MODULE 1
Introduction to Accounting information
System
INFORMATION SYSTEM - is a collection of
people, procedures, software hardware and
data which works together to provide
information essential to running an
organization.
What are parts of an Information System?
1. PEOPLE – this are primarily the end users
working to increase their productivity. It
usually uses hardware and software to solve
information-related or decision making
problems.
2. PROCEDURES – This are manuals and
guidelines that instruct end users on how to
use the software and hardware.
3. SOFTWARE – this are programs that tell
the computer on how to process data.
Kinds of Software:
System Software – this are background
software that helps computer mange it’s
internal resources. Example are Microsoft
Windows, GNU/linux , macOS and Android.
Application Software – it is a computer
program designed to help people perform an
activity.
Basic application software includes:
➢ Browsers – navigate, explore,
find information on the Internet
➢ Word processor – prepare
written documents
➢ Spreadsheet – analyze and
summarize numerical data
➢ Database management
system – organize and manage
data and information
➢ Presentation graphics –
communicate a message or
persuade other people
Advanced application software incl:
➢ Multimedia – integrate video,
music, voice, and graphics to
create interactive presentations.
➢ Web publishers – create
interactive multi-media Web
pages
➢ Graphics programs – create
professional publications, draw,
edit and modify images
➢ Virtual reality –create realistic
three dimensional virtual or
simulated environments
➢ Artificial intelligence –
simulated human thought
processes and actions
➢ Project managers – plan
projects, schedule, people, and
control resources
4. HARDWARE – this consist of input devices,
the system units, secondary storage, output
devices, and communication devices.
▪ Input devices includes keyboard and
mouse
▪ System unit includes CPU or Central
Processing Unit. This manipulates
data to produce information
▪ Memory or Primary Storage- holds
data, program instructions and
processed data
▪ Secondary Storage – store data and
programs example are flash drive, hard
disk Optical disk
▪ Output devices includes monitor
which display results and printer
which prints images on paper
▪ Communication devices –these send
and receive data and programs from
computer to another. A device that
connects a microcomputer to a
telephone is modem.
5. DATA - is a raw material for data
processing. These consist of numbers, letters
and symbols and relates to facts, events and
transactions. Data describes something and
is typically stored electronically in a file. A file
is a collection of characters organized as a
single unit.
Common types of files are:
▪ Documents – Letters, research papers,
and memoranda.
▪ Worksheet – budget analyses, sales
projections
▪ Database- structured and organized
data.
ACCOUNTING INFORMATION SYSTEM - It
is an information system which will generate
reliable financial information needed by the
users or decision makers in a timely manner.
Objectives of accounting information
system:
1. To process the information efficiently at the
least cost (cost benefit principle
2. To protect entity’s assets, to ensure that
data are reliable, and to minimize wastes and
possibility of theft or fraud (control principle)
3. To be in harmony with the entity’s
organizational and human factors
(compatibility principle)
4. To be able to accommodate growth in the
volume of transactions and for organizational
changes (flexibility principle)
IT – CHAPTER 1
BUSINESS PROCESS - is a prescribed
sequence of work steps performed in order to
produce a desired result for the organization.
A business process is initiated by a particular
kind of event, has a well-defined beginning
and end, and is usually completed in a
relatively short period.
INTERNAL CONTROL - are the set of
procedures and policies adopted within an
organization to safeguard its assets, check
the accuracy and reliability of its data,
promote operational efficiency, and
encourage adherence to prescribed
managerial practices.
ACCOUNTING INFORMATION SYSTEM -
comprises the processes, procedures, and
Systems that capture accounting data from
business processes; record the Accounting
data in the appropriate records; process the
detailed accounting data By classifying,
summarizing, and consolidating; and report
the summarized Accounting data to internal
and external users.
As defined earlier, internal controls are the
set of procedures and policies adopted within
an organization to safeguard its assets, check
the accuracy and reliability of its data,
promote operational efficiency, and
encourage adherence to prescribed
managerial practices.
VENDOR - provides materials or operating
supplies to an organization.
SUPPLY CHAIN - is the entities, processes,
and information flows that involve the
movement of materials, funds, and related
information through the full logistics process,
from the acquisition of raw materials to the
delivery of finished products to the end user.
The supply chain includes all vendors, service
providers, customers, and intermediaries.
SUPPLY CHAIN MANAGEMENT - is the
organization and control of all materials,
funds, and related information in the logistics
process, from the acquisition of raw materials
to the delivery of finished products to the end
user (customer).
INFORMATION TECHNOLOGY - is defined
as the computers, ancillary equipment,
software, services, and related resources as
applied to support business processes.
BUSINESS PROCESS REENGINEERING
(BPR) - is the purposeful and organized
changing of business processes to make them
more efficient.
BINARY DIGIT (bit) - is the smallest unit of
information in a computer system. A bit can
have only one of two values: zero or one.
BYTE - is a unit of storage that represents one
character. In most computer systems, a byte
is made up of eight bits. For example, the
character “A” would be represented in a
computer system by a set of eight bits. Every
character, including letters, numbers, and
symbols, are represented by a byte.
FIELD – is one item within a record. For
example, last name is a field in a payroll
record, and description is a field in an
inventory record.
RECORD - is a set of related fields for the
same entity. All fields for a given employee
form a payroll record. Such fields would be
employee number, last name, first name,
Social Security number, pay rate, and year-
to-date gross pay.
FILE - The entire set of related records form a
file.
DATABASE - is a collection of data stored on
the computer in a form that allows the data to
be easily accessed, retrieved, manipulated,
and stored. The term database usually
implies a shared database within the
organization.
RELATIONAL DATABASE - stores data in
several small two-dimensional tables that can
be joined together in many varying ways to
represent many different kinds of
relationships among the data.
MASTER FILE - are the relatively permanent
files that maintain the detailed data for each
major process.
TRANSACTION FILE - is the set of relatively
temporary records that will be processed to
update the master file.
SEQUENTIAL ACCESS FILES - store records
in sequence, with one record stored
immediately after another. The sequence is
usually based on a key field such as employee
number or customer number.
RANDOM ACCESS FILES - (sometimes called
direct access files) are not written or read in
sequential order. The records are stored in
random order on a disk media.
INDEXED SEQUENTIAL ACCESS METHOD
(ISAM) – ISAM files are stored sequentially,
but can also be accessed randomly because
an index allows random access to specific
records.
BATCH PROCESSING - requires that all
similar transactions be grouped together for a
specified time; then this group of transactions
is processed as a batch.
ONLINE PROCESSING - is the opposite of
batch processing. Transactions are not
grouped into batches, but each transaction is
entered and processed one at a time.
REAL-TIME PROCESSING SYSTEM -
meaning that the transaction is processed
immediately, and in real time, so that the
output is available immediately.
DATA WAREHOUSE - is an integrated
collection of enterprise-wide data that
includes five to ten fiscal years of nonvolatile
data, used to support management in
decision making and planning.
OPERATIONAL DATABASE - contains the
data that are continually updated as
transactions are processed.
DATA MINING - is the process of searching
data within the data warehouse for
identifiable patterns that can be used to
predict future behavior.
NETWORK - is two or more computers linked
together to share information and/or
resources.
LAN - is a computer network that spans a
relatively small area. Most LANs are confined
to a single building or group of buildings and
are intended to connect computers within an
organization. However, one LAN can be
connected to other LANs over any distance via
other network connections.
WAN - a system of LANs connected in this way
is called a WAN, or wide area network.
INTERNET - is the global computer network,
or “information super-highway.” The Internet
is the network that serves as the backbone for
the World Wide Web (WWW).
INTRANET - is a company’s private network
accessible only to the employees of that
company.
EXTRANET - is similar to an intranet except
that it offers access to selected outsiders,
such as buyers, suppliers, distributors, and
wholesalers in the supply chain.
E-BUSINESS - is the use of electronic means
to enhance business processes. E-business
encompasses all forms of online electronic
trading — consumer-based e-commerce and
business-to-business transactions, as well as
the use of IT for process integration inside
organizations.
EXAMPLES OF IT ENABLEMENT
ELECTRONIC DATA INTERCHANGE (EDI) -
is the intercompany, computer-to-computer
transfer of business documents in a standard
business format.
POINT OF SALE SYSTEM (POS) - is a system
of hardware and software that captures retail
sales transactions by standard bar coding.
AUTOMATED MATCHING - is a computer
hardware and software system in which the
software matches an invoice to its related
purchase order and receiving report.
EVALUATED RECEIPT SETTLEMENT (ERS)
- is an invoice-less system in which computer
hardware and software complete an invoice-
less match comparing the purchase order
with the goods received.
E-PAYABLES AND ELECTRONIC INVOICE
PRESENTMENT AND PAYMENT (EIPP) - are
both terms that refer to Web-enabled receipt
and payment of vendor invoices. EIPP enables
a vendor to present an invoice to its trading
partner via the Internet, eliminating the
paper, printing, and postage costs of
traditional paper invoicing.
ENTERPRISE RESOURCE PLANNING
SYSTEMS (ERP) - is a multi-module software
system designed to manage all aspects of an
enterprise.
ENTERPRISE RISK MANAGEMENT (ERM) –
is a process, effected by an entity’s board of
directors, management and other personnel,
applied in strategy setting and across the
enterprise, designed to identify potential
events that may affect the entity, and manage
risk to be within its risk appetite, to provide
reasonable assurance regarding the
achievement of entity objectives.
IT – CHAPTER 2
TYPES OF ACCOUNTING INFORMATION
SYSTEMS
MANUAL SYSTEMS - Certainly, most large or
medium-size organizations use computerized
accounting systems rather than manual
record-keeping systems. However, there are
many small organizations that use manual
systems, in whole or in part, to maintain
accounting records.
SOURCE DOCUMENTS - is a record that
captures the key data of a transaction.
TURNAROUND DOCUMENT - is an output of
the accounting system that can be used as an
input in a different part of the accounting
system.
GENERAL LEDGER - provides details for the
entire set of accounts used in the
organization’s accounting systems.
GENERAL JOURNAL - is the place of original
entry for any transactions that are not
recorded in special journals.
SPECIAL JOURNAL - are established to
record specific types of transactions.
SUBSIDIARY LEDGER - maintain detailed
information regarding routine transactions,
with an account established for each entity.
LEGACY SYSTEMS - is an existing system in
operation within an organization.
SCREEN SCRAPERS - or frontware, which
add modern, user friendly screen interfaces to
legacy systems. There are limitations to this
approach, because mainframe systems are
not efficient as newer technology at handling
data entry by multiple, simultaneous users.
ENTERPRISE APPLICATION INTEGRATION
(EAI) - is a set of processes, software and
hardware tools, methodologies and
technologies to integrate software systems.
MODERN, INTEGRATED SYSTEMS - In
today’s AIS environment, numerous
accounting software systems are available for
purchase that integrate many or all of the
business processes within an organization.
CLIENT-SERVER COMPUTING - means that
there are two types of computers networked
together to accomplish the application
processing.
CLOUD COMPUTING - a more centralized
approach to IT. Because of its many
applications, there may be no single, accepted
definition of cloud computing.
SOFTWARE AS A SERVICE (SaaS) -
software that resides in the cloud.
DATABASE AS A SERVICE (Daas) - online buying and selling. A major difference
databases that reside in the cloud.
PLATFORM AS A SERVICE (PaaS) -
Sometimes the database is combined with an
operating system, and it is referred to as
Platform as a Service.
INFRASTRUCTURE AS A SERVICE (IaaS) –
the computer infrastructure in the cloud.
Infrastructure is the actual computer servers,
drives on which data are stored, and the
networking components.
SERVICE LEVEL AGREEMENT (SLA) – a
company that wishes to buy cloud computing
services enters into an agreement with a
cloud computing provider. This agreement, or
contract, is called a Service Level Agreement.
SCALABILITY - as a company grows, it can
easily purchase new capacity from the cloud
provider.
EXPANDED ACCESS - once the software and
data are stored in the cloud, it can be
accessed by multiple devices from many
different locations.
INFRASTRUCTURE IS REDUCED - The
company has a reduced need for servers and
data storage, since most of these resources
are provided by the cloud provider. This also
means that the cloud provider provides data
security and backup of data.
COST SAVINGS - because of the detailed
advantages, there are usually significant cost
savings recognized from cloud computing.
BAR CODE - is a printed code consisting of a
series of vertical, machine-readable,
rectangular bars and spaces that vary in
width and are arranged in a specific way to
represent letters, numbers, and other
human-readable symbols.
E-COMMERCE - whereas e-commerce is a
type of e-business that is specific to consumer
between EDI and e-business (including e-
commerce) is that EDI uses dedicated
networks, while e-business uses the Internet.
TRADING PARTNER DOCUMENTS - such as
checks, invoices, and statements.

INTERNAL DOCUMENTS - are another form

of output from an accounting information
system. Examples of internal documents
include credit memorandums, receiving
reports, production routing documents, and
production scheduling documents. These
documents may be printed paper forms, or
they may be in the form of screen outputs
viewed on the user’s computer.

DATA FLOW DIAGRAMS (DFD) - is used by

EXTERNAL REPORT - are usually financial systems professionals to show the logical
statements that include a balance sheet, design of a system. The advantage of DFDs is
income statement, and statement of cash that they use only four symbols and are
flows. simple to read and understand.

INTERNAL REPORTS - provide feedback to

managers to assist them in running the
business processes under their control.

PROCESS MAPS - are pictorial

representations of business processes in
which the actual flow and sequence of events
in the process are presented in diagram
form—the start of a process, the steps within
the process, and a finish of the process.

DOCUMENT FLOWCHARTS - shows the flow

of documents and information among
departments or units within an organization.
Document flowcharts are usually divided into
columns, each representing a department or
unit of the organization

SYSTEM FLOWCHARTS - is intended to

depict the entire system, including inputs,
manual and computerized processes, and
outputs. System flowcharts do not
necessarily show details of each process, but
display the overall sequence of processes and
the media used for processing and storage.
ENTITY RELATIONSHIP DIAGRAMS - or ER
diagrams, are pictorial representations of the
logical structure of databases. An ER diagram
identifies the entities, the attributes of
entities, and the relationship between entities
ENTITIES - can be thought of as the nouns
that represent items in the accounting
system.
ATTRIBUTES - or characteristics of the
entity. For example, employees have
attributes such as last name, first name, pay
rate, and number of withholdings.
CARDINALITY - refers to how many
instances of an entity relate to each instance
of another entity.
IT – CHAPTER 3
STEWARDSHIP - is the careful and
responsible oversight and use of the assets
entrusted to management.
CODE OF ETHICS – To fulfill these
obligations, management must maintain
internal controls and enforce a code of ethics.
INTERNAL CONTROL – The COSO report
defines internal control as follows: A process,
affected by an entity’s board of directors,
management, and other personnel, designed
to provide reasonable assurance regarding
the achievement of objectives in the following
categories:
▪ Effectiveness and efficiency of
operations
▪ Reliability of financial reporting
▪ Compliance with applicable laws and
regulations
FRAUD - can be defined as the theft,
concealment, and conversion to personal gain
of another’s money, physical assets, or
information.
MISAPPROPRIATION OF ASSETS - involves
theft of any item of value. It is sometimes
referred to as a defalcation, or internal theft,
and the most common examples are theft of
cash or inventory.
MISSTATEMENT OF FINANCIAL RECORDS
- involves the falsification of accounting
reports. This is often referred to as earnings
management, or fraudulent financial
reporting.
FRAUD TRIANGLE:
▪ Incentive to commit the fraud. Some
kind of incentive or pressure typically
leads fraudsters to their deceptive acts.
Financial pressures, market
pressures, job-related failures, or
addictive behaviors may create the
incentive to commit fraud.
▪ Opportunity to commit the fraud.
Circumstances may provide access to
them assets or records that are the
objects of fraudulent activity. Only
those persons having access can pull
off the fraud. Ineffective oversight is
often a contributing factor.
▪ Rationalization of the fraudulent
action. Fraudsters typically justify
their actions because of their lack of
moral character. They may intend to
repay or make up for their dishonest
actions in the future, or they may
believe that the company owes them as
a result of unfair expectations or an
inadequate pay raise.
MANAGEMENT FRAUD - conducted by
one or more top-level managers within the
company, is usually in the form of
fraudulent financial reporting.
 MANAGEMENT OVERRIDE - involves top
management’s circumvention of the
systems or internal controls that are in
place.
EMPLOYEE FRAUD – is conducted by
non-management employees.
MOST COMMON KIND OF EF:
1. Inventory theft. Inventory can be
stolen or misdirected. This could be
merchandise, raw materials, supplies, or
finished goods inventory.
2. Cash receipts theft. This occurs when
an employee steals cash from the
company. An example would be the theft
of checks collected from customers.
3. Accounts payable fraud. Here, the
employee may submit a false invoice,
create a fictitious vendor, or collect
kickbacks from a vendor. A kickback is a
cash payment that the vendor gives the
employee in exchange for the sale; it is like
a business bribe.
4. Payroll fraud. This occurs when an
employee submits a false or inflated time
card.
5. Expense account fraud. This occurs
when an employee submits false travel or
entertainment expenses, or charges an
expense ledger account to cover the theft
of cash.
Cash receipts theft is the most common
type of employee fraud.
SKIMMING - where the organization’s cash is
stolen before it is entered into the accounting
records.
LARCENY - steal the company’s cash after it
has been recorded in the accounting records.
COLLUSION - occurs when two or more
people work together to commit a fraud.
CUSTOMER FRAUD - occurs when a
customer improperly obtains cash or property
from a company, or avoids a liability through
deception.
CREDIT CARD FRAUD & CHECK FRAUD -
involve the customer’s use of stolen or
fraudulent credit cards and checks.
REFUND FRAUD - occurs when a customer
tries to return stolen goods to collect a cash
refund.
VENDOR FRAUD - occurs when vendors
obtain payments to which they are not
entitled. Vendor fraud may also be
perpetrated through collusion.
VENDOR AUDIT - involve the examination of
vendor records in support of amounts
charged to the company.
INDUSTRIAL ESPIONAGE - the theft of
proprietary company information, by digging
through the trash of the intended target
company.
SOFTWARE PRIVACY – the unlawful copying
of software programs.
INTERNAL COMPUTER FRAUD - when an
employee of an organization attempts to
conduct fraud through the misuse of a
computer-based system.
ICF concerns each of the following
activities:
1. Input manipulation. Usually involves
altering data that is input into the computer.
2. Program manipulation. occurs when a
program is altered in some fashion to commit
a fraud. Examples of program manipulation
include:
▪ Salami technique - alter a program to
slice a small amount from several
accounts and then credit those small
amounts to the perpetrator’s benefit.
▪ Trojan horse program - is a small,
unauthorized program within a larger,
legitimate program, used to
manipulate the computer system to
conduct a fraud.
▪ Trap door alteration - is a valid
programming tool that is misused to
commit fraud.

EXTERNAL COMPUTER FRAUD - are
conducted by someone outside the company
who has gained unauthorized access to the
computer. These fraudsters are commonly
known as hackers.
HACKING - is the term commonly used for
computer network break-ins. A particular
kind of hacking: denial of service attack
(DoS) is intended to overwhelm an intended
target computer system with so much bogus
network traffic that the system is unable to
respond to valid network traffic.
SPOOFING - occurs when a person, through
a computer system, pretends to be someone
else.
Two kinds of spoofing:
▪ Internet spoofing - is the most
dangerous to the accounting and
control systems, because a spoofer
fools a computer into thinking that the
network traffic arriving is from a
trusted source.
▪ E-mail spoofing - is not typically as
problematic as Internet spoofing is to
the direct financial interests of most
business organizations, it is
nevertheless a source of irritation and
inconvenience at the workplace.
Following are three critical actions that an
organization can undertake to assist in the
prevention or detection of fraud and
errors:
1. Maintain and enforce a code of ethics
2. Maintain a system of accounting internal
controls
3. Maintain a system of information
technology controls
In response to the many fraudulent financial
reports generated in 2001, the United States
Congress passed the Sarbanes–Oxley Act of
2002.
The objectives of an internal control
system are as follows:
1. Safeguard assets (from fraud or errors).
2. Maintain the accuracy and integrity of the
accounting data.
3. Promote operational efficiency.
4. Ensure compliance with management
directives.
PREVENTIVE CONTROLS - are designed to
avoid errors, fraud, or events not authorized
by management.
DETECTIVE CONTROLS - must be included
in an internal control system. Detective
controls help employees to uncover or
discover errors, fraud, or unauthorized
events.
CORRECTIVE CONTROLS - are those steps
undertaken to correct an error or problem
uncovered via detective controls.
CONTROL ENVIRONMENT - sets the tone of
an organization and influences the control
consciousness of its employees.
RISK ASSESSMENT - whereby it considers
existing threats and the potential for
additional risks and stands ready to respond
should these events occur.
CONTROL ACTIVITIES - as the policies and
procedures that help ensure that
management directives are carried out and
that management objectives are achieved.
These activities can be divided into the
following categories:
▪ Authorization of Transactions -
refers to an approval, or endorsement,
from a responsible person or
department in the organization that
has been sanctioned by top
management.
General authorization is a set of
guidelines that allows transactions to
be completed as long as they fall within
established parameters.
 Specific authorization means that
explicit approval is needed for that
single transaction to be completed.
▪ Segregation of Duties - When
management delegates authority and
develops guidelines as to the use of
that authority, it must assure that the
authorization is separated from other
duties. This separation of related
duties is called segregation of duties.
Compensating control that lessens
the risk of negative effects when other
controls are lacking.
▪ Adequate Records and Documents -
When management is conscientious
and thorough about preparing and
retaining documentation in support of
its accounting transactions, internal
controls are strengthened.
▪ Security of Assets and Documents -
Organizations should establish control
activities to safeguard their assets,
documents, and records.
▪ Independent Checks and
Reconciliation - Independent checks
on performance are an important
aspect of control activities.
Independent checks serve as a
method to confirm the accuracy and
completeness of data in the accounting
system. Reconciliation is a procedure
that compares records from different
sources.
BATCH TOTAL - which is merely a
summation of key items in the batch (such as
hours worked), and compare this batch total
along various stages of processing.
MONITORING - involves the ongoing review
and evaluation of the system.
REASONABLE ASSURANCE - means that the
controls achieve a sensible balance of
reducing risk when compared with the cost of
the control.
CONTROL OBJECTIVES for INFORMATION
TECHNOLOGY (COBIT) - is extremely
important guidance for those who design or
audit IT systems.
TRUST SERVICES PRINCIPLES - are
designed to be the written guidance for CPAs
who provide assurance services for
organizations.
Risk and controls in IT are divided into
five categories in the Trust Services
Principles, as follows:
1. Security. The risk related to security
is unauthorized access, which may be
both physical access and logical
access.
2. Availability. The risk related to
availability is system or subsystem
failure due to hardware or software
problems.
3. Processing integrity. The risk related
to processing integrity could be
inaccurate, incomplete, or improperly
authorized information.
4. Online privacy. The risk in this area
is that personal information about
customers may be used
inappropriately or accessed by those
either inside or outside the company.
5. Confidentiality. The risk related to
confidentiality is that confidential
information about the company or its
business partners may be subject to
unauthorized access during its
transmission or storage in the IT
system.