accounting information systems (seventh edition).pdf
TRANSCRIPT
Accounting
Information
Systems
SEVENTH EDITION
JAMES A. HALLPeter E. Bennett Chair inBusiness and Economics
Lehigh University
Accounting Information Systems,
Seventh Edition
James A. Hall
VP/Editorial Director: Jack W. Calhoun
Editor-in-Chief: Rob Dewey
Sr. Acquisitions Editor: Matt Filimonov
Editorial Assistant: Lauren Athmer
Developmental Editor: Maggie Kubale
Marketing Manager: Natalie King
Marketing Coordinator: Heather McAuliffe
Associate Content Project Manager: Jana Lewis
Manager of Technology, Editorial: Matt McKinney
Media Editor: Bryan England
Sr. Manufacturing Buyer: Doug Wilke
Production Technology Analyst: Starratt Alexander
Production House: Cadmus Communications
Printer: Edwards Brothers
Art Director: Stacy Jenkins-Shirley
Marketing Communications Manager: Libby Shipp
Permissions Acquisition Manager: Roberta Broyer
Cover Designer: Itzhack Shelomi
Cover Image: iStock Photo
Printed in the United States of America1 2 3 4 5 13 12 11 10 09
ª 2011, 2008 Cengage Learning
ALL RIGHTS RESERVED. No part of this work covered by the copy-
right herein may be reproduced, transmitted, stored or used in any form
or by any means graphic, electronic, or mechanical, including but not
limited to photocopying, recording, scanning, digitizing, taping, Web
distribution, information networks, or information storage and retrieval
systems, except as permitted under Section 107 or 108 of the 1976
United States Copyright Act, without the prior written permission of the
publisher.
For more information about our products, contact us at:
Cengage Learning Academic Resource Center,
1-800-423-0563
For permission to use material from this text or product, submit a
request online at http://www.cengage.com/permissions.
South-Western Cengage Learning, a part of Cengage Learning.
Cengage, the Star logo, and South-Western are trademarks used
herein under license.
Library of Congress Control Number: 2009938064
ISBN-13: 978-1-4390-7857-0
ISBN-10: 1-4390-7857-2
Cengage Learning
5191 Natorp Boulevard
Mason, OH 45040
USA
Br ie f Conten t s
Preface xvii
Part I Overview of Accounting InformationSystems 1
Chapter 1 The Information System: AnAccountant’s Perspective 3
Chapter 2 Introduction to TransactionProcessing 41
Chapter 3 Ethics, Fraud, and Internal Control 111
Part II Transaction Cycles and BusinessProcesses 151
Chapter 4 The Revenue Cycle 153
Chapter 5 The Expenditure Cycle Part I:Purchases and Cash DisbursementsProcedures 217
Chapter 6 The Expenditure Cycle Part II: PayrollProcessing and Fixed AssetProcedures 265
Chapter 7 The Conversion Cycle 305
Chapter 8 Financial Reporting and ManagementReporting Systems 349
Part III Advanced Technologies in AccountingInformation 395
Chapter 9 Database Management Systems 397
Chapter 10 The REA Approach to DatabaseModeling 459
Chapter 11 Enterprise Resource Planning Systems489
Chapter 12 Electronic Commerce Systems 523
iii
Part IV Systems Development Activities 571
Chapter 13 Managing the Systems DevelopmentLife Cycle 573
Chapter 14 Construct, Deliver, and MaintainSystems Project 605
Part V Computer Controls and Auditing 663
Chapter 15 IT Controls Part I: Sarbanes-Oxleyand IT Governance 665
Chapter 16 IT Controls Part II: Security andAccess 703
Chapter 17 IT Controls Part III: SystemsDevelopment, Program Changes, andApplication Controls 737
Glossary 773
Index 791
iv Brief Contents
Conten t s
Preface xvii
Acknowledgments xxvi
Dedication xxvii
Part I Overview of Accounting InformationSystems 1
Chapter 1 The Information System: An Accountant’sPerspective 3THE INFORMATION ENVIRONMENT 4
What Is a System? 5An Information Systems Framework 7AIS Subsystems 9A General Model for AIS 10Acquisition of Information Systems 14
ORGANIZATIONAL STRUCTURE 15Business Segments 15Functional Segmentation 16The Accounting Function 19The Information Technology Function 20
THE EVOLUTION OF INFORMATION SYSTEM MODELS 24The Manual Process Model 24The Flat-File Model 25The Database Model 27The REA Model 28Enterprise Resource Planning Systems 31
THE ROLE OF THE ACCOUNTANT 31Accountants as Users 32Accountants as System Designers 32Accountants as System Auditors 32
SUMMARY 33
Chapter 2 Introduction to Transaction Processing 41AN OVERVIEW OF TRANSACTION PROCESSING 42
Transaction Cycles 42ACCOUNTING RECORDS 44
Manual Systems 44The Audit Trail 50
v
Computer-Based Systems 51DOCUMENTATION TECHNIQUES 53
Data Flow Diagrams and Entity Relationship Diagrams 53System Flowcharts 57Program Flowcharts 64Record Layout Diagrams 67
COMPUTER-BASED ACCOUNTING SYSTEMS 67Differences between Batch and Real-Time Systems 68Alternative Data Processing Approaches 69Batch Processing Using Real-Time Data Collection 71Real-Time Processing 74
DATA CODING SCHEMES 74A System without Codes 74A System with Codes 76Numeric and Alphabetic Coding Schemes 76
SUMMARY 79
APPENDIX 80
Chapter 3 Ethics, Fraud, and Internal Control 111ETHICAL ISSUES IN BUSINESS 112
Business Ethics 112Computer Ethics 112Sarbanes-Oxley Act and Ethical Issues 116
FRAUD AND ACCOUNTANTS 117Definitions of Fraud 117The Fraud Triangle 118Financial Losses from Fraud 119The Perpetrators of Frauds 120Fraud Schemes 122
INTERNAL CONTROL CONCEPTS AND TECHNIQUES 128SAS 78/COSO Internal Control Framework 132
SUMMARY 137
Part II Transaction Cycles and Business Processes151
Chapter 4 The Revenue Cycle 153THE CONCEPTUAL SYSTEM 154
Overview of Revenue Cycle Activities 154Sales Return Procedures 160Cash Receipts Procedures 163
vi Contents
Revenue Cycle Controls 166PHYSICAL SYSTEMS 170
MANUAL SYSTEMS 171Sales Order Processing 171Sales Return Procedures 174Cash Receipts Procedures 174
COMPUTER-BASED ACCOUNTING SYSTEMS 177Automating Sales Order Processing with Batch Technology 177Keystroke 178Edit Run 180Update Procedures 180Reengineering Sales Order Processing with Real-TimeTechnology 180Transaction Processing Procedures 180General Ledger Update Procedures 182Advantages of Real-Time Processing 183Automated Cash Receipts Procedures 183Reengineered Cash Receipts Procedures 185Point-of-Sale (POS) Systems 185Daily Procedures 185End-of-Day Procedures 187Reengineering Using EDI 187Reengineering Using the Internet 188Control Considerations for Computer-Based Systems 188
PC-BASED ACCOUNTING SYSTEMS 190PC Control Issues 190
SUMMARY 191
APPENDIX 192
Chapter 5 The Expenditure Cycle Part I: Purchases andCash Disbursements Procedures 217THE CONCEPTUAL SYSTEM 218
Overview of Purchases and Cash Disbursements Activities 218The Cash Disbursements Systems 225Expenditure Cycle Controls 228
PHYSICAL SYSTEMS 230A Manual System 230The Cash Disbursements Systems 232
COMPUTER-BASED PURCHASES AND CASHDISBURSEMENTS APPLICATIONS 234
Automating Purchases Procedures Using Batch ProcessingTechnology 234
Contents vii
Cash Disbursements Procedures 239Reengineering the Purchases/Cash Disbursements System 240Control Implications 242
SUMMARY 243
Chapter 6 The Expenditure Cycle Part II: PayrollProcessing and Fixed Asset Procedures 265THE CONCEPTUAL PAYROLL SYSTEM 266
Payroll Controls 274THE PHYSICAL PAYROLL SYSTEM 275
Manual Payroll System 275COMPUTER-BASED PAYROLL SYSTEMS 277
Automating the Payroll System Using Batch Processing 277Reengineering the Payroll System 279
THE CONCEPTUAL FIXED ASSET SYSTEM 281The Logic of a Fixed Asset System 281
THE PHYSICAL FIXED ASSET SYSTEM 283Computer-Based Fixed Asset System 283Controlling the Fixed Asset System 286
SUMMARY 288
Chapter 7 The Conversion Cycle 305THE TRADITIONAL MANUFACTURINGENVIRONMENT 306
Batch Processing System 307Controls in the Traditional Environment 318
WORLD-CLASS COMPANIES AND LEANMANUFACTURING 320
What Is a World-Class Company? 320Principles of Lean Manufacturing 320
TECHNIQUES AND TECHNOLOGIES THAT PROMOTE LEANMANUFACTURING 322
Physical Reorganization of the Production Facilities 322Automation of the Manufacturing Process 323
ACCOUNTING IN A LEAN MANUFACTURINGENVIRONMENT 326
What’s Wrong with Traditional Accounting Information? 326Activity-Based Costing (ABC) 328Value Stream Accounting 329
INFORMATION SYSTEMS THAT SUPPORT LEANMANUFACTURING 331
Materials Requirement Planning (MRP) 331
viii Contents
Manufacturing Resource Planning (MRP II) 331Enterprise Resource Planning (ERP) Systems 333
SUMMARY 334
Chapter 8 Financial Reporting and ManagementReporting Systems 349THE GENERAL LEDGER SYSTEM 349
The Journal Voucher 350The GLS Database 350GLS Procedures 352
THE FINANCIAL REPORTING SYSTEM 352Sophisticated Users with Homogeneous Information Needs 352Financial Reporting Procedures 352
XBRL—REENGINEERING FINANCIAL REPORTING 355XML 355XBRL 356The Current State of XBRL Reporting 361
CONTROLLING THE FRS 362SAS 78/COSO Control Issues 362Internal Control Implications of XBRL 364
THE MANAGEMENT REPORTING SYSTEM 365
FACTORS THAT INFLUENCE THE MRS 365Management Principles 365Management Function, Level, and Decision Type 368Problem Structure 370Types of Management Reports 371Responsibility Accounting 374Behavioral Considerations 378
SUMMARY 380
Part III Advanced Technologies in AccountingInformation 395
Chapter 9 Database Management Systems 397OVERVIEW OF THE FLAT-FILE VERSUS DATABASEAPPROACH 398
Data Storage 398Data Updating 398Currency of Information 399Task-Data Dependency 399The Database Approach 399Flat-File Problems Solved 400
Contents ix
Controlling Access to the Database 400The Database Management System 400Three Conceptual Models 401
ELEMENTS OF THE DATABASE ENVIRONMENT 401Users 401Database Management System 401Database Administrator 404The Physical Database 407
THE RELATIONAL DATABASE MODEL 407Relational Database Concepts 408Anomalies, Structural Dependencies, and Data Normalization 412
DESIGNING RELATIONAL DATABASES 419Identify Entities 419Construct a Data Model Showing Entity Associations 421Add Primary Keys and Attributes to the Model 422Normalize Data Model and Add Foreign Keys 422Construct the Physical Database 423Prepare the User Views 424Global View Integration 427
DATABASES IN A DISTRIBUTED ENVIRONMENT 427Centralized Databases 428Distributed Databases 429
SUMMARY 433
APPENDIX 433
Chapter 10 The REA Approach to DatabaseModeling 459THE REA APPROACH 460
The REA Model 460DEVELOPING AN REA MODEL 462
Differences between ER and REA Diagrams 463View Modeling: Creating an Individual REA Diagram 463
VIEW INTEGRATION: CREATING ANENTERPRISE-WIDE REA MODEL 470
Step 1. Consolidate the Individual Models 470Step 2. Define Primary Keys, Foreign Keys, and Attributes 475Step 3. Construct Physical Database and Produce User Views 477REA and Value Chain Analysis 481REA Compromises in Practice 482
SUMMARY 482
x Contents
Chapter 11 Enterprise Resource Planning Systems 489WHAT IS AN ERP? 490
ERP Core Applications 491Online Analytical Processing 492
ERP SYSTEM CONFIGURATIONS 492Server Configurations 492OLTP Versus OLAP Servers 493Database Configuration 496Bolt-on Software 496
DATA WAREHOUSING 497Modeling Data for the Data Warehouse 497Extracting Data from Operational Databases 498Cleansing Extracted Data 498Transforming Data into the Warehouse Model 500Loading the Data into the Data Warehouse Database 501Decisions Supported by the Data Warehouse 501Supporting Supply Chain Decisions from the Data Warehouse 502
RISKS ASSOCIATED WITH ERP IMPLEMENTATION 503Big Bang Versus Phased-in Implementation 503Opposition to Changes in the Business’s Culture 504Choosing the Wrong ERP 504Choosing the Wrong Consultant 505High Cost and Cost Overruns 506Disruptions to Operations 507
IMPLICATIONS FOR INTERNAL CONTROLAND AUDITING 507
Transaction Authorization 507Segregation of Duties 508Supervision 508Accounting Records 508Independent Verification 508Access Controls 509Internal Control Issues Related to ERP Roles 509Contingency Planning 511
SUMMARY 512
APPENDIX 512
Chapter 12 Electronic Commerce Systems 523INTRAORGANIZATIONAL NETWORKS AND EDI 524
INTERNET COMMERCE 524Internet Technologies 524
Contents xi
Protocols 527Internet Protocols 528Benefits from Internet Commerce 530
RISKS ASSOCIATED WITH ELECTRONIC COMMERCE 532Intranet Risks 532Internet Risks 533Risks to Consumers 533
SECURITY, ASSURANCE, AND TRUST 539Encryption 539Digital Authentication 540Firewalls 542Seals of Assurance 542
IMPLICATIONS FOR THE ACCOUNTING PROFESSION 543Privacy Violation 543Continuous Auditing 544Electronic Audit Trails 545Confidentiality of Data 545Authentication 545Nonrepudiation 545Data Integrity 545Access Controls 545A Changing Legal Environment 546
SUMMARY 546
APPENDIX 546
Part IV Systems Development Activities 571
Chapter 13 Managing the Systems Development LifeCycle 573THE SYSTEMS DEVELOPMENT LIFE CYCLE 574
Participants in Systems Development 575SYSTEMS STRATEGY 576
ASSESS STRATEGIC INFORMATION NEEDS 576Strategic Business Needs 576Legacy Systems 577User Feedback 577
DEVELOP A STRATEGIC SYSTEMS PLAN 580
CREATE AN ACTION PLAN 580The Learning and Growth Perspective 581The Internal Business Process Perspective 582
xii Contents
The Customer Perspective 582The Financial Perspective 582Balanced Scorecard Applied to IT Projects 582
PROJECT INITIATION 583
SYSTEMS ANALYSIS 583The Survey Step 583The Analysis Step 586
CONCEPTUALIZATION OF ALTERNATIVE DESIGNS 587How Much Design Detail Is Needed? 587
SYSTEMS EVALUATION AND SELECTION 589Perform a Detailed Feasibility Study 589Perform Cost-Benefit Analysis 590Prepare Systems Selection Report 595Announcing the New System Project 596User Feedback 597
THE ACCOUNTANT’S ROLE IN MANAGING THE SDLC 597How Are Accountants Involved with SDLC? 597The Accountant’s Role in Systems Strategy 598The Accountant’s Role in Conceptual Design 598The Accountant’s Role in Systems Selection 598
SUMMARY 598
Chapter 14 Construct, Deliver, and Maintain SystemsProject 605IN-HOUSE SYSTEMS DEVELOPMENT 606
Tools for Improving Systems Development 606CONSTRUCT THE SYSTEM 610
The Structured Design Approach 610The Object-Oriented Design Approach 610System Design 615Data Modeling, Conceptual Views, and Normalized Tables 615Design Physical User Views 615Design the System Process 622Design System Controls 625Perform a System Design Walk-Through 625Program Application Software 626Software Testing 627
DELIVER THE SYSTEM 628Testing the Entire System 628Documenting the System 628Converting the Databases 630Converting to the New System 630
Contents xiii
Postimplementation Review 631The Role of Accountants 633
COMMERCIAL PACKAGES 633
TRENDS IN COMMERCIAL PACKAGES 633Advantages of Commercial Packages 635Disadvantages of Commercial Packages 635
CHOOSING A PACKAGE 635
MAINTENANCE AND SUPPORT 639User Support 639Knowledge Management and Group Memory 639
SUMMARY 640
APPENDIX 640
Part V Computer Controls and Auditing 663
Chapter 15 IT Controls Part I: Sarbanes-Oxleyand IT Governance 665OVERVIEW OF SOX SECTIONS 302 AND 404 666
Relationship between IT Controls and Financial Reporting 666Audit Implications of Sections 302 and 404 667
IT GOVERNANCE CONTROLS 671
ORGANIZATIONAL STRUCTURE CONTROLS 671Segregation of Duties within the Centralized Firm 672The Distributed Model 674Creating a Corporate IT Function 675Audit Objectives Relating to Organizational Structure 676Audit Procedures Relating to Organizational Structure 676
COMPUTER CENTER SECURITY AND CONTROLS 677Computer Center Controls 677
DISASTER RECOVERY PLANNING 679Providing Second-Site Backup 680Identifying Critical Applications 681Performing Backup and Off-Site Storage Procedures 681Creating a Disaster Recovery Team 682Testing the DRP 683Audit Objective: Assessing Disaster Recovery Planning 683Audit Procedures for Assessing Disaster Recovery Planning 683
OUTSOURCING THE IT FUNCTION 683Risks Inherent to IT Outsourcing 684Audit Implications of IT Outsourcing 685
SUMMARY 687
APPENDIX 687
xiv Contents
Chapter 16 IT Controls Part II: Security and Access 703CONTROLLING THE OPERATING SYSTEM 704
Operating System Objectives 704Operating System Security 704Threats to Operating System Integrity 705Operating System Controls and Test of Controls 705
CONTROLLING DATABASE MANAGEMENT SYSTEMS 710Access Controls 710Backup Controls 712
CONTROLLING NETWORKS 713Controlling Risks from Subversive Threats 713Controlling Risks from Equipment Failure 721
ELECTRONIC DATA INTERCHANGE (EDI) CONTROLS 722Transaction Authorization and Validation 723Access Control 724EDI Audit Trail 724
SUMMARY 726
APPENDIX 726
Chapter 17 IT Controls Part III: Systems Development,Program Changes, and Application Controls737SYSTEMS DEVELOPMENT CONTROLS 738
Controlling Systems Development Activities 738Controlling Program Change Activities 740Source Program Library Controls 740The Worst-Case Situation: No Controls 741A Controlled SPL Environment 741
APPLICATION CONTROLS 745Input Controls 745Processing Controls 747Output Controls 750
TESTING COMPUTER APPLICATION CONTROLS 752Black Box Approach 753White Box Approach 753White Box Testing Techniques 756The Integrated Test Facility 759Parallel Simulation 760
SUBSTANTIVE TESTING TECHNIQUES 761The Embedded Audit Module 761Generalized Audit Software 763
SUMMARY 766
Contents xv
Preface
Welcome to the Seventh Edition
The seventh edition of Accounting Information Systems includes a full range ofnew and revised homework assignments and up-to-date content changes, aswell as several reorganized chapters. All of these changes add up to more stu-
dent and instructor enhancements than ever before. As this preface makes clear, wehave made these changes to keep students and instructors as current as possible onissues such as business processes, systems development methods, IT governance andstrategy, security, internal controls, and relevant aspects of Sarbanes-Oxley legislation.
Focus and Flexibility in DesigningYour AIS CourseAmong accounting courses, accounting information systems (AIS) courses tend to bethe least standardized. Often the objectives, background, and orientation of the instruc-tor, rather than adherence to a standard body of knowledge, determines the directionthe AIS course takes. Therefore, we have designed this text for maximum flexibility:
• This textbook covers a full range of AIS topics to provide instructors with flexibil-ity in setting the direction and intensity of their courses.
• At the same time, for those who desire a structured model, the first nine chaptersof the text, along with the chapters on electronic commerce and computer controls,provide what has proven to be a successful template for developing an AIScourse.
• Earlier editions of this book have been used successfully in introductory,advanced, and graduate-level AIS courses.
• The topics in this book are presented from the perspective of the managers’and accountants’ AIS-related responsibilities under the Sarbanes-Oxley Act.
• Although this book was written primarily to meet the needs of accounting majorsabout to enter the modern business world, we have also developed it to be an effec-tive text for general business and industrial engineering students who seek athorough understanding of AIS and internal control issues as part of theirprofessional education.
Key FeaturesCONCEPTUAL FRAMEWORKThis book employs a conceptual framework to emphasize the professional and legalresponsibility of accountants, auditors, and management for the design, operation, andcontrol of AIS applications. This responsibility pertains to business events that are nar-rowly defined as financial transactions. Systems that process nonfinancial transactionsare not subject to the standards of internal control under Sarbanes-Oxley legislation.Supporting the information needs of all users in a modern organization, however,requires systems that integrate both accounting and nonaccounting functions. While
xvii
providing the organization with unquestioned benefit, a potential consequence of suchintegration is a loss of control due to the blurring of the lines that traditionally separateAIS from non-AIS functions. The conceptual framework presented in this book dis-tinguishes AIS applications that are legally subject to specific internal controlstandards.
EVOLUTIONARY APPROACHOver the years, accounting information systems have been represented by a number ofdifferent approaches or models. Each new model evolved because of the shortcomingsand limitations of its predecessor. An interesting feature in this evolution is that oldermodels are not immediately replaced by the newest technique. Thus, at any point intime, various generations of legacy systems exist across different organizations and of-ten coexist within a single enterprise. Modern accountants need to be familiar with theoperational characteristics of all AIS approaches that they are likely to encounter.Therefore, this book presents the salient aspects of five models that relate to bothlegacy and state-of-the-art systems:
1. manual processes
2. flat-file systems
3. the database approach
4. the resources, events, and agents (REA) model
5. enterprise resource planning (ERP) systems
EMPHASIS ON INTERNAL CONTROLSThe book presents a conceptual model for internal control based on Statement onAuditing Standards no. 78 (SAS 78) and the Committee of Sponsoring Organizationsof the Treadway Commission (COSO) frameworks. This SAS 78/COSO model is usedto discuss control issues for both manual processes and computer-based informationsystems (CBIS). Three chapters (Chapters 15, 16 and 17) are devoted to the control ofCBIS. Special emphasis is given to the following areas:
• computer operating systems
• database management systems
• electronic data interchange (EDI)
• electronic commerce systems
• ERP systems
• systems development and program change processes
• the organization of the computer function
• the security of data processing centers
• verifying computer application integrity
EXPOSURE TO SYSTEMS DESIGN ANDDOCUMENTATION TOOLSThis book examines various approaches and methodologies used in systems analysisand design, including:
• structured design
• object-oriented design
• computer-aided software engineering (CASE)
• prototyping
xviii Preface
In conjunction with these general approaches, professional systems analysts and pro-grammers use a number of documentation techniques to specify the key features of sys-tems. The modern auditor works closely with systems professionals during IT auditsand must learn to communicate in their language. The book deals extensively withdocumentation techniques such as data flow diagrams (DFDs) and entity relation-ship diagrams (ERDs), as well as system and program flowcharts. It containsnumerous systems design and documentation cases and assignments intended todevelop students’ competency with these tools.
Significant Changes in the Seventh EditionChapter 2, ‘‘Introduction to Transaction Processing’’
This chapter has been updated to include a discussion of data coding schemes and theirrole in transaction processing and AIS as a means of coordinating and managing afirm’s transactions. The chapter presents the advantages and disadvantages of the majortypes of numeric and alphabetic coding schemes. In the sixth edition, this material wasincluded in Chapter 8; it was moved in this edition because of its relevance as an ele-ment of transaction processing.
Chapter 3, ‘‘Ethic, Fraud, and Internal Control’’
This chapter has been revised to include the most recent research results published bythe Association of Certified Fraud Examiners (ACFE). The ACFE study provides esti-mates of losses due to fraud, categorizes fraud by various factors, and creates a profileof fraud perpetrators. In addition, the chapter presents an expanded discussion of com-mon fraud schemes.
Chapter 4, ‘‘The Revenue Cycle’’; Chapter 5 ‘‘The Expenditure Cycle Part I:Purchases and Cash Disbursements Procedures’’; Chapter 6, ‘‘The Expenditure CyclePart II: Payroll Processing and Fixed Asset Procedures’’
The end-of-chapter material for these chapters has been significantly revised. Thisentailed revising all the end-of-chapter internal control cases and creating several newones, In particular, great attention was given to internal control case solutions to ensureconsistency in appearance and an accurate reflection of the cases in the text. In the sev-enth edition, all case solution flowcharts are numerically coded and cross-referenced totext that explains the internal control issues. This approach, which has been classroomtested, facilitates effective presentation of internal control case materials.
Chapter 8, ‘‘Financial Reporting and Management Reporting Systems’’
This chapter has been revised to include a discussion of the expanding role of XBRL(Extendable Business Reporting Language). The chapter outlines the technological fea-tures of XBRL and points to the advantages it offers organizations for which onlinereporting of financial data has become a competitive necessity. It also presents a num-ber of internal control and audit implications that accountants should recognize.
Chapter 11, ‘‘Enterprise Resource Planning Systems’’
A significant change to this chapter has been the addition of a SAP internal controlcase, available online to all schools that are members of the SAP University AllianceProgram. This case teaches students how to navigate the SAP system and allows themto process revenue, expenditure, and conversion cycle transactions for a hypotheticalcompany that manufactures and sells classic sports car parts and accessories. Importantaspects of the case are its focuses on internal controls and on the establishment of rolesin a SAP environment.
Preface xix
Chapter 15, ‘‘IT Controls Part I: Sarbanes-Oxley and IT Governance’’
A major new section in this chapter deals with IT outsourcing. It examines the motiva-tions and theories underlying outsourcing decisions and speaks to a number of risk issuesthat auditors need to understand. The chapter has also been expanded to include a discus-sion of several computer fraud techniques. Computer fraud loss estimates vary greatlyamong researchers. Uncertainty exists, in part, because computer fraud is itself not welldefined. All agree, however, that computer fraud is a rapidly growing phenomenon.
Organization and ContentPART I: OVERVIEW OF ACCOUNTINGINFORMATION SYSTEMSChapter 1, ‘‘The Information System: An Accountant’s Perspective’’
Chapter 1 places the subject of accounting information systems in perspective foraccountants. It is divided into four major sections, each dealing with a different aspectof information systems.
• The first section explores the information environment of the firm. It introduces ba-sic systems concepts, identifies the types of information used in business, describesthe flow of information through an enterprise, and presents a framework for viewingaccounting information systems in relation to other information systems compo-nents.
• The second section deals with the impact of organizational structure on AIS. Thecentralized and distributed models are used to illustrate extreme cases.
• The third section reviews the evolution of information systems models. Accountinginformation systems are represented by a number of different approaches or models.Five dominant models are examined: manual processes; flat-file systems; the data-base approach; the resources, events, agents (REA) model; and enterprise resourceplanning (ERP) systems.
• The final section discusses the role of accountants as users, designers, and auditorsof AIS. The nature of the responsibilities shared by accountants and computer pro-fessionals for developing AIS applications are examined.
Chapter 2, ‘‘Introduction to Transaction Processing’’
Chapter 2 divides the treatment of transaction processing systems into five major sec-tions.
• The first section provides an overview of transaction processing, showing its vitalrole as an information provider for financial reporting, internal management report-ing, and the support of day-to-day operations. Three transaction cycles account formost of a firm’s economic activity: the revenue cycle, the expenditure cycle, and theconversion cycle.
• The second section describes the relationship among accounting records in bothmanual and computer-based systems.
• The third section of the chapter presents an overview of documentation techniquesused to describe the key features of systems. Five types of documentation are com-monly used: data flow diagrams, entity relationship diagrams, system flowcharts,program flowcharts, and record layout diagrams.
• The fourth section presents two computer-based transaction processing systems—batch processing using real-time data collection and real-time processing—and theoperational efficiency issues associated with each.
• The final section examines data coding schemes, their role in transaction processingand AIS as a means of coordinating and managing a firm’s transactions, and the
xx Preface
advantages and disadvantages of the major types of numeric and alphabetic codingschemes.
Chapter 3, ‘‘Ethics, Fraud, and Internal Control’’
Chapter 3 deals with the related topics of ethics, fraud, and internal control.
• The chapter first examines ethical issues related to business and specifically tocomputer systems. The questions raised are intended to stimulate class discussions.
• Next, the chapter addresses fraud. There is perhaps no area of greater controversyfor accountants than their responsibility to detect fraud. Part of the problem stemsfrom confusion about what constitutes fraud. This section distinguishes betweenmanagement fraud and employee fraud. The chapter presents techniques for identi-fying unethical and dishonest management and for assessing the risk of managementfraud. Employee fraud can be prevented and detected by a system of internal con-trols. The section discusses several fraud techniques that have been perpetrated inboth manual and computer-based environments. The results of a research study con-ducted by the Association of Certified Fraud Examiners as well as the provisions ofthe Sarbanes-Oxley Act are presented.
• The final section of the chapter describes the internal control structure and controlactivities specified in SAS 78/COSO. The control concepts discussed in this chapterare applied to specific applications in chapters that follow.
PART II: TRANSACTION CYCLES ANDBUSINESS PROCESSESChapter 4, ‘‘The Revenue Cycle’’; Chapter 5, ‘‘The Expenditure Cycle Part I:Purchases and Cash Disbursements Procedures’’; and Chapter 6, ‘‘The ExpenditureCycle Part II: Processing and Fixed Asset Procedures’’
The approach taken in all three chapters is similar. First, the business cycle is reviewedconceptually using data flow diagrams to present key features and control points ofeach major subsystem. At this point the reader has the choice of either continuingwithin the context of a manual environment or moving directly to computer-basedexamples. Each system is examined under two alternative technological approaches:
• Each system is first examined under automation. Automation preserves basic func-tionality by replacing manual processes with computer programs.
• Next, each system is reengineered to incorporate real-time technology. Reengineer-ing involves radically rethinking the business process and the work flow. The objec-tive of reengineering is to improve operational performance and reduce costs byidentifying and eliminating non–value-added tasks.
Under each technology, the effects on operational efficiency and internal controlsare examined. This approach provides the student with a solid understanding of thebusiness tasks in each cycle and an awareness of how different technologies influencechanges in the operation and control of the systems.
Chapter 7, ‘‘The Conversion Cycle’’
Manufacturing systems represent a dynamic aspect of AIS. Chapter 7 discusses thetechnologies and techniques used in support of two alternative manufacturing environ-ments: traditional mass production (batch) processing and lean manufacturing. Theseenvironments are driven by information technologies such as materials requirementsplanning (MRP), manufacturing resources planning (MRP II), and enterprise resourceplanning (ERP). The chapter addresses the shortcomings of the traditional cost account-ing model as it compares to two alternative models: activity-based costing (ABC) andvalue stream accounting.
Preface xxi
Chapter 8, ‘‘Financial Reporting and Management Reporting Systems’’
Chapter 8 examines an organization’s nondiscretionary and discretionary reportingsystems.
• First, it focuses on the general ledger system (GLS) and on the files that constitute aGLS database.
• Next, it examines how financial statement information is provided to both externaland internal users through a multistep reporting process. The emerging technologyof XBRL is changing traditional financial reporting for many organizations. Thekey features of XBRL and the internal control implications of this technology areconsidered.
• The chapter then looks at discretionary reporting systems that constitute the Man-agement Reporting System (MRS). Discretionary reporting is not subject to the pro-fessional guidelines and legal statutes that govern nondiscretionary financialreporting. Rather, it is driven by several factors, including management principles;management function, level, and decision type; problem structure; responsibilityaccounting; and behavioral considerations. The impact of each factor on the designof the management reporting system is investigated.
PART III: ADVANCED TECHNOLOGIES INACCOUNTING INFORMATIONChapter 9, ‘‘Database Management Systems’’
Chapter 9 addresses the design and management of an organization’s data resources.
• The first section demonstrates how problems associated with traditional flat-file sys-tems are resolved under the database approach.
• The second section describes in detail the functions and relationships among fourprimary elements of the database environment: the users, the database managementsystem (DBMS), the database administrator (DBA), and the physical database.
• The third section is devoted to an in-depth explanation of the characteristics of therelational database model. A number of database design topics are covered, includ-ing data modeling, deriving relational tables from ER diagrams, the creation of userviews, and data normalization techniques.
• The chapter concludes with a discussion of distributed database issues. It examinesthree possible database configurations in a distributed environment: centralized,partitioned, and replicated databases.
Chapter 10, ‘‘The REA Approach to Database Modeling’’
Chapter 10 presents the resources, events, and agents REA model as a means of speci-fying and designing accounting information systems that serve the needs of all userswithin an organization. The chapter is composed of five major sections.
• The chapter begins by defining the key elements of REA. The basic model employsa unique form of ER diagram called an REA diagram. The diagram consists of threeentity types (resources, events, and agents) and a set of associations linking them.
• Next the rules for developing an REA diagram are explained and illustrated indetail. An important aspect of the model is the concept of economic duality, whichspecifies that each economic event must be mirrored by an associated economicevent in the opposite direction.
• The chapter illustrates the development of an REA database for a hypothetical firmfollowing a multistep process called view modeling. The result of this process is anREA diagram for a single organizational function.
xxii Preface
• The chapter’s fourth section explains how multiple REA diagrams (revenue cycle,purchases, cash disbursements, and payroll) are integrated into a global orenterprisewide model. The enterprise model is then implemented into a relationaldatabase structure, and user views are constructed.
• The chapter concludes with a discussion of how REA modeling can improve com-petitive advantage by allowing management to focus on the value-added activitiesof their operations.
Chapter 11, ‘‘Enterprise Resource Planning Systems’’
Chapter 11 presents a number of issues related to the implementation of enterpriseresource planning (ERP) systems. It is composed of five major sections and anappendix.
• The first section outlines the key features of a generic ERP system by comparing thefunction and data storage techniques of a traditional flat-file or database system tothat of an ERP.
• The second section describes various ERP configurations related to servers, data-bases, and bolt-on software.
• Data warehousing is the topic of the third section. A data warehouse is a rela-tional or multidimensional database that supports online analytical processing(OLAP). Issues discussed include data modeling, data extraction from opera-tional databases, data cleansing, data transformation, and loading data into thewarehouse.
• The fourth section examines risks associated with ERP implementation. Theseinclude ‘‘big bang’’ issues, opposition to change within the organization, choosingthe wrong ERP model, choosing the wrong consultant, cost overrun issues, and dis-ruptions to operations.
• The fifth section reviews several control and auditing issues related to ERPs. Thediscussion follows the SAS 78/COSO framework.
• The chapter appendix provides a review of the leading ERP software products,including SAP, Oracle E-Business Suite, Oracle | PeopleSoft, JD Edwards,EnterpriseOne, SoftBrands, MAS 500, and Microsoft Dynamics.
Chapter 12, ‘‘Electronic Commerce Systems’’
Driven by the Internet revolution, electronic commerce is dramatically expanding andundergoing radical changes. Although electronic commerce has brought enormousopportunities for consumers and businesses, its effective implementation and controlpresent urgent challenges to organizations’ management teams and accountants. Toevaluate the potential exposures and risks in this environment properly, the modernaccountant must be familiar with the technologies and techniques that underlie elec-tronic commerce. Chapter 12 and its associated appendix deal with several aspects ofelectronic commerce.
• The body of the chapter examines Internet commerce including business-to-consumer and business-to-business relationships. It presents the risks associatedwith electronic commerce and reviews security and assurance techniques to reducerisk and promote trust.
• The chapter concludes with a discussion of how Internet commerce impacts theaccounting and auditing profession.
• The internal usage of networks to support distributed data processing and traditionalbusiness-to-business transactions conducted via EDI systems are presented in theappendix.
Preface xxiii
PART IV: SYSTEMS DEVELOPMENT ACTIVITIESChapter 13, ‘‘Managing the Systems Development Life Cycle,’’ andChapter 14, ‘‘Construct, Deliver, and Maintain Systems Projects’’
The chapters in Part IV examine the accountant’s role in the systems developmentprocess.
• Chapter 13 begins with an overview to the systems development life cycle (SDLC).This multistage process guides organization management through the developmentand/or purchase of information systems.
• Next, Chapter 13 presents the key issues pertaining to developing a systems strat-egy, including its relationship to the strategic business plan, the current legacy situa-tion, and feedback from the user community. The chapter provides a methodologyfor assessing the feasibility of proposed projects and for selecting individual projectsto go forward for construction and delivery to their users.
• The chapter concludes by reviewing the role of accountants in managing the SDLC.
• Chapter 14 covers the many activities associated with in-house development, whichfall conceptually into two categories: (1) constructing the system and (2) deliveringthe system. Through these activities, systems selected in the project initiation phase(discussed in Chapter 13) are designed in detail and implemented. This involves cre-ating input screen formats, output report layouts, database structures, and applicationlogic. Finally, the completed system is tested, documented, and rolled out to theuser.
• Chapter 14 then examines the increasingly important option of using commercialsoftware packages. Conceptually, the commercial software approach also consistsof construct and delivery activities. In this section we examine the pros, cons, andissues involved in selecting off-the-shelf systems.
• Chapter 14 also addresses the important activities associated with systems mainte-nance and the associated risks that are important to managers, accountants, andauditors.Several comprehensive cases designed as team-based systems development projects
are available online at www.cengage.com/accounting/hall. These cases have been usedeffectively by groups of three or four students working as a design team. Each case hassufficient details to allow analysis of user needs, preparation of a conceptual solution,and the development of a detailed design, including user views (input and output),processes, and databases.
PART V: COMPUTER CONTROLS AND AUDITINGChapter 15, ‘‘IT Controls Part I: Sarbanes-Oxley and IT Governance’’
Chapter 15 provides an overview of management and auditor responsibilities underSections 302 and 404 of the Sarbanes-Oxley Act (SOX). The design, implementation,and assessment of internal control over the financial reporting process form the centraltheme for this chapter and the two chapters that follow. This treatment of internal con-trol complies with SAS 78 and the Committee of Sponsoring Organizations of theTreadway Commission (COSO) control framework. Under the SAS 78/COSO model,IT controls are divided into application controls and general controls. Chapter 15presents risks, controls, and tests of controls related to IT governance, including organ-izing the IT function, controlling computer center operations, designing an adequatedisaster recovery plan, and IT outsourcing.
Chapter 16, ‘‘IT Controls Part II: Security and Access’’
xxiv Preface
Chapter 16 continues the treatment of IT controls as described by the SAS 78/COSOcontrol framework. The focus of the chapter is on SOX compliance regarding the secu-rity and control of operating systems, database management systems, and communica-tion networks. This chapter examines the risks, controls, audit objectives, and tests ofcontrols that may be performed to satisfy either compliance or attest responsibilities.
Chapter 17, ‘‘IT Controls Part III: Systems Development, Program Changes, andApplication Controls’’
Chapter 17 concludes the examination of IT controls as outlined in the SAS 78/COSOcontrol framework. The chapter focuses on SOX compliance regarding systems devel-opment, program changes, and applications controls. It examines the risks, controls,audit objectives, and tests of controls that may be performed to satisfy compliance orattest responsibilities. The chapter examines five computer-assisted audit tools andtechniques (CAATT) for testing application controls:
• the test data method
• base case system evaluation
• tracing
• integrated test facility
• parallel simulation
It also reviews two substantive testing techniques: embedded audit modules andgeneralized audit software.
SUPPLEMENTS
Product WebsiteAdditional teaching and learning resources, including access to additional internal con-trol and systems development cases, are available by download from the book’s web-site at http://academic.cengage.com.
PowerPoint¤ SlidesThe PowerPoint¤ slides, prepared and completely updated by Patrick Wheeler of theUniversity of Missouri, provide colorful lecture outlines of each chapter of the text,incorporating text graphics and flowcharts where needed. The PowerPoint¤ presenta-tion is available for download from the text website.
Test BankThe Test Bank, available in Word and written and updated by the text author, containstrue/false, multiple-choice, short answer, and essay questions. The files are availablefor download from the text website.
Solutions ManualThe Solutions Manual, written by the author, contains solutions to all end-of-chapterproblems and cases. Adopting instructors may download the Solutions Manual underpassword protection at the Instructor’s Resource page of the book’s website.
Preface xxv
Acknowledgments
Iwant to thank the Institute of Internal Auditors, Inc., and the Institute of Certified
Management Accountants, for permission to use problem materials from pastexaminations. I would also like to thank Dave Hinrichs, my colleague at Lehigh
University, for his careful work on the text and the verification of the Solutions Manualfor this edition.
I am grateful to the following people for reviewing the book in recent editions andfor providing helpful comments:
Beth BrilliantKean University
Kevin E. DowKent State University
H.P. GarsombkeUniversity of Nebraska, Omaha
Alan LevitanUniversity of Louisville
Sakthi MahenthiranButler University
Jeff L. PayneUniversity of Kentucky
Sarah BrownSouthern Arkansas University
H. Sam RinerUniversity of North Alabama
David M. CannonGrand Valley State University
Helen M. SavageYoungstown State University
James HolmesUniversity of Kentucky
Jerry D. SiebelUniversity of South Florida
Frank IlettBoise State University
Richard M. SokolowskiTeikyo Post University
Andrew D. LuziCalifornia State University, Fullerton
Patrick WheelerUniversity of Missouri, Columbia
Srini RagothamanUniversity of South Dakota
James A. HallLehigh University
xxvi
Dedication
To my wife Eileen, and my children Elizabeth and Katie
xxvii