(BQ) Part 2 book Corporate accounting information systems has contents Corporate transaction processing the revenue cycle, Risk and risk exposure fraud management and computer crime, accounting information systems development managing change, accounting information systems audit towards a world of CAATs,...and other contents.
CORA_C09.qxd 6/1/07 11:06 Page 433 www.downloadslide.com Creditor-based expenditure cycle n wastage costs – the costs associated with the disposal of products, n reworking costs – the costs associated with the reworking of poor-quality products, and n opportunity costs – the costs resulting from the loss of custom owing to the receipt of faulty products and, in rare instances, services Purchase acquisition stage The purchase acquisition stage is concerned with three key issues: n what products/services should be ordered, n when the products/services should be ordered, and n what volume, or more appropriately how much, of a product/service should be ordered For the moment, we will look at issues associated with the acquisition of purchased products only and consider issues associated with the acquisition of services later in this section Products and the purchase acquisition stage For products, the purchase acquisition stage is essentially concerned with stock management – that is determining an answer to a question which superficially appears to be simple and straightforward, but is in fact deceptively complex So what is the question? The question is: how much stock should the company/organisation hold/possess? There are essentially three possible answers to this question: n retain/maintain a very small stock of products/no stock of products – that is as little stock as possible, or n retain/maintain a large stock of products – that is hold as much stock as possible, or n retain/maintain a moderate stock of products – that is a pre-determined/calculated level of stock So which is the correct answer? Well, that depends, perhaps somewhat unsurprisingly, on a range of factors which we will look at in detail in Chapter 11 Services and the purchase acquisition stage Although cost benefits/cost efficiencies are often cited as important factors in the decision to ‘buy in’ a service from an external agent/service provider, in general a company/organisation would seek to acquire the provision of a service by an external agent/external service provider where: n a legal requirement/contractual arrangement necessitates the use of an external agent/service provider, and/or n an insufficient level of knowledge, skill, ability and/or experience is available within the company for internal employees to provide the required service So, what types of acquired services are there? In general, acquired services can be classified as either: n a recurring acquired service, or n a non-recurring acquired service A recurring acquired service A recurring acquired service can be defined as a service which is purchased to fulfil/satisfy either: n a specific contractual obligation – for example an asset service agreement/maintenance agreement, or 433 CORA_C09.qxd 6/1/07 11:06 Page 434 www.downloadslide.com Chapter Corporate transaction processing: the expenditure cycle n a legal obligation – for example a health and safety assessment or a CRB (Criminal Records Bureau) check.9 The necessity for such a recurring service would normally occur as a consequence of a specific identifiable event or series of events, that is for example: n the purchase/acquisition of an asset or group of assets, or n the provision of a specific activity/service A non-recurring acquired service A non-recurring acquired service can be defined as a service which is required for: n a specific period – for example the outsourcing of a business-related function/activity such as payroll management or purchase order processing within the company/organisation for a fixed period, or n a defined assignment – for example a one-off commission for a specific purpose, for example the appointment of a consultant to review company/organisation procedures The requirement for such a non-recurring service would normally occur as a consequence of a specific management decision, for example: n a decision to restructure a specific business-related activity/function, and/or n a decision to reorganise and/or outsource an administrative process Purchase requisition stage The purchase of a product and/or a service by a company/organisation would normally be initiated by the issue of a purchase requisition, instigated within either: n a manual procedure, or n an automatic procedure Within a manual procedure the purchase requisition would be generated by the actions of/ through the intervention of an authorised employee Such a procedure would normally be associated with a small company/organisation in which stock movement is monitored by assigned employees Within an automatic procedure the purchase requisition would be generated by the actions of a system-based monitoring procedure Such a system would normally be associated with a medium/large company/organisation in which high levels of turnover occur and stock management/movements procedures are computer-based So what is a purchase requisition? This can be defined as a physical and/or electronic document used to inform the purchasing department of a company/organisation that purchased products and/or services are required for business purposes The purchase requisition would normally be prepared by the product/service user and duly authorised by the appropriate budget holder/cost centre manager, in accordance with company/organisational management policy It would: n specify the products/services required – those which are not available internally from within the company/organisation, n authorise the purchasing staff to enter the company/organisation into a supply contract with an external company/organisation for the supply of the requested products/services, and n allocate/charge the cost of those products/services to a specified cost code or cost centre Example 9.1 provides a sample purchase requisition document 434 CORA_C09.qxd 6/1/07 11:06 Page 435 www.downloadslide.com Creditor-based expenditure cycle Example 9.1 A purchase requisition document Using a computer-based purchase requisition system Where a computer-based purchase requisition system is used and the purchase requisition is issued and transmitted to the company/organisation purchasing department electronically – say using a secure intranet facility – it is very likely that a range of: n n n n n content and format checks, document sequence checks, transmission checks, validity checks, and authorisation checks, would be undertaken to ensure the legitimacy and authenticity of the purchase requisition Regarding the latter, such authorisation checks would be undertaken to verify the authority of the purchase requisition issuer to issue/generate purchase requisitions and allocate the cost to the cost code or cost centre specified on the purchase requisition Why? Put simply, to prevent the overspending budget holder/cost centre manager allocating the purchase requisition cost to another budget holder’s/cost centre manager’s cost code or cost centre! In addition, on transmission to the purchasing department each purchase requisition would be assigned a unique reference number Using a paper-based purchase requisition system Where a paper-based purchase requisition system is used, it is likely that all such purchase requisition documentation would be regarded as ‘controlled stationery’ – that is all such documentation would be pre-formatted and sequentially numbered, with the issue and use of such documentation requiring appropriate authorisation So how would such a system operate? It is likely that such a system would be either a twocopy or a three-copy system 435 CORA_C09.qxd 6/1/07 11:06 Page 436 www.downloadslide.com Chapter Corporate transaction processing: the expenditure cycle Using a two-copy purchase requisition system, one copy of the completed purchased requisition would be sent to the purchasing department, via the internal mail system, and one copy of the completed purchase requisition would be retained within the requisitioning department Using a three-copy purchase requisition system, one copy of the completed purchased requisition would be sent to the purchasing department, via the internal mail system, (as above) and two copies of the completed purchase requisition would be retained within the requisitioning department One copy would be retained by the requisitioning department’s administration section and one would be retained by the individual section head/section leader generating/ instigating the purchase requisition Such a system would normally be used in larger companies/ organisations where requisitioning departments are comprised of a number of individual semi-autonomous sections and the responsibility for the generation of purchase requisitions is delegated to individual section heads/section leaders within the requisitioning departments Purchase requisitions and commitment accounting Where devolved budgets are used within a company/organisation, and budget holders/cost centre managers are able to issue purchase requisitions, it is likely that such requisitions would also be required to include details of the actual cost or, if these are not known, an estimated cost of the product/service being requested Such an amount would then be committed against the budget holder’s/cost centre manager’s budget and would be replaced with the actual cost once the invoice for the purchase has been received from the product supplier/service provider Such a system – known as a commitment accounting system – is designed to prevent budget holders/cost centre managers from incurring expenditure above their allocated budget limit and is common in public service organisations Purchase order stage As suggested above, once an approved/authorised purchase requisition has been received by the purchasing department within the company/organisation, a formal purchase order would be raised – assuming of course that the total cost of the purchase requisition does not exceed company/organisation purchase limits Where the cost of the products/services exceeds the purchase limits imposed by the company/organisation purchasing policy, it may be necessary – in accordance with company/organisation policy – for the purchasing department to obtain a number of tenders for the supply/provision of the products/services requested For example, a company/organisation may require all purchase requisitions in excess of, say, £15,000 to be submitted for competitive formal tendering requiring three or four suppliers/ providers to submit sealed bids for the supply of products/the provision of services Once the formal bids have been received, and the successful tender has been awarded, a purchase order would be issued to the successful supplier/provider So what is a purchase order? A purchase order can be defined as a commercial document issued by a buying company/organisation to a supplier/provider (the selling company/organisation) indicating: n the types of products/services ordered, n the quantities of products/services ordered, and n the agreed prices of the products/services ordered In addition, a purchase order would also include: n a unique purchase order number, n a unique supplier reference number, n a requested delivery date, 436 CORA_C09.qxd 6/1/07 11:06 Page 437 www.downloadslide.com Creditor-based expenditure cycle Example 9.2 A purchase order document n an invoicing address, n a delivery address requested terms, and n the terms of references of the purchase order Example 9.2 shows a sample purchase order document The issue of a purchase order by the buying company/organisation to a product supplier/ service provider constitutes a legal offer to buy products and/or services Acceptance of a purchase order by the selling company/organisation forms a one-off contract between the buying company/organisation and the selling company/organisation for the products/services ordered However, it is important to note that no legal contract exists until the purchase order has been accepted by the selling company/organisation So, how would the purchase order be issued? As we saw earlier, many companies/organisations use authorised suppliers and/or providers – that is purchase orders are only issued to suppliers/providers who have been approved as suitable and appropriate for the company/organisation Within a small or even a medium-sized company/organisation the issue of purchase orders will often be undertaken, monitored and controlled by a small number of administrative employees within the so-called ‘purchase office’ However, within a large production/retail company/organisation, where: n a substantial number of purchase orders are issued – on a regular basis, and/or n the products/services ordered are of a highly technical/high complex nature, it is likely that the buying company/organisation may employ specific purchasing agents/ buyers to issue such purchase orders to approved suppliers/providers – that is specialists who are responsible for either a specific type of product/service or a specific group/range of suppliers/providers 437 CORA_C09.qxd 6/1/07 11:06 Page 438 www.downloadslide.com Chapter Corporate transaction processing: the expenditure cycle More importantly, where: n a large number of purchase orders are issued on a regular basis, and n pre-approved companies/organisations are used as product suppliers/service providers, it is more than likely that an electronic purchase order system would be used – using perhaps a secure EDI (Electronic Data Interchange) facility10 and/or B2B (Business-to-Business) extranet facility.11 Why? For three key reasons: security, speed and cost Firstly, such facilities can provide a level of security not achievable with the traditional paper-based purchase order systems – for example data encryption facilities, transmission confirmation facilities and many more – all of which can minimise, although not totally eliminate, the possibility of confidential data (in our case purchase order data) going astray Secondly, unlikely the traditional paper-based purchase order system in which the purchase order has to be physically delivered to the supplier/provider and can take a up to a number of days, the transmission and delivery of the purchase order is instantaneous (well almost) And thirdly, whilst the initial set-up costs of such a facility may be high, the cost per transaction is very small, certainly compared to the cost of a transaction using the traditional paper-based purchase order system Using a computer-based purchase order system Where a computer-based EDI/B2B facility is used to issue purchase orders, a copy purchase order would be transmitted to the product supplier/service provider and a copy purchase order, together with copy details of the transmission, and a copy transmission receipt (received from the product supplier/service provider) would be retained within the purchase office Once the purchase order has been transmitted to the supplier/provider, a purchase order confirmation would be issued, internally, and transmitted to: n the budget holder/cost centre manager (the receiving department), n the stores department, and n creditor management department The purpose of the budget holder/cost centre manager receiving a purchase confirmation is twofold Firstly, to confirm that an authorised purchase order for the requested products/ services has been sent to/transmitted to an approved supplier/provider and secondly to inform the budget holder/cost centre manager – the originator of the purchase requisition – precisely what products/service have been ordered from the supplier/provider This latter point is extremely important inasmuch as it confirms any variations that may have been made to the original purchase requisition For example, variations could be: n some of the requested products/services may no longer be available so substitute products/ services may have been ordered by the purchase office, or n some of the requested products/service may not be available immediately so a number of part deliveries may occur in order to fulfil the purchase requisition The purpose of the stores department receiving a purchase order confirmation would be to alert the stores department of the forthcoming delivery of products and the need to update/amend the stores records The purpose of the creditor management department receiving a purchase order confirmation would be to alert the creditor management department of the purchase order and the forthcoming invoice 438 CORA_C09.qxd 6/1/07 11:06 Page 439 www.downloadslide.com Creditor-based expenditure cycle Using a paper-based purchase order system Where a paper-based purchase order system is used within a company/organisation it would be likely that instead of a purchase order confirmation being issued and/or generated multiple copies of the purchase order would be produced and distributed as follows: n n n n n one copy to the supplier/provider, one copy for the purchase office, one copy for the budget holder/cost centre manager (the receiving department), one copy for the stores department, and one copy for the creditor management department, with the paper copies serving the same purpose as described above within a computer-based purchase order system What different types of purchase orders are there? There are, of course many different types, the main ones being: n the single-use (one-off) purchase order, and n the multi-use (or blanket) purchase order Single-use (one-off) purchase order A single-use (one-off) purchase order is used where it is important to keep track of a single purchase order from a supplier/provider – that is until all products/services contained in the purchase order have been received Once all products/services have been received, and the purchase order has been fulfilled, the purchase order number becomes invalid and can no longer be used – usually for a substantial period of time Multi-use (or blanket) purchase order A multi-use (or blanket) purchase order is often used by companies/organisations where it is important to: n n n n monitor spending within a particular department/location within the company/organisation, monitor/record transactions with a specific supplier/provider, limit expenditure on a specific project, and/or limit expenditure to a specific timeframe Outsourcing the product/service order system There can be little doubt that in a commercial context, the effective management of the purchase/ service order system is an essential prerequisite for business stability and financial success However, such systems can be expensive to develop and difficult to maintain – especially where large volumes of purchase orders are generated on a regular basis One option is to outsource some or all of the product/service order function and/or the stock management function(s), and use an externally managed stock system, often referred to as a Supplier Managed Inventory (SMI) system Whilst specific outsourcing arrangements would differ from organisation to organisation, in general an externally managed stock arrangement would normally constitute a form of agreed cooperation between a customer (the buying company/organisation), and a product supplier (the selling company/organisation) – an arrangement in which the customer agrees to share information with the supplier As part of the agreement: n the customer agrees to transfer all purchase order functions, and n the supplier accepts responsibility for replenishing the customer’s stock to within agreed, pre-determined limits/levels – based on information supplied by the customer 439 CORA_C09.qxd 6/1/07 11:06 Page 440 www.downloadslide.com Chapter Corporate transaction processing: the expenditure cycle Where the customer’s internal control systems require the production of a purchase order, such a document would be generated automatically by the supplier, based on the replenishment information provided by the customer So what if a company/organisation uses a number of product suppliers/service providers? There is no reason why it could not enter into an agreement with a number of product suppliers/ service providers, with each agreement referring to a different range of products/services used by it For the customer – that is the buying company/organisation – the main benefits/advantages include: n n n n n a reduction in stock levels, an improvement in stock replenishment rates/procedures, a decrease in ordering costs, a decrease in holding costs, and an elimination of product/service ordering activities For the supplier – that is the selling company/organisation – the main benefits/advantages include: n an improved visibility of customer requirements, n a reduction in customer returns, and n a long-term commitment from the customer The main problems/disadvantages are: n the cost – such arrangements can be very expensive, n the controls – to function effectively such arrangements not only require accurate and up-to- date data/information but, more importantly, continuous monitoring and assessment, and n the commitment – such arrangements may require the customer (the buying company/ organisation) to enter into a long-term agreement with the supplier (the selling company/ organisation) thereby reducing customer choice and flexibility, Product/service receiving system The purpose of the product/service receiving system is to ensure that: n all authorised purchases of products/services are appropriately receipted, n all purchased products are securely stored, n all purchased services are used in accordance with the purchase requisition/purchase order, and n all purchases are appropriately accounted for See Figure 9.5 The key documentation for such a product/service receiving system would be: n a delivery note – generated by the supplier, and n a goods received note – or receiving report Whilst it is possible for a company/organisation to receive products/services at any number of locations, for our purposes we will assume that: n all products received and accepted from approved product suppliers will be receipted into a centralised store facility, and n all services received and accepted from approved service providers will be receipted at an operational/functional location within the company/organisation as requested in the purchase requisition and the purchase order 440 CORA_C09.qxd 6/1/07 11:06 Page 441 www.downloadslide.com Creditor-based expenditure cycle Figure 9.5 Product/service receiving system Products received from approved product suppliers Where products are received into a centralised store, such a store would – for security and control purposes – be comprised of a number of separate functions/activities The most likely division/separation of duties within a centralised store would be: n a store/stock receipting/issuing facility responsible for: receiving products from the supplier/supplier’s agent, and issuing products to operational departments within the company/organisation as requested, n a store/stock warehousing facility responsible for securely storing products within the store/ stock warehouse, and n a store/stock warehousing control facility responsible for recording and documenting the movement (the receipting and issuing) of products l l Store/stock receipting/issuing facility When receiving products from a supplier, the main function/responsibility of the store/stock receipt facility would be to confirm the quantity/quality of products and, where appropriate, accept the delivery of the products To confirm and accept the delivery of stock from a supplier/supplier’s delivery agent, the store/stock receipting/issuing facility would need either: n to access the purchase order to which the delivery relates if the purchase order system is computer-based, or n to access a copy of the purchase order to which the delivery relates if the purchase order system in paper-based Primarily, the store/stock receipting/issuing facility would be responsible for: n verifying that the purchase order number identified on the supplier’s delivery note (the delivery note would be attached to/included with the delivery) is an appropriate and valid purchase order number, n confirming that the supplier delivery note details correspond to the purchase order, n checking the quantity of products received against the supplier delivery note, and n assessing the quality of the products received from the supplier So, under what circumstances would the stock receipting facility reject a delivery? This would happen where, for example: 441 CORA_C09.qxd 6/1/07 11:06 Page 442 www.downloadslide.com Chapter Corporate transaction processing: the expenditure cycle n the purchase order number identified on the supplier’s delivery note does not correspond to a valid purchase order number, and/or n a substantial number of the products delivered by the supplier/supplier’s delivery agent have failed a quality inspection test12 – that is the products are of an inferior quality, and/or n a substantial number of the products delivered by the supplier/supplier’s agent are damaged On rejection the delivery would be returned to the supplier via the supplier’s delivery agent However, where for example: n an incorrect quantity of products have been received from the supplier/supplier’s delivery agent, n a small number of the products delivered by the supplier/supplier’s delivery agent have failed a quality inspection test, and/or n a small number of the products delivered by the supplier/supplier’s delivery agent are damaged, it is likely that – subject to the supplier’s agreement – the delivery note would be amended to reflect the actual products accepted by the company/organisation and the incorrect products/ damaged products would be returned to the supplier via the supplier’s delivery agent Note: An adjustment note (often called a debit note) would need to be prepared to authorise the adjustment to be made to the supplier’s invoice for the returned products (see the discussion below) Once the products have been verified, approved and accepted from the supplier’s delivery agent, and before the products are receipted into the central store within the store/stock warehousing facility, the store/stock receipting facility would allocate a product identification code/location marker for each of the products/groups of products received Put simply: n to manage and control the movement of stock into and out of the stock warehousing facility, and n to monitor the movement of products within the stock warehousing facility Such product identification codes/location markers would of course vary from organisation to organisation and would primarily depend on: n the size of the stock warehouse facility used by the company/organisation, n the nature and type of products stored by the company/organisation and, of course, n the degree of information technology used in the product/service ordering system and the product/service receiving system So what type of location markers could be used? These could vary from: n a simple, hand-written or pre-printed product code/location marker, to n a more sophisticated, pre-printed barcode-based product code/location marker, to n a state of the art RFID tag (see Chapter 12) Once the accepted products have been appropriately marked, coded or tagged, and routed into the central store, the store/stock receipting/issuing facility would prepare a goods received note (sometimes called a receiving report), listing and detailing the products accepted from the supplier/supplier’s agent Where a computer-based purchase order/product receiving system is used, the purchase order would be authorised as complete, indicating the receipt of the products and the location of the products in the store/stock warehousing facility This authorisation would automatically update the record of products in the store – often somewhat misleadingly referred to as the stores ledger Where a paper-based purchase order/product receiving system is used, a paper-based goods received note would be prepared, authorised and attached to the supplier delivery note and 442 CORA_C16.qxd 6/1/07 11:14 Page 904 www.downloadslide.com CORA_Z01.qxd 6/1/07 11:16 Page 905 www.downloadslide.com Index ABI Research 585 absenteeism records 474 absorption costing 512–14 access code devices 705–6 access controls 409, 458–9, 526, 750, 808 access to information, un-authorised 698–700 access protocols 218 accessibility of data 279 account codes 310–11 accounting entries 253–5 accounting information systems alternative approaches to development of 830 architecture of 806–9 audit of 784–7, 792–6, 809–12 and capitalism 40 complexity of 15 constructed nature of 25 and the conversion cycle 489 and cost management 511–21 and data processing 288 definition of 13 and the expenditure cycle 423 external influences of 21 fallacies about 24 functional context for 19–20 functions of 15–17 and general ledger functions 594–5 historical nature of 24 integrated nature of 14–15 internal influences of 21 and the management cycle 536 nature, context and purpose of 11–15 need for change in 822–9 organisational context for 17–21 and payroll 463–4, 471 politics of development of 877–80 problems with 23–4 procedural context for 16–17 and risk 674 – 6, 681–2, 685 socio-political nature of 25 thematic content of 25 and transaction processing 251–5 underlying theory of 25 users of 21–3 viewed as hard systems 48 accounting software 149–55 Accounting Standards Board Statement of Principles 25 accruals adjustments 595 ACID rules 319–20 Actinic (software developer) 614 activity-based costing (ABC) 155–6, 515 –17 activity information and activity analysis information 413–14, 461–2, 529 –30 activity-related processes 162 adaptive manufacturing 499 adhocracy 183 Administration of Justice Act (1970) 390 administrative management 828–9 advance fee frauds 687–8 advertising 619–20 adware 714 affinity computing 197 Aiken, Howard 116 Akdeniz, Yaman 126 Allen, Paul 117 Alliance & Leicester 705–6 Allied Irish Bank (IAB) 741 Allison, David 586 alpha testing 493 alphabetic codes 309 alpha-numeric codes 309 ‘American’ options 545 analytical review by auditors 803 ANSI-SPARC architecture 314 Apple Inc 491 application auditing 797–805 application controls 459, 751–2 application layer in OSI reference model 211 in TCP/IP reference model 213 application level gateways 702 applications management 828 appropriateness checks 410 approved supplier/providers 441–4 registers of 429–30 arbitration 893–5 archive files 274 ARPAnet 118–19, 122, 146 Arthur Andersen (firm) 736, 777 Asda plc 404, 406 asset management controls 409–10, 527, 750; see also current assets management; fixed assets management asset revaluation adjustments 596–7 Association of British Insurers 776 –7 Association of Chartered Accountants 775 Association for Payment and Clearing Services 406–7 associative entities 303 asymmetric key algorithms 703–4 attendance data on employees 469 attributes associated with entities 303 auction facilities for customers 617 905 CORA_Z01.qxd 6/1/07 11:16 Page 906 www.downloadslide.com Index audit bilateral approach to 796 definition of 773 operational 783–4 purpose of 787–8 techniques of 788–94 types 779–84 audit evidence 787–8 audit software 793–4 audited financial statements 598 Auditing Practices Board (APB) 779 –80 auditors external 774–80 internal 773–4, 778, 829 role of 772–3 and the systems development life cycle 874–5 types 773–80 authentication systems 704–5 two-factor 705–6 authorisation audits 802 authorisation controls 527 authorisation procedure checks 411 authorisation systems 704–5 Babbage, Charles 116 Bachman, Charles 312–13 BACS (Bankers’ Automated Clearing Services) 142–5, 386, 450–1, 470 BACSTEL and BACSTEL-IP 143–5, 386, 450–1 bad debts 391–2 Bain, Alexander 116 Baird, John Logie 116 balance sheets 311, 780 Ballmer, Steve 128 Bankers’ Automated Clearing Services see BACS Barings Bank 750–1 Barling, Chris 614 Barrat, Christopher 431 baseline evaluation by auditors 801 batch manufacturing 496 batch processing 282–4 Baumol cash management model 552, 554 Bayer, Kurt 715 Beck, U 673 Beer, S 10 Beishon, J 12–13 Bell, Alexander Graham 116 Belton, Catherine 43 Benioff, Marc 891 Bennett, Martha 705–6 Berliner, Emile 116 Berman, M 33 Bermuda options 545 Berners-Lee, Tim 131 Bertalanffy, Ludwig von 46, 58 beta testing 493 Bhalla, Surjit 42 Bhatt, Manish 740 Bhs plc 404 bid facilities for customers 617 bills of lading 378–9 bills of materials 502 binary relationships 303 biometric technologies 399–402 blended networks 219 blended outsourcing 889 Blokdijk, A and P 10 BMW AG 559 Bodek, Norman 498 Bois, Robert 891 bonds 542 Boots plc 406 Bosse, Herald 103 Bourn, Sir John 777 Boyle, Paul 777 BP plc 84–5 Brabeck-Letmathe, Peter 128 breaches of agreements 890–2, 896 bridge devices in networks 188 Brinklin, Dan 163 British phonographic industry (BPI) 125 Brodkin, John 463 Bruns, W 515–16 BS 7799 standard 683–4 Bubb, Nick 587 Buckley, Michael 741 budget holders 438 budgeting flexible 519–21 software for 156–7 see also payroll budgets; production budgets bureaucracy 183 Burnham, Phil 35 Burrell, G 47–8 Burtons plc 404 bus topology 200–1 Business Action to Stop Counterfeiting and Piracy 128 business process re-engineering software 162–3 business-to-business (B2B) e-commerce 618 –19, 636 –7 business-to-business-to-consumer (B2B2C) e-commerce 619 business-to-consumer (B2C) e-commerce 618, 628, 636 buyers, power of 361 cabling 189–91 Cadbury, A 88 Cailliau, Robert 131 cancellation periods 648–9 candidate keys 303 capital expenditure 461 definition of 424–5 capital flows 82 capital income 359, 412 capitalism 82, 681 definition of 40 dependence on institutions 44 global 40–3 see also market-led capitalism card-based expenditure 456 cardinality of entity relationships 303 CardSystem Solutions 688 Cardullo, Mario 583 cash-based or cash-equivalent transaction finance 548–9 cash book management software 154 cash flow statement audits 781 cash management models 552–4 cash sales and purchases 362, 387, 404 – 6, 426, 456 cashiers, responsibilities of 470 Castells, M 113 censorship 622 Centre for Management Buy-Out Research 591 change resistance to 877–80 types of 824–6 change management 826–7 chaos theory 34 Chapman, Matt 660 CHAPS (Clearing House Automatic Payments System) 139–42 charge cards 456 charts of accounts 310 check-out facilities, virtual 632–3 Chelsea Football Club 463 906 CORA_Z01.qxd 6/1/07 11:16 Page 907 www.downloadslide.com Index cheques, use of 387, 404–7, 450 child entities 304 China 622–3 circuit level gateways 702 CitiFinancial 688 Citigroup 742 Clarke, Arthur C 34 Clearing House Automatic Payments System see CHAPS client accounts see customer accounts client-server networks 195 Close Brothers 591 Cluley, Graham 710 coaxial cabling 190 Codd, Edgar F 312, 324 codes and coding systems 309–11 Cohen, Jack 34 collaborative computing 197 Collier, Paul 43 collision-avoidance protocols 201 commitment accounting 436 Companies Act (1985) 774–6 company status, definition of 54–5 comparison checks on data 280 compensation for breaches of agreements 896 Competition Act (1998) 426 Competition Commission 426 competitive advantage 7–8, 881 competitive rivalry 360–1 completion payments 444 complexity levels of 51 theory of 34–5 compliance testing and compliance audits 781–2, 802–3 compound keys 303 computer-aided audit techniques (CAATs) 793–805 appropriate use of 802 used in data analysis 797–8 used in verification of control systems 799–802 computer-aided design (CAD) 159 computer-aided engineering (CAE) 159 computer-aided manufacturing (CAM) 159 computer crime 691–714, 740 perpetrators of 694 types of 694 computer hardware, selection of 856–7 computer-integrated manufacture (CIM) 160 Computer Misuse Act (1990) 706–9 computer software acquisition or development of 857– 60 commissioned 860 generic 860 see also accounting software; audit software; managementrelated software computer workstations 187, 194, 196 computers, development of 116–17 Computing (magazine) 144, 692, 706 conceptual level schemas 315–16 concurrency control 320 confidential data, loss of 525 configuration audits 802 conflict resolution 880 connecting components in networks 186 –92 connectivity of entity relationships 303 consistency of data 278 constraint checks on data 280 Consumer Protection (Distance Selling) Regulations (DSRs) (2000) 646–50 consumer-to-business (C2B) e-commerce 619 consumer-to-business-to-consumer (C2B2C) e-commerce 619 consumer-to-consumer (C2C) e-commerce 619 containment of adverse events or incidents 760 content audits 797–805 context audits 805–6 context filtering 731–7 continuous manufacturing 496 contracting out see outsourcing contracts for distance selling transactions 649 with suppliers 431 control corporate context for 90–1 definition of 89 physical 791 purpose of 89–90 systemic 92–3 see also internal controls control account entries 597 control activities 738–9 control cycle 91–2 control environments 738 control systems 92–9 problems with 98–9 control theory 80–1, 87 and corporate control 99 ‘controlled’ stationery 435 conversion control tests 411 conversion cycle 247–50, 488–530 data input 500–5 data management 510–11 data processing 505–10 definition of 488 disruption to 524 information requirements 529 –30 internal controls and systems security 525–9 objectives 488 risks 521–5 conversion of systems 869–71; see also data conversion convertible securities 542–3, 546–7 copyright 124–6, 494 corporate funding cycle 233–5 corporate governance 9, 88, 105 audit of 782 corporate personality or character 734 – corrective controls 746 cost advantages 237 cost assessment 512 cost-benefit analysis 882 cost centre managers 438 cost collection 512 cost management 489, 500 link to accounting information systems 511–21 costing procedures 511–19 countermeasures to adverse events or incidents 760 Coviello, Art 626 crackers 699 Cramer, Aron 42–3 credit see expenditure cycle: creditor-based credit cards 450, 456 and fraud 627, 688 credit purchases and sales 253–4, 426 credit status 368–9 907 CORA_Z01.qxd 6/1/07 11:16 Page 908 www.downloadslide.com Index creditor accounts adjustments and amendments to 451–2 creation of 445–8 recording of transactions in 448 creditor management 448–53, 592–4 costs and risks of 594 crime see computer crime critical path analysis 864 Crown Prosecution Service 125 cryptography 703 cryptography services 650–1 currency swaps 544 current assets management 569–89 customer accounts, reconciliation of 389 customer credit, validation of 368–9 customer orders 501–2 confirmation of 369–70 receipt of 366–8 see also ordering systems customer relationship management 393 customer support activities 620–1 customisation 499–500 cybernetics 92 daisy chain configuration 201 dangerous goods notes (DGNs) 379 Dartmouth College 735 data, definition of 269 data capture 267, 276 data control language (DCL) 318, 325 data controllers 257 data conversion 267, 871 data definition language (DDL) 318 data dictionaries 318–19 data elements 272 data fields 272 data files 273–4 interrogation of 797–8 data flow diagrams 289–96 advantages and disadvantages of 296 assessment of flows in 295–6 drawing of 295 level 291–2 level 292–3 logical and physical 289, 293–4 data input 267–8, 500–5 data link layer in OSI reference model 209 data maintenance 268 data management 266–7, 276, 510 –11, 829 data manipulation language 319 data-oriented filing 511 data output 269 data processing systems 265–8, 280 –311, 505 –10 centralised and distributed 286 – computer-based 281–8 manual-based 280–1 Data Protection Act (1998) 525, 644 – 6, 651, 829 data query language 319 data records 273 data release 276 data selection 266 data storage 268 data structures 269–80 data-oriented 275–80 file-oriented 270–80 data subjects 257 data types 272–3 database administration system (DBAS) 320–1 database management systems 275–9, 316 advantages and disadvantages of 275 – as control facilities 319–20 in operational context 320 databases 164 –5, 312– 40, 809 –10 bottom-up approach to design of 330 – data models for 312–14, 317 development of 329–39 distributed 312 evaluating the design of 338 history of 312 implementation of 339 logical and physical structures of 321 nature and definition of 312 and normalisation 330–4 object-oriented 312, 314 schemas for 314–16 testing of 338–9 top-down approach to design of 334 – users of 316 see also relational databases Davies, J.R 240 Davis, G.B 10 Debenhams plc 404 debentures 541, 546 debit cards 407 debit notes 442 debt, secured 541, 546–7 debt collection agencies 390 debt collection and debt recovery 389 –91 debt factoring 392 debt financing 541–2 debtor accounts adjustments to 388–93 creation and amendment of 384 debtor creation 380–4 debtor management 385, 586–9 costs and risks of 589 internal controls on 587–9 decision-making information 473–5 decision tables 306–9 decomposition of subprocesses 292–3 deductions from pay 470–1 ‘defiant opposition’ 879 Deforest, Lee 116 deliveries, rejection of 441–2 delivery systems 370–1, 374–6, 633 failure of 394 Deloitte Touche Tohmatsu 689, 776 demands for payment, formal 390 dependent entities 303 derivative files 273 derivative instruments 543–7 design and scheduling phase of systems planning 838 design generation 492 design quality 522 design rights 494 design scheduling 501, 838 design screening 492 design testing 492–3 detective controls 746 developing countries 41–2 development narratives on systems 867– development phase of systems planning 837 DeZabala, Ted 690 DFL plc 86 differentiation 237 digital applications and products 640 digital certificates 704 digital divide 132–3 digital information services 640 Digital River (firm) 660 digitised products 613 908 CORA_Z01.qxd 6/1/07 11:16 Page 909 www.downloadslide.com Index direct debits and direct credits 143 ‘directing mind’ concept 735 DirecTV 741 Disability Discrimination Act (1995) and Code of Practice (2002) 656–9 disaster contingency and recovery planning (DCRP) 756–60 disbursement vouchers 470 discount facilities 617 disembedding mechanisms 84 disorganised capital thesis 43 distance contracts 398 distance selling 646–50 and contract performance 649 distributed computing 197, 286–8, 312 distribution systems 370–1, 374–6 failure of 394 document flow analysis 292 document flowcharts 299 documentation electronic 366–8, 377, 384 of production data 507 reviews of 843–4 of systems and sub-systems 867–8 documentation controls 409, 458, 526, 748–50 dot.com companies 134–5, 610, 617–18, 639 double-entry bookkeeping 253 doubtful debts 389–90 Dresdner Kleinwort Wasserstein 587 duties and responsibilities, allocation of 865–6 DVD technology 128 Dylan, Bob 218 e-business see e-commerce Eckert, J Presper 116 e-commerce 38, 133–7, 219, 402, 610–61 barriers to 621–7 benefits of 642 categories of 616–19 customer protection schemes 627 myths of 660 problems with 642–3 regulation of 643–59 economic order quantity (EOQ) model 571–3 The Economist 613–14 Economist Intelligence Unit 585 efficiency analysis by auditors 803 Eisenhofer, Jay 742 Electronic Commerce (EC Directive) Regulations (2002) 652–5 Electronic Commerce (EC Directive) (Extension) (No 2) Regulations (2003) 655 Electronic Communications Act (2000) 650 –1 electronic data interchange (EDI) 136 –9, 636 risks and controls 764–5 electronic funds transfer (EFT) 139 – 45, 450, 628, 634, 636 card-based and non-card based 386 –7 risks and controls 764–5 electronic mail see e-mail electronic point of service (EPOS) systems 395–407 advantages and disadvantages of 402 card-based 395–9 non-card-based 399–400 terminals for 404–5 electronic signatures 650–1 e-mail 123, 146 – disadvantages of 148 and fraud 689 embedded audit modules 798–9 e-money 637–41 employees, ‘sale’ of 462–3 encoding 309–10 encryption 309, 703 Engardio, Pete 43 English language 625 Enron 736, 750 –1, 775 enterprise resource planning software 160 –2 entities 302–4 entity-related processes 162 entity relationship diagrams 305–6 entity relationship modelling 334–8 entity relationships 303–6 entry barriers 881 entry points in accounting systems 254 –5 environment-related events 523 environmental audits 783–4, 805–6 environmental turbulence 823 environments, predictable and unpredictable 823 – EPOS see electronic point of service equifinality, principle of 52, 58 equipment requisitions 503–4 equity financing 538–41, 546 issued 538–9 non-issued 539–41 equity swaps 544–5 Ernst & Young 591, 776–7 errors correction of 597 in provision, pricing or payment 451–2 risk of 682 eurobonds 542 European Convention on Human Rights 256 ‘European’ options 545 European Union (EU) 121, 129, 133 – 4, 311, 379, 426, 641, 775 Banking Co-ordination Directive (2000) 638 Transparency Directive (2004) 599 evaluation phase of systems planning 836 –7 Excel spreadsheets 163–4 exception, verification by 453 exit points in accounting systems 253 – expected future return 673 expenditure cycle 246–9, 426–79 capital-related 422 creditor-based 426–55 definition of 422 information requirements 461–2 internal control and systems security 457– 60 link to conversion cycle 488 non-creditor-based 426–7, 456–7 revenue-related 422–7 expenditure transactions, cash-based 549 external level schemas 315–16 extranets 216 –19, 636 factoring of debts 392 false billing 686–7 Farrell, Nick 741 feedback, types of 96–7 feedback loops 92–4, 97 feedforward loops 95–7 fibre-optic cabling 191 Fickling, David 126 909 CORA_Z01.qxd 6/1/07 11:16 Page 910 www.downloadslide.com Index file servers 187, 195 file-sharing 123–7 peer-to-peer 197–8 problems with 198 files, primary and secondary 273–4 film downloads 128 filtering see context filtering; packet filtering financial accounting departments, responsibilities of 466 financial environment 54–5 financial management 537–58, 829 Financial Reporting Council (FRC) 776–7 Financial Services Authority (FSA) 599, 637–8, 641 Financial Services and Markets Act (2000) 638 financial statements 780–1 audit of 802–3 and the EU Transparency Directive 599 interim 598 year-end 598 fingerprint recognition 399 firewalls 700–2, 712, 740 Fischer, Tom 401 Fisher, Anthony 100–3 fixed assets management 461, 560–9 software for 153 fixed costs 514 flat data model for databases 313 flat files 270 flexibility of data 279 flexible accumulation theory 43–4 flexible budgeting 519–21 flexible manufacturing 498–9 flexible specialisation 43–4 flow of funds 232–3 flowcharts 294–302, 306 advantages and disadvantages of 302 assessment of flows in 302 for audit purposes 790 drawing of 299–302 footballers, sale of 462–3 force majeure 892 Ford, Henry 497 foreign keys 303, 322–3, 338 Forrester Research 891 forwards 543 ‘419 schemes’ 687 Fourtou, Jean-Rene 128 France 310 Frankson, Bob 163 fraud 399, 403, 406 –7, 626 –7, 634, 685 –91, 705 –7, 715, 741–2 computer-assisted 686 by modification of data or programs 707 online 687 using e-mail 689 see also computer crime fraud management 690–1 Fulani people 35 full costing 512 functionalism 47 fund management 548–58 audit trail documentation on 556 disbursements 555–6 operational 551 receipts 554–5 risks of 557–8 strategic 554 tactical 551–2 futures 543 gamma testing 493 Gartner (company) 614, 687 Gates, Bill 117 Gavrilenkov, Yevgeny 41 gearing management 589–92 Gelinas, U.J 13 General Electric 735 general ledger management 594–9 as a control mechanism 597 generation of financial information 597–9 risks of 599 software for 153 general systems theory 62, 73 Gilbreth, Frank Bunker 497 Gillette plc 585 Global Crossing 742 Global Security Survey 689 globalisation 4–7, 40–3, 232 ‘engines’ of Golden Wonder crisps 559 Google 132, 622–3 Grant, Paul 780 Gregory, Stephen 716 Grokster 126 Gross, David 121 Grundy, T 823 The Guardian 34 –5, 38 –9, 463, 623 Gutenberg, Johann 116 hacking 398, 688 –9, 692–3, 699 –700, 740 hard change 825–6 hard systems positivism 786 Harris, F.W 572 Harry, M 12 HBOS plc 241 Heath, Thomas 63–4 Help the Aged 406 Hendon, David 121 Henry, Joseph 116 Herbert, Liz 891 hierarchical data model for databases 313 hierarchy of needs 736–7 history files 274 Hobson, Andrew 125 Hollerith, Herman 116 Holloway, Neil 38–9 Hood, Nick 591 Hopper, Grace 116 hostile aggression 879 hotfixes 706 hours worked by employees 469 HSBC plc 85, 705–6 hubs 188 Hughes, Austin 741 human resources management (HRM) 462–3, 829, 867 software for 154–5 Hutchinson, Mike 144 Hutchinson, Raymond 559 Hutton, Will 39 hybrid topology 204–5 HyperText Markup Language (HTML) 131–2 HyperText Transfer Protocol (HTTP) 131–2 IBM Inc 313, 324 identification technologies, automatic 583 identifying relationships between entities 304 identity theft 688, 690 IG Farben 736 implementation timetables 863 – imprest systems 557 income, classification of 359 income tax deductions 471 independent entities 302 Industrial Society 38–9 910 CORA_Z01.qxd 6/1/07 11:16 Page 911 www.downloadslide.com Index industry-level characteristics affecting firms 734 inertia selling 650 information definition of 10 provision to users 13–14 quantity versus quality 24 uses of 8–11 see also management information information administration 829 information and communication technology and the conversion cycle 510, 530 corporate strategy for 836, 881–6 costs and benefits of 882 and e-commerce 611 facilitating role of 884 future impact of 37–9 history of 115–17 inappropriate use of 695–6 innovations enabled by 114, 148–65, 760–5 and manufacturing operations 499 outsourcing of activities and facilities 887–8 supporting role played by 883 Information Commissioner 257 information management, internal controls on 589, 593–4 information policy, corporate 835–6 information requirements for conversion cycle 529–30 for expenditure cycle 461–2 for revenue cycle 412–14 for systems analysis 844 Information Security Breaches Survey (2004) 699, 708–9 information society services 652–5 information systems controls 410, 459, 527, 751–2 information systems management 827 innovation, technological 113–14, 148–65, 760 input controls on conversion cycle 527–8 on expenditure cycle 459–60 on revenue cycle 410 inspection reports 505 instant messaging 197 Institute of Internal Auditors 774 integration between service providers 896–7 of data 278 of test facilities 800–1 integrity of data 279–80 intellectual property 494 interconnection of systems 59–60, 87 interconnectivity, socio-political 179 interest rate swaps 543–4 interim financial statements 598 interim payments 444 internal control questionnaires (ICQs) 791 internal controls audit of 781–2, 803 classification of 745–53 on conversion cycle 525–9 on creditor management 593–4 on debtor management 587–9 on expenditure cycle 457–60 invoicing-related 588, 593 order-related 588 payment-related 588, 593 pricing-related 587 and priorities of capital 730–2 on revenue cycle 407–12 and security of data and information 755 and security of resources (tangible or non-tangible) 754–5 on stock management 581–3 and systems design 851–2 and systems security 727–30, 754, 760 –5 on transaction processing 234, 255 – internal level schemas 316 internal management reports 598 International Audit Assurance Standards Board 775 International Auditing Practices Committee (IAPC) 779 international factors affecting firms 733 International Federation of Accountants 779–80 international financial reporting standards (IFRSs) 311 International Labor Organisation 43 International Monetary Fund (IMF) 41–2 internet, the 118 –24, 129 –33, 181, 192, 214 –16, 610 –25, 739 – 40 problems with 132–3 restrictions on access to 621–2 usage of 623 –5, 692 Internet Corporation for Assigned Names and Numbers (ICANN) 120 –1, 621 Internet Engineering Task Force 122 Internet Governance Forum 121 internet merchant accounts 628, 635 – Internet Protocol (IP) 216 internet relay chat 129–30, 197 internet service providers (ISPs) 214 –15, 244, 635, 693 (inter)network layer in TCP/IP reference model 212 interpretivism 47 inter-role integration 886 interviews, use of 842 intranets 216–19 intrusion detection systems (IDSs) 702–3 inventory management 154, 158, 439; see also stock management investment in production resources or assets 523 invoice-less payment processing 453 invoices electronic 384, 453 manual verification by exception 453 payment of 450–1 processing of 449–50 receipting of 445 verification/validation of 445–7 invoicing process 380–4 before or after delivery 381 internal controls related to 588, 593 on-demand 381 phased cycles in 381–2 purpose of 382–4 iPod development 491–2 irrecoverable debts 391–2 ISO/IEC code 683 IT Week (magazine) 891 Jacquard, Joseph Marie 116 James, David 558 Jaques, Robert 219, 690 Jehar, Salim 42 911 CORA_Z01.qxd 6/1/07 11:16 Page 912 www.downloadslide.com Index joint application development (JAD) approach to systems design 850 Jones, Keith 775 Jones, Teresa 891 journal vouchers 595 journalised entries in accounts 255 just-in-time models 573–6 software for 157 Kanebo group 777 Kaplan, R 515–16 Kapor, Mitchell David 163 Kay, John 735–6 Kazaa program 125 Kerr, James 559 keywords (in SQL) 324–9 Khan, Massod 121 Kilburn, Tom 116 knowledge-based companies 244 KPMG 776 labour disputes 523 labour work records 504 LaHara, Brianna 125 Laird, Bill 401 Large, Louise 716 Lash, S 44 lattice structure for databases 313 launching of products 494 Laura Ashley (company) 716 layers in OSI reference model 207–12 lean manufacturing 497–8 leasing 854–5 ledger management software 152–3 legal action to recover outstanding debts 390; see also litigation Legal and General plc 241 Leibniz, Gottfried Wilhelm von 116 leverage 589–92 Levi Strauss (company) 42 liabilities management 589–94 controls on 459 liberalism, economic 5, 41, 87, 179, 240, 674, 727 Lightman-White, John 100–3 Lilley, Peter 627 link layer in TCP/IP reference model 212 Litan, Avivah 687 litigation 895, 897; see also legal action Lloyds TSB 705–6 loans, short-term 542 local area networks (LANs) 192, 194 location resources, preparation of 866 –7 Lofthouse, Gareth 586 logic bombs 712 Lomas, Tony 558 London Stock Exchange 599 ‘long wave’ theories 44 loop systems 92–7 closed 96 Lorenz, Edward 34 losses of confidential data 525 of raw materials, work-in-progress and/or finished products 524 Lotus 1-2-3 164 Lu, M 132 Lynch, R 8–9 McCarthy, Kieren 121 McCarthy, W.E 339 McClure, S 699–700 macro-based marketing 364–5 macro level factors affecting firms 732–3 McCue, Andy 638 management accounting departments, responsibilities of 466 management audits 782, 803 management cycle 248–50, 536–99 definition of 536 management information, benefits of –10 management practice controls 410, 459, 527, 750 –1 management-related events 523 management-related software 151, 155 – 65 manufacturing 496–500 push-based and pull-based 496 – world-class 530 manufacturing companies 242–3 manufacturing resource planning software 158–9 many-to-many relationships 303 – mapping between schemas 316 Marconi, Guglielmo 116 marginal costing 514 market-led capitalism 36, 39–40, 44 – 6, 82, 84, 87, 105, 673, 795 market testing 493 marketing systems 364–5 failure of 394 Marks and Spencer plc 359, 404, 629 –33 Marx, Karl 183 Maslow, A 736–7 Massboxx 126 MasterCard 688 Matalan plc 587 material requirements planning model 575–6 software 158 materials requisitions 502–4 Mattel plc 42 Mauchly, John 116 m-commerce 639–43 advantages and disadvantages of 641 future prospects for 641–2 regulation of 641 media streaming 126–7 Meek, James 34 Melek, Adel 689 mesh topology 199, 203–4 MessageLabs 693 metropolitan area networks (MANs) 193 MG Rover Group Ltd 558–9 micro-based marketing 366 micro level factors affecting companies or individuals 734 Microsoft Inc 38, 117, 130, 231, 622, 710 –11, 740, 795 Midcounties Co-operative Society 400 –1, 493 Millar, Stuart 38–9 Miller-Orr cash management model 553 – Mills, Henry 116 Milmo, Dan 125 mobile commerce see m-commerce mobile phones 639–40 modernity 32–3, 53 modes of regulation 44 Modigliani-Miller theorem 591–2 modular conversion of systems 869 –70 monitoring of control activities 743 – monopoly 425 Monsoon plc 404 912 CORA_Z01.qxd 6/1/07 11:16 Page 913 www.downloadslide.com Index Montagnon, Peter 776 Morgan, G 47–8 Morrisons plc 404 Morse, Samuel 116 Mourinho, Jose 463 movement records 505 multinational corporations 41, 43 multipurpose internet mail extensions (MIME) 137–8 Munson, J.C 10 Murdick, R.G 10 Murtagh, Mark 740 MyDoom worm 710–11 Nanjing Automobile Corp 558 Napster 124, 126 narrative descriptions by auditors 789–90; see also development narratives Nastase, Adrian 42 national factors affecting firms 733–4 National Hi-Tech Crime Unit (NHTCU) 690, 692 National Infrastructure Security Coordination Centre 712 national insurance contributions 471 National (US) Science Foundation 119 natural disasters 682 needs, hierarchy of 736–7 negative feedback 97 negative projection 879 network architecture 184 formal and informal 182 hard type 186–99 soft type 182 network data model for data-bases 313 network interface cards (NICs) 187–8 network layer in OSI reference model 210 in TCP/IP reference model 212 network protocols hard type 206–13 soft type 184 network service providers (NSPs) 214–15 network topologies 184 hard type 199–206 soft type 183 networks blended 219 characteristics of 180 hard type 181, 185 –213, 218 online 810–11 semi-soft type 181, 213–19 soft type 180 –5, 218 –19 new entrants to markets 361–2, 413 new products 490, 494 newsgroups 130–1 Next plc 404 Nicoli, Eric 128 Nike plc 42 normalisation of data 277, 330–4 North of England Inward Investment Agency (NEIIA) 585–6 null contact points 255 numeric codes 309 object-oriented databases 312, 314 object-related processes 162 objectives, corporate 834–5 observation as part of systems analysis 842–3 Office of Communications (OFCOM) 129, 426 Office of Fair Trading 426 Office for National Statistics 612 offline processing 396–7 off-shoring 887 Ohno, Taichii 498 Olsen, M.H 10 on-demand invoicing 381 on-demand manufacturing 496 one-to-many relationships 304 one-to-one relationships 303–4 online accounting systems 448 online processing 284–6, 397–9 Open Systems Interconnection (OSI) reference model 207–12 operational audits 803 operational guides to systems 868 operations management 500, 829 options 545 Oracle 324 order-related internal controls 588 ordering systems 432–40, 501–2 electronic 630–2 risks in 455 web-based 372–3 see also customer orders ordinary shares 538–9 organisational controls 408, 458, 526, 747– 8, 806 –9 organisational-level factors affecting firms 734 –5 organisational structure analysis 291 Osthaus, Stefan 739 Oughtred, William 116 output controls on conversion cycle 528–9 on expenditure cycle 460 outsourcing advantages and disadvantages of 889 blended 889 definition of 886–97 of distribution and delivery 377–8 of ICT-related activities and facilities 887–8 of payroll services 476–8 of product/service ordering 439 – 40 overdrafts 541 over-production 522 over-the-counter (OTC) instruments 543 Oyster card 638 packet filtering 701–2 Pain, Julian 623 parallel conversion of systems 870 parallel simulation by auditors 801–2 Parmalat 750–1 Parsons, Talcott 36 participation by development teams 843 Pascal, Blaise 116 patches 706, 740 patents 494 pay-by-touch 399–402, 493 pay slips 470 payment cards 395 payment management systems 379 –93, 444 –54 failure of 394–5 invoice-less 453 risks in 455 payment processing facilities 634–6 payment receipts, collection and recording of 385–8 payment-related internal controls 588, 593 payment service providers (PSPs) 628 –9 913 CORA_Z01.qxd 6/1/07 11:16 Page 914 www.downloadslide.com Index payroll 462–78 consequences of failure of controls 475 –6 departments involved in 464–6 efficiency and effectiveness of cycle 474–5 procedures 466–71 provision of information for decision-making purposes 473–5 safeguarding of assets and information 471–3 payroll budgets 468–9 payroll bureau services 476–8 payroll deductions 470–1 payroll departments, responsibilities of 465 payroll master files 468–70 payroll registers 470 payroll software 154–5 peer-to-peer file-sharing, index-based and non-index-based 197–8 peer-to-peer networks 194–9 pension contributions 471 percentage rule in variance analysis 521 performance assessment of employees 474 performance criteria, corporate 866 performance data, inaccuracies in 524–5 performance information, period-based 413, 462, 529 performance measurement 519–21 period-based activity and performance information 413, 461–2, 529 personal area networks (PANs) 194 personal characteristics of individuals 736 personal data, protection of 256–7 personnel cycle 462 personnel departments, responsibilities of 465 personnel records for employees 468 PERT charts 864–5 PEST analysis 33 Peters, G 12–13 petty cash 456, 556–7 phased conversion of systems 870 phishing 689–93, 739 Phoenix Venture Holdings 559 physical layer in OSI reference model 209 pilot conversion of systems 869–70 piracy, online 128 point-of-service-based electronic funds transfer 139–40 portals 617, 629 –30 Porteous, Andrew 35 Porter, B 777–8 Porter, M.E 236–7 position consolidation strategy 885 positive feedback 96–7 positivism 786 post-implementation assessments 872–3 post-invoicing 381 precautionary principle 674, 677–80 predictable and unpredictable environments 823–4 preference shares 538 pre-invoicing 381 presentation layer in OSI reference model 211 prevention protocols 758–9 preventive controls 745–6 PricewaterhouseCoopers 558, 776–7 pricing-related internal controls 587 primary files 273–4 primary keys 303, 322–3, 337– Printoff (company) 37 prior information for customers 647 prioritisation phase of systems planning 837–8 Pritchard, Stephen 740 Privacy and Electronic Communications (EC Directive) Regulations (2003) 655–6 problem resolution procedures 892–3 process costing software 155–6 processing controls 411, 460, 528, 752–3 product costing 511 software for 155–6 product development 490–4 definition of 490 quality of 522 product testing 493 production budgets 501 production completion documents 505 production management 500 production order cost assessment reports 505 production order requests 370, 373 – production planning and scheduling 495, 502 profession-based services 376–7 professional employee organisations (PEOs) 477–8 profit and loss accounts 311, 781 prospect generation activities 620 protocol management controls 765 protocol stacks 207 protocol suites 207 protocols nature and definition of 206–7 proprietary and generic 207 see also access protocols; network protocols; prevention protocols; recovery protocols prototyping 850, 875–7 advantages and disadvantages of 877 provision adjustments 596 provision enhancement strategy 885 proxies 702 purchases acquisition 433–4 purchase ledger management software 152–3 purchase orders 436–40, 443 computer-based systems 438, 443 paper-based systems 439, 443 single-use or multi-use 439 system software for 153 purchase requisition 434–6 and commitment accounting 436 computer-based systems 435 paper-based systems 435–6 purchasing as a method of acquisition, advantages and disadvantages of 854 Putin, Vladimir 41–2 quality control 429 The Queen 34 questionnaires, use of 841–2; see also internal control questionnaires Quinn, Sandra 407 radical humanism 47 radical structuralism 47 radio frequency identification (RFID) technologies 583–6 Railtrack 736 range checks 280 914 CORA_Z01.qxd 6/1/07 11:16 Page 915 www.downloadslide.com Index Ranger, Steve 626 rapid application development (RAD) approach to systems design 850 REA model for databases 339 real-time systems 811–12 receipting of invoices 445 receipts, collection and recording of 385–8 receiving systems for products and services 440–4 risks in 455 reconciliation of customer accounts 389 of supplier accounts 452 Recording Industry Association of America (RIAA) 125 recovery protocols 759 recruitment policies 473 recurring acquired services 433–4, 443–4 Reddy, Nandana 43 redeemable shares 539 redundancy of data 277, 280 reference files 273 regimes of accumulation 44 regulation 88 of e-commerce 643–59 of m-commerce 641 regulation school thinking 44 relational databases 312–14, 321–9 Relational Software Inc 324 relationship constraints in data-bases 338 relationships between entities degrees and directions of 303–4 diagrams of 305–6 reminders about payment 390 remuneration of employees 422 renaissance thinking 36 repayment adjustments 596 repeater devices 188 report files 274 requests for comment (RFCs) on internet developments 120–2 requisite variety, law of 94 resistance to change 877–80 management of 880 sources of 878–9 types of 879–80 resource flow analysis 291 resource management assessment 873–4 resource planning management software 157–9 retail companies 242 retailing systems 366–70 failure of 394 retained earnings and profits 539 revaluation adjustments 596–7 revenue cycle 246 –9, 357– 414 and capital income 412 debtor-based 362–95 information requirements 412–14 internal control and system security 407–12 link to conversion cycle 488 market-based 357–62 non-debtor-based 395–407 revenue expenditure, definition of 424 –5 revenue income 359 revenue transactions, cash-based 548 –9 RFID tags 583–6 Rice, Condoleezza 121 Richards, Ian 780 Riley, Rich 219 ring topology 201–2 risk definition of 673, 676 internal and external 742–3 social and economic context of 675 – 80 risk audits 783 risk aversion 677 risk exposure 678–84 degrees of 682 minimisation of 683–4 risk management 674 Rockwell Industries 312 Rodrik, Dani 42 Rogers, John 401 Romania 42 Rosso, Wayne 126 routers 189 Rowe, James 612 RSA Security 626 Ruggie, John G 41 Rusnak, John 741 Russia 41–2 sabotage of computing facilities 708 –9 Sachs, Jonathan 163 Sainsbury plc 359, 404 sales forecasts 501 sales ledger management software 151–2 sales orders 502 processing system software for 152 sales systems cash- or cheque-based 404–6 web-based 402–4 Salesforce.com 891 sampling for audit purposes 792 Sanders, Tom 688 scheduling of product design 501 of production 495, 502 of transportation 375–6 scheduling charts 864 schemas 314–16 mapping between 316 Schickard, Wilhelm 116 SCO (company) 710–11 Scott, Matt 463 secondary keys 322–3 secured debt 541, 546–7 security of computer systems 728–30, 739 – 40 of data and information 274, 279, 683 – 4, 692–3, 754 –5 human 698 physical 697–8 of tangible and non-tangible resources 754–5 technical 698 security breaches 682 security checks 411 security controls 765 segmentation 362 segregation of duties (SOD) 234 self-focused networks 180 self-service facilities 613–14 Senior, B 823 separation of administrative procedures (SOAP) 234 separation of duties 458 separation of views in data-bases 314 sequential file updating 281 sequentially-ordered files 273 Serebryany, Igor 741 Serious Fraud Office 686 service level agreements 889–95 breaches of 890–2 termination of 896 915 CORA_Z01.qxd 6/1/07 11:16 Page 916 www.downloadslide.com Index service provision requests and orders 70–1, 374, 376 services, acquisition of 433–4, 443 –4 session layer in OSI reference model 210–11 set constructs 313 Shanghai Automobile Industry Corp (SAIC) 558–9 shareholder value 237–8 shares 538–9 issue of 546 Sharman Networks 126 Shell plc 42, 231, 406 Shevchenko, Andriy 463 Shingo, Shigeo 498 shopping cart/basket functionality 631 shopping malls, online 635 sickness records 474 skill-based companies 244 skill-based services 377 skimming of card details 398 Skin Culture (company) 37 Skype 126 small and medium-sized companies 748 smart cards 638 Smith, Lewis 716 social audits 783 social change, causes of 36 social construction of systems 11, 681, 785 social markets 44 social networks 181–2 social systems 52 socio-political networks 180 soft change 825–6 software development, in-house 857 source files 273 space-based companies 243–4 Spain 310 spamming 199 spiral approach to systems design 850 spreadsheets 163–4 spyware 198, 713–14 SQL (structured query language) 319, 323–9 data control in 325–6 data definition in 326 data interrogation in 329 data manipulation in 327–9 stable environments 823–4 Stacey, R 824 standard costs 519 star topology 199, 202–3 Starreveld, R.W 240 star-ring topology 205–6 star-to-bus topology 205 statements of auditing standards (SASs) 779 statistical sampling for audit purposes 792 statistical significance rule for variance analysis 521 statutory audits 780 Sterling, Greg 219 Stewart, Ian 34 Stiglitz, Joseph E 42 stock control 791–2 stock-counts 578–81 stock management 433, 569–86, 791–2 costs and risks of 586 internal controls on 581–3 models of 571–6 see also inventory management stock registers 577–8 stockholding 570–1 organisational context of 576 –7 physical verification of 578–81 secure maintenance of 578 valuation of 581 stores issue requests 370–3 stores records 577–8 strategic planning 473, 833–5 streaming of media 126–7 Strebal, P 822 structured query language see SQL stub networks 214 sub-optimality of systems 62 sub-processes 292–3 substitute products and services 361, 413 supplier-managed inventory (SMI) system 439 supplier selection systems 428–31, 855 – risks in 455 suppliers contracts with 431 levels of relationship with 430–1 power of 361 supply chain failure 524 Supply Management (magazine) 431 supra-nationality surveillance, corporate 89 swaps 543–5 switching hubs 188 Symantec 739–40 symmetric key algorithms 703–4 synchronise and stabilise approach to systems design 850 syntactic controls 765 system development and maintenance controls 808 system flowcharts 298 system requirements 840 systems adaptability of 58–9 constraints on 62 decoupling of 60–1 dependence on and trust in 45 multiple and conflicting objectives of 61 nature and definition of 11–12, 48 –52 open and closed 50, 58 –9 semi-open and semi-closed 52–5, 58 –9, 86 shared and overlapping 59 – 60 static and dynamic 50 trust in 83–6 systems analysis 838–45 reports on 844–5 systems design 845–52 data inputs 848 data outputs 851 files 849 function-oriented 845–6 internal controls on 851–2 object-oriented 846–7 physical design phase of 848 processing procedures 848–9 programs 849–50 systems development (life) cycle 830 –2, 874 –5 systems development management 827 systems failure 756 systems implementation conversion 862–71 systems planning 833–8 systems reports 844, 871–4 systems security 754, 760–5 systems selection 852–62 systems surveys 838–9 916 CORA_Z01.qxd 6/1/07 11:16 Page 917 www.downloadslide.com Index systems thinking 45–8, 52–62, 239 application of 53–5 benefits and limitations of 73 and the environment 52–3 and general systems theory 62, 73 hard and soft 47–8 Taj-a-jac Ltd 62–73 target costing 517–19 Taylor, Paul 716 Taylor, Frederick Winslow 497 Tayto crisps 559 TCP/IP reference model 212–13 Teather, David 126 technical services management 828 technological innovation 113–14, 148–65, 760 technology, ‘social paradox’ of 113 technology improvement strategy 885 telemetry 640 tendering procedures 429, 861–2 Tesco plc 241, 244–5, 359, 404, 406, 585, 715 test data for audit 794, 799–800 testing of products 493 of systems and sub-systems 868–9 theft of assets 682 of computer hardware and software 696–8 of information 698–700 of raw materials, work-in-progress and/or finished products 524 Theremin, Leon 583 Theriault, Carole 712 Thomas, Daniel 692, 706 Thomas, Neill 591 Thomson, Iain 626, 687, 693 time-based companies 243–4 Time Warner Inc 85, 231 Timms, Matthew 705–6 Timms, Stephen 37 token-passing networks 206 Tootill, Geoff 116 topologies 199–206 bus type 200–1 hybrid 204–5 physical and logical 199 ring type 201–2 star, tree and mesh types 199, 202–5 see also network topologies Toyota production system 498 trade marks 494 trade unions 523 ‘traditional three-document’ verification process 447 training programmes 473 transaction controls 751 transaction event documents 595 transaction files 273 transaction processing cycles 245–8 transaction processing systems 230 –58 and accounting information systems 251–5 characteristics of 233–4 classification of 239–45 and control 255–6 and the Data Protection Act 256–7 and the funding cycle 235 and the value chain 236–9 transactional finance, operational context of 549–50 transferable warrants 545–8 Transmission Control Protocol (TCP) 216 transmission tests 411 Transparency Directive (EU, 2004) 599 Transport for London (TfL) 638 transport layer in OSI reference model 210 in TCP/IP reference model 213 transportation scheduling 375–6 treasury departments, responsibilities of 466, 470 tree topology 199, 205 trend analysis by auditors 803 tri-channel companies 618 trojan horses 711–13 ‘true and fair’ assessment 775 trust in systems 83–6 twisted-pair cabling 189–90 Twomey, Paul 121 UK Online for Business 37–8 under-production 522 United Nations Children’s Fund (UNICEF) 43 Global Compact 43 United States Congress 41, 43 Supreme Court 126, 735 Treasury 41 Unsolicited Goods Act (1971) 650 URLs (uniform resource locators) 131 Urry, J 44 Usenet 130–1 user manuals for systems 868 user needs and requirements, specification of 876 validation of data files 871 validity checks 411 value chain 236–7 value cycle 233, 237–9 value-driven approach to business 24 value-for-money audits 784, 803 variable costing 514–15 variance analysis 519–21 variances in stock-takes 580 Vassen, E 13, 238, 240 Veitch, Martin 891 VeriSign (company) 120 views of database records, logical and physical 315 violence as a source of risk 682 viruses 198, 693, 709 –10, 713, 740 scanning for 706 Visa 627 Voice-over IP (VoIP) 127–9 voucher systems 449–50, 470; see also journal vouchers wages and salaries, payment of 469 –70 Walder, Jay 638 Wal-Mart 585 Ward, Graham 780 warehousing facilities 443 warrants 545–8 ‘Washington consensus’ 41 waterfall approach to systems design 850 Watson, James 144 Watts, Jonathan 623 Wayle, Alun 101–3 wealth maximization 7–8, 99, 106, 236, 677, 728, 835 – Web Accessibility Initiative (WAI) 658 –9 Web Content Accessibility Guidelines (WCAG) 659 Weber, Max 183 webpages 131–2 Websense (company) 739 917 CORA_Z01.qxd 6/1/07 11:16 Page 918 www.downloadslide.com Index websites 135–6, 612–16, 619–21, 692 quality of 615–16 weighted average cost of capital (WACC) 591–2 Welch, Jack 735 Westelle Ltd 100–5 Wheatstone, Charles 116 Whitney, Elias 497 wide area networks 192–3 Wilkes, Maurice 116 Wilkinson, J.W 13, 240 Wilson, R.H 572 Windows XP operating system 740 Winnick, Gary 742 wired connections in networks 189 wireless connections 191–2 Withers, Steve 712 Wood, Charles 63–4 Wood, Paul 693, 710 Woodley, Tony 558 workstations 187, 194, 196 World Bank 40–2 World Summit on the Information Society 120–1 World Trade Organisation 41–2 world wide web (WWW) 131–2, 610 World Wide Web Consortium (W3C) 658 world-class manufacturing 530 world-views 24, 55 worms 710 –11 Worrall, John 626 worst case scenarios 677 Wren, D.A 50 Wright, Bob 128 write-off of bad debts 391–2 of stock 580–1 Wyman, Peter 777 XML databases 312 Yahoo! 622 year-end audits 780 year-end financial statements 598 Yeltsin, Boris 42 Zadornov, Mikhail 42 zaibatsu 736 Zennström, Niklas 126 Zworykin, Vladimir Kosma 116 918 ... company/organisation departments (including the HRM department) – information on staffing/employment levels and budget commitments, n company/organisation departments (in particular accounting and finance) – information. .. April 20 07, the following transactions occurred: n 28 March 20 07 a delivery of raw materials was received from Yeted Ltd, cost £13,670 The invoice was received on 31 March 20 07 n 29 March 20 07... categorise such information as follows: n period-based activity information, n period-based performance information, and n activity analysis information Period-based activity information Period-based