Accounting information system

Question 1

Definition of accounting? (1.14)

Answer 1

Accounting is a process of identifying, measuring and communicating economic information to permit informed judgement and decisions by internal and external users of the information.

Accounting is an information-providing activity

Question 2

The accounting process diagram? (1.18)

Answer 2

Transaction goes into accounting information system. Then arrow to stakeholders and firm management from accounting information system. Auditor intervenes to the accounting information system and middle or arrow in stakeholders.

Question 3

What is information? (1.20)

Answer 3

Information is a business resource

Question 4

3 information purposes? (1.22)

Answer 4

Information for delegation and accountability
information for decision making
information for operating the business

Question 5

System vs. sub-system vs. element/component? (1.26)

Answer 5

• System consists of interdependent elements. Is set up to achieve one or more specific objectives.
• A sub-system can exist without containing the system, but usually has no useful function by itself.
• An element or component cannot be used alone.

Question 6

Definition of information systems? (1.28) Same as 4 uses of a system

Answer 6

Information system is a set of interdependent components working together to collect, process, store, and provide information.

Question 7

Define accounting information system (AIS) (1.29)

Answer 7

An accounting information system is an organised collection of software and hardware for inputing, processing, and storing data on business events, aimed at providing information to internal and external stakeholders that complies with specified quality criteria, and creating the right conditions for effective and efficient delegation and accountability, decision-making, and operating the business.

AIS: collects, process and reports information related to the financial (accounting) aspects of business events.

Question 8

How does AIS add value to the organisation? (1.30)

Answer 8

Improving quality of information, and therefore better decision making.
- internal decisions such as budgeting, product mix, marketing activities, etc.
- external decisions such as investments, financing, etc.
Improves efficiency
- automation helps saving resources
- information more timely
Shares knowledge by communicating procedures
Improves internal control structure
- safeguarding organisations assets

Question 9

What is the overall goal of internal control (IC)? (1.13)

Answer 9

The overall goal of internal control is to provide a shield that protects assets against undesirable events (risks) that bombard the organisation.

Question 10

What is internal control and what are 3 its objectives? (1.14)

Answer 10

The process effected by an entity’s board of directors (BoD), management, and other personnel, designed to provide reasonable assurance regarding the achievement of the objectives related to:
- effectiveness and efficiency of operations
- reliability of internal and external reporting
- compliance with applicable laws and regulations

Question 11

The fraud triangle? (Name and explain each)

Answer 11

• Pressure: is a persons incentive or motivation to commit fraud. (Ex: pressure to perform, meet stakeholder expectations, personnel incentives like the need to pay the bills)
• Rationalisation: refers to an individual’s justification for committing fraud. (Ex: fear of losing the job motivates to commit fraud)
• Opportunity: refers to circumstances that allow fraud to occur. In the fraud triangle it is the only components that a company exercises control over.

Question 12

Top 4 types of fraud? (2.16)

Answer 12

1. Customer fraud
2. Cybercrime
3. Asset manipulation
4. Bribery and corruption

Question 13

Why was Sarbanes-Oxley Act (2002) created? 6 things. (2.21)

Answer 13

Prevent financial statement fraud
make reporting more transparent
protect investors
strengthen internal control
punish executives pro comit fraud
re-establish public confidence

Question 14

What 2 main things were mentioned in the Sarbanes-Oxley Act? (2.22)

Answer 14

Arounds 60 laws:

Board of directors and management operations
- Implement and test internal controls
- Hold executives accountable for accuracy of financial statement
- Improvement of audit committees.
Auditors operate
- Specific focus on auditor independence through: auditor rotation, restricting non-audit services

Question 15

What does COSO stand for and why is it defined as integrated framework? (2.29)

Answer 15

COSO = committee of sponsoring organisations of the Treadway Commission (original 1992, updated 2013)

Integrated because COSO:
- Includes 5 inter-related components
- Which help achieving all internal control objectives
- And cover the entire organisation

Question 16

What two characteristics does risk have? (2.32)

Answer 16

1. Uncertainty: an event may or may not happen.
2. Loss: an event has unwanted consequences or losses.

Question 17

Name 5 interrelated components of COSO framework (2.30)

Answer 17

Control environment
Control activities
Risk assessment
Information & communication
Monitoring activities

Question 18

What are the 5 components of control environment? (2.33) And which 3 entities are involved?

Answer 18

• Commitment to integrity and ethical values
• BoD independent from management, oversees internal control
• Management establishes structures, reporting lines and authorities and responsibilities
• Commitment to competence
• Accountability and responsibilities

Human resources / Management / Internal Audit

Question 19

4 components of risk assessment? (2.35)

Answer 19

Identification of objectives to enable risk identification and assessment
Risk identification and analysis as a basis for risk management
Fraud taken into consideration
Identification and assessment of changes with impact in internal control system

Question 20

3 components of control activities? (2. 37)

Answer 20

Controls to mitigate risk to acceptable level
General control over technology
Policies and procedures to help ensure that management’s risk responses are carried out

Question 21

3 components of information & communication? (2.38)

Answer 21

Use of relevant, quality information to support internal control
Internal communication to support internal control
Communication with external parties regarding internal control

Question 22

2 components of monitoring activities? (2.39)

Answer 22

• Selection, development, and performance of ongoing and separate evaluations of (other) internal control components.
• Timely evaluation and communication of internal control deficiencies to parties responsible for taking corrective action.

Question 23

What can be 4 possible risk responses? (2.42)

Answer 23

Activity elimination
Automation
Centralisation
Risk sharing

Question 24

4 levels of managing risks? Which are preventive controls are which are detective/corrective controls? (2.43)

Answer 24

Potential risks - Risks that are not avoided - Risks for which no preventive controls are put in place - Residual risks

Detective/corrective is the last one. Otherwise: preventive.

Question 25

Understand: because of inherent limitations in any system of internal control, error or irregularities may occur and not be detected (2.44)

Understand: one of the causes of Enron’s failure probably was the lack of segregation of duties within the company. Explain such concept: segregation of duties. (2.44)

Question 26

Value cycle + - where??? Look into the graph (2.45)
As well as network of reconciliations +-???

Question 27

5 duties to be segregated? (3.6)

Answer 27

1. Authorization
2. Recording
3. Custody
4. Checking
5. Execution

Question 28

What are 3 information security goals? (3.27)

Answer 28

• Confidentiality (C)
• Integrity (I)
• Availability (A)

Question 29

What are 5 primary activities and how they create value? (4.4)

Answer 29

• Inbound logistics: receiving, storing, and distributing inputs internally)
  Focus: supplier management
• Operations: change inputs into outputs that are sold to customers
  Focus: operațional systems
• Outbounds logistics: deliver product or service to customer
  Focus: distribution systems
• Marketing and sales: convince clients to purchase
  Focus: communicating with customers
• Service: maintaining the value of product or service to customers after purchase
  Focus: customer management

Question 30

What are 4 support activities and how they create value? (4.5)

Answer 30

• Procurement (purchasing): get the resources it needs to operate
  Focus: supplier negotiations
• Human resource management: how well a company recruits, hires, trains, motivates, rewards, and retains employees.
  Focus: people management
• Technological development: managing and processing information
  Focus: reduce IT costs/ IT systems
• Infrastructure: maintain daily operations
  Focus: finance, accounting, legal. admin, and general management

Question 31

From an accounting perspective, we typically talk about ____ (4.6) And why?

Answer 31

(COSTS): costs reflect the value that is attached to a resource, which is in turn needed to create value for the customer

Question 32

Documentation in a business environment is necessary for what 2 reasons? (4.9)

Answer 32

• Read and prepare: documentation to determine how a system works
• Evaluate: documentation to identify strengths and weaknesses and recommend improvements (think about auditors who need to test the system of their clients or a company’s employees who work on improvement of current system)

Question 33

What are Data flow diagrams (DFD)? (4.10)

Answer 33

• Graphically describes the flow of data (data sources, data flow, data storage)
• Simple diagrams (only a few different kinds of symbols) which highlight a particular aspect of the system

Question 34

What are flowcharts? (4.10)

Answer 34

• Graphical description of a system
• Record how business processes are performed and how documents flow through the organisation.

Question 35

4 basic DFD symbols? (4.11)

What does the circle mean? Rectangle? Arrow? Equal sign?

Answer 35

Circle = activities or processes (transformation of data)
Rectangle = data origins or data destinations external to the system
Arrow = data flows (needs label!)
Equal sign = data store

Question 36

What is the most common DFD mistake in terms of diagram? (4.12)

Answer 36

Not having a circle in the middle which means process or activity.

Question 37

What is a context diagram? (highest level DFD)

Answer 37

• Defines and clarify boundaries of the system
• Identifies the flows of information between the internal entities within the system and external entities
• Entity = person, place, department, or thing like computer

Question 38

What is a physical DFD? (4.14)

Answer 38

• Is a graphical representation of a system showing the system’s internal and external entities, and the flows of data into and out of these entities.
• A physical DFD specifies: WHERE, HOW, and BY WHOM a system’s processes are accomplished
• A physical DFD does not tell us WHAT is being accomplished

Question 39

What is a logical DFD? (4.16)

Answer 39

• Is a graphical representation of a system focusing on the system’s processes, and the flows of data into and out of the processes and data stores.
• We use logical DFD to document WHAT tasks the system is doing - without having to specify how, where, or by whom the tasks are accomplished.
• The advantage of a logical DFD (versus a physical DFD) is that we can concentrate on the functions that a system performs
• A logical DFD portrays a system’s activities, whereas a physical DFD depicts a system’s infrastructure.
• We need both pictures to understand a system completely

Question 40

Data flow diagrams describe the flow of ____?
Flowcharts graphically describe the ____?

(4.19)

Answer 40

1. data
2. system

Question 41

Why do people not comply with practices, rules, or policies? (4.27) 4 things

Answer 41

Efficiency
Effectiveness
Desire to help a colleague, customer, or the organisation
Self-serving motives

Question 42

What are the objectives of the expenditure cycle? (5.3)

Answer 42

Minimise the total cost of acquiring and maintaining inventories, supplies, and the various services the organisation needs to function.

Question 43

Expenditure cycle transactions have what 2 components? (5.5) example of each

Answer 43

physical: receiving goods
financial: paying goods

Question 44

What are 4 basic expenditure cycle activities? (5.5)

Answer 44

Ordering goods
Receiving goods
Approving invoices
Cash disbursement

It’s a circle, not in this order!

Question 45

What are 2 primary objectives of ordering goods? (5.6)

Answer 45

• The accurate and efficient processing of purchase orders
• Assurance over validity and correctness of purchases

Question 46

What are 3 primary objectives of receiving goods? (5.7)

Answer 46

• To receive goods in desired condition (quantity, quality)
• To safeguard inventory
• Accurately record receipt

Question 47

What are 3 primary objectives of approving invoices? (5.8)

Answer 47

• Received invoices are correct
• Suppliers are paid
• Supplier accounts are accurately maintained

Question 48

What are 2 primary objectives of cash disbursement? (5.9)

Answer 48

• Review cash outflow (check due dates)
• Safeguard cash and A/P master data

Question 49

What are 4 main risks when ordering goods? (5.11)
- And each of them controls?

Answer 49

1. Inaccurate inventory records
   - Controls: perpetual inventory method, reduce manual data entry
2. Ordering too many or too few items
   - Controls: authorisation of purchases not by purchasing departments (SoD)
3. Ordering low quality supplies
   - Controls: purchase from previously screened suppliers, periodic price and quality assessment of suppliers
4. Influencing purchasing clerks (kickbacks)
   - Controls: code of conduct prohibiting acceptance of gifts from suppliers, use of tender procedure

Question 50

What are 3 main risks when receiving goods? (5.13)
- And their controls?

Answer 50

• Accepting non-valid orders
  Controls: compare purchase order number on the packing slip with purchase order
• Acceptance of damaged/inaccurate amount of goods
  Controls: inspecting and counting of goods at time of arrival and compare against packing slip and purchase order, prepare a receiving report, guidelines on how to resolve any delivery issues
• Inaccurate documentation of receipt
  Controls: use technology to avoid human error such as scanners and automated forwarding of receiving goods

Question 51

What are 2 main risks when approving invoices? (5.15)
And their controls

Answer 51

Risk 1: unauthorised invoice approval
- Control: segregation of duties (Sod), authorisation matrix
Risk 2: error in supplier invoice
- Control: manual calculation, compare invoice prices to prices in system/purchase order

Question 52

What are 3 main risks when paying invoices (cash disbursement)? (5.17) And their controls?

Answer 52

Risk 1: missing out on discounts
- Control: file invoices by due date, automated procedure which makes the invoices payable when due
Risk 2: duplicate payments
- Controls: pay only original invoices, cancel supporting document when payment is made (example: stamping)
Risk 3: payment for not received goods
- Control: match supplier invoice to supporting documents (purchase order, receiving report)

Question 53

What are 4 objectives of the revenue cycle? (6.3)

Answer 53

Provide the right product (service) in the right place at the right time for the right price.

Right product (service), right place, right time, right price

Question 54

4 basic revenue cycle activities? (6.4)

Answer 54

Sales order entry
Shipping
Billing
Cash collection

It goes in a circle, there is no right start or finish.
Revenue cycle transaction have a physical component like shipping goods and a financial component like receiving payments.

Question 55

What are 3 primary objectives of the sales order entry process? (6.6)

Answer 55

• Objective: to accurately and efficiently process customer orders
• Objective: to ensure that company gets paid for all credit sales
• Objective: to ensure that all sales are valid

Question 56

What are 3 main risks of the sales order entry process? (6.7)
And internal controls for those risks?

Answer 56

Risk 1: incomplete or inaccurate customer oder
Control 1: training, data entry edit checks, pre-formatted screens, populate input screen with master data
Risk 2: credit sales to customers with poor credit
Control 2: sell only to customers in customer file, credit approved by credit (not sales) manager, accurate record of customer account balances
Risk 3: validity of orders
Control 3: weed out ‘inactive’ customers, signature on paper doc or digital signature

Question 57

What are 3 primary objectives of the picking and shipping process? (6.9)

Answer 57

• To accurately and efficiently pick and ship the required goods
• To safeguard inventory
• Accurately record shipment

Question 58

What are 6 main risks of the picking and shipping process? (6.10) And internal control for them?

Answer 58

• Inaccurate picking (wrong goods/quantity)
  = automated picking, travel paths, training, compare picking ticket to picked goods
• Theft of goods
  = restrict access to inventory, documentation of all internal transfers of inventory, no picking without SO/authorisation
• Failure to pick goods
  = training, personnel
• Shipping errors (wrong goods/address)
  = reconciliation (coordination) of SO with picking ticket
• Damage goods in shipment
  = training
• Loose shipment
  = compare goods with packing slip after shipping

Question 59

4 primary objectives of the billing process? (6.13)

Answer 59

Customers are billed for all sales
Invoices are accurate
Customer accounts are accurately maintained
Records are accurately maintained

Question 60

What are 4 main risks of the billing process? (6.14)
And internal controls for them?

Answer 60

Risk 1: failure to bill customer
Control 1: separation of shipping and billing, renumber all shipping docs & periodically compare to invoices, coordination of picking tickets and bill of lading with SO
Risk 2: billing errors
Control 2: data entry edit controls, populate screen with master data, reasonableness check
Risk 3: bill for goods not shipped
Control 3: billing is authorised by shipping order
Risk 4: error in maintaining customer accounts
Control: confirm customer accounts regularly

Question 61

2 primary objectives of the cash collection process? (6.16)

Answer 61

Monitor cash collection
Safeguard cash, customer payment and A/R master data

Question 62

2 risks of the cash collection process? (6.17) And internal controls.

Answer 62

Risk 1: theft of cash
Control 1: segregation of duties, periodic comparison of bank statement with records, lockbox
Risk 2: customer does not pay
Control 2: focus on old A/R, following up on open A/R, analyse payments that are overdue, always communicate actions with customer service.

Question 63

3 objectives of management? (7.2)

Answer 63

Objective setting -> strategy formulation -> management control

Question 64

Without objectives, it is impossible to: (2 things) (7.3)

Answer 64

1. assess whether employee’s actions are purposeful
2. make claims about an organisation’s success

Question 65

Objectives can be…? (7.3)

Answer 65

Financial versus non-financial
Quantified, explicit versus implicit
Economic, social, environmental, societal

Question 66

Strategies define….(7.4)

Answer 66

how organisations should use their resources to meet their objectives

(Strategies put constraints on employees to focus activities on what the organisation does best or areas where it has an advantage over competitors)

Question 67

Management control is the process by which management…? (7.5)

Answer 67

• Ensures that people in the organisation follow organisational objectives and strategies
• !!! encourages, enables, or sometimes ‘forces’ employees to act in the organisation’s best interest

Management control includes all the devices/mechanisms managers use to ensure that the behaviour of employees is consistent with the organisation’s objectives and strategies

Question 68

2 functions/purpose and benefit of management control? (7.6)

Answer 68

• Get done what management wants done
• Influence behaviour in desirable ways

Benefit: increased probability that the organisation’s objectives will be achieved

Question 69

Facts:

Management control is about encouraging people to take desirable actions
- It guards against the possibilities that employees will do something the organisation does not want them to do, or, fail to do something they should do.

!!! Management control has a behavioral orientation.
If all personnel could always be relied on to do what is best for the organisation, there would be no need for a management control system.

Question 70

3 basic control issues of management? (7.9)

Answer 70

1. Lack of direction
   - Do they understand what we expect of them
   Employees do not know what the organisation wants from them. When this lack of direction occurs, the likelihood of the desirable behaviours occurring is small
2. Lack of motivation
   - Will they work consistently hard and try to do what is expected of them
   When employees ‘choose’ not to perform as their organisation would have them perform.
3. Personal limitations
   - Are they capable of doing what is expected of them?
   Some examples: lack of required knowledge, training, experience, employees are promoted above their level of competence

Question 71

What does lack of congruence (compatibility) mean? (7.11)

Answer 71

Individual goals do not coincide (match) with organisational goals.

Question 72

3 management control systems? (7.13) !!!!!!!!!!

Answer 72

People controls (input/cultural)
Action controls (process)
Result controls (output)

Question 73

4 control-problem avoidance? (7.14)

Answer 73

• Activity elimination
• Risk sharing (buying insurance)
• Automation (eliminate human inaccuracies, inconsistency, lack of motivation)
• Centralisation (superiors make the most critical decisions)

Question 74

3 personnel controls (people controls)? (7.16)

Answer 74

• Selection and placement: right people must be selected for the job.
• Training: organization use formal as well as informal training to improve personnel performance.
• Job design and provision of necessary resources.: task definition and providing a car for customer visits.

Question 75

5 cultural controls (people controls)? (7.17)

Answer 75

• Codes of conduct: ethical codes, mission statements, vision statements.
• Group-based rewards: same reward for all group for successfully completed task
• Intra-organisational transfers: regular transfer from one department, job assignment, business unit, geographical location to another.
• Physical and social arrangements: luxurious buildings, cards, furniture.
• Tone at the top: management believes continuing education is important and for that reason managers participate in courses themselves.

Question 76

4 action controls? (7.18)

Answer 76

Behavioral constraints (physical constraintsL locks on desks, user Ids and passwords, limiting decision making authority, segregation of duties)
Pre-action reviews (analysing an audit plan before it gets executed)
Action accountability
Redundancy (surplus)

Question 77

4 result controls? (7.19)

Answer 77

• Defining performance measurements (profitability, product quality, customer satisfaction)
• Setting targets for these performance measures
• Measuring performance
• Providing rewards or punishments (salary increases, bonuses, promotions, demotions, loss of job)

Question 78

What does tight result control mean? (7.27)

Answer 78

Achievement of right results control depends on:
- Congruence
- Specificity (performance targets must be specific)
- Communication (desired results must be effectively communicated)
- Completeness (the measures must be complete)

Question 79

When is action control system tight?
3 tight action controls? (7.28)

Answer 79

• Action control systems are tight if it is highly likely that employees engage consistently in all of the actions critical to firm success.

1. behavioral constraints
   - it can be assumed that higher-level personnel can be expected to make more reliable decisions
   - if can be guaranteed that those who do not have authority for certain actions cannot violate the constraints that have been established
2. pre-action reviews
   - frequent, detailed
3. action, accountability
   - is tight when

Question 80

Tight personnel/cultural controls? (7.29)

Answer 80

Personnel control usually provide a significant amount of control (MCSs dominated by personnel. Charitable and voluntary organisations)