Accounting Information System

Prepared by: ARNEL C. MAGHINAY, RN, Ph.D.

1
 4
1

Documentation

Loan Servicing
Accounting Information
System System
Carnit
Arnel C.George B. RN,
Maghinay, Cordova
Ph.D.

Documentation explains how a system works, including the who, what, when, where, why, and how of data
entry, data processing, data storage, information output, and system controls.
Popular means of documenting a system include diagrams, flowcharts, tables, and other graphical
representations of data and information. These are supplemented by a narrative
description of the system, a written step-by-step explanation of system components and interactions. In this
chapter, we explain three common systems documentation tools: data flow
diagrams, flowcharts, and business process diagrams. Documentation tools are important on the following
levels:
1. At a minimum, you must be able to read documentation to determine how a system works.
2. You may need to evaluate documentation to identify internal control strengths and weaknesses and
recommend improvements as well as to determine if a proposed system meets the company’s needs.
3. More skill is needed to prepare documentation that shows how an existing or proposed system operates.

2
 Types of Documentation

Accounting Information System

Arnel C. Maghinay, RN, Ph.D.

1. Data flow diagram (DFD), a graphical description of data sources, data flows, transformation processes,
data storage, and data destinations
2. Flowchart, which is a graphical description of a system. There are several types of flow charts, including:
a. Document flowchart
b. System flowchart
c. Program flowchart
3. Business Process diagrams, which are graphical descriptions of the business processes used by a company

3
 Types of Flow Chart

Accounting Information System

Arnel C. Maghinay, RN, Ph.D.

a. Document flowchart, which shows the flow of documents and information between departments or areas
of responsibility
b. System flowchart, which shows the relationship among the input, processing, and output in an information
system
c. Program flowchart, which shows the sequence of logical operations a computer performs as it executes a
program.

4
 Data Flow
Diagram

Accounting Information System

Arnel C. Maghinay, RN, Ph.D.

The data flow diagram figure shows the process flow of the data from account creation, to the encoding of the
healthcare process until the creation of the report. It also shows the different entities involved before and after the
process. And finally, it also shows the repositories of the data where all the information has been saved.

5
 Business
Process
Diagram

Accounting Information System

Arnel C. Maghinay, RN, Ph.D.

In this figure, the business process diagram shows how the e-commerce platform perform its operation in conducting the
business. It shows how the e-commerce process perform in generating possible revenue, determine its competitive
advantage, identify the different products suited for the business and determine the type of business activities or process
in deploying the product and services.

6
 Business Process Diagram
Accounting Information System
Arnel C. Maghinay, RN, Ph.D.

In this figure, it shows how the members can avail of the cashless purchasing of items (grocery) using the e-wallet from
the loan management of the cooperative. Members can take advantage of using the platform by purchasing it online and
will the option to be delivered from or pick up to the grocery store.

7
 Data Flow Diagram Symbols

Accounting Information System

Arnel C. Maghinay, RN, Ph.D.

1. A data source and a data destination are entities that send or receive data that the system uses or
produces. An entity can be both a source and a destination.
2. A data flow is the movement of data among processes, stores, sources, and destinations. Data that pass
between data stores and a source or destination must go through a data transformationprocess.
3. Processes represent the transformation of data from inputs to outputs
4. A data store is a repository of data.
5. Internal Controls. The processes and procedures implemented within a business organization to provide
reasonable assurance that data is processed correctly, assets and information are safeguarded, and
applicable laws are followed.

8
 Document Flowchart

Accounting Information System

Arnel C. Maghinay, RN, Ph.D.

9
Broken line may indicate correction/rejection routine or it could be a data transfer which is checking or reading.

10
 Business Process Diagram Sybols

Accounting Information System

Arnel C. Maghinay, RN, Ph.D.

11
12
 Database and Files

Accounting Information System

Arnel C. Maghinay, RN, Ph.D.

• To appreciate the power of databases, it is important to understand how data are stored in computer
systems.
• Information about the attributes of a customer, such as name and address, are stored in fields. All the fields
containing data about one entity form a record. A set of related records, such as all customer records, forms
a file. A set of interrelated, centrally coordinated data files that are stored with as little data redundancy as
possible forms a database. A database consolidates records previously stored in separate files into a
common pool and serves a variety of users and data processing applications.
• Databases were developed to address the proliferation of master files. For many years, companies created
new files and programs each time a need for information arose.

13
 Basic Elements of Data Hierarchy

Accounting Information System

Arnel C. Maghinay, RN, Ph.D.

14
 Database Management System (DBMS)

Accounting Information System

Arnel C. Maghinay, RN, Ph.D.

A database management system (DBMS) is the program that manages and controls the data and the interfaces between
the data and the application programs that use the data stored in the database. The database, the DBMS, and the
application programs that access the database through the DBMS are referred to as the database system. The database
administrator (DBA) is responsible for coordinating, controlling, and managing the database.

15
 Using Data Warehouses For Business Intelligence

A data warehouse is one

or more very large
databases containing
both detailed and
summarized data for a
number of years that is
used for analysis rather
than transaction
processing.

Accounting Information System

Arnel C. Maghinay, RN, Ph.D.

• In today’s fast-paced global economy, management must constantly reevaluate financial and operating
performance in light of strategic goals and quickly alter plans as needed. Since strategic decision making
requires access to large amounts of historical data, organizations are building separate databases called data
warehouses.
• It is not unusual for data warehouses to contain hundreds or thousands of terabytes of data.
• Data warehouses do not replace transaction processing databases; they complement them by providing
support for strategic decision making. Since data warehouses are not used for transaction processing, they
are usually updated periodically rather than in real time. Whereas transaction processing databases
minimize redundancy and maximize the efficiency of updating them to reflect the results of current
transactions, data warehouses are purposely redundant to maximize query efficiency.

16
 Business Intelligence

Accounting Information System

Arnel C. Maghinay, RN, Ph.D.

• Business Intelligence is analyzing large amounts of data for strategic decision making
• Online analytical processing (OLAP) is using queries to investigate hypothesized relationships among data. F
or example, a manager may analyze supplier purchases for the last 3 years, followed by additional queries
that “drill down” to lower levels by grouping purchases by item number and by fiscal period.
• Data mining is using sophisticated statistical analysis, including artificial intelligence techniques such as
neural networks, to “discover” unhypothesized relationships in the data. For example, credit card companies
use data mining to identify usage patterns indicative of fraud. Similarly, data mining techniques can identify
previously unknown relationships in sales data that can be used in future promotions.

17
 The Advantages Of Database Systems

Accounting Information System

Arnel C. Maghinay, RN, Ph.D.

1. Data integration. Master files are combined into large “pools” of data that many application programs
access. An example is an employee database that consolidates payroll, personnel, and job skills master files.
2. Data sharing. Integrated data are more easily shared with authorized users. Databases are easily browsed
to research a problem or obtain detailed information underlying a report.
3. Minimal data redundancy and data inconsistencies. Because data items are usually stored only once, data
redundancy and data inconsistencies are minimized.
4. Data independence. Because data and the programs that use them are independent of each other, each
can be changed without changing the other. This facilitates programming and simplifies data management.
5. Cross-functional analysis. In a database system, relationships, such as the association between selling costs
and promotional campaigns, can be explicitly defined and used in the preparation of management reports.

18
 Data Dictionary

Accounting Information System

Arnel C. Maghinay, RN, Ph.D.

• A data dictionary contains information about the structure of the database.

• The DBMS maintains the data dictionary, whose inputs include new or deleted data elements and changes in
data element names, descriptions, or uses.

19
 Types of Attributes

Primary Key
Foreign Key

Accounting Information System

Arnel C. Maghinay, RN, Ph.D.

• A primary key is the database attribute, or combination of attributes, that uniquely identifies a specific row
in a table.
• A foreign key is an attribute in a table that is also a primary key in another table and is used to link the two
tables.

20
This is an example of an ERD or entity relationship diagram. It describes interconnected items of interest in a certain field
of expertise. An ER model is made up of entity types that define the relationships that can exist between them. It also
shows the relationship of the tables and how the primary key and foreign was used to interconnect the other tables.

21
 Basic Requirements of a Relational Database

1. Every column in a row must be single valued.

2. Primary keys cannot be null
3. Foreign keys, if not null, must have values that
correspond to the value of a primary key in
another table
4. All non-key attributes in a table must describe a
characteristic of the object identified by the
primary key

Accounting Information System

Arnel C. Maghinay, RN, Ph.D.

1. Every column in a row must be single valued. In a relational database, there can only be one value per cell.
2. Primary keys cannot be null. A primary key cannot uniquely identify a row in a table if it is null (blank). A
nonnull primary key ensures that every row in a table represents something and that it can be identified.
This is referred to as the entity integrity rule.
3. Foreign keys, if not null, must have values that correspond to the value of a primary key in another table.
Foreign keys link rows in one table to rows in another table.
4. All non-key attributes in a table must describe a characteristic of the object identified by the primary key.
Most tables contain other attributes in addition to the primary and foreign keys.

These four constraints produce a well-structured (normalized) database in which data are consistent and data
redundancy is minimized and controlled. The referential integrity rule ensures that
there are no update anomaly problems with the foreign keys. Relational databases also simplify data deletion.

22
 Introduction to SQL

SQL is a standard language for accessing and

manipulating databases.

Accounting Information System

Arnel C. Maghinay, RN, Ph.D.

23
 What is SQL?
• SQL stands for Structured
Query Language
• SQL lets you access and
manipulate databases
• SQL became a standard of
the American National
Standards Institute (ANSI) in
1986, and of the International
Organization for
Standardization (ISO) in 1987

Accounting Information System

Arnel C. Maghinay, RN, Ph.D.

24
 What Can SQL do?
1. SQL can execute queries against a database
2. SQL can retrieve data from a database
3. SQL can insert records in a database
4. SQL can update records in a database
5. SQL can delete records from a database

Accounting Information System

Arnel C. Maghinay, RN, Ph.D.

25
 What Can SQL do?
6. SQL can create new databases
7. SQL can create new tables in a database
8. SQL can create stored procedures in a database
9. SQL can create views in a database
10.SQL can set permissions on tables, procedures,
and views

Accounting Information System

Arnel C. Maghinay, RN, Ph.D.

26
 Computer Attacks and Abuse

Accounting Information System

Arnel C. Maghinay, RN, Ph.D.

• All computers connected to the Internet, especially those with important trade secrets or valuable IT assets,
are under constant attack from hackers, foreign governments, terrorist groups, disaffected employees,
industrial spies, and competitors. These people attack computers looking for valuable data or trying to harm
the computer system.
• In a recent survey, 70% of security professionals expected their organizations to be hit by a cyber-attack in
the next six months. A separate survey found that, in the near future, 61% of technology experts expect a
major cyber-attack that will cause significant loss of life or property losses in the tens of billions of dollars.
This means that preventing attacks is a constant battle.

27
 Computer Attacks and Abuse

Accounting Information System

Arnel C. Maghinay, RN, Ph.D.

• Hacking is the unauthorized access, modification, or use of an electronic device or some element of a
computer system. Most hackers break into systems using known flaws in operating systems or application
programs, or as a result of poor access controls.
• Hijacking is gaining control of a computer to carry out illicit activities without the user’s knowledge. A
botnet, short for robot network, is a powerful network of hijacked computers, called zombies, that are used
to attack systems or spread malware.
• denial-of-service (DoS) attack, is designed to make a resource unavailable to its users. In an e-mail DoS
attack, so many e-mails are received, often from randomly generated false addresses, that the Internet
service provider’s e-mail server is overloaded and shuts down.
• Spamming is simultaneously sending the same unsolicited message to many people at the same time, often
in an attempt to sell something.

28
 Computer Attacks and Abuse

Accounting Information System

Arnel C. Maghinay, RN, Ph.D.

• dictionary attack-Using special software to guess company e-mail addresses and send them blank e-mail
messages. Unreturned messages are usually valid e-mail addresses that can be added to spammer e-mail
lists.
• splog-Spam blogs created to increase a website’s Google PageRank, which is how often a web page is
referenced by other web pages.
• spoofing-Altering some part of an electronic communication to make it look as if someone else sent the
communication in order to gain the trust of the recipient.
• e-mail spoofing-Making a sender address and other parts of an e-mail header appear as though the e-mail
originated from a different source.

29
 Computer Attacks and Abuse

Accounting Information System

Arnel C. Maghinay, RN, Ph.D.

• caller ID spoofing-Displaying an incorrect number on the recipient’s caller ID display to hide the caller’s
identity.
• IP address spoofing-Creating Internet Protocol packets with a forged IP address to hide the sender’s identity
or to impersonate another computer system.
• zero-day attack-An attack between the time a new software vulnerability is discovered and “released into
the wild” and the time a software developer releases a patch to fix the problem.
• SQL injection (insertion) attack- Inserting a malicious SQL query in input such that it is passed to and
executed by an application program. This allows a hacker to convince the application to run SQL code that it
was not intended to execute.

30
 Computer Attacks and Abuse

Accounting Information System

Arnel C. Maghinay, RN, Ph.D.

• war driving - Driving around looking for unprotected home or corporate

• cyber-bullying - Using computer technology to support deliberate, repeated, and hostile behavior that
torments, threatens, harasses, humiliates, embarrasses, or otherwise harms another person. wireless
networks.
• Sexting - Exchanging sexually explicit text messages and revealing pictures with other people, usually by
means of a phone.
• software piracy - The unauthorized copying or distribution of copyrighted software.

31
 Social Engineering

Accounting Information System

Arnel C. Maghinay, RN, Ph.D.

social engineering - The techniques or psychological tricks used to get people to comply with the perpetrator’s wishes in
order to gain physical or logical access to a building, computer, server, or network. It is usually to get the information
needed to obtain confidential data.

32
 Seven (7) Human Traits to Entice a Person to Reveal Information

Accounting Information System

Arnel C. Maghinay, RN, Ph.D.

1. Compassion—The desire to help others who present themselves as really needing your help.
2. Greed—People are more likely to cooperate if they get something free or think they are getting a once-in-a-lifetime
deal.
3. Sex Appeal—People are more likely to cooperate with someone who is flirtatious or viewed as “hot.”
4. Sloth—Few people want to do things the hard way, waste time, or do something unpleasant; fraudsters take
advantage of our lazy habits and tendencies.
5. Trust—People are more likely to cooperate with people who gain their trust.
6. Urgency—A sense of urgency or immediate need that must be met leads people to be more cooperative and
accommodating.
7. Vanity—People are more likely to cooperate if you appeal to their vanity by telling them they are going to be more
popular or successful.

33
 Policies and Procedures to Help Minimize Social Engineering

1. Never let people follow you into a restricted

building.
2. Never log in for someone else on a computer,
especially if you have administrative access.
3. Never give sensitive information over the phone
or through e-mail.
4. Never share passwords or user IDs.
5. Be cautious of anyone you do not know who is
trying to gain access through you.

Accounting Information System

Arnel C. Maghinay, RN, Ph.D.

34
 4 “ The websites that are the most
dangerous fraud and security
“
risks are porn sites and
software-sharing sites.

Loan Servicing
Accounting Information
System System
Carnit
Arnel C.George B. RN,
Maghinay, Cordova
Ph.D.

35
 4 “ Close behind are social
networks such as Facebook,
“
making social media the new
fraud frontier.

Loan Servicing
Accounting Information
System System
Carnit
Arnel C.George B. RN,
Maghinay, Cordova
Ph.D.

Social media is the new fraud frontier because of the following reasons:
1. First, people are more likely to disclose personal information to “friends” on social networks.
2. Second, many people do not properly protect the information they post on social network sites.
3. Third, people use the same password since remembering separate passwords for every site is too much hassle.
4. Facebook fraudsters also use a variety of phishing attempts disguised as Facebook games or widgets that require
personal information to be disclosed. For example, suppose someone challenged you to find out who knows you best
by posting
5. Another approach is to send a message that says, “Look at the funny video I found of you.” When the link is clicked, a
message tells you to update your video player. Without adequate security software, clicking on the update installs
malware that captures data on the websites you visit and your sign-in and password information.

36
 Social Engineering Issues

Accounting Information System

Arnel C. Maghinay, RN, Ph.D.

1. phishing-Sending an electronic message pretending to be a legitimate company, usually a financial institution, and
requesting information or verification of information and often warning of a consequence if it is not provided. The
request is bogus, and the information gathered is used to commit identity theft or to steal funds from the victim’s
account.
2. Malware is the collective name for a number of malicious software variants, including viruses, ransomware and
spyware.
3. spyware-Software that secretly monitors computer usage, collects personal information about users, and sends it to
someone else, often without the computer user’s permission.
4. adware-Spyware that causes banner ads to pop up on a monitor, collects information about the user’s web-surfing
and spending habits, and forwards it to the adware creator, often an advertising or media organization. Adware
usually comes bundled with freeware and shareware downloaded from the Internet.
5. ransomware-Software that encrypts programs and data until a ransom is paid to remove it.
6. keylogger-Software that records computer activity, such as a user’s keystrokes, e-mails sent and received, websites
visited, and chat session participation.
7. Trojan horse-A set of unauthorized computer instructions in an authorized and otherwise properly functioning

37
program.

37
 Social Engineering Issues

Accounting Information System

Arnel C. Maghinay, RN, Ph.D.

1. time bomb/logic bomb-A program that lies idle until some specified circumstance or a particular time triggers it.
Once triggered, the program sabotages the system by destroying programs or data.
2. trap door/back door-A set of computer instructions that allows a user to bypass the system’s normal controls.
3. packet sniffers-Programs that capture data from information packets as they travel over the Internet or company
networks. Captured data is sifted to find confidential or proprietary information.
4. steganography program-A program that can merge confidential information with a seemingly harmless file, password
protect the file, and send it anywhere in the world, where the file is unlocked and the confidential information is
reassembled. The host file can still be heard or viewed because humans are not sensitive enough to pick up the slight
decrease in image or sound quality.
5. worm-Similar to a virus, except that it is a program rather than a code segment hidden in a host program. A worm
also copies itself automatically and actively transmits itself directly to other systems.

38
 Keeping your Computer Virus Free
1. Install reputable and reliable antivirus software
that scans for, identifies, and destroys viruses. Use
only one antivirus program; multiple programs
conflict with each other.
2. Do not fall for ads touting free antivirus software;
much of it is fake and contains malware.
3. Do not fall for pop-up notices that warn of
horrible threats and offer a free scan of your
computer.

Accounting Information System

Arnel C. Maghinay, RN, Ph.D.

39
 Keeping your Computer Virus Free
4. Make sure that the latest versions of the antivirus
programs are used.
5. Scan all incoming e-mail for viruses at the server
level as well as at users’ desktops.
6. All software should be certified as virus-free
before you load it into the system.

Accounting Information System

Arnel C. Maghinay, RN, Ph.D.

40
 Keeping your Computer Virus Free
7. Check new software on an isolated machine
with virus detection software.
8. Have two backups of all files.
9. If you use flash drives, do not put them in strange
machines; they may become infected.

Accounting Information System

Arnel C. Maghinay, RN, Ph.D.

41
 Thank You
Any Questions?

Accounting Information System

Arnel C. Maghinay, RN, Ph.D.

42