11:11:15 PM11/9/07 11:11:15 PM

(26)

and feedback from the user community. The chapter provides a methodology for assessing the feasibility of proposed projects and for selecting individual projects to go forward for construction and delivery to their users. The chapter concludes by reviewing the role of accountants in managing the SDLC.

Chapter 14 covers the many activities associated with in-house development, which

fall conceptually into two categories: (1) construct the system and (2) deliver the system. Through these activities, systems selected in the project initiation phase (dis-cussed in Chapter 13) are designed in detail and implemented. This involves creating input screen formats, output report layouts, database structures, and application logic. Finally, the completed system is tested, documented, and rolled out to the user.

Chapter 14 then examines the increasingly important option of using commercial software packages. Conceptually, the commercial software approach also consists of construct and delivery activities. In this section we examine the pros, cons, and issues involved in selecting off-the-shelf systems.

Chapter 14 also addresses the important activities associated with systems maintenance and the associated risks that are important to management, accountants, and auditors.

Several comprehensive cases designed as team-based systems development projects

are available on the website. These cases have been used effectively by groups of

three or four students working as a design team. Each case has suffi cient details to allow analysis of user needs, preparation of a conceptual solution, and the develop-ment of a detailed design, including user views (input and output), processes, and databases.

Part V: Computer Controls and Auditing

Chapter 15, “IT Controls Part I: Sarbanes-Oxley and IT Governance”

This chapter provides an overview of management and auditor responsibilities under Sections 302 and 404 of the Sarbanes-Oxley Act (SOX). The design, implementation, and assessment of internal control over the financial reporting process form the central theme for this chapter and the two chapters that follow. This treatment of internal con-trol complies with the Committee of Sponsoring Organizations of the Treadway Commis-sion (COSO) control framework. Under COSO, IT controls are divided into application controls and general controls. Chapter 15 presents risks, controls, and tests of controls related to IT governance including organizing the IT function, controlling computer cen-ter operations, and designing an adequate disascen-ter recovery plan.

Chapter 16, “IT Controls Part II: Security and Access”

Chapter 16 continues the treatment of IT controls as described by the COSO control framework. The focus of the chapter is on SOX compliance regarding the security and control of operating systems, database management systems, and communication net-works. This chapter examines the risks, controls, audit objectives, and tests of controls that may be performed to satisfy either compliance or attest responsibilities.

• • • • Preface xxv 60893_00_FM_pi-xxviii.indd xxv 60893_00_FM_pi-xxviii.indd xxv 11/9/07 11:11:15 PM11/9/07 11:11:15 PM

(27)

Chapter 17, “IT Controls Part III: Systems Development,

Program Changes, and Application Controls”

This chapter concludes our treatment of IT controls as outlined in the COSO control framework. The focus of the chapter is on SOX compliance regarding systems develop-ment, program changes, and applications controls. This chapter examines the risks, con-trols, audit objectives, and tests of controls that may be performed to satisfy compliance or attest responsibilities. The chapter examines five computer-assisted audit tools and

techniques (CAATT) for testing application controls:

the test data method base case system evaluation tracing

integrated test facility parallel simulation

It also reviews two substantive testing techniques: embedded audit modules and general-ized audit software.

Supplements

Product Website

Additional teaching and learning resources, including access to additional internal

con-trol and systems development cases, are available by download from the book’s website

at http://academic.cengage.com.

PowerPoint

®

_Slides

The PowerPoint® _{slides, prepared and completely updated by Patrick Wheeler of the}

University of Missouri, provide colorful lecture outlines of each chapter of the text, incor-porating text graphics and flowcharts where needed. The PPT is available for download from the text website.

Test Bank

The Test Bank, available in Word and written and updated by the text author, contains true/false, multiple-choice, short answer, and essay questions. The files are available for download from the text website.

Solutions Manual

The Solutions Manual, written by the author, contains solutions to all end-of-chapter problems and cases. Adopting instructors may download the Solutions Manual under password protection at the Instructor’s Resource page of the book’s website.

• • • • • xxvi Preface 60893_00_FM_pi-xxviii.indd xxvi 60893_00_FM_pi-xxviii.indd xxvi 11/9/07 11:11:16 PM11/9/07 11:11:16 PM

(28)

Acknowledgments

I want to thank the Institute of Internal Auditors, Inc., and the Institute of Certified Man-agement Accountants for permission to use problem materials from past examinations. I would also like to thank Dave Hinrichs, my colleague at Lehigh University, for his careful work on the text and the verification of the Solutions Manual for this edition.

I am grateful to the following people for reviewing the book in recent editions and for providing helpful comments:

Beth Brilliant Kean University

Kevin E. Dow Kent State University H.P. Garsombke

University of Nebraska, Omaha

Alan Levitan University of Louisville Sakthi Mahenthiran Butler University Jeff L. Payne University of Kentucky Sarah Brown

Southern Arkansas University

H. Sam Riner

University of North Alabama David M. Cannon

Grand Valley State University

Helen M. Savage

Youngstown State University James Holmes

University of Kentucky

Jerry D. Siebel

University of South Florida Frank Ilett

Boise State University

Richard M. Sokolowski Teikyo Post University Andrew D. Luzi

California State University, Fullerton

Patrick Wheeler

University of Missouri, Columbia Srini Ragothaman

University of South Dakota James A. Hall Lehigh University

Preface xxvii

60893_00_FM_pi-xxviii.indd xxvii

60893_00_FM_pi-xxviii.indd xxvii 11/9/07 11:11:16 PM11/9/07 11:11:16 PM

(29)

To my wife Eileen, and my children Elizabeth and Katie

Dedication

60893_00_FM_pi-xxviii.indd xxviii

60893_00_FM_pi-xxviii.indd xxviii 11/9/07 11:11:16 PM11/9/07 11:11:16 PM

(30)

The chapter in which the term is first defined is set in parentheses following the definition.

Glossary

A

Access control list: These lists contain information

that defines the access privileges for all valid users of the resource. An access control list assigned to each resource controls access to system resources such as directories, files, programs, and printers. (16)

Access controls: Controls that ensure that only

authorized personnel have access to the firm’s assets. (3)

Access method: The technique used to locate records

and navigate through the database. (2)

Access tests: Tests that ensure that the application

prevents authorized users from unauthorized access to data. (17)

Access token: These contain key information about

the user, including user ID, password, user group, and privileges granted to the user. (16)

Accounting information systems (AIS): Specialized

subset of information systems that processes financial transactions. (1)

Accounting record: A document, journal, or ledger

used in transaction cycles. (2)

Accounts payable pending file: File containing a copy

of the purchase requisition. (5)

Accounts receivable (AR) subsidiary ledger: An

account record that shows activity by detail for each account type containing, at minimum, the following data: customer name; customer address; current balance; available credit; transaction dates; invoice numbers; and credits for payments, returns, and allowances. (4)

Accuracy: Information must be free from material

errors. However, materiality is a difficult concept to quantify. It has no absolute value; it is a problem-specific concept. This means that in some cases, information must be perfectly accurate. (3)

Accuracy tests: Tests that ensure that the system

pro-cesses only data values that conform to specified tolerances. (17)

Activities: Work performed in a firm. (7)

Activity driver: Factor that measures the activity

consumption by the cost object. (7)

Activity-based costing (ABC): Accounting technique

that provides managers with information about activities and cost objects. (7)

Ad hoc reports: This technology provides

direct-inquiry and report-generation capabilities. (8)

Advanced encryption standard (AES): Also known

as Rijndael, this is a private key (or symmetric key) encryption technique. (12)

Agents: Individuals and departments that participate

in an economic event. (1)

Algorithm: Procedure of shifting each letter in the

cleartext message the number of positions that the key value indicates. (12)

Alphabetic codes: Alphabetic characters assigned

sequentially. (8)

Alphanumeric codes: Codes that allow the use of

pure alphabetic characters embedded within numeric codes. (8)

Analytical review: Balances to identify relationships

between accounts and risks that are not otherwise apparent. (11)

Anomalies: Improperly normalized tables can cause

DBMS processing problems that restrict, or even deny, users access to the information they need; such tables exhibit negative operational symptoms called anomalies. (9)

AP subsidiary ledger: The records controlling the

exposure in the cash disbursements subsystems. (5)

Application controls: Ensure the integrity of specific

systems. (3)

Application-level firewall: Provides high-level

net-work security. (12)

Approved credit memo: The credit manager

evalu-ates the circumstances of the return and makes a judgment to grant (or disapprove) credit. (4)

Approved sales order: These contain sales order

information for the sales manager to review once it is approved. (4)

Architecture description: A formal description of an

information system that identifies and defines the structural properties of the system. (13)

Archive file: File that contains records of past

trans-actions that are retained for future reference. (2)

G-1

60893_Glossary_pG-1-G-22.indd G-1

60893_Glossary_pG-1-G-22.indd G-1 11/1/07 11:41:01 PM11/1/07 11:41:01 PM

(31)

G-2 Glossary

Asset acquisition: Usually begins with the

depart-mental manager (user) recognizing the need to obtain a new asset or replace an existing one. (6)

Asset disposal: A disposal report describing the final

disposition of the asset. (6)

Asset maintenance: Involves adjusting the fixed

asset subsidiary account balances as the assets (excluding land) depreciate over time or with usage. (6)

Association: The relationship among record types. (9) Assurance services: Professional services, including

the attest function, that are designed to improve the quality of information, both financial and nonfinancial, used by decision makers. (1)

Attendance file: File created by the timekeeping

depart-ment upon receipt of approved time cards. (6)

Attest function: Public confidence in the reliability of

internally produced financial statements rests directly on their being validated by an independent expert auditor. (1)

Attributes: Equivalents to adjectives in the English

language that serve to describe the objects. (9)

Audit objectives: The task of creating meaningful

test data. (17)

Audit procedures: This involves a combination of

tests of application controls and substantive tests of transaction details and account balances. (17)

Audit risk: Probability that the auditor will render

unqualified opinions on financial statements that are, in fact, materially misstated. (17)

Audit trail: Accounting records that trace

transac-tions from their source documents to the financial statements. (2)

Audit trail controls: Ensures that every transaction

can be traced through each stage of processing from its economic source to its presentation in financial statements. (17)

Audit trail test: Ensures that the application creates

an adequate audit trail. (17)

Auditing: Form of independent attestation performed

by an expert who expresses an opinion about the fairness of a company’s financial statements. (1)

Auditor: An expert who expresses an opinion about

the fairness of a company’s financial statements. (1)

Authenticity tests: Tests verifying that an individual,

a programmed procedure, or a message attempt-ing to access a system is authentic. (17)

Authority: The right to make decisions pertaining to

areas of responsibility. (8)

Automated storage and retrieval systems (AS/RS):

Computer-controlled conveyor systems that carry raw materials from stores to the shop floor and finished products to the warehouse. (7)

Automation: Involves using technology to improve

the efficiency and effectiveness of a task. (4)

B

Back-order: These records stay on file until the

inven-tories arrive from the supplier. Back-ordered items are shipped before new sales are processed. (4)

Back-order file: Contains customer orders for

out-of-stock items. (4)

Backbone systems: Basic system structure on which

to build. (1)

Backup controls: Ensure that in the event of data

loss due to unauthorized access, equipment fail-ure, or physical disaster the organization can recover its files and databases. (16)

Balanced scorecard (BSC): A management system

that enables organizations to clarify their vision and strategy and translate them into action. (13)

Base case system evaluation (BCSE): Variant of the

test data technique, in which comprehensive test data are used. (17)

Batch: A group of similar transactions accumulated

over time and then processed together. (2)

Batch control totals: Record that accompanies the sales

order file through all of the data processing runs. (4)

Batch controls: Effective method of managing high

volumes of transaction data through a system. (17)

Batch systems: Systems that assemble transactions

into groups for processing. (2)

Big bang: An attempt by organizations to switch

operations from their old legacy systems to the new system in a single event that implements the ERP across the entire company. (11)

Bill of lading: Formal contract between the seller and

the shipping company that transports the goods to the customer. (4)

Bill of materials: Document that specifies the types

and quantities of the raw materials and subassem-blies used in producing a single unit of finished product. (7)

60893_Glossary_pG-1-G-22.indd G-2

60893_Glossary_pG-1-G-22.indd G-2 11/1/07 11:41:02 PM11/1/07 11:41:02 PM