Accounting information systems 7e james hall

B r i e f C o n t e n t sPreface xvii Part I Overview of Accounting Information Systems 1Chapter 1 The Information System: An Accountant’s Perspective 3Chapter 2 Introduction to Transact

Accounting Information Systems

SEVENTH EDITION

JAMES A HALL

Peter E Bennett Chair in

Business and Economics

Lehigh University

Seventh Edition

James A Hall

VP/Editorial Director: Jack W Calhoun

Editor-in-Chief: Rob Dewey

Sr Acquisitions Editor: Matt Filimonov

Editorial Assistant: Lauren Athmer

Developmental Editor: Maggie Kubale

Marketing Manager: Natalie King

Marketing Coordinator: Heather McAuliffe

Associate Content Project Manager: Jana Lewis

Manager of Technology, Editorial: Matt McKinney

Media Editor: Bryan England

Sr Manufacturing Buyer: Doug Wilke

Production Technology Analyst: Starratt Alexander

Production House: Cadmus Communications

Printer: Edwards Brothers

Art Director: Stacy Jenkins-Shirley

Marketing Communications Manager: Libby Shipp

Permissions Acquisition Manager: Roberta Broyer

Cover Designer: Itzhack Shelomi

Cover Image: iStock Photo

Printed in the United States of America

For more information about our products, contact us at: Cengage Learning Academic Resource Center,

1-800-423-0563 For permission to use material from this text or product, submit a request online at http://www.cengage.com/permissions.

South-Western Cengage Learning, a part of Cengage Learning Cengage, the Star logo, and South-Western are trademarks used herein under license.

Library of Congress Control Number: 2009938064 ISBN-13: 978-1-4390-7857-0

ISBN-10: 1-4390-7857-2 Cengage Learning

5191 Natorp Boulevard Mason, OH 45040 USA

B r i e f C o n t e n t s

Preface xvii Part I Overview of Accounting Information

Systems 1Chapter 1 The Information System: An

Accountant’s Perspective 3Chapter 2 Introduction to Transaction

Processing 41Chapter 3 Ethics, Fraud, and Internal Control 111

Part II Transaction Cycles and Business

Processes 151Chapter 4 The Revenue Cycle 153

Chapter 5 The Expenditure Cycle Part I:

Purchases and Cash Disbursements Procedures 217

Chapter 6 The Expenditure Cycle Part II: Payroll

Processing and Fixed Asset Procedures 265

Chapter 7 The Conversion Cycle 305

Chapter 8 Financial Reporting and Management

Reporting Systems 349 Part III Advanced Technologies in Accounting

Information 395Chapter 9 Database Management Systems 397

Chapter 10 The REA Approach to Database

Modeling 459Chapter 11 Enterprise Resource Planning Systems

489Chapter 12 Electronic Commerce Systems 523

iii

Part IV Systems Development Activities 571Chapter 13 Managing the Systems Development

Life Cycle 573Chapter 14 Construct, Deliver, and Maintain

Systems Project 605 Part V Computer Controls and Auditing 663Chapter 15 IT Controls Part I: Sarbanes-Oxley

and IT Governance 665Chapter 16 IT Controls Part II: Security and

Access 703Chapter 17 IT Controls Part III: Systems

Development, Program Changes, and Application Controls 737

Glossary 773

Index 791

C o n t e n t s

Preface xviiAcknowledgments xxviDedication xxvii

Functional Segmentation 16The Accounting Function 19The Information Technology Function 20THE EVOLUTION OF INFORMATION SYSTEM MODELS 24The Manual Process Model 24

The Flat-File Model 25The Database Model 27The REA Model 28Enterprise Resource Planning Systems 31THE ROLE OF THE ACCOUNTANT 31Accountants as Users 32

Accountants as System Designers 32Accountants as System Auditors 32SUMMARY 33

Chapter 2 Introduction to Transaction Processing 41

AN OVERVIEW OF TRANSACTION PROCESSING 42Transaction Cycles 42

ACCOUNTING RECORDS 44Manual Systems 44

The Audit Trail 50

v

Computer-Based Systems 51DOCUMENTATION TECHNIQUES 53Data Flow Diagrams and Entity Relationship Diagrams 53System Flowcharts 57

Program Flowcharts 64Record Layout Diagrams 67COMPUTER-BASED ACCOUNTING SYSTEMS 67Differences between Batch and Real-Time Systems 68Alternative Data Processing Approaches 69

Batch Processing Using Real-Time Data Collection 71Real-Time Processing 74

DATA CODING SCHEMES 74

A System without Codes 74

A System with Codes 76Numeric and Alphabetic Coding Schemes 76SUMMARY 79

APPENDIX 80

Chapter 3 Ethics, Fraud, and Internal Control 111

ETHICAL ISSUES IN BUSINESS 112Business Ethics 112

Computer Ethics 112Sarbanes-Oxley Act and Ethical Issues 116FRAUD AND ACCOUNTANTS 117Definitions of Fraud 117

The Fraud Triangle 118Financial Losses from Fraud 119The Perpetrators of Frauds 120Fraud Schemes 122

INTERNAL CONTROL CONCEPTS AND TECHNIQUES 128SAS 78/COSO Internal Control Framework 132

SUMMARY 137

151

THE CONCEPTUAL SYSTEM 154Overview of Revenue Cycle Activities 154Sales Return Procedures 160

Cash Receipts Procedures 163

Revenue Cycle Controls 166PHYSICAL SYSTEMS 170MANUAL SYSTEMS 171Sales Order Processing 171Sales Return Procedures 174Cash Receipts Procedures 174COMPUTER-BASED ACCOUNTING SYSTEMS 177Automating Sales Order Processing with Batch Technology 177Keystroke 178

Edit Run 180Update Procedures 180Reengineering Sales Order Processing with Real-TimeTechnology 180

Transaction Processing Procedures 180General Ledger Update Procedures 182Advantages of Real-Time Processing 183Automated Cash Receipts Procedures 183Reengineered Cash Receipts Procedures 185Point-of-Sale (POS) Systems 185

Daily Procedures 185End-of-Day Procedures 187Reengineering Using EDI 187Reengineering Using the Internet 188Control Considerations for Computer-Based Systems 188PC-BASED ACCOUNTING SYSTEMS 190

PC Control Issues 190SUMMARY 191APPENDIX 192

Chapter 5 The Expenditure Cycle Part I: Purchases and

Cash Disbursements Procedures 217

THE CONCEPTUAL SYSTEM 218Overview of Purchases and Cash Disbursements Activities 218The Cash Disbursements Systems 225

Expenditure Cycle Controls 228PHYSICAL SYSTEMS 230

A Manual System 230The Cash Disbursements Systems 232COMPUTER-BASED PURCHASES AND CASHDISBURSEMENTS APPLICATIONS 234Automating Purchases Procedures Using Batch ProcessingTechnology 234

Cash Disbursements Procedures 239Reengineering the Purchases/Cash Disbursements System 240Control Implications 242

SUMMARY 243

Chapter 6 The Expenditure Cycle Part II: Payroll

Processing and Fixed Asset Procedures 265

THE CONCEPTUAL PAYROLL SYSTEM 266Payroll Controls 274

THE PHYSICAL PAYROLL SYSTEM 275Manual Payroll System 275

COMPUTER-BASED PAYROLL SYSTEMS 277Automating the Payroll System Using Batch Processing 277Reengineering the Payroll System 279

THE CONCEPTUAL FIXED ASSET SYSTEM 281The Logic of a Fixed Asset System 281

THE PHYSICAL FIXED ASSET SYSTEM 283Computer-Based Fixed Asset System 283Controlling the Fixed Asset System 286SUMMARY 288

THE TRADITIONAL MANUFACTURINGENVIRONMENT 306

Batch Processing System 307Controls in the Traditional Environment 318WORLD-CLASS COMPANIES AND LEANMANUFACTURING 320

What Is a World-Class Company? 320Principles of Lean Manufacturing 320TECHNIQUES AND TECHNOLOGIES THAT PROMOTE LEANMANUFACTURING 322

Physical Reorganization of the Production Facilities 322Automation of the Manufacturing Process 323

ACCOUNTING IN A LEAN MANUFACTURINGENVIRONMENT 326

What’s Wrong with Traditional Accounting Information? 326Activity-Based Costing (ABC) 328

Value Stream Accounting 329INFORMATION SYSTEMS THAT SUPPORT LEANMANUFACTURING 331

Materials Requirement Planning (MRP) 331

Manufacturing Resource Planning (MRP II) 331Enterprise Resource Planning (ERP) Systems 333SUMMARY 334

Chapter 8 Financial Reporting and Management

Reporting Systems 349

THE GENERAL LEDGER SYSTEM 349The Journal Voucher 350

The GLS Database 350GLS Procedures 352THE FINANCIAL REPORTING SYSTEM 352Sophisticated Users with Homogeneous Information Needs 352Financial Reporting Procedures 352

XBRL—REENGINEERING FINANCIAL REPORTING 355XML 355

XBRL 356The Current State of XBRL Reporting 361CONTROLLING THE FRS 362

SAS 78/COSO Control Issues 362Internal Control Implications of XBRL 364THE MANAGEMENT REPORTING SYSTEM 365FACTORS THAT INFLUENCE THE MRS 365Management Principles 365

Management Function, Level, and Decision Type 368Problem Structure 370

Types of Management Reports 371Responsibility Accounting 374Behavioral Considerations 378SUMMARY 380

Information 395

OVERVIEW OF THE FLAT-FILE VERSUS DATABASEAPPROACH 398

Data Storage 398Data Updating 398Currency of Information 399Task-Data Dependency 399The Database Approach 399Flat-File Problems Solved 400

Controlling Access to the Database 400The Database Management System 400Three Conceptual Models 401

ELEMENTS OF THE DATABASE ENVIRONMENT 401Users 401

Database Management System 401Database Administrator 404The Physical Database 407THE RELATIONAL DATABASE MODEL 407Relational Database Concepts 408

Anomalies, Structural Dependencies, and Data Normalization 412DESIGNING RELATIONAL DATABASES 419

Identify Entities 419Construct a Data Model Showing Entity Associations 421Add Primary Keys and Attributes to the Model 422Normalize Data Model and Add Foreign Keys 422Construct the Physical Database 423

Prepare the User Views 424Global View Integration 427DATABASES IN A DISTRIBUTED ENVIRONMENT 427Centralized Databases 428

Distributed Databases 429SUMMARY 433

ENTERPRISE-WIDE REA MODEL 470Step 1 Consolidate the Individual Models 470Step 2 Define Primary Keys, Foreign Keys, and Attributes 475Step 3 Construct Physical Database and Produce User Views 477REA and Value Chain Analysis 481

REA Compromises in Practice 482SUMMARY 482

Chapter 11 Enterprise Resource Planning Systems 489

WHAT IS AN ERP? 490ERP Core Applications 491Online Analytical Processing 492ERP SYSTEM CONFIGURATIONS 492Server Configurations 492

OLTP Versus OLAP Servers 493Database Configuration 496Bolt-on Software 496DATA WAREHOUSING 497Modeling Data for the Data Warehouse 497Extracting Data from Operational Databases 498Cleansing Extracted Data 498

Transforming Data into the Warehouse Model 500Loading the Data into the Data Warehouse Database 501Decisions Supported by the Data Warehouse 501Supporting Supply Chain Decisions from the Data Warehouse 502RISKS ASSOCIATED WITH ERP IMPLEMENTATION 503Big Bang Versus Phased-in Implementation 503

Opposition to Changes in the Business’s Culture 504Choosing the Wrong ERP 504

Choosing the Wrong Consultant 505High Cost and Cost Overruns 506Disruptions to Operations 507IMPLICATIONS FOR INTERNAL CONTROLAND AUDITING 507

Transaction Authorization 507Segregation of Duties 508Supervision 508

Accounting Records 508Independent Verification 508Access Controls 509

Internal Control Issues Related to ERP Roles 509Contingency Planning 511

SUMMARY 512APPENDIX 512

INTRAORGANIZATIONAL NETWORKS AND EDI 524INTERNET COMMERCE 524

Internet Technologies 524

Protocols 527Internet Protocols 528Benefits from Internet Commerce 530RISKS ASSOCIATED WITH ELECTRONIC COMMERCE 532Intranet Risks 532

Internet Risks 533Risks to Consumers 533SECURITY, ASSURANCE, AND TRUST 539Encryption 539

Digital Authentication 540Firewalls 542

Seals of Assurance 542IMPLICATIONS FOR THE ACCOUNTING PROFESSION 543Privacy Violation 543

Continuous Auditing 544Electronic Audit Trails 545Confidentiality of Data 545Authentication 545Nonrepudiation 545Data Integrity 545Access Controls 545

A Changing Legal Environment 546SUMMARY 546

APPENDIX 546

Chapter 13 Managing the Systems Development Life

Cycle 573

THE SYSTEMS DEVELOPMENT LIFE CYCLE 574Participants in Systems Development 575

SYSTEMS STRATEGY 576ASSESS STRATEGIC INFORMATION NEEDS 576Strategic Business Needs 576

Legacy Systems 577User Feedback 577DEVELOP A STRATEGIC SYSTEMS PLAN 580CREATE AN ACTION PLAN 580

The Learning and Growth Perspective 581The Internal Business Process Perspective 582

The Customer Perspective 582The Financial Perspective 582Balanced Scorecard Applied to IT Projects 582PROJECT INITIATION 583

SYSTEMS ANALYSIS 583The Survey Step 583The Analysis Step 586CONCEPTUALIZATION OF ALTERNATIVE DESIGNS 587How Much Design Detail Is Needed? 587

SYSTEMS EVALUATION AND SELECTION 589Perform a Detailed Feasibility Study 589

Perform Cost-Benefit Analysis 590Prepare Systems Selection Report 595Announcing the New System Project 596User Feedback 597

THE ACCOUNTANT’S ROLE IN MANAGING THE SDLC 597How Are Accountants Involved with SDLC? 597

The Accountant’s Role in Systems Strategy 598The Accountant’s Role in Conceptual Design 598The Accountant’s Role in Systems Selection 598SUMMARY 598

Chapter 14 Construct, Deliver, and Maintain Systems

Project 605

IN-HOUSE SYSTEMS DEVELOPMENT 606Tools for Improving Systems Development 606CONSTRUCT THE SYSTEM 610

The Structured Design Approach 610The Object-Oriented Design Approach 610System Design 615

Data Modeling, Conceptual Views, and Normalized Tables 615Design Physical User Views 615

Design the System Process 622Design System Controls 625Perform a System Design Walk-Through 625Program Application Software 626

Software Testing 627DELIVER THE SYSTEM 628Testing the Entire System 628Documenting the System 628Converting the Databases 630Converting to the New System 630

Postimplementation Review 631The Role of Accountants 633COMMERCIAL PACKAGES 633TRENDS IN COMMERCIAL PACKAGES 633Advantages of Commercial Packages 635

Disadvantages of Commercial Packages 635CHOOSING A PACKAGE 635

MAINTENANCE AND SUPPORT 639User Support 639

Knowledge Management and Group Memory 639SUMMARY 640

APPENDIX 640

Chapter 15 IT Controls Part I: Sarbanes-Oxley

and IT Governance 665

OVERVIEW OF SOX SECTIONS 302 AND 404 666Relationship between IT Controls and Financial Reporting 666Audit Implications of Sections 302 and 404 667

IT GOVERNANCE CONTROLS 671ORGANIZATIONAL STRUCTURE CONTROLS 671Segregation of Duties within the Centralized Firm 672The Distributed Model 674

Creating a Corporate IT Function 675Audit Objectives Relating to Organizational Structure 676Audit Procedures Relating to Organizational Structure 676COMPUTER CENTER SECURITY AND CONTROLS 677Computer Center Controls 677

DISASTER RECOVERY PLANNING 679Providing Second-Site Backup 680

Identifying Critical Applications 681Performing Backup and Off-Site Storage Procedures 681Creating a Disaster Recovery Team 682

Testing the DRP 683Audit Objective: Assessing Disaster Recovery Planning 683Audit Procedures for Assessing Disaster Recovery Planning 683OUTSOURCING THE IT FUNCTION 683

Risks Inherent to IT Outsourcing 684Audit Implications of IT Outsourcing 685SUMMARY 687

APPENDIX 687

Chapter 16 IT Controls Part II: Security and Access 703

CONTROLLING THE OPERATING SYSTEM 704Operating System Objectives 704

Operating System Security 704Threats to Operating System Integrity 705Operating System Controls and Test of Controls 705CONTROLLING DATABASE MANAGEMENT SYSTEMS 710Access Controls 710

Backup Controls 712CONTROLLING NETWORKS 713Controlling Risks from Subversive Threats 713Controlling Risks from Equipment Failure 721ELECTRONIC DATA INTERCHANGE (EDI) CONTROLS 722Transaction Authorization and Validation 723

Access Control 724EDI Audit Trail 724SUMMARY 726APPENDIX 726

Chapter 17 IT Controls Part III: Systems Development,

Program Changes, and Application Controls 737

SYSTEMS DEVELOPMENT CONTROLS 738Controlling Systems Development Activities 738Controlling Program Change Activities 740Source Program Library Controls 740The Worst-Case Situation: No Controls 741

A Controlled SPL Environment 741APPLICATION CONTROLS 745Input Controls 745

Processing Controls 747Output Controls 750TESTING COMPUTER APPLICATION CONTROLS 752Black Box Approach 753

White Box Approach 753White Box Testing Techniques 756The Integrated Test Facility 759Parallel Simulation 760

SUBSTANTIVE TESTING TECHNIQUES 761The Embedded Audit Module 761

Generalized Audit Software 763SUMMARY 766

Welcome to the Seventh Edition

T he seventh edition of Accounting Information Systems includes a full range of

new and revised homework assignments and up-to-date content changes, as

well as several reorganized chapters All of these changes add up to more

stu-dent and instructor enhancements than ever before As this preface makes clear, we

have made these changes to keep students and instructors as current as possible on

issues such as business processes, systems development methods, IT governance and

strategy, security, internal controls, and relevant aspects of Sarbanes-Oxley legislation

Focus and Flexibility in Designing

Your AIS Course

Among accounting courses, accounting information systems (AIS) courses tend to be

the least standardized Often the objectives, background, and orientation of the

instruc-tor, rather than adherence to a standard body of knowledge, determines the direction

the AIS course takes Therefore, we have designed this text for maximum flexibility:

• This textbook covers a full range of AIS topics to provide instructors with

flexibil-ity in setting the direction and intensflexibil-ity of their courses

• At the same time, for those who desire a structured model, the first nine chapters

of the text, along with the chapters on electronic commerce and computer controls,

provide what has proven to be a successful template for developing an AIS

course

• Earlier editions of this book have been used successfully in introductory,

advanced, and graduate-level AIS courses

• The topics in this book are presented from the perspective of the managers’

and accountants’ AIS-related responsibilities under the Sarbanes-Oxley Act

• Although this book was written primarily to meet the needs of accounting majors

about to enter the modern business world, we have also developed it to be an

effec-tive text for general business and industrial engineering students who seek a

thorough understanding of AIS and internal control issues as part of their

professional education

Key Features

CONCEPTUAL FRAMEWORK

This book employs a conceptual framework to emphasize the professional and legal

responsibility of accountants, auditors, and management for the design, operation, and

control of AIS applications This responsibility pertains to business events that are

nar-rowly defined as financial transactions Systems that process nonfinancial transactions

are not subject to the standards of internal control under Sarbanes-Oxley legislation

Supporting the information needs of all users in a modern organization, however,

requires systems that integrate both accounting and nonaccounting functions While

xvii

providing the organization with unquestioned benefit, a potential consequence of suchintegration is a loss of control due to the blurring of the lines that traditionally separateAIS from non-AIS functions The conceptual framework presented in this book dis-tinguishes AIS applications that are legally subject to specific internal controlstandards.

EVOLUTIONARY APPROACHOver the years, accounting information systems have been represented by a number ofdifferent approaches or models Each new model evolved because of the shortcomingsand limitations of its predecessor An interesting feature in this evolution is that oldermodels are not immediately replaced by the newest technique Thus, at any point intime, various generations of legacy systems exist across different organizations and of-ten coexist within a single enterprise Modern accountants need to be familiar with theoperational characteristics of all AIS approaches that they are likely to encounter.Therefore, this book presents the salient aspects of five models that relate to bothlegacy and state-of-the-art systems:

1 manual processes

2 flat-file systems

3 the database approach

4 the resources, events, and agents (REA) model

5 enterprise resource planning (ERP) systems

EMPHASIS ON INTERNAL CONTROLSThe book presents a conceptual model for internal control based on Statement onAuditing Standards no 78 (SAS 78) and the Committee of Sponsoring Organizations

of the Treadway Commission (COSO) frameworks This SAS 78/COSO model is used

to discuss control issues for both manual processes and computer-based informationsystems (CBIS) Three chapters (Chapters 15, 16 and 17) are devoted to the control ofCBIS Special emphasis is given to the following areas:

• computer operating systems

• database management systems

• electronic data interchange (EDI)

• electronic commerce systems

• ERP systems

• systems development and program change processes

• the organization of the computer function

• the security of data processing centers

• verifying computer application integrityEXPOSURE TO SYSTEMS DESIGN AND DOCUMENTATION TOOLS

This book examines various approaches and methodologies used in systems analysisand design, including:

• structured design

• object-oriented design

• computer-aided software engineering (CASE)

• prototypingxviii Preface

In conjunction with these general approaches, professional systems analysts and

pro-grammers use a number of documentation techniques to specify the key features of

sys-tems The modern auditor works closely with systems professionals during IT audits

and must learn to communicate in their language The book deals extensively with

documentation techniques such as data flow diagrams (DFDs) and entity

relation-ship diagrams (ERDs), as well as system and program flowcharts It contains

numerous systems design and documentation cases and assignments intended to

develop students’ competency with these tools

Significant Changes in the Seventh Edition

Chapter 2, ‘‘Introduction to Transaction Processing’’

This chapter has been updated to include a discussion of data coding schemes and their

role in transaction processing and AIS as a means of coordinating and managing a

firm’s transactions The chapter presents the advantages and disadvantages of the major

types of numeric and alphabetic coding schemes In the sixth edition, this material was

included in Chapter 8; it was moved in this edition because of its relevance as an

ele-ment of transaction processing

Chapter 3, ‘‘Ethic, Fraud, and Internal Control’’

This chapter has been revised to include the most recent research results published by

the Association of Certified Fraud Examiners (ACFE) The ACFE study provides

esti-mates of losses due to fraud, categorizes fraud by various factors, and creates a profile

of fraud perpetrators In addition, the chapter presents an expanded discussion of

com-mon fraud schemes

Chapter 4, ‘‘The Revenue Cycle’’; Chapter 5 ‘‘The Expenditure Cycle Part I:

Purchases and Cash Disbursements Procedures’’; Chapter 6, ‘‘The Expenditure Cycle

Part II: Payroll Processing and Fixed Asset Procedures’’

The end-of-chapter material for these chapters has been significantly revised This

entailed revising all the end-of-chapter internal control cases and creating several new

ones, In particular, great attention was given to internal control case solutions to ensure

consistency in appearance and an accurate reflection of the cases in the text In the

sev-enth edition, all case solution flowcharts are numerically coded and cross-referenced to

text that explains the internal control issues This approach, which has been classroom

tested, facilitates effective presentation of internal control case materials

Chapter 8, ‘‘Financial Reporting and Management Reporting Systems’’

This chapter has been revised to include a discussion of the expanding role of XBRL

(Extendable Business Reporting Language) The chapter outlines the technological

fea-tures of XBRL and points to the advantages it offers organizations for which online

reporting of financial data has become a competitive necessity It also presents a

num-ber of internal control and audit implications that accountants should recognize

Chapter 11, ‘‘Enterprise Resource Planning Systems’’

A significant change to this chapter has been the addition of a SAP internal control

case, available online to all schools that are members of the SAP University Alliance

Program This case teaches students how to navigate the SAP system and allows them

to process revenue, expenditure, and conversion cycle transactions for a hypothetical

company that manufactures and sells classic sports car parts and accessories Important

aspects of the case are its focuses on internal controls and on the establishment of roles

in a SAP environment

Chapter 15, ‘‘IT Controls Part I: Sarbanes-Oxley and IT Governance’’

A major new section in this chapter deals with IT outsourcing It examines the tions and theories underlying outsourcing decisions and speaks to a number of risk issuesthat auditors need to understand The chapter has also been expanded to include a discus-sion of several computer fraud techniques Computer fraud loss estimates vary greatlyamong researchers Uncertainty exists, in part, because computer fraud is itself not welldefined All agree, however, that computer fraud is a rapidly growing phenomenon

motiva-Organization and Content

PART I: OVERVIEW OF ACCOUNTING INFORMATION SYSTEMS

Chapter 1, ‘‘The Information System: An Accountant’s Perspective’’

Chapter 1 places the subject of accounting information systems in perspective foraccountants It is divided into four major sections, each dealing with a different aspect

of information systems

• The first section explores the information environment of the firm It introduces sic systems concepts, identifies the types of information used in business, describesthe flow of information through an enterprise, and presents a framework for viewingaccounting information systems in relation to other information systems compo-nents

ba-• The second section deals with the impact of organizational structure on AIS Thecentralized and distributed models are used to illustrate extreme cases

• The third section reviews the evolution of information systems models Accountinginformation systems are represented by a number of different approaches or models.Five dominant models are examined: manual processes; flat-file systems; the data-base approach; the resources, events, agents (REA) model; and enterprise resourceplanning (ERP) systems

• The final section discusses the role of accountants as users, designers, and auditors

of AIS The nature of the responsibilities shared by accountants and computer fessionals for developing AIS applications are examined

pro-Chapter 2, ‘‘Introduction to Transaction Processing’’

Chapter 2 divides the treatment of transaction processing systems into five major tions

sec-• The first section provides an overview of transaction processing, showing its vitalrole as an information provider for financial reporting, internal management report-ing, and the support of day-to-day operations Three transaction cycles account formost of a firm’s economic activity: the revenue cycle, the expenditure cycle, and theconversion cycle

• The second section describes the relationship among accounting records in bothmanual and computer-based systems

• The third section of the chapter presents an overview of documentation techniquesused to describe the key features of systems Five types of documentation are com-monly used: data flow diagrams, entity relationship diagrams, system flowcharts,program flowcharts, and record layout diagrams

• The fourth section presents two computer-based transaction processing systems—batch processing using real-time data collection and real-time processing—and theoperational efficiency issues associated with each

• The final section examines data coding schemes, their role in transaction processingand AIS as a means of coordinating and managing a firm’s transactions, and the

advantages and disadvantages of the major types of numeric and alphabetic coding

schemes

Chapter 3, ‘‘Ethics, Fraud, and Internal Control’’

Chapter 3 deals with the related topics of ethics, fraud, and internal control

• The chapter first examines ethical issues related to business and specifically to

computer systems The questions raised are intended to stimulate class discussions

• Next, the chapter addresses fraud There is perhaps no area of greater controversy

for accountants than their responsibility to detect fraud Part of the problem stems

from confusion about what constitutes fraud This section distinguishes between

management fraud and employee fraud The chapter presents techniques for

identi-fying unethical and dishonest management and for assessing the risk of management

fraud Employee fraud can be prevented and detected by a system of internal

con-trols The section discusses several fraud techniques that have been perpetrated in

both manual and computer-based environments The results of a research study

con-ducted by the Association of Certified Fraud Examiners as well as the provisions of

the Sarbanes-Oxley Act are presented

• The final section of the chapter describes the internal control structure and control

activities specified in SAS 78/COSO The control concepts discussed in this chapter

are applied to specific applications in chapters that follow

PART II: TRANSACTION CYCLES AND

BUSINESS PROCESSES

Chapter 4, ‘‘The Revenue Cycle’’; Chapter 5, ‘‘The Expenditure Cycle Part I:

Purchases and Cash Disbursements Procedures’’; and Chapter 6, ‘‘The Expenditure

Cycle Part II: Processing and Fixed Asset Procedures’’

The approach taken in all three chapters is similar First, the business cycle is reviewed

conceptually using data flow diagrams to present key features and control points of

each major subsystem At this point the reader has the choice of either continuing

within the context of a manual environment or moving directly to computer-based

examples Each system is examined under two alternative technological approaches:

• Each system is first examined under automation Automation preserves basic

func-tionality by replacing manual processes with computer programs

• Next, each system is reengineered to incorporate real-time technology

Reengineer-ing involves radically rethinkReengineer-ing the business process and the work flow The

objec-tive of reengineering is to improve operational performance and reduce costs by

identifying and eliminating non–value-added tasks

Under each technology, the effects on operational efficiency and internal controls

are examined This approach provides the student with a solid understanding of the

business tasks in each cycle and an awareness of how different technologies influence

changes in the operation and control of the systems

Chapter 7, ‘‘The Conversion Cycle’’

Manufacturing systems represent a dynamic aspect of AIS Chapter 7 discusses the

technologies and techniques used in support of two alternative manufacturing

environ-ments: traditional mass production (batch) processing and lean manufacturing These

environments are driven by information technologies such as materials requirements

planning (MRP), manufacturing resources planning (MRP II), and enterprise resource

planning (ERP) The chapter addresses the shortcomings of the traditional cost

account-ing model as it compares to two alternative models: activity-based costaccount-ing (ABC) and

value stream accounting

Chapter 8, ‘‘Financial Reporting and Management Reporting Systems’’

Chapter 8 examines an organization’s nondiscretionary and discretionary reportingsystems

• First, it focuses on the general ledger system (GLS) and on the files that constitute aGLS database

• Next, it examines how financial statement information is provided to both externaland internal users through a multistep reporting process The emerging technology

of XBRL is changing traditional financial reporting for many organizations Thekey features of XBRL and the internal control implications of this technology areconsidered

• The chapter then looks at discretionary reporting systems that constitute the agement Reporting System (MRS) Discretionary reporting is not subject to the pro-fessional guidelines and legal statutes that govern nondiscretionary financialreporting Rather, it is driven by several factors, including management principles;management function, level, and decision type; problem structure; responsibilityaccounting; and behavioral considerations The impact of each factor on the design

Man-of the management reporting system is investigated

PART III: ADVANCED TECHNOLOGIES IN ACCOUNTING INFORMATION

Chapter 9, ‘‘Database Management Systems’’

Chapter 9 addresses the design and management of an organization’s data resources

• The first section demonstrates how problems associated with traditional flat-file tems are resolved under the database approach

sys-• The second section describes in detail the functions and relationships among fourprimary elements of the database environment: the users, the database managementsystem (DBMS), the database administrator (DBA), and the physical database

• The third section is devoted to an in-depth explanation of the characteristics of therelational database model A number of database design topics are covered, includ-ing data modeling, deriving relational tables from ER diagrams, the creation of userviews, and data normalization techniques

• The chapter concludes with a discussion of distributed database issues It examinesthree possible database configurations in a distributed environment: centralized,partitioned, and replicated databases

Chapter 10, ‘‘The REA Approach to Database Modeling’’

Chapter 10 presents the resources, events, and agents REA model as a means of fying and designing accounting information systems that serve the needs of all userswithin an organization The chapter is composed of five major sections

speci-• The chapter begins by defining the key elements of REA The basic model employs

a unique form of ER diagram called an REA diagram The diagram consists of threeentity types (resources, events, and agents) and a set of associations linking them

• Next the rules for developing an REA diagram are explained and illustrated indetail An important aspect of the model is the concept of economic duality, whichspecifies that each economic event must be mirrored by an associated economicevent in the opposite direction

• The chapter illustrates the development of an REA database for a hypothetical firmfollowing a multistep process called view modeling The result of this process is anREA diagram for a single organizational function

• The chapter’s fourth section explains how multiple REA diagrams (revenue cycle,

purchases, cash disbursements, and payroll) are integrated into a global or

enterprisewide model The enterprise model is then implemented into a relational

database structure, and user views are constructed

• The chapter concludes with a discussion of how REA modeling can improve

com-petitive advantage by allowing management to focus on the value-added activities

of their operations

Chapter 11, ‘‘Enterprise Resource Planning Systems’’

Chapter 11 presents a number of issues related to the implementation of enterprise

resource planning (ERP) systems It is composed of five major sections and an

appendix

• The first section outlines the key features of a generic ERP system by comparing the

function and data storage techniques of a traditional flat-file or database system to

that of an ERP

• The second section describes various ERP configurations related to servers,

data-bases, and bolt-on software

• Data warehousing is the topic of the third section A data warehouse is a

rela-tional or multidimensional database that supports online analytical processing

(OLAP) Issues discussed include data modeling, data extraction from

opera-tional databases, data cleansing, data transformation, and loading data into the

warehouse

• The fourth section examines risks associated with ERP implementation These

include ‘‘big bang’’ issues, opposition to change within the organization, choosing

the wrong ERP model, choosing the wrong consultant, cost overrun issues, and

dis-ruptions to operations

• The fifth section reviews several control and auditing issues related to ERPs The

discussion follows the SAS 78/COSO framework

• The chapter appendix provides a review of the leading ERP software products,

including SAP, Oracle E-Business Suite, Oracle | PeopleSoft, JD Edwards,

EnterpriseOne, SoftBrands, MAS 500, and Microsoft Dynamics

Chapter 12, ‘‘Electronic Commerce Systems’’

Driven by the Internet revolution, electronic commerce is dramatically expanding and

undergoing radical changes Although electronic commerce has brought enormous

opportunities for consumers and businesses, its effective implementation and control

present urgent challenges to organizations’ management teams and accountants To

evaluate the potential exposures and risks in this environment properly, the modern

accountant must be familiar with the technologies and techniques that underlie

elec-tronic commerce Chapter 12 and its associated appendix deal with several aspects of

electronic commerce

• The body of the chapter examines Internet commerce including

business-to-consumer and business-to-business relationships It presents the risks associated

with electronic commerce and reviews security and assurance techniques to reduce

risk and promote trust

• The chapter concludes with a discussion of how Internet commerce impacts the

accounting and auditing profession

• The internal usage of networks to support distributed data processing and traditional

business-to-business transactions conducted via EDI systems are presented in the

appendix

PART IV: SYSTEMS DEVELOPMENT ACTIVITIES

Chapter 13, ‘‘Managing the Systems Development Life Cycle,’’ andChapter 14, ‘‘Construct, Deliver, and Maintain Systems Projects’’

The chapters in Part IV examine the accountant’s role in the systems developmentprocess

• Chapter 13 begins with an overview to the systems development life cycle (SDLC).This multistage process guides organization management through the developmentand/or purchase of information systems

• Next, Chapter 13 presents the key issues pertaining to developing a systems egy, including its relationship to the strategic business plan, the current legacy situa-tion, and feedback from the user community The chapter provides a methodologyfor assessing the feasibility of proposed projects and for selecting individual projects

strat-to go forward for construction and delivery strat-to their users

• The chapter concludes by reviewing the role of accountants in managing the SDLC

• Chapter 14 covers the many activities associated with in-house development, whichfall conceptually into two categories: (1) constructing the system and (2) deliveringthe system Through these activities, systems selected in the project initiation phase(discussed in Chapter 13) are designed in detail and implemented This involves cre-ating input screen formats, output report layouts, database structures, and applicationlogic Finally, the completed system is tested, documented, and rolled out to theuser

• Chapter 14 then examines the increasingly important option of using commercialsoftware packages Conceptually, the commercial software approach also consists

of construct and delivery activities In this section we examine the pros, cons, andissues involved in selecting off-the-shelf systems

• Chapter 14 also addresses the important activities associated with systems nance and the associated risks that are important to managers, accountants, andauditors

mainte-Several comprehensive cases designed as team-based systems development projectsare available online at www.cengage.com/accounting/hall These cases have been usedeffectively by groups of three or four students working as a design team Each case hassufficient details to allow analysis of user needs, preparation of a conceptual solution,and the development of a detailed design, including user views (input and output),processes, and databases

PART V: COMPUTER CONTROLS AND AUDITING

Chapter 15, ‘‘IT Controls Part I: Sarbanes-Oxley and IT Governance’’

Chapter 15 provides an overview of management and auditor responsibilities underSections 302 and 404 of the Sarbanes-Oxley Act (SOX) The design, implementation,and assessment of internal control over the financial reporting process form the centraltheme for this chapter and the two chapters that follow This treatment of internal con-trol complies with SAS 78 and the Committee of Sponsoring Organizations of theTreadway Commission (COSO) control framework Under the SAS 78/COSO model,

IT controls are divided into application controls and general controls Chapter 15presents risks, controls, and tests of controls related to IT governance, including organ-izing the IT function, controlling computer center operations, designing an adequatedisaster recovery plan, and IT outsourcing

Chapter 16, ‘‘IT Controls Part II: Security and Access’’

Chapter 16 continues the treatment of IT controls as described by the SAS 78/COSO

control framework The focus of the chapter is on SOX compliance regarding the

secu-rity and control of operating systems, database management systems, and

communica-tion networks This chapter examines the risks, controls, audit objectives, and tests of

controls that may be performed to satisfy either compliance or attest responsibilities

Chapter 17, ‘‘IT Controls Part III: Systems Development, Program Changes, and

Application Controls’’

Chapter 17 concludes the examination of IT controls as outlined in the SAS 78/COSO

control framework The chapter focuses on SOX compliance regarding systems

devel-opment, program changes, and applications controls It examines the risks, controls,

audit objectives, and tests of controls that may be performed to satisfy compliance or

attest responsibilities The chapter examines five computer-assisted audit tools and

techniques (CAATT) for testing application controls:

• the test data method

• base case system evaluation

• tracing

• integrated test facility

• parallel simulation

It also reviews two substantive testing techniques: embedded audit modules and

generalized audit software

SUPPLEMENTS

Product Website

Additional teaching and learning resources, including access to additional internal

con-trol and systems development cases, are available by download from the book’s

web-site at http://academic.cengage.com

The PowerPoint¤slides, prepared and completely updated by Patrick Wheeler of the

University of Missouri, provide colorful lecture outlines of each chapter of the text,

incorporating text graphics and flowcharts where needed The PowerPoint¤

presenta-tion is available for download from the text website

Test Bank

The Test Bank, available in Word and written and updated by the text author, contains

true/false, multiple-choice, short answer, and essay questions The files are available

for download from the text website

Solutions Manual

The Solutions Manual, written by the author, contains solutions to all end-of-chapter

problems and cases Adopting instructors may download the Solutions Manual under

password protection at the Instructor’s Resource page of the book’s website

I want to thank the Institute of Internal Auditors, Inc., and the Institute of Certified

Management Accountants, for permission to use problem materials from pastexaminations I would also like to thank Dave Hinrichs, my colleague at LehighUniversity, for his careful work on the text and the verification of the Solutions Manualfor this edition

I am grateful to the following people for reviewing the book in recent editions andfor providing helpful comments:

Beth BrilliantKean UniversityKevin E DowKent State UniversityH.P GarsombkeUniversity of Nebraska, OmahaAlan Levitan

University of LouisvilleSakthi MahenthiranButler UniversityJeff L PayneUniversity of KentuckySarah Brown

Southern Arkansas University

H Sam RinerUniversity of North AlabamaDavid M Cannon

Grand Valley State University

Helen M SavageYoungstown State UniversityJames Holmes

University of KentuckyJerry D SiebelUniversity of South FloridaFrank Ilett

Boise State UniversityRichard M SokolowskiTeikyo Post UniversityAndrew D LuziCalifornia State University, FullertonPatrick Wheeler

University of Missouri, ColumbiaSrini Ragothaman

University of South Dakota

James A HallLehigh University

xxvi

T o my wife Eileen, and my children Elizabeth and Katie

xxvii

U nlike many other accounting subjects, such as

intermediate accounting, accounting information

systems (AIS)lacks a well-defined body of

knowl-edge Much controversy exists among college faculty as to

what should and should not be covered in the AIS course

To some extent, however, the controversy is being resolved

through recent legislation The Sarbanes-Oxley Act (SOX)

of 2002 established new corporate governance regulations

and standards for public companies registered with the

Securities and Exchange Commission (SEC) This

wide-sweeping legislation impacts public companies, their

man-agement, and their auditors Of particular importance to AIS

students is the impact of SOX on internal control standards

and related auditing procedures Whereas SOX does not

define the entire content of the AIS course, it does identify

critical areas of study that need to be included for

account-ants These topics and more are covered in several chapters

of this text

The purpose of this chapter is to place the subject of AIS

in perspective for accountants Toward this end, the chapter

is divided into four major sections, each dealing with a

different aspect of information systems The first section

explores the information environment of the firm It

intro-duces basic systems concepts, identifies the types of

infor-mation used in business, and describes the flows of

information through an organization This section also

presents a framework for viewing AIS in relation to other

information systems components The second section of the

chapter deals with the impact of organizational structure on

AIS Here we examine the business organization as a system

of functional areas The accounting function plays an

impor-tant role as the purveyor of financial information for the rest

of the organization The third section reviews the evolution

of information systems Over the years, AIS has been

repre-sented by a number of different approaches or models

I

I Learning Objectives

After studying this chapter, you should:

I Understand the primary mation flows within the businessenvironment

infor-I Understand the difference betweenaccounting information systems andmanagement information systems

I Understand the difference between afinancial transaction and a non-financial transaction

I Know the principal features of thegeneral model for informationsystems

I Be familiar with the functional areas

of a business and their principalactivities

I Understand the stages in the tion of information systems

evolu-I Understand the relationship betweenexternal auditing, internal auditing,and information technologyauditing

Five AIS models are examined The final section discusses the role of accountants as users, designers,and auditors of AIS.

The Information Environment

We begin the study of AIS with the recognition that information is a business resource Like the otherbusiness resources of raw materials, capital, and labor, information is vital to the survival of the contem-porary business organization Every business day, vast quantities of information flow to decision makersand other users to meet a variety of internal needs In addition, information flows out from the organiza-tion to external users, such as customers, suppliers, and stakeholders who have an interest in the firm.Figure 1-1 presents an overview of these internal and externalinformation flows

The pyramid in Figure 1-1 shows the business organization divided horizontally into several levels ofactivity Business operations form the base of the pyramid These activities consist of the product-ori-ented work of the organization, such as manufacturing, sales, and distribution Above the base level, theorganization is divided into three management tiers: operations management, middle management, andtop management Operations management is directly responsible for controlling day-to-day operations.Middle management is accountable for the short-term planning and coordination of activities necessary toaccomplish organizational objectives Top management is responsible for longer-term planning and set-ting organizational objectives Every individual in the organization, from business operations to top man-agement, needs information to accomplish his or her tasks

Notice in Figure 1-1 how information flows in two directions within the organization: horizontally andvertically The horizontal flow supports operations-level tasks with highly detailed information about themany business transactions affecting the firm This includes information about events such as the sale andshipment of goods, the use of labor and materials in the production process, and internal transfers of resour-ces from one department to another The vertical flow distributes information downward from senior manag-ers to junior managers and operations personnel in the form of instructions, quotas, and budgets In addition,summarized information pertaining to operations and other activities flows upward to managers at all levels.Management uses this information to support its various planning and control functions

F I G U R E

1-1 INTERNAL ANDEXTERNALFLOWS OFINFORMATION

Top Management

Operations Personnel Customers

Day-to-Day Operations Information

Stakeholders

Suppliers

Operations Management

Middle Management

Budget Inf

ormation

and Instr uctions

Perfor mance Inf

ormation

A third flow of information depicted in Figure 1-1 represents exchanges between the organization and

users in the external environment External users fall into two groups:trading partnersandstakeholders

Exchanges with trading partners include customer sales and billing information, purchase information

for suppliers, and inventory receipts information Stakeholders are entities outside (or inside) the

organi-zation with a direct or indirect interest in the firm Stockholders, financial institutions, and government

agencies are examples of external stakeholders Information exchanges with these groups include

finan-cial statements, tax returns, and stock transaction information Inside stakeholders include accountants

and internal auditors

All user groups have unique information requirements The level of detail and the nature of the

infor-mation these groups receive differ considerably For example, managers cannot use the highly detailed

in-formation needed by operations personnel Management inin-formation is thus more summarized and

oriented toward reporting on overall performance and problems rather than routine operations The

infor-mation must identify potential problems in time for management to take corrective action External

stake-holders, on the other hand, require information very different from that of management and operations

users Their financial statement information, based on generally accepted accounting principles (GAAP),

is accrual based and far too aggregated for most internal uses

WHAT IS A SYSTEM?

For many, the termsystemgenerates mental images of computers and programming In fact, the term has

much broader applicability Some systems are naturally occurring, whereas others are artificial Natural

systems range from the atom—a system of electrons, protons, and neutrons—to the universe—a system

of galaxies, stars, and planets All life forms, plant and animal, are examples of natural systems Artificial

systems are man-made These systems include everything from clocks to submarines and social systems

to information systems

Elements of a System

Regardless of their origin, all systems possess some common elements To specify:

A system is a group of two or more interrelated components or subsystems that serve a common

purpose

Let’s analyze the general definition to gain an understanding of how it applies to businesses and

infor-mation systems

MULTIPLE COMPONENTS A system must contain more than one part For example, a yo-yo carved

from a single piece of wood and attached to a string is a system Without the string, it is not a system

RELATEDNESS A common purpose relates the multiple parts of the system Although each part

func-tions independently of the others, all parts serve a common objective If a particular component does not

contribute to the common goal, then it is not part of the system For instance, a pair of ice skates and a

vol-leyball net are both components; however, they lack a common purpose, and thus do not form a system

SYSTEM VERSUS SUBSYSTEM The distinction between the terms system and subsystem is a

mat-ter of perspective For our purposes, these mat-terms are inmat-terchangeable A system is called a subsystem

when it is viewed in relation to the larger system of which it is a part Likewise, a subsystem is called a

system when it is the focus of attention Animals, plants, and other life forms are systems They are also

subsystems of the ecosystem in which they exist From a different perspective, animals are systems

com-posed of many smaller subsystems, such as the circulatory subsystem and the respiratory subsystem

PURPOSE A system must serve at least one purpose, but it may serve several Whether a system

pro-vides a measure of time, electrical power, or information, serving a purpose is its fundamental

justifica-tion When a system ceases to serve a purpose, it should be replaced

An Example of an Artificial System

An automobile is an example of an artificial system that is familiar to most of us and that satisfies the inition of a system provided previously To simplify matters, let’s assume that the automobile systemserves only one purpose: providing conveyance To do so requires the harmonious interaction of hun-dreds or even thousands of subsystems For simplicity, Figure 1-2 depicts only a few of these

def-In the figure, two points are illustrated of particular importance to the study of information systems:system decomposition and subsystem interdependency

SYSTEM DECOMPOSITION Decomposition is the process of dividing the system into smaller system parts This is a convenient way of representing, viewing, and understanding the relationshipsamong subsystems By decomposing a system, we can present the overall system as a hierarchy and viewthe relationships between subordinate and higher-level subsystems Each subordinate subsystem performsone or more specific functions to help achieve the overall objective of the higher-level system Figure 1-2shows an automobile decomposed into four primary subsystems: the fuel subsystem, the propulsion sub-system, the electrical subsystem, and the braking subsystem Each contributes in a unique way to the sys-tem’s objective, conveyance These second-level subsystems are decomposed further into two or moresubordinate subsystems at a third level Each third-level subsystem performs a task in direct support of itssecond-level system

sub-SUBSYSTEM INTERDEPENDENCY A system’s ability to achieve its goal depends on the effectivefunctioning and harmonious interaction of its subsystems If a vital subsystem fails or becomes defectiveand can no longer meet its specific objective, the overall system will fail to meet its objective For exam-ple, if the fuel pump (a vital subsystem of the fuel system) fails, then the fuel system fails With the fail-ure of the fuel system (a vital subsystem of the automobile), the entire system fails On the other hand,when a nonvital subsystem fails, the primary objective of the overall system can still be met For instance,

if the radio (a subsystem of the electrical system) fails, the automobile can still convey passengers.Designers of all types of systems need to recognize the consequences of subsystem failure and providethe appropriate level of control For example, a systems designer may provide control by designing a

F I G U R E

1-2 PRIMARYSUBSYSTEM OF ANAUTOMOBILE

Propulsion System

Electrical System

Brake System

Fuel System

Trans-Rear Axle

Disk

Brake Pedal Automobile

Master Cylinder

backup (redundant) subsystem that comes into play when the primary subsystem fails Control should be

provided on a cost-benefit basis It is neither economical nor necessary to back up every subsystem

Backup is essential, however, when excessive negative consequences result from a subsystem failure

Hence, virtually every modern automobile has a backup braking system, whereas very few have backup

stereo systems

Like automobile designers, information system designers need to identify critical subsystems,

antici-pate the risk of their failure, and design cost-effective control procedures to mitigate that risk As we shall

see in subsequent chapters, accountants feature prominently in this activity

AN INFORMATION SYSTEMS FRAMEWORK

Theinformation systemis the set of formal procedures by which data are collected, processed into

infor-mation, and distributed to users

Figure 1-3 shows the information system of a hypothetical manufacturing firm decomposed into its

elemental subsystems Notice that two broad classes of systems emerge from the decomposition: the

accounting information system (AIS) and the management information system (MIS) We will use this

framework to identify the domain of AIS and distinguish it from MIS Keep in mind that Figure 1-3 is a

conceptual view; physical information systems are not typically organized into such discrete packages

More often, MIS and AIS functions are integrated to achieve operational efficiency

The distinction between AIS and MIS centers on the concept of a transaction, as illustrated by Figure 1-4

The information system accepts input, called transactions, which are converted through various processes

into output information that goes to users Transactions fall into two classes: financial transactions and

nonfinancial transactions Before exploring this distinction, let’s first broadly define:

Atransactionas an event that affects or is of interest to the organization and is processed by its

infor-mation system as a unit of work

This definition encompasses both financial and nonfinancial events Because financial transactions are

of particular importance to the accountant’s understanding of information systems, we need a precise

def-inition for this class of transaction:

Afinancial transactionis an economic event that affects the assets and equities of the organization,

is reflected in its accounts, and is measured in monetary terms

Sales of products to customers, purchases of inventory from vendors, and cash disbursements and

receipts are examples of financial transactions Every business organization is legally bound to correctly

process these types of transactions

Nonfinancial transactionsare events that do not meet the narrow definition of a financial transaction

For example, adding a new supplier of raw materials to the list of valid suppliers is an event that may be

processed by the enterprise’s information system as a transaction Important as this information obviously

is, it is not a financial transaction, and the firm has no legal obligation to process it correctly—or at all

Financial transactions and nonfinancial transactions are closely related and are often processed by the

same physical system For example, consider a financial portfolio management system that collects and

tracks stock prices (nonfinancial transactions) When the stocks reach a threshold price, the system places

an automatic buy or sell order (financial transaction) Buying high and selling low is not against the law,

but it is bad for business Nevertheless, no law requires company management to design optimal

buy-and-sell rules into their system Once the buy-or-sell order is placed, however, the processing of this

financial transaction must comply with legal and professional guidelines

The Accounting Information System

AIS subsystems process financial transactions and nonfinancial transactions that directly affect the

proc-essing of financial transactions For example, changes to customers’ names and addresses are processed

by the AIS to keep the customer file current Although not technically financial transactions, these

changes provide vital information for processing future sales to the customer

F I G U R E

1-3 A FRAMEWORK FORINFORMATIONSYSTEMS

Management Information System (MIS)

Accounting Information System (AIS)

Information System (IS)

Transaction Processing System (TPS) (Chapter 8) (Chapter 2)

Financial Management Systems

Marketing Systems

Human Resource Systems

Distribution Systems

Conversion Cycle (Chapter 7)

Revenue Cycle (Chapter 4)

Purchase

System

Cost Accounting System

Sales Processing System

Production Planning and Control System

Cash Receipts System

Nonfinancial Transactions

Information

Information System

User Decisions

The AIS is composed of three major subsystems: (1) thetransaction processing system (TPS), which

supports daily business operations with numerous reports, documents, and messages for users throughout

the organization; (2) thegeneral ledger/financial reporting system (GL/FRS), which produces the

tradi-tional financial statements, such as the income statement, balance sheet, statement of cash flows, tax

returns, and other reports required by law; and (3) themanagement reporting system (MRS), which

pro-vides internal management with special-purpose financial reports and information needed for decision

making such as budgets, variance reports, and responsibility reports We examine each of these

subsys-tems later in this chapter

The Management Information System

Management often requires information that goes beyond the capability of AIS As organizations grow in

size and complexity, specialized functional areas emerge, requiring additional information for production

planning and control, sales forecasting, inventory warehouse planning, market research, and so on The

man-agement information system (MIS)processes nonfinancial transactions that are not normally processed by

traditional AIS Table 1-1 gives examples of typical MIS applications related to functional areas of a firm

Why Is It Important to Distinguish between AIS and MIS?

SOX legislation requires that management design and implement internal controls over the entire

finan-cial reporting process This includes the finanfinan-cial reporting system, the general ledger system, and the

transaction processing systems that supply the data for financial reporting SOX further requires that

man-agement certify these controls and that the external auditors express an opinion on control effectiveness

Because of the highly integrative nature of modern information systems, management and auditors need

a conceptual view of the information system that distinguishes key processes and areas of risk and legal

responsibility from the other (nonlegally binding) aspects of the system Without such a model, critical

management and audit responsibilities under SOX may not be met

AIS SUBSYSTEMS

We devote separate chapters to an in-depth study of each AIS subsystem depicted in Figure 1-3 At this

point, we briefly outline the role of each subsystem

T A B L E

1-1 EXAMPLES OFMIS APPLICATIONS INFUNCTIONALAREAS

Capital budgeting systems

New product development Product analysis

Delivery scheduling Vehicle loading and allocation models

n Job skill tracking system

n Employee benefits system

Transaction Processing System

The TPS is central to the overall function of the information system by converting economic events intofinancial transactions, recording financial transactions in the accounting records (journals and ledgers),and distributing essential financial information to operations personnel to support their daily operations.The TPS deals with business events that occur frequently In a given day, a firm may process thou-sands of transactions To deal efficiently with such volume, similar types of transactions are grouped to-gether into transaction cycles The TPS consists of three transaction cycles: the revenue cycle, theexpenditure cycle, and the conversion cycle Each cycle captures and processes different types of finan-cial transactions Chapter 2 provides an overview of transaction processing Chapters 4, 5, 6, and 7 exam-ine in detail the revenue, expenditure, and conversion cycles

General Ledger/Financial Reporting Systems

The general ledger system (GLS) and the financial reporting system (FRS) are two closely related tems However, because of their operational interdependency, they are generally viewed as a single integratedsystem—the GL/FRS The bulk of the input to the GL portion of the system comes from the transactioncycles Summaries of transaction cycle activity are processed by the GLS to update the general ledger controlaccounts Other, less frequent, events such as stock transactions, mergers, and lawsuit settlements, for whichthere may be no formal processing cycle in place, also enter the GLS through alternate sources

subsys-The FRS measures and reports the status of financial resources and the changes in those resources.The FRS communicates this information primarily to external users This type of reporting is called non-discretionary because the organization has few or no choices in the information it provides Much of thisinformation consists of traditional financial statements, tax returns, and other legal documents

Management Reporting System

The MRS provides the internal financial information needed to manage a business Managers must dealimmediately with many day-to-day business problems, as well as plan and control their operations Man-agers require different information for the various kinds of decisions they must make Typical reports pro-duced by the MRS include budgets, variance reports, cost-volume-profit analyses, and reports usingcurrent (rather than historical) cost data This type of reporting is called discretionary reporting becausethe organization can choose what information to report and how to present it

A GENERAL MODEL FOR AIS

Figure 1-5 presents thegeneral model for viewing AIS applications This is a general model because itdescribes all information systems, regardless of their technological architecture The elements of the gen-eral model are end users, data sources, data collection, data processing, database management, informa-tion generation, and feedback

End Users

End usersfall into two general groups: external and internal External users include creditors, ers, potential investors, regulatory agencies, tax authorities, suppliers, and customers Institutional userssuch as banks, the SEC, and the Internal Revenue Service (IRS) receive information in the form of finan-cial statements, tax returns, and other reports that the firm has a legal obligation to produce Trading part-ners (customers and suppliers) receive transaction-oriented information, including purchase orders,billing statements, and shipping documents

stockhold-Internal users include management at every level of the organization, as well as operations personnel

In contrast to external reporting, the organization has a great deal of latitude in the way it meets the needs

of internal users Although there are some well-accepted conventions and practices, internal reporting isgoverned primarily by what gets the job done System designers, including accountants, must balance thedesires of internal users against legal and economic concerns such as adequate control and security,proper accountability, and the cost of providing alternative forms of information Thus, internal reportingposes a less structured and generally more difficult challenge than external reporting

DATA VERSUS INFORMATION Before discussing the data sources portion of Figure 1-5, we must

make an important distinction between the terms data and information.Dataare facts, which may or may

not be processed (edited, summarized, or refined) and have no direct effect on the user By contrast,

informationcauses the user to take an action that he or she otherwise could not, or would not, have taken

Information is often defined simply as processed data This is an inadequate definition Information is

determined by the effect it has on the user, not by its physical form For example, a purchasing agent

receives a daily report listing raw material inventory items that are at low levels This report causes the

agent to place orders for more inventory The facts in this report have information content for the

purchas-ing agent However, this same report in the hands of the personnel manager is a mere collection of facts,

or data, causing no action and having no information content

We can see from this example that one person’s information is another person’s data Thus,

informa-tion is not just a set of processed facts arranged in a formal report Informainforma-tion allows users to take acinforma-tion

to resolve conflicts, reduce uncertainty, and make decisions We should note that action does not

neces-sarily mean a physical act For instance, a purchasing agent who receives a report showing that inventory

levels are adequate will respond by ordering nothing The agent’s action to do nothing is a conscious

de-cision, triggered by information and different from doing nothing because of being uninformed

The distinction between data and information has pervasive implications for the study of information

systems If output from the information system fails to cause users to act, the system serves no purpose

and has failed in its primary objective

Data Sources

Data sourcesare financial transactions that enter the information system from both internal and external

sources External financial transactions are the most common source of data for most organizations These

are economic exchanges with other business entities and individuals outside the firm Examples include the

sale of goods and services, the purchase of inventory, the receipt of cash, and the disbursement of cash

(including payroll) Internal financial transactions involve the exchange or movement of resources within

the organization Examples include the movement of raw materials into work-in-process (WIP), the

F I G U R E

1-5 GENERALMODEL FORACCOUNTINGINFORMATIONSYSTEM

The External Environment

The Information System

The Business Organization

External

Sources of

Data

External End Users

Internal Sources

of Data

Internal End Users

Database Management

Data Collection

Data Processing

Information Generation

Feedback

Feedback

application of labor and overhead to WIP, the transfer of WIP into finished goods inventory, and the ciation of plant and equipment.

depre-Data Collection

Data collectionis the first operational stage in the information system The objective is to ensure thatevent data entering the system are valid, complete, and free from material errors In many respects, this isthe most important stage in the system Should transaction errors pass through data collection undetected,the system may process the errors and generate erroneous and unreliable output This, in turn, could lead

to incorrect actions and poor decisions by the users

Two rules govern the design of data collection procedures: relevance and efficiency The informationsystem should capture only relevant data A fundamental task of the system designer is to determine what

is and what is not relevant He or she does so by analyzing the user’s needs Only data that ultimatelycontribute to information (as defined previously) are relevant The data collection stage should bedesigned to filter irrelevant facts from the system

Efficient data collection procedures are designed to collect data only once These data can then bemade available to multiple users Capturing the same data more than once leads to data redundancy andinconsistency Information systems have limited collection, processing, and data storage capacity Dataredundancy overloads facilities and reduces the overall efficiency of the system Inconsistency amongredundant data elements can result in inappropriate actions and bad decisions

Data Processing

Once collected, data usually require processing to produce information Tasks in the data processingstage range from simple to complex Examples include mathematical algorithms (such as linear program-ming models) used for production scheduling applications, statistical techniques for sales forecasting, andposting and summarizing procedures used for accounting applications

Database Management

The organization’sdatabaseis its physical repository for financial and nonfinancial data We use the termdatabase in the generic sense It can be a filing cabinet or a computer disk Regardless of the database’sphysical form, we can represent its contents in a logical hierarchy The levels in the data hierarchy—attribute, record, and file—are illustrated in Figure 1-6

DATA ATTRIBUTE The data attribute is the most elemental piece of potentially useful data in thedatabase An attribute is a logical and relevant characteristic of an entity about which the firm capturesdata The attributes shown in Figure 1-6 are logical because they all relate sensibly to a common entity—accounts receivable (AR) Each attribute is also relevant because it contributes to the information content

of the entire set As proof of this, the absence of any single relevant attribute diminishes or destroys theinformation content of the set The addition of irrelevant or illogical data would not enhance the informa-tion content of the set

RECORD A record is a complete set of attributes for a single occurrence within an entity class Forexample, a particular customer’s name, address, and account balance is one occurrence (or record) withinthe AR class To find a particular record within the database, we must be able to identify it uniquely.Therefore, every record in the database must be unique in at least one attribute.1This unique identifier at-tribute is the primary key Because no natural attribute (such as customer name) can guarantee unique-ness, we typically assign artificial keys to records The key for the AR records in Figure 1-6 is thecustomer account number This is the only unique identifier in this record class The other attributes pos-sess values that may also exist in other records For instance, multiple customers may have the samename, sales amounts, credit limits, and balances Using any one of these as a key to find a record in a

1 When we get into more advanced topics, we will see how a combination of nonunique attributes can be used as a unique identifier.

large database would be a difficult task These nonunique attributes are, however, often used as secondary

keys for categorizing data For example, the account balance attribute can be used to prepare a list of

cus-tomers with balances greater than $10,000

FILES A file is a complete set of records of an identical class For example, all the AR records of

the organization constitute the AR file Similarly, files are constructed for other classes of records

such as inventory, accounts payable, and payroll The organization’s database is the entire collection

of such files

DATABASE MANAGEMENT TASKS Database management involves three fundamental tasks:

storage, retrieval, and deletion The storage task assigns keys to new records and stores them in their

proper location in the database Retrieval is the task of locating and extracting an existing record from the

database for processing After processing is complete, the storage task restores the updated record to its

place in the database Deletion is the task of permanently removing obsolete or redundant records from

the database

Information Generation

Information generationis the process of compiling, arranging, formatting, and presenting information to

users Information can be an operational document such as a sales order, a structured report, or a message

on a computer screen Regardless of physical form, useful information has the following characteristics:

relevance, timeliness, accuracy, completeness, and summarization

RELEVANCE The contents of a report or document must serve a purpose This could be to support

a manager’s decision or a clerk’s task We have established that only data relevant to a user’s action

have information content Therefore, the information system should present only relevant data in its

reports Reports containing irrelevancies waste resources and may be counterproductive to the user

Irrelevancies detract attention from the true message of the report and may result in incorrect

Attributes, Records, and Files

Customer Address Current Balance of Account Customer Credit Limit Customer Name

Accounts Receivable Record

Accounts Receivable Record

1 2 3 n

TIMELINESS The age of information is a critical factor in determining its usefulness Informationmust be no older than the time of the action it supports For example, if a manager makes decisions daily

to purchase inventory from a supplier based on an inventory status report, then the information in thereport should be no more than a day old

ACCURACY Information must be free from material errors However, materiality is a difficult concept

to quantify It has no absolute value; it is a problem-specific concept This means that, in some cases, formation must be perfectly accurate In other instances, the level of accuracy may be lower Materialerror exists when the amount of inaccuracy in information causes the user to make poor decisions or tofail to make necessary decisions We sometimes must sacrifice absolute accuracy to obtain timely infor-mation Often, perfect information is not available within the user’s decision time frame Therefore, inproviding information, system designers seek a balance between information that is as accurate as possi-ble, yet timely enough to be useful

in-COMPLETENESS No piece of information essential to a decision or task should be missing For ple, a report should provide all necessary calculations and present its message clearly and unambiguously

exam-SUMMARIZATION Information should be aggregated in accordance with the user’s needs level managers tend to need information that is highly detailed As information flows upward through theorganization to top management, it becomes more summarized We shall look more closely at the effectsthat organizational structure and managerial level have on information reporting later in this chapter

Lower-Feedback

Feedbackis a form of output that is sent back to the system as a source of data Feedback may be internal

or external and is used to initiate or alter a process For example, an inventory status report signals theinventory control clerk that items of inventory have fallen to, or below, their minimum allowable levels.Internal feedback from this information will initiate the inventory ordering process to replenish the inven-tories Similarly, external feedback about the level of uncollected customer accounts can be used to adjustthe organization’s credit-granting policies

Information System Objectives

Each organization must tailor its information system to the needs of its users Therefore, specific tion system objectives may differ from firm to firm Three fundamental objectives are, however, common

informa-to all systems:

1 To support the stewardship function of management Stewardship refers to management’s bility to properly manage the resources of the firm The information system provides informationabout resource utilization to external users via traditional financial statements and other mandatedreports Internally, management receives stewardship information from various responsibilityreports

responsi-2 To support management decision making The information system supplies managers with the mation they need to carry out their decision-making responsibilities

infor-3 To support the firm’s day-to-day operations The information system provides information to tions personnel to assist them in the efficient and effective discharge of their daily tasks

opera-ACQUISITION OF INFORMATION SYSTEMS

We conclude this section with a brief discussion of how organizations obtain information systems ally, they do so in two ways: (1) they develop customized systems from scratch through in-house systemsdevelopment activities, and (2) they purchase preprogrammed commercial systems from software ven-dors Larger organizations with unique and frequently changing needs engage in in-house development.The formal process by which this is accomplished is called thesystem development life cycle Smaller