62006_JonesRama_CH13.qxd
5/23/2002
13
12:55 PM
Page 635
ACCOUNTING SYSTEMS:
MANAGING THE
IT ENVIRONMENT
LEARNING OBJECTIVES
After completing this chapter, you should understand:
U1. IT architectures for multi-user systems.
U2. General controls.
U3. Information systems planning—IT strategy, IT
architecture, IT function, and systems development process.
U4. The organization of the IT function—location of
the IT function, segregation of duties for IT
functions, and personnel controls.
U5. Systems development methodology, program
development and testing, and documentation.
U6. Accounting systems—techniques for controlling access and ensuring the continuity of IT
operations.
After completing this chapter, you should be able to:
P1. Identify key components of an IS plan.
P2. Develop an access control matrix for an application.
Chapter 12 presented a framework for studying an AIS in the larger context of
business strategy and the IT environment. As noted in Chapter 12, this broader
framework can help you better understand and apply AIS knowledge in the current
professional environment. Our focus in Chapters 1–11 was on two of the boxes in
Figure 13.1—business process and AIS applications—and the related risks and controls. Two additional components are shown in Figure 13.1—business strategy and
information technology (IT) environment.
Figure 13.1
A Framework for
Studying an AIS
Business Strategy
Business Process
IT Environment
AIS Applications
In Chapter 12, we defined the IT environment in terms of the four elements in
Exhibit 13.1.
635
62006_JonesRama_CH13.qxd
5/23/2002
12:55 PM
Page 639
Accounting Systems: Managing the IT Environment
Figure 13.2
IT Architecture
Chapter 13
639
A. Centralized
B. Centralized with
Distributed Data Entry
Computer
Computer
User
User
T or TE*
T or TE
User
User
D. Distributed
C. Decentralized
Computer
Computer
User
User
Computer
Computer
Computer
User
User
*T ⫽ dumb terminal; TE ⫽ computer using terminal emulation software
Focus on Problem Solving 13.a
IT Architectures (U1)
Required: Consider the alternative processes for registering for classes. Indicate which of the four
IT configurations apply to the following examples.
1. The student visits the chairperson of each department to register for just the classes taught in that
department. The chairperson registers the student for classes taught in that department using the
department’s computer.
2. The student must go the registrar’s office in the administration building. A clerk in the registrar’s
office registers students. Chairpersons or faculty are unable to do any registering for students.
3. The student visits the chairperson of the department for his or her major. The chairperson uses a
personal computer to review the graduation requirements stored in a spreadsheet. The computer
is connected to the mainframe enabling the chairperson to register the student in all of the classes
that the student will take.
4. The chairperson uses a terminal connected to the mainframe to register the student.
The solution to this Focus on Problem Solving box appears on page 661. Check your answer and make sure you understand
the solution before reading further.
It should be noted that a single company may use all four of the configurations
for different functions. For example, payroll duties may be centralized to limit access
62006_JonesRama_CH13.qxd
5/23/2002
12:55 PM
Page 647
Accounting Systems: Managing the IT Environment
Chapter 13
647
Locate the IT Function Appropriately
The location of the IT function should be appropriate, given business goals and needs.
If information systems are of strategic importance to an organization’s current or future operations, the organization should have a separate IT function. The IT function
should not be under any user department (e.g., marketing manager or controller) to
ensure that the IT staff are independent and support the needs of all user groups.
Furthermore, the IT function should be located high in the organizational hierarchy. Figure 13.3 shows a typical organization for the IT function with traditional centralized systems. As seen from this figure, the IT function is under the
authority of a vice president of Computer Services. Another possible title is chief
information officer (CIO). The VP of Computer Services could report to the CEO
along with the other key players (e.g., VP of Production and VP of Marketing).
If information systems are not that crucial to an organization’s operations, the
function could be under a user group. The organization may not even have an IT
function; the responsibilities may be distributed to user groups. Or the IT function
may be under the control of a single user group such as the controller’s staff.
Segregate Incompatible Functions
Review Figure 13.3 to see the way in which responsibilities are allocated to various groups under the VP of Computer Services. The actual job titles and exact organization will vary from organization to organization.
Figure 13.3
Organization of IT Function for Centralized Systems
Vice President
Computer Services
Manager
Technical Services
Manager
Systems Development
Systems
Analysis
Systems
Design
Programming
Networks &
Telecommunications
Data Control
Database
Administration
Manager
Data Processing
Data Entry
Computer
Operations
Data
Library
Quality Control
The purpose of our discussion is to help you understand the basic principles
used to segregate duties in the IT function. We now identify four opportunities for
implementing the segregation of duties involving users, computer operations, systems development, and systems maintenance.
Separating Users from Computer Operations. Recall that the idea behind
segregation of duties is to separate responsibilities for (1) authorization, (2) execution, (3) recording, and (4) custody of assets. In a computerized AIS, the IT function should only be responsible for the third step. User departments are responsible
62006_JonesRama_CH13.qxd
5/23/2002
654
Exhibit 13.4
Concluded
12:55 PM
Part IV
Page 654
Managing Information Technology and Systems Development
Prepare tax returns (E3)
The information is entered9 into Mega-Tax, a tax software product used at the
company. The recording and storage of tax information is handled by the MegaTax software and is separate from the rest of the revenue cycle. The company is
not planning to integrate the tax preparation software with the rest of the revenue
cycle. Thus, in this case, you can disregard the recording, updating, and processing
of detailed tax return information.
Bill client (E4)
As soon as the tax return is finished, the accountant gives10 the Service Request
Form, client information sheet, and tax return to the secretary. The secretary immediately enters11 the services provided into the computer system. If the client is
new, a client record is first set12 up in the computer system. As each service code
is entered, the computer looks13 up the description and price. The system computes14 and displays the total amount at the bottom. A record is created15 in the
Invoice Table, and the status is set to “open.” The services provided are recorded16
in the Invoice_Detail Table. The secretary then prints17 the invoice. The secretary
selects18 the “Post the invoice to master tables” option. The customer’s balance is
then increased.19 The Year-to-Date_Revenues amount for each service provided is
also updated.20 She then notifies21 the client that the return is ready.
Collect cash (E5)
When the customer arrives to pick up the returns, he gives22 a check to the secretary. The secretary enters23 the Invoice#, Check#, Date, and Amount_Paid. The secretary selects24 the “Post the invoice to master tables” option. The computer then
reduces25 the customer balance to reflect the amount of the payment. The status of
the invoice is set26 to “closed.”
Figure 13.4
Revenue Cycle Menu
for H & J Tax
Preparation Service
Revenue Cycle Menu
A. Maintain
1. Clients
2. Services
B. Record Event
1. Prepare invoice
2. Record payment
C. Process Data
D. Display/Print Reports
Event Reports
1. Invoice
2. Services provided
3. Services provided by Service#
4. Services provided by Service# (Summary)
Reference Lists
5. Services reference list
Summary and Detailed Status Reports
6. Detailed client status report
7. Summary client status report
8. Single client status report
E. Exit
62006_JonesRama_CH13.qxd
5/23/2002
12:55 PM
Page 657
Accounting Systems: Managing the IT Environment
Chapter 13
657
Figure 13.5
Security Screen from
Great Plains
Dynamics
Figure 13.6 shows the screen used in Peachtree Complete Accounting to limit
access. As the screen indicates, the user has full access for maintaining customers
in the sales module. The user can also enter transactions (Tasks) and read reports.
Figure 13.6
Peachtree Complete
Accounting Screen
for Password
Protection
Limiting access to computers and computer data is one way to avoid computer
downtime that could result from errors by unqualified users and deliberate fraud
or destruction of data. However, the integrity of the data could also be damaged
by hard disk failures and accidents. The next section discusses techniques for minimizing breaks in the continuity of IT operations.
Ensure Continuity of Service
During operation of an AIS, ensuring continuous service is an important objective.
The unavailability of the system for even a short time may cause significant losses
62006_JonesRama_CH13.qxd
5/23/2002
12:55 PM
Page 657
Accounting Systems: Managing the IT Environment
Chapter 13
657
Figure 13.5
Security Screen from
Great Plains
Dynamics
Figure 13.6 shows the screen used in Peachtree Complete Accounting to limit
access. As the screen indicates, the user has full access for maintaining customers
in the sales module. The user can also enter transactions (Tasks) and read reports.
Figure 13.6
Peachtree Complete
Accounting Screen
for Password
Protection
Limiting access to computers and computer data is one way to avoid computer
downtime that could result from errors by unqualified users and deliberate fraud
or destruction of data. However, the integrity of the data could also be damaged
by hard disk failures and accidents. The next section discusses techniques for minimizing breaks in the continuity of IT operations.
Ensure Continuity of Service
During operation of an AIS, ensuring continuous service is an important objective.
The unavailability of the system for even a short time may cause significant losses