Accounting Information Systems:
A Business Process Approach
Chapter Thirteen: Accounting
Systems: Managing the IT
Environment
1
Learning Objective
After completing this chapter, you should understand:
 IT architectures for multi-user systems
 General controls
 Information system planning-IT strategy, IT architecture,
IT function, and systems development process
 The organization of the IT function-location of the IT
function, segregation of duties for IT function, and
personnel controls
 System development methodology, program development
and testing, and documentation
 Accounting systems – technique for controlling access s
and ensuring the continuity of IT Operations
2
Learning Objective (Continue)
After completing this chapter, you should be
able to:
 Identify key components of an IS plan
 Develop an access control matrix for an
application
3
Exhibits: 13.2, 13.3
Tables: 13.1, 13.2
4
Exhibit 13.2 Types of Control Activities

Workflow controls are used to control a process as it moves from one event to the next.
Workflow
controls exploit linkages between events and focus on responsibilities
for events, the sequence of
events, and the flow of information between events in a
business process.

Input controls are used to control the input of data into computer systems.

General controls are broader controls that apply to multiple processes. These broader controls
should be
in place for the workflow and input controls to be effective.

Performance reviews are activities involving review of performance by comparing actual results
with
budgets, forecasts, and prior-period data.
Control activities of each type discussed in this text are described as follows:
Workflow controls*

Segregation of duties.

Use of information from prior events to control activities.

Required sequence of events.

Follow-up on events.

Sequence of prenumbered documents.

Recording of internal agent(s) accountable for an event in a process.

Limitation of access to assets and information.

Reconciliation of records with physical evidence of assets.
5
Exhibit 13.2 Types of Control Activities (Concluded)
Input controls*

Drop-down or look-up menus that provide a list of possible values to enter.

Record checking to determine whether data entered were consistent with data entered in a
related table.

Confirmation of data that were entered by a user by displaying related data from another table.

Referential integrity controls to ensure that event records are related to the correct master file
records.

Format checks to limit data entered to text, numbers, and date.

Validation rules to limit the data that can be entered to certain values.

Use of defaults from data entered in prior sessions.

Computer-generated values entered in records.

Batch control totals taken before data entry compared to printouts after data entry.

Review of edit report for errors before posting.

Exception reports that list cases where defaults were overridden or where unusual values were
entered.
General controls*

Information systems (IS) planning.

Organizing the IT function.

Identifying and developing IS solutions.

Implementing and operating accounting systems.
Performance reviews*

Establish budgets, forecasts, standards, or prior-period results through file maintenance.
6

Use reports to compare actual results to budgets, forecasts, standards, or prior-period results.

Take corrective action by modifying appropriate reference data (budgets and standards) in a
Exhibit 13.3 Controlling the IT Environment
Managing the IT Environment
General Controls
Information systems planning
1. Develop IS strategy.
2. Plan the IT infrastructure.
3. Plan the IT function and systems development process
Organizing the IT function
4. Locate the IT function appropriately.
5. Segregate incompatible functions.
6. Implement personnel controls for hiring, developing,
and terminating IT personnel.
Identifying and developing IS solutions 7. Adopt appropriate systems development methodology.
8. Implement procedures for program development
and testing.
9. Ensure adequate documentation.
Implementing and operating accounting 10. Ensure security of resources.
systems
11. Ensure continuity of service.
7
Table 13.1 Alternative Configurations for Data Entry, Processing, and Storage
Architecture
Storage
Data Entry
Processing
Centralized
Central*
Central
Central
Centralized with distributed data entry Local**
Central
Central
Decentralized
Local
Local
Local
Distributed
Local/Central
Local/Central
Local/Central
*Central—Data are entered, stored, or processed by personnel at a central computing facility.
**Local—Data are entered, stored, or processed using a computer under the control of a user
department (e.g., Order Entry Department and Billing Department).
8
Table 13.2 Access Control Matrix for H & J Tax Preparation Service
Menu Item
Owner
Permissions
Accountant
RWD
RW
Secretary
Permissions
Permissions
Maintain:
Clients
Services
Record services
Print or display:
Invoice
Services provided
Services provided by
Service#
Services provided by
Service# (Summary)
Services reference list
Detailed client status report
Summary client
status report
Single client status report
RWD
RW
R
R
RWD
RW
RW
RD
RD
R
X
R
X
RD
X
X
RD
X
X
RD
X
X
RD
RD
R
R
RD
X
X
R
X
R = permission to Read; W = permission to Write; D = permission to Design or change design of tables,
forms, or reports; X = no permission
9