Chapter 2 Introduction to Transaction Processing Product Documents - the result of transaction processing
Turnaround Documents - a product document of one system
Financial Transaction that becomes a source document for another system - an economic event that affects the assets and Journals - a record of chronological entry equities of the firm, is reflected in its accounts, and special journals - specific classes of transactions that occur is measured in monetary terms. in high frequency - similar types of transactions are grouped together general journal - nonrecurring, infrequent, and dissimilar into three transaction cycles: transactions o the expenditure cycle Ledger - a book of financial accounts o the conversion cycle general ledger - shows activity for each account listed on o the revenue cycle the chart of accounts subsidiary ledger - shows activity by detail for each account Each Cycle has Two Primary Subsystems type Expenditure Cycle: time lag between the two due to credit relations with suppliers: Computer-Based Systems o physical component (acquisition of goods) The audit trail is less observable in computer-based o financial component (cash disbursements to the systems than traditional manual systems. supplier) The data entry and computer programs are the Conversion Cycle: physical trail. o the production system (planning, scheduling, and The data are stored in magnetic files. control of the physical product through the manufacturing process) Computer Files o the cost accounting system (monitors the flow Master File - generally contains account data (e.g., general of cost information related to production) ledger and subsidiary file) Revenue Cycle: time lag between the two due to credit Transaction File - a temporary file containing transactions relations with customers: since the last update o physical component (sales order processing) Reference File - contains relatively constant information o financial component (cash receipts) used in processing (e.g., tax tables, customer addresses) Archive File - contains past transactions for reference Manual System Accounting Records purposes Source Documents - used to capture and formalize transaction data needed for transaction processing Documentation Techniques Data Flow Diagram Symbols Documentation in a CB environment is necessary for many reasons. Five common documentation techniques: o Entity Relationship Diagram o Data Flow Diagrams o Document Flowcharts o System Flowcharts o Program Flowcharts
Entity Relationship Diagram (ERD)
A documentation technique to represent the relationship between entities in a system. System Flowcharts The REA model version of ERD is widely used in AIS. illustrate the relationship among processes and the REA uses 3 types of entities: documents that flow between them o resources (cash, raw materials) contain more details than data flow diagrams o events (release of raw materials into the clearly depict the separation of functions in a system production process) o agents (inventory control clerk, vendor, production worker)
Cardinalities - Represent the numerical mapping between
are used to represent the relationship between the use symbols to represent the processes, data sources, key elements--input sources, programs, and output data flows, and entities in a system products--of computer systems represent the logical elements of the system do not represent the physical system depict the type of media being used (paper, magnetic o have high degree of process integration and tape, magnetic disks, and terminals) data sharing in practice, not much difference between document o some are mainframe based and use batch and system flowcharts processing Some firms employ legacy systems for certain aspects of their data processing. o Accountants need to understand legacy systems. Legacy systems characteristics: o mainframe-based applications o batch oriented o early legacy systems use flat files for data storage o later legacy systems use hierarchical and network databases o data storage systems promote a single-user Program Flowcharts - illustrate the logic used in programs environment that discourages information integration
Database Backup Procedures
Destructive updates leave no backup. To preserve adequate records, backup procedures must be implemented, as shown below: o The master file being updated is copied as a backup. o A recovery program uses the backup to create a Modern Systems versus Legacy Systems pre-update version of the master file. Modern systems characteristics: o client-server based and process transactions in real time o use relational database tables Advantages of Batch Processing Organizations can increase efficiency by grouping large numbers of transactions into batches rather than processing each event separately. Batch processing provides control over the transaction process via control figures.
Computer-Based Accounting Systems Real-Time Systems
Two broad classes of systems: process transactions individually at the moment the batch systems economic event occurs real-time systems have no time lag between the economic event and the processing Batch Processing generally, require greater resources than batch A batch is a group of similar transactions that are processing since they require dedicated processing accumulated over time and then processed together. capacity; however, these cost differentials are The transactions must be independent of one another decreasing during the time period over which the transactions oftentimes have longer systems development time are accumulated in order for batch processing to be appropriate. A time lag exists between the event and the processing. Steps in Batch Processing/Sequential File Keystroke - source documents are transcribed by clerks to magnetic tape for processing later Edit Run - identifies clerical errors in the batch and places them into an error file Sort Run - places the transaction file in the same order as the master file using a primary key Update Run - changes the value of appropriate fields in the master file to reflect the transaction Backup Procedure - the original master continues to exist and a new master file is created Why Do So Many AIS Use Batch Processing? Allows for the easy insertion of new codes within a AIS processing is characterized by high-volume, block - Don’t have to reorganize the coding structure independent transactions, such are recording cash Disadvantage: (1) arbitrary information receipts checks received in the mail. The processing of such high-volume checks can be Group Codes done during an off-peak computer time. Represent complex items or events involving two or This is one reason why batch processing maybe done more pieces of data using fields with specific meaning using real-time data collection. For example, a coding scheme for tracking sales might be 04-09-476214-99, meaning: Uses of Coding in AIS Store Number Dept. Number Item Number Salesperson Concisely represent large amounts of complex 04 09 476214 99 information that would otherwise be unmanageable Disadvantages: (1) arbitrary information (2) overused Provide a means of accountability over the completeness of the transactions processed Alphabetic Codes Identify unique transactions and accounts within a file Used for many of the same purposes as numeric codes Support the audit function by providing an effective Can be assigned sequentially or used in block and audit trail group coding techniques May be used to represent large numbers of items - Sequential Codes Can represents up to 26 variations per field Represent items in sequential order Disadvantage: arbitrary information Used to prenumber source documents Track each transaction processed Mnemonic Codes Identify any out-of-sequence documents Alphabetic characters used as abbreviations, Disadvantages: (1) arbitrary information (2) hard to make acronyms, and other types of combinations changes and insertions Do not require users to memorize the meaning since the code itself is informative – and not arbitrary Block Codes NY = New York Represent whole classes by assigning each class a Disadvantages: limited usability and availability specific range within the coding scheme Used for chart of accounts - The basis of the general ledger Chapter 3 Ethics, Fraud, and Internal Control computer ethics issues? Privacy Business Ethics - Why should we be concerned about ethics Security—accuracy and confidentiality in the business world? Ownership of property Ethics are needed when conflicts arise—the need to Equity in access Environmental issues choose Artificial intelligence In business, conflicts may arise between: (1) Unemployment and displacement employees (2) management (3) stakeholders Misuse of computer Litigation Business ethics involves finding the answers to two Legal Definition of Fraud questions: False representation - false statement or disclosure How do managers decide on what is right in conducting Material fact - a fact must be substantial in inducing their business? someone to act Once managers have recognized what is right, how do Intent to deceive must exist they achieve it? The misrepresentation must have resulted in justifiable Four Main Areas of Business Ethics reliance upon information, which caused someone to act Computer Ethics - concerns the social impact of computer The misrepresentation must have caused injury or loss technology (hardware, software, and telecommunications). What 2008 ACFE Study of Fraud are Loss due to fraud equal to 7% of revenues— the approximately $994 billion main Loss by position within the company: Position % of Frauds Loss $ Owner/Executive 23% $834,000 Manager 37% 150,000 Employee 40% 70,000 Other results: higher losses due to men, employees acting in collusion, and employees with advance degrees Enron, WorldCom, Adelphia Underlying Problems Lack of Auditor Independence: auditing firms also engaged Committed by non-management personnel by their clients to perform non accounting activities Usually consists of: an employee taking cash or other Lack of Director Independence: directors who also serve on assets for personal gain by circumventing a company’s the boards of other companies, have a business trading system of internal controls relationship, have a financial relationship as stockholders or Management Fraud have received personal loans, or have an operational Perpetrated at levels of management above the one to relationship as employees which internal control structure relates Questionable Executive Compensation Schemes: short-term Frequently involves using financial statements to stock options as compensation result in short-term create an illusion that an entity is more healthy and strategies aimed at driving up stock prices at the expense of prosperous than it actually is the firm’s long-term health Involves misappropriation of assets, it frequently is Inappropriate Accounting Practices: a characteristic shrouded in a maze of complex business transactions common to many financial statement fraud schemes Fraud Schemes Enron made elaborate use of special purpose entities. Three categories of fraud schemes according to the WorldCom transferred transmission line costs from Association of Certified Fraud Examiners: (1) fraudulent current expense accounts to capital accounts. statements (2) corruption (3) asset misappropriation 1) Fraudulent Statements Sarbanes-Oxley Act of 2002 Misstating the financial statements to make the copy Its principal reforms pertain to: appear better than it is Creation of the Public Company Accounting Oversight Usually occurs as management fraud Board (PCAOB) May be tied to focus on short-term financial measures Auditor independence—more separation between a for success firm’s attestation and non-auditing activities May also be related to management bonus packages Corporate governance and responsibility—audit being tied to financial statements committee members must be independent and the 2) Corruption audit committee must oversee the external auditors Examples: (1) bribery (2) illegal gratuities (3) conflicts Disclosure requirements—increase issuer and of interest (4) economic extortion management disclosure New federal crimes for the destruction of or Foreign Corrupt Practice Act of 1977: tampering with documents, securities fraud, and o indicative of corruption in business world actions against whistleblowers o impacted accounting by requiring accurate Employee Fraud records and internal controls 3) Asset Misappropriation Possibility of honest errors Most common type of fraud and often occurs as Circumvention via collusion employee fraud Management override Examples: Changing conditions--especially in companies with high o making charges to expense accounts to cover growth theft of asset (especially cash) Exposures of Weak Internal Controls (Risk) o lapping: using customer’s check from one Destruction of an asset account to cover theft from a different Theft of an asset account Corruption of information o transaction fraud: deleting, altering, or adding Disruption of the information system false transactions to steal assets The Internal Controls Shield Preventive, Detective, and Corrective Controls Internal Control Objectives According to AICPA SAS 1) Safeguard assets of the firm SAS 78 / COSO - Describes the relationship between the 2) Ensure accuracy and reliability of accounting records firm’s: and information 1) internal control structure, 3) Promote efficiency of the firm’s operations 2) auditor’s assessment of risk, and 4) Measure compliance with management’s prescribed 3) the planning of audit procedures policies and procedures How do these three interrelate? The weaker the internal control structure, the higher the assessed level of risk; the Modifying Assumptions to the Internal Control Objectives higher the risk, the more auditor procedures applied in the audit. Management Responsibility - The establishment and maintenance of a system of internal control is the Five Internal Control Components: SAS 78 / COSO responsibility of management. 1. Control environment Reasonable Assurance - The cost of achieving the 2. Risk assessment objectives of internal control should not outweigh its 3. Information and communication benefits. 4. Monitoring 5. Control activities Methods of Data Processing - The techniques of 1: The Control Environment achieving the objectives will vary with different types Integrity and ethics of management of technology. Organizational structure Limitations of Internal Controls Role of the board of directors and the audit o the classes of transactions that are material committee how these transactions are initiated Management’s policies and philosophy [input] Delegation of responsibility and authority the associated accounting records and Performance evaluation measures accounts used in processing [input] External influences—regulatory agencies o the transaction processing steps involved from Policies and practices managing human resources the initiation of a transaction to its inclusion in 2: Risk Assessment the financial statements [process] Identify, analyze and manage risks relevant to o the financial reporting process used to compile financial reporting: financial statements, disclosures, and estimates o changes in external environment [output] o risky foreign markets [red shows relationship to the general AIS model] o significant and rapid growth that strain internal 4: Monitoring - The process for assessing the quality of controls internal control design and operation o new product lines Separate procedures—test of controls by internal o restructuring, downsizing auditors o changes in accounting policies Ongoing monitoring: 3: Information and Communication o computer modules integrated into routine The AIS should produce high quality information operations which: o management reports which highlight trends and o identifies and records all valid transactions exceptions from normal performance o provides timely information in appropriate 5: Control Activities detail to permit proper classification and Policies and procedures to ensure that the financial reporting appropriate actions are taken in response to o accurately measures the financial value of identified risks transactions Fall into two distinct categories: o accurately records transactions in the time o IT controls—relate specifically to the computer period in which they occurred environment o Physical controls—primarily pertain to human Information and Communication activities Auditors must obtain sufficient knowledge of the IS Two Types of IT Controls to understand: 1) General controls—pertain to the entitywide computer Transaction Authorization environment. Examples: controls over the data center, The rules are often embedded within computer organization databases, systems development, and programs. program maintenance o EDI/JIT: automated re-ordering of inventory 2) Application controls—ensure the integrity of specific without human intervention systems. Examples: controls over sales order Segregation of Duties processing, accounts payable, and payroll applications A computer program may perform many tasks that are Six Types of Physical Controls deemed incompatible. (1) Transaction Authorization Thus the crucial need to separate program used to ensure that employees are carrying out only development, program operations, and program authorized transactions maintenance. general (everyday procedures) or specific (non-routine Supervision - The ability to assess competent employees transactions) authorizations becomes more challenging due to the greater technical (2) Segregation of Duties knowledge required. In manual systems, separation between: Accounting Records o authorizing and processing a transaction ledger accounts and sometimes source documents are o custody and recordkeeping of the asset kept magnetically o subtasks o no audit trail is readily apparent In computerized systems, separation between: Access Control o program coding Data consolidation exposes the organization to o program processing computer fraud and excessive losses from disaster. o program maintenance Independent Verification (3) Supervision - a compensation for lack of segregation; When tasks are performed by the computer rather some may be built into computer systems than manually, the need for an independent check is (4) Accounting Records - provide an audit trail not necessary. (5) Access Controls - help to safeguard assets by However, the programs themselves are checked. restricting physical access to them
(6) Independent Verification - reviewing batch totals or
reconciling subsidiary accounts with control accounts Physical Controls in IT Contexts