Chapter 2 Introduction to Transaction Processing
Turnaround Documents - a product document of one system
Financial Transaction
- an economic event that affects the assets and
equities of the firm, is reflected in its accounts, and
is measured in monetary terms.
- similar types of transactions are grouped together
into three transaction cycles:
o the expenditure cycle
o the conversion cycle
o the revenue cycle
Each Cycle has Two Primary Subsystems
 Expenditure Cycle: time lag between the two due to
credit relations with suppliers:
o physical component (acquisition of goods)
o financial component (cash disbursements to the
supplier)
 Conversion Cycle:
o the production system (planning, scheduling, and
control of the physical product through the
manufacturing process)
o the cost accounting system (monitors the flow
of cost information related to production)
 Revenue Cycle: time lag between the two due to credit
relations with customers:
o physical component (sales order processing)
o financial component (cash receipts)
Manual System Accounting Records
Source Documents - used to capture and formalize
transaction data needed for transaction processing
Product Documents - the result of transaction processing
that becomes a source document for another system
Journals - a record of chronological entry
special journals - specific classes of transactions that occur
in high frequency
general journal - nonrecurring, infrequent, and dissimilar
transactions
Ledger - a book of financial accounts
general ledger - shows activity for each account listed on
the chart of accounts
subsidiary ledger - shows activity by detail for each account
type
Computer-Based Systems
 The audit trail is less observable in computer-based
systems than traditional manual systems.
 The data entry and computer programs are the
physical trail.
 The data are stored in magnetic files.
Computer Files
Master File - generally contains account data (e.g., general
ledger and subsidiary file)
Transaction File - a temporary file containing transactions
since the last update
Reference File - contains relatively constant information
used in processing (e.g., tax tables, customer addresses)
Archive File - contains past transactions for reference
purposes
Documentation Techniques Data Flow Diagram Symbols
 Documentation in a CB environment is necessary for
many reasons.
 Five common documentation techniques:
o Entity Relationship Diagram
o Data Flow Diagrams
o Document Flowcharts
o System Flowcharts
o Program Flowcharts

Entity Relationship Diagram (ERD)

 A documentation technique to represent the
relationship between entities in a system. System Flowcharts
 The REA model version of ERD is widely used in AIS.  illustrate the relationship among processes and the
REA uses 3 types of entities: documents that flow between them
o resources (cash, raw materials)  contain more details than data flow diagrams
o events (release of raw materials into the  clearly depict the separation of functions in a system
production process)
o agents (inventory control clerk, vendor,
production worker)

Cardinalities - Represent the numerical mapping between

entities:
 one-to-one
 one-to-many
 many-to-many

Data Flow Diagrams (DFD)

 are used to represent the relationship between the
 use symbols to represent the processes, data sources,
key elements--input sources, programs, and output
data flows, and entities in a system
products--of computer systems
 represent the logical elements of the system
 do not represent the physical system
  depict the type of media being used (paper, magnetic o have high degree of process integration and
tape, magnetic disks, and terminals) data sharing
 in practice, not much difference between document o some are mainframe based and use batch
and system flowcharts processing
 Some firms employ legacy systems for certain aspects
of their data processing.
o Accountants need to understand legacy
systems.
 Legacy systems characteristics:
o mainframe-based applications
o batch oriented
o early legacy systems use flat files for data
storage
o later legacy systems use hierarchical and
network databases
o data storage systems promote a single-user
Program Flowcharts - illustrate the logic used in programs environment that discourages information
integration

Database Backup Procedures

 Destructive updates leave no backup.
 To preserve adequate records, backup procedures
must be implemented, as shown below:
o The master file being updated is copied as a
backup.
o A recovery program uses the backup to create a
Modern Systems versus Legacy Systems
pre-update version of the master file.
 Modern systems characteristics:
o client-server based and process transactions in
real time
o use relational database tables
 Advantages of Batch Processing
 Organizations can increase efficiency by grouping
large numbers of transactions into batches rather
than processing each event separately.
 Batch processing provides control over the
transaction process via control figures.

Computer-Based Accounting Systems Real-Time Systems

Two broad classes of systems:  process transactions individually at the moment the
 batch systems economic event occurs
 real-time systems  have no time lag between the economic event and the
processing
Batch Processing  generally, require greater resources than batch
 A batch is a group of similar transactions that are processing since they require dedicated processing
accumulated over time and then processed together. capacity; however, these cost differentials are
 The transactions must be independent of one another decreasing
during the time period over which the transactions  oftentimes have longer systems development time
are accumulated in order for batch processing to be
appropriate.
 A time lag exists between the event and the
processing.
Steps in Batch Processing/Sequential File
Keystroke - source documents are transcribed by clerks to
magnetic tape for processing later
Edit Run - identifies clerical errors in the batch and places
them into an error file
Sort Run - places the transaction file in the same order as
the master file using a primary key
Update Run - changes the value of appropriate fields in the
master file to reflect the transaction
Backup Procedure - the original master continues to exist
and a new master file is created
Why Do So Many AIS Use Batch Processing?
 AIS processing is characterized by high-volume,
independent transactions, such are recording cash
receipts checks received in the mail.
 The processing of such high-volume checks can be
done during an off-peak computer time.
 This is one reason why batch processing maybe done
using real-time data collection.
Uses of Coding in AIS
 Concisely represent large amounts of complex
information that would otherwise be unmanageable
 Provide a means of accountability over the
completeness of the transactions processed
 Identify unique transactions and accounts within a file
 Support the audit function by providing an effective
audit trail
Sequential Codes
 Represent items in sequential order
 Used to prenumber source documents
 Track each transaction processed
 Identify any out-of-sequence documents
Disadvantages: (1) arbitrary information (2) hard to make
changes and insertions
Block Codes
 Represent whole classes by assigning each class a
specific range within the coding scheme
 Used for chart of accounts - The basis of the general
ledger
 Allows for the easy insertion of new codes within a
block - Don’t have to reorganize the coding structure
Disadvantage: (1) arbitrary information
Group Codes
 Represent complex items or events involving two or
more pieces of data using fields with specific meaning
 For example, a coding scheme for tracking sales might
be 04-09-476214-99, meaning:
Store Number Dept. Number Item Number Salesperson
04 09 476214 99
 Disadvantages: (1) arbitrary information (2) overused
Alphabetic Codes
 Used for many of the same purposes as numeric codes
 Can be assigned sequentially or used in block and
group coding techniques
 May be used to represent large numbers of items -
Can represents up to 26 variations per field
 Disadvantage: arbitrary information
Mnemonic Codes
 Alphabetic characters used as abbreviations,
acronyms, and other types of combinations
 Do not require users to memorize the meaning since
the code itself is informative – and not arbitrary
NY = New York
 Disadvantages: limited usability and availability
Chapter 3 Ethics, Fraud, and Internal Control computer ethics issues?
 Privacy
Business Ethics - Why should we be concerned about ethics  Security—accuracy and confidentiality
in the business world?  Ownership of property
 Ethics are needed when conflicts arise—the need to  Equity in access
 Environmental issues
choose
 Artificial intelligence
 In business, conflicts may arise between: (1)
 Unemployment and displacement
employees (2) management (3) stakeholders  Misuse of computer
 Litigation
Business ethics involves finding the answers to two Legal Definition of Fraud
questions: False representation - false statement or disclosure
 How do managers decide on what is right in conducting Material fact - a fact must be substantial in inducing
their business? someone to act
 Once managers have recognized what is right, how do Intent to deceive must exist
they achieve it? The misrepresentation must have resulted in justifiable
Four Main Areas of Business Ethics reliance upon information, which caused someone to act
Computer Ethics - concerns the social impact of computer The misrepresentation must have caused injury or loss
technology (hardware, software, and telecommunications).
What 2008 ACFE Study of Fraud
are  Loss due to fraud equal to 7% of revenues—
the approximately $994 billion
main  Loss by position within the company:
Position % of Frauds Loss $
Owner/Executive 23% $834,000
Manager 37% 150,000
Employee 40% 70,000
 Other results: higher losses due to men, employees
acting in collusion, and employees with advance
degrees
Enron, WorldCom, Adelphia
Underlying Problems
Lack of Auditor Independence: auditing firms also engaged
by their clients to perform non accounting activities
Lack of Director Independence: directors who also serve on
the boards of other companies, have a business trading
relationship, have a financial relationship as stockholders or
have received personal loans, or have an operational
relationship as employees
Questionable Executive Compensation Schemes: short-term
stock options as compensation result in short-term
strategies aimed at driving up stock prices at the expense of
the firm’s long-term health
Inappropriate Accounting Practices: a characteristic
common to many financial statement fraud schemes
 Enron made elaborate use of special purpose entities.
 WorldCom transferred transmission line costs from
current expense accounts to capital accounts.
Sarbanes-Oxley Act of 2002
Its principal reforms pertain to:
 Creation of the Public Company Accounting Oversight
Board (PCAOB)
 Auditor independence—more separation between a
firm’s attestation and non-auditing activities
 Corporate governance and responsibility—audit
committee members must be independent and the
audit committee must oversee the external auditors
 Disclosure requirements—increase issuer and
management disclosure
 New federal crimes for the destruction of or
tampering with documents, securities fraud, and
actions against whistleblowers
Employee Fraud
 Committed by non-management personnel
 Usually consists of: an employee taking cash or other
assets for personal gain by circumventing a company’s
system of internal controls
Management Fraud
 Perpetrated at levels of management above the one to
which internal control structure relates
 Frequently involves using financial statements to
create an illusion that an entity is more healthy and
prosperous than it actually is
 Involves misappropriation of assets, it frequently is
shrouded in a maze of complex business transactions
Fraud Schemes
Three categories of fraud schemes according to the
Association of Certified Fraud Examiners: (1) fraudulent
statements (2) corruption (3) asset misappropriation
1) Fraudulent Statements
 Misstating the financial statements to make the copy
appear better than it is
 Usually occurs as management fraud
 May be tied to focus on short-term financial measures
for success
 May also be related to management bonus packages
being tied to financial statements
2) Corruption
 Examples: (1) bribery (2) illegal gratuities (3) conflicts
of interest (4) economic extortion
 Foreign Corrupt Practice Act of 1977:
o indicative of corruption in business world
o impacted accounting by requiring accurate
records and internal controls
3) Asset Misappropriation
 Most common type of fraud and often occurs as
employee fraud
 Examples:
o making charges to expense accounts to cover
theft of asset (especially cash)
o lapping: using customer’s check from one
account to cover theft from a different
account
o transaction fraud: deleting, altering, or adding
false transactions to steal assets
Internal Control Objectives According to AICPA SAS
1) Safeguard assets of the firm
2) Ensure accuracy and reliability of accounting records
and information
3) Promote efficiency of the firm’s operations
4) Measure compliance with management’s prescribed
policies and procedures
Modifying Assumptions to the Internal Control Objectives
 Management Responsibility - The establishment and
maintenance of a system of internal control is the
responsibility of management.
 Reasonable Assurance - The cost of achieving the
objectives of internal control should not outweigh its
benefits.
 Methods of Data Processing - The techniques of
achieving the objectives will vary with different types
of technology.
Limitations of Internal Controls
 Possibility of honest errors
 Circumvention via collusion
 Management override
 Changing conditions--especially in companies with high
growth
Exposures of Weak Internal Controls (Risk)
 Destruction of an asset
 Theft of an asset
 Corruption of information
 Disruption of the information system
The Internal Controls Shield
Preventive, Detective, and Corrective Controls
SAS 78 / COSO - Describes the relationship between the
firm’s:
1) internal control structure,
2) auditor’s assessment of risk, and
3) the planning of audit procedures
How do these three interrelate? The weaker the internal
control structure, the higher the assessed level of risk; the
higher the risk, the more auditor procedures applied in the audit.
Five Internal Control Components: SAS 78 / COSO
1. Control environment
2. Risk assessment
3. Information and communication
4. Monitoring
5. Control activities
1: The Control Environment
 Integrity and ethics of management
 Organizational structure
  Role of the board of directors and the audit
committee
 Management’s policies and philosophy
 Delegation of responsibility and authority
 Performance evaluation measures
 External influences—regulatory agencies
 Policies and practices managing human resources
2: Risk Assessment
 Identify, analyze and manage risks relevant to
financial reporting:
o changes in external environment
o risky foreign markets
o significant and rapid growth that strain internal
controls
o new product lines
o restructuring, downsizing
o changes in accounting policies
3: Information and Communication
 The AIS should produce high quality information
which:
o identifies and records all valid transactions
o provides timely information in appropriate
detail to permit proper classification and
financial reporting
o accurately measures the financial value of
transactions
o accurately records transactions in the time
period in which they occurred
Information and Communication
 Auditors must obtain sufficient knowledge of the IS
to understand:
o the classes of transactions that are material
 how these transactions are initiated
[input]
 the associated accounting records and
accounts used in processing [input]
o the transaction processing steps involved from
the initiation of a transaction to its inclusion in
the financial statements [process]
o the financial reporting process used to compile
financial statements, disclosures, and estimates
[output]
[red shows relationship to the general AIS model]
4: Monitoring - The process for assessing the quality of
internal control design and operation
 Separate procedures—test of controls by internal
auditors
 Ongoing monitoring:
o computer modules integrated into routine
operations
o management reports which highlight trends and
exceptions from normal performance
5: Control Activities
 Policies and procedures to ensure that the
appropriate actions are taken in response to
identified risks
 Fall into two distinct categories:
o IT controls—relate specifically to the computer
environment
o Physical controls—primarily pertain to human
activities
Two Types of IT Controls
 1) General controls—pertain to the entitywide computer
environment. Examples: controls over the data center,
organization databases, systems development, and
program maintenance
2) Application controls—ensure the integrity of specific
systems. Examples: controls over sales order
processing, accounts payable, and payroll applications
Six Types of Physical Controls
(1) Transaction Authorization
 used to ensure that employees are carrying out only
authorized transactions
 general (everyday procedures) or specific (non-routine
transactions) authorizations
(2) Segregation of Duties
 In manual systems, separation between:
o authorizing and processing a transaction
o custody and recordkeeping of the asset
o subtasks
 In computerized systems, separation between:
o program coding
o program processing
o program maintenance
(3) Supervision - a compensation for lack of segregation;
some may be built into computer systems
(4) Accounting Records - provide an audit trail
(5) Access Controls - help to safeguard assets by
restricting physical access to them
(6) Independent Verification - reviewing batch totals or
reconciling subsidiary accounts with control accounts
Physical Controls in IT Contexts
Transaction Authorization
 The rules are often embedded within computer
programs.
o EDI/JIT: automated re-ordering of inventory
without human intervention
Segregation of Duties
 A computer program may perform many tasks that are
deemed incompatible.
 Thus the crucial need to separate program
development, program operations, and program
maintenance.
Supervision - The ability to assess competent employees
becomes more challenging due to the greater technical
knowledge required.
Accounting Records
 ledger accounts and sometimes source documents are
kept magnetically
o no audit trail is readily apparent
Access Control
 Data consolidation exposes the organization to
computer fraud and excessive losses from disaster.
Independent Verification
 When tasks are performed by the computer rather
than manually, the need for an independent check is
not necessary.
 However, the programs themselves are checked.