Accounting Information Systems Essential Concepts and Applications Fourth
- Slides: 37
Accounting Information Systems: Essential Concepts and Applications Fourth Edition by Wilkinson, Cerullo, Raval, and Wong-On-Wing Chapter 8: General Controls and Application Controls Slides Authored by Somnath Florida Atlantic University Bhattacharya, Ph. D.
Introduction to Controls z Controls may relate to manual AISs, to computer-based AISs, or both z Controls may be grouped into General controls, Application controls, and Security measures z Controls may also be grouped in terms of risk aversion: Corrective, Preventive, and Detective Controls z These categories are intertwined an appropriate balance is needed for an effective internal control structure
Control Classifications By Setting By Risk Aversion y. General z Corrective } y. Application x. Input x. Processing x. Output Figure 8 -1 z Preventive z Detective
General Controls pertain to all activities involving a firm’s AIS and resources (assets). They can be grouped as follows: y. Organizational or Personnel Controls y. Documentation Controls y. Asset Accountability Controls y. Management Practice Controls y. Information Center Operations Controls y. Authorization Controls y. Access Controls
Organizational or Personnel Controls - I z Organizational independence, which separates incompatible functions, is a central control objective when designing a system z Diligence of independent reviewers, including BOD, managers, and auditors (both internal and external) z In a manual system, authorization, recordkeeping, and custodial functions must be kept separate. e. g. , purchases, sales, cash handling, etc
Organizational or Personnel Controls - II z In computer-based AISs the major segregation is between the systems development tasks, which create systems, and the data processing tasks, which operate systems z Within data processing, one may find segregation between separate control (receiving & logging), data preparation (converting to machine readable form), computer operations, and data library - batch processing z Other personnel controls include the two-week vacation rule
Flow of Batched Data in Computer-Based Processing User Departments Control Section Data Receive Inputs and Log Data Preparation Section Convert to machine readable media Computer Operations Data Library Section Files Process Files Log Outputs and Outputs Distribute Errors to be corrected Figure 8 -4 To users (exception and summary report)
Segregation of Functions in a Direct/Immediate Processing System User Departments Computer Operations Online Files (or data library for removable disks and backups Data Inputs Batch Files Displayed Outputs Printed or Plotted Outputs Figure 8 -6 Process Online Files
Documentation Controls z. Documentation consists of procedures manuals and other means of describing the AIS and its operations, such as program flowcharts and organizational charts z In large firms, a data librarian is responsible for the control, storage, retention and distribution of documentation z Storing a copy of documentation in a fireproof vault, and having proper checkout procedures are other examples of documentation controls. z Use of CASEs
System Standards Documentation z. Systems development policy statements z. Program testing policy statements z. Computer operations policy statements z. Security and disaster policy statements
System Application Documentation z Computer system flowcharts z DFDs z Narratives z Input/output descriptions, including filled-in source documents z Formats of journals, ledgers, reports, and other outputs z Details concerning audit trails z Charts of accounts z File descriptions, including record layouts and data dictionaries z Error messages and formats z Error correction procedures z Control procedures
Program Documentation z. Program flowcharts, decision tables, data structure diagrams z. Source program listings z. Inputs, formats, and sample filled-in forms z. Printouts of reports, listings, and other outputs z. Operating instructions z. Test data and testing procedures z. Program change procedures z. Error listings
Data Documentation z. Descriptions of data elements z. Relationships of specific data elements to other data elements
Operating Documentation z Performance instructions for executing computer programs z Required input/output files for specific programs z Setup procedures for certain programs z List of programmed halts, including related messages, and required operator actions for specific programs z Recovery and restart procedures for specific programs z Estimated run times of specific programs z Distribution of reports generated by specific programs
User Documentation z. Procedures for entering data on source documents z. Checks of input data for accuracy and completeness z. Formats and uses of reports z. Possible error messages and correction procedures
Examples of Asset Accountability Controls z. Subsidiary ledgers provide a cross-check on the accuracy of a control account z. Reconciliations compare values that have been computed independently z. Acknowledgment procedures transfer accountability of goods to a certain person z. Logs and Registers help account for the status and use of assets z. Reviews & Reassessments are used to reevaluate measured asset values
Management Practice Controls z Since management is responsible and thus “over” the internal control structure, they pose risks to a firm z General controls include: y. Human resource Policies and Practices y. Commitment to Competence y. Planning Practices y. Audit Practices y. Management & Operational Controls z In a computerized AIS, management should instigate a policy for: y. Controls over Changes to Systems y. New System Development Procedures
Examples of Computer Facility/Information Center Controls z Proper Supervision over computer operators z Preventive Diagnostic Programs to monitor hardware and software functions z A Disaster Recovery Plan in the event of a man-made or natural catastrophe z Hardware controls such as Duplicate Circuitry, Fault Tolerance and Scheduled Preventive Maintenance z Software checks such as a Label Check and a Read-Write Check
Application Controls z Application controls pertain directly to the transaction processing systems z The objectives of application controls are to ensure that all transactions are legitimately authorized and accurately recorded, classified, processed, and reported z Application controls are subdivided into input, processing and output controls
Authorization Controls - I z Authorizations enforce management’s policies with respect to transactions flowing into the general ledger system z They have the objectives of assuring that: y. Transactions are valid and proper y. Outputs are not incorrect due to invalid inputs y. Assets are better protected z Authorizations may be classified as general or specific
Authorization Controls - II z A General authorization establishes the standard conditions for transaction approval and execution z A Specific authorization establishes specific criteria for particular sums, events, occurrences, etc z In manual and computerized batch processing systems, authorization is manifest through signatures, initials, stamps, and transaction documents z In on-line computerized systems, authorization is usually verified by the system. e. g. , validation of inventory pricing by code numbers in a general ledger package
Input Controls z Input Controls attempt to ensure the validity, accuracy, and completeness of the data entered into an AIS. z Input controls may be subdivided into: y. Data Observation and Recording y. Data Transcription (Batching and Converting) y. Edit tests of Transaction Data y. Transmission of Transaction Data
Controls for Data Observation and Recording z The use of pre-numbered documents z Keeping blank forms under lock and key z Online computer systems offer the following features: y. Menu screens y. Preformatted screens y. Using scanners that read bar codes or other preprinted documents to reduce input errors y. Using feedback mechanisms such as a confirmation slip to approve a transaction y. Using echo routines
Data Transcription - I z Data Transcription refers to the preparation of data for computerized processing and includes: y Carefully structured source documents and input screens y Batch control totals that help prevent the loss of transactions and the erroneous posting of transaction data x. The use of Batch control logs in the batch control section x. Amount control totals the values in an amount or quantity field x. Hash totals the values in an identification field x. Record count totals the number of source documents (transactions) in a batch
Data Transcription - II (Conversion of Transaction Data) z. Key Verification which consists of rekeying data and comparing the results of the two-keying operations z. Visual Verification which consists of comparing data from original source documents against converted data.
Examples of Batch Control Totals z Financial Control Total - totals up dollar amounts (e. g. , total of sales invoices) z Non-financial Control Total - computes non-dollar sums (e. g. , number of hours worked by employees) z Record Count - totals the number of source documents once when batching transactions and then again when performing the data processing z Hash Total - a sum that is meaningless except for internal control purposes (e. g. , sum of customer account numbers)
Definition and Purpose of Edit Tests z Edit Tests (programmed checks) are most often validation routines built into application software z The purpose of edit tests is to examine selected fields of input data and to reject those transactions whose data fields do not meet the pre-established standards of data quality
Examples of Edit Tests (Programmed Checks) z Validity Check (e. g. , M = male, F = female) z Limit Check (e. g. , hours worked do not exceed 40 hours) z Reasonableness Check (e. g. , increase in salary is reasonable compared to base salary) z Field Check (e. g. , numbers do not appear in fields reserved for words) z Sequence Check (e. g. , successive input data are in some prescribed order) z Range Check (e. g. , particular fields fall within specified ranges - pay rates for hourly employees in a firm should fall between $8 and $20) z Relationship Check (logically related data elements are compatible employee rated as “hourly” gets paid at a rate within the range of $8 and $20)
Transmission of Transaction Data When data must be transmitted from the point of origin to the processing center and data communications facilities are used, the following checks should also be considered: y. Echo Check - transmitting data back to the originating terminal for comparison with the transmitted data y. Redundancy Data Check - transmitting additional data to aid in the verification process y. Completeness Check - verifying that all required data have been entered and transmitted.
Objectives of Processing Controls z Processing Controls help assure that data are processed accurately and completely, that no unauthorized transactions are included, that the proper files and programs are included, and that all transactions can be easily traced z Categories of processing controls include Manual Cross-checks, Processing Logic Checks, Run-to-Run Controls, File and Program Checks, and Audit Trail Linkages
Examples of Processing Controls z Manual Cross-Checks - include checking the work of another employee, reconciliations and acknowledgments z Processing Logic Checks - many of the programmed edit checks, such as sequence checks and reasonableness checks (e. g. , payroll records) used in the input stage, may also be employed during processing
Examples of Processing Controls z Run-to-Run Totals - batched data should be controlled during processing runs so that no records are omitted or incorrectly inserted into a transaction file z File and Program Changes - to ensure that transactions are posted to the proper account, master files should be checked for correctness, and programs should be validated z Audit Trail Linkages - a clear audit trail is needed to enable individual transactions to be traced, to provide support in general ledger balances, to prepare financial reports and to correct transaction errors or lost data
Output Controls z. Outputs should be complete and reliable and should be distributed to the proper recipients z. Two major types of output controls are: yvalidating processing results yregulating the distribution and use of printed output
Validating/Reviewing Processing Results z. Activity (or proof account) listings document processing activity and reflect changes made to master files z. Because of the high volume of transactions, large companies may elect to review exception reports that highlight material changes in master files
Regulating/Controlling Distribution of Printed Output z. Reports should only be distributed to appropriate users by reference to an authorized distribution list z. Sensitive reports should be shredded after use instead of discarding
Application Controls Arranged by Two Classification Plans Control Purpose Control Stage Input Processing Output
Accounting Information Systems: Essential Concepts and Applications Fourth Edition by Wilkinson, Cerullo, Raval, and Wong-On-Wing Copyright © 2000 John Wiley & Sons, Inc. All rights reserved. Reproduction or translation of this work beyond that permitted in Section 117 of the 1976 United States Copyright Act without the express written permission of the copyright owner is unlawful. Request for further information should be addressed to the Permissions Department, John Wiley & Sons, Inc. The purchaser may make back-up copies for his/her own use only and not for distribution or resale. The publisher assumes no responsibility for errors, omissions, or damages, caused by the use of these programs or from the use of the information contained herein.
- Core concepts of accounting information systems
- Steps for selecting and acquiring an information system
- Example of the acquiring information system novel plan is
- Acquiring information systems and applications
- Acquiring information systems and applications
- Susanna s epp
- Expert systems: principles and programming, fourth edition
- Information systems applications
- Tactical information systems
- Introduction to genetic analysis tenth edition
- Starr evers starr biology concepts and applications
- Plamatic acid
- Chapter 7 accounting information systems
- Chapter 7 accounting information systems
- Introduction to accounting information systems
- Accounting information system
- Chapter 7 accounting information systems
- Accounting information systems marshall b romney
- Ethics in information technology fourth edition
- Ethics in information technology 6th edition answers
- Types of printers
- Motivation from concept to application
- Basic concepts of financial accounting
- Going concern principle
- Chapter 2 analyzing transactions
- Managerial accounting and cost concepts
- Modifying principles of accounting
- Managerial accounting concepts and principles
- Managerial accounting and cost concepts
- Chapter 1 managerial accounting and cost concepts
- Sap systems applications and products
- Systems applications & products in data processing
- Sap systems introduction
- Systems applications and products
- "patch operating systems and applications using"
- "patch operating systems and applications using"
- Managerial accounting chapter 2
- Chapter 4 accrual accounting concepts