Accounting information systems controls and processes 3rd by turner copeland giáo trình Accounting information systems controls and processes 3rd by turner copeland Accounting information systems controls and processes 3rd by turner copeland Accounting information systems controls and processes 3rd by turner copeland Accounting information systems controls and processes 3rd by turner copeland
Accounting Information Systems CONTROLS AND PROCESSES Third Edition Leslie Turner Andrea Weickgenannt Mary Kay Copeland DIRECTOR Michael McDonald AQUISITION EDITOR Emily McGee PROJECT MANAGER Gladys Soto PROJECT SPECIALIST Nichole Urban CONTENT MANAGEMENT DIRECTOR Lisa Wojcik SENIOR CONTENT SPECIALIST Nicole Repasky PRODUCTION EDITOR Linda Christina E PHOTO RESEARCHER Billy Ray COVER PHOTO CREDIT © Zayne C/Shutterstock This book was set in 10/12 ITC New Baskerville Std by SPi Global and printed and bound by Lightning Source Inc Founded in 1807, John Wiley & Sons, Inc has been a valued source of knowledge and understanding for more than 200 years, helping people around the world meet their needs and fulfill their aspirations Our company is built on a foundation of principles that include responsibility to the communities we serve and where we live and work In 2008, we launched a Corporate Citizenship Initiative, a global effort to address the environmental, social, economic, and ethical challenges we face in our business Among the issues we are addressing are carbon impact, paper specifications and procurement, ethical conduct within our business and among our vendors, and community and charitable support For more information, please visit our website: www.wiley.com/go/citizenship Copyright © 2017, 2013, 2009 John Wiley & Sons, Inc All rights reserved No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per‐copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923 (Web site: www.copyright.com) Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030‐5774, (201) 748‐6011, fax (201) 748‐6008, or online at: www wiley.com/go/permissions Evaluation copies are provided to qualified academics and professionals for review purposes only, for use in their courses during the next academic year These copies are licensed and may not be sold or transferred to a third party Upon completion of the review period, please return the evaluation copy to Wiley Return instructions and a free of charge return shipping label are available at: www.wiley.com/go/ returnlabel If you have chosen to adopt this textbook for use in your course, please accept this book as your complimentary desk copy Outside of the United States, please contact your local sales representative ISBN: 9781119329565 (PBK) ISBN: 9781119297611 (EVALC) Library of congress Cataloging‐in‐Publication Data Names: Turner, Leslie, author | Weickgenannt, Andrea, author | Copeland, Mary Kay, author Title: Accounting information systems : controls and processes / Leslie Turner, Andrea Weickgenannt, Mary Kay Copeland Description: Third edition | Hoboken, NJ : John Wiley & Sons Inc., [2017] | Includes bibliographical references and index Identifiers: LCCN 2016036148 | ISBN 9781119329565 (pbk : alk paper) Subjects: LCSH: Accounting—Data processing Classification: LCC HF5679 T87 2017 | DDC 657.0285—dc23 LC record available at https://lccn.loc.gov/2016036148 The inside back cover will contain printing identification and country of origin if omitted from this page In addition, if the ISBN on the back cover differs from the ISBN on this page, the one on the back cover is correct Printed in the United States of America Leslie Turner To my parents and the many students who have inspired and motivated my work Andrea Weickgenannt To my sons, Karl and Erik, for their encouragement, wit, and tolerance Mary Kay Copeland To Bob and Barb Schiesser (my parents), Steve (my husband) and Tim and Chris (my sons) for their continued support ABOU T TH E AU TH O R S Leslie D Turner is Dean and a professor of accounting at Palm Beach Atlantic University He previously taught at Northern Kentucky University and the University of North Carolina at Greensboro He earned a DBA in accounting from the University of Kentucky, an MBA from Wheeling Jesuit University, and a BBA in accounting from Ohio University Dr Turner is a Certified Management Accountant (CMA) and a Certified Financial Manager (CFM) Professor Turner’s research interests are in internal controls and Sarbanes–Oxley compliance, educational pedagogy, and ethics His research has been published in The Accounting Educators’ Journal Management Accounting Quarterly, Accounting Horizons, Journal of Accounting and Public Policy, Journal of Internet Commerce, Journal of Information Systems, Management Accounting, The Review of Accounting Information Systems, The Journal of Management Accounting Research, Strategic Finance, The CPCU Journal, National Accounting Journal, The Oil and Gas Tax Quarterly, Accounting Systems Journal, and The Journal of Accounting Case Research Professor Turner is a member of the American Accounting Association, the Institute of Management Accountants, and the Information Systems Audit and Control Association Andrea B Weickgenannt is an assistant professor in the Department of Accountancy at Xavier University She is a DBA candidate at Kennesaw State University, and also holds an MBA from the University of Maryland and a BBA from the University of Cincinnati She is a Certified Public Accountant (CPA) and has over 13 years of experience with Ernst & Young LLP (Cincinnati and Baltimore) Professor Weickgenannt’s research interests are in the areas of accounting information systems, financial accounting, auditing, and corporate governance Her research has been published in The Journal of Business Cases and Applications, Issues in Accounting Education, Advances in Accounting Education, The National Accounting Journal, Journal of Accounting Case Research, Critical Perspectives on Accounting, and The Journal of College Teaching & Learning Professor Weickgenannt is a member of the American Accounting Association, the American Institute of Certified Public Accountants, the Institute of Internal Auditors, the Institute of Management Accountants, and the Ohio Society of Certified Public Accountants Mary Kay Copeland, PhD, MBA, CPA Mary Kay Copeland is an assistant professor, teaching accounting and accounting information systems at St John Fisher College in Rochester, NY She previously taught at the University of Buffalo and Bowling Green State University She earned a BS/MBA in Accounting from the University of Buffalo and a PhD from Regent University Dr Copeland is a Certified Public Accountant and has over 30 years of professional experience including years with KPMG and 20 years in consulting and CFO positions v vi About the Authors Professor Copeland’s research interests include accounting information systems, financial and managerial accounting, ethics, and values‐based leadership Her research has been published in The CPA Journal, Research on Professional Responsibility and Ethics in Accounting, International Journal of Leadership Studies and Business Education Forum Dr. Copeland also has had numerous conference proceeding publications with the American Accounting Association Dr Copeland has also co‐published a Microsoft Dynamics GP® text with Armond Dalton Publishers and authored hands on Microsoft Dynamics coursework for Microsoft Dynamics AX and Microsoft Dynamics GP ERP systems Professor Copeland is a member of the American Accounting Association, the American Institute of Certified Public Accountants, and the Microsoft Dynamics National Academic Advisory Board PREFAC E Instructor Overview Each of us who teaches Accounting Information Systems (AIS) faces the problem of providing students a comprehensive, but interesting knowledge base of AIS However, we all know that it is difficult to find the right balance of coverage of technical concepts and student comprehension When addressing this issue of balance, we began to see clearly that a better, more comprehensible approach was needed With this book, we have achieved a good balance of covering technical concepts while still making the text easy to read and understand Our textbook also reinforces AIS concepts with relevant, real‐world examples and reasonable end‐of‐chapter materials This text incorporates the important content found in a typical AIS course, but has five distinguishing characteristics Five characteristics we focus on throughout the text are simplicity and understandability of the writing, business processes, accounting and IT controls, examples from Microsoft Dynamics GP (an ERP/AIS system), and ethics as it relates to accounting systems We place extra emphasis on the students’ understanding We explain AIS in the context of business processes and incorporate many real‐world examples The richness of these examples improves the text, the discussion questions, and end‐of‐chapter exercises and cases We explain IT controls by employing the framework in the AICPA Trust Services Principles This is an encompassing, but easy to understand, framework of IT controls We provide examples in the text of an AIS/ERP system, Microsoft Dynamics GP Instructors are able to add a hands‐on learning of Microsoft Dynamics GP that complements the theoretical concepts in the text Finally, we believe that ethics continues to increase in importance as a topic to be included in accounting texts We have included an ethics section in each chapter We think that including all these characteristics in a single text has resulted in an extremely user‐friendly product: one that will help your students achieve a better foundation in AIS Features The book is designed to enhance student learning with a focus on ease of use, business processes and the related controls, and ethics and corporate governance as they relate to accounting information systems (AIS) Ease of Use This AIS textbook will allow students to easily read and comprehend the material, understand the charts and graphs, and successfully answer questions and cases at the end of the chapters To attain ease of use, we included several features, including the following: • An approach to technical topics with a writing style that is easy to understand vii viii Preface • Process maps and document flowcharts that provide a picture of business processes and that are easy to understand While there are several approaches to charts that depict systems, we have used the types of charts that illustrate business processes in the simplest, yet complete manner Especially in the chapters focused on business processes, we use matched process maps, document flowcharts, and data flow diagrams to illustrate the processes that occur, and the related flow of information and documents These charts are easy to follow and they will enhance the understanding of the business processes • AICPA Trust Services Principles framework for IT controls Controls within Information Technology can be a very difficult subject to comprehend because of the underlying complexity of the technology While COBIT is the most comprehensive source of IT control information, it is not typically easy for students to understand This is especially true for students who have not had the opportunity to gain work experience with IT systems and business processes We use the simplest framework available for the explanation of IT controls: the AICPA Trust Services Principles The Trust Services Principles categorize IT Controls into five areas: security, availability, processing integrity, online privacy, and confidentiality • Control and risk tables that summarize internal controls and the related risks Internal controls are easier to understand when students can see the corresponding types of risks that the controls are intended to lessen We use control/risk exhibits to present risks that are reduced when controls are used • Real‐world examples to illustrate important concepts Concepts are often easier to comprehend when presented in a real‐world scenario Each chapter includes examples of issues faced by actual business organizations that help illustrate the nature and importance of concepts in the chapter Real‐world discussions are boxed in a feature titled “The Real World.” • Microsoft Dynamics GP screen shots to present topics in the context of a real computer system New concepts are often easier for students to understand while presented within a real‐life application We use screen shots from Microsoft Dynamics GP software to show how various aspects of business processes would appear in this computer system In addition, in this version, we have added the ability for instructors to add hands‐on learning of Microsoft Dynamics GP to the coursework See the textbook website for details This add‐on tool provides access to a cloud‐based version of Microsoft Dynamics minimizing the involvement of a university’s IT staff • The IT technology that underlies AIS continually evolves and allows enhancements to those systems Several chapters integrate the concept of cloud computing and the increasing use of cloud computing The effects of cloud computing on the risk benefits and auditing in AIS are also described • End‐of‐chapter questions, problems, and cases that match well with the chapter content It is important to provide material at the end of each chapter that helps students reinforce the topics presented It is equally important that this material be relevant and understandable We have devoted our attention to providing a variety of end‐of‐chapter activities that are meaningful and manageable, including a concept check, discussion questions, brief exercises, Web exercises, problems, cases, and a continuing case In addition, most chapters include activities adapted from professional (CPA, CMA, and CIA) examinations Business Processes, Accounting Controls, and IT Controls Business transactions are portrayed within the text in terms of business processes, which are widely recognized throughout the accounting profession These business processes are described in a manner that is applicable to many different business environments www.downloadslide.com INDEX 545 General controls for IT systems, 105–115 AICPA Trust Services Principles, 115–120 antivirus software, 111 authentication of users, 106–109 authority table, 108–109 biometric devices, 108 computer log, 108 configuration tables, 108 encryption, 109 firewall, 109 hacking, 109–111 intrusion detection, 111 log in, 106 network break-ins, 109–111 nonrepudiation, 108 organizational structure, 112–113 password, 106 penetration testing, 111 physical environment and security, 113–114 battery power (UPS), 114 emergency power supply (EPS), 113 generators (EPS), 114 uninterruptible power supply (UPS), 113 public key encryption, 110 secure sockets layer (SSL), 111 security token, 107 service set identifier (SSID), 110 smart card, 107 symmetric encryption, 109 two-factor authentication, 107 user IDs, 106 user profile, 108 virtual private network (VPN), 111 virus, 111 vulnerability assessment, 111 wired equivalency privacy (WEP), 110 wireless protected access (WPA), 110 Generalized audit software (GAS), 233 General journal, 35 General ledger processes, 35 risks and controls in, 451–457 special journals, 453–454 subsidiary ledgers, 453–454 Generally accepted auditing standards (GAAS), 216 standards of fieldwork, 216 standards of reporting, 216 Generators (EPS), 114 Ghost employee, 398 Global positioning systems (GPSs), 169 Gould, Janet, 519n1 Governance, IT cloud computing as a conceptual design, 167 detailed design, 167–169 ethical considerations related for consultants, 176–177 for employees, 175–176 for management, 175 feasibility study economic feasibility, 157 operational feasibility, 157 schedule feasibility, 157 technical feasibility, 157 internet commerce, 168 IT governance committee, 151 IT systems match to strategic objectives, 156 strategic management, 173 system development life cycle (SDLC), 151 (See also individual entry) Governance, risk management, and compliance (GRC) activities, 231 Government auditors, 214 Graphical user interface (GUI), 505 H Hacking, 77–78 risks from, 119 Hammer, Michael, 161n7 Hardware exposures in IT systems, 120–130 Hash totals, 137, 228 Header data, 285 Health Insurance Portability and Accountability Act of 1996 (HIPAA), 528–529 Hierarchical database model, 475–476 High-impact processes (HIPs), 481 Hiring a consulting firm, 195 HTML, 508 Human resources, 191, 372, 416 Hurt, Suzanne, 310n1 I Implementation risks, 202–203 Incentive, 71 Independent checks and reconciliation, 88–89, 264, 270, 277, 382, 394 cash collection processes, 277 cash disbursement processes, 339 fixed assets processes, 394 general ledger processes, 456–457 payroll processes, 382 purchase return process, 331 purchasing processes, 324 sales processes, 264 sales return processes, 270 Indexed sequential access method (ISAM), 12 Industrial espionage, 76, 493 Industrial robots, 427 Information, 468 and communication, 83, 89 Information risk and IT-enhanced internal control, 215–216 motive of the preparer, 215 remoteness of information, 215 volume and complexity of underlying data, 215 www.downloadslide.com 546 INDEX Information Systems Audit and Control Association (ISACA), 91, 150, 217 Information technology (IT) See also Auditing information technology auditing IT processes, 212–213 controls, maintenance of, 91–93 of conversion processes, 426–429 of fixed assets processes, 396–397 governance, 148–182 (See also Governance, IT) IT auditors, 214 IT governance committee, 112 risk and controls in availability, 92 confidentiality, 92–93 online privacy, 92 processing integrity, 92 security, 92 steering committee, 174 Information technology (IT) enabled business processes, 7–10, 515–519 auditor of AIS, 22 automated matching, 16 business-to-business (B2B), 511 computers and, 10–15 basic computer data structures, 10–11 bit, 10 byte, 10 database, 11 field, 10 file, 11 master files, 11 record, 10 relational database, 11 transaction file, 11 design or implementation team of AIS, 22 for e-business, 15 (See also under E-business) electronic data interchange (EDI), 15 electronic invoice presentment and payment (EIPP), 16 enterprise resource planning (ERP), 17 E-payables, 16 evaluated receipt settlement (ERS), 16 importance to accountants, 22 IT controls, 20 application controls, 20 general controls, 20 IT governance, 21 point of sale system (POS), 16 users of AIS, 22 Information Technology Infrastructure Library (ITIL), 150 Infrastructure as a Service (IaaS), 41, 167 In-house design, 164 Input controls, 130, 227–228 Input manipulation, 77 Input methods used in business processes, 46–48 bar codes, 47 dynamics ERP E-business, 48 E-commerce, 48 electronic data interchange (EDI), 48 keying, 46–47 point of sale system (POS), 47–48 source documents, 46–47 Integrated test facility (ITF), 229 Integrity risks, 283–284 Intercompany, 15 Interconnected networks, 505–506 Internal Auditing Standards Board (IASB), 217 Internal auditors, 214 Internal controls for IT systems application controls, 104 programmed input validation checks, 135–136 (See also individual entry) source document controls, 132–134 standard procedures for data input, 134–135 application software, 130–138 batch totals, 137 cloud computing, 128–130 control totals, 136 database, 123–124 electronic data interchange (EDI), 127–128 general controls, 105–115 (See also individual entry) hash totals, 137 internet, 126–127 local area network (LAN) mobile workers, 127 processing controls, 137 record counts, 137 run-to-run control totals, 137 telecommuting workers, 127 wide area network (WAN), 125 wireless networks, 125–126 world wide web, 126–127 Internal control structure of organizations code of ethics, 20 corporate governance, 20–21 enterprise risk management (ERM), 18 control activities, 19 event identification, 19 information and communication, 19 internal environment, 18 monitoring, 19 objective setting, 19 risk assessment, 19 risk response, 19 internal environment, 18 IT controls, 20 application controls, 20 general controls, 20 Internal control system, 3, 67–102 corrective controls, 82 detective controls, 82 maintenance of, 80–91 www.downloadslide.com INDEX 547 monitoring, 89–90 need for, 67–70 objectives, 80 preventive controls, 80 reasonable assurance of, 90–91 Internal documents, 51 Internal reporting, 458–459 of ethical issues, 461 function managed, 458–459 time horizon, 458–459 type of organization, 458–459 Internal reports, 51 Internal Revenue Service (IRS), 68, 493 Internal sources of computer fraud, 76–77 See also under Computer fraud Internal theft, 70 International Auditing and Assurance Standards Board (IAASB), 217 International Federation of Accountants (IFAC), 217 International Organization for Standardization (ISO), 150, 237 International Standards on Auditing (ISAs), 217 Internet, 14, 126–127, 384, 504–510 See also Networks cloud computing, 15 common standards of, 508–510 extranet, 14 history of, 504–506 internal controls for, 523–524 internet commerce, 168 internet EDI XML in, 524–526 intranet, 14 physical structure of, 506–510 spoofing, 78–79 standards of, 506–510 voice-over Internet protocol (VoIP), 15 World Wide Web (WWW), 14 Internet EDI XML in, 524–526 Internet service providers (ISPs), 506–507 local ISPs, 506–507 regional ISPs, 507 Web server, 507 Interrelationships of business processes and AIS, 32–34 processes, 33 resulting reports, 33 transactions, 33 Interviews, 160 Intranets, 14 to enable E-business, 521–522 internal controls for, 523–524 Intrusion detection, 111, 349 Inventory control, 417 Inventory status reports, 418 Inventory theft, 74 Investment processes, 445–447 IT controls supply chain, 525–526 IT outsourcing, 236 J Just-in-time (JIT) production systems, 429 K Kelleher, Kevin, 157n6 Kickback, 74 Konrad, Rachel, 114n1 L Labeling interchanges, 285 Larceny, 74 Leaving sales open, 290 Legacy systems, 36 Letter of representations, 234 Limit check, 136 Limit tests, 228 Local area networks (LANs), 14, 122, 126, 235 Local ISPs, 506–507 Location-wise implementation, 200–201 Log in, 106 Logistics function, 414–422 operations, 418–422 quality control, 421 rework, 422 planning, 414–416 bill of materials, 415 capital budgeting plans, 415 engineering, 415 operations list, 415 production orders, 416 production schedule, 416 research and development, 414 scheduling, 416 resource management, 416–418 economic order quantities (EOQ), 417 finished goods inventory, 418 human resources, 416 inventory control, 417 inventory status reports, 418 maintenance and control, 416 raw materials, 417 routing, 417 routing slip, 417 warehousing, 418 work-in-process inventory, 417 Loss of audit trail visibility, 216 M Magnetic ink character recognition (MICR), 168 Magnetic tape, 471 Maintenance and control, 416 Management assertions, 218 www.downloadslide.com 548 INDEX Management fraud, 72–74 Management override, 73 Manual systems, 35–36 Manufacturing resource planning (MRP II), 184, 428 See also Enterprise resource planning (ERP) Many-to-many relationships, 475 Market segments of ERP systems, 192–195 cloud-based ERP, 194 Microsoft Dynamics AX, 193 Oracle, 193 SAP, 192–193 Master files, 11 Matching automated, 343 document, 343, 345, 346 invoiceless system, 345, 347 Materiality, 221 Materials requirements planning (MRP) software, 186 Materials resource planning (MRP), 428 Mathematical accuracy tests, 228 Messmer, Ellen, 286n3 Microsoft Dynamics AX, 193 Microsoft Dynamics GP, 193 bill of materials preparation, 415 payroll register preparation, 378–379 Microsoft Dynamics GP® credit limit, 259 general ledger posting, 454 list price of inventory items, 259 payments, 336–338 purchase orders in, 318 purchase receipts in, 317 purchase returns in, 326–330 transaction modules, 451 Mihalek, Paul H., 80n7 Misappropriation of assets, 70 Misstatement of financial records, 70 Mobile workers, 127 Modular implementation, 201 Monitoring, 89–90 Monus, Michael, 352 Multidimensional analytical processing (MOLAP), 483 N National Science Foundation (NSF), 505 Network databases, 477 Networks, 14–15, 506–507 See also Internet break-ins, 109–111 database model, 477 local area network (LAN), 14 risks from, 119 Nonrepudiation, 108 Normalized data, 477–480 data warehouse, 480 need for data normalization, 479 primary key, 477, 479 structured query language (SQL), 478 operational database, 480 rules of, 479 O Observation, 160 Off-site backup, 115 One-to-many relationships, 475 One-to-one relationships, 475 Online analytical processing (OLAP), 483 consolidation, 485 drill down, 484–485 exception reports, 485 pivoting, 485 time series analysis, 485 what-if simulations, 485 Online privacy, 92, 116, 203 Online processing, 12, 50 Operating system, 122–123 Operational audits, 213 Operational database, 12, 185, 480 Operational feasibility, 157, 166 Operation and maintenance, 153, 172–173 Operation risks, 203–204 Operations, 418–422 Operations list, 415 Operations personnel, 112 Opportunity, 71 Oracle, 193 Organization chart, 372 IT governance importance in SDLC as an internal control, 173–175 SDLC as part of strategic management, 173 Organizational structure and general controls for IT systems database administrator, 112 operations personnel, 112 programmers, 112 system development life cycle (SDLC), 113 systems analysts, 112 Output controls, 137–138, 230–231 audit trail tests, 230 reasonableness tests, 230 reconciliation, 230 rounding errors tests, 230 Output manipulation, 77 Outputs from the AIS and business processes, 50–51 external reports, 51 internal documents, 51 internal reports, 51 trading partner documents, 51 P Packet switching, 504 Packing slip, 261, 316 www.downloadslide.com INDEX 549 Parallel conversion, 171 Parallel simulation, 229 Password, 106 Paymaster, 381 Payroll outsourcing, 384 Payroll processes, 372–380 corporate governance in, 400–401 ethical issues related to, 398–399 human resources department, 372 IT systems, 382–385 organization chart, 372 payroll disbursements journal, 379 payroll register, 378 risks and controls in, 380–382 time sheet, 377 Payroll register, 378 Payroll system flowchart, 54 Penetration testing, 111, 226, 349 Periodic inventory systems, 422 Perpetual inventory systems, 422 Phase-in conversion, 172 Physical access risks, 120 Physical environment and security, 113–114 Physical inventory count, 424 Physical inventory reconciliation, 425 Picking ticket, 261 Pick list, 279 Pigeon, Paul, 352 Pilot conversion, 172 Pivoting, 485 Planning phase, 220 Platform as a Service (PaaS), 41, 167 Point of sale (POS) systems, 16, 47–48, 288–289 controls, 288–289 risks, 288–289 Population testing, 238 Post-implementation review, 172 Preventive controls, 80 Price list, 258 Primary key, 477 Privacy, 92 Privacy expectations in e-commerce, 514–515 See also under E-Commerce Private cloud, 129 Problems, this book administrative processes/controls, 466–467 auditing IT-based processes, 247–248 conversion processes/controls, 436 data and databases, 499 e-business and e-commerce, 533 e-commerce and e-business, 533 enterprise resource planning (ERP) systems, 210 expenditure processes/controls, 359–362 foundation concepts, 64 fraud, ethics, and internal control, 98–99 internal controls/risks in IT systems, 143–144 introduction to AIS, 27–28 IT governance, 180–181 payroll and fixed asset processes/controls, 406–407 revenue and cash collection processes/controls, 297–302 Processing accounting data, 48–50 See also Batch processing; Online processing; Real-time processing Processing controls, 131, 137, 228–229 balancing tests, 228 Benford’s Law, 228 computer assisted audit techniques (CAATs), 229 embedded audit modules, 229 integrated test facility (ITF), 229 mathematical accuracy tests, 228 parallel simulation, 229 program mapping, 229 program tracing, 229 run-to-run totals, 228 test data method, 229 Processing integrity, 92, 116, 118, 129, 203, 282, 287 Processing integrity risks, 117–120 Process maps, 51–52 symbols, 52 Procurement and logistics, 191 Procurement card (p-card), 351 Product development and manufacturing, 191 Production orders, 416 Production schedule, 416 Professional skepticism, 240 Program manipulation, 77 Program mapping, 229 Programmed data input checks, 283 Programmed input validation checks, 135–136 completeness check, 136 field check, 135 limit check, 136 range check, 136 reasonableness check, 136 self-checking digit, 136 sequence check ensures, 136 sign check, 136 validity check, 135 Programmers, 112 Program tracing, 229 Protocol, 505 Public cloud computing, 128 Public Company Accounting Oversight Board (PCAOB), 93, 216 Public key encryption, 110 Purchase invoice, 333 Purchase order (PO), 255, 315 Purchase requisition, 312 Purchase return process risks and controls in, 330–332 Purchases journal, 315 Purchasing processes, 312–322 bill of lading, 316 blind purchase order, 316 www.downloadslide.com 550 INDEX cutoff, 317–318 packing slip, 316 purchase order (PO), 315 purchase requisition, 312 purchases journal, 315 receiving report, 316 risks and controls in, 322–326 Q Qualified opinion, 234 Quality control, 421 Questionnaires, 160 R Radio-frequency identification (RFID) systems, 429 Random access, 472 Random access files, 11 Range check, 136 Rationalization, 71 Raw materials, 417 Real-time processing, 12, 50, 472–473 Reasonable assurance, 90–91 Reasonableness check, 136 Reasonableness tests, 230 Receiving log, 266, 317 Receiving report, 266, 316 Reconciliation, 88, 230 See also Independent checks and reconciliation Record, 10, 471 Record counts, 137 Record pointer, 476 Records and documents, 263, 269, 276 Redundancy tests, 228 Redundant array of inexpensive disks (RAID), 115, 284 Redundant servers, 115 Refund fraud, 76 Regional ISPs, 507 Relational database, 11, 477 Relational online analytical processing (ROLAP), 483 Remittance advice, 272, 337 Remoteness of information, 215 Reporting as general ledger processes output external reporting, 457–458 internal reporting, 458–459 Request for proposal (RFP), 163 Research and development, 414 Resource management, 416–418 Revenue processes, 250–255 See also Cash collection processes; Sales processes and controls, 250–308 corporate governance in, 292 ethical issues in channel stuffing, 290 leaving sales open, 290 IT-enabled systems of, 279–281 within the overall system, 252 Rework, 422 Risks, 236 assessment, 84 automated matching, 16, 343 availability, 116, 236–237, 284 business (expenditures), 351–353 business continuity, 120 cash disbursement process, 338–341 cash receipts process, 74 categories, 92–93 confidentiality, 92, 116, 283, 344 conversion process, 423–426 defined, 236 e-business systems, 281–284 EDI, 284–288, 348–350 from environmental factors, 119–120 evaluated receipt settlement, 346–347 fixed asset process, 393–396 general ledger process, 451–457 from hacking/network break-ins, 119 from network break-ins, 119 in not limiting unauthorized users, 116–119 operating system, 122–123 payroll process, 380–382 physical access, 120 POS systems, 288–289 processing integrity, 92, 116, 283–284, 345, 347, 349 purchase return process, 330–332 purchasing process, 322–326 reduction categories, 17–18 sales process, 262–265 sales return process, 266 security, 116, 236 Risks of ERP systems, 202–204 availability, 203 confidentiality, 203 implementation risks, 202–203 online privacy, 203 operation risks, 203–204 processing integrity, 203 security, 203 Roth, H.P., 281n1 Rounding errors tests, 230 Router, 504 Routing, 417 Routing slip, 417 Run-to-run control totals, 137 Run-to-run totals, 228 S Salami technique, 77 Sales allowance, 270 Sales and services, 191 Sales invoice, 261 Sales journal, 261 Sales order, 255 www.downloadslide.com INDEX 551 Sales processes bill of lading, 261 credit limit, 259 document flowchart, 257 packing slip, 261 pick list, 279 price list, 258 purchase order, 255 risks and controls in, 262–265 sales invoice, 261 sales journal, 261 sales order, 255 sales process map, 256 Sales return processes credit memorandum, 266 receiving log, 266 receiving report, 266 risks and controls in, 266–271 Sampling, 238 SAP, 192–193 Sarbanes–Oxley Act of 2002, 79, 93–94, 204–205, 240 See also Corporate governance Scalability, 128 Scalable, 201 Schedule feasibility, 157, 166 Scheduling, 416 Schmelzle, George D., 80n8 Screen scrapers, 37 SDLC as an internal control, 173–175 Secure socket layers (SSL), 119, 524 Securities and Exchange Commission (SEC), 68 Security, 92, 113–114, 116, 203 Security controls, 226–227 Security of assets and documents, 263–264, 270, 276, 381–382, 394 cash collection processes, 276 cash disbursement processes, 338–339 fixed assets processes, 394 payroll processes, 381–382 purchase return process, 330 purchasing processes, 322–323 sales processes, 263–264 sales return processes, 270 Security risks, 116–120, 236, 283 Security token, 107 Seddon, Peter B., 202n7 Segregation of duties, 86, 262–263, 269, 272–275, 381, 394 cash collection processes, 272–275 cash disbursement processes, 338–339 fixed assets processes, 394 general ledger processes, 453–456 payroll processes, 381 purchase return process, 330 purchasing process, 322–323 sales processes, 262–263 sales return processes, 269 Self-checking digit, 136 Sequence check ensures, 136 Sequential access files, 11, 471 Service level agreement (SLA), 41, 167 Service Organization Controls (SOC) Framework, 237 Service set identifier (SSID), 110, 119 Shang, Shari, 202n7 Shipping log, 261 Sign check, 136 Skimming, 74 Small to medium-sized entities (SMEs), 194, 488 Smart card, 107 Smith, Carl, 80n7 Software as a Service (SaaS), 40–41, 167 Software exposures in IT systems, 120–130 Software piracy, 76 Software programming, 170 Software purchase, 163 Software selection, 155 Software testing, 171 Songini, Marc L., 199n3 Source document, 35 Source document controls, 132–134 form authorization and control, 132 form design, 132 retention of source documents, 134 Source of capital processes, 460 Special journals, 35, 448 Specific authorization, 85 Spoofing, 78–79 e-mail spoofing, 96 internet spoofing, 96 Standard costs, 422 Station set identifiers (SSID), 126 Stewardship, 68, 175 Storage of data terminology, 471 Stores, 417 Strategic management, 149, 173 Structured data, 13, 470 Structured query language (SQL), 478 Subsidiary ledgers, 35, 448 Substantive testing, 231 Supply chain, 6, 525–526 business process linkage throughout, 5–7 Supply chain management (SCM), 7, 188, 191–192 Symmetric encryption, 109 System conversion, 171–172 System development life cycle (SDLC), 113 conceptual design, 164–165 detailed design, 155 evaluation and selection, 165–167 operation and maintenance, 153 operation and maintenance phase of, 172–173 as part of strategic management, 173 phases of, 155 post-implementation review, 172 software selection, 155 www.downloadslide.com 552 INDEX systems analysis, 153 systems analysis phase of interviews, 160 preliminary investigation, 158 questionnaires, 160 system survey, 158–161 user requirements, determination, 160–161 systems design, 153, 162–169 conceptual design, 164–165 evaluation, 165–167 hiring a consultant, 164 in-house design, 164 purchase of software, 163 selection, 165–167 systems implementation, 153, 169–172 data conversion, 171 direct cutover conversion, 172 documenting the system, 171 parallel conversion, 171 phase-in conversion, 172 pilot conversion, 172 software programming, 170 software testing, 171 system conversion, 171–172 training employees, 170 systems planning, 152, 155–158 user acceptance, 172 System flowcharts, 52–53 payroll system flowchart, 54 symbols, 53 Systems analysis, 153 Systems analysts, 112 Systems, Applications, and Products (SAP), 187 Systems design, 153 Systems implementation, 153 Systems planning, 152 phase of SDLC, 155–158 System survey, 158–160 System survey analysis business process reengineering (BPR), 161 systems analysis report, 161 T TCP/IP, 505 Technical feasibility, 165–166 Telecommuting workers, 127 Test data method, 229 Testing of the ERP system, 198 Tests of controls, 224–231 application controls, 227 (See also individual entry) authenticity tests, 226 general controls, 224–227 IT administration, 225 penetration tests, 226 review access, 227 security controls, 226–227 vulnerability assessments, 226 Three way match, 341 Throughput, 159 Tier one software, 192–193 Tier two ERP, 193 Time series analysis, 485 Time sheet, 377 Totals batch, 88, 137 control, 136, 287 hash, 137 run-to-run, 137, 228 Trade-offs in database storage, 479–480 Trading partner documents, 51 Traditional EDI, 524–526 Trailer data, 285 Training employees, 170 Transaction authorization, 262, 266, 272, 380–381, 393 cash collection process, 272 cash disbursement process, 338–339 conversion process, 423 fixed asset process, 393 general ledger process, 458–459 payroll process, 380–381 purchase return process, 330 purchasing process, 322 sales process, 262 sales return process, 266 Transaction file, 11 Transaction logging, 287 Transaction processing systems (TPS), 251, 309 Transactions tests, 231–233 Trap door alteration, 77 Trojan horse program, 77 Trust services principles, 92 Turnaround document, 35 Two-factor authentication, 107 Types of AIS, 34–38 enterprise application integration (EAI) general journal, 35 general ledger, 35 legacy systems, 36–38 manual systems, 35–36 modern, integrated systems, 38 screen scrapers source document, 35 special journals, 35 subsidiary ledgers, 35 turnaround document, 35 U Unauthorized users, 116–119 Underwriter, 445 www.downloadslide.com INDEX 553 Unethical management behavior in capital sources and investing, 460–461 Uniform resource locater (URL), 508 Uninterruptible power supply (UPS), 113 UNIX® computer, 505 Unqualified opinion, 234 Unstructured data, 13, 470, 490 User acceptance, 172 User IDs, 106 User profile, 108, 204 Users of AIS, 22 V Validation checks, 228 Validity check, 135 Value added networks (VANs), 285, 524–526 Variances, 423 Vendor, 6, 310 Vendor audits, 76 Vendor fraud, nature of, 76 Virtual private network (VPN), 111, 119 Virus, 111 Voice-over Internet protocol (VoIP), 15 Vulnerability assessment, 111, 226 Vulnerability testing, 349 W Warehousing, 418 Web-based sale system, 283 Web server, 507 What-if simulations, 485 Wide area network (WAN), 125, 235 Williger, Stephen D., 68n1 Wired equivalency privacy (WEP), 110 Wireless networks, 125–126 Wireless protected access (WPA), 110 Work-in-process inventory, 417 World Wide Web (WWW), 14, 126–127 Y Y2K compatible, 187 Z Zikmund, Paul, 75 Zipser, Andy, 290n4 www.downloadslide.com www.downloadslide.com SYSTEM AND DOCUMENT FLOWCHART SYMBOLS Process Manual Input (keying) Data Manual Process Document Direct Access Storage On-page Connector Online Data Storage Off-page Connector Decision Terminator (beginning or end) File www.downloadslide.com PROCESS MAP SYMBOLS An oval is used to show the start and/or finish of a process The start is usually the input of the business process, and the finish is the output The input and output may be materials, activities, or information A rectangle shows a task or activity in the process Typically, only one arrow comes out of a rectangle (one output) However, many arrows can come into a rectangle (inputs) A diamond represents a point in the process when a decision must be made In many cases the decision is a yes/no decision, but not always An arrow shows the direction of flow within the process A A circle with a letter or number inside is used as a connector A connector is used when there is a break in the process The connector is used at the beginning of the break in the process, and again where the process resumes DATA FLOW DIAGRAM SYMBOLS A square is a terminator It represents both sources and destinations of data A rectangle with rounded corners represents a process Any tasks or functions performed are depicted by this rectangle An open-ended rectangle is a data store or the storage of data Storage could be in manual records or computer files An arrow shows the direction of flow of data www.downloadslide.com A LIST OF FLOWCHARTS IN THIS TEXTBOOK Exhibit Page Title Exhibit 2-8 54 Common System Flowchart Symbols Exhibit 2-9 54 Payroll System Flowchart Exhibit 2-11 56 Restaurant Document Flowchart Exhibit 8‐4 257 Document Flowchart of a Sales Process Exhibit 8‐10 268 Document Flowchart of a Sales Return Process Exhibit 8‐14 274 Document Flowchart of a Cash Receipts Process Exhibit 8‐18 280 Revenue Processes System Flowchart Exhibit 9‐4 314 Document Flowchart of the Purchasing Processes Exhibit 9‐11 328 Document Flowchart of the Purchase Return Processes Exhibit 9‐16 335 Document Flowchart of the Cash Disbursement Processes Exhibit 9‐20 342 Flowchart of Document Matching to Approve and Pay for Purchases Exhibit 10-4 376 Document Flowchart of the Payroll Processes Exhibit 10-9 387 Document Flowchart for Fixed Asset Acquisition Processes Exhibit 10-12 392 Document Flowchart for Fixed Asset Disposals Exhibit 11‑6 420 Document Flowchart of the Production Process A LIST OF PROCESS MAPS IN THIS TEXTBOOK Exhibit Page Title Exhibit 2-6 52 Process Map Symbols Exhibit 2-7 53 Process Map of Class Registration Exhibit 2-10 55 Restaurant Process Map Exhibit 5‐2 154 Process Map of the System Development Life Cycle (SDLC) Exhibit 5‐3 156 Systems Planning Process Map Exhibit 5‐4 159 Systems Analysis Process Map Exhibit 5‐5 162 System Design Process Map for Purchased Software Exhibit 5‐6 164 System Design Process Map for In‐House Design Exhibit 5‐7 170 Implementation and Operation Process Map Exhibit 7-4 220 Process Map of the Phases of an Audit Exhibit 7-5 221 Audit Planning Phase Process Map Exhibit 7-6 224 Controls Testing Phase Process Map Exhibit 7-9 232 Substantive Testing Phase Process Map Exhibit 7-10 234 Audit Completion/Reporting Phase Process Map Exhibit 8‐3 256 Sales Process Map Exhibit 8‐9 267 Sales Return Process Map (Continued) www.downloadslide.com Exhibit Page Title Exhibit 8‐13 273 Cash Receipts Process Map Exhibit 9‐3 313 Purchasing Process Map Exhibit 9‐10 327 Purchase Return Process Map Exhibit 9‐15 334 Cash Disbursement Process Map Exhibit 10-3 375 Payroll Process Map Exhibit 10-8 386 Fixed Assets Acquisitions Process Map Exhibit 10-11 391 Fixed Assets Disposal Process Map Exhibit 11-5 419 Production Process Map Exhibit 12-3 445 Source of Capital Process Map Exhibit 12-4 446 Investment Process Map Exhibit 12-5 449 Accounting Cycle Process Map A LIST OF DATA FLOW DIAGRAMS IN THIS TEXTBOOK Exhibit Page Title Exhibit 2-12 57 Restaurant Data Flow Diagram Exhibit 2-13 57 Data Flow Diagram Symbols Exhibit 8‐5 258 Sales Processes Data Flow Diagram Exhibit 8‐11 269 Sales Return Processes Data Flow Diagram Exhibit 8‐15 275 Cash Receipts Processes Data Flow Diagram Exhibit 9‐5 315 Purchasing Processes Data Flow Diagram Exhibit 9‐12 329 Purchase Return Processes Data Flow Diagram Exhibit 9‐17 336 Cash Disbursement Processes Data Flow Diagram Exhibit 10-5 377 Payroll Processes Data Flow Diagram Exhibit 10-10 388 Fixed Asset Acquisitions Processes Data Flow Diagram Exhibit 11‑7 421 Conversion Process Data Flow Diagram www.downloadslide.com WILEY END USER LICENSE AGREEMENT Go to www.wiley.com/go/eula to access Wiley’s ebook EULA ... Cataloging‐in‐Publication Data Names: Turner, Leslie, author | Weickgenannt, Andrea, author | Copeland, Mary Kay, author Title: Accounting information systems : controls and processes / Leslie Turner, Andrea Weickgenannt,... Accounting Information Systems CONTROLS AND PROCESSES Third Edition Leslie Turner Andrea Weickgenannt Mary Kay Copeland DIRECTOR Michael McDonald AQUISITION... Accountants, and the Ohio Society of Certified Public Accountants Mary Kay Copeland, PhD, MBA, CPA Mary Kay Copeland is an assistant professor, teaching accounting and accounting information systems