1. Introduction to Accounting Information Systems. 2. Enterprise Systems. 3. Electronic Business (EBusiness) Systems. 4. Documenting Information Systems. 5. Database Management Systems. 6. Relational Databases and SQL. 7. Controlling Information Systems: Introduction to Enterprise Risk Management and Internal Control. 8. Controlling Information Systems: Introduction to Pervasive Controls. 9. Controlling Information Systems: Business Process and Application Controls. 10. The Order EntrySales (OES) Process. 11. The BillingAccounts ReceivableCash Receipts (BARCR) Process. 12. The Purchasing Process. 13. The Accounts PayableCash Disbursements (APCD) Process. 14. The Human Resources (HR) Management and Payroll Processes. 15. Integrated Production Processes (IPP). 16. The General Ledger and Business Reporting (GLBR) Process. 17. Acquiring and Implementing Accounting Information Systems.
Trang 3John Barans
Sr Technology Project Manager:
Sally Nieman Manufacturing Coordinator:
Doug Wilke Production House:
ICC Macmillan, Inc.
Art Director:
Linda Helcher Internal Designer:
Jennifer Lambert, Jen2Design Cover Designer:
Jennifer Lambert, Jen2Design Cover Images:
# Jupiter Images Printer:
Transcontinental Louiseville, Quebec
COPYRIGHT # 2008, 2005
Thomson South-Western, a part of
The Thomson Corporation Thomson,
the Star logo, and South-Western are
trademarks used herein under license.
Printed in the United States of America
ALL RIGHTS RESERVED.
No part of this work covered by the copyright hereon may be reproduced or used in any form or by any means—
graphic, electronic, or mechanical, including photocopying, recording, taping, Web distribution or information storage and retrieval systems, or in any other manner—without the written permission of the publisher.
For permission to use material from this text or product, submit a request online at http://www.thomsonrights.com.
Library of Congress Control Number: 2006934475
For more information about our products, contact us at:
Thomson Learning Academic Resource
Center 1-800-423-0563
Thomson Higher Education
5191 Natorp Boulevard Mason, OH 45040 USA
This book contains references to the products of SAP AG, Dietmar-Hopp-Allee 16, 69190 Walldorf, Germany The names of these products are registered and/or unregistered trademarks of SAP AG SAP AG is neither the author nor the publisher of this book and is not responsible for its content.
Trang 4PART 1 UNDERSTANDING INFORMATION SYSTEMS
1 Introduction to Accounting Information Systems 1
2 Enterprise Systems 31
3 Electronic Business (E-business) Systems 62
4 Documenting Information Systems 98
5 Database Management Systems 135
6 Relational Databases and SQL 176
7 Controlling Information Systems: Introduction to
Enterprise Risk Management and Internal Control 206
8 Controlling Information Systems: Introduction to Pervasive
and General Controls 243
9 Controlling Information Systems: Business Process
and Application Controls 284
10 The Order Entry/Sales (OE/S) Process 328
11 The Billing/Accounts Receivable/Cash Receipts
(B/AR/CR) Process 374
12 The Purchasing Process 419
13 The Accounts Payable/Cash Disbursements
(AP/CD) Process 462
14 The Human Resources (HR) Management
and Payroll Processes 498
15 Integrated Production Processes (IPP) 537
ACCOUNTING INFORMATION SYSTEMS
16 General Ledger and Business Reporting
(GL/BR) Process 573
17 Acquiring and Implementing Accounting
Information Systems 597
Glossary 633Index 649
iii
Trang 5Welcome to the beginning of a journey through the exciting field of accountinginformation systems We are very pleased that you have chosen to become anothermember of our international community of students, accounting professionals, andeducators who make this book an integral part of their library as a text and reference.
We promise to make the journey through this complex, challenging, and exciting topic
as easy and pleasant as possible These demanding topics are tackled in a conversationaland relaxed tone, rather than stilted, technical language At the same time, the text fullyexplores the integrated nature of the topic with all of its foundations in informationtechnology, business processes, strategic management, security, and internal control.Thank you for the opportunity to serve as your guide on this journey
Before beginning, let’s discuss two key ideas that inspire the story in the text First,the accountant is defined as an information management and business measurementprofessional Second, information systems consist of integral parts working togetherthat allow the organization to progress and move forward These two philosophies arebriefly attended to before moving on to addressing the most frequently asked questions(FAQs) by users of this book
Accountant as an Information Management and Business Measurement Professional
There is no doubt that the long-standing image of the accountant as a conservative,green eye shaded, nonsocial employee who is tucked in the back room of an organi-zation has been forever shattered Today’s accounting professional is relied upon byowners and managers to identify and monitor enterprise risks (events that may cause anentity to fail to achieve its objectives); assure the reliability of information systems used
to gather, store, and disseminate key information for decision making; and possess therequisite general business knowledge, coupled with business process measurement andassessment skills, to evaluate the state of the business enterprise and its supportingoperations In a post-Enron and WorldCom era, the primary focus of organizations is
on enterprise risk management, and the accounting professional (as external auditor,internal auditor, corporate accountant, or manager) is increasingly expected to take theleadership role in identifying and mitigating enterprise risks
Accordingly, the accounting professional must arrive on the job armed with a solidunderstanding of (1) key information qualities, (2) critical information technologies thatdrive the information systems, (3) core business processes that allow an organization tooperate effectively and efficiently, (4) common documentation tools used to diagramand assess business processes, and (5) vital corporate governance/internal control con-cepts that can be applied to mitigate risks Each of these fundamental knowledgerequirements is addressed throughout this book
iv
Trang 6Information Systems: Integrated Elements
Moving the Organization Forward
In today’s information-technology–centric world, organizations clearly can neither operate
nor survive without information systems The quality of the information systems and the
reliability of the information available through such systems dictate, to a large degree, the
effectiveness of decision making within the organization Without good information,
man-agers cannot make sound decisions It is imperative that all pieces of the information system
are in sync and operating effectively if the enterprise as a whole is to operate effectively and
efficiently, and move forward in a positive direction Figure P.1 shows the integrated nature
of information systems components The elements must be sound across all dimensions for
the organization to safely, yet quickly, move forward Any weakness in these elements puts
successful outcomes at risk The enterprise depends on safe and secure information systems
that allow the organization to move forward in a controlled, yet competitive, manner
Following are the five integral components of the information system:
l An enterprise database that stores the data related to an enterprise’s business activities
and resources This includes views of this database for each business process that
support effective decision making and allow these processes to operate effectively
l Database controls that safeguard the data in the enterprise database from illicit access,
destruction, and corruption
FIGURE P.1 Information Systems—Integrated Elements
Trang 7l Business processes that reflect the core activities completed by an organization inachieving its business objectives These processes include such activities as sellinggoods or services, collecting payment, purchasing materials or inventory, paying forthose items, hiring and retaining a quality set of employees, and producing goods orservices for sale All of these processes both use and generate data that is stored inthe enterprise database.
l Business process controls and application controls are the procedures put in place within eachbusiness process to identify specific business risks, prevent identified risks from dis-rupting operations or corrupting data, detect failures that get past preventive measures,and correct for detected errors and irregularities that slip past the control boundary
l Pervasive controls and general controls represent the overall corporate governancestructure and related control procedures that are designed to create a regulatedorganization that can face the challenges of the external business environment, keepthe enterprise on track and moving forward in a controlled manner, as well asoutperform its competitors
Each of these components is explored in detail while progressing through the book.After completing the study of the concepts presented in this text, you should have astrong grounding in the critical knowledge necessary to help an organization create andmanage effective information systems that minimize related enterprise risks
Frequently Asked Questions (FAQs)
When examining a book and considering how to most effectively acquire the mation with which you are particularly interested, several questions may arise that needanswered to help make the journey more efficient In the remainder of this preface, thefocus will be on the most frequently asked questions by previous adopters and readers ofthis book Hopefully, the answers to your most pressing questions can be found in thefollowing sections
infor-FAQ #1: What Are the Core Themes of This Book?
The book’s focus is on providing the skills necessary for a foundation in enterprise riskmanagement—particularly as these risks pertain to business processes and their informa-tion systems components Fundamental to an enterprise risk management orientation,from an information systems perspective, are the underlying enterprise systems, e-businesssystems, and controls for maintaining these systems The emphasis on these core themes isapparent even by reviewing the table of contents Chapters 2 and 3 immediately focus onenterprise systems and e-business in the introductory section of the text Controls are thefocus of three chapters (Chapters 7, 8, and 9) More importantly, however, these themesare carried out throughout the remainder of the text in the integrative fashion for whichthe previous six editions of this book have been known Icons have been added in themargins throughout the book to help emphasize the coverage of these core themes in theirintegrated state and to facilitate absorption of the material by the reader Given the criticalnature of these three themes, the following paragraphs provide brief explanations for each
Enterprise Systems
Enterprise systems integrate the business process functionality and information from all
of an organization’s functional areas, such as marketing and sales, cash receipts, chasing, cash disbursements, human resources, production and logistics, and businessreporting (including financial reporting) They make possible the coordinated operation
Trang 8pur-of these functions and provide a central information resource for the organization The
concept of enterprise systems can be realized in various ways For instance, an
organ-ization might develop its own separate business process systems and tie them together in
an integrated manner Or, an organization could purchase an enterprise system from a
vendor Such externally acquired systems are commonly called enterprise resource
planning (ERP) systems—software packages that can be used for the core systems necessary
to support enterprise systems A number of ERP systems are commercially available
with SAP1and Oracle1dominating the large- and medium-sized enterprise markets
The Microsoft Dynamics line of products is a major player in the small- and medium-sized
enterprise market Many organizations use a combination of ERP systems, externally
purchased sub-systems, and internally developed sub-systems to create their overall
enterprise systems
E-Business
E-business (electronic business) is the application of electronic networks (including the
Internet) to exchange information and link business processes among organizations and/
or individuals These processes include interaction between back-office (i.e., internal)
processes, such as distribution, manufacturing, and accounting, and front-office (i.e.,
external) processes, such as those that connect an organization to its customers and
suppliers Traditionally, e-business has been driven in business-to-business (B2B)
environments through electronic data interchange (EDI) The most familiar form of
e-business is the business-to-consumer (B2C) model where interactions are largely
driven by browser-based applications on the Internet This communication medium has
spilled over into the B2B arena, replacing EDI in some cases, while also providing
opportunities for new B2B interaction in this rapidly changing environment
Controls
Internal control is a process—effected by an entity’s board of directors, management, and
other personnel—designed to provide reasonable assurance regarding the achievement of
objectives in the following categories: effectiveness and efficiency of operations, reliability
of reporting, and compliance with applicable laws and regulations A strong system of
internal controls is imperative to effective enterprise risk management and is of great
interest to top management, auditors, and external stakeholders
FAQ #2: How Does This Book Present
Accounting Information Systems?
This book is organized into five parts Chapter 17 on the selection and development of
accounting information systems includes a summary of the material from the
supple-ment that accompanied the sixth edition of the text The following paragraphs discuss
briefly each of the components of this book
Part I: Understanding Information Systems consists of three chapters Chapter 1
provides an overview of basic information systems concepts that are of interest to the
accounting professional and explores the critical characteristics of information that must
be considered in systems design and evaluation Chapter 2 introduces the concept of
enterprise systems and the key role that these systems play in the successful and timely
operation of contemporary enterprises Chapter 3 addresses the extended enterprise
Trang 9environment, the e-Business relationships that an organization forms when linking itsorganization with the individuals or other organizations that represent their customersand vendors, and other stakeholders.
Part II: Organizing and Managing Information includes the following threechapters Chapter 4 provides the basic tools necessary for diagrammatically doc-umenting organizational data flows (data flow diagrams—DFDs) and business processes(systems flowcharts) This chapter is divided into sections focusing first on readingdocumentation and then on creating documentation to meet the varied needs of ourreaders and users Chapter 5 provides a more comprehensive exploration of data storagemethods, the role of databases in data management, and the various business intelli-gence tools that are available for making sense out of the vast enterprise databases inorder to enhance strategic decision making Chapter 5 also includes sections on readingand understanding entity relationship (E-R) diagrams (used to model database struc-tures) Chapter 6 takes a deeper look at modeling information systems using the REA(Resources, Events, and Agents) method, creating E-R diagrams, mapping these dia-grams to relational databases, and using SQL query language to manipulate and retrievedata from relational databases
Part III: Enterprise Risk Management consists of three chapters exploring thevarious dimensions of organizational governance and associated effective internal controlsystems Chapter 7 begins this section with an overview of internal control frameworks,including the new framework Enterprise Risk Management—Integrated Framework, gen-eral organizational governance guidelines, and the changes effected by the Sarbanes-Oxley Act of 2002 Chapter 8, designed around COBIT, an internationally recognizedframework for IT control, then focuses in on the risks that specifically exude frominformation systems and can put an enterprise in a stage of acute risk if not properlymonitored and controlled Chapter 9 focuses on the control procedures applicable tominimizing such risk and presents a methodology for comprehensively evaluating therisks and controls within a defined business process This framework is subsequentlydemonstrated and applied across the business processes presented in Chapters 10through 14
Part IV: Business Processes examines the various business processes that arenecessary for an enterprise to successfully operate These chapters focus on applicationssupported by ERP system implementations (including exhibits of screens from SAP1and Microsoft Dynamics GP software), the key controls for maintaining successfulbusiness processes, and application of the methodology for evaluating risks and controlswithin the given business process The order-to-cash (revenue) flows are captured inChapter 10 ‘‘The Order Entry/Sales (OE/S) Process’’ and Chapter 11 ‘‘The Billing/Accounts Receivable/Cash Receipts (B/AR/CR) Process.’’ The purchase-to-pay(expense) flows are captured in Chapter 12 ‘‘The Purchasing Process’’ and Chapter 13
‘‘The Accounts Payable/Cash Disbursements (AP/CD) Process.’’ Chapter 14 ‘‘TheHuman Resources (HR) Management and Payroll Processes’’ and Chapter 15 ‘‘Inte-grated Production Processes (IPP)’’ round out coverage of the core business processes.Part V: Reporting with and Acquiring Accounting Information Systems beginswith Chapter 16 ‘‘General Ledger and Business Reporting (GL/BR) Process,’’ dealingwith the reporting process in which information from core business processes isdeveloped into financial reports for internal and external usage This chapter includesbasics, such as information flows related to the process, as well current technologies,such as ERPs and XBRL After completing the reporting process, Chapter 17
‘‘Acquiring and Implementing Accounting Information Systems,’’ provides an overview
Trang 10on the selection of accounting information systems, including the buy-versus-build
decision With the extensive use of off-the-shelf software, including ERP software, that
can be modified to fit an enterprise’s business needs, we take a look at the issues that
should be considered in selecting the right software and knowing when to internally
develop software when the ‘‘right’’ solution is not available from external sources The
chapter includes topics such as AIS acquisitions from third parties and the systems
development life cycle (analysis, selection and design, implementation, and operation
phases)
FAQ #3: Where Can I Find Information About
the Sarbanes-Oxley (SOX) Act of 2002,
Especially SOX Section 404?
Chapter 1 provides an overview of sections 404 and 409 of the Sarbanes-Oxley Act of
2002, including the overall implications for the accountant as an information
man-agement and business measurement professional Chapter 4 discusses preparing
docu-mentation of business processes, a first step in a SOX 404 review Chapter 7 describes
the effect of SOX Sections 210, 302, and 404 on corporate governance, IT governance,
and enterprise risk management Chapters 7 through 9 describe the requirements of
SOX 404 and PCAOB Auditing Standard No 2 regarding the ‘‘effectiveness of design
of internal controls’’ (leaving the ‘‘effectiveness of operations of internal controls’’ for
the auditing courses and texts) Chapters 7 through 15 also introduce and use the control
matrix, a vehicle employed by systems designers to assess the effectiveness of control design
and by auditors to design tests for effectiveness of operations of internal control Finally,
Chapter 16 discusses the effect on internal control reporting and financial reporting
required by SOX Sections 302, 401, 404, and 409
FAQ #4: What Are the Major Changes
from the Sixth Edition?
l Enhanced coverage of enterprise risk management: This is a highly critical area as
businesses struggle to meet the requirements of the Sarbanes-Oxley Act of 2002 in
the United States and parallel pressures across the globe Enterprise risk
manage-ment has become a primary focus of CEOs, CFOs, and CIOs as they struggle to
limit personal liability, calm external stakeholders, and ensure the continued growth
of their enterprises We begin this enhanced coverage in Chapter 7 with a
pres-entation of the updated COSO framework, Enterprise Risk Management—Integrated
Framework (ERM) We use the ERM framework to convey the idea that
organi-zations must have processes in place to develop strategy and objectives, to identify
and assess risks that the strategy and objectives will not be achieved, and to
implement processes and internal controls to address the risks As in past editions,
this text maintains a strong focus on organizational governance, IT governance and
internal controls, and a framework for assessing risk and controls across the business
processes of an enterprise
l Revised and expanded presentation of the control matrix: Our presentation of the control
matrix begins in Chapter 1 where we use a generic matrix to depict the relationship
between information qualities and processes that help to achieve those qualities In
Chapter 7, we use a matrix to show the relationship between control objectives and
controls that achieve those objectives Finally, in Chapter 9, we present a simplified
and more structured process for preparing the control matrix and for identifying
Trang 11present and missing controls The matrix is similar in concept and design to thoseemployed by internal and independent auditors around the world to implementSOX Section 404 and to conduct a variety of internal control assessments.
l Integration of the Public Company Accounting Oversight Board (PCAOB) guidance oncompany-level controls: We connect the AIS course to auditing and assurance courses
by presenting a framework for assessing the effectiveness of design of internal controls,while the auditing and assurance courses follow on with a discussion of testing theoperating effectiveness of internal controls We enhance this coverage by introducing inChapter 9 the effect of company-level controls (pervasive, general, and IT generalcontrols) on the effectiveness of business process controls and application controls
We continue this coverage in Chapters 10 through 15 by discussing the impact ofcompany-level controls on specific business process and application controls
l Consolidating the systems acquisition, analysis, and design supplement into one chapter in thetext: Chapter 17 now contains the broad concepts of the acquisition and develop-ment cycles, allowing the topics to be taught without much of the previous detail.This consolidation was done without adding substantial length to the overall text Inone chapter, a user can learn about selecting prepackaged software versus building asystem, and then progress on through the steps of the development life cycle tounderstand the process of acquiring/developing a new system
FAQ #5: How Can This Text Be Adapted to Meet
a User’s Desired Content Coverage?
Learning from an Enterprise Risk Management approach,1 a user would want tofocus on three key components of the text: (1) documentation tools for diagrammingand analyzing business processes, (2) enterprise risk management and componentinternal control concepts, and (3) core business processes enabling enterprises to suc-cessfully complete order-to-cash (revenue) and purchase-to-pay (expenditure) activities
An enterprise risk management focus also necessitates the consideration of enterprisesystems and e-business concepts But, given that those are fundamental threads runningthroughout the text, those should be covered with any approach Coverage of ancillarytopics related to database management systems and other key business processes isrecommended (e.g., human resources management and payroll processes, integratedproduction processes, and the general ledger and business reporting process).Depending on a specific user’s interests, exploring relational databases in detail and/orcovering the foundations of the systems development process may be necessary.Recommendations and options are graphically depicted in Figure P.2 to assist in thedecision process
Learning from a database and/or REA approach, a user would want to focus ontwo key components of the text: (1) documentation and modeling skills for relationaldatabases and (2) core business processes that must be integrated in enterprise-leveldatabases Additionally, the user would want to confer with appropriate external supportspecifically focused on REA modeling techniques if extended coverage is desired Adatabase approach can be used with the text without these additional materials, if REAmodels are not necessarily a preference Again, a database approach also would neces-sitate the consideration of enterprise systems concepts, which are fundamental threadsrunning throughout the text A database approach may focus on only a limited core set
1 This approach also might be called the business process approach, the accounting applications approach, or the accounting cycles approach.
Trang 12FIGURE P.2 Selecting Chapters to Meet Selected Pedagogical Objectives
Recommend Chapters 14–16 on
human resources management,
payroll, integrated production, and
general ledger and business
reporting processes
Consider Chapter 17 for an
overview of the systems
development process
Require Chapters 12 and 13
to cover the business
processes in the
purchase-to-pay process
Require Chapters 10 and 11
to cover the business
Enterprise Risk Management/
Business Process Approach Database and/or REA Approach
Require Chapter 4 on reading documentation(98–110)—
Recommend remainder of Chapter 4 on creating documentation
Require Chapters 5 and 6 on DBMS principles and relational database development
Consider adding external readings on REA database construction, if desired
Require Chapters 10 and 11
to cover the business processes in the order-to-cash process
Require Chapters 12 and 13
to cover the business processes in the purchase-to-pay process
Recommend Chapters 14 and
15 on human resources management, payroll, and integrated production processes
Require Chapter 16 on general ledger and business reporting process
Consider Chapters 7 and 8
on corporate governance and IT controls
Recommend Chapter 9
on business process control framework
Require Chapter 16 on general ledger and business reporting process
Consider Chapters 14 and 15
to cover human resources management, payroll, and integrated production processes
Recommend Chapters 12 and 13
to cover the business processes in the purchase-to-pay process
Recommend Chapters 10 and 11
to cover the business processes in the order-to-cash process
Recommend Chapters 7–9
on enterprise risk management
Require Chapter 17
on acquiring and implementing on AIS
Recommend Chapters 5 and 6
on DBMS principles and relational database development
Require Chapter 4 on reading and creating documentation
of business processes Systems Development Approach
Require core coverage Chapters 1–3 Entering AIS
Trang 13of chapters combined with an outside database software text or may be supplementedwith other key AIS topics, such as documentation development tools for systemsflowcharts and data flow diagrams, additional business processes, corporate governance,and IT controls Our recommendations and options are graphically depicted in Figure P.2
to assist you in your decision process
Learning from a systems development approach, a user would want to focus onthree key components of the text: (1) documentation tools for diagramming and ana-lyzing business processes, (2) structured systems analysis and design (Chapter 17), and(3) core business processes enabling enterprises to successfully complete order-to-cash(revenue) and purchase-to-pay (expenditure) activities A systems development approachalso necessitates the consideration of enterprise systems—a fundamental thread runningthroughout the text Coverage is recommended of ancillary topics related to databasemanagement systems, enterprise risk management, and general ledger and businessreporting Depending on a specific user’s interests, it may be necessary to explorerelational databases in detail and to cover human resources management and payroll andintegrated production processes Recommendations and options for this approach alsoare depicted graphically in Figure P.2
FAQ #6: Does the Book Fit the Core Competencies Guidelines of the AICPA Vision Project?
Several professional bodies across the globe have undertaken projects to better stand how the environment of professional accounting is changing and how thesechanges impact the required competencies for skilled professionals Althoughresponding to all of the reports being generated by accounting bodies around the globe
under-is not possible in thunder-is preface, we will briefly review how the text facilitates the aration of new professionals based on the results of one such report—the AmericanInstitute of Certified Public Accountants (AICPA) CPA Vision Project Let’s take a look
prep-at how this book supports the knowledge prerequisites for prep-attaining each of the AICPACPA Vision Project’s five identified core competencies:
l Communications and Leadership Skills: Development of communication and ship comes largely through practice The AIS course of study provides greatopportunities for students to participate in written and oral presentations of detailedanalyses of problems Additionally, throughout the text a host of documentationtools are covered and applied including flowcharts, data flow diagrams, narratives,entity-relationship diagrams, and control matrices Chapter 17 describes a variety ofreports for use in the systems analysis and design process Mastery in use of thesetools can aid in effective communication and the synthesis of complex information
leader-in a form that can be easily explaleader-ined
l Strategic and Critical Thinking Skills: The documentation tools noted under thecommunication section further enhance the student’s ability to link data, knowledge,and insight related to information technology, internal control, and businessprocesses to solve complex problems Numerous short and long cases along withbriefer problems are provided throughout the book to provide ample opportunity topractice and self-test the mastery of skills in strategically and critically analyzing andsynthesizing information related to business environments
l Focus on the Customer, Client, and Market: Whereas the early segments of the book areoriented toward assembling a set of foundation skills related to documentation, sys-tems environments, enterprise systems, e-business, and internal control assessment,the business process chapters bring all the information together to analyze the business
Trang 14processes of an entity This analysis of business processes integrates the information
for management decision making—the aggregation and processing of information, key
controls, and business process objectives allows the student to better understand the
full scope of an organization’s business processes—not just the accounting aspects
This prepares the student to enter different business environments, analyze business
activities, and identify areas for strategic improvement
l Interpretation of Converging Information: As noted under the prior competency
statement on customer, client, and markets, this text’s core chapters address the
integration of financial and nonfinancial information to solve problems The
addressing of nonfinancial information is usually the weakest point for accounting
graduates, and as such, the strategies used in the text should help counteract this
weakness
l Technologically Adept: Throughout the text, emerging technologies that are
reshap-ing the business environment are described and demonstrated within the context of
a business process This focus on emerging technologies helps prepare the student
for understanding how new technologies can be utilized to improve business
effi-ciency and effectiveness, and to leverage competitive advantage
FAQ #7: How Does the Text Help Prepare
Students for the U.S CPA Exam?
In the United States, the 2004 changes in the CPA Examination are of interest for those
about to enter the accounting profession Quite frankly, the changes in the exam have
not affected this book much because the philosophy has long been consistent with the
exam’s new content Students need to have a broad understanding of the business
environment, how information is used by business decision makers, and the
organiza-tional control structures that should be in place to minimize risk to the enterprise Thus,
this book continues to be an excellent source for helping students prepare for the testing
methods and exam content The exam testing methods require the use of certain
soft-ware tools but also use a host of case studies, called ‘‘simulations,’’ to provide information
that must be critically examined and synthesized The extensive use of small and large
cases in this book should help students prepare for these simulation problems This
book’s approach has always emphasized several skills being tested by the revised exam:
communication, research, analysis, judgments, and comprehension
As for content on the exam, this book is also well positioned to help The auditing
and attestation section of the exam requires examinees to have an understanding of
enterprise-level controls and the technology-based environments in which auditing
is conducted This book emphasizes enterprise systems, e-business, database
environ-ments, control frameworks, IT controls, and business process environments—all of
which should be helpful in the exam environment This content is even more critical in
preparing for the business environment and concepts portion of the exam that covers
business structure (an item addressed within the context of each business process in the
text); measurement (i.e., managerial), which is addressed in the text at the level expected
by the exam; and general business environment and concepts As to this latter section,
the detail in the business processes chapters (Chapters 10 through 16) describe the
overall business context and then how information flows from the transaction side
through to use by key management decision makers This presentation should aid in
understanding how contemporary business environments operate The focus in the
book on enterprise systems and e-business should further aid in preparing for exam
coverage of state-of-the-art technologically enabled business environments
Trang 15FAQ #8: Does the Text Provide a Foundation for ISACA’s CISA Exam?
Another question that frequently arises is whether the foundation-level skills for theInformation Systems Audit and Control Association’s (ISACA) Certified InformationSystems Auditor (CISA) Exam are covered These skills are also commonly required forseveral other global accounting organizations’ certification processes for IT specialization.Let’s take a brief look at the six content areas covered by the CISA Exam (effective 2006):
l Content Area 1—IS Audit Process (10% of exam): Chapters 7 through 9 provide thefoundation for understanding how to assess the risks that must be considered incontemporary risk-based audit approaches Chapters 7 through 14 describe controlobjectives and controls related to information systems
l Content Area 2—IT Governance (15%): Chapters 7 and 8 introduce organizationaland IT governance frameworks and discuss related issues such as IT organizationalstructures, IT strategy, and risk management Chapters 7 and 8 also give extensivecoverage to the COSO, ERM, and COBIT control frameworks
l Content Area 3—Systems and Infrastructure Life Cycle Management (16%): Chapters 8and 17 describe best practices for project governance and systems development,including requirements analysis, systems acquisition, and change controls Chapters 9through 14 give extensive coverage to control objectives and techniques for ITsystems applications/business processes Finally, Chapters 2 and 3 describe enter-prise architectures for data, applications, and technology, including enterprisesystems, Web Services, and Web-based applications These are further discussed inthe context of specific business processes in Chapters 10 through 14
l Content Area 4—IT Service Delivery and Support (14%): Chapters 2 and 3 introduce
IT infrastructures and discuss how these can support organization objectives Theseissues are further discussed in the context of specific business processes in Chapters 10through 14 Chapter 8 introduces best practices for the management of IT oper-ations Chapters 5 and 6 describe database management systems
l Content Area 5—Protection of Information Assets (31%): Chapters 7 through 9 focus
on the control structures that should be in place at the environmental, physical, andlogical level to provide both pervasive and specific controls over IT systems Thesecontrols include logical and physical access to IT assets, encryption and public-keycryptography, and environmental protection
l Content Area 6—Business Continuity and Disaster Recovery (14%): Chapter 8 provides
an overview of the core concepts underlying disaster recovery and business nuity in business environments Although the knowledge is at a foundation level, theconcepts are easily extended because the business process environments areexplored later in the text
conti-Instructional Supplements
This book includes the following supplemental materials to assist the student and theinstructor:
l The Instructors Resource Manual, revised by Sarah Bee, Seattle University, includes
a chapter overview, outline, and teaching suggestions The files are availablefor download from the text Website at http://www.thomsonedu.com/accounting/gelinas or on the Instructor’s Resource CD-ROM, 0-324-37884-X
l The Test Bank, revised by Amelia Baldwin, University of Alabama in Huntsville,includes a variety of questions including true/false, multiple-choice, short-answer,
Trang 16and problems An electronic test bank also is available to simplify the customization
of tests by instructors The test bank can be found on the Instructor’s Resource
CD-ROM, 0-324-37884-X
l A Solutions Manual, fully verified, provides all answers to in-text Discussion
Questions and Problems
Note to Instructors: The solutions (available at the text Web site or on the Instructors
Resource CD-ROM) allow you to tailor the way you assign problems and give out
solutions For example, a control matrix solution can be modified so as to hand out a
partially completed solution Or, a flowchart solution can be handed out, or posted
on a course Web site, with the requirement that students analyze the system for
efficiency and effectiveness or complete a control matrix
l PowerPoint slides cover all major concepts and key terms and are presented in an
appealing way designed to hold the student’s interest and effectively communicate
lecture material
l The Instructor’s Resource CD-ROM Contains the entire instructor resource
package on one convenient disc The CD-ROM contains the Solutions Manual,
Instructor’s Manual, Powerpoint slides, and computerized test bank
l A Web site for this book also is available at http://www.thomsonedu.com/
accounting/gelinas with additional materials (including those previously mentioned)
to facilitate the student and instructor
Acknowledgments
In closing, we must acknowledge that the pronoun ‘‘we’’ as used in this text extends far
beyond the two authors We owe so much to so many people who have helped us in this
project that to name them all would leave little space for any AIS material However,
special thanks must first go to two previous authors of this text, Steve Sutton, University
of Central Florida, and Jim Hunton, Bentley College, who made significant and lasting
contributions to this text We also want to thank two authors who contributed to the 6th
edition text by revising some chapters: Stacy Kovar, Kansas State University; and Gary
Schneider, University of San Diego
Thanks also go to users of the first six editions Several of these users have provided us
with feedback, including our colleagues at Bentley College: Professors John Beveridge, Jane
Fedorowicz, Janis Gogan, and Karen Osterheld Other adopters and reviewers who deserve
our thanks for providing helpful comments include Professors Mary Callahan Hill,
Kennesaw State University; Stan Lewis, University of Southern Mississippi; Donald Saftner,
University of Toledo; Christine Schalow and Curt Westbrook, California State University,
San Bernardino; Jim Yardley, Virginia Tech; Stewart Leech, University of Melbourne;
Leslie Porter, University of Southern California; Arline Savage, Cal Poly State-San Luis
Obispo; and Patrick Wheeler, University of Missouri-Columbia
We would also like to thank the editorial staff from Thomson Business and
Pro-fessional Publishing, including Rob Dewey, Publisher; Matt Filimonov, Acquisitions
Editor; Aaron Arnsparger, Developmental Editor; Jean Buttrom, Content Project
Manager, and Kristen Bloomstrom, Marketing Manager
We greatly appreciate the work of the reviewers and/or verifiers for this edition
Thanks to Joseph Brady, University of Delaware; Mary Callahan Hill, Kennesaw State
University; Leslie Porter, University of Southern California; Barbara Ross, Eastern
Michigan University; Arline Savage, Cal Poly State–San Luis Obispo; Patrick Wheeler,
University of Missouri-Columbia; and Ludwig Christian Schaupp, University of North
Carolina Wilmington
Trang 17Our thanks also go to both Sarah Bee, Seattle University, and Amelia Baldwin,University of Alabama in Huntsville for their work on the text supplements andverification.
We extend our thanks to SAP1
and Microsoft DynamicsTMfor their permissions touse numerous screenshots throughout the text
Finally, to our wives, to whom we dedicate this book, we thank you for your infinitepatience throughout this project Without your support and encouragement, this sev-enth edition would not have been possible
Trang 18Ulric J (Joe) Gelinas, Jr., Ph.D.,is a Professor of Accountancy at Bentley College,
Waltham, Massachusetts He received his A.B in Economics from St Michael’s College,
Winooski, Vermont, and his M.B.A and Ph.D from the University of Massachusetts,
Amherst Professor Gelinas has also taught at the University of Tennessee and at
Vesalius College, Vrije Universtiteit Brussel in Brussels, Belgium As a Captain in the
U.S Air Force, he was Officer-in-Charge of IT Operations Professor Gelinas was the
founding editor of the Journal of Accounting and Computers (formerly the Kent/Bentley
Journal of Accounting and Computers and the Kent/Bentley Review) Professor Gelinas has
published articles on interorganizational collaboration and coordination infrastructures,
accounting information systems, using technology in business education, technical
communications, and information privacy In 2003, Professor Gelinas received the
Innovation in Auditing and Assurance Education Award from the American Accounting
Association In 2000, he received the John W Beveridge Achievement Award from the
New England Chapter of the Information Systems Audit and Control Association for
outstanding contributions to the IS Audit and Control profession He has made
presentations and conducted workshops at the International Conference of the
Information Systems Audit and Control Association (ISACA); ISACA’s Computer
Audit, Control, and Security (CACS) conferences; as well as other professional groups
He is a member of the American Accounting Association, the Information Systems Audit
and Control Association, Beta Alpha Psi, and Beta Gamma Sigma Professor Gelinas was
a member of the U.S expert panel that reviewed Control Objectives for Information and
Related Technology (COBIT) and has conducted COBIT workshops throughout the world
He is the author of Implementation Tool Set, a volume that accompanies the second and
third editions of COBIT In his spare time, Professor Gelinas is engaged in his favorite
activities: sailing, hiking, and bird watching
Richard (Rick) Dull, Ph.D.,CPA, CISA, CFE, is Assistant Professor of Accountancy at
Clemson University, Clemson, South Carolina He received his BBA (Accounting) and
BS (Computer Applications) from Harding University, his MBA from the University of
North Carolina at Greensboro, and his Ph.D (Business—Accounting/Information
Systems) from Virginia Tech Professor Dull has also taught at Indiana
University-Indianapolis and High Point University His professional experience includes application
programming with a manufacturing firm as well as audit and information systems
consulting experience with McGladrey, Hendrickson, and Pullen (and a pre-merger
A.M Pullen & Company) He was a founding partner of Weathersby, Dull, Bostian &
Waynick CPA’s and served as president of their successor consulting firm, Intelligent
Technologies, Inc., until choosing to pursue a career in academia His experience
supports his teaching and research interest in accounting information systems,
continuous assurance, forensic accounting, and technology in accounting education
His work on a project involving cross departmental integration of enterprise systems
earned a Microsoft Pinnacle Award for Excellence in Education, as well as a Clemson
University Board of Trustees Award for Faculty Excellence Professor Dull has been
published in academic and practitioner journals, including Journal of Information Systems,
International Journal of Accounting Information Systems, Journal of Emerging Technologies in
xvii
Trang 19Accounting, Accounting Education: an International Journal, CPA Journal, and PersonalFinancial Planning He has made frequent conference and continuing educationpresentations in local, national, and international venues, on topics including continuousauditing and assurance, accounting information systems, and accounting education.Professor Dull is a member of the American Accounting Association, American Institute
of CPAs, Association of Certified Fraud Examiners, and the Information Systems Auditand Control Association His professional activities have included serving on theAICPA’s Assurance Services Executive Committee, and for 2007–2008 year, serving asthe President of the AAA’s Artificial Intelligence/Emerging Technologies Section Inaddition to his work, he enjoys spending time with his family and church, as well astraveling and boating
Trang 20PART 1UNDERSTANDING INFORMATION
The Textbook’s Three Themes 3
Beyond Debits and Credits 4
Legal Issues Impacting Accountants 5
Components of the Study of AIS 7
What Is an Accounting Information
System? 11
Systems and Subsystems 11
The Information System (IS) 13
The Accounting Information System
(AIS) 14
Logical Components of a Business
Process 14
Management Uses of Information 16
Data versus Information 17
Qualities of Information 17
Management Decision Making 22
The Accountant’s Role in the Current
Enterprise Systems Value Chain 39
The Value of Systems Integration 43
Enterprise Systems Facilitate Functioning
of the Organization’s Operations 46
Enterprise Systems Record That Business
Events Have Occurred 48
Enterprise Systems Store Datafor Decision Making 49Major ERP Modules 50Sales and Distribution 50Materials Management 51Financial Accounting 51Controlling and Profitability Analysis 51Human Resources 51
Enterprise Systems Support for MajorBusiness Event Processes 52Order-to-Cash 52Purchase-to-Pay 54Summary 57
Key Terms 59Review Questions 59Discussion Questions 60Problems 60
3 Electronic Business (E-Business)Systems 62
Synopsis 63Introduction 64Applying E-Business to the Value Chain 65The Changing World of Business
Processing 66
A Comparison of Manual and AutomatedAccounting Information Systems 66Automating an Accounting InformationSystem 70
Online Transaction Entry (OLTE) 72Online Real-Time (OLRT) Processing 74Methods for Conducting E-Business 76Commerce Through E-Mail 77Electronic Document Management 78Electronic Data Interchange 80Internet Commerce 87Summary 93
Key Terms 94Review Questions 95Discussion Questions 95Problems 96
PART 2ORGANIZING AND MANAGING
INFORMATION
4 Documenting InformationSystems 98
Synopsis 99Introduction 99
xix
Trang 21Reading Systems Documentation 100
Reading Data Flow Diagrams 100
Reading Systems Flowcharts 105
Preparing Systems Documentation 110
Preparing Data Flow Diagrams 110
The Narrative 110
Table of Entities and Activities 111
Drawing the Context Diagram 113
Drawing the Current Logical Data Flow
Diagram 117
Preparing Systems Flowcharts 121
Drawing Systems Flowcharts 122
Documenting Enterprise Systems 126
Databases and Business Events 139
Database Management Systems 140
Logical versus Physical Database
Models 140
Overcoming the Limitations of the
Applications Approach 144
Database Essentials 145
Logical Database Models 145
Elements of Relational Databases 147
Normalization in Relational Databases 148
Using Entity-Relationship Models 155
Using DBMS and Intelligent Systems to AID
Decision Makers 160
Decision Support Systems, Executive
Information Systems, and Group Support
Model Constraints 182REA Data Models and E-R Diagrams 184Relational Databases 186
Relational Database Concepts 186Mapping an REA Model to a RelationalDBMS 187
SQL: A Relational Database QueryLanguage 191
Constructing Relational Databases 193Updating the Database 194
Basic Querying Commands 196Generating Standard Reports 198Summary 201
Key Terms 201Review Questions 201Discussion Questions 202Problems 203
PART 3ENTERPRISE RISK MANAGEMENT
7 Controlling Information Systems:Introduction to Enterprise RiskManagement and InternalControl 206
Synopsis 207Organizational Governance 207Enterprise Risk Management 208Sarbanes-Oxley Act 212Defining Internal Control 216The COSO Definition of InternalControl 216
Working Definition of InternalControl 218
Fraud and Its Relationship to Control 221Implications of Computer Fraud andAbuse 222
Ethical Considerations and the ControlEnvironment 224
A Framework for Assessing the Design of aSystem of Internal Control 226
Control Goals of Operations Processes 228Control Goals of Information
Processes 228Control Plans 232Summary 235Key Terms 235Review Questions 236
Trang 22A Hypothetical Computer System 247
The Information Systems
Organization 248
Four Broad IT Control Process
Domains 249
Plan and Organize Domain 252
IT Process 1: Establish Strategic Vision for
Information Technology 252
IT Process 2: Develop Tactics to Plan,
Communicate, and Manage Realization of
the Strategic Vision 253
Acquire and Implement Domain 260
IT Process 3: Identify Automated
Deliver and Support Domain 263
IT Process 7: Deliver Required IT
Monitor and Evaluate Domain 272
IT Process 10: Monitor and Evaluate the
9 Controlling Information Systems:
Business Process and Application
Controls 284
Synopsis 285
Introduction 285
The Control Framework 285
The Control Matrix 285
Steps in Preparing the Control
Matrix 287
Sample Control Plans for Data Input 292
Control Plans for Manual and AutomatedData Entry 294
System Description and Flowchart 294Applying the Control Framework 295Control Plans for Data Entry withBatches 300
System Description and Flowchart 300Applying the Control Framework 302Summary 311
Key Terms 312Appendix 9A 312Data Encryption and Public KeyCryptography 312
Review Questions 317Discussion Questions 317Problems 318
PART 4BUSINESS PROCESSES
10 The Order Entry/Sales (OE/S)Process 328
Synopsis 329Introduction 329Process Definition and Functions 330Organizational Setting 330
A Horizontal Perspective 330
A Vertical Perspective 332Managing the OE/S Process: SatisfyingCustomer Needs 333
Decision Making and Kinds ofDecisions 334
Using Data Mining to SupportMarketing 334
Mastering Global E-Business 335Customer Relationship Management (CRM)Systems 337
Logical Description of the OE/S Process 339Logical Data Flow Diagrams 339
Logical Data Descriptions 346Logical Database Design 347Physical Description of the OE/S Process 350Electronic Data Capture 350
Digital Image Processing 350The OE/S Process 351Management Reporting 353Application of the Control Framework 354Control Goals 354
Recommended Control Plans 355Summary 362
Key Terms 363Review Questions 363Discussion Questions 364Problems 365
Trang 2311 The Billing/Accounts Receivable/Cash
Receipts (B/AR/CR) Process 374
The Fraud Connection 381
Logical Process Description 382
Logical Data Flow Diagrams 382
Logical Data Descriptions 388
Logical Database Design 390
Types of Billing Systems 394
Physical Process Description of the Billing
Function 394
The Billing Process 394
Selected Process Outputs 396
Application of the Control Framework for the
Billing Function 396
Control Goals 396
Recommended Control Plans 398
Physical Process Description of the Cash
Receipts Function 400
Application of the Control Framework for the
Cash Receipts Function 401
Logical Process Description 428
Discussion and Illustration 428
Logical Data Descriptions 436
Logical Database Design 436
Technology Trends and Developments 439
Physical Process Description 439
Discussion and Illustration 440
The Fraud Connection 445
Application of the Control Framework to
13 The Accounts Payable/CashDisbursements (AP/CD) Process 462
Synopsis 463Introduction 463Process Definition and Functions 463Organizational Setting 464
A Horizontal Perspective 464
A Vertical Perspective 465Logical Process Description 467Discussion and Illustration 467Processing NoninvoicedDisbursements 470Logical Data Descriptions 472Logical Database Design 472Technology Trends and Developments 477Physical Process Description 478
Discussion and Illustration 480Exception Routines 480The Fraud Connection 482Nonfraudulent Losses 483Application of the Control Framework 484Control Goals 484
Recommended Control Plans 486Summary 488
Key Terms 490Review Questions 490Discussion Questions 490Problems 491
14 The Human Resources (HR)Management and PayrollProcesses 498
Synopsis 499Introduction 499Process Definition and Functions 500Definition of the HR ManagementProcess 500
Definition of the Payroll Process 501Integration of the HR Management andPayroll Processes 501
The HR Management Process 502Organizational Setting and ManagerialDecision Making 503
Technology Trends andDevelopments 503
Trang 24Implementing the HR Management
Process 505
Key Data Tables 511
The Payroll Process 511
Organizational Setting 511
Logical Description of the Payroll
Process 511
Implementing the Payroll Process 516
The Fraud Connection 520
Application of the Control Framework 521
Production Process Innovation 541
Supply Chain Management 542
Management Accounting Systems 543
Integrated Production Processes (IPP) 545
Design Product and Production
Processes 545
Generate Master Production
Schedule 548
Determine Needs for Materials 550
Develop Detailed Production
Instructions 552
Manufacturing (Production Work
Centers) 553
Record Manufacturing Events 555
Generate Managerial Information 556
Cost Accounting: Variance Analysis 558
Record Standard Costs 559
Compute Raw Material Quantity
Variance 559
Compute Direct Labor Variances 561
Close Manufacturing Orders 562
Compute Manufacturing Overhead
Variances 562
Inventory Management 562
Decision Makers and Types of
Decisions 563
The Fraud Connection 564
Inventory Process Controls 565
Summary 567
Key Terms 568
Review Questions 568
Discussion Questions 569Problems 570
PART 5REPORTING WITH AND ACQUIRINGACCOUNTING INFORMATION SYSTEMS
16 The General Ledger and BusinessReporting (GL/BR) Process 573
Synopsis 574System Definition and Functions 574Organizational Setting 575
Horizontal Perspective of the GeneralLedger and Business ReportingProcess 575
Horizontal and Vertical InformationFlows 579
Logical System Description 579Discussion and Illustration 579The General Ledger Master Data 584Coding the General Ledger
Chart of Accounts 584Limitations of the General LedgerApproach 585
Technology-Enabled Initiatives in BusinessReporting 586
ERP Financial Module Capability 587Balanced Scorecard 588
Business Intelligence 589eXtensible Business Reporting Language(XBRL) 589
The Sarbanes-Oxley Act 592Current Environment for ExternalFinancial Reporting 593Summary 593
Key Terms 594Review Questions 594Discussion Questions 595Problems 595
17 Acquiring and ImplementingAccounting InformationSystems 597
Synopsis 598Introduction 599Acquiring an AIS from External Parties 599Managing the Systems Development
Process 600Systems Development Methodology 600Systems Survey 601
Structured Systems Analysis 604
Trang 25Systems Analysis Definition and Tasks 604
Complete and Package the Approved
Systems Analysis Document 608
Systems Selection 609
The Systems Selection Deliverable: The
Approved Configuration Plan 609
Hardware Acquisition Alternatives 610
Structured Systems Design 615
Definition and Goals 615
Systems Implementation 616
Post-Implementation Review 621
Systems Maintenance 622Accountant Involvement in AIS Development/Acquisition 623
Summary 625Key Terms 625Review Questions 626Discussion Questions 626Problems 628
Glossary 633Index 649
Trang 26Introduction to Accounting
Information Systems
At the beginning of your journey to acquire knowledge about accounting information
systems (AISs), you should be aware of the importance of the topic to you, personally,
and your long-term success as an accountant To emphasize this importance, consider
the following excerpt, relating to technology, from the Occupational Outlook Handbook for
accountants and auditors:
As computer systems make information timelier, internal auditors help managers to base
their decisions on actual data, rather than personal observation Internal auditors also
may recommend controls for their organization’s computer system, to ensure the
reliability of the system and the integrity of the data
Computers are rapidly changing the nature of the work of most accountants and
auditors With the aid of special software packages, accountants summarize transactions
in standard formats used by financial records and organize data in special formats
employed in financial analysis These accounting packages greatly reduce the amount of
tedious manual work associated with data management and recordkeeping Computers
enable accountants and auditors to be more mobile and to use their clients’ computer
systems to extract information from databases and the Internet As a result, a growing
Learning Objectives
After reading this chapter, you should be able to:
l Appreciate the complex, dynamic environment in which accounting
is practiced
l Know the AIS and its relationship to the organization’s business
processes
l Know the attributes of information
l Recognize how information is used for different types of decisions
and at various levels in the organization
l Recognize how the information system supports the management
function
l Recognize the accountant’s role in relation to the current
environment for the AIS
l Understand how to use this textbook effectively to learn AIS
1
Trang 27number of accountants and auditors with extensive computer skills are specializing incorrecting problems with software or in developing software to meet unique datamanagement and analytical needs Accountants also are beginning to perform moretechnical duties, such as implementing, controlling, and auditing systems and networks,developing technology plans, and analyzing and devising budgets.1
In other words, technology is making information available to improve decisions for alldecision makers—at the same time making the job of an accountant more interestingand challenging, as well as providing new opportunities for you
This chapter introduces the concept of technology applied to accounting Thematerial presented here, as well as throughout the text is essential to your success as anaccountant Invariably, when we see students after they graduate and have been workingfor a couple of years, comments start flowing that reinforce the topics covered in thistext ‘‘I use the information from your class constantly in my job.’’ ‘‘I actually draw dataflow diagrams as part of our systems documentation.’’ ‘‘I was in a meeting with mymanager and was the only person that understood the technology concepts being dis-cussed.’’ Why do you think we repeatedly hear these and many similar comments?Technology and accounting cannot be separated in today’s businesses Read on toprepare for a successful accounting career
Synopsis
In this chapter, we introduce you to the subject of accounting information systems(AIS), describe the importance of AIS to your future success, and lay out some importantterms and concepts that we will use throughout the text We begin by presenting a view
of the practice of accounting You will see that accountants today are shifting their focusfrom being business accountants and auditors to being information management andbusiness measurement professionals providing value-added services to their organ-izations and clients This view, rooted in changes in information technology andchanges in a volatile business environment, reflects the practice of accounting for those
on the leading edge of their profession Next, we define and explain AIS and its tionship to the organization Then, we describe the qualities that information mustpossess to drive the organization and enable the performance of key managementfunctions We also discuss organization-wide and information systems-specific strategicplans and how these must be coordinated to ensure that the organizations’ and theinformation systems’ objectives are in sync Finally, we summarize the role of theaccountant in today’s business environment
rela-Throughout the text, we will present three themes to connect our discussions totopics that are currently of great interest to accountants These themes are enterprisesystems and enterprise resource planning (ERP) systems—such as those sold by SAP1
,Oracle1
, SageTM, and Microsoft1
; e-business, including retail e-business such asAmazon.com1
and wholesale electronic marketplaces such as Covisint.com (operated
by the Big Three, and other auto manufacturers); and internal control—those businesspractices that keep an organization out of trouble and heading toward achievement ofits objectives We introduced these in the Preface and discuss them further later in thischapter
1 This specific document was produced by the US Department of Labor, Bureau of Labor Statistics (http:// www.bls.gov/oco/ocos001.htm, accessed May 2, 2006) Many other countries produce documents, indi- cating similar expectations.
Trang 28At the start of this chapter, we introduced the impact of technology and how it will affect
your role as an accountant, but the impact extends well beyond accounting The
Occupational Outlook Handbook suggests that technology improves information available
for decision making—this means that ALL decision makers within an organization
benefit from accounting technology—this is not limited to accountants For example,
sales managers can make better decisions because the sales and collections information
from the computerized accounting system is timelier The ability to automate controls
means that the data should be more reliable, which is another benefit for the entire
organization
Accountants with technology skills are using computers to reduce the mundane part
of their work, which allows them to be more efficient in their work This efficiency
means these accountants have time to do more interesting work and at the same time be
more valuable to their employers Now that you understand the importance of
tech-nology within accounting, let’s begin exploring accounting information systems
This chapter provides you with some basics that are used throughout the text Our
introduction to AIS continues with some background material and definitions We
define and describe AIS, depict it as a major part of business processes and an
organi-zation, and describe the critical functions that an AIS performs in an organization Some
of the terms in this chapter may not be familiar to you Don’t let that worry you at this
point We will define and illustrate these terms later in the book
The Textbook’s Three Themes
Enterprise Systems
Before digging into the material, you should understand the importance of the three
themes in this book and how they will be included in the discussions throughout this
text The three themes—enterprise systems, e-business, and internal control—were
introduced and defined in the Preface Enterprise systems integrate the business
process and information from all of an organization’s functional areas, such as marketing
and sales, cash receipts, purchasing, cash disbursements, human resources, production
and logistics, and business reporting (including financial reporting) Enterprise resource
planning (ERP) systems are software packages that can be used for the core systems
necessary to support enterprise systems It is critical that accountants understand these
systems because they will be members of the teams that will install and operate systems
in their organizations To install an enterprise system, the business processes of an
organization must be understood and documented If necessary, the business processes
must be changed and then mapped to the enterprise system A major part of the
installation project is the configuration of the enterprise system to tailor it to the
business processes As consultants, business process owners, system users, or auditors,
we must understand these systems and be able to install, use, and audit them Enterprise
systems are described more fully in Chapter 2 and are discussed throughout the
remainder of the book
E-Business
E-business is the application of electronic networks (including the Internet) to
undertake business processes between individuals and organizations These processes
include interaction between back-office (i.e., internal) processes, such as distribution,
manufacturing, and accounting; and front-office (i.e., external) processes, such as those
that connect an organization to its customers and suppliers E-business has created
entirely new ways of working within and across organizations For example,
organ-izations are buying and selling goods and services at virtual marketplaces This changes
Trang 29how organizations identify customers and select vendors It should change how theydetermine the costs of acquiring goods from a vendor and what price(s) they shouldcharge their customers for their products Obviously, accountants need to be aware ofthe opportunities and risks associated with this new way of doing business E-business isexplained more fully in Chapter 3 and discussed throughout the remainder of the book.
Controls Internal control is a process—effected by an entity’s board of directors, management,
and other personnel—designed to provide reasonable assurance of objectives in thefollowing categories: efficiency and effectiveness of operations, reliable reporting, andcompliance with applicable laws and regulations For example, controls ensure that anorganization’s products (its inventory) are not stolen and that the organization does nothave too much inventory (perhaps a waste of resources) or too little inventory (leading,perhaps, to a lost opportunity to sell the product) Although management has theresponsibility for an organization’s system of internal control, the accountant and otherbusiness process owners are given the responsibility to affect the system of control.Therefore, it is incumbent on all managers and accountants to know how to use controls
to ensure achievement of the organization’s goals In Chapter 7, we introduce internalcontrol and then apply it throughout the remainder of the book
Beyond Debits and CreditsControls Have your accounting studies to date convinced you that the most serious problem you
may face in your career is that your trial balance doesn’t balance? If so, here are a couple
of examples that might persuade you otherwise It wasn’t too long ago that the dures used to process credit card sales were completely manual A sales clerk wouldprepare the credit card slip by hand, run it through a machine to imprint your name andaccount number, and—to reduce the possibility of credit card fraud—look up yourcredit card number in a book that listed stolen credit cards But, this book was printedonly periodically and could never be up-to-date Soon a procedure was developedwhereby clerks would call the credit card companies for approval of a purchase.Although this took longer, the selling merchants were able to assure themselves that thecredit card had not been reported stolen and that sufficient credit was available on thecustomer’s account Finally, the system evolved to what we have today: approvals areobtained automatically by connecting directly (i.e., online) to the credit card company.This method is used to ensure that the merchant and the credit card company get paidfor the sale As you will learn in Chapter 10, an accountant can’t book a sale unless it islikely that they will get paid for the sale
proce-E-Business Many of you are familiar with a different control problem that exists today—the
purchase of items using credit cards on the Internet You can read the statistics aboutindividuals who do not want to buy on the Internet because they fear that their privateinformation, especially their credit card number, is not secure Controls have been put
in place to protect the consumer, merchant, and credit card company (you’ll read aboutthem in Chapters 3, 8, and 9) Still, fraudulent transactions occur and millions of dollarsare lost Again, controls are used to protect the assets of the organization and ensure theeffectiveness of operations After all, if customers aren’t confident in the security of amerchant’s Web site they will go elsewhere with their purchases
Another example comes from a large multinational company in the health careindustry The company acquired a new, large division after having just installed an ERPsystem in all of its worldwide operations After installing the ERP system in the newdivision, the data related to the previous year’s purchases and sales for the entirecompany, including the new division, were exported from the ERP system into a
Enterprise
Systems
Trang 30separate database (i.e., a data warehouse, as will be explained in Chapter 5) The cost
accountants were then asked to analyze the costs and selling prices for a line of products
and to suggest a new pricing structure that would make sense in light of the
incorpo-ration of the products from the new division To accomplish this task, the cost
accountants needed to know how the data was defined and stored in the ERP systems,
how it had been exported, and finally how to get it out of the data warehouse in a form
that they could use What seemed like a simple analysis, one that would be performed all
the time by a staff accountant, became something quite different!
These examples demonstrate that knowledge of traditional accounting concepts is
not enough to succeed in today’s business environment; the underlying technology is a
critical part of any accountant’s job These examples indicate challenges for you, while
offering opportunities to those who learn in this course to be effective information
management and business measurement professionals
Legal Issues Impacting Accountants
Inherent in the work of accountants, and therefore in the study of accounting and
information systems, is the compliance with laws and regulations One such law, the
Sarbanes-Oxley Act of 2002 (SOX), has dramatically changed the daily work of financial
accountants, auditors, and many others as well
The Sarbanes-Oxley Act of 2002
At this point in your academic career, you have probably studied the Sarbanes-Oxley Act
(SOX) and the impact on publicly traded companies.2Because of your prior knowledge,
the discussion at this point is limited to Sections 404 and 409 and their applicability to
the study of AIS
Section 404 of the Sarbanes-Oxley Act means changes for both auditors and the
companies that they audit To comply with SOX, management must identify, document,
and evaluate significant internal controls Auditors must then audit and report on
managements’ assertions about the organizations’ systems of internal control These
requirements represent significant expansions of the internal control-related roles of
management and auditors These responsibilities are increasing at the same time that
computer-based systems are becoming more sophisticated, thus adding to the
com-plexity of the systems of internal control It is important that you understand the systems
to comply with SOX
Section 409 of the SOX requires disclosure to the public on a ‘‘rapid and current
basis’’ of material changes in an organization’s financial condition Compliance with this
section requires the application of legal, financial, and technical expertise to ensure that
the organization’s accounting information systems are able to produce financial data in a
timely and accurate manner Who else but the accountant, armed with the latest
knowledge of accounting and information technology, can ensure compliance with these
provisions of SOX?
Challenges and Opportunities for the Accountant Are you preparing yourself to
be effective in the future? Will you be able to adapt to advances in technology, and
will you look ahead and prepare yourself to take advantage of technology
improve-ments? Could you perform the analysis of the cost and price data described in the
previous section? Could you help assess the risks and benefits related to an
organ-ization’s e-business and develop the controls necessary to ensure a secure and reliable
Web presence? Could you consult with management to help them comply with SOX
2 For the full text of the Sarbanes-Oxley Act of 2002, see http://www.sec.gov/about/laws/soa2002.pdf.
Trang 31Section 404 or audit managements’ internal control assertions? What do your nology abilities mean to you personally? Possibly, your abilities may mean more jobopportunities and money One recent article suggests some organizations are quad-rupling their staffs of IT auditors Additionally, salary increases are from 7 percent(for entry level auditors) to as much as 30 percent when an experienced IT auditorchanges jobs!3We intend to help you prepare to use the available technology and toparticipate in planning for and growing with the technology.
tech-Management accountants and internal auditors find themselves buying, using, andevaluating complex computer-based information systems Financial accountants must besure that their accounting information systems can produce financial statements tocomply with the SOX Section 409 The management accountant must be sure that anew information system has the necessary features, such as controls and the ability toaccess data and to trace data from input to output Also, these information systems must
be protected from fraud and other abuses How effectively you use technology to form these functions will determine how well you can do your job That may determinethe very survival of your company in a competitive, international marketplace
per-Technology is also influencing public accounting firms The business-consultingunits of the Big Four public accounting firms have accounted for a significant per-centage of the firms’ business and were growing faster than the accounting, auditing,and tax portions of their businesses The consulting units of three of these firms havebeen split off from the ‘‘accounting’’ portions of the firms (Ernst & Young Consultingwas acquired by Cap GeminiTM
, KPMG Consulting became BearingPointTM
, and theconsulting division of PricewaterhouseCoopers was sold to IBM1) Still, the growthportion of the remaining ‘‘accounting’’ firms will remain in their value-added, businessadvising lines For example, a major line of business for these firms has been to assisttheir clients in complying with SOX Section 404.4You should not be surprised to findthe need for strong technology skills continuing in these firms Also, the new consultingfirms will be recruiting personnel with accounting and technology skills If you aspire to
a career in public accounting, your success in the consulting segment of public practicewill depend on your knowledge and experience in relatively technical areas that, at firstglance, are far from the practice of accounting
Independent auditors are faced with deciding on the ‘‘reasonableness’’ of financialstatements produced from data contained in the information system As an auditor, youwill be asked to execute your audit tasks and to provide additional ‘‘value-added’’ service
to the client You will, for example, provide your client with advice on improvingoperations and reducing risks Successful public accounting firms provide cost-effectiveaudits along with broader, high-quality service to the client
These conclusions were confirmed by the report of a project sponsored by theAmerican Accounting Association, the American Institute of Certified Public Account-ants, the Institute of Management Accountants, and the Big Five (there were five at thetime) public accounting firms Practitioners surveyed reported that accounting graduateswould need to be able to provide services in the areas of financial analysis, financialplanning, financial reporting, strategic consulting, and systems consulting.5
3 Sarah E Needleman, ‘‘Sarbanes-Oxley Creates Special Demand; Need for Veteran IT Auditors Intensifies Amid Tightened Financial-Reporting Rules.’’ The Wall Street Journal, May 16, 2006, p B8.
4 The type of service performed depends on whether the work is performed for an audit client.
5 W Steve Albrecht and Robert J Sack, Accounting Education: Charting the Course Through a Perilous Future (Sarasota, FL: American Accounting Association, 2000): 15.
Trang 32Historically, the accountant has performed an attest function to determine the
reliability of financial information presented in printed financial statements This role is
expanding to include the following:
l Nonfinancial information (for example, accountants might help determine
occu-pancy rates for hotels or apartment complexes)
l Use of information technology to create or summarize information from databases
l Information interpretation to determine the quality and relevance of information to be
used for decision making (for example, evaluating information for the assessment of risk)
The Assurance Services Executive Committee of the American Institute of Certified
Public Accountants (AICPA) identifies, develops, and promotes nonaudit assurance
services that can be offered by accountants.6These services include the following:
l Risk assessment (CPA Risk Advisory Services)
l Business performance measurement (CPA Performance View)
l Information systems reliability (SysTrust, see Chapter 3)
l Electronic commerce (WebTrust, see Chapter 8)
l PrimePlus Services (Financial care of the elderly)
Development of these services has been a joint effort between the AICPA and the
Canadian Institute of Chartered Accountants (CICA) In addition to the development of
these assurance services, the AICPA has, in cooperation with CPAs across the United
States and other professional organizations, proposed a vision of the profession’s future
called the CPA Vision Project.7Three of the five core services proposed in the project
involve information technology They include ‘‘assurance and information integrity,’’
‘‘management consulting and performance measurement,’’ and ‘‘technology services.’’
Among the core competencies that will be required of those performing these services are
‘‘interpretation of converging information’’ (able to interpret and provide a broader context
using financial and nonfinancial information) and ‘‘technology adept’’ (able to utilize and
leverage technology in ways that add value to clients, customers, and employers)
Finally, the AICPA has created a credential, the certified information technology
professional (CITP), to recognize CPAs who can provide skilled advice on using IT to
implement business strategy.8 Skills necessary to obtain this accreditation include
(chapter coverage in this text is shown in parentheses) the following:
l An understanding of project management (Chapter 17)
l Familiarity with IT and business processes (IT throughout the text, business
pro-cesses in Chapters 10 through 16)
l Competence in technology (throughout the text)
Components of the Study of AIS
Figure 1.1 (pg 8) depicts the elements central to our study of AIS Many should be
familiar to you, and many have been introduced earlier in this chapter We will briefly
discuss each element, with special emphasis on how the accountant is affected Before
6 See http://www.aicpa.org/ for a description of the assurance services and other services being defined by the
AICPA See http://www.cica.ca/ for those services being defined by the Canadian Institute of Chartered
Accountants (CICA).
7 See http://www.aicpa.org/vision/index.htm for a description of the CPA Vision project.
8 See http://infotech.aicpa.org/ for a description of the CITP designation.
Trang 33beginning, you should understand two things First, the study of AIS is our broad view,and the accounting information system itself is our narrow view Second, you shouldn’tassign any meaning to the placement of the elements in Figure 1.1 The figure just tellsyou that there are 10 elements.
l Technology Your ability to plan and manage business operations depends partly onyour knowledge of the technology available For instance, can we manage productionwithout knowledge of robotics? It goes without saying that technological develop-ments have a profound effect on information systems; enterprise systems, ERPsystems, e-business, databases, and intelligent systems are but a few examples.Technology provides the foundation on which AIS and business operations rest, andknowledge of technology is critically important to your complete understanding
of the AIS discipline Exhibit 1.1 describes the 10 most important technologicalchallenges and opportunities facing CPAs in 2006 These technologies were selected
by a group of CPAs and other professionals recognized as technology leaders TheAICPA’s Information Technology Center sponsored this group and published theresults The exhibit indicates where these technologies are discussed in this text
l Databases Your other accounting courses have emphasized accounting as areporting function The full accounting cycle, however, includes data collection andstorage, and these aspects must become part of your knowledge base In addition,important to a complete understanding of AIS are the variety of databases, both
FIGURE 1.1 Elements in the Study of Accounting Information Systems
Business operations Events
processing
Management decision making
Reporting
Systems development and operation
AIS
Databases Technology
Control Communications
Accounting and auditing principles
Trang 34EXHIBIT 1.1 American Association of Certified Public Accountants (AICPA) Top 10 Technology List for 2006
1 Information Security The hardware, software,
pro-cesses, and procedures in place to protect
informa-tion systems from internal and external threats,
including routers, perimeter firewalls, IP strategy,
intrusion detection and reporting, content filtering,
anti-virus, anti-spyware, password management,
vulnerability assessment, patch management,
per-sonal firewalls, wireless security strategies, data
encryption, locked facilities, and user education.
Discussed throughout the text but especially in
Chapters 7 through 16.
2 Assurance and Compliance Applications (e.g., SOX
404, ERM) Collaboration and compliance tools that
enable various stakeholders to monitor, document,
assess, test, and report on compliance with
speci-fied controls Discussed throughout the text but
especially in Chapters 4, and 7 through 9.
3 Disaster and Business Continuity Planning The
development, monitoring, and updating of the
process by which organizations plan for continuity
of their business in the event of a loss of business
information resources due to impairments such
as theft, virus infestation, weather damage,
acci-dents, or other malicious destruction This also
includes business continuation and contingency
planning Discussed in Chapter 8.
4 IT Governance IT governance is a structure of
relationships and processes to direct and control
the enterprise in order to achieve the enterprise’s
goals by adding value, while still balancing risk
versus return over IT and its processes Discussed
in Chapters 7 and 8.
5 Privacy Management Privacy encompasses the
rights and obligations of individuals and
organ-izations with respect to the collection, use,
disclo-sure, and retention of personal information As
more information and processes are being
con-verted to a digital format, this information must be
protected from unauthorized users and from
unau-thorized usage by those with access to the data This
includes complying with local, state, national, and
international laws Discussed in Chapter 3.
6 Digital Identity and Authentication Technologies.
A way to ensure users are who they say they are—
that the user who attempts to perform functions in
a system is in fact the user who is authorized to do
so This includes hardware and software solutions
that enable the electronic verification of a user’s identity or a message’s validity, for example, digi- tal certificates This technology includes the use of bar codes, magnetic stripe, biometrics, tokens, and access control for authentication, nonrepudiation, and authorization Discussed in Chapters 9 and 16.
7 Wireless Technologies Connectivity and transfer of data between devices via the airwaves, that is, without physical connectivity Wireless technologies include Bluetooth (PAN), infrared, WiFi (802.11 WLAN), Wi-Max (802.16), 2.5G & 3G (WWAN), and satellite Discussed in Chapter 3.
8 Application and Data Integration Using current and emerging technologies, including NET, Web Services, Java, XML (the foundation for XBRL), and Ajax, to facilitate integration of data between het- erogeneous applications In its most basic format, XBRL focuses on the agreement to improve gath- ering, analyzing, and sharing business reporting data, for example, updating a field in one applica- tion and having it automatically synchronize with other applications This allows organizations to select and seamlessly integrate ‘‘best of breed’’ applications Discussed in Chapters 2 and 16.
9 Paperless Digital Technologies Document and content management includes the process of cap- turing, indexing, storing, retrieving, searching, and managing documents electronically, including database management (PDF and other formats) Knowledge management then brings structure and control to this information, allowing organizations
to harness the intellectual capital contained in the underlying data Discussed in Chapters 3 and 5.
10 Spyware Detection and Removal Technology that detects and removes programs attempting to cov- ertly gather and transmit confidential user informa- tion without the user’s knowledge or permission Spyware applications are typically bundled as a hidden component of freeware or shareware pro- grams or attached to malicious Web sites Once installed, spyware can monitor user activity, gather information about e-mail addresses, passwords, and credit card numbers in the background, and then transmit this information to someone else Spyware can include Remote Access Trojans (RAT) and root kits Discussed in Chapter 7.
Trang 35private and public; the quantity and type of data available in these databases; andmethods of retrieving those data To perform analysis, to prepare information formanagement decision making, and to audit a firm’s financial records, an accountantmust be able to access and use data from public and private databases Chapters 5and 6 explore the design and use of an organization’s own databases Chapter 3examines the use of public databases.
l Reporting To design reports generated by an information system, the accountantmust know what outputs are required or are desirable Often, the user will prepare areport on an ad hoc basis using powerful report-generating tools or a database querylanguage (discussed in Chapters 5 and 6) These reports often support managementdecisions as well as fulfill certain reporting obligations GAAP-based financial state-ments are but one example of reporting that will be considered in our study of AIS
l Control Traditionally, accountants have been experts on controlling businessprocesses As a practicing accountant, you will probably spend much of your timeproviding such expertise Consider how much more difficult it will be to controlmodern, complex business processes You must develop an understanding of controlthat is specific to the situation at hand, yet is adaptable for the future Control—themeans by which we make sure the intended actually happens—will be introduced inChapter 7 and explored in detail in Chapters 8 and 9 and in the business processchapters, Chapters 10 through 16
The next three elements—business operations, events processing, and managementdecision making—comprise a major focus of this text, business processes The logicalcomponents of business processes are described later in this chapter Knowledge of theseprocesses is essential for success as an accountant, consultant, business process owner, or
IT specialist
l Business operations Organizations engage in activities or operations, such ashiring employees, purchasing inventory, and collecting cash from customers An AISoperates in concert with these business operations Many AIS inputs are prepared byoperating departments—the action or work centers of the organization—and manyAIS outputs are used to manage these operations Therefore, we must analyze andmanage an AIS in light of the work being performed by the organization Forexample, to advise management and to prepare reports for management decisionmaking, a management accountant must understand the organization’s business
l Events processing As organizations undertake their business operations, events,such as sales and purchases, occur Data about these events must be captured andrecorded to mirror and monitor the business operations The events have opera-tional and AIS aspects To design and use the AIS, an accountant must know whatevent data are processed and how they are processed
l Management decision making The information used for a decision must betailored to the type of decision under consideration Furthermore, the information
is more useful if it recognizes the personal management styles and preferences of thedecision maker For instance, the manager of department A prefers to receive amonthly cash flow statement that groups receipts and payments into broad cate-gories The manager of department B, on the other hand, wants to see more detailedinformation in the form of an analysis of payments by vendors Beyond the infor-mation available to managers, many decision makers now use intelligent systems tohelp them make decisions Later in this chapter, we introduce management decisionmaking and then discuss management’s use of the data collected by each businessprocess (Chapters 10 through 16) In Chapter 5, we examine intelligent systems
Trang 36l Systems development and operation The information systems that process
business events and provide information for management decision making must be
designed, implemented, and effectively operated An accountant often participates
in systems development projects He or she may be a user or business process owner
contributing requests for certain functions or an auditor advancing controls for the
new system Choosing the data for a report, designing that report, or configuring an
enterprise system are examples of systems development tasks that can be
accom-plished by an accountant In Chapter 17, we examine systems development and
operation and the accountant’s role in those processes
l Communications To present the results of their endeavors effectively, accountants
must possess strong oral and written communication skills Have your professors
been drumming this message into you? If not, you’ll become acutely aware of
its importance when you enter the job market Unlike in other accounting courses,
there are few right or wrong answers in the study of AIS Throughout this course,
you will be required to evaluate alternatives, to choose a solution, and to defend
your choice Technical knowledge won’t be enough for the last task
l Accounting and auditing principles To design and operate the accounting
sys-tem, an accountant must know the proper accounting procedures and must
understand the audits to which the accounting information will be subjected As an
illustration, suppose you were designing an AIS for the billing function at XYZ, Inc
Would you invoice a customer at the time the customer’s purchase order was
received, or would you wait until XYZ’s shipping department notified you that the
goods had been shipped? We’re confident that you chose the second alternative
What Is an Accounting Information System?
In this section, we suggest a definition for AIS (this is our narrow view of AIS) and
discuss related terms to help you understand the subject matter of this textbook Because
these definitions establish a background for later study, you should read this section
carefully The section begins with a definition of a system and then a discussion of an
AIS The section concludes with an explanation of how the accountant interacts with the
AIS and with the current business environment
Systems and Subsystems
Asystemis a set of interdependent elements that together accomplish specific objectives
A system must have organization, interrelationships, integration, and central objectives
Figure 1.2(a) (pg 12) depicts a system consisting of four interrelated parts that have come
together, or integrated, as a single system, which we have named System 1.0 Each part of
a system—in this case, parts 1.1, 1.2, 1.3, and 1.4—is known as asubsystem Within
limits, any subsystem can be further divided into its component parts or subsystems
Figure 1.2(b) depicts subsystem 1.2 as a system consisting of three subsystems Notice
that we use the term system (versus subsystem) to describe the area of current interest For
example, in a typical university, the College of Business and the College of Engineering
are subsystems of the university system, whereas the School/Department of Accountancy
and the Marketing Department are subsystems of the College of Business system
In Figure 1.2, parts (a) and (b) depict the interrelationships (A through H) in a system;
part (c) depicts the hierarchical organization structure inherent in any system Again,
picture System 1.0 as a university and System 1.2 as the College of Business
Inter-relationship F might be a finance student being sent by the Finance Department (1.2.1)
to the School/Department of Accountancy (1.2.2) for a minor in accounting
Trang 37A system’s central objectives depend on its type—natural, biological, or man-made—and on the particular system For example, the human circulatory system is a biologicalsystem (a subsystem of the human body) whose purpose is to carry blood containingoxygen and carbon dioxide to and from the organs and extremities of the body.Determining the purpose of man-made systems—such as governments, schools, andbusiness organizations—is a matter we must discuss and understand Disagreement overthe basic functions of the government of the United States has always led to spiriteddebate among political parties For example, is the U.S government the ‘‘employer oflast resort’’ and therefore responsible for providing jobs for every citizen? Even when weagree on what the objectives should be, we may disagree on how they should be attained.For example, we might all agree that the objective of a municipal school system is to
‘‘educate the young citizens of the city.’’ However, if you attend a meeting of a localschool board, you probably won’t discover consensus over how to meet that objective.Business organizations usually have more straightforward purposes that are nor-mally related to the ‘‘bottom line.’’ However, many businesses establish goals other thanfinancial return to the owners For example, a business might strive to improve the
FIGURE 1.2 Systems and Subsystems
1.1
1.2
1.3 1.4
A
B C
1.2 1.0
(a)
(c) System 1.0 organization
System: 1.0 Subsystems: 1.1, 1.2, 1.3, 1.4 Interrelationships: A, B, C, D, E
(b) System: 1.2 Subsystems: 1.2.1, 1.2.2, 1.2.3 Interrelationships: F, G, H
Trang 38quality of life of its employees or to use its natural resources responsibly Here is the
bottom line: You must know a business organization’s objectives to understand that
business as a system and to understand the actions and interactions of that business’s
components or subsystems This is a central theme of this study of AIS
The Information System (IS)
Aninformation system (IS)(ormanagement information system [MIS]) is a
man-made system that generally consists of an integrated set of computer-based components
and manual components established to collect, store, and manage data and to provide
output information to users Figure 1.3 depicts the functional components of an IS
Imagine a simple IS used to maintain inventory balances for a shoe store The inputs for
such a system might be receipts of new shoes or sales of shoes; the processing might be
to update (in storage) the inventory records for the particular shoe; and the output might
be a listing of all the kinds and sizes of shoes and their respective recorded balances
That is, a simple IS is directed at the processing of business events
The IS facilitates these operational functions and supports management decision
making by providing information that managers can use to plan and control the
activ-ities of the firm The IS may have advanced elements, such as a database for storage, and
can use decision models to present output information for decision making For
example, assume that, while entering data about shoe sales, you also enter data about
who purchased the shoes, how they paid for the shoes, and why they decided to buy their
shoes at our store You might store those data and periodically print reports useful in
making decisions about advertising effectiveness Or you might decide, on the basis of
analysis of the sales data, to engage in joint advertising campaigns with a credit card
company whose cards are often used in the store
FIGURE 1.3 Functional Model of an Information System
Storage
Users
NOTE:
System outputs result in user actions Some actions (i.e., feedback) in turn become
subsequent system inputs.
Trang 39The Accounting Information System (AIS)
Enterprise
Systems The IS used in the shoe store might have components designed specifically for the
organizational function being supported For example, the IS in the shoe store supportsinventory control (a logistics function) by maintaining records for each shoe stocked inthe store The shoe store IS also supports a sales and marketing function by analyzingsales in a variety of ways Other typical IS components include personnel, production,finance, and accounting However, integrated IS processing, such as that in an enterprisesystem, has allowed the distinctions among these separate systems to become blurred.9
So historically, an IS incorporated a separate accounting information system(AIS), which is a specialized subsystem of the IS The purpose of this separate AIS was
to collect, process, and report information related to the financial aspects of businessevents For example, the input to your AIS might be a sale, such as the shoe sale in theearlier example You process the sale by recording the sales data in the sales journal,classifying the data using a chart of accounts, and posting the data to the general ledger.Periodically, the AIS will output trial balances and financial statements However, giventhe integrated nature of information systems today, seldom is an AIS distinguishedseparately from the IS
This textbook studies the discipline of AIS and takes the view that the AIS oftencannot be distinguished from the IS This view is consistent with our assertion thatcontemporary accountants are information management and business measurementprofessionals Our coverage of AIS is based on the 10 elements of Figure 1.1 (pg 8) Wecover these elements because, as an accountant, your skills must transcend the proc-essing of financial data You must understand the technology and the operating goals ofthe organizational functions for which the financial data are processed For example,supermarket checkout scanners simultaneously collect accounting and operational salesdata Therefore, you must understand sales and marketing goals and the technologyused in operations if you are to effectively operate, analyze, or audit a supermarket’s AIS.These skills become even more critical as organizations evolve toward highly integratedinformation systems, such as enterprise systems In summary, a complete study of the AISshould consider all 10 elements of Figure 1.1 (pg 8)
Finally, just as an IS can be divided into its functional components, the AIS may bedivided into components based on the operational functions supported In the salesexample, the sales data might originate in the billing/accounts receivable/cash receiptssubsystem We call these AIS components the AIS business processes or AIS subsystems Inthis text, we subdivide the AIS into these processes to facilitate the discussions and yourunderstanding of the elements of the AIS These business processes are described inChapters 10 through 16
Logical Components of a Business Process
Figure 1.4 depicts the three logical components of a business process; the mation process is that portion of the overall IS (introduced earlier and depicted inFigure 1.3 on pg 13) related to a particular business process.10In this section, we define
infor-9 These separate IS components and their related business processes are often referred to as ‘‘stovepipes’’ to emphasize that they are separated and may not communicate with each other.
10 Many would use the terms information process and information system interchangeably However, we ask you to think of an information process as the portion of the information system that is related to a particular business process.
Trang 40the other two processes, describe how the three processes work together, and emphasize
the critical role that the management information process plays
The operations process is a man-made system consisting of the people,
equip-ment, organization, policies, and procedures whose objective is to accomplish the work
of the organization Operations processes typically include production, personnel,
marketing and sales, accounting, finance, warehousing, and distribution
Themanagement processis a man-made system consisting of the people, authority,
organization, policies, and procedures whose objective is to plan and control the operations
of the organization The three most prominent management activities are planning,
controlling, and decision making These are discussed in the next section of this chapter
If you follow the flows connecting the three processes of Figure 1.4, you can
under-stand how these processes work together to accomplish the business process’—and
there-fore the organization’s—objectives To focus the discussion, we chose a customer order/
sales event to illustrate Figure 1.4 We will discuss each of the numbered flows in the figure
FIGURE 1.4 A Logical Model of a Business Process
Management
process
Operations process
Information process (IS)
Policies, procedures, personnel hiring
Goods
Sales quotas and IS design specifications
Customer order
Order acknowledgment
Packing slip 6 Invoice 9
7 1
8 Shipping notice
Broken line depicts the organization’s boundary
3 4
Customer
Other external parties
NOTE:
In this particular example, the operations
process comprises warehousing and shipping.