lOMoARcPSD|3072687
Comprehensive notes for accounting information systems
week 1 week 12 hd
Accounting Information Systems (Australian National University)
StuDocu is not sponsored or endorsed by any college or university
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
INFS2005
Mid-Semester Revision
WEEK 1: ACCOUNTING INFORMATION SYSTEMS
INTRODUCTION:
What is Information Systems?
Systems can be defined as something that takes inputs, applies a set of rules and generate outputs. Information system is where
you utilise a computer system to process inputs to generate outputs.
What is Accounting?
•
Accounting records details of transactions that occur within an organisation (Inputà Process à Output0
Accounting Process: Captures data about the organisation’s financial activity
Data: raw facts relating to or describing an event
•
Data becomes useful when they are subject to the application of rules or knowledge which enables us to convert data
into information
Steps in Accounting
1.
2.
3.
4.
5.
6.
7.
8.
Transaction occurs
Analyse transaction
Journalise transaction
Post journal to ledger
Adjust entries
Adjust trial balance
Close entries
Prepare financial statements
•
•
SAP & IBM: enterprise systems for small businesses
ERP: complex set of computer program modules that integrate the different functional areas
Role of AIS:
a)
b)
c)
d)
Part of an authorisation process
Used as a planning tool within the organisation
Used to generate essential parts of an organisation’s decision making and reporting
Evaluate business performances with budgets and variance reports key assessment tools
Data Classification: fundamental process that drives value throughout an organisation by enabling the alignment of info to best
address business needs
Systems:
•
•
•
•
•
•
•
•
•
Something that takes inputs, applies a set of rules or processes to the inputs and generates outputs (purpose of the
system)
System elements: specific to task domain, ensure system is running as normal.
Inputs: starting point of a system
Processes: set of activities that are performed on the inputs onto the system
Outputs: what is obtained from the system/result
Feedback: method using alerts to ensure that the system is running as normal and that there are no
problems/exceptional circumstances
System scope: domain or problem that a system addresses
External environment: factors or pressures outside the system that influences its design and operation
Transaction processing system: system designed to capture and record events that occur in a business transaction
Accounting Information Systems:
•
Application of technology to capture, store and process information
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
ORGANISATIONAL DESIGN:
Organisation of a business enterprise through the structure of the relationships, interaction and reporting responsibility among
staff: 2 approaches
1.
2.
Functional Perspective
Business Process Perspective [we will focus on this more]
Functional perspective: emphasises hierarchical reporting roles, narrowly specified worker roles and emphasis on departments
•
•
Info sent through hierarchy to reach bottom/top level
specific subset of the organisation the performs a particular role that contributes to the organisation achieving the
objectives
o E.g. Sales, Marketing, Accounting, HR Department
§ Pros: Control & coordination/ Specificity
§ Problems/Limitations: Not reflective of today’/slow to react to environment/focuses on wrong things
BUSINESS PROCESSES:
Represents the series of activities that, when combined, deliver something of value to the customer, whether internal or
external
Why use it?
•
•
•
•
Reduce time wasted due to re-work, bureaucracy and admin
Improve customer service and relations
Flatten hierarchy removes unnecessary jobs and eases communication
Allows for outsourcing = cheaper
Process-Based Organisation
Functional Perspective
Process Perspective
Focus
What is done
How it is done
Orientation
Vertical hierarchical
Horizontal, across the organisation
Objective
Task driven
Customer driven
Personnel
Specialists – highly defined tasks
Generalists – tasks across the process
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
WEEK 2: ENTERPRISE SYSTEMS & BUSINESS PROCESS REENGINEERING
BUSINESS PROCESSES:
Mission statement: expression of the organisation’s vision, business domain, competencies and values
Strategy: choice about a source of action, means of putting a misn statement into place
Three levels of strategies:
1.
2.
3.
Internal: decisions that are made within an organisation
Competitive: understanding the industry the company operates in
Business portfolio: which industry the company should compete within and how to compete with new industries
Strategy (Cont.):
•
Determines how an organisation deals with its competitor and what products to sell to what markets and through what
delivery methods
1. Cost leadership: Carries out activities cheaper than other firms
e.g. economies of scale, technology, low overhead costs
2. Differentiation strategy: businesses adding extra for customers – can charge higher price /
unique products and services targeted to a customer’s needs
offering
Implementation and attainment of these alternative strategies consists of 5 steps [Porter’s]
1.
2.
3.
4.
5.
Operational effectiveness: being able to do things better than competitor
Uniqueness: activities different to rest of the markets
Trade-offs: make conscious choices about market it wishes to serve, the product or service it wishes to provide &
means of delivery
Fit: how different activities in an organisation combine to achieve a common objective
Sustainability: more activities = harder for competitors
5 Forces that shape industry [Porter’s]
1.
2.
3.
4.
5.
Rivalry among existing competitors
Threat of substitute products or services
Bargaining power of supplies
Bargaining power of buyers
Threats of new entrants
Reasons for business process (re) design:
•
•
Management Change: Functionally based structure must be changed. Drive comes from the top
People Change: Narrowly defined specialist jobs may become generalist and diverse.
Note: Business processes are not static. New technology, fierce competition, change to business environment
2 Major Approaches of business process (re) design:
1.
2.
Total Quality Management (TQM)
Business Process Re-Engineering (BPR)
Total Quality Management: series of small progressive steps is the best way to improve operations
1.
2.
3.
4.
Quality: cost of poor quality are greater than the costs associated with developing and refining business process to
generate high-quality output
People: how people within organisation are valued for their contribution towards the process and their idea on how
the process can be improved
Organisation: ensure departments do not operate separately à need to interact
Management: Management must focus on processes rather than individual functions. Must come from the top
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
Business Process Re-Engineering (BPR)
•
•
•
•
•
•
•
•
•
Radical changes to achieve dramatic improvements
o e.g. cost, quality, service & speed
This can be risky though à if goes wrong, an destroy what you already have
Key components:
o Fundamental: forces an organisation to question what activities it performs as part of its current process
o Radical: compels organisations to start again
o Dramatic: expected return on the improvements
o Process: aspect is central to BPR
Principles in practice:
o Combines jobs and let workers make decisions
o Creates a single reference point for customers
o Perform steps in a natural order and at their logical location
o Allow processes to vary
o Reduce the impediment of controls and reconciliations
Principles and approaches for a BPR team:
o Establish a sense of urgency – convince everyone to change
o Form a leadership team – who should be the team members?
o Create and communicate a vision
o Empower others to meet the vision – employee re-training?
o Plan for and create short team wins – positive feedback
o Consolidate improvements and encourage further change – not just change the processes, changing the
company
o Institutionalise the new approaches – new way becomes the usual way
Technology-driven process improvements:
o Technology enabler of business processes – has to be done correctly (e.g. bar scanner)
Outcomes from BPR
o Functional to process
o Job change, people empowered to fit problems
o High risk, lots of change
o Dictated from the top
Examples:
o Barcode, vendor managed inventory (outsources inventory), electronic bill payment, BPAY
Technology:
o Four of benefits
1. Information-based
2. Strategy-based
3. Transaction-based
4. Change-based
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
Enterprise Information Systems (EIS)
•
•
•
•
Software applications – used by businesses to capture transactions and produce outputs for planning, decision making
and statutory reporting
Three categories of EIS
1. Single-entry systems
2. Inwardly organised systems
3. Outwardly organised systems – suggest ways to improve sourcing or raw materials or increasing
revenue/increase customer experience
Three typical processes:
o Sales (= ‘Revenue’ or ‘Fulfilment’)
o Purchasing (= ‘Expenditure’ or ‘Procurement’)
o Production (=’Manufacture’)
Three Categories of EIS:
o Single-entry systems
§ Record transaction and obligations
§ Designed for individual users
§ Requires little accounting knowledge, easy to use, perform financial MGMT, investment process and
track investment performance
o Inwardly organised systems
§ Record and monitor business and manufacturing processes within organisations
§ Capture all internal activities of an organisation
o Outwardly organised systems
§ Supposed organisation’s internal activities
§ Extend the capture of data to suppliers
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
•
•
•
•
Choosing a software
o Define the business process
o Look at business requirements
o Determine what the system needs
o Look at category of software needed by the organisation
o Determine the vendor that will provide the software
Single-entry Systems
o Software only records transactions and obligations
o For individual user or small businesses
o Record cash transactions through a link to the organisations bank
o Requires little accounting knowledge + easy to use
o Lak of classification in the system
o Doesn’t look at non-financial information
Bookkeeping Systems
o Make use of accrual accounting concepts
o Used by small business
o Can generate non-financial info
o Easy to use, can be used on a few networks
o All pre-programmed reports, ledgers and charts of accounts
o E.g. MYOB
Hybrid Systems
o Integrates operations and financial functions
o Looks at manufacturing, inventory, warehouse and customer information systems
o Helps with decisions to do with operations and finance but requires lots of effort to integrates
Enterprise Resource Planning (ERP) Systems
•
•
•
•
•
•
•
•
•
•
Software designed to capture a wide range of info about all key business events including accounting, finance, HR,
sales, marking and manufacturing
Each vendor has their own business processes and organisation tends to adopt these out for convenience
All activities have data on who, what, where and when
ERP systems facilitate the flow of information between all business functions (i.e. departments) inside the boundaries
of the organisation à ERP is an inwardly organised system
ERP support: revenue sales or order cash
o Payment purchases or purchases to pay
o Production manufacturing or conversion
o Human resources and payroll
o General ledger and financial reporting
They are inwardly organised system: facilitate the flow of information between all business functions
Business data: contains financial and non-financial reference information that records and tracks the status of business
activities prior to completion
Master Data: contains completed transactional info such as sales transactions
Benefits: easier global integrations, reduces money barriers
o Don’t have to update each computer separately
o Either quantifiable benefits and intangible benefits
o Reduces cost of inventory, materials and labour
o Improves customer service and sales
o Increased return on investment
o No longer have duplicated files
Can be identified into two types of benefits
o Quantifiable benefits
o Intangible benefits
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
•
•
Single-sourced ERP: all system or module contained within the system are provided by a single software
Best-of-bred: allows organisations to choose multiple ERP vendors with the best functionality
Single-Source
Best-of-Breed
Functionality
Fit best in organisation that span a
broad range of functions where
horizontal structures are required
Fit best in organisations that are highly
vertically integrated and require special
features special features for their
operations and business processes.
Supply & Support
Easy upgrades, supply and support by
one ERP vendor
Upgrades are unsynchronised and
organisations need to run different
versions of ERP modules
Look and Feel
A standardised presentation
A different look and feel for each of the
modules
User Training
Trained in groups for the complete
suite of software
Users normally specialise in their own
applications with separate trainings
Code Table
Shared database across the
organisation. One location of data.
Multiple data tables, multiple data
formats.
•
Modules in ERP
o Sales and distribution
o Materials Management
o Financial Accounting
o Controlling and profitability analysis
o Human resources
Michael Porter’s Value Chain:
•
•
•
•
•
Inbound logistics – receiving, storing and disseminating inputs to the products
Operations – transforming inputs into final product
Outbound logistics – collecting, storing and physically distributing the product to buyers
Marketing and sales – inducing the buyers to purchase the product and providing a means for them to do so
Service – assisting customer’s use of the product and thus maintaining and enhancing the product’s value
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
WEEK 3: SYSTEMS DOCUMENTATION
SYSTEM DOCUMENTATION:
•
•
•
•
a way of visually depicting the operations of a system
a map – how things move around and what they are
road maps to understand business and navigate processes
Addresses one or more of the following:
o Who is involved
o What activities occur
o Where do the activities occur
o Where do the activities fit within the rest of the organisation
Why do we need them?
•
•
•
•
•
Can’t rely on verbal description, we need to document it
Need to ensure that everyone understands the process, may have several different descriptions
o E.g. textual and graphical
Organisations have overlapping departments that transfer information
Serves as organisation memory
Visualises business process and how data moves within an organisation
Why do accountants need it?
•
•
Interested in operations of business processes, internal controls and data flows with organisations
Can navigate different process
Major types of System documentation:
•
No method will provide everything
Process Maps:
•
•
•
•
•
•
A simple graphical representation of a business process
Solid lines are functional areas
Sub-functions separated with dashed lines
Lines with arrows are documents
Rectangle = process (not documents), diamond = decision
Read left to right, top to bottom
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
System Flowchart:
•
•
Illustrated inputs, processes and outputs in more detail than DFD or process maps
Has information about documents and processes performed with the system as well as those involved
SEMANTICS LIMITED - FLOWCHART
CHIEF BILLING MANAGER
COMPUTER
BILLING ASSISTANT
A
Generate
confirmation
Number
Authorisation
Code
Billing
jobs
START
Updated
Billing Run
Record
Invoice
Billing
Confirmation
Open
Invoice
File
Calculate
batch total
Prepare
Billing
Run
Record
BT
Cash
Recpts
Data
Invoice
Billing Run
Record
Prepare Invoices
Billing Run
Record
BT
Invoice Batch
Summary
Update
Billing Run
Record
Updated
Billing Run
Record
Reconcile
totals
Refunds
&
Credits
Granted
Customer
Master
Data
Billing
Run
Record
Updated
Billing Run
Record
Invoice
ACCOUNTS
MANAGER
CUSTOMER
Invoice
Invoice
A
Data Flow Diagram (DFD)
•
•
Graphical representation of the data flow that occur within a system.
Three types
o Context diagrams
§ Outlines general scenario
§ Provides a representation of the system and the entities that provide inputs to, or receive outputs
from the system of interest
§ Only has one bubble
§ Must be at least one external entity
§ Can have multiple flows from entity
§ Says nothing about what is happening
§ Shows how many external/internal entities
§ Rectangles = external entities
•
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
o
o
•
•
Physical DFD
§ Outlines who, where and how
§ Number = structured narrative
§ Double lines = represents where the data is stored
§ Have same number of rectangles as its corresponding context diagram
§ Bubbles names can be a person, department or thing
§ Depicts the normal process
§ In other words, error routines are NOT depicted in physical DFD
o
Logical DFD
§ Outlines what is happening
§ Shows what procedures are happening in the system
§ Not all numbers present
§ Can show many different levels
§ Circle depicts process NOT entity (e.g. enter sales, create batch total)
It can be exploded into many levels depending upon the complexity of the system of interest
Error routines are only depicted on lower level diagrams (i.e. below level 0)
o Level 0 logical DFD – highest level of depiction of the major group of activities in the system of interest
o Level 1 logical DFD – takes one of the process bubbles from level 0 and expands it to provide detail about the
activities
Entities: any person (who) or thing (what) involved in the activities of a business process
•
DFDs identify two types of entities:
o
An external entity is any entity that provides inputs into a process or receives outputs from a process.
•
o
•
Context diagrams, physical DFD and logical DFD uses rectangles to represent external entities
An internal entity is an entity that processes or transforms the data within the business process of interest.
•
Context diagrams and logical DFD do not show internal entities
•
Physical DFD use circles to represent internal entities
Note that, an external entity is not necessarily external to an organization
Structured narration: written description of how a process operates
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
WEEK 4: DATA FLOW DIAGRAMS:
BALANCING:
•
Diagrams (context, physical data and logical data flow) with the same external entities and flows to and from these
external entities are called balance DFD)
•
•
Can have different number or bubbles, the flow need to balance
They are balanced where
o Two DFDs have equivalent external data flows
o To draw them correctly, the following pairs should be balanced
• Context and physical
• Physical and logical level 0
• Context and logical level 0
Developing a CONTEXT Diagram: (Narration is given)
1. Identify the system of interest
• Draw a bubble and label it to represent the system of interest
2. Identify the external entities
• Draw and label a rectangle for each external entity
3. Identify any data flows between the external entities and system of interest
4. Draw in the data flows connecting the external entities and system of interest and label them
accordingly
Rectangles around entities
Circle around activities
Double lines around data stores
o Checklist
§ Only 1 bubble
§ No data store
§ Bubble name is to describe process
§ All data flows have logical names
Developing a PHYSICAL DFD
1. Identify the external entities
• Draw and label a rectangle for each external entity
2. Identify the internal entities
• Draw and label a rectangle for each external entity
3. Draw in a bubble for each internal entity and label accordingly
4. Identify any data flows between external and internal entities
• Draw in these flows and label the data flow arrows
5. Identify the data flows between the internal entities
• Draw in the data flows between internal entities and label the arrows with the physical
document/information that is being sent or received
o 6. Identify any data stores that are accessed to get data or to store data as part of the process. These may be
paper based or electronic
• Draw these data stores in and link them to the entity that accesses them by including data flow
arrows
•
•
•
•
•
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
•
How to develop a logical DFD
o Identify the external entities
o Eliminate activities that are just send or receive
o Group remaining info processing activities based on the underlying process they perform
o Number and label the underlying process performed by the group of activities
o Identify any data flows between external entities and processes
o Identify the data flows between the processes
o Identify any data stores that are accessed to get data or to store data
o Ensure your logical DFD balances with your physical DFD and context diagram
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
WEEK 5: DATA FLOW DIAGRAMS & SYSTEM FLOWCHARTS
•
•
Understanding the business process allows redesign to flow more easily as you can see what steps can be eliminated or
joined
Why the auditor needs system documentation
o The classes of transactions in the entities operations that are significant to the financial report
o How the transactions are initiated, recorded, processed, corrected and posted to the general ledger
o Any supporting info for the financial records
o How events other than transactions are recorded
o Understand any accounting estimates or disclosures
o Looks at any non-standard journals
o Overall auditors are concerned with how data is handled, steps followed, internal controls to prevent errors
Entities:
•
•
•
•
Business process designed to have a clear starting and finishing point, a clear boundary of scope and operations
Be clear about what each entity performs in the process
External entity: any entity that provides inputs into a process or receives outputs from a process – provides or sends
feedback
Internal entity: an entity that processes or transforms the data within the business process of interest
o Transforms: applying the data to specific tasks (e.g. reviews, confirms, reconciles, approves, batches)
The Narration:
o
o
o
o
o
o
Starting point for systems documentation
Is a written description of how the process operates
Generally prepared after observing a process in action & interviewing key participants
Advantage: anyone who can read can use it
Limitation: comprehensibility depends on the writer’s writing style
Look at what inputs are being used, what process/activities are being carried out, what are the outputs
Structured Narrative Table:
•
•
•
•
•
Summarising narrative in a systematic way
Emphasises entity, input, process and output
Entities listed in order which they occur
Process is a specific activity performed
Output is the destination for the product of the process
Process Maps:
•
•
Simple graphical representation of a business process it details
o Activity that occur
o Area of business responsible for completing the activity
o Links between different areas
o Any decisions that need to be made that are part of the process
Reading process maps
o Rectangle – processes or activities NOT documents
o Arrows connect the processes – normally represent flow of documents or information
o Looks like swimming lanes
Data Flow Diagrams:
•
•
Illustrates the system and components that make up the system as well as the flows between the components
Context diagram
o Overview of data flow says nothing about what happens
o Provides representation of system of interest and the entities that provide inputs or outputs from the system
of interest
o External entities are rectangles, they are NOT involved in actual information processing activities
o System of interest is a bubble, anything that happens outside the system on interest is irrelevant to the DFD
o Level of detail – no detail about what actually occurs, the detail is what happens within the bubble
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
•
•
Physical DFD
o Shows people, places and the things involved in the system
o Has more than one bubble to represent all internal entities involved in the process
o The flows refer to the document or data that is moving between entities
o The number in brackets link back with the structured narrative table
Logical DFD
o Bubble represents a process that occurs within the system of interest – are stages in the process not titles
o Concerned with what is happening
o The arrows tell us what type of information is being sent
o Can have different levels
o Numbers are in order – 1 follows 2, etc
Develop Structured Narration:
•
Includes at least 3 columns:
o Sequence number
o Entities
o Activities
What is an exception: when an error occurs within a process, the process creates an ‘exception’ requiring steps to be taken
outside of the normal process
•
Document exceptions in structured narration and level 1 logical DFD (but not physical or level 0)
Logical DFD – Three Major Things:
•
Go back to structured narrative and:
o Eliminate activities that are just send or receive (also give or take)
o Group remaining information processing activities based on the underlying process they perform:
§ 1) same time
§ 2) logically related
o Number and label the underlying process performed by the group of activities
o
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
•
•
•
•
Number of flows and circles shows the chronological sequences of process
Hence it is impossible that a circle with a big number will have a flow pointing to a circle with a small number
Different grouping of activities will give different logical DDFS.
Check balancing
SYSTEM FLOWCHARTS:
System documentation: presents a comprehensive pic of the mgmt., operations, info systems and process controls embodied in
business processes
Data Flow Diagrams (DFD): portray business process activities, stores of data, and flows of data among these elements
System Flowcharts: provide a graphical representation of a business process, including information processes (inputs, data
processing, data storage and outputs), as well as related operations processes (people, equipment, organisation and work
activities)
•
•
•
•
•
•
•
•
•
•
•
•
Also known as ‘process flowcharts’
Combination of logical and physical DFDs
Provides details of processes performed and resources used to perform them
Shows what is actually involved in the incoming requisitions
Has much more detail
Looks like swimming lanes
Need to understand individual functions and flow chart symbols
Read left to right
Normally starts with an external entity (but not a must!)
Has several columns. Each is an internal entity
Each entity is separated by a solid line (name can be found at the top of page)
Everything that appears within the column for an internal entity visualises the entity’s activities, and how it carries out
its activities
Flowchart Symbols:
•
•
Symbol tells us what data is used, what task is performed and how the task if performed
o Input symbols
o Processing symbols
o Output symbols
o Data stores
o Connectors
Important to use the correct symbol to depict the activity you are documenting
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
Symbols
Connectors
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
Preparing Systems Flowcharts:
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
Divide flowchart into columns (areas of responsibility)
o One column for each internal entity
o One for each external entity
o Label each column
Flowchart columns should be laid out so that activities flow from left to right
o Minimise crossed lines and connectors
Flowchart logic should flow from top to bottom and from left to right
o For clarity, put arrows on all flow lines
Keep flowchart on one page, if possible
o With multiple pages, use off-page connectors
Within each column, there must be at least one manual process, keying operation, or data store between documents
o Do not directly connect documents within the same column
When crossing organisational lines (one column to another) show a documentation at both ends of the flow line unless
the connection is so short that the intent is unambiguous
Document or reports printed in a computer facility should be shown in that facility’s column first.
o Then show the document or report going to the destination unit
Documents or reports printed by a centralised computer facility on equipment located in another organisational unit
should not be shown within the computer facility
Processing within an organisational unit on devices such as PC, laptop or computerised cash register should be shown
within the unit or as a separate column next to that unit but not in the central computer facility column
Sequential processing steps (computerised or manual) with no delay between them (and resulting from the same input)
can be shown as one process or as a sequence of processes
The only way to get data into or out of a computer data storage unit is through a computer processing rectangle or
offline process square
Manual process is not needed to show the sending of a document
o Sending should be apparent from the moment of the document
Do not use manual processes to file documents
o Show documents going into files
More Notes:
•
•
All documents must have an origin and termination: each copy of the document must flow to
o A permanent file symbol
o A symbol denoting an exit from the system, or
o An off-page connector
o A document destruction symbol (small black box)
o ‘cradle to grave’ documentation
Make sure progress of document is clear
o Diagram a document – before and after each process, entering or leaving a file or entering and leaving a page
or area of responsibility
Comparing the different documentation techniques:
•
•
•
Process map & systems flowcharts provide a comprehensive picture of a business process
DFD have less detail
One form of documentation should not be viewed as superior
Internal Control:
•
•
Are introduced across the organisation to manage financial risk exposures and other exposures that do not necessarily
have a direct consequence for the financial statement
Types of control activities
o Performance reviews: activities that involve some form of review or analysis of performance
o Information processing controls: help with accuracy, completeness and authorisation of transactions
§ Accuracy: aim of making all data entered into the system is correct and reflects actual events
recorded
§ Completeness: aim of ensuring all events are recorded within the system
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
Authorisation (validity): whether or not the events that occur are appropriately approved before
being executed
Physical control: control to physically protect the resources of the organisation
§ E.g. staff card only has access to certain parts, drain underneath hazardous waste in case it spills
Segregation of duties: key functions should not be performed by the same person
§ E.g. record keeping, executing, custody, reconciliation
§
o
o
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
WEEK 6: INTERNAL CONTROLS AND CONTROL MATRIX
Internal Controls: process affected by an entity
Types of Controls – Classification 1
Group controls depending on what you want them to do
•
•
•
Preventive controls: designed to stop errors or irregularities occurring
Detective controls: will not prevent errors from occurring. Rather, its functions is to alert those involved in the system
when an error or anomaly occurs
Corrective controls: designed to correct an error or irregularity after it has occurred
Types of Control – Classification 2
•
•
•
Input controls: designed to operate as data enters the system. These controls will typically aim to provide reasonable
assurance about the accuracy, validity and completeness of data being entered
Process controls: put into place to work towards the correct handling of data within the information process stage
Output controls: concerned with the various outputs generated by the process, and are focused on issues such as who
can request outputs, how outputs are prepared and making sure all outputs are accounted for
General Control: those that relate across all the info systems in an organisation
•
•
•
•
•
Physical controls
o Locked computing premises
o Swipe card access
o Biometric access controls
o Onsite security
o Security cameras
Segregation of duties
User access (passwords)
User awareness of risks
Data storage procedures
Note: DO NOT RELATE CLASSIFICATION 1 & 2 TOGETHER. They are completely different!
Information Processing Controls (Possible Control Plans)
•
Input Controls for Data Entry
o Standardised forms
o Prenumbered documents
§ If we include the data/time information on an invoice, is the data/time information equivalent to
prenumbering?
o Sequence Checks
§ If all prenumbered documents are input to a computer system, then use the computer system to
enforce a sequence check
o Turnaround documents
§ Documents that originate as the output from one system and becomes input for another (e.g.
boarding pass)
§ With barcode and RFID system
o Validity Checks
§ Take a given input for a field and ensure that it is an acceptable value
• E.g. existence of a costumer and existence of a product
o Completeness checks
§ Ensure that all required data are entered
§ Ensure that all documents in a batch are there
o Limit checks
§ Check values inputs into a field to make sure they fit within a pre-determined upper limit
o Range checks
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
§
•
•
Function in a manner similar to limit check, with the exception that the checks apply to both the
upper and lower limits
o Reasonableness checks
§ Operate to check that numeric inputs for a field is within a reasonable numeric range
o Redundant data checks
§ By having the data entered twice and then checking the two sets of inputs and making sure they are
identical
o Automated form completion
§ Dropdown menus
o Transaction authorisation procedures
§ Through setting correct user privileges when a system is established
• E.g. by requiring staff to log on with unique usernames and passwords, setting up user
privileges and access rights, etc
o Batch totals (compare with hash total)
o Independent review
Processing Controls
o Batch totals
§ When data is being shifted from one file to another the data should not be changed
o Sequence checks
§ At the processing stage, these checks can operate to ensure that no data have gone missing during
processing activities
o Hash totals
§ Batch totals based around meaningless figures (e.g. sum of all customer numbers in a batch)
o Reconciliations
§ Allow the comparison of two sets of info that should theoretically be the same to identify any
inconsistencies
§ Reconciliations are more powerful if the two sets of information are prepared by two different
people and an independent third person performs the review
o Run-to-run totals
§ E.g. the closing balance of accounts receivable (after the sales have been transferred) should equal
the opening balance (before transfers) plus sales (ignoring any payments from customers)
Output Controls
o Built around protecting the output of the system. These controls protect access to outputs as well as the
format and content of outputs
§ E.g. access privileges and ability to genera reports, page numbering or reports and end of report
footers
Disaster Recovery Plans:
•
Strategy the organisation will put into action, in the event of a disaster that disrupts normal operations, to resume
operations as soon as possible and recover data that relate to its processes
o Key provisions include:
§ Provisions for temporary sites
• Hot sites vs cold sites
§ Staffing
§ Restoring business relationships
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
Execution of Internal Controls
•
•
Consideration of control execution – be it manual or computerised – is important, since there are different
characteristics of manual and computerised controls that can impact on their effectiveness within the organisation
o Manual Controls
§ Prone to human error
§ Can handle irregularities
o Computer Controls
§ Consistent
§ Rely on a sound control environment and general controls
Documenting Controls:
o Once controls are established it is essential to ensure that documentation outlines how these controls
operate
o Methods of documentation:
§ Narrative descriptions
§ Questionnaires and checklists
§ Flowcharts
§ Control matrix
Preparation of Control Matrix
•
•
•
Control matrix: tool designed to assist in evaluating the potential effectiveness of controls in a business process by
matching control goals with relevant control plans
o Establish the criteria to be used in evaluating the controls in a particular business process
Control goals: business process objectives that an internal control system is designed to achieve
Control plans: reflect information processing policies and procedures that assist in accomplishing control goals
Corporate Governance
•
•
•
•
•
•
•
Related to how organisations are managed. The management is affected by internal controls
The way companies are managed to create value, enforce accountability and control, and manage risks
Objectives
1. To ensure that minority shareholders receive reliable information about the value of firms and that
company managers are and large shareholder’s do not cheat them out of the value of their investments
2. Motivate managers to maximise firms value instead of pursuing personal objectives
Or encourage companies to create value through entrepreuralism, innovation, development and exploration and
provide accountability and control systems commensurate with the risks involved
How relations in the organisations are managed
Internal and external to the computer (e.g. pollution)
Accounting is a major tool used to assess the value of the company
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
WEEK 6: Internal Controls
RECAP:
Systems Flowchart: present a comprehensive picture of the management, operations, information systems &
process controls embodied in business processes
Data Flow Diagrams (DFD): portray business process activities, stores of data & flows of data among these elements
Flowchart Symbols Classification:
•
Input symbols
•
Processing symbols
•
Output symbols
•
Data stores
•
Connectors
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
INTERNAL CONTROLS:
Types of Control Activities:
•
Performance Reviews: activities that involve some form of review or analysis of performance
•
Information processing controls: put in place within the ordination to work towards accuracy, completeness
& authorisation of transactions
o
Accuracy – aim to make sure that all data that enters the system is correct & reflects the actual
events that are being recorded
o
Completeness – aim of ensuring that all events that occur are recorded within the system
o
Authorisation (validity) – concerned with whether or not the events that occur are appropriately
approved before being executed
•
Physical Controls: controls that are put in place to physically protect the resources of the organisation
•
Segregation of Duties: concept that crrtain key functions should not be performed by the same person
Segregation of Duties:
Typical reference point within a business process is the separation of the following 4 activities:
•
Record Keeping – person who records a transaction
•
Execution – person who performs a transaction
•
Custody – person in possession of the assets involved in a transaction
•
Reconciliation – person who reconciles transaction data
Types of Controls – Classification 1:
•
Preventive Controls – designed to stop errors or irregularities occurring
•
Detective Controls – will not prevent controls from occurring but alert those involved in the system when an
error occurs
•
Corrective Controls – designed to correct an error or irregularity after it has occurred
Types of Controls – Classification 2 (not relationship with Classification 1)
•
Input Controls – designed to operate as data enters the system. These controls will typically aim to provide
reasonable assurance about accuracy, validity and completeness of data being entered
•
Process Controls – put into place to work towards the correct handling of data within the information
process stages
•
Output Controls – concerned with the various outputs generated by the process, and focused on issues such
as who can request outputs, how outputs are prepared and making sure all outputs are accounted for
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
General Controls:
Relates across all the information systems in an organisation
•
Physical Controls
o
Locked computing premises
o
Swipe card access
o
Biometric access controls
o
Onsite security
o
Security Camera
•
Segregation of Duties
•
User Access (Passwords)
•
User Awareness of Risks
•
Data storage procedures
INFORMATION PROCESSING CONTROLS (POSSIBLE CONTROL PLANS)
Input Controls for Data Entry
•
Standardised forms
•
Pre-numbered documents
•
Sequence Checks
o
If all pre-numbered documents are input to a computer system, then use the computer system to
enforce a sequence check
•
Turnaround Documents
o
Documents that originate as the output from one system and become input for another
§
o
•
With barcode & rfid systems
Validity Checks
o
Take a given input for a field & ensure that it is an acceptable value
§
•
•
E.g. existence of a customer or product
Completeness Checks
o
Ensure that all required data are entered
o
Ensure that all documents in a batch are there
Limit Checks
o
•
E.g. boarding pass
Check values input into a field to make sure they fit within a pre-determined upper limit
Range Checks
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
o
Function in a manner similar to limit checks, with the exception that the checks apply to both upper
and lower limits
•
Reasonableness Checks
o
•
Operate to check that numeric input for a field is within a reasonable numeric range
Redundant Data Checks
o
By having the data entered twice and then checking the two sets of inputs and making sure that they
are identical
More Input Controls
•
Automated Form Completion – Dropdown Menus
•
Transaction Authorisation Procedures – Through setting correct user privileges when a system is
established
o
E.g. by requiring staff to log on with unique usernames and passwords, setting up user privileges and
access rights, etc
•
Batch Totals (compared with hash totals)
•
Independent review
Processing Controls
•
Batch Totals – when data is being shifted from one file to another the data should not change (backup)
•
Sequence Checks – At the processing stage, these checks can operate to ensure that no data have gone
missing during processing activities
•
Hash Totals – Batch totals based around meaningless figures
o
•
E.g. sum of all customer numbers in a batch
Reconciliations – allows comparison of two sets of information that should theoretically be the same to
identify any inconsistencies
o
More powerful if two sets of information are prepared by two different people and an independent
third person performs the review
•
Run-to-run Totals
o
E.g. the closing balance of accounts receivable (after the sales have been transferred) should equal
the opening balance (before transfers) plus sales (ignoring any payments from customers)
Output Controls
Built around protecting the outputs of the system. These controls protect access to outputs as well as the format &
content of outputs
Examples:
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
•
Access privileges
•
Ability to generate reports
•
Page numbering of reports
•
End of reports footers
DISASTER RECOVERY PLANS:
•
Disaster recovery plan: strategy that the organisation will put into action, in the event of a disaster that
disrupts normal operations, to resume operations as soon as possible and recover data that relate to its
processes
•
Key provisions include:
o
Provisions for temporary sites
§
Hot sites vs. cold sites
•
Hot site – already set up
•
Cold site – have to set it up yourself
o
Staffing
o
Restoring business relationships
RISK MANAGEMENT:
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
EXECUTION OF INTERNAL CONTROLS
•
Consideration of control execution – be it manual or computerised – is important, since there are different
characteristics of manual and computerised controls that can impact on their effectiveness within the
organisation
•
•
Manual Controls:
o
Prone to human errors
o
Can handle irregularities
Computer Controls:
o
Consistent
o
Rely on a sound control environment & general controls
DOCUMENTING CONTROLS
Once controls are established, it is essential to ensure that documentation outlines how these controls operate
•
Methods of documentation
o
Narrative descriptions
o
Questionnaires & checklists
o
Flowcharts
o
Control matrix (not examinable)
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
WEEK 8: The Revenue Cycle (Chapter 9)
REVENUE CYCLE
Also known as “order-to-cash” process or Sales Process
•
Describes the business processes for processing a customer order
o
i.e. all events that are involved in processing a customer request, collecting goods from the
warehouse, delivery of goods & collection of payment for those goods
Objective: Excellent customer service must be provided at all time
•
Revenue cycle consists of all events that are involved in the exchange of goods and services with customers,
including processing customer orders, delivery of foods & collection of payment for those goods
FRONT END vs. BACK END PROCESSING
Front-end – client facing where the sales transaction takes place
•
Ensures sales of goods and services are effectively conducted, recorded and monitored
o
o
E.g. Marketing
§
Design sales strategies
§
Check prior sales data
§
Propose actions for the organisation
E.g. Sales
§
Customer contact
§
Sales meetings
§
Customer relationship management
Back-end: Accounts Receivable Phase
•
Ensure payments, goods and services are received and banked correctly
o
e.g. Finance/Accounting
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
KEY PERFORMANCE INDICATORS (KPI)
BRIEF DESCRIPTION OF ‘INTERNAL ENTITIES’
•
Sales Department: properly authorises and correctly records customer orders
•
Logistics Department: packs and ships the goods to customers in a timely and correct manner
•
Accounting Department; bills the customer the right amount, at the right time, for goods that have been
supplied
o
Receipts & banks the received payments quickly & accurately
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
WHY IS THE REVENUE CYCLE IMPORTANT?
•
Level of sales drives all other activity levels within the organisation
•
In order to survive & prosper, an organisation must not only remain profitable, but also be able to achieve
positive cash flows
•
Thus, a well-controlled revenue cycle can provide a competitive advantage by providing superior customer
service
DATA STORES & REVENUE CYCLE
•
Customer Data – data table stores the information to describe the characteristics of customers
•
Inventory Data – data table stores the information to describe products & the inventory in the warehouse
•
Sales Order Data – data table stores the information of customer sales orders
•
Accounts Receivable Data – data table stores the related information about the payment status quo
o
E.g. how much money has been paid by the customer in the past & what is the latest balance in the
accounts receivable account
TYPICAL ACCOUNTING DOCUMENTS USED IN THE REVENUE CYCLE
1. Customer Order
6. Bill of Lading
2. Order Acknowledgment
7. Shipping Notice
3. Credit Application
8. Sales Invoice
4. Sales Order
9. Remittance Advice
5. Goods Packing Slip
10. Customer Service
1.0 PROCESS THE SALES ORDER
1.1 CHECK INVENTORY LEVELS
•
Check the inventory availability
•
Don’t promise what you can’t keep
•
If the goods are available, don’t reject order; or else, create a back order
o
Whether there can be a back order depends on product’s nature
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
1.2 CREDIT CHECK
•
Credit checks take place before selling to clients
o
Restaurants, supermarkets, banks, online sales, etc.
•
Pre-billing (payment required before sales)
•
Post-billing (customer is billed after the goods are dispatched)
•
Exception report (listing a customer’s transactions that were rejected constantly)
1.3 CREATE SALES ORDER
•
After the inventory levels & a customer’s credit worthiness have been checked, the sales order process can
proceed
•
Involves data input for product & customer data & then generating a sequentially numbered sales order
•
Sales order should be managed quickly but could be also done through batch processing (regular
predetermined interval)
•
•
2 Major purposes
o
1. Notify the warehouse
o
2. Update inventory data
If items are unavailable, a back order can be used for later delivery
2.0 PICK, PACK & SHIP THE GOODS
2.1 PICK THE GOODS
•
Warehouse needs to pick & pack the goods when the sales order is received
•
Picking documents can be provided printed or electronically
o
•
E.g. PDF or iPad
Control mechanisms essential when dealing with portable items
2.2 PREPARE FOR SHIPPING
•
Before sending the goods out, the picking ticket should be checked against the goods
•
Controls could be done manually
o
•
Controls could be done electronically
o
•
E.g. someone who was not involved int the packing
E.g. Barcode scanners/RFID
If done manually, independent staff should handle the process
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
2.3 DELIVER THE GOODS
•
Customer shipping label (=packing list) needs to include all details necessary
•
Delivery address might differ from billing address (this is important for corporations)
•
Order status in the sales order data store is updated – the sales order status code should be switched ot
‘shipped’ if goods are dispatched
3.0 BILL THE CUSTOMER
3.1 CHECK SALES COMPLETION
•
Match sales order with shipping label copy
3.2 CREATE INVOICE
•
Customer’s account needs to be changed to ‘invoiced’ à accounts receivable
•
Remittance advice are used if customers are late à turnaround document
4.0 RECEIVE AND RECORD PAYMENT
4.1 RECEIVE PAYMENT
•
Check late payers
•
Cheques & cash need to be deposited to a bank
•
Cheque endorsement – ‘pay only to ABC’
o
That means that the cheque cannot be transferred to a different account
4.2 RECORD PAYMENT
•
Batch and hash totals are used to check the overall balance
WHY DO WE NEED TO STORE DATA?
STRATEGIC LEVEL
•
Price setting – requires construction of price
•
Sales return & warranty – predicting potential volume of returns
•
Provision of credit – involves risk analysis
•
Cash collection – requires knowledge on average payment times, competitors, etc.
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
OPERATIONAL LEVEL:
•
Responding to customer inquiries
•
Credit extension
•
Inventory availability
•
Delivery method
•
Cash receipt allocation
TECHNOLOGIES UNDERPINNING THE REVENUE CYCLE
ENTERPRISE RESOURCE PLANNING (ERP)
•
Improves the integration of enterprise – wide data
ELECTRONIC DATA INTERCHANGE (EDI)
•
Enables the exchange of data between two separate computer systems
•
Traditionally very expensive and used by large corporations
•
Large corporations used EDI to transfer information between suppliers & banks
CUSTOMER RELATIONSHIP MANAGEMENT (CRM)
•
Improves understanding of customers & their interaction with the organisation
•
Stores information about the customer relationship & transaction history
o
e.g. reward cards
STRATEGIC LEVEL
•
Price setting – requires construction of price
BAR CODE TECHNOLOGIES
•
Used to update warehouse/inventory levels
RFID TECHNOLOGIES
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
WEEK 9: The Expenditure Cycle (Chapter 10)
EXPENDITURE CYCLE
•
Consists of all events that are involved in the purchase of goods & services & the payments for these goods
& services
o
Key consideration is the need to balance the supply & demand for products with cash flow
considerations
TWO KEY ELMEENTS
1. Purchasing form External Suppliers
2.
o
Right goods; right amount; right time
o
Maximise favourable settlement terms
Accounts Payable Phase
o
Pay right people; right amount; right time
BASIC ACTIVITIES IN EXPENDITURE CYCLE
•
Make a request to buy
•
Prepare a list of possible suppliers
•
Select a supplier from the list
•
Prepare the paperwork to the supplier
•
Collect the goods from the supplier
•
Check the goods quality & quantity
•
Make the payment to the supplier
•
If goods are damaged, talk to the supplier
KEY PERFORMANCE INDICATORS (KPI)
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
FOUR MAJOR ACTIVITIES PERFORMED BY INTERNAL ENTITIES
BRIEF DESCRIPTION OF ‘INTERNAL ENTITIES’
•
Any department in the organisation can initiate a purchase request
•
Purchasing Department – reviews & approves purchase request
•
Warehouse – keeps track of inventory & receives the goods
•
Accounts Payable Department – makes the payment to the supplier
RELEVANT DATA STORES
•
Supplier Data (Vendor Data) – Stores the data to describe the characteristics of suppliers
•
Purchase Requisition Data – Stores the data to describe purchase requisition, which are internal requests &
submitted to the Purchasing Department
•
Purchase Order Data – Stores the information about purchase orders
•
Accounts Payable Data – Stores the related information about payments made to the supplier
o
•
E.g. how much money should have (or has been) paid to the supplier
Goods Receipt Data – Similar to purchase order data, but contains information about the quantity of
received goods and date of arrival
•
Cash Payment Data – contains cash payment information to the supplier
•
Inventory Data – stores information to describe products & inventory in the warehouse
•
Sales Order Data – stores the information about customer sales orders
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
SOURCE DOCUMENTS
1. Purchase Requisition
o
Inventory control or purchase requisition department
o
Only used internally
2. Purchase Order
o
Acts as binding contract between firm & vendor
o
Prepared by the purchase department
o
Internal and external Use
3. Supplier list (or Vendor list)
§
List of authorized vendors that offer quality goods and services at reasonable price
§
Part of a database
4. Purchase invoice
§
Amount due and payment terms
§
Prepared by the vendor
5. Goods packing slip
§
Generated by the vendor sent to the purchasing organization
6. Receiving report
§
Generated by receiving department
§
Vendor details, shipping weight, purchase order and delivered goods description
7. Remittance advice
§
Generated by accounting unit or vendor
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
EXPENDITURE CYCLE BUSINESS DECISIONS
STRATEGIC LEVEL:
•
Purchase Consolidation
o
Should business unit purchase for the entire group?
•
How IT can improve efficiency & accuracy
•
Identifying where inventories should be held
OPERATIONAL LEVEL:
•
Determining optimal inventory level
o
What is the optimal balance?
•
Supplier selection (quality, service & price)
•
Cash flow consideration s
STRATEGIC IMPLICATIONS OF THE EXPENDITURE CYCLE
¡
A well-controlled expenditure cycle can provide a competitive advantage
§
Providing high quality products and services
§
Opportunity for higher product pricing
¡
Failure to correctly manage purchasing can lead to problems that impact on revenue and production
¡
Poor payment practices can damage cash flow and supplier relationships
1.0 DETERMINE DEMAND FOR GOODS
1.1 COLLECT REQUESTS
•
Organisation, business units, team, warehouse, etc
•
This could be done electronically
o
Automatic reorder point in the inventory system
o
Set an alarm level for each product
1.2 CREATE PURCHASE REQUISITION
•
How often should you order?
•
How urgent is the order?
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
Which Data Stores Are Assessed??
•
Inventory – Retrieve or update or both?
•
Sales order – Retrieve or update or both?
•
Purchase Requisition – Retrieve or update or both
2.0 ORDER GOODS
2.1 CHOOSE THE SUPPLIER
•
Who can supply?
o
Most organisations have a list of pre-approved or authorised supplies to choose from
o
Who maintains the list?
•
When can they supply?
•
How to avoid paying too much?
o
•
Tender process; reverse auctions etc.
How to avoid collusion?
o
Segregation of duties
Kickbacks (a form of bribery):
•
Corporate gift policies
•
Job rotation
•
Enforced annual leave
•
Supplier audits
•
Disclosure requirements (conflict of interest not at arm’s length)
o
Arm’s length principle (ALP) – condition or fact that the parities to a transaction are independent
and on equal footing
Who can order with company credit card? Is there a cross-check?
•
Restriction of company credit card use
•
Reconciliation – an activity where two different sets of data that purports to represent one transaction or
set of events are compared to see if they agree
2.2 CREATE PURCHASE ORDER
•
Any stocks of blank purchase order forms should be closely controlled. Why?
o
•
Legally binding documents – trigger events (similar to prescription pads)
Generally, three copies of purchase orders are produced
o
Who gets these copies?
§
Purchasing manager
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
§
Vendor
§
Customer
Which Data Stores Are Assessed??
•
Inventory – Retrieve or update or both?
•
Supplier Data – Retrieve or update or both?
•
Purchase Requisition – Retrieve or update or both?
•
Purchase Order – Retrieve or update or both?
3.0 RECEIVE GOODS
A copy of the puchrase order is sent to the receiving location. It is a blind purchase order.
•
Blind purchase order
o
Does not have numbers of item or amounts
o
Type of control
o
Only accounts for how many inventory is there (don’t know how much is supposed to be)
o
Separating a point of potential error
3.1 ACCEPT THE DELIVERY
•
Staff need to cross-check purchase order against delivered goods
•
RFID – everything is automated
•
How to increased counting accuracy?
3.2 RECORD GOODS RECEIVED
•
Purchase order should be updated to ‘goods received’
Which Data Stores Are Assessed??
•
Inventory – Retrieve or update or both?
•
Supplier – Retrieve or update or both?
•
Goods Received – Retrieve or update or both?
•
Purchase Order – Retrieve or update or both?
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
4.0 PAY FOR GOODS
4.1 APPROVE THE PAYMENT
•
Accounts payable staff should check purchase order, goods received data & invoice for accuracy
•
A 3-way checking (reconciliation)
•
Invoice less payment
4.2 MAKE THE PAYMENT
•
Don’t pay twice, don’t pay late, don’t pay too much
•
Online banking
TECHNOLOGIES UNDERPINNING THE EXPENDITURE CYCLE
ERP (Enterprise Resource Planning
EDI (Electronic Data Interchange)
•
Enables the exchange of data between separate computer systems
RFID (Radio Frequency ID Tags)
•
Small tag attached to an item that can be scanned. Expedites stock handling
Supply Chain Management Software (SCM)
•
Improves the planning and execution of orders through supplier and customer integration
•
Vendor-managed inventory?
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
WEEK 10: The Production Cycle (Chapter 11)
PRODUCTION CYCLE
Conducted by organisations that choose to manufacture some or all of their products for sale, as opposed to
purchasing them ready-made. The production cycle commences when a new product has been designed and ends
when all production costs have been recorded
•
A key consideration is to ensure that sufficient goods are manufactured in time to meet customer demand
TWO IMPORTANT ELEMENT
1. Planning
o
The front end of the cycle is where production requirements are determined for new products & the
overall production schedule is planned
o
The objective of this planning phase is to effectively plan production at both a production and
schedule level
§
This stage corresponds to Activity 1.0 and 2.0 on the Production Process DFD
2. Execution
o
The objective is to ensure that the planned production activities are carried out accurately &
effectively and that all production records are correctly updated
§
This stage corresponds to Activity 3.0 & 4.0 on the DFD
STRATEGIC IMPLICATIONS OF THE PRODUCTION CYCLE
•
•
A well-controlled production cycle can provide a competitive advantage
o
Providing high quality lower cost products
o
Higher product pricing or greater market share
Failure to correctly manage product & production planning can cause problems that impact on revenue &
inventory management processes
•
Failure to correctly record or apply production costs can lead to errors in product pricing which can create
cash flow problems
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
PRODUCTION CYCLE BUSINESS DECISIONS
PRODUCTION LEVEL:
•
Determining type of quantity of product
•
Scheduling production with align with demand
PRODUCT LEVEL:
•
Material requirements
•
Labour requirements
•
Equipment requirements
FOUR MAJOR ACTIVITIES PERFORMED BY INTERNAL ENTITIES
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
SOURCE DOCUMENTS
1.
Purchase order
•
2.
Bill of material
•
3.
Authorised vendors
Inventory
•
7.
Requesting that materials move from storage to factory
Vendor list
•
6.
For store to release raw materials and WIP so that production can start
Material requisition
•
5.
Raw material and WIP required to produce finished good
Work order
•
4.
Binding contract between firm and vendor
Raw materials, WIP, and finished goods
Production schedule
•
Machines and employees; raw materials o be used; when WIP will be stored; when finished
goods available
8.
Timesheet
•
9.
Details of job hours and pay rates relating to a job or period
Work-in Process
•
Manufacturing costs (labour, material, and overhead) related to the manufacture of a finished
good
DATA & THE PRODUCTION CYCLE
PRODUCTION CYCLE ACTIVITIES REQUIRE ACCESS TO
•
•
Raw Materials Inventory
o
Can be part of the INVENTORY master data
o
This data store indicates the amount of each kind of raw materials in the warehouse
Product Specification
o
•
Stores the data to describe the nature, feature, function, purpose of a product
Production Scheduling Data
o
Stores the data of which products will be manufactured during what time periods, in
which factor
•
Production Sequencing Data
o
•
Stores the data of production sequence
Product Costing Data
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
o
Stores the cost of raw materials, operations, manufacturing, labour to produce one unit
of products
TECHNOLOGIES UNDERPINNING THE PRODUCTION CYCLE
ERP (Enterprise Resource Planning)
Barcode Scanner
RFID (Radio Frequency ID Tags)
Computer Aided Manufacturing (CAM)
•
Software that is used to automate production machinery to achieve better control & more
reliable outputs
Manufacturing Resource Planning Systems (MRP)
•
Information system that plans the need for raw materials and inventories of raw materials used
in the manufacturing process
•
MRP also includes the planning of raw materials, labour & machinery
•
Has the capability to perform what – if analyses of variance in schedules, raw material
availability, personnel & other resources
•
Supports many linkages across the organisation, including sales and marketing via the
development of a master product schedule
Flexible Manufacturing Systems (FMS)
•
Systems used during production execution that are designed to respond to any changes
detected during production
o
i.e. to introduce flexibility
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
1.0 DETERMINE PRODUCT PRODUCTION REQUIREMENTS
1.1 ACTION NEW PRODUCT NOTIFICATION
•
New product has been designed
•
Design may be in the form of CAD
•
Design Staff (Engineer) à Production Planning Staff
o
Data are stored in product specification data store, which describes the features, models, materials
of the new product
•
Production planning staff examines the design & identify exactly what materials & equipment are required
to make the product
1.2 CALCULATE PRODUCTION REQUIREMENTS
•
Involves performing detailed planning for the new product to identify and record the materials required to
manufacture the product, and the operational steps involved in manufacturing the product
o
Product planning staff use data from the product specification and raw materials inventory data to
create a bill of material for the product
o
Product planning staff also use data from the product specification to create a production sequence
of how to manufacture the new product
•
Retrieve data from Raw Materials Inventory
•
Update data in Bills of Materials
•
Update data in Product Production Sequence
Bills of Material (BOM)
•
Identifies components needed to make one unit of finished product
•
Result of the product design process which leads to an engineering drawing
Multiple levels of BOM:
•
Component may have its own components
o
E.g. components of the standard car assembly
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
2.0 PLAN PRODUCTION SCHEDULE
2.1 CREATE PRODUCTION SCHEDULE
•
Production schedules are typically planned on a regular basis, often a month or more in advance, and are
eventually broken down into a series of daily production runs or batches
•
Calculate the future demand of products
•
Automatic reorder points might be needed
•
The production planning staff need to work within the constraints of resource availability to produce a viable
schedule and meet the forecast demand
Retrieve data from:
•
Finished Goods Inventory
•
Production schedule (it tells the planners which workers or which machines will be available)
Update data in
•
Production schedule
Risk?
•
Under/over-estimating product demand, or under-utilisation of available resource
2.2 IDENTIFY MATERIAL REQUIREMENTS
Having determined
1. Quantity of each product required
2. Production schedule
Then;
•
Retrieve the details of availability of the raw materials required, from which two data stores?
•
Total amount of raw materials required
o
•
Total = Quantity required x raw materials per product item
If additional inventory of raw materials is required, then the production planning staff would create and
send a purchase requisition for these raw materials to the purchasing departments
Risks?
•
Under/over-estimate the materials requirement
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
3.0 PRODUCE THE PRODUCT
3.1 ASSEMBLE REQUIRED RESOURCES
•
Retrieve the daily production schedule from the production schedule data
•
This step is done by production operations staff
o
Make sure that raw material is available
o
To transfer raw materials from warehouse to the factory, the paperwork is known as a material
requisition
•
o
After the raw materials are issued, the raw materials inventory should be updated
o
Make sure that labour is available; retrieve data from EMPLOYEE data store
Put things together, release raw material, make sure that sufficient staff is available on production day, etc.
3.2 EXECUTE PRODUCTION SCHEDULE
•
The production schedule details which products are to be produced, how many of each product is required,
the resources required to produce these products & the production sequence of each product
•
The actually factory work is beyond the scope of AIS!
4.0 PRODUCT COSTING
4.1 CALCULATE COSTS
•
How costs are assigned to products has an impact on the measurement of an individual product’s
profitability and on the pricing of that item
•
Hence, details of all costs incurred during the production cycle are accumulated including costs relating to
labour, raw materials & manufacturing overheads
4.2 RECORD COSTS
•
After costs for both process & product have been established they are recorded in the finished goods
inventory
•
Details of the production costings are sent to the revenue cycle to enable product pricing to be determined
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
WEEK 11: SYSTEMS DEVELOPMENT
IT/IS IN ORGANISATIONS
STRATEGIC MANAGEMENT MATURITY MODEL
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
ALLIGNING IT & BUSINESS
•
Focus in earlier eras was on improving efficiency & effectiveness. Integration in enterprise strategy was not
that critical for these gains to be made
•
However, integration was found to take improvements in efficiency & effectiveness to new levels
•
In today’s competitive environment, alignment and integration of IT in enterprise strategy is essential
ANTECEDENTS TO ALIGNMENT
•
Shared understanding between business & IT
•
Appropriate governance mechanisms
•
Enterprise architecture maturity
•
Having a strategic direction
o
What, how & why
•
Flexible links between IT & business
•
Ability to respond quickly to change
OTHER FACTORS INFLUENCING ALIGNMENT
•
IT and business staff unable to find common ground
o
•
Values, language, experience, culture, focus, incentives
Status of IT within the organisation
o
Organisational structure (reporting lines.)
o
Control systems (control over resources and budgets)
o
Power structures (influencing champion)
o
Stories (legacy systems, spectacular successes or failures)
o
Rituals and routines - “new systems that work best are those that are aligned not only with the
business but also with the way people think and work”
o
Symbols (size and location of office, etc.)
o
Organisational paradigm (IT seen as a cost not investment)
ORGANISATIONAL NEED FOR SYSTEMS DEVELOPMENT
•
An existing system has reached the end of its usefulness and is in need of replacement because of an
outdated technology or slow processing time
•
A new strategic opportunity has been identified that will allow the business to improve its strategic position
•
The business is just starting out and has no systems in place
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
SOFTWARE SELECTION FOR SMEs
Generally a simpler system is required so the selection process is easier
Selection process:
•
Identify company’s needs
•
Survey the market
•
Identify shortlist
•
Arrange a demonstration
•
Decision and implementation
OPTIONS FOR A COMPANY TO HAVE AN INFORMATION SYSTEM
Approaches
Description
Remarks
Off-the-shelf software
The company purchases a software
Low-cost, but the softw
package, install it and use it.
not tailored-made. It is
software package, not
system.
In-house development
Outsourcing
The company hires a team of software
It works only if the com
developers
IT knowledge.
The company has a contract with an IT
An expensive option, b
consultancy. The IT consultancy develops
most reliable option.
an information system for the company.
The company pays a certain amount of
$$ to the IT consultancy.
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
SYSTEMS DEVELOPMENT LIFECYCLE
•
Systems development lifecycle (SDLC) represents a very structured and methodical way of doing
development projects
•
Ideally, any SDLC should result in a high quality system that meets or exceeds customer expectations,
reaches completion within time and cost estimates, works effectively & efficiently in the current and
planned IT infrastructure, and is inexpensive to maintain the cost effective to enhance
STAGE 1. INVESTIGATION
FEASIBILITY
•
Financial à who pays?
•
Legal à does the system work within legal boundaries?
•
Schedule à can it be done in a given amount of time?
•
Technical à is there enough technological infrastructure?
•
Strategic à Does it make sense for the business strategy?
The systems development steering committee selects the most feasible alternative
The systems development steering committee
•
Typical personnel on the committee are:
o
Project Manager (or managers for larger projects)
o
System analysts
o
Programmers
o
Software testers
o
Users.
o
Depending on nature of project, team may also include hardware and communications specialists,
database designers and administrators, and other IT specialists.
•
Team composition changes over time.
•
During requirements definition, the team will be heavy with systems analysts.
•
During design and implementation, it will be heavy with programmers, testers, and database designers.
•
During integrated testing and conversion, the team will be augmented with testers and business users.
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
STAGE 2. ANALYSIS
This stage has 2 parts
1. Understand what the current system does and how it operates
2. Specify what the new system will need to do
Requirement analysis and specification implies a thorough understanding of the system
Methods to gain an understanding of system
ANALYSE SYSTEMS DOCUMENTATION
•
Process map
•
Logical and physical DFD
•
Systems flowchart
TECHNIQUES FOR ACQUIRING INFORMATION
•
Questionnaire
•
Observation
•
Interviews
•
Prototyping
STAGE 3. DESIGN
Systems Design takes two perspectives
1. Logical
o
Concerned with a design that is independent on the actual technology required for its
implementation
2. Physical
o
Requires the specification of the technical aspects
Determine Outputs
•
Be familiar with the different users’’ requirements
•
The outputs required to do their job
Determine Inputs
•
Work backwards from outputs to decide what inputs will be required to produce some outputs
Design Approval
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
•
Approval required before proceeding (a protype)
•
Imperative that designers and users concur on the design
•
Once design is signed off no further design changes should be permitted
•
Once the design has been approved the organisation must determine where it will source required hardware
and software
STAGE 4. IMPLEMENTATION
This stage involves getting the system up & running within the organisation
ACTIVITES:
•
Build physical environment required for new system
•
Data storage facilities
•
Any required programming must be completed
•
System may need to be installed
•
Thorough testing of a system
NETWORK & DATABASE
•
Can start the implementation phase
•
Technical specifics for the network come from specifications
•
Data extract, transform, load
PROGRAMS
•
Modified existing programs
•
In-house- developed programs
•
Debug & test programs
IMPLEMENTATION APPROACH
•
Direct conversion
•
Parallel conversion
•
Phased-in conversion
PREPARTION FOR CONVERSION
•
Preparation of the users of the system and reviewing and the system documentation, ensuring that users are
able to follow the documentation and procedures correctly
•
Benefits realisation
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
STAGE 5. MAINTENANCE & REVIEW
MAINTENCE
General aim of keeping the new system running and supporting users in their interactions with the system
•
System improvement
•
System modification
•
Bug correction
REVIEW
Completes the systems development lifecycle and is concerned with carrying out an ex-post analysis on how the
systems development project has worked
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
WEEK 11: ETHICS, CYBERCRIME & AUDIT
ETHICS
ETHICS – implicit rules that guide us in our everyday behaviour, thoughts & actions.
•
Is how we act to make the ‘right’ choice’ and produce ‘good behaviour’
ETHICAL THEORIES – used to assist in deciding on the best course of action
•
Consequentialist theories
•
Non-consequentialist theories
IMPORTANCE OF ETHICS IN AIS & ACCOUNTING
•
Decisions based on intuition and personal feelings do not always achieve the best outcome
ETHICAL ISSUES IN BUSINESS
•
Ethical issues in business are expanding as business becomes globalised & more complex
•
ASIC annual report indicates that insider trading is increasing
•
Whistle blowers often expose misconduct or corruption
•
APESB code of ethics is mandatory for all members of the accounting profession
ETHICAL DECISION MAKING
1. Identify the facts
2. Define the issue(s)
3. Identify the principles that can be applied
4. Identify possible actions & the stakeholders affected by these actions
5. Compare steps 3 & 4
6. Select a course of action
7. Implement the selected course of action
ETHICAL ISSUES IN AIS
CUSTOMER PROTECTION & PRIVACY
•
It is now easier to gather information about people
•
Users of websites can be profiled without their knowledge
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
COOKIES
•
Small electronic files placed on a computer to record sites viewed and viewing preference
•
Cookies are linked with data mining and customer profiling
•
Customer profiling is the building up of detailed customer information based on data gathered from various
sources and combined
CUSTOMER PROTECTION PRIVACY
Key Issues
•
Security
•
Consent
•
Privacy laws and standards
•
Access to technology
SECURITY
•
Measures must be in place to ensure that data cannot be accessed by unauthorised personnel or copied or
used for illegitimate purposes
•
Need to protect the quality of the data
PRIVACY ACT 1988 (Commonwealth)
1. Personal information shall not be collected … for inclusion in a record or in a generally available
publication unless:
a) The information is collected for a purpose that is a lawful purpose directly related to a function or
activity of the collector and
b) The collection of the information is necessary for or directly related to that purpose
2. Personal information shall not be collected by a collector by unlawful or unfair means
INFORMATION PRIVACY PRINCIPLES
•
Collection of information
•
Accuracy in use
•
Solicitation
•
Relevant use
•
Storage
•
Usage
•
Record Keeping
•
Disclosure
•
Access
•
Alteration
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
CYBERCRIME
Cybercrime – a crime committed using a computer and/or the internet
•
Often used interchangeably with terms such as
o
Computer crime
o
Computer related crime
o
E-crime
o
High tech crime
o
Cyber fraud
o
Internet crime
MALWARE: VIRUSES, WORMS, TROJANS & BOTS
Malware – malicious code designed to damage, steal data or disrupt computer systems & networks
•
Viruses – a program or code that is designed to infect a program, boot sector, partition sector or document
•
Trojans- harmful pieces of software that look legitimate
•
Bots –designed to infect the host & connect back to a remote server not controlled by the organisation
EXAMPLES OF COMPUTER CRIME
•
Spam – sending of unsolicited emails or junk email
•
Phishing – form of social engineering that attempts to steal sensitive information.
o
An attacker’s goal is to compromise systems to obtain usernames, passwords & other account
and/or financial data
o
•
They are most frequently accomplish phishing attacks via email
Socially engineered Trojans
o
Usually, website tells users they are infected by viruses and need to run fake antivirus software, or
they're nearly out of free disk space and need a fake disk defragger. Finally, they must install an
otherwise unnecessary program, often a fake Adobe Reader or an equally well-known program.
o
Use executes the malware, clicking past browser warnings that the program could possibly be
harmful. Socially engineered Trojans are responsible for hundreds of millions of successful hacks
each year.
•
Ransomware
o
Malware specifically designed to take control of a computer and hijack files. The files are encrypted
so the victim loses access to them. Once executed in the system, the ransomware can either (1) lock
the computer screen or (2) encrypt predetermined files. A request for a ransom is then made
•
Denial of Service
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
o
A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or
resources of a targeted system, usually one or more web servers.
INTERNET FRAUD & SCAMS
Fraud – An act of deception committed against an entity, usually with the intent of either causing damage to the
victim or bringing benefit to the perpetrator
Scam – to get something from someone by plausible deceit or deception
EXAMPLES OF SALES & E-COMMERCE FRAUD
•
Paying non-existent suppliers or false invoices
•
Using illegaly obtained credit card numbers
•
Non-existent sales
•
Non-existent customers
•
Inventory theft
REDUCING THE RISK OF CYBERCRIME
Establish
•
Effective internal control system
•
Sound corporate governance system
•
Strong ethical culture
•
Known your employees
•
Monitor policies
AUDIT
IMPORTANCE OF THE AUDIT FUNCTION
•
The auditing or assurance function provides the board and management with important insights into the
organisational environment
•
Independent, frank and fearless advice to the CEO
•
Professional auditors provide audit and assurance services to enhance corporate governance through:
o
The internal audit function
o
External audits
o
The audit committee
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
INTERNAL AUDITING
Internal auditing is undertaken to evaluate and improve an organisation’s risk management, control & governance
processes
Activities of the internal audit function
•
Compliance or Performance Audits
o
Monitoring internal control
o
Examining financial and operating information
o
Reviewing operational activities
o
Evaluating risks
o
Evaluating systems
EXTERNAL AUDITING
•
An external audit is a regulatory mandate
•
ASA 700 outlines the auditor’s responsibilities
•
Can build on internal audit findings and recommendations
•
The auditor’s opinion states whether the financial reports present fairly in all material respects (see Annual
report)
•
Audit quality may be compromised due to time constraints, management pressure and limited resources
AUDIT COMMITTEES:
•
The GFC and corporate collapses have led to the increasing importance of audit committees to enhance
corporate governance
•
The audit committee has a mandate to cover a wide range of assurance activities
•
Under ASX corporate governance principles all ASX 300 companies are required to have an audit committee
FINANCIAL (STATUTORY) AUDIT
All publicly listed companies in Australia are required by statute to be audited
•
Sarbanes - Oxley Act Requirements
o
•
Major chartered firms policies and procedures incorporate requirements of this act
Auditor comments on:
o
the “true and fair view” of the company’s activities
o
whether or not accounts have been prepared in accordance with generally accepted accounting
principles (GAAPs)
§
Source of information: the AIS
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
INFORMATION SYSTEMS AUDIT
An information systems audit is commissioned by management to seek assurance that the system has adequate
controls included
•
First step is to assess the risk the system faces
o
Inherent risk .. system context or nature of the system
o
Control risk .. do controls exist, manual or automatic
o
Detection risk .. how easily can an auditor detect an error
OVERVIEW OF THE AIS AUDIT
Audit trail – traditional method that auditors used to follow a paper ‘audit trail’ from source documents to final
accounts and vice versa
•
Historically, auditors have attempted to audit ‘around the computer’. However, with modern pos systems
auditor must not audit ‘through the computer’
AIS AUDIT COVERS 5 PHASES
1. Planning
2. Field Work
3. Analysis
4. Completion Review & Reporting
5. Monitoring & Review
AUDIT TOOLS:
Audit tools falling into 2 categories:
1. Internal Control Frameworks
•
COBO
•
COBIT
2. Computer Auditing Tools & Techniques (CATTs)
•
Testing using test data .. manually calculate expected result
•
Integrated test facility .. dummy records that are processed
•
Embedded audit software .. software to detect outliers
•
Generalised audit software .. Benford's Law, experts systems
PLANNING THE AUDIT
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
Planning includes all the preparatory steps taken in advance of the fieldwork
•
Studying the client & industry
•
Studying the client’s system
•
Developing the audit program
o
Master audit program
FIELDWORK (PERFORMING THE AUDIT)
•
Fieldwork involves carrying out the tests identified in the planning stage including verification or
confirmation testing
•
Analysis involves a careful study of the test outcomes as well as an evaluation of the system’s internal
control
ANALYSIS
•
Involves a careful study of the test outcomes, the interview notes * the documentation accrued from the
fieldwork.
o
•
Whilst fieldwork & analysis are depicted as 2 sequential steps, they are often iterative
An important analysis process is evaluating the system’s internal control
EVALUATING THE SYSTEM’S INTERNAL CONTROL
•
Data entry & input controls
•
Processing controls
•
Output controls
•
Database controls
•
E-commerce controls
APPLICATION – SPECIFIC INTERNAL CONTROLS
•
Deciding whether the controls are appropriate & adequate for the system under review is a matter for
auditor skill & judgment
•
Testing that they are working as intended can be verified using test data
•
After evaluating the effectiveness of the internal control, the auditor is in a position to determine the nature
and type of substantive tests needed
EVALUATING THE SYSTEM’S GENERAL INFRASTRUCTURE CONTROLS
•
Logical access controls
•
Database controls
Downloaded by Edith Haltali (soleil34920@hotmail.com)
lOMoARcPSD|3072687
•
Physical environmental controls
•
Storage controls
•
Change controls
COMPLETION, REVIEW, MONITORING & REPORTING
•
On completion of the audit, the auditors are required to complete a review process & to attest to the
accuracy of the data audited in the reporting procedure.
•
The following tasks are undertaken
o
Analytical review
o
Monitoring, reviewing & closure
o
Reporting
OTHER TYPES OF AIS AUDITS:
•
Audit of systems under development
•
Special purpose audits
Downloaded by Edith Haltali (soleil34920@hotmail.com)