Accounting Information Systems: A Business Process Approach Chapter Thirteen: Accounting Systems: Managing the IT Environment
Exhibits: 13.2, 13.3 Tables: 13.1, 13.2
Exhibit 13.2 Types of Control Activities • Workflow controls are used to control a process as it moves from one event to the next. Workflow controls exploit linkages between events and focus on responsibilities for events, the sequence of events, and the flow of information between events in a business process. • Input controls are used to control the input of data into computer systems. • General controls are broader controls that apply to multiple processes. These broader controls should be in place for the workflow and input controls to be effective. • Performance reviews are activities involving review of performance by comparing actual results with budgets, forecasts, and prior-period data. • Control activities of each type discussed in this text are described as follows: • Workflow controls* • Segregation of duties. • Use of information from prior events to control activities. • Required sequence of events. • Follow-up on events. • Sequence of prenumbered documents. • Recording of internal agent(s) accountable for an event in a process. • Limitation of access to assets and information. • Reconciliation of records with physical evidence of assets.
Exhibit 13.2 Types of Control Activities (Concluded) • Input controls* • Drop-down or look-up menus that provide a list of possible values to enter. • Record checking to determine whether data entered were consistent with data entered in a related table. • Confirmation of data that were entered by a user by displaying related data from another table. • Referential integrity controls to ensure that event records are related to the correct master file records. • Format checks to limit data entered to text, numbers, and date. • Validation rules to limit the data that can be entered to certain values. • Use of defaults from data entered in prior sessions. • Computer-generated values entered in records. • Batch control totals taken before data entry compared to printouts after data entry. • Review of edit report for errors before posting. • Exception reports that list cases where defaults were overridden or where unusual values were entered. • General controls* • Information systems (IS) planning. • Organizing the IT function. • Identifying and developing IS solutions. • Implementing and operating accounting systems. • Performance reviews* • Establish budgets, forecasts, standards, or prior-period results through file maintenance. • Use reports to compare actual results to budgets, forecasts, standards, or prior-period results. • Take corrective action by modifying appropriate reference data (budgets and standards) in a master table. • *Workflow controls and performance reviews were discussed in Chapter 4. Input controls were covered in detail in Chapter 7. General controls are discussed in this chapter.
Exhibit 13.3 Controlling the IT Environment Managing the IT Environment General Controls Information systems planning 1. Develop IS strategy. 2. Plan the IT infrastructure. 3. Plan the IT function and systems development process. Organizing the IT function 4. Locate the IT function appropriately. 5. Segregate incompatible functions. 6. Implement personnel controls for hiring, developing, and terminating IT personnel. Identifying and developing IS solutions 7. Adopt appropriate systems development methodology. 8. Implement procedures for program development and testing. 9. Ensure adequate documentation. Implementing and operating accounting 10. Ensure security of resources. systems 11. Ensure continuity of service.
Table 13.1 Alternative Configurations for Data Entry, Processing, and Storage Architecture Data Entry Processing Storage Centralized Central* Central Central Centralized with distributed data entry Local** Central Central Decentralized Local Local Local Distributed Local/Central Local/Central Local/Central *Central—Data are entered, stored, or processed by personnel at a central computing facility. **Local—Data are entered, stored, or processed using a computer under the control of a user department (e.g., Order Entry Department and Billing Department).
Table 13.2 Access Control Matrix for H & J Tax Preparation Service • Owner Accountant Secretary • Menu Item Permissions Permissions Permissions • Maintain: • Clients RWD RW RW • Services RWD R R • Record services RWD RW RW • Print or display: • Invoice RD R R • Services provided RD X X • Services provided by RD X X • Service# • Services provided by RD X X • Service# (Summary) • Services reference list RD X X • Detailed client status report RD R X • Summary client RD R X • status report • Single client status report RD R X • R = permission to Read; W = permission to Write; D = permission to Design or change design of tables, forms, or reports; X = no permission