Download
accounting information systems 9 th edition n.
Skip this Video
Loading SlideShow in 5 Seconds..
Accounting Information Systems 9 th Edition PowerPoint Presentation
Download Presentation
Accounting Information Systems 9 th Edition

Accounting Information Systems 9 th Edition

955 Vues Download Presentation
Télécharger la présentation

Accounting Information Systems 9 th Edition

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Accounting Information Systems9th Edition Marshall B. Romney Paul John Steinbart ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  2. Computer-Based Information Systems Controls Chapter 7 ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  3. Learning Objectives • Describe the threats to an AIS and discuss why these threats are growing. • Explain the basic concepts of control as applied to business organizations. • Describe the major elements in the control environment of a business organization. ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  4. Learning Objectives, continued • Describe control policies and procedures commonly used in business organizations. • Evaluate a system of internal accounting control, identify its deficiencies, and prescribe modifications to remedy those deficiencies. • Conduct a cost-benefit analysis for particular threats, exposures, risks, and controls. ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  5. Introduction • Jason Scott has been hired as an internal auditor for Northwest Industries, a diversified forest products company. • He is assigned to audit Springer’s Lumber & Supply, Northwest’s building materials outlet in Montana. ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  6. Introduction • His supervisor, Maria Pilier, has asked him to trace a sample of purchase transactions to verify that proper control procedures were followed. Jason becomes frustrated with this task. • Why is Jason frustrated? • The purchasing system is poorly documented. • He keeps finding transactions that have not been processed as Ed Yates, the accounts payable manager, said they should be. ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  7. Introduction Jason’s frustrations, continued • Some vendor invoices have been paid without supporting documents. • Purchase requisitions are missing for several items that had been authorized by Bill Springer, purchasing v.p. • Prices charged for some items seem unusually high. • Springer’s is the largest supplier in the area and has a near monopoly. • Management authority is concentrated in the company president, Joe Springer, and his sons Bill, the purchasing v.p., and Ted, the controller. • Maria feels that Ted may have engaged in “creative accounting.” ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  8. Introduction • Jason ponders the following issues: • Should he describe the unusual transactions in his report? • Is a violation of proper control procedures acceptable if it has been authorized by management? • Regarding Jason’s assignment, does he have a professional or ethical responsibility to get involved? ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  9. Introduction • This chapter discusses the types of threats a company faces. • It also presents the five interrelated components of the Committee of Sponsoring Organizations (COSO’s) internal control model. ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  10. Learning Objective 1 Describe the threats to an AIS and discuss why these threats are growing. ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  11. Threats to Accounting Information Systems • What are examples of natural and politicaldisasters? • fire or excessive heat • floods • earthquakes • high winds • war ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  12. Threats to Accounting Information Systems • What are examples of software errors andequipment malfunctions? • hardware failures • power outages and fluctuations • undetected data transmission errors ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  13. Threats to Accounting Information Systems • What are examples of unintentional acts? • accidents caused by human carelessness • innocent errors of omissions • lost or misplaced data • logic errors • systems that do not meet company needs ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  14. Threats to Accounting Information Systems • What are examples of intentional acts? • sabotage • computer fraud • embezzlement ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  15. Why are AIS Threats Increasing? • Increasing numbers of client/server systems mean that information is available to an unprecedented number of workers. • Because LANs and client/server systems distribute data to many users, they are harder to control than centralized mainframe systems. • WANs are giving customers and suppliers access to each other’s systems and data, making confidentiality a concern. ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  16. Learning Objective 2 Explain the basic concepts of control as applied to business organizations. ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  17. Overview of Control Concepts What is the traditional definition of internal control? Internal control is the plan of organization and the methods a business uses to safeguard assets, provide accurate and reliable information, promote and improve operational efficiency, and encourage adherence to prescribed managerial policies. ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  18. Overview of Control Concepts • What is management control? • Management control encompasses the following three features: • It is an integral part of management responsibilities. • It is designed to reduce errors, irregularities, and achieve organizational goals. • It is personnel-oriented and seeks to help employees attain company goals. ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  19. Internal Control Classifications • The specific control procedures used in the internal control and management control systems may be classified using the following four internal control classifications: • Preventive, detective, and corrective controls • General and application controls • Administrative and accounting controls • Input, processing, and output controls ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  20. The Foreign Corrupt Practices Act • In 1977, Congress incorporated language from an AICPA pronouncement into the Foreign Corrupt Practices Act. • The primary purpose of the act was to prevent the bribery of foreign officials in order to obtain business. • A significant effect of the act was to require corporations to maintain good systems of internal accounting control. ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  21. Committee of Sponsoring Organizations • The Committee of Sponsoring Organizations (COSO) is a private sector group consisting of five organizations: • American Accounting Association • American Institute of Certified Public Accountants • Institute of Internal Auditors • Institute of Management Accountants • Financial Executives Institute ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  22. Committee of Sponsoring Organizations • In 1992, COSO issued the results of a study to develop a definition of internal controls and to provide guidance for evaluating internal control systems. • The report has been widely accepted as the authority on internal controls. ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  23. Committee of Sponsoring Organizations • The COSO study defines internal control as the process implemented by the board of directors, management, and those under their direction to provide reasonable assurance that control objectives are achieved with regard to: • effectiveness and efficiency of operations • reliability of financial reporting • compliance with applicable laws and regulations ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  24. Committee of Sponsoring Organizations • COSO’s internal control model has five crucial components: • Control environment • Control activities • Risk assessment • Information and communication • Monitoring ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  25. Information Systems Auditand Control Foundation • The Information Systems Audit and Control Foundation (ISACF) recently developed the Control Objectives for Information and related Technology (COBIT). • COBIT consolidates standards from 36 different sources into a single framework. • The framework addresses the issue of control from three vantage points, or dimensions: ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  26. Information Systems Auditand Control Foundation • Information: needs to conform to certain criteria that COBIT refers to as business requirements for information • IT resources: people, application systems, technology, facilities, and data • IT processes: planning and organization, acquisition and implementation, delivery and support, and monitoring ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  27. Learning Objective 3 Describe the major elements in the control environment of a business organization. ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  28. The Control Environment • The first component of COSO’s internal control model is the control environment. • The control environment consists of many factors, including the following: • Commitment to integrity and ethical values • Management’s philosophy and operating style • Organizational structure ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  29. The Control Environment • The audit committee of the board of directors • Methods of assigning authority and responsibility • Human resources policies and practices • External influences ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  30. Learning Objective 4 Describe control policies and procedures commonly used in business organizations. ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  31. Control Activities • The second component of COSO’s internal control model is control activities. • Generally, control procedures fall into one of five categories: • Proper authorization of transactions and activities • Segregation of duties ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  32. Control Activities • Design and use of adequate documents and records • Adequate safeguards of assets and records • Independent checks on performance ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  33. Proper Authorization of Transactions and Activities • Authorization is the empowerment management gives employees to perform activities and make decisions. • Digital signatureor fingerprint is a means of signing a document with a piece of data that cannot be forged. • Specific authorizationis the granting of authorization by management for certain activities or transactions. ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  34. Segregation of Duties • Good internal control demands that no single employee be given too much responsibility. • An employee should not be in a position to perpetrate and conceal fraud or unintentional errors. ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  35. Custodial Functions Handling cash Handling assets Writing checks Receiving checks in mail Authorization Functions Authorization of transactions Recording Functions Preparing source documents Maintaining journals Preparing reconciliations Preparing performance reports Segregation of Duties ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  36. Segregation of Duties • If two of these three functions are the responsibility of a single person, problems can arise. • Segregation of duties prevents employees from falsifying records in order to conceal theft of assets entrusted to them. • Prevent authorization of a fictitious or inaccurate transaction as a means of concealing asset thefts. ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  37. Segregation of Duties Segregation of duties prevents an employee from falsifying records to cover up an inaccurate or false transaction that was inappropriately authorized. ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  38. Design and Use of Adequate Documents and Records • The proper design and use of documents and records helps ensure the accurate and complete recording of all relevant transaction data. • Documents that initiate a transaction should contain a space for authorization. ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  39. Design and Use of Adequate Documents and Records • The following procedures safeguard assets from theft, unauthorized use, and vandalism: • effectively supervising and segregating duties • maintaining accurate records of assets, including information • restricting physical access to cash and paper assets • having restricted storage areas ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  40. Adequate Safeguards ofAssets and Records • What can be used to safeguard assets? • cash registers • safes, lockboxes • safety deposit boxes • restricted and fireproof storage areas • controlling the environment • restricted access to computer rooms, computer files, and information ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  41. Independent Checkson Performance Independent checks ensure that transactions are processed accurately are another important control element. ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  42. Independent Checkson Performance • What are various types of independent checks? • reconciliation of two independently maintained sets of records • comparison of actual quantities with recorded amounts • double-entry accounting • batch totals ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  43. Independent Checkson Performance • Five batch totals are used in computer systems: • A financial total is the sum of a dollar field. • A hash total is the sum of a field that would usually not be added. ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  44. Independent Checkson Performance • A record count is the number of documents processed. • A line count is the number of lines of data entered. • A cross-footing balance test compares the grand total of all the rows with the grand total of all the columns to check that they are equal. ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  45. Learning Objective 5 Evaluate a system of internal accounting control, identify its deficiencies, and prescribe modifications to remedy those deficiencies. ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  46. Risk Assessment • The third component of COSO’s internal control model is risk assessment. • Companies must identify the threats they face: • strategic — doing the wrong thing • financial — having financial resources lost, wasted, or stolen • information — faulty or irrelevant information, or unreliable systems ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  47. Risk Assessment • Companies that implement electronic data interchange (EDI) must identify the threats the system will face, such as: • Choosing an inappropriate technology • Unauthorized system access • Tapping into data transmissions • Loss of data integrity ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  48. Risk Assessment • Incomplete transactions • System failures • Incompatible systems ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  49. Risk Assessment Some threats pose a greater risk because the probability of their occurrence is more likely. For example: • A company is more likely to be the victim of a computer fraud rather than a terrorist attack. • Risk and exposure must be considered together. ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart

  50. Learning Objective 6 Conduct a cost-benefit analysis for particular threats, exposures, risks, and controls. ©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart