1. Introduction to Accounting Information Systems. 2. Enterprise Systems. 3. Electronic Business (EBusiness) Systems. 4. Documenting Information Systems. 5. Database Management Systems. 6. Relational Databases and SQL. 7. Controlling Information Systems: Introduction to Enterprise Risk Management and Internal Control. 8. Controlling Information Systems: Introduction to Pervasive Controls. 9. Controlling Information Systems: Business Process and Application Controls. 10. The Order EntrySales (OES) Process. 11. The BillingAccounts ReceivableCash Receipts (BARCR) Process. 12. The Purchasing Process. 13. The Accounts PayableCash Disbursements (APCD) Process. 14. The Human Resources (HR) Management and Payroll Processes. 15. Integrated Production Processes (IPP). 16. The General Ledger and Business Reporting (GLBR) Process. 17. Acquiring and Implementing Accounting Information Systems.
Seventh Edition Accounting Information Systems Ulric J Gelinas, Jr Bentley College Richard B Dull Clemson University Accounting Information Systems, 7th Edition Ulric J Gelinas, Jr and Richard B Dull VP/Editorial Director: Jack W Calhoun Assoc Content Project Manager: D Jean Buttrom Art Director: Linda Helcher Publisher: Rob Dewey Manager of Technology, Editorial: John Barans Internal Designer: Jennifer Lambert, Jen2Design Acquisitions Editor: Matt Filimonov Sr Technology Project Manager: Sally Nieman Cover Designer: Jennifer Lambert, Jen2Design Developmental Editor: Aaron Arnsparger Manufacturing Coordinator: Doug Wilke Cover Images: # Jupiter Images Marketing Manager: Kristen Bloomstrom Production House: ICC Macmillan, Inc Printer: Transcontinental Louiseville, Quebec COPYRIGHT # 2008, 2005 Thomson South-Western, a part of The Thomson Corporation Thomson, the Star logo, and South-Western are trademarks used herein under license ALL RIGHTS RESERVED No part of this work covered by the copyright hereon may be reproduced or used in any form or by any means— graphic, electronic, or mechanical, including photocopying, recording, taping, Web distribution or information storage and retrieval systems, or in any other manner—without the written permission of the publisher Library of Congress Control Number: 2006934475 Printed in the United States of America 08 07 06 Student Edition ISBN 13: 978-0-324-37882-5 Student Edition ISBN 10: 0-324-37882-3 For permission to use material from this text or product, submit a request online at http://www.thomsonrights.com For more information about our products, contact us at: Thomson Learning Academic Resource Center 1-800-423-0563 Thomson Higher Education 5191 Natorp Boulevard Mason, OH 45040 USA This book contains references to the products of SAP AG, Dietmar-Hopp-Allee 16, 69190 Walldorf, Germany The names of these products are registered and/or unregistered trademarks of SAP AG SAP AG is neither the author nor the publisher of this book and is not responsible for its content Brief Contents PART UNDERSTANDING INFORMATION SYSTEMS PART Controlling Information Systems: Introduction to Enterprise Risk Management and Internal Control 206 Controlling Information Systems: Introduction to Pervasive and General Controls 243 Controlling Information Systems: Business Process and Application Controls 284 BUSINESS PROCESSES 10 11 12 13 14 15 PART Documenting Information Systems 98 Database Management Systems 135 Relational Databases and SQL 176 ENTERPRISE RISK MANAGEMENT PART ORGANIZING AND MANAGING INFORMATION PART Introduction to Accounting Information Systems Enterprise Systems 31 Electronic Business (E-business) Systems 62 The Order Entry/Sales (OE/S) Process 328 The Billing/Accounts Receivable/Cash Receipts (B/AR/CR) Process 374 The Purchasing Process 419 The Accounts Payable/Cash Disbursements (AP/CD) Process 462 The Human Resources (HR) Management and Payroll Processes 498 Integrated Production Processes (IPP) 537 REPORTING WITH AND ACQUIRING ACCOUNTING INFORMATION SYSTEMS 16 17 General Ledger and Business Reporting (GL/BR) Process 573 Acquiring and Implementing Accounting Information Systems 597 Glossary 633 Index 649 iii Preface Welcome to the beginning of a journey through the exciting field of accounting information systems We are very pleased that you have chosen to become another member of our international community of students, accounting professionals, and educators who make this book an integral part of their library as a text and reference We promise to make the journey through this complex, challenging, and exciting topic as easy and pleasant as possible These demanding topics are tackled in a conversational and relaxed tone, rather than stilted, technical language At the same time, the text fully explores the integrated nature of the topic with all of its foundations in information technology, business processes, strategic management, security, and internal control Thank you for the opportunity to serve as your guide on this journey Before beginning, let’s discuss two key ideas that inspire the story in the text First, the accountant is defined as an information management and business measurement professional Second, information systems consist of integral parts working together that allow the organization to progress and move forward These two philosophies are briefly attended to before moving on to addressing the most frequently asked questions (FAQs) by users of this book Accountant as an Information Management and Business Measurement Professional There is no doubt that the long-standing image of the accountant as a conservative, green eye shaded, nonsocial employee who is tucked in the back room of an organization has been forever shattered Today’s accounting professional is relied upon by owners and managers to identify and monitor enterprise risks (events that may cause an entity to fail to achieve its objectives); assure the reliability of information systems used to gather, store, and disseminate key information for decision making; and possess the requisite general business knowledge, coupled with business process measurement and assessment skills, to evaluate the state of the business enterprise and its supporting operations In a post-Enron and WorldCom era, the primary focus of organizations is on enterprise risk management, and the accounting professional (as external auditor, internal auditor, corporate accountant, or manager) is increasingly expected to take the leadership role in identifying and mitigating enterprise risks Accordingly, the accounting professional must arrive on the job armed with a solid understanding of (1) key information qualities, (2) critical information technologies that drive the information systems, (3) core business processes that allow an organization to operate effectively and efficiently, (4) common documentation tools used to diagram and assess business processes, and (5) vital corporate governance/internal control concepts that can be applied to mitigate risks Each of these fundamental knowledge requirements is addressed throughout this book iv Preface Information Systems: Integrated Elements Moving the Organization Forward In today’s information-technology–centric world, organizations clearly can neither operate nor survive without information systems The quality of the information systems and the reliability of the information available through such systems dictate, to a large degree, the effectiveness of decision making within the organization Without good information, managers cannot make sound decisions It is imperative that all pieces of the information system are in sync and operating effectively if the enterprise as a whole is to operate effectively and efficiently, and move forward in a positive direction Figure P.1 shows the integrated nature of information systems components The elements must be sound across all dimensions for the organization to safely, yet quickly, move forward Any weakness in these elements puts successful outcomes at risk The enterprise depends on safe and secure information systems that allow the organization to move forward in a controlled, yet competitive, manner Following are the five integral components of the information system: Information Systems—Integrated Elements ss ce pro ontrols and general c ont rol ss c ontrols and app lica tio n PU /P e Ent rp ase cont r tab rise d IPP R /B GL /S n HR bas ata /CR B/AR co ols Da R s ls tro ne iv e c P/AP/CD P as erv OE FIGURE P.1 Bu si l An enterprise database that stores the data related to an enterprise’s business activities and resources This includes views of this database for each business process that support effective decision making and allow these processes to operate effectively Database controls that safeguard the data in the enterprise database from illicit access, destruction, and corruption e l v vi Preface l l l Business processes that reflect the core activities completed by an organization in achieving its business objectives These processes include such activities as selling goods or services, collecting payment, purchasing materials or inventory, paying for those items, hiring and retaining a quality set of employees, and producing goods or services for sale All of these processes both use and generate data that is stored in the enterprise database Business process controls and application controls are the procedures put in place within each business process to identify specific business risks, prevent identified risks from disrupting operations or corrupting data, detect failures that get past preventive measures, and correct for detected errors and irregularities that slip past the control boundary Pervasive controls and general controls represent the overall corporate governance structure and related control procedures that are designed to create a regulated organization that can face the challenges of the external business environment, keep the enterprise on track and moving forward in a controlled manner, as well as outperform its competitors Each of these components is explored in detail while progressing through the book After completing the study of the concepts presented in this text, you should have a strong grounding in the critical knowledge necessary to help an organization create and manage effective information systems that minimize related enterprise risks Frequently Asked Questions (FAQs) When examining a book and considering how to most effectively acquire the information with which you are particularly interested, several questions may arise that need answered to help make the journey more efficient In the remainder of this preface, the focus will be on the most frequently asked questions by previous adopters and readers of this book Hopefully, the answers to your most pressing questions can be found in the following sections FAQ #1: What Are the Core Themes of This Book? The book’s focus is on providing the skills necessary for a foundation in enterprise risk management—particularly as these risks pertain to business processes and their information systems components Fundamental to an enterprise risk management orientation, from an information systems perspective, are the underlying enterprise systems, e-business systems, and controls for maintaining these systems The emphasis on these core themes is apparent even by reviewing the table of contents Chapters and immediately focus on enterprise systems and e-business in the introductory section of the text Controls are the focus of three chapters (Chapters 7, 8, and 9) More importantly, however, these themes are carried out throughout the remainder of the text in the integrative fashion for which the previous six editions of this book have been known Icons have been added in the margins throughout the book to help emphasize the coverage of these core themes in their integrated state and to facilitate absorption of the material by the reader Given the critical nature of these three themes, the following paragraphs provide brief explanations for each Enterprise Systems Enterprise systems integrate the business process functionality and information from all of an organization’s functional areas, such as marketing and sales, cash receipts, purchasing, cash disbursements, human resources, production and logistics, and business reporting (including financial reporting) They make possible the coordinated operation Preface of these functions and provide a central information resource for the organization The concept of enterprise systems can be realized in various ways For instance, an organization might develop its own separate business process systems and tie them together in an integrated manner Or, an organization could purchase an enterprise system from a vendor Such externally acquired systems are commonly called enterprise resource planning (ERP) systems—software packages that can be used for the core systems necessary to support enterprise systems A number of ERP systems are commercially available with SAP1 and Oracle1 dominating the large- and medium-sized enterprise markets The Microsoft Dynamics line of products is a major player in the small- and medium-sized enterprise market Many organizations use a combination of ERP systems, externally purchased sub-systems, and internally developed sub-systems to create their overall enterprise systems E-Business E-business (electronic business) is the application of electronic networks (including the Internet) to exchange information and link business processes among organizations and/ or individuals These processes include interaction between back-office (i.e., internal) processes, such as distribution, manufacturing, and accounting, and front-office (i.e., external) processes, such as those that connect an organization to its customers and suppliers Traditionally, e-business has been driven in business-to-business (B2B) environments through electronic data interchange (EDI) The most familiar form of e-business is the business-to-consumer (B2C) model where interactions are largely driven by browser-based applications on the Internet This communication medium has spilled over into the B2B arena, replacing EDI in some cases, while also providing opportunities for new B2B interaction in this rapidly changing environment Controls Internal control is a process—effected by an entity’s board of directors, management, and other personnel—designed to provide reasonable assurance regarding the achievement of objectives in the following categories: effectiveness and efficiency of operations, reliability of reporting, and compliance with applicable laws and regulations A strong system of internal controls is imperative to effective enterprise risk management and is of great interest to top management, auditors, and external stakeholders FAQ #2: How Does This Book Present Accounting Information Systems? This book is organized into five parts Chapter 17 on the selection and development of accounting information systems includes a summary of the material from the supplement that accompanied the sixth edition of the text The following paragraphs discuss briefly each of the components of this book Part I: Understanding Information Systems consists of three chapters Chapter provides an overview of basic information systems concepts that are of interest to the accounting professional and explores the critical characteristics of information that must be considered in systems design and evaluation Chapter introduces the concept of enterprise systems and the key role that these systems play in the successful and timely operation of contemporary enterprises Chapter addresses the extended enterprise vii viii Preface environment, the e-Business relationships that an organization forms when linking its organization with the individuals or other organizations that represent their customers and vendors, and other stakeholders Part II: Organizing and Managing Information includes the following three chapters Chapter provides the basic tools necessary for diagrammatically documenting organizational data flows (data flow diagrams—DFDs) and business processes (systems flowcharts) This chapter is divided into sections focusing first on reading documentation and then on creating documentation to meet the varied needs of our readers and users Chapter provides a more comprehensive exploration of data storage methods, the role of databases in data management, and the various business intelligence tools that are available for making sense out of the vast enterprise databases in order to enhance strategic decision making Chapter also includes sections on reading and understanding entity relationship (E-R) diagrams (used to model database structures) Chapter takes a deeper look at modeling information systems using the REA (Resources, Events, and Agents) method, creating E-R diagrams, mapping these diagrams to relational databases, and using SQL query language to manipulate and retrieve data from relational databases Part III: Enterprise Risk Management consists of three chapters exploring the various dimensions of organizational governance and associated effective internal control systems Chapter begins this section with an overview of internal control frameworks, including the new framework Enterprise Risk Management—Integrated Framework, general organizational governance guidelines, and the changes effected by the SarbanesOxley Act of 2002 Chapter 8, designed around COBIT, an internationally recognized framework for IT control, then focuses in on the risks that specifically exude from information systems and can put an enterprise in a stage of acute risk if not properly monitored and controlled Chapter focuses on the control procedures applicable to minimizing such risk and presents a methodology for comprehensively evaluating the risks and controls within a defined business process This framework is subsequently demonstrated and applied across the business processes presented in Chapters 10 through 14 Part IV: Business Processes examines the various business processes that are necessary for an enterprise to successfully operate These chapters focus on applications supported by ERP system implementations (including exhibits of screens from SAP1 and Microsoft Dynamics GP software), the key controls for maintaining successful business processes, and application of the methodology for evaluating risks and controls within the given business process The order-to-cash (revenue) flows are captured in Chapter 10 ‘‘The Order Entry/Sales (OE/S) Process’’ and Chapter 11 ‘‘The Billing/ Accounts Receivable/Cash Receipts (B/AR/CR) Process.’’ The purchase-to-pay (expense) flows are captured in Chapter 12 ‘‘The Purchasing Process’’ and Chapter 13 ‘‘The Accounts Payable/Cash Disbursements (AP/CD) Process.’’ Chapter 14 ‘‘The Human Resources (HR) Management and Payroll Processes’’ and Chapter 15 ‘‘Integrated Production Processes (IPP)’’ round out coverage of the core business processes Part V: Reporting with and Acquiring Accounting Information Systems begins with Chapter 16 ‘‘General Ledger and Business Reporting (GL/BR) Process,’’ dealing with the reporting process in which information from core business processes is developed into financial reports for internal and external usage This chapter includes basics, such as information flows related to the process, as well current technologies, such as ERPs and XBRL After completing the reporting process, Chapter 17 ‘‘Acquiring and Implementing Accounting Information Systems,’’ provides an overview Preface on the selection of accounting information systems, including the buy-versus-build decision With the extensive use of off-the-shelf software, including ERP software, that can be modified to fit an enterprise’s business needs, we take a look at the issues that should be considered in selecting the right software and knowing when to internally develop software when the ‘‘right’’ solution is not available from external sources The chapter includes topics such as AIS acquisitions from third parties and the systems development life cycle (analysis, selection and design, implementation, and operation phases) FAQ #3: Where Can I Find Information About the Sarbanes-Oxley (SOX) Act of 2002, Especially SOX Section 404? Chapter provides an overview of sections 404 and 409 of the Sarbanes-Oxley Act of 2002, including the overall implications for the accountant as an information management and business measurement professional Chapter discusses preparing documentation of business processes, a first step in a SOX 404 review Chapter describes the effect of SOX Sections 210, 302, and 404 on corporate governance, IT governance, and enterprise risk management Chapters through describe the requirements of SOX 404 and PCAOB Auditing Standard No regarding the ‘‘effectiveness of design of internal controls’’ (leaving the ‘‘effectiveness of operations of internal controls’’ for the auditing courses and texts) Chapters through 15 also introduce and use the control matrix, a vehicle employed by systems designers to assess the effectiveness of control design and by auditors to design tests for effectiveness of operations of internal control Finally, Chapter 16 discusses the effect on internal control reporting and financial reporting required by SOX Sections 302, 401, 404, and 409 FAQ #4: What Are the Major Changes from the Sixth Edition? l l Enhanced coverage of enterprise risk management: This is a highly critical area as businesses struggle to meet the requirements of the Sarbanes-Oxley Act of 2002 in the United States and parallel pressures across the globe Enterprise risk management has become a primary focus of CEOs, CFOs, and CIOs as they struggle to limit personal liability, calm external stakeholders, and ensure the continued growth of their enterprises We begin this enhanced coverage in Chapter with a presentation of the updated COSO framework, Enterprise Risk Management—Integrated Framework (ERM) We use the ERM framework to convey the idea that organizations must have processes in place to develop strategy and objectives, to identify and assess risks that the strategy and objectives will not be achieved, and to implement processes and internal controls to address the risks As in past editions, this text maintains a strong focus on organizational governance, IT governance and internal controls, and a framework for assessing risk and controls across the business processes of an enterprise Revised and expanded presentation of the control matrix: Our presentation of the control matrix begins in Chapter where we use a generic matrix to depict the relationship between information qualities and processes that help to achieve those qualities In Chapter 7, we use a matrix to show the relationship between control objectives and controls that achieve those objectives Finally, in Chapter 9, we present a simplified and more structured process for preparing the control matrix and for identifying ix 644 Glossary post: Moving business event from a journal to a subsidiary ledger post-billing system: A billing system in which invoices are prepared after goods have been shipped and the sales order notification (sales order) has been matched to shipping’s billing notification (shipping notice) post-implementation review: An examination of a working information system, conducted soon after that system’s implementation to determine whether the user’s requirements have been satisfied and whether the development effort was efficient and conducted in accordance with the organization’s systems development standards programmed edit checks: An edit that is automatically performed by data entry programs upon entry of the input data public databases: Databases that provide rich information sources that are searchable either for free or on a for-fee basis pull manufacturing: An approach to manufacturing where production is initiated as individual sales orders are received Theoretically, each job consists of a ‘‘batch’’ of one unit In pacing production, an idle machine pulls the next part from the previous machine as soon as that part is available thus pulling goods through the factory only when needed to satisfy demand pre-billing system: A billing system in which invoices are prepared immediately on acceptance of a customer order—that is, after inventory and credit checks have been accomplished but before the goods have been shipped purchase order (PO): A request for the purchase of goods or services from a vendor predictive value and feedback value: An information quality that improves a decision maker’s capacity to predict, confirm, or correct earlier expectations purchase receipts data: An event data store with each record reflecting a receipt of goods and services preformatted screens: A computer screen designed to control the entry of data by defining the acceptable format of each data field, automatically moving to the next field, requiring that certain fields are completed, and/or by automatically populating fields preliminary feasibility study: A set of procedures conducted to determine the practicability of a potential systems development project preventive control plan: A control plan that is designed to stop problems from occurring purchase order master data: A compilation of open purchase orders that includes the status of each item on order purchase requisition: An internal request to acquire goods and services; it may originate from authorized personnel within an organization, or from automated inventory replenishment systems, such as supply chain-management processes purchase requisitions data store: A file or table where purchase requisitions are compiled purchase returns and allowances: Events that include the reduction of accounts payable due to returning items purchased or another agreement with the vendor primary key: The unique identifier for each row of a table (or record within a file) that serves as an address for the row purchase-to-pay process: A process that includes the events surrounding the purchase of goods from a vendor, the recognition of the cost of those goods, and the payment to the vendor procedures for rejected inputs: A control plan designed to ensure that erroneous data (i.e., not accepted for processing) are corrected and resubmitted for processing purchasing events data: Data that contain, in chronological sequence, the details of each of the organization’s purchase events process: A series of actions or operations leading to a particular and usually desirable result product lifecycle management (PLM) software: Software that manages product data during a product’s life, beginning with the design of the product, continuing through manufacture, and culminating in the disposal of the product at the end of its life production, planning, and control: A production subsystem concerned with managing the orderly and timely movement of goods through the production process purchasing process: An interacting structure of people, equipment, methods, and controls that is designed to accomplish the functions of requirements determination, purchase order processing, and goods receipt push manufacturing: An approach to manufacturing management in which sales forecasts drive the production plan, and goods are produced in large batches Each machine performs its operation on the batch, and then the entire job waits until the operation can be started on the next machine in the sequence Glossary Q queries: An element of a DBMS that allows users and programmers to access the data stored in various tables query language: A language used to access a database and to produce inquiry reports R Radio-Frequency Identification (RFID): A system for sending and receiving data, using wireless technology, between an RFID tag (a chip with an antenna) and an RFID transceiver raw materials requisition: An authorization that identifies the type and quantity of materials to be withdrawn from the storeroom reasonableness checks: A type of programmed edit check that tests whether the contents (e.g., values) of the entered data fall within predetermined limits; also called limit checks remittance advice (RA): A business document used by the payer to notify the payee of the items being paid remittance advice file: A file or table where copies of the RAs are stored reorder point (ROP) analysis: A technique for determining when to reorder an item based on the item’s unique sales rate reports: An element that makes up DBMSs, that provides printed lists and summaries of data stored in tables or collected by queries from one or more tables request for proposal (RFP): A document sent to vendors that invites submission of plans for providing hardware, software (for a purchased system), and related services resources: Assets (tangible or intangible) that an organization owns reconcile bank account: Records of cash disbursements and receipts are matched to the bank’s records to ensure that all disbursements and receipts recorded by the bank were authorized and accurate An entity other than accounts payable and cash disbursements should perform this reconciliation responsibility accounting/reporting system: A managerial reporting system that is tied to the hierarchy or chain of responsibility/authority reflected by a firm’s organization chart, and as information is reported upward, the level of detail is filtered, meaning that figures are aggregated (summarized) as they are reported to successive management levels recurring costs: Costs that occur throughout all or most of the system’s life risks: The possibility that an event or action will cause an organization to fail to meet it objectives recursive relationship: A relationship between two different instances of the same entity type routing master: A data store that specifies the operations necessary to complete a subassembly or finished good and the sequence of these operations referential integrity: A specification that for every attribute value in one relation that has been specified to allow reference to another relation, the tuple being referenced must remain intact reject stub: A data flow assigned the label ‘‘Reject’’ that leaves a bubble but does not go to any other bubble or data store and indicates processing that is performed in other-than-normal situations relation: A collection of data representing multiple occurrences of a resource, event, or agent relational database model: A logical model for a database in which data are logically organized in two-dimensional tables Each individual type of information or event is stored in its own table relationship (junction) tables: Tables with composite primary keys that connect (join) tables in a many-to-many relationship relevance: A quality when information is capable of making a difference in a decision-making situation by reducing uncertainty or increasing knowledge for that particular decision S sales event data: A file comprised of invoice or sales order records created as the sales process captures sales events, through the preparing and sending of an invoice sales force automation (SFA) software: Software that automates sales tasks such as order processing, contact management, inventory monitoring, order tracking, and employee performance evaluation scanners: Input devices that capture printed images or documents and convert them into electronic digital signals (i.e., into binary representations of the printed image or document) that can be stored on computer media schema: A complete description of the configuration of record types, data items, and the relationships among them second normal form (2NF): A table (relation) is in 2NF if it is in first normal form and has no partial 645 646 Glossary dependencies; that is, no nonkey attribute is dependent on only a portion of the primary key self-checking digit code: A code that includes an extra digit that can be used to check the accuracy of the code sequence check: A type of control in a batch processing system where documents that are numbered sequentially are used to determine that all documents have been processed (completeness) and that no extra documents have been processed (validity) subschema: A description of a portion of a schema subsystem: A part of a system; these parts are interrelated or integrated as a single system supply chain: The connections between an organization, including the flow of information, materials, and services, from suppliers of merchandise and raw materials through to the organization’s customers summarize: Prepare a trial balance to show the total impact on each general ledger account of a set of business events serial coding: Assigns numbers to objects in chronological sequence; also known as sequential coding supplier relationship management (SRM) software: Software that manages the interactions with the organizations that supply the goods and services to an enterprise just as CRM software streamlines the processes between the enterprise and its customers service bureau: A firm providing information processing services, including hardware and software for a fee; frequently providing the services less expensively and in a timelier manner than would be possible with an in-house computer supply chain management (SCM): The combination of processes and procedures used to ensure the delivery of goods and services to customers at the lowest cost while providing the highest value to the customers service-oriented architectures (SOA): Welldefined, independent functions (or applications) that can be distributed over a network via Web Services supply chain management (SCM) software: Software that helps plan and execute the steps in an organization’s supply chain, including demand planning; acquiring inventory; and manufacturing, distributing, and selling the product sequential coding: Assigns numbers to objects in chronological sequence; also known as serial coding shop floor control (SFC) process: A process devoted to monitoring and recording the status of manufacturing orders as they proceed through the factory significant digit coding: Assigns specific digits a meaning of their own, allowing selective inquiries of a database skills inventory data: A repository of data that catalogs each employee’s set of relative skills, experience, education, and training standing data: Relatively permanent portions of master data, such as the credit limit on customer master data and the selling price and warehouse location on inventory master data structured decisions: Decisions for which all three decision phases (intelligence, design, and choice) are relatively routine or repetitive structured systems analysis: A set of procedures conducted to generate the specifications for a new (or modified) information system or subsystem structured systems design: A set of procedures performed to convert the logical specification into a design that can be implemented on the organization’s computer system subassemblies: Separately manufactured components used in another assembly or a final product system: A set of interdependent elements that together accomplish specific objectives systems development: Comprises the steps undertaken to create, modify, or maintain an organization’s information system The systems development process is made up of four primary phases: systems analysis, design, implementation, and operation systems development life cycle (SDLC): The progression through the phases of the systems development process, from birth through implementation to ongoing use systems development life cycle (SDLC) methodology: This structured approach to developing information systems called the which is a formalized, standardized, documented set of activities used to manage a systems development project systems flowchart: A graphical representation of a business process, including information processes (inputs, data processing, data storage, and outputs), as well as the related operations processes (people, equipment, organization, and work activities) systems implementation: A set of procedures performed to complete the design contained in the approved systems design document and to test, Glossary install, and begin to use the new or revised information system systems selection: Set of procedures performed to choose the software specifications and hardware resources for an information system systems survey: A set of procedures conducted to determine the practicability of a potential systems development project and to prepare a systems development plan for projects considered feasible T turnaround documents: Documents such as remittance advices that are used to capture and input a subsequent event U understandability: The information quality that enables users to perceive the information’s significance unnormalized table: Contains repeating attributes (or fields) within each row (or record) tables: An element that makes up DBMSs A place to store data unstructured decision: A decision for which none of the decision phases (intelligence, design, or choice) are routine or repetitive tangible benefits: These benefits can be reasonably quantified Examples of benefits include equipment costs and increased revenue update anomalies: Errors created when modifying data within a system One of many problems caused by functional dependencies tangible costs: These costs can be reasonably quantified Examples of costs include software purchases and insurance V third normal form (3NF): A relation is in 3NF if it is in second normal form with no transitive dependencies throughput time: The time it takes from when authorization is made for goods to be produced to when the goods are completed tickler file: A manual file of documents, or a computer file, reviewed on a regular basis, that contains business event data that is pending further action time-phased order requirements schedule: A schedule that shows the time period when a manufacturing order or purchase order should be released so that the subassemblies and raw materials will be available when needed timeliness: Information available to a decision maker before it loses its capacity to influence a decision top-down partitioning: The successive subdividing, or ‘‘exploding,’’ of logical DFDs that, when performed, leads to a set of balanced DFDs total quality control (TQC): A subset of JIT, that places responsibility for quality in the hands of the builder rather than the inspector transitive dependency: Exists in a table when a nonkey attribute is functionally dependent on another nonkey attribute tuple: A set of data that describes a single instance of the entity represented by a relation (for example, one employee is an instance of the EMPLOYEE relation); frequently a row within a table validity: An information quality concerning the inclusion of actual events and actual objects value-added network (VAN): A service that acts as the EDI ‘‘post office.’’ An organization can connect to the VAN when it wants, leave its outgoing messages, and, at the same time, pick up incoming messages from its ‘‘mailbox.’’ value chain: A chain of activities performed by the organization to transform inputs into outputs valued by the customer variance analysis: The process of comparing actual information about input costs and usage to standards for costs and usage for manufacturing inputs vendor invoice: A business document that notifies the purchaser of an obligation to pay the vendor for goods (or services) that were ordered by and shipped to the purchaser vendor master data: Contains a record of each vendor that is approved for use by the organization vendor packing slip: A list that accompanies the purchased inventory from the vendor and identifies the contents of a shipment and triggers the receiving process W Web browsers: Software programs designed specifically to allow users to easily view various documents and data sources available on the Internet Web Services: A software application that supports direct interactions with software objects over an intranet or the Internet 647 648 Glossary wide area networks (WANs): Communication networks that link distributed users and local networks into an integrated communications network its capacity, its maintenance needs, labor needs to operate it, and so on work center: A group of similar workstations workstation: The assigned location where a worker performs his or her job; it could be a machine or a workbench work center master: Describes each work center available for producing products, including information such as the machine available at the station, written approvals: A signature or initials on a document to indicate that an event has been authorized Index Note: Pages on which definitions appear are indicated by def.; illustrations are indicated by illus A ABC analysis, 432–433 Acceptance reports, 436 Acceptance test, 621 Accountant, role of in AIS development/ acquisition, 623–625 in current business environment, 26–27, 597 Accounting information systems (AIS) accountant role in, 26–27, 623–625 acquiring from external parties, 599–600 adaptation and, 598 automating, 70–72 def., 14 elements in study of, 7–11, illus general ledger component of, 574 information system, 13 manual compared to automated, 66–70 systems and subsystems, 11–13 Accounting system automated, illus., 69 manual, illus., 68 Accounts payable/cash disbursements (AP/CD) process applying control framework to, 484–488 company-level controls and, 489 def., 463–464 example of, 462–463 logical description of, 467–476 organizational setting and, 464–466 physical description of, 478, 480–484 technology trends and developments, 477 Accounts payable master data, 472 Accounts receivable adjustments data, 390 Accounts receivable master data, 388 Accuracy of information def., 21 within Fortune 1,000 companies, 284 Acquire and Implement domain description of, 260–261 developing and acquiring IT solutions, 261–262 identifying automated solutions, 261 integrating solutions into operational processes, 262 managing changes to existing IT systems, 262–263 Acquiring AIS from external parties, 599–600 Activities control, 211, 217 def., 112 information processing, 113 See also Table of entities and activities Activity-based costing, 543 Adair International Oil and Gas Inc., 573 Adaptive maintenance, 622 Agents, 157 Agree run-to-run totals, 308, 310 AIS See Accounting information systems (AIS) ALTER command (SQL), 194 Amazon.com, 62–63, 65–66 American Institute of Certified Public Accountants (AICPA) Assurance Services Executive Committee, CPA WebTrust, 91 Practice Alert, 564–565 Top 10 Technology List for 2006, Trust Service principles, 272–273 AM General LLC, 442 Annual agreements, 434 AP/CD process See Accounts payable/cash disbursements (AP/CD) process Application and data integration, Application controls company-level controls and, 303 def., 235 general controls and, 246 overriding, 311 Application documentation, 262 Application Programming Interface (API), 36 Applications, 247 Applications approach to business event processing description of, 137–139 illus., 137, 138 overcoming limitations of, 144–145 Application service providers (ASPs), 599, 600 Approved configuration plan, 609–615 Approved systems analysis document, 605–606, 608–609 Approved systems design document, 616 ASPs (application service providers), 599, 600 Association of Certified Fraud Examiners, 220 Assurance and compliance applications, Attendance time records, 512–513, 515 Attest function, Attributes def., 178 illus., 179 non-key, 153 Auction markets, Internet def., 92 e-procurement and, 439 Audit trails, 584 Automated clearing houses, 380 Automated controls accounts payable/cash disbursements process and, 489 billing/accounts receivable/ cash receipts process and, 407 business process controls, application controls, and, 303 purchasing process and, 453 purchasing process controls and, 362 Automated guided vehicle systems, 555 Automated storage and retrieval systems, 554–555 Automating accounting information systems, 70–72 business processes, 64–65 data entry, 294–300 HR function, 499 Availability of information, 20 Available to promise planning, 543 B Back door, 224 Backups, 265–266 Balanced scorecard, 588 Balanced sets of DFDs def., 103 illus., 104 Balance-forward system, 388–389 Bar code readers, 350 B/AR/CR process See Billing/ accounts receivable/cash receipts (B/AR/CR) process Batch control plans def., 304–306 illus., 309 Batch processing def., 70 illus., 71 subprocesses, 71–72 Batch sequence checks, 307 B2B (business-to-business) marketplaces, 439, 440 B2B (business-to-business) systems, 64–65 B2C (business-to-customer) and EBPP, 378 Benchmarks, 614 Big Four firms, consulting units of, Biller direct method, 379 Billing/accounts receivable/ cash receipts (B/AR/CR) process applying control framework to, 396–400, 401–406 company-level controls and, 407 def., 375–376 logical description of, 382–394 optimizing cash resources, 378–382 organizational setting and, 376–378 physical description of, 394–396, 400–401 Billing systems, types of, 394 Bills of lading, 346 Bills of materials (BOM), 547, 550 649 650 Index Biometric identification system, 268 Blanket orders, 434 Blind copies, 435 Block coding, 149, 150, 180 Boise Office Solutions, 328–329, 339 BOM (bills of materials), 547, 550 Bosch Tool Corp., 442 Bottom-up design of relational databases, 148, 150 Budget, 608 Bullwhip effect, 426 Business continuity planning def., 265 models for, 265–267 Business event def., 39 recording occurrence of, 48–49 Business event data, 67, 136 Business event processing applications approach to, 137–139, 144–145, illus., 137, 138 approaches to, 136–137 database approach to, illus., 137, 139–140 EDI and, 83, 85 example of, 47–48 illus., 48 order-to-cash, 52–54 purchase-to-pay, 54–57 Business intelligence, 589 Business operations, 10 Business process control plans def., 235 pervasive control plans and, 246 Business process controls company-level controls and, 303 overriding, 311 Business process automation of, 64–65 capturing data during, 46–47 components of, 10, 14–16 logical model of, illus., 15 value chain and, 41, 43 See also Accounts payable/ cash disbursements (AP/CD) process; Billing/accounts receivable/cash receipts (B/AR/CR) process; Order entry/sales (OE/S) process; Payroll process; Purchasing process Business processing, evolution of, 66 Business process management (BPM) def., 37, 41 internal controls and, 215 Business reporting Sarbanes-Oxley Act and, 592–593 technology and, 586–591 See also General ledger and business reporting (GL/BR) process Business-to-business (B2B) marketplaces, 439, 440 Business-to-business (B2B) systems, 64–65 Business-to-customer (B2C) and EBPP, 378 Buy-side systems, 336 C Caesar cipher, 312 Canadian Institute of Chartered Accountants, 7, 272–273 Candidate keys, 187 Capable to promise planning, 543 Capacity requirements planning, 552–553 Cardinality, 158, 182 Cash disbursements See Accounts payable/cash disbursements (AP/CD) process Cash disbursements events data, 472 Cash receipts event data, 390 Cash receipts function, 400–401 Cash resources, optimizing, 378–382 Cellular manufacturing, 542, 545 Central objectives of system, 12–13 Certified information technology professional (CITP), CGI (common gateway interface) software, 88 Character def., 46 illus., 47 Charge cards, 379 Chart of accounts, 584–586 Check Clearing for the 21st Century Act, 381 Check digit verification, 299 Child records, 145 Ciphertext, 312 Classifying and database design, 149 Clients, 247 Client/server technology, 77 COBIT (Control Objectives for Information and Related Technology), 217, 246–247 Codes of conduct, 225, 445 Coding database design and, 149–150, 180 general ledger chart of accounts, 584–585 Cold sites, 266 Collaborative Forecasting and Replenishment method, 427 Collaborative Planning Forecasting and Replenishment method, 427–428 Co-Managed Inventory method, 427 Commission schemes, 520 Committee of Sponsoring Organizations (COSO) of the Treadway Commission controls and, 246, 247 internal controls and, 216 Common gateway interface (CGI) software, 88 Communication networks, 77 Communications, 11, 64 Comparability of information, 21 Compensatory controls, 255 Completeness of information, 21 Compliance, 20 Composite attributes, 179 Composite primary key, 148, 189 Computer-aided design, 545, 547 Computer-aided engineering, 545, 547 Computer-aided manufacturing, 554 Computer-aided process planning, 548 Computer crime, 222–224 Computer hacking and cracking, 270–271 Computer virus, 223 Confidentiality of information, 20 Configuration plan, approved, 609–615 Conflicts of interest, 445–446 Consistency of information, 21 Consolidation aggregation method, 379 Consulting units of Big Four firms, Context diagrams billing/accounts receivable/ cash receipts process, 382–388, illus., 383, 384, 385, 387, 390 def., 101 drawing, 113–114 general ledger and business reporting process, 579, illus., 581 illus., 101, 114 order entry/sales process, 339–346, illus., 340, 341, 342, 344, 345 payroll process, 512, illus., 513, 514, 515 purchasing process, 429, illus., 430, 431, 432, 433, 435 Contingency management, 265–267 Contingent workforce management systems, 507 Continuous Data Protection, 266 Continuous online financial reporting, 594 Continuous Replenishment method, 427 Continuous service, ensuring, 264–267 Control activities, 211, 217 Control environment, 216, 224–225 Control framework accounts payable/cash disbursements process, applying to, 484–488 batch data entry control plans, applying to, 302–311 billing/accounts receivable/ cash receipts process, applying to, 396–400 cash receipts function, applying to, 401–406 control matrix, 285–292 data entry control plans, applying to, 295–300 description of, 285 design of, 225–235 order entry/sales process, applying to, 354–361 payroll process, applying to, 521–526 purchasing process, applying to, 446–452 Control goals accounts payable/cash disbursements process, 484–488 billing/accounts receivable/ cash receipts process, 396–399 business process, 235 cash receipts function, 403 def., 226 illus., 229, 230 of information processes, 228–229 inventory management, 565–567 of operations processes, 228 order entry/sales process, 354, 357, illus., 355–356 organizational, 254–257, illus., 258 payroll process, 521–523 Index pervasive, 246 purchasing process, 446–451 Control hierarchy, illus., 233 Controlling and Profitability Analysis Module of SAP system, 51 Controlling business processes, 10 Control matrix for batch data entry, 310, illus., 305 for cash receipts function, 401–402, 405–406 cell entries for, 287 def., 226, 285–287 illus., 234, 286, 288 for manual and automated data entry, 301–302, illus., 296 preparing, 287–292, 293 Control plans accounts payable/cash disbursements process, 486, 488 billing/accounts receivable/ cash receipts process, 398, 400 cash receipts function, 404, 406 data entry with batches, 300, 302–311 data input, 292–293 def., 232–235 evaluating ‘‘present,’’ 291 identifying and evaluating ‘‘missing,’’ 291–292 identifying recommended, 290 manual and automated data entry, 294–300 order entry/sales process, 357–361 payroll process, 523–526 personnel, 257, 259–260 pervasive, 232, 246 purchasing process, 449, 451–452 Control process, 252, 555–556 Controls def., 247 enterprise system and, 33 hypothetical computer system, 247–248, illus., 248 segregation of duties, 47 See also General controls; Pervasive controls Conversion, 621 Corrective control plans, 235 Corrective maintenance, 622 Cosource.com, 612 Cost/benefit analysis, 607 Cost-effectiveness study, 607–608 Costs inventory, carrying, 431–432 lifecycle, 544 standard, recording, 559 types of, 607 CPA WebTrust, 90, 91 Cracking, 270–271 CREATE command (SQL), 193 Credit card fraud, Credit memorandum, 482 CRM See Customer relationship management (CRM) Cross-functional integration, 41, 43 Cryptography, public key def., 313–315 illus., 314 CSS See Customer self-service (CSS) Cumulative sequence checks, 307 Customer accounts, managing, 388, 395 Customer acknowledgments, 343 Customer master data, 346 Customer monthly statements, 395 Customer relationship management (CRM) Boise Office Solutions and, 339 def., 93 order entry/sales process and, 337–338 See also Satisfying customer need Customer relationship management (CRM) software, 35 Customer self-service (CSS) accelerating payments and, 381 def., 93 order entry/sales process and, 338 Customer self-service (CSS) software, 35 D DaimlerChrysler Corp., 537 Data def., 17 hierarchy of, 46–47 Database approach to business event processing, 139–140, illus., 137 Database management system (DBMS) applications approach, overcoming limitations of, 144–145 decision making and, 160–166 def., 140 entity-relationship models, 155–160 logical models, 145–147 logical vs physical models, 140–143 normalization in relational databases, 148, 150–155 query language, def., 141 record layouts as tables, illus., 142 relational databases, 147–148 schema, def., 141 subschema, def., 141 Databases accessing and using, 8, 10 classifying and coding, 149 creating, 193–194 querying, 196–198, illus., 198 updating, 194–196 See also Relational databases Databases, designing for accounts payable/cash disbursements process, 472, 474, illus., 475–476 for billing/accounts receivable/cash receipts process, 390–391, 394 for order entry/sales process, 347, illus., 349, 350 for purchasing process, 436–437, 439, illus., 438 Data classification, 144 Data dictionary, 82 Data encryption, 312–316, illus., 313 Data entry control plans batches, 300, 302–311 manual and automated, 294–300 Data flow diagrams (DFDs) annotated table of entities and activities, illus., 118 drawing, 119–121 logical, 101–105, 120 logical, drawing, 117–119 narrative, 110–111, illus., 111 physical, 101 physical, drawing, 114–117 preparing, 110–121 reading, 100–101 symbols, illus., 100 table of entities and activities, 111–112, illus., 112 See also Context diagrams Data independence, 140, 144 Data input, control plans for, 292–293 Data maintenance def., 70 order entry/sales process and, 346 Data mining applications of, 335 def., 167 to support marketing, 334–335 Data model, 155 651 Data redundancy def., 138 eliminating, 144 Data warehousing, 167, 334–335 DBMS See Database management system (DBMS) Debit cards, 379 Debit memorandum, 482 Debugging, 620 Decision making database management system and, 160–166 description of, 10, 22–26 HR management process and, 503, 504–505 integrated production processes and, 556, 558, illus., 557 inventory management and, 563 problem structure and information requirements, illus., 24 satisfying customer need and, 334 steps of, 22–23, illus., 23 storage of data for, 49–50, illus., 49 Decision support systems def., 161 illus., 162–163 DELETE command (SQL), 195–196 Deliver and Support domain delivering required IT services, 263–264 description of, 263 ensuring security and continuous service, 264–272 providing support services, 272 Dell, Inc., 40–41 Denial-of-service attacks, 267 Detective control plans, 235 DHL International GmbH, 442 Diageo North America, 429 Digital identity and authentication technologies, Digital image processing, 350–351, 477 Digital signatures, 315–316 Direct approach to systems implementation, 618–619, illus., 618 Direct costs, 607 Direct labor variances, computing, 561 Disaster and business continuity planning, Disaster recovery planning, 265–267 Distributed denial-of-service attacks, 267 652 Index Documenting enterprise systems, 126 qualities of information, 21–22 See also Recording; Systems documentation Document/record counts, 306 Documents application, 262 approved systems analysis, 605–606, 608–609 approved systems design, 616 instance, 589 project completion report, 617 turnaround, 306–307, 310 Drawing context diagrams, 113–114 data flow diagrams, 119–121 logical data flow diagrams, 117–119 physical data flow diagrams, 114–117 systems flowcharts, 122–123, 125 E EAI (enterprise application integration), 37 EBPP See Electronic bill presentation and payment (EBPP) systems E-business applying to value chain, 65–66 business processing and, 64–65 data encryption, public key cryptography, and, 316 def., 3–4, 63 digital signatures and, 315–316 e-mail, 77–78 global, mastering, 335–337 Internet commerce, 87–93 methods for conducting, 76–77 supply chain management and, 543 ECheck (electronic check), 316 Economic Crime Survey, 221–222 Economic order quantity, 431–432 EDGAR (Electronic Data Gathering, Analysis, and Retrieval), 593–594 EDGAR Online, Inc., 593 EDI See Electronic data interchange (EDI) EDM (electronic document management), 76, def., 78–80 Effectiveness analysis, 607–608 Effectiveness goals, 288 Effectiveness of information, 21 Efficiency goals, 288–289 Efficiency of information, 20 EIPP (electronic invoice presentment and payment), 477, 478 Electronic bill payment, 375 Electronic bill presentation, 374 Electronic bill presentation and payment (EBPP) systems def., 379 optimizing cash resources using, 378–382 Electronic business See E-business Electronic check (eCheck), 316 Electronic communication networks, 77 Electronic data capture, 350 Electronic Data Gathering, Analysis, and Retrieval (EDGAR), 593–594 Electronic data interchange (EDI) accounts payable/cash disbursements process and, 478 benefits, costs, and control considerations, 84–85 buy-side systems and, 336 components of, 80–83, 85–87, illus., 81 def., 80 transaction set, illus., 82 Electronic document management (EDM), 76, def., 78–80 Electronic funds transfers, 380 Electronic invoice presentment and payment (EIPP), 477, 478 Electronic store fronts, 92 Electronic time management system, 518 Electronic vaulting, 266 E-mail, 77–78 Employease software vendor, 499 Employee/payroll master data, 511, 516, 553 Employees evaluating, 508, 510 ghost, 520 selecting, 508 terminating, 510 Encapsulated methods, 146–147 Enterprise application integration (EAI), 37 Enterprise database, 26 See also Database management system (DBMS) Enterprise resource planning (ERP) systems add-on modules, 35–36 business intelligence module, 589 def., 3, 33 early adopters, 38–39 enterprise systems compared to, 33–34 financial module capability, 587–588 implementation of, 37 improvements to, 38 modules, 50–52 Nestle´ SA project, 31–32 selected vendors, illus., 34 Enterprise risk management (ERM) components of, 209–212, illus., 209 def., 208–209 Sarbanes-Oxley Act and, 212–216 Enterprise Services Bus (ESB), 37 Enterprise systems def., 3, 32–33 documenting, 126 ERP compared to, 33–34 support for business event processes, 52–57 support for organizational processes, 46–50 value chain, 39–43 value of systems integration, 43–45 Entity attribute hierarchy for, illus., 179 external, 101 indentifying, 157 instance of, 178 internal, 101 REA approach and, 177–180 See also Table of entities and activities Entity-relationship diagrams accounts payable/cash disbursements process, 472, 474, illus., 473 billing/accounts receivable/ cash receipts process, illus., 391, 392 illus., 185 order entry/sales process, 347, illus., 348 purchasing process, 436, illus., 437 REA data models and, 184–186 symbols used in, illus., 180 Entity-relationship models characteristics of relationships, 157–158 creating tables and relationships, 158–160 def., 155–157 identifying entities, 157 identifying relationships that connect entities, 157 illus., 156 E-procurement, 439 ERM See Enterprise risk management (ERM) ERP See Enterprise resource planning (ERP) systems Error routines, 121 Ethical considerations and control environment, 224–225 Evaluated receipt settlement, 477 Evaluating control plans, 291–292 employees, 508, 510 internal controls, matrix for, illus., 219 vendor proposals, 612–615 Event-driven architecture, 37, def., 39 Event identification, 210 Events in entity-relationship models, 157 Events processing, 10 Exception and summary reports, 302 Exception routines, 121, 342 Executive information systems, 161, illus., 162–163 Expense accounts, 521 Expert systems, 161, 163–165 Exploding the BOM, 550, 552, illus., 551 eXtensible Business Reporting Language (XBRL), 589–591, 593 eXtensible Markup Language (XML), 86 External entity, 101 External financial reporting, 592–593 External parties, acquiring AIS from, 599–600 External view of purchasing process, 423–424, illus., 423 Extranets, 77 ExxonMobil Speedpass, 442 E-ZPass, 442 F Feasibility study, 601, 603–604 FedEx, Corp., 440 Feedback value, 20 Feeder process, 575 Fidelity bonds, 260 Fidelity Investments, 507 Field def., 46, 187 illus., 47 Financial Accounting Module of SAP system, 51 Financial reporting external, 592–593 periodic and continuous, 594 Index Financial reporting officer, 578 Fiorucci Foods, 540 Firewalls, 270 First normal form (1NF) def., 150–151 illus., 152 Flexible manufacturing systems, 554–555 Floats, 379 Flowcharts See Systems flowcharts Forced vacations policy, 260 Forms in relational databases, 147 Fraud def., 221 Fraud and abuse accounts payable function and, 482–483 billing/accounts receivable/ cash receipts process and, 381–382 cash disbursements function, 483 computer crime, 222–224 internal control and, 221–222 inventory management and, 564–565 occupational, 220 payroll process and, 520–521 purchasing function and, 445–446 Freedom from bias, 20 Functional dependence, 151 G GAAP (generally accepted accounting principles), 592 Gartner Group, Inc., 612 General controls Acquire and Implement domain, 260–263 application controls and, 246 def., 232–233 Deliver and Support Domain, 263–272 domains of, 249, 252, illus., 251 failure of, 243–244 Monitor and Evaluate domain, 272–273 Plan and Organize domain, 252–260 General ledger and business reporting (GL/BR) process coding chart of accounts, 584–585 def., 574–575 example of, 573–574 general ledger master data, 584 illus., 583 limitations of general ledger approach, 585–586 logical description of, 579, 581–586 organizational setting and, 575–579, illus., 580 Sarbanes-Oxley Act and, 592–593 technology and, 586–591 General ledger master data, 584 Generally accepted accounting principles (GAAP), 592 General Motors Corp., 507 Generating standard reports, 198–200, illus., 199, 200 Ghost employees, 520 GlaxoSmithKline, 540 GL/BR process See General ledger and business reporting (GL/BR) process Global inventory management, 549–550 Good funds, 379 Goods, 420 Google’s Book Search, 135 Group support systems (group decision support systems), 161 Groupware, 161 H Hacking, 270–271 Hardware acquisition, 610–611 Hierarchical coding, 149, 150 Hierarchical database model, 145 Home Depot, Inc., 335 Honeywell International Inc., 243 Horizontal information flows, 138, 579, illus., 580 Horizontal perspective of accounts payable/cash disbursements process, 464, illus., 465 of billing/accounts receivable/cash receipts process, 376–378, illus., 377 of general ledger and business reporting process, 575–579, illus., 576, 578, 580 of order entry/sales process, 330–332, illus., 331 Hot sites, 266–267 Hours and salary, falsified, 520 Human capital management (HCM) def., 499 philosophy of, 500 Human resources (HR) management process def., 500–501 description of, 502–503 implementing, 505, 507–511 key players, illus., 503 organizational setting and managerial decision making, 503, 504–505 outsourcing, 507 payroll process and, 501–502 systems flowcharts, illus., 509 technology trends and developments, 503, 505 Human resources (HR) self-service systems, 503, 505, 506 Human Resources Module of SAP system, 51–52 I Immediate mode, 74 Imprest payroll bank account, 524 Indirect costs, 607 Information conflicts among qualities of, 22 def., 17, 247 documenting qualities of, 21–22 hierarchy of qualities of, illus., 19 matrix, illus., 22 qualities of, 17–21, 25 transforming data into, illus., 18 Information and communication component of ERM, 211, 217 Information process goals accounts payable/cash disbursements process, 484, 486 billing/accounts receivable/ cash receipts process, 398 cash receipts function, 403 control, 228–229 control matrix and, 289–291 order entry/sales process, 357 purchasing process, 449 Information processing, 70 Information processing activities, 113 Information security, Information systems (IS) business process and, 16 def., 13 functional model of, illus., 13 management decision making and, 17 653 operations system and, 16–17 organizational control plans for, 256–257 Information Systems Audit & Control Association, 217 Information systems organization, 248–249, illus., 249, 250–251 Infrastructure, 247 Input goals, 289 Inputs, processing, 507–508 INSERT command (SQL), 194–195 Instance documents, 589 Instance of entity, 178 Intangible costs, 607 Integrated production processes (IPP) description of, 545 designing product and processes, 545, 547–548 determining needs for materials, 550–552 developing detailed instructions, 552–553 example of, 537–538 generating managerial information, 556, 558, illus., 557 generating master schedule, 548–550 illus., 546 innovation and, 541–542 management accounting systems and, 543–545 manufacturing, 553 manufacturing automation, 554–555 manufacturing terminology and, 547 recording manufacturing events, 555–556 supply chain management and, 542–543 Integrated test facilities, 85 Intelligent agents, 165–166 Internal controls computer fraud and abuse and, 222–223 COSO definition of, 216–218, illus., 217 def., design of system of, 225–235 ethics and, 224–225 fraud and, 221–222 illus., 227 level of assurance provided by, 311 matrix for evaluating, illus., 219 system narrative, 228 working definition of, 218–220 Internal entity, 101 Internal environment, 209–210, 224–225 654 Index Internal view of purchasing process, 421–422, illus., 421 International Federation of Accountants, 597 Internet, 77 Internet assurance, 90 Internet commerce auction markets, def., 92, 439 benefits, costs, and risks of, 88 components of, 87–93 def., 87 market exchanges, def., 92, 93, 439 typical electronic communications connection for, illus., 89 See also E-business Intranets, 77 Intrusion-detection systems, 270 Intrusion-prevention systems, 270 Intuit, Inc., 600 Inventory carrying costs, 431–432 Inventory management decision making and, 563 description of, 562–563 fraud and, 564–565 process controls, 565–567 Inventory master data, 346, 436 Invoice, 385 IPP See Integrated production processes (IPP) IQNavigator, Inc., 507 IS See Information system (IS) Item or line counts, 306 IT general controls See General controls IT governance, 9, def., 245–246 IT projects, success of, 597 IT resources, 247 IT solutions developing and acquiring, 261–262 identifying automated, 261 integrating into operational processes, 262 J Job description control plans, 260 Job time records, 512, 513 Journal vouchers, 579, 581–582 Just-in-time manufacturing, 555, 556 K Key attributes, 179 Key verification, 307 Knowledge management, 167 L Labor-force planning data, 511 LANs (local area networks), 77, 247 Lapping customer accounts, 382 Laribee Wire Manufacturing Co., 564 Legal issues, 315 See also Sarbanes-Oxley Act (SOX) Library controls, 270 Lifecycle costs, 544 Limit checks, 298 Local area networks (LANs), 77, 247 Locations, 157 Lockboxes, 380 Logical access to computer resources, restricting, 269–271 Logical database model, 140–143, 145–147 Logical data flow diagrams def., 101–105 drawing, 117–119 illus., 103, 120 Logical view of general ledger and business reporting (GL/BR) process, 579, 581–583, illus., 581 of payroll process, 511–516 Logical view of accounts payable/cash disbursements (AP/CD) process database design, 472, 474, illus., 475–476 data descriptions, 472 data flow diagrams, 467–470, illus., 467, 468, 470 processing noninvoiced disbursements, 470–472, illus., 471 Logical view of billing/ accounts receivable/cash receipts (B/AR/CR) process database design, 390–391, 394, illus., 393 data descriptions, 388–390 data flow diagrams, 382–388 types of billing systems, 394 Logical view of order entry/ sales (OE/S) process database design, 347, 350 data descriptions, 346–347 data flow diagrams, 339–346 Logical view of purchasing process database design, 436–437, 439, illus., 438 data descriptions, 436 data flow diagrams, 429–430, illus., 430, 431, 432, 433, 435 description of, 428 determining requirements, 430–433 ordering goods and services, 433–435 receiving goods and services, 435–436 Logic bomb, 224 Logic outputs, processing, 510 Losses, nonfraudulent, 483–484 M Maintenance tasks, 622–623 Malicious code technologies, 224 Management accounting systems and integrated production processes, 543–545 Management decision making See Decision making Management fraud and inventory, 564–565 Management information system See Information system (IS) Management process, 15 Managerial reporting officer, 578 Managing customer accounts, 388, 395 systems development process, 600 Manual controls accounts payable/cash disbursements process and, 489 billing/accounts receivable/ cash receipts process and, 407 business process controls, application controls, and, 303 purchasing process and, 453 purchasing process controls and, 362 Manufacturing cellular, 542, 545 computer-aided, 554 just-in-time, 555, 556 pull and push, 541–542 Manufacturing environment competition in, 538–541 management accounting systems, 543–545 managing global complexity, 540 product innovation, 541 production process innovation, 541–542 supply chain management, 542–543 Manufacturing orders, 550, 553 Manufacturing overhead variances, computing, 562 Manufacturing resource planning, 553 Mapping REA model onto relational database model, 187–191, illus., 189, 190, 191, 192 Market exchanges, Internet def., 92, 93 e-procurement and, 439 Marketing, using data mining to support, 334–335 Master data, 70 Master data updates and order entry/sales process, 346 Master production schedule, generating, 548–550 Materials Management Module of SAP system, 51, 57, illus., 56 Materials requirements planning, 550 Mathematical accuracy checks, 299 Matrix def., 21–22 illus., 22, 219 See also Control matrix Maximum cardinality, 158 Microsoft Dynamics GP Bill of Materials screen, illus., 551 Financial Reporting Menu screen, illus., 587 Middleware, 36 Millennium Digital Commerce Act, 315 Mirror sites, 266 Mnemonic coding, 149, 150 Modular approach to systems implementation, 619, illus., 618 Monitor and Evaluate domain, 272–273 Monitoring component of ERM, 211–212, 217 Move tickets, 553 mySAP Business Suite Controlling and Profitability Analysis Module, 51 ERP integration and, 34 Financial Accounting Module, 51 Human Resources Module, 51–52 illus., 35 Materials Management Module, 51, 57, illus., 56 Sales and Distribution Module, 50, 53, illus., 54, 55 N National Australia Bank, 335 Nestle´ SA SAP project, 31–32 Network database model, 146 Network providers, 89 Index Neural networks, 163–165, 166 Neutrality of information, 20 Nonaudit assurance services, Noninvoiced disbursements, processing, 470–472 Non-key attribute, 153 Non-null, 187 Nonrecurring costs, 607 Nonrepudiation, 315 Normal forms, 150 Normalization in relational databases, 148, 150–155 Null, 187 O Objective setting def., 210 illus., 208 Object-oriented database model def., 146–147 illus., 147 Object-relational database model, 147 Occupational Outlook Handbook, 1–2 OE/S process See Order entry/sales (OE/S) process Offline device, 71 One-for-one checking, 309–310 Online, 73 Online real-time (OLRT) processing data entry controls and, 299–300 def., 74–76 example of, 232 illus., 75 Online transaction entry (OLTE) data entry controls and, 299–300 def., 72–74 illus., 73 Open-item system, 389 Operational errors, 232 Operation phase, 598 Operations process, 15 Operations process goals accounts payable/cash disbursements process, 484 billing/accounts receivable/ cash receipts process, 396 cash receipts function, 403 control, 228 control matrix and, 287–289 order entry/sales process, 355, 357 purchasing process, 446 Operations test, 621 Optical character recognition, 350 Optimizing cash resources, 378–382 Order entry/sales (OE/S) process applying control framework to, 354–361 company-level controls and, 362 context diagrams, illus., 340, 341, 342, 344, 345 functions of, 330 logical description of, 339–350 operational aspects of, 329–330 organizational setting and, 330–333 physical description of, 350–354 satisfying customer needs, 333–338 Order-to-cash process def., 52–54 illus., 53 Organizational control plans illus., 258 information systems function, 256–257 segregation of duties, 254–256 Organizational governance def., 207 IT governance compared to, 245 See also General controls; Pervasive controls Organizational process, enterprise systems support for, 46–50 Organizational setting accounts payable/cash disbursements process and, 464–466 billing/accounts receivable/ cash receipts process, 376–378 general ledger and business reporting process and, 575–579 HR management process and, 503 order entry/sales process and, 330–332 payroll process and, 511, illus., 512 purchasing process and, 421–426, 428 Outsourcing hardware acquisition and, 611 HR functions, 507 Overriding controls, 311 P Packing slips, 346, 435 Paperless digital technologies, Paperless systems, 439 Parallel approach to systems implementation, 617–618, illus., 618 Parent records, 145–146 Partial dependency, 153 Participation constraint, 183 Parts master, 547–548, 550 Passive tool, 166 Pay By Touch, 380 Payless ShoeSource Worldwide, 426 Payroll clearing account, 524 Payroll direct deposit system, 518 Payroll process accounting entries related to, 516, 517 applying control framework to, 521–526 def., 501 fraud and, 520–521 HR management process and, 501–502 logical description of, 511–516 organizational setting, 511 physical description of, 516, 518–520 Payroll service bureau, 518 Perfective maintenance, 622 Performance reports, 578 Periodic financial reporting, 594 Periodic mode, def 70, 72 Personnel control plans, 257, 259, illus., 259 Personnel development control plans, 260 Personnel management control plans, 260 Pervasive control plans, 232, 246 Pervasive controls, failure of, 243–244 Phar-Mor Inc., 564 Physical access to computer resources, restricting, 268–269 Physical database model, 140–143 Physical data flow diagrams def., 101 drawing, 114–117 illus., 102, 116 Physical security of computer resources, ensuring, 271–272 Physical view of human resources management process, 505, 507–511 of payroll process, 516, 518–520 Physical view of accounts payable/cash disbursements (AP/CD) process 655 description of, 478, 480 exception routines, 480, 482 fraud and, 482–483 illus., 481 nonfraudulent losses, 483–484 Physical view of billing/ accounts receivable/cash receipts (B/AR/CR) process billing function, 394–396 cash receipts function, 400–401, illus., 401 illus., 395 process outputs, 396 Physical view of order entry/ sales (OE/S) process digital image processing, 350–351 electronic data capture, 350 management reporting, 353–354 systems flowcharts, 351, 353, illus., 352 Physical view of purchasing process description of, 439 fraud and, 445–446 receive merchandise, 442, 445 requisition and order merchandise, 440–442 systems flowcharts, illus., 443–444 Picking tickets, 343 Plaintext, 312 Plan and Organize domain description of, 252 developing tactics to realize strategic vision, 253–260 establishing strategic vision for IT, 252–253 Post-billing systems, 394 Post-implementation reviews, 621–622 Pre-billing systems, 394 Predictive value, 20 Preliminary feasibility study, 601, 603–604 Preventive control plans, 235 Preventive maintenance, 272 PricewaterhouseCoopers Economic Crime Survey, 221–222 TeamMate software, 164 Pricing decisions, 336 Primary key, 148, 151 Principles, accounting and auditing, 11 Privacy management, Process, 218 See also specific processes Processing errors, 232 Process outputs, processing, 510 Procter & Gamble, 419 656 Index Production instructions, developing, 552–553 Production process innovation, 541–542 Product lifecycle management (PLM) software, 36 systems, 541 Program change controls company-level controls and, 303 def., 262–263 illus., 263 Programming errors, 232 Progressive Casualty Insurance Co., 244 Project completion report, 617 PSS/World Medical, 498–499 Public key cryptography def., 313–315 illus., 314 Pull manufacturing, 541–542 Purchase order master data, 436 Purchase orders, 434–435 Purchase receipts data, 436 Purchase requisitions, 430, 436 Purchase requisitions data store, 436 Purchase-to-pay process def., 54–57 fraud and, 445–446 illus., 55 Purchasing events data, 472 Purchasing manager, 422 Purchasing process applying control framework to, 446–452 B2B marketplaces for, 440 company-level controls and, 453 database design, 436–437, 439, illus., 438 data descriptions, 436 def., 420 example of, 419 logical description of, 428–436 monitoring, 176 organizational setting and, 421–426, 428 physical description of, 439–446 RFID and, 442 technology trends and developments, 439 Push manufacturing, 541–542 Q Queries in relational databases, 147 Querying databases def., 196–198 illus., 198 Query language, 141 See also SQL (Structured Query Language) R Radio-frequency identification (RFID), 441, 442 Raw material quantity variance, computing, 559, 561 Raw materials requisitions, 553 Reading data flow diagrams, 100–104 systems flowcharts, 105–110 REA (Resources, Events, Agents) approach entities and attributes, 177–180 entity-relationship diagrams, 184–186, illus., 180, 185 history of, 178 mapping to relational DBMS, 187–191, illus., 189, 190, 191, 192 model constraints, 182–184, illus., 183 relationships, 181–182, illus., 182 symbols used in, illus., 180 Reasonableness checks, 298 Record def., 46–47 illus., 47 Recording manufacturing events, 555–556 occurrence of business events, 48–49 See also Documenting Recovery process, 266 Recurring costs, 607 Recursive relationship, 182 Referential integrity def., 187 illus., 189, 190 Reimbursement for expenses, 521 Reject stub, 121 Relation creating, 193–194 def and illus., 186 Relational database model, 146 Relational databases concepts, 186–187 constructing, 193–194 elements of, 147–148 illus., 159 mapping REA model to, 187–191, illus., 189, 190, 191, 192 normalization in, 148, 150–155 PricewaterhouseCoopers example of, 164 See also SQL (Structured Query Language) Relationship (junction) tables, 160 Relationships in REA model, 181–182, illus., 182 Relevance of information, 20 Reliability of information, 20 Remittance advice, 387, 477 Remittance advice files, 390 Reorder point analysis, 431 Reporting, 10 Reports def., 147 financial, 592–594 generating standard, 198–200, illus., 199, 200 project completion, 617 Request for quotation, 434 Requests for proposals, 611–612, 613 Resources def., 157 IT, 247 Resources, Events, Agents approach See REA (Resources, Events, Agents) approach Responsibility accounting/ reporting system, 578 Restricting access to computing resources layers of protection, illus., 269 logical, 269–271 overview of, 267–268 physical, 268–269 Retention control plans, 259 Revenue Science, Inc., 335 Reviews, post-implementation, 621–622 RFID (radio-frequency identification), 441, 442 Risk, 210 Risk assessment COSO and, 217 def., 210 process, illus., 210–211 Risk response def., 211 illus., 212 Rotation of duties policy, 260 Routing master, 548, 553 S Salami slicing, 224 Sales and Distribution Module, 50, 53, illus., 54, 55 Sales event data, 390 Sales force automation (SFA) software, 36, 338 Sales order master data, 346–347 Samsung Electronics, 540 SAP Accounts Receivable Aging Report, illus., 389 Dynamic Production Schedule, illus., 549 HR management and payroll processes and, 505 Invoice Data, illus., 386 Materials Planning, illus., 561 Nestle´ SA project, 31–32 Order Requirements Schedule, illus., 551 outline agreements, 434 Production Routing Schedule, illus., 554 Purchase Order Data, illus., 469 Purchase Order, illus., 434 Purchase Requisition, illus., 432 Sales Analysis Report, illus., 354 Sales Order Inquiry, illus., 344 Service entry sheets, 436 See also mySAP Business Suite SAP NetWeaver, 37, 40 SAP R/3 system human resources module, 501 human resources module menu, illus., 502 Maintain HR Master Data screen, 508 Sarbanes-Oxley Act (SOX) enterprise risk management and, 212–216 general ledger and business reporting process and, 592–593 impact of, 5–7, 98 internal controls requirements of, 206–207 outline of, illus., 213–214 Satisfying customer need data mining and, 334–335 decision making and, 334 global e-business and, 335–337 order entry/sales process and, 333–334 See also Customer relationship management (CRM) Scanners, 350 Schedules, 608 Schemas, 141 SCOR- (supply-chain operations reference-) model, 424 SCP Pool Corp., 244 Second normal form (2NF) def., 151, 152–153 illus., 154 SEC (Securities and Exchange Commission), 593 Secure Sockets Layer (SSL), 316 Security certification, Internet, 91 Index Security goals, 289 Security module (software), 269 Security officer, 256–257 Segregation of duties accounts payable/cash disbursements process and, 489 billing/accounts receivable/ cash receipts process and, 407 control plan for, 254–256 data maintenance and, 47 illus., 255 purchasing process and, 453 purchasing process controls and, 362 SELECT command (SQL), 196–197 Selecting employees, 508 Selection and hiring control plans, 259 Self-checking digit code, 149 Self-service systems, 503, 505, 506 See also Customer self-service (CSS) Sell-side systems, 336–337 Sequence checks, 307, 310 Sequential coding, 149, 150, 180 Servers, 247 Service bureau, 83, 611 Service-level requirements, 261 Service-oriented architectures (SOA), 86 Service process, illus., 44 Services, 420 Set theory, 146 Shop floor control process, 555–556 Significant digit coding, 149, 150 Signoffs, 608–609 Skills inventory data, 511 Smart cards, 316 SOA (service-oriented architectures), 86 SourceXchange.com, 612 Spyware detection and removal, SQL (Structured Query Language) commands, illus., 193, 195 constructing relational databases with, 193–194 def., 143 description of, 191–193 generating standard reports, 198–200 querying commands, 196–198 updating databases with, 194–196 SSL (Secure Sockets Layer), 316 Standard costs, recording, 559 Standards for electronic data interchange, 80–81 Standing data, 70 Standish Group, 597 Steering committee for IT, 257 Strategic vision establishing, 252–253 realizing, 253–260 Structured decisions, 24–25 Structured Query Language See SQL (Structured Query Language) Structured systems analysis completing and packaging document, 608–609 def., 604 tasks of, 604–608 Structured systems design, 615–616 Subassemblies, 542 Subschemas, 141 Subsystems def., 11–13 illus., 12 Supervision control plans, 260 Supplier relationship management (SRM) software, 36 Supply chain collaboration examples, 429 illus., 423 information sharing methods, 427–428 as value system, 423–424 Supply chain management (SCM) integrated production processes and, 542–543 purchasing process and, 424–426 technology and, 439 Supply chain management (SCM) software, 36, 424 Supply-chain operations reference-model (SCOR-model), 424 Support services, providing, 272 Systems def., 11–13 illus., 12 Systems analysis def., 156 phase of, 598 structured, 604–609 Systems design phase of, 598 structured, 615–616 Systems development def., 598 managing process of, 600 phases of, 598–599 Systems development and operation, 11 Systems development life cycle company-level controls and, 303 def., 261, 598 illus., 602 phases, purposes, and tasks, 603 Systems development life cycle (SDLC) methodology, def., 599, 600–601 Systems documentation data flow diagrams, preparing, 110–121 data flow diagrams, reading, 100–104 flowcharts, preparing, 121–125 flowcharts, reading, 105–110 learning tools of, 99–100 uses of, 99 Systems flowcharts accounts payable/cash disbursements process, illus., 481 batch data entry, illus., 304 billing function, illus., 395 cash receipts function, illus., 401 common routines, 105–107, 110, illus., 108–109 drawing, 122–123, 125 with enterprise database, illus., 127 HR management process, illus., 509 illus., 124 manual and automated data entry, illus., 294 payroll process, illus., 519 preparing, 121–126 purchasing process, illus., 443–444 reading, 105 symbols, 105, illus., 106 Systems implementation approaches to, 617–619 conversion, 621 deliverable, 617 intermediate steps in, 619–620 phase of, 598 tasks of, 616–617 testing system, 620–621 Systems integration, value of, 43–45 Systems maintenance, 622–623 Systems selection def., 609 deliverable, 609–610 hardware acquisition, 610–611 requests for proposals, 611–612, 613 vendor proposals, evaluating, 612–615 Systems survey, 601, 603–604 System test, 621 SysTrust services, 273 657 T Table def., 47 illus., 47 record layouts as, illus., 142 in relational databases, 147 relationship (junction), 160 Table of entities and activities annotated, illus., 118 def., 110–112 illus., 112 Take-Two Interactive Software, Inc., 381 Tangible costs, 607 Tax rates data, 512 Technology accounts payable and, 477 business reporting and, 586–591 examples of, 4–5 as foundation of AIS, human resources management process and, 503, 505 impact of, 1–2 Top 10 List for 2006, Tejari, 440 Terminating employees, 510 Termination control plans, 260 Testing system, 620–621 Third normal form (3NF) def., 151, 153–154 illus., 155 Throughput time, 541 Tickler files, 308–309, 310 Timeliness of information, 20 Time-phased order requirements schedule, 550, illus., 551 T-Mobile USA, 462–463 Top-down partitioning, 104 Toyota Motor Corp., 537–538 Transaction files, 67 Transaction set, illus., 82 Transitive dependency, 153–154 Trojan Horse, 224, 243–244 Trust Service principles, 272–273 Tuple, 186–187 Turnaround documents, 306–307, 310 U Understandability of information, 18–19 United Parcel Services Inc., 429 Unnormalized table, 151, illus., 152 Unstructured decisions, 25 UPDATE command (SQL), 196 Update goals, 289–290 658 Index Updating databases, 194–196 U.S Business Council, 440 V Validity of information, 21 Value-added networks, 83 Value chain applying e-business to, 65–66 def., 39–43 illus., 42 Variance analysis def., 558 direct labor variances, computing, 561 illus., 560 manufacturing orders, closing, 562 manufacturing overhead variances, computing, 562 raw material quantity variance, computing, 559, 561 standard costs, recording, 559 Vendor information, sources of, 612 Vendor invoices, 476 Vendor Managed Inventory, 429 Vendor master data, 436 Vendor packing slips, 435 Vendor proposals, evaluating, 612–615 Verifiability of information, 20 Vertical information flows, 138, 579, illus., 580 Vertical perspective of accounts payable/cash disbursements process, 465–466, illus., 466 of order entry/sales process, 332, illus., 333 VF Corp., 429 Virginia Tech, Schiffert Health Center, Cold SelfCare program, 165 W Wal-Mart, 419 Walt Disney Corporation, 33–34, 38 WANs (wide area networks), 77, 247 Web browsers, 77 Web Services def., 37 implementation of SOA application, illus., 86 WebTrust services, 273 Wide area networks (WANs), 77, 247 Wireless technologies, Work center master, 548, 553 Workers’ compensation claims, false, 520 Work-in-process inventory data, 559 Worm, 224 X XBRL (eXtensible Business Reporting Language), 589–591, 593 Xign Payment Services Network, 462–463, 479 XML (eXtensible Markup Language), 86 Z ZDNet, 612 Zombie, 224, 267