0% found this document useful (0 votes)

3 views306 pages

AISPRELIM

Uploaded by

Edlean Mae Cantor

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

3 views306 pages

AISPRELIM

Uploaded by

Edlean Mae Cantor

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 306

ACCOUNTING

INFORMATION
SYSTEM
PRELIM
Accounting Information

CHAPTER 1
Systems:
An Overview
INTRODUCT ION
• OBJECTIVES:
• Recognize the primary information flows within the business environment.
• Understand the difference between accounting information systems and
management information systems.
• Understand the difference between financial transactions and nonfinancial
transactions.
• Know the principal features of the general model for information systems.
• Understand the organizational structure and functional areas of a business.
• Be able to distinguish between external auditing, internal auditing, and advisory
services as they relate to accounting information systems.
SYSTEMS, DATA, AND INFORMAT ION

•A system is:
•A set of interrelated components
•That interact
•To achieve a goal
SYSTEMS, DATA,
AND INFORMATION

•Every organization has goals.

•The subsystems should be designed to maximize
achievement of the organization’s goals.
•Even to the detriment of the subsystem itself.
SYSTEM
- essentially a set of interacting components or
elements that work together to achieve a specific
goal or function
- can be physical (like machinery), biological (like the
human body), or even abstract (like social or
economic systems)
- the components of a system depend on each other
to work properly, and when they do, they produce a
desired outcome.
Example: Transportation System
Imagine a city transportation system. The goal of
this system is to move people from one place to
another. The components (or subsystems) of this
system include:
•Vehicles (buses, trains, cars)
•Roads and tracks (infrastructure)
•Traffic lights and signals (control mechanisms)
•Drivers and passengers (human interaction)
•Transportation authorities (management)
SYSTEMS, DATA, AND INFORMAT ION

•Goal conflict occurs when the activity of a subsystem is not

consistent with another subsystem or with the larger system.
•Goal congruence occurs when the subsystem’s goals are in line
with the organization’s goals.
•The larger and more complicated a system, the more difficult it
is to achieve goal congruence.
SYSTEMS, DATA, AND INFORMATION

•The systems concept encourages integration (i.e., minimizing the duplication of recording, storing,
reporting, and processing).
•Data are facts that are collected, recorded, stored, and processed by an information system.
•Organizations collect data about:
• Events that occur
• Resources that are affected by those events
• Agents who participate in the events
Imagine you're using an online shopping platform like
Lazada or Shopee. The website collects and processes a
lot of data in order to offer a seamless shopping
experience.

Data Collected:
• User Information – When you sign up or log in, the
website collects your personal details like name,
address, payment information, and browsing history.
• Product Information – The website keeps records of
each product, including descriptions, prices, images,
and stock availability.
• Search Queries – The system tracks what items you
search for, your preferences, and which products you
click on.
• Transaction Data – When you purchase an item, data
about your transaction (payment details, items
purchased, time of purchase) is collected.
Data Processing:
• Personalized Recommendations – The system analyzes
your previous searches and purchases to recommend
other products you might like, based on patterns
identified in the data.
• Inventory Management – Based on user activity and
transactions, the website updates the stock availability,
ensuring that only available products are shown.
• Targeted Ads – The platform may use your browsing
history and behavior to show you personalized ads for
products you're likely to buy.
SYSTEMS, DATA, AND INFORMAT ION

•Information is different from data.

•Information is data that have been organized and processed to provide
meaning to a user.
•Usually, more information and better information translates into better
decisions.
•Data refers to raw facts, figures, or observations that, by themselves, don’t
provide much meaning.
•Information is the result of processing or interpreting data, making it
meaningful and useful.

EXAMPLE: Weather Forecasting

Data:
1.Temperature readings from various locations.
2.Humidity levels from weather stations.
3.Wind speed and direction from an array of meteorological instruments.
4.Pressure readings from barometers.
At this stage, all these are data—raw, unprocessed facts from different
sources.
These data points don’t tell you much about the weather.
EXAMPLE
Weather Forecasting
Information:
When meteorologists process and analyze this data, they
can make predictions about the weather. For example:
•The temperature is dropping and the wind is picking
up—this might indicate a storm is approaching.
•The humidity level is high, and the barometric pressure
is dropping—this could signal rain.
Now, this processed data becomes information because it
has been interpreted and used to make predictions or
conclusions.
Example Situation in Action:
Imagine a weather forecast that says, "Expect
thunderstorms this afternoon with temperatures
reaching 75°F and winds up to 20 mph." The
weather station collected raw data like
temperature, wind speed, and pressure. After
analyzing that data, the meteorologists turned it
into information that is actionable and useful
for the public.
Key Difference:
• Data = Raw temperature reading of 75°F, wind
speed of 20 mph, and pressure drop.
• Information = "Thunderstorms expected this
afternoon due to high humidity and dropping
pressure."
In this case, data on its own doesn’t tell you much,
but when processed and interpreted, it becomes
information that helps you make decisions, like
whether to carry an umbrella or stay indoors.
SYSTEMS, DATA, AND INFORMAT ION

Benefits of information
- Cost of producing information
Value of information
Benefits of information may include:
• Reduction of uncertainty
• Improved decisions
• Improved ability to plan and schedule activities
SYSTEMS, DATA, AND INFORMAT ION

Benefits of information
- Cost of producing information
Value of information
Costs may include time and resources spent:
• Collecting data
• Processing data
• Storing data
• Distributing information to users
SYSTEMS, DATA, AND INFORMAT ION

Benefits of information
- Cost of producing information
Value of information
Costs and benefits of information are often difficult
to quantify, but you need to try when you’re making
decisions about whether to provide information.
SYSTEMS, DATA, AND INFORMAT ION

• Characteristics that make information useful:

• Relevance
It reduces uncertainty by helping you predict what
will happen or confirm what already has
happened.
SYSTEMS, DATA, AND INFORMAT ION

• Characteristics that make information useful:

• Relevance
• Reliability
It’s dependable, i.e., free from error or bias and
faithfully portrays events and activities.
SYSTEMS, DATA, AND INFORMAT ION

• Characteristics that make information useful:

• Relevance
• Reliability
• Completeness It doesn’t leave out anything that’s important.
SYSTEMS, DATA, AND INFORMAT ION

• Characteristics that make information useful:

• Relevance
• Reliability
• Completeness
• Timeliness You get it in time to make your decision.
SYSTEMS, DATA, AND INFORMAT ION

• Characteristics that make information useful:

• Relevance
• Reliability
• Completeness
• Timeliness
It’s presented in a manner you can comprehend
• Understandability and use.
SYSTEMS, DATA, AND INFORMAT ION

• Characteristics that make information useful:

• Relevance
• Reliability
• Completeness A consensus notion—the nature of the

• Timeliness information is such that different people would

tend to produce the same result.

• Understandability
• Verifiability
SYSTEMS, DATA, AND INFORMAT ION

• Characteristics that make information useful:

• Relevance
• Reliability
• Completeness
• Timeliness
• Understandability You can get to it when you need it and in a format
• Verifiability you can use.

• Accessibility
SYSTEMS, DATA, AND INFORMAT ION

•Information is provided to both:

•External users
•Internal users
SYSTEMS, DATA, AND INFORMATION

•Information is provided to both:

•External users
•Internal users
SYSTEMS, DATA, AND INFORMAT ION

•External users primarily use information that is either:

•MANDATORY INFORMATION—required by a governmental entity, or
•ESSENTIAL INFORMATION—required to conduct business with
external parties, such as purchase orders.
SYSTEMS, DATA, AND INFORMAT ION

•In providing mandatory or essential information, the focus should be

on:
•Minimizing costs.
•Meeting regulatory requirements.
•Meeting minimum standards of reliability and usefulness.
SYSTEMS, DATA, AND INFORMAT ION

•Information is provided to both:

•External users
•Internal users
SYSTEMS, DATA, AND INFORMAT ION

•Internal users primarily use discretionary information.

•The primary focus in producing this information is
ensuring that benefits exceed costs, i.e., the information
has positive value.
AIS VS MIS
AIS MIS
FOCUS • specifically designed to collect, store, • broader and designed to provide information
process, and report financial data for managing the organization
• handling all aspects of financial • While it includes financial data, it also
transactions and reporting, like sales, integrates data from operations, marketing,
purchases, payroll, and tax information. human resources, and other business areas.
USERS Primarily used by accountants, financial Used by managers across different departments
managers, auditors, and tax authorities to help them make informed decisions
regarding business operations, performance,
and strategy.
PURPOSE • main goal is to ensure accurate financial • aims to provide managers with the tools they
records, maintain compliance with need for efficient decision-making, planning,
accounting regulations and resource allocation
• produce reliable financial statements • not just focused on financial data but on
operational and strategic data
FINANCIAL VS NON-FINANCIAL
TRANSACT IONS
FINANCIAL NON-FINANCIAL
DEFINITION
involve the exchange of money or equivalent
value do not involve an immediate financial exchange

AREA of EFFECT
company’s financial position or performance long-term impacts on business performance

• often qualitative in nature and do not show up

directly on the financial statements
CHARACTERISTICS
can be easily measured in monetary terms • important for strategic decision-making, but
their effects might not be immediately
measurable
SIX COMPONENTS OF AN AIS
1. The PEOPLE who use the system
2. The PROCEDURES and instructions used to collect, process, and store data
3. The DATA about the organization and its business activities
4. The SOFTWARE used to process the data
5. The INFORMATION TECHNOLOGY INFRASTRUCTURE, including
the computers, peripheral devices, and network communications devices used
in the AIS
6. The INTERNAL CONTROLS and security measures that safeguard AIS
data
GENERAL MODEL FOR INFORMATION
SYSTEMS
1. Hardware
- refers to the physical devices and equipment used to input, process, store, and
output data in an information system.
Examples: Computers, servers, printers, networking devices, and storage devices.
Purpose: Hardware provides the necessary infrastructure to run software and store
data, ensuring that information can be captured, processed, and shared effectively.
GENERAL MODEL FOR INFORMATION
SYSTEMS
2. Software
- refers to the programs and applications that run on hardware. These software applications are
responsible for processing data, performing calculations, and facilitating tasks.
Examples: Operating systems (e.g., Windows, Linux), business software (e.g., accounting software,
enterprise resource planning systems), and productivity tools (e.g., word processors,
spreadsheets).
Purpose: Software is the set of instructions that tell hardware how to process data and execute
tasks. It provides the functionality needed to turn data into usable information.
GENERAL MODEL FOR INFORMATION
SYSTEMS
3. Data
- the raw, unprocessed facts and figures that are collected by an information system (can
be numbers, text, images, or other types of input)
Examples: Customer details, sales transactions, inventory numbers, and employee records.
Purpose: Data is essential because it forms the foundation of the system. Once processed, it
can become meaningful information for decision-making.
GENERAL MODEL FOR INFORMATION
SYSTEMS
4. People
- the users who interact with the information system. This includes everyone from IT staff who
manage the system to end users who rely on the system for daily tasks.
Examples: Systems analysts, IT administrators, managers, and employees who use the system for
operations.
Purpose: People are the key to the system's success. They interact with the system to input data,
analyze information, and make decisions. They are also responsible for maintaining and improving
the system.
GENERAL MODEL FOR INFORMATION
SYSTEMS
5. Processes
-refer to the procedures and workflows that are used to collect, process, store, and
distribute data within the information system.
Examples: Data entry procedures, report generation processes, and approval workflows.
Purpose: Processes ensure that the information system operates effectively. They define
how data is handled, how information is generated, and how decisions are made.
INFORMATION NEEDS AND BUSINESS
PROCESSES
• Businesses engage in a variety of processes, including:
• Acquiring capital
• Buying buildings and equipment Each activity
• Hiring and training employees requires
different types
• Purchasing inventory of decisions.
• Doing advertising and marketing
• Selling goods or services
• Collecting payment from customers
• Paying employees
• Paying taxes
• Paying vendors
INFORMATION NEEDS AND BUSINESS
PROCESSES
• Businesses engage in a variety of processes, including:
• Acquiring capital
• Buying buildings and equipment Each decision
requires
• Hiring and training employees different types
• Purchasing inventory of information.
• Doing advertising and marketing
• Selling goods or services
• Collecting payment from customers
• Paying employees
• Paying taxes
• Paying vendors
INFORMATION NEEDS AND BUSINESS
PROCESSES
• Types of information needed for decisions:
• Some is financial
• Some is nonfinancial
• Some comes from internal sources
• Some comes from external sources
• An effective AIS needs to be able to integrate information of different types and from different sources.

By improving business processes leading to efficient

production, Toyota has become the largest automobile
manufacturer in the world, a title held by General Motors for
almost 100 years.
INTERACTION WITH EXTERNAL AND INTERNAL
PART IES

External
AIS Parties

• The AIS interacts with external parties, such as customers, vendors, creditors, and governmental agencies.
INTERACTION WITH EXTERNAL AND INTERNAL
PART IES

Internal External
Parties AIS Parties

•The AIS also interacts with internal parties such as

employees and management.
INTERACTION WITH EXTERNAL AND INTERNAL
PART IES

Internal External
Parties AIS Parties

• The interaction is typically two way, in that the AIS sends information to and
receives information from these parties.
TRANSACTION CYCLES

•A transaction is:
• An agreement between two entities to exchange goods or services; OR
• Any other event that can be measured in economic terms by an organization.
•EXAMPLES:
• Sell goods to customers
• Depreciate equipment
TRANSACTION CYCLES

•The business transaction cycle is a process that:

• Begins with capturing data about a transaction.
• Ends with an information output, such as financial statements.
TRANSACTION CYCLES

• Many business processes are paired in give-get exchanges.

• Basic exchanges can be grouped into five major transaction cycles:
• Revenue and Receipt Cycle
• Expenditure and Disbursement Cycle
• Production or Conversion Cycle
• Human resources and Payroll Cycle
• Financing and Investing Cycle
REVENUE and RECEIPT CYCLE
•The revenue cycle involves interactions with your customers.
•You sell goods or services and get cash.

Give Get
Goods Cash
REVENUE and RECEIPT CYCLE
ACCOUNTS • Sales, S. Returns and Allowances, S. Discounts
AFFECTED • Receivables, AFDA, BD Expense
• Cash
DEPARTMENTS REVENUE DISBURSEMENT
INVOLVED • Sales/ Customer order • Mail room or receptionist
• Credit • Treasury
• Inventory Control/ Warehouse • Accounting (receivable and general)
• Shipping
• Billing
• Accounting (inventory, receivable and general)
FORMS OR DOCUMENTS RECEIVED, INITIATED AND PROCESSED
FORM DESCRIPTION INITIATED BY: DISTRIBUTED TO:
SALES ORDER DETAILS OF GOODS ORDERED (QUANTITY, PRICES AND PAYMENT SALES DEPARTMENT • CUSTOMERS
(ORDER SLIP; TERMS) • CREDIT
CUSTOMER ORDER) • SHIPPING
• BILLING
SHIPPING DOCUMENT DESCRIBES THE GOODS TO BE SHIPPED AND SERVED AS A SHIPPING DEPARTMENT • CUSTOMERS
(BILL OF LADING; CONTRACT BETWEEN THE ENTITY AND CARRIER • CARRIER
DELIVERY RECEIPT) • BILLING
SALES INVOICE DESCRIBES THE GOODS SOLD, AMOUNT DUE AND THE TERMS BILLING DEPARTMENT • CUSTOMERS
(BILLING STATEMENT; OF PAYMENT • ACCOUNTING
STATEMENT OF ACCOUNT)
REMITTANCE ADVICE INTENDED TO FACILITATE THE ACCOUNTING FOR CASH BILLING DEPARTMENT • CUSTOMERS
COLLECTION
DAILY SUMMARIES SUMMARIZES TRANSACTIONS RECORDED DURING THE DAY BY RECEIVABLE (FOR SALES) • GENERAL ACCOUNTING
THE DIFFERENT DEPARTMENT TREASURY (COLLECTION) • TREASURY AND RECEIVABLE
MAIL ROOM (MAIL RECEIVED)
EXPENDITURE AND DISBURSEMENTS CYCLE

•The expenditure cycle involves interactions with your suppliers.

•You buy goods or services and pay cash.
Give Get
Cash Goods
EXPENDITURE AND DISBURSEMENTS CYCLE
ACCOUNTS • Purchases, P. Returns and Allowances, P. Discounts
AFFECTED • Payables
• Cash
DEPARTMENT EXPENDITURE DISBURSEMENT
S INVOLVED • User • Treasury
• Purchasing • Accounting (receivable and general)
• Receiving
• Accounts Payable
• Accounting (inventory and general)
FORMS OR DOCUMENTS RECEIVED, INITIATED AND PROCESSED
FORM DESCRIPTION INITIATED BY: DISTRIBUTED TO:
REQUISITION SLIP CONTAINS THE DETAILS OF THE USER DEPARTMENT’S REQUEST USER DEPARTMENT • PURCHASING
PURCHASE ORDER DETAILS OF GOODS TO BE ACQUIRED (QUANTITY AND PURCHASING DEPARTMENT • VENDOR
DESCRIPTION) • USER
• RECEIVING
• ACCOUNTS PAYABLE
RECEIVING REPORT DESCRIBES THE GOODS RECEIVED (QUANTITY, DESCRIPTION AND RECEIVING DEPARTMENT • PURCHASING
CONDITION) • ACCOUNTS PAYABLE
SHIPPING DOCUMENT DESCRIBES THE GOODS TO BE SHIPPED AND SERVED AS A VENDOR (THRU CARRIER) • RECEIVING
CONTRACT BETWEEN THE ENTITY AND CARRIER

VENDOR’S INVOICE DESCRIBES THE GOODS SOLD, AMOUNT DUE AND THE TERMS VENDOR • ACCOUNTS PAYABLE
OF PAYMENT
DAILY SUMMARIES SUMMARIZES TRANSACTIONS RECORDED DURING THE DAY BY ACCOUNTS PAYABLE (FOR PURCHASES) • GENERAL ACCOUNTING
THE DIFFERENT DEPARTMENT TREASURY (PAYMENT)
PRODUCTION OR CONVERSION CYCLE

•In the production cycle, raw materials and labor are

transformed into finished goods.
Give Raw Get
Materials & Finished
Labor Goods
PRODUCTION AND CONVERSION CYCLE
ACCOUNTS • Purchases, P. Returns and Allowances, P. Discounts
AFFECTED • Payables
• Cash
DEPARTMENT EXPENDITURE DISBURSEMENT
S INVOLVED • User • Treasury
• Purchasing • Accounting (receivable and general)
• Receiving
• Accounts Payable
• Accounting (inventory and general)
HUMAN RESOURCES/ PAYROLL CYCLE
•The human resources cycle involves interactions with your employees.
•Employees are hired, trained, paid, evaluated, promoted, and terminated.

Give Get
Cash Labor
HUMAN RESOURCES AND PAYROLL CYCLE
ACCOUNTS • Salaries and Wages Expense and Payable
AFFECTED • Premiums Expense and Payable
• Withholding Taxes Payable
• Inventories
• Cash
DEPARTMENTS EXPENDITURE DISBURSEMENT AND DISTRIBUTION
INVOLVED • User • Treasury
• HR/ Personnel • Accounting (general)
• Payroll
• Accounting (inventory and general)
FORMS OR DOCUMENTS RECEIVED, INITIATED AND PROCESSED
FORM DESCRIPTION INITIATED BY: DISTRIBUTED TO:
HR RECORDS CONTAINS ALL INFORMATION RELATED TO THE EMPLOYEES AS WELL AS THEIR SALARY HR DEPARTMENT • PAYROLL (LIMITED TO
(PERSONNEL RECORDS 201 RATES, DEDUCTIONS AND OTHER PAYROLL RELATED INFORMATION PAYROLL
FILE) INFORMATION ONLY)
DOCUMENTS ALL ACTIONS TAKEN BY THE EMPLOYEES OR MANAGEMENT ON BEHALF OF
THE EMPLOYEE
DAILY TIME RECORD NUMBER OF HOURS WORKED USER DEPARTMENT • PAYROLL
PAYROLL REGISTER SHOWS ALL RELATED PAYROLL INFORMATION (GROSS, DEDUCTIONS, AND NET PAY) PAYROLL • TREASURY
• GENERAL ACCOUNTING
LABOR COST SUMMARY SHOWS ALL PAYROLL INFORMATION WHICH IS CAPITALIZABLE OR CAN BE ATTRIBUTED PAYROLL • INVENTORY
TO A PARTICULAR JOB OR CUSTOMER ORDER ACCOUNTING

EMPLOYEE EARNING’S RECORD CUMULATIVE, YEAR-TO-DATE SUMMARY OF EARNINGS AND DEDUCTIONS OF EVERY VENDOR • ACCOUNTS PAYABLE
EMPLOYEE
DAILY SUMMARIES SUMMARIZES TRANSACTIONS RECORDED DURING THE DAY BY THE DIFFERENT PAYROLL (LIABILITY RECOGNITION) • GENERAL ACCOUNTING
DEPARTMENT TREASURY (PAYMENT)
INVENTORY (CAPITALIZABLE)
FINANCING AND INVEST ING CYCLE
•The financing cycle involves interactions with investors and creditors.
•You raise capital (through stock or debt), repay the capital, and pay a return
on it (interest or dividends).
Give Get
Cash cash
TRANSACTION CYCLES

•Thousands of transactions can occur within any of these

cycles.
•But there are relatively few types of transactions in a
cycle.
TRANSACTION CYCLES

•EXAMPLE: In the revenue cycle, the basic give-get transaction

is:
•Give goods
•Get cash
TRANSACTION CYCLES

•Every transaction cycle:

•Relates to other cycles.
•Interfaces with the general ledger and reporting system, which generates
information for management and external parties.
Finished Goods

Revenue Expenditure Production

Cycle Cycle Cycle

General Ledger
and Reporting • The Revenue Cycle
System • Gets finished goods from the production
cycle.
• Provides funds to the financing cycle.
• Provides data to the general ledger and
reporting system.
Human Res./ Financing
Payroll Cycle Cycle
Raw
Mats.
Revenue Expenditure Production
Cycle Cycle Cycle

Data
General Ledger
and Reporting • The Expenditure Cycle
System • Gets funds from the financing cycle.
• Provides raw materials to the production
cycle.
• Provides data to the general ledger and
reporting system.
Human Res./ Financing
Payroll Cycle Cycle
Finished Goods

Raw
Mats.
Revenue Expenditure Production
Cycle Cycle Cycle

General Ledger
and Reporting • The Production Cycle:
System • Gets raw materials from the expenditure
cycle.
• Gets labor from the HR/payroll cycle.
• Provides finished goods to the revenue cycle.
• Provides data to the general ledger and
Human Res./ reporting system.
Financing
Payroll Cycle Cycle
Revenue Expenditure Production
Cycle Cycle Cycle

General Ledger
and Reporting • The HR/Payroll Cycle:
System • Gets funds from the financing cycle
• Provides labor to the production cycle.
• Provides data to the general ledger and
reporting system.
Human Res./ Funds Financing
Payroll Cycle Cycle
Revenue Expenditure Production
Cycle Cycle Cycle

General Ledger
and Reporting • The Financing Cycle:
System • Gets funds from the revenue cycle.
• Provides funds to the expenditure and
HR/payroll cycles.
• Provides data to the general ledger and
reporting system.
Human Res./ Funds Financing
Payroll Cycle Cycle
Revenue Expenditure Production
Cycle Cycle Cycle

Data
General Ledger Information for
Internal & External Users
and Reporting
System

• The General Ledger and Reporting System:

Data
• Gets data from all of the cycles.
• Provides information for internal and external
Human Res./ Financing users.
Payroll Cycle Cycle
TRANSACT ION PROCESSING:
THE DATA PROCESSING CYCLE

•An important function of the AIS is to efficiently and effectively

process the data about a company’s transactions.
•In manual systems, data is entered into paper journals and ledgers.
•In computer-based systems, the series of operations performed on
data is referred to as the data processing cycle.
TRANSACT ION PROCESSING:
THE DATA PROCESSING CYCLE

•The data processing cycle consists of four steps:

•Data input
•Data storage
•Data processing
•Information output
DATA INPUT

• capture the data.

• Usually triggered by a business activity.
• Data is captured about:
• The event that occurred.
• The resources affected by the event.
• The agents who participated.
DATA INPUT

• A number of actions can be taken to improve the accuracy and efficiency of data input:
• Turnaround documents.

• EXAMPLE: The stub on your telephone bill that you tear off and
return with your check when you pay the bill.
• The customer account number is coded on the document, usually in
machine-readable form, which reduces the probability of human
error in applying the check to the correct account.
DATA INPUT

• A number of actions can be taken to improve the accuracy and efficiency of data input:
• Turnaround documents.
• Source data automation.

• Capture data with minimal human intervention.

• EXAMPLES:
– ATMs for banking.
– Point-of-sale (POS) scanners in retail stores.
– Automated gas pumps that accept your credit card.
DATA INPUT

• A number of actions can be taken to improve the accuracy and efficiency of data
input:
• Turnaround documents.
• Source data automation.
• Well-designed source documents and data entry screens.
• Using pre-numbered documents or having the system automatically assign sequential
numbers to transactions.
DATA INPUT

• A number of actions can be taken to improve the accuracy and efficiency of data input:
• Turnaround documents.
• Source data automation.
• Well-designed source documents and data entry screens.
• Using pre-numbered documents or having the system automatically assign sequential numbers to transactions.
• Verify transactions.
• EXAMPLE: Check for inventory availability before completing
an online sales transaction.
DATA STORAGE

• Ledger
A ledger is a file used to store cumulative
information about resources and agents. We
typically use the word ledger to describe the set
of t-accounts. The t-account is where we keep
track of the beginning balance, increases,
decreases, and ending balance for each asset,
liability, owners’ equity, revenue, expense, gain,
loss, and dividend account.
DATA STORAGE
• General Ledger
• Following is an example of a ledger account for accounts receivable:

GENERAL LEDGER

ACCOUNT: Accounts Receivable Account Number: 120

Date Description Post Ref Debit Credit Balance

01/01/05 42,069.00
01/03/05 Sales S03 1,300.00 43,369.00
01/13/05 Cash collections CR09 4,600.00 38,769.00
01/23/05 Sales S04 5,600.00 44,369.00
DATA STORAGE
• General ledger
• Subsidiary ledger

The subsidiary ledgers contain the detail

accounts associated with the related general
ledger account. The accounts receivable
subsidiary ledger will contain three separate
t-accounts—one for Anthony Adams, one for Bill
Brown, and one for Cory Campbell.
DATA STORAGE
• General ledger
• Subsidiary ledger

The related general ledger account is often

called a “control” account.

The sum of the subsidiary account balances

should equal the balance in the control
account.
DATA STORAGE
• General ledger
• Subsidiary ledger
• Coding techniques

• Coding is a method of systematically assigning numbers or letters to

data items to help classify and organize them. There are many types
of codes including:
– Sequence codes
– Block codes
– Group codes
DATA STORAGE
• Ledger
• General ledger
• Subsidiary ledger
• Coding techniques
• With sequence codes, items (such as checks or invoices) are
numbered consecutively to ensure no gaps in the sequence. The
numbering helps ensure that:
– All items are accounted for.
– There are no duplicated numbers, which would suggest errors or fraud.
DATA STORAGE
• Ledger
• General ledger
• Subsidiary ledger
• When block codes are used, blocks of numbers within a
• Coding techniques numerical sequence are reserved for a particular category.
• EXAMPLE: The first three digits of a Social Security Number
make up a block code that indicates the state in which the Social
Security number was issued:
– 001–002 Batanes
– 003–004 Cagayan
– 005–006 Isabela
– 007–008 Nueva Vizcaya
– 009–010 Quirino
DATA STORAGE
• Ledger
• When group codes are used, two or more subgroups of digits are
• General ledger used to code an item.
• EXAMPLE: If S&S uses a seven-digit product code number, the
• Subsidiary ledger group coding technique might be applied as follows:
Digit Position Meaning
• Coding techniques 1–2 Product line, size, style
3 Color
4–5 Year of manufacture
6–7 Optional feature
DATA STORAGE
• Ledger
• Group coding schemes are often used in assigning general
• General ledger ledger account numbers. The following guidelines should be
observed:
• Subsidiary ledger – The code should be consistent with its intended use, so make sure
you know what users need.
• Coding techniques – Provide enough digits to allow room for growth.
– Keep it simple in order to:
• Minimize costs
• Facilitate memorization
• Ensure employee acceptance
– Make sure it’s consistent with:
• The company’s organization structure
• Other divisions of the organization
DATA STORAGE
• Ledger
• The chart of accounts is a list of all general ledger accounts an organization uses.
• General ledger • Group coding is often used for these numbers, e.g.:
– The first section identifies the major account categories, such as asset, liability,
• Subsidiary ledger revenue, etc.
– The second section identifies the primary sub-account, such as current asset or
• Coding techniques long-term investment.
– The third section identifies the specific account, such as accounts receivable or
• Chart of accounts inventory.
– The fourth section identifies the subsidiary account, e.g., the specific customer
code for an account receivable.
• The structure of this chart is an important AIS issue, as it must contain sufficient
detail to meet the organization’s needs.
DATA STORAGE
• Ledger
• In manual systems and some accounting packages, the first
• General ledger place that transactions are entered is the journal.
– A general journal is used to record:
• Subsidiary ledger • Non-routine transactions, such as loan payments
• Summaries of routine transactions
• Coding techniques • Adjusting entries
• Closing entries
• Chart of accounts – A special journal is used to record routine transactions. The most
common special journals are:
• Journals • Cash receipts
• Cash disbursements
• Credit sales
• Credit purchases
DATA STORAGE
• If you took a principles of financial accounting class, you probably worked with journals that looked something like this:

01/15/04 Accounts receivable 2,200

Sales revenue 2,200

01/18/04 Cash 1,800

Accounts receivable 1,800

01/21/04 Salaries expense 900

Cash 900
DATA STORAGE
• You may not have gotten much experience with special journals, but in most real-world
situations, journal entries really work like this.
• Entries are originally made in the general journal only for:
• Non-routine transactions
• Summaries of routine transactions
• Routine transactions are originally entered in special journals. The most common special journals are:
• Credit sales
• Cash receipts
• Credit purchases
• Cash disbursements
DATA STORAGE
• Ledger
• General ledger
• An audit trail exists when there is sufficient
• Subsidiary ledger documentation to allow the tracing of a transaction
from beginning to end or from the end back to the
• Coding techniques beginning.
• Chart of accounts • The inclusion of posting references and document
numbers enable the tracing of transactions through
• Journals the journals and ledgers and therefore facilitate the
• Audit trail audit trail.
DATA STORAGE

• On December 1, a sale is made to Lee Co. for P800. Lee Co. was sent Invoice No. 201.

Page 5 Sales Journal

Invoice Account Account
Date Number Debited Number Post Ref. Amount
12/01/04 201 Lee Co. 120-122 800.00
DATA STORAGE
• The general ledger account number for accounts receivable is No. 120. Lee Co. was about the
122nd customer, so their subsidiary account number is 120-122.
Page 5 Sales Journal
Invoice Account Account
Date Number Debited Number Post Ref. Amount
12/01/04 201 Lee Co. 120-122 800.00
DATA STORAGE
•The next sale on December 1 was made to May Co. for P700.

Page 5 Sales Journal

Invoice Account Account
Date Number Debited Number Post Ref. Amount
12/01/04 201 Lee Co. 120-122 800.00
12/01/04 202 May Co. 120-033 700.00
DATA STORAGE
• The third and final sale on December 1 was made to DLK Co. for P900.

Page 5 Sales Journal

Invoice Account Account
Date Number Debited Number Post Ref. Amount
12/01/04 201 Lee Co. 120-122 800.00
12/01/04 202 May Co. 120-033 700.00
12/01/04 203 DLK Co. 120-111 900.00
DATA STORAGE
• Suppose the company making these sales posts transactions at the end
of each day. Consequently, at day’s end, they will post each individual
transaction to the accounts receivable subsidiary ledger:
• An $800 increase in accounts receivable (debit) will be posted to Lee Co.’s
subsidiary account (120-122).
• A $700 debit will be posted to May Co.’s subsidiary account (120-033).
• A $900 debit will be posted to DLK Co.’s subsidiary account (120-111).
DATA STORAGE
• Then a summary journal entry must be made to the general journal. The sales for
the period are totaled. In this case, they add up to P2,400.
Page 5 Sales Journal
Invoice Account Account
Date Number Debited Number Post Ref. Amount
12/01/04 201 Lee Co. 120-122 800.00
12/01/04 202 May Co. 120-033 700.00
12/01/04 203 DLK Co. 120-111 900.00
TOTAL 2,400.00
120/502
DATA STORAGE
• The “120/502” that appears beneath the total indicates that a summary journal entry is made
in the general journal with a debit to accounts receivable (120) and a credit to sales (502).
Page 5 Sales Journal
Invoice Account Account
Date Number Debited Number Post Ref. Amount
12/01/04 201 Lee Co. 120-122 800.00
12/01/04 202 May Co. 120-033 700.00
12/01/04 203 DLK Co. 120-111 900.00
TOTAL 2,400.00
120/502
DATA STORAGE
• The entries in the general journal are periodically (or automatically) posted to the general ledger. The
P2,400 debit to accounts receivable will be posted to the accounts receivable control account, and
the P2,400 credit will be posted to the general ledger account for sales.
12/01/04 Accounts receivable 2,400
Sales revenue 2,400

12/01/04 Cash 1,800

Accounts receivable 1,800

12/01/04 Salaries expense 900

Cash 900
COMPUTER-BASED STORAGE CONCEPTS

• Entity
• Attribute
• Record
• Data Value
• Field
• File
• Master File
• Transaction File
• Database
COMPUTER-BASED STORAGE CONCEPTS

An entity is the item about which information is stored in a record

Examples
•Employee
•inventory item
•customer
COMPUTER-BASED STORAGE CONCEPTS

• Attributes are characteristics of interest with respect to the entity

• Some attributes that an employee information system typically stores about the
employee entity are:
• employee number
• pay rate
• Name
• address
COMPUTER-BASED STORAGE CONCEPTS

• A field is the physical space where an attribute is stored.

• The space where the employee ID number is stored is the Employee ID
field.

ID No. Surname First Name Philhealth No.

328469993 SIMPSON ALICE 4053721111
328500732 ANDREWS BARRY 4057440236
529036409 FLANDERS CARLA 4057475863
COMPUTER-BASED STORAGE CONCEPTS

• A record is the set of attributes stored for a particular instance of an entity.

• The combination of attributes stored for Barry Andrews is Barry’s record.

ID No. Surname First Name Philhealth No.

328469993 SIMPSON ALICE 4053721111
328500732 ANDREWS BARRY 4057440236
529036409 FLANDERS CARLA 4057475863
COMPUTER-BASED STORAGE CONCEPTS

•A data value is the intersection of the row and column.

•The data value for Barry Andrews’ phone number is 405-744-0236.

ID No. Surname First Name Philhealth No.

328469993 SIMPSON ALICE 4053721111
328500732 ANDREWS BARRY 4057440236
529036409 FLANDERS CARLA 4057475863
COMPUTER-BASED STORAGE CONCEPTS

• A file is a group of related records.

• The collection of records about all employees at the company might be called the
employee file. If there were only three employees and four attributes stored for each
employee, the file might appear as shown below:
ID No. Surname First Name Philhealth No.
328469993 SIMPSON ALICE 4053721111
328500732 ANDREWS BARRY 4057440236
529036409 FLANDERS CARLA 4057475863
COMPUTER-BASED STORAGE CONCEPTS

•A master file is a file that stores cumulative information about an

organization’s entities.
•It is conceptually similar to a ledger in a manual AIS in that:
•The file is permanent.
•The file exists across fiscal periods.
•Changes are made to the file to reflect the effects of new transactions.
COMPUTER-BASED STORAGE CONCEPTS

•A transaction file is a file that contains records of individual

transactions (events) that occur during a fiscal period.
•It is conceptually similar to a journal in a manual AIS in that:
•The files are temporary.
•The files are usually maintained for one fiscal period.
COMPUTER-BASED STORAGE CONCEPTS

•A database is a set of interrelated, centrally-coordinated files.

•When files about students are integrated with files about classes and files about
instructors, we have a database.
Employee Departmental
File File

Workload
File
TRANSACT ION PROCESSING:
THE DATA PROCESSING CYCLE
• The data processing cycle consists of four steps:
• Data input
• Data storage
• Data processing
• Information output
DATA PROCESSING
•Once data about a business activity has been collected and entered into a system, it
must be processed. There are four different types of file processing:
•Updating data to record the occurrence of an event, the resources affected by
the event, and the agents who participated, e.g., recording a sale to a customer.
•Changing data, e.g., a customer address.
•Adding data, e.g., a new customer.
•Deleting data, e.g., removing an old customer that has not purchased anything in
5 years.
DATA PROCESSING

• Batch processing:
• Source documents are grouped into batches, and control totals are calculated.
• Periodically, the batches are entered into the computer system, edited, sorted, and
stored in a temporary file.
• The temporary transaction file is run against the master file to update the master file.
• Output is printed or displayed, along with error reports, transaction reports, and
control totals.
DATA PROCESSING

•Online batch processing:

•Transactions are entered into a computer system as they
occur and stored in a temporary file.
•Periodically, the temporary transaction file is run against the
master file to update the master file.
•The output is printed or displayed.
DATA PROCESSING

•Online, real-time processing

•Transactions are entered into a computer system as they occur.
•The master file is immediately updated with the data from the
transaction.
•Output is printed or displayed.
TRANSACT ION PROCESSING:
THE DATA PROCESSING CYCLE
• The data processing cycle consists of four steps:
• Data input
• Data storage
• Data processing
• Information output
INFORMAT ION OUTPUT

• The final step in the information process is information output.

• This output can be in the form of: • Documents are records of transactions or
other company data.
• Documents • EXAMPLE: Employee paychecks or
purchase orders for merchandise.
• Documents generated at the end of the
transaction processing activities are
known as operational documents (as
opposed to source documents).
• They can be printed or stored as
electronic images.
INFORMAT ION OUTPUT

• The final step in the information process is information output.

• Reports are used by employees to
• This output can be in the form of: control operational activities and by
managers to make decisions and design
• Documents strategies.
• They may be produced:
– On a regular basis
• Reports – On an exception basis
– On demand
• Organizations should periodically
reassess whether each report is needed.
INFORMAT ION OUTPUT

• The final step in the information process is information output.

• This output can be in the form of:
• Queries are user requests for specific
• Documents pieces of information.
• They may be requested:
• Reports – Periodically
– One time
• Queries • They can be displayed:
– On the monitor, called soft copy.
– On the screen, called hard copy.
INFORMAT ION OUTPUT

• Output can serve a variety of purposes:

• Financial statements can be provided to both external and internal parties.
• Some outputs are specifically for internal use:
• For planning purposes • Examples of outputs for planning
purposes include:
– Budgets
• Budgets are an entity’s formal expression of
goals in financial terms.
– Sales forecasts
INFORMAT ION OUTPUT

• Output can serve a variety of purposes:

• Financial statements can be provided to both external and internal parties.
• Some outputs are specifically for internal use: • Performance reports are outputs that are used for
• For planning purposes control purposes.
• These reports compare an organization’s
• For management of day-to-day operations standard or expected performance with its actual
outcomes.
• For control purposes • Management by exception is an approach to
utilizing performance reports that focuses on
investigating and acting on only those variances
that are significant.
INFORMAT ION OUTPUT

•Output can serve a variety of purposes:

• Financial statements can be provided to both external and internal parties.
• Some outputs are specifically for internal use:
• For planning purposes
• For management of day-to-day operations
• For control purposes
• These outputs might include:
• For evaluation purposes – Surveys of customer satisfaction.
– Reports on employee error rates.
INFORMAT ION OUTPUT
• Suppose an instructor wants to improve student learning.
• He decides to encourage better attendance by grading students on attendance (i.e.,
measuring it).
• The result will be better student attendance, i.e., you get what you measure.
• The improved attendance may or may not improve learning outcomes.
• Students may be getting better grades when attendance is measured, but not learning
more.
• Some students may in fact reduce their studying because they believe they can use the
attendance score to boost their grade. This behavior would be a dysfunctional result of the
measurement.
INFORMAT ION OUTPUT
•Budgets can cause dysfunctional behavior.
EXAMPLE: In order to stay within budget, the IT department did not buy a security
package for its system.
• A hacker broke in and devastated some of their data files.
• Critical security measures were foregone in order to meet budgetary goals.
• The resulting costs far outweighed the savings.
INFORMAT ION OUTPUT

•Budgeting can also be dysfunctional in that the focus can be

redirected to creating acceptable numbers instead of achieving
organizational objectives.
•Does this mean organizations shouldn’t budget?
INFORMAT ION OUTPUT
• The saying goes, “Not many people sit around and have a roast goose fall
in their lap.”
• In other words, if you want a roast goose, you have to aim.
• With financial results, you’re also unlikely to achieve when you don’t aim.
• Just be careful where you aim!
ROLE OF THE AIS

•The traditional AIS captured financial data.

• Non-financial data was captured in other, sometimes-redundant systems
•Enterprise resource planning (ERP) systems are designed to integrate all
aspects of a company’s operations (including both financial and non-
financial information) with the traditional functions of an AIS.
INTRODUCTION

•Documentation covers the who, what, when, where, why, and how of:
•Data entry
•Processing
•Storage
•Information output
•System controls
INTRODUCTION
• How do accountants use documentation?
• At a minimum, they have to read documentation to understand how a system works.
• They may need to evaluate the strengths and weaknesses of an entity’s internal controls.
• Requires heavy reliance on documentation
• They may peruse documentation to determine if a proposed system meets the needs of its users.
• They may prepare documentation to:
• Demonstrate how a proposed system would work
• Demonstrate their understanding of a system of internal controls
• Documentation tools help accountants by:
• Organizing very complicated systems into a form that can be more readily understood.
• Helping new team members understand a pre-existing system.
DATA FLOW DIAGRAMS
•A data flow diagram (DFD) graphically describes the flow of data within an
organization. It is used to:
• Document existing systems
• Plan and design new systems
•There is no black-and-white approach to developing a DFD.
DATA FLOW DIAGRAMS
• Example of a data flow
diagram of the customer Accounts
payment process Receivable

Customer Remittance Receivables

payment data Information
Customer Process Update Credit
Payment A/R Manager

Deposit

Bank
DATA FLOW DIAGRAMS

•A data flow diagram consists of four basic elements:

• Data sources and destinations
• Data flows
• Transformation processes
• Data stores
Data sources and destinations

• Appear as squares
• Represent organizations or individuals that send or receive data used or produced by the system
• An item can be both a source and a destination
Data sources and destinations
• Data sources and
destinations are marked in
red. Accounts
• Can you tell which are Receivable
sources and which are
destinations?

Customer Remittance Receivables

Customer
payment Process data Update Information Credit
Payment A/R Manager
Deposit

Bank
DATA FLOWS

• Appear as arrows
• Represent the flow of data between sources and destinations, processes, and data stores
DATA FLOWS
• Data flows are shown in red.
• Does it appear that a data flow
can be two-way? Accounts
• If so, how is it handled? Receivable

Customer Remittance Receivables

payment Process data Update Information Credit
Customer
Payment A/R Manager

Deposit

Bank
DATA FLOWS
• Data flows should always be
labeled.
• The exception is a data flow Accounts
moving into or out of a data store. Receivable
• What symbol is the data store?

Customer Remittance Receivables

payment Process data Update Information
Customer Credit
Payment A/R Manager

Deposit

Bank
DATA FLOW DIAGRAMS
• As you probably surmised from the previous slides, if a data flow is two-way, use a
bi-directional arrow.

General Update
Ledger Receivables
DATA FLOW DIAGRAMS
•If two data elements flow together, then the use of
one data flow line is appropriate.

Cash Rec’d & Remittance Slip Process

Customer
Payment
DATA FLOW DIAGRAMS

• If the data elements do not always flow together, then multiple lines will be needed.

Customer Inquiry Process

Customer Payment
Customer Payment
Transformation processes
• Processes
• Appear as circles
• Represent the transformation of data
DATA FLOW DIAGRAMS
• The transformation processes are
shown in red.
• Every process must have at least
Accounts
one data inflow and at least one data
Receivable
outflow. Why?
• What do you notice about how the
processes are labeled?
Customer
Remittance Receivables
payment Process Update
Customer data Information Credit
Payment A/R Manager

Deposit

Bank
Data stores
• Appear as two horizontal lines
• Represent a temporary or permanent repository of data
DATA FLOW DIAGRAMS
• The data store is shown in red.
• Notice that the inflows and
outflows to the data store are not Accounts
labeled. Receivable

Customer
Remittance Receivables
payment
Process data Update Information Credit
Customer
Payment A/R Manager

Deposit

Bank
DATA FLOW DIAGRAMS

•Data dictionary:
• Data flows and data stores are typically collections of data elements.
• EXAMPLE: A data flow labeled student information might contain elements such
as student name, date of birth, ID number, address, phone number, and major.
• The data dictionary contains a description of all data elements, data stores, and
data flows in a system.
DATA FLOW DIAGRAMS
•Subdividing the DFD:
• Few systems can be fully diagrammed on one sheet of paper,
and users have needs for differing levels of detail.
• Consequently, DFDs are subdivided into successively lower
levels to provide increasing amounts of detail.
DATA FLOW DIAGRAMS
•The highest level of DFD is called a context diagram.
•It provides a summary-level view of the system.
•It depicts a data processing system and the external entities that are:
• Sources of its input
• Destinations of its output
DATA FLOW DIAGRAMS
Govt.
Departments Agencies

Payroll Employee checks Employees

Processing
System

Human Bank
Resources
• This is the context diagram for the
S&S payroll processing system Management
DATA FLOW DIAGRAMS
Departments Employees
Employee
New employee Time paychecks
Human
Resources form cards
1.0
Employee Update 2.0 Payroll
change Empl.Payroll Pay check Bank
form File Employees

Payroll
3.0 disburse- 5.0
Prepare Employee/ ment data
This diagram shows the Reports Payroll File
Update
Gen.
Ledger
next level of detail for the Payroll
Payroll tax
disb. voucher

context diagram. report

4.0
Pay
General
Ledger
Taxes Tax report
Management & payment Govt.
Agencies
DATA FLOW DIAGRAMS
Departments Employees
Employee
New employee Time paychecks
Human
Resources form cards
1.0
Employee Update 2.0 Payroll
change Empl.Payroll Pay check Bank
form File Employees

Payroll
3.0 disburse- 5.0
How do the sources and Prepare Employee/
Payroll File
ment data Update
Reports Gen.
destinations differ from the Payroll tax
Ledger

context diagram? Payroll disb. voucher

report General
4.0
Pay Ledger
Taxes Tax report
Management & payment Govt.
Agencies
DATA FLOW DIAGRAMS
Departments Employees
Employee
New employee Time paychecks
Human
Resources form cards
1.0
Employee Update 2.0 Payroll
change Empl.Payroll Pay check Bank
form File Employees
Suppose we exploded Process 2.0 Payroll
(Pay Employees) in the next 3.0 disburse- 5.0
Prepare Employee/ ment data Update
level. The sub-processes would Reports Payroll File Gen.
be numbered 2.1, 2.2, 2.3, etc. Payroll tax
Ledger

Payroll disb. voucher

report General
4.0
Pay Ledger
Taxes Tax report
Management & payment Govt.
Agencies
Guidelines on How to Create a DFD

• RULE 1: Understand the system. Observe the flow of information and interview people involved to
gain that understanding.
• RULE 2: Ignore control processes and control actions (e.g., error corrections). Only very critical error
paths should be included.
• RULE 3: Determine the system boundaries—where it starts and stops. If you’re not sure about a
process, include it for the time being.
DATA FLOW DIAGRAMS
• RULE 4: Draw the context diagram first and then draw successively greater levels of
detail.
• RULE 5: Identify and label all data flows. The only ones that do not have to be labeled
are those that go into or come out of data stores.
• RULE 6: Data flows that always flow together should be grouped together. Those that do
not flow together should be shown on separate lines.
DATA FLOW DIAGRAMS
• RULE 7: Show a process (circle) wherever a data flow is converted from one form to another. Likewise, every
process should have at least one incoming data flow and at least one outgoing data flow.
• RULE 8: Transformation processes that are logically related or occur simultaneously can be grouped in one
bubble.
• RULE 9: Number each process sequentially. A process labeled 5.0 would be exploded at the next level into
processes numbered 5.1, 5.2, etc. A process labeled 5.2 would be exploded into 5.21, 5.22, etc.
DATA FLOW DIAGRAMS

•RULE 10: Process names should include action verbs, such as update, prepare, etc.
•RULE 11: Identify and label all data stores, whether temporary or permanent.
•RULE 12: Identify and label all sources and destinations. An entity can be both a
source and destination. You may wish to include such items twice on the diagram, if
needed, to avoid excessive or crossing lines.
DATA FLOW DIAGRAMS
• RULE 13: As much as possible, organize the flow from top to bottom and left to right.
• RULE 14: You’re not likely to get it beautiful the first time, so plan to go through several
iterations of refinements.
• RULE 15: On the final copy, lines should not cross. On each page, include:
• The name of the DFD
• The date prepared
• The preparer’s name
DATA FLOW DIAGRAMS
Data Inputs Processes Data Outputs
DATA FLOW DIAGRAMS
•The first paragraph of the narrative for the payroll process reads as follows:
•When employees are hired, they complete a new employee form. When a change
to an employee’s payroll status occurs, such as a raise or a change in the number
of exemptions, human resources completes an employee change form. A copy of
these forms is sent to payroll. These forms are used to create or update the
records in the employee/payroll file and are then stored in the file. Employee
records are stored alphabetically.
DATA FLOW DIAGRAMS
• The first paragraph of the narrative for the payroll process reads as follows:
• When employees are hired, they complete a new employee form. When a change to an
employee’s payroll status occurs, such as a raise or a change in the number of exemptions, human
resources completes an employee change form. A copy of these forms is sent to payroll. These
forms are used to create or update the records in the employee/payroll file and are then stored in
the file. Employee records are stored alphabetically.
The portion marked in red relates to activities that go on outside the boundaries of the
payroll system. Consequently, these activities will not be included on the DFD.
DATA FLOW DIAGRAMS
• The first paragraph of the narrative for the payroll process reads as follows:
• When employees are hired, they complete a new employee form. When a change to an employee’s
payroll status occurs, such as a raise or a change in the number of exemptions, human resources
completes an employee change form. A copy of these forms is sent to payroll. These forms are
used to create or update the records in the employee/payroll file and are then stored in the file.
Employee records are stored alphabetically.
The portion marked in red suggests two data flows coming into the payroll process (new employee forms
and employee change forms). The source of the inflows is the human resources department.
DATA FLOW DIAGRAMS
Data Inputs Processes Data Outputs
New employee forms and
employee change forms
(from H.R. Dept.)
DATA FLOW DIAGRAMS
• The first paragraph of the narrative for the payroll process reads as follows:
• When employees are hired, they complete a new employee form. When a change to an employee’s payroll status
occurs, such as a raise or a change in the number of exemptions, human resources completes an employee change
form. A copy of these forms is sent to payroll. These forms are used to create or update the records in the
employee/payroll file and are then stored in the file. Employee records are stored alphabetically.

The sentence marked in red suggests a process (update employee records) with the data outflow going to a data store (the
employee/payroll file).
DATA FLOW DIAGRAMS
Data Inputs Processes Data Outputs
New employee forms and Update records (read from Updated employee/
employee change forms file and record) payroll file
(from H.R. Dept.)
DATA FLOW DIAGRAMS
• The first paragraph of the narrative for the payroll process reads as follows:
• When employees are hired, they complete a new employee form. When a change to an employee’s
payroll status occurs, such as a raise or a change in the number of exemptions, human resources
completes an employee change form. A copy of these forms is sent to payroll. These forms are used
to create or update the records in the employee/payroll file and are then stored in the file.
Employee records are stored alphabetically.

The final sentence in this paragraph provides information about the physical storage of the data. Physical information is utilized in
flowcharts but not in data flow diagrams.
DATA FLOW DIAGRAMS
Data Inputs Processes Data Outputs
New employee forms and Update records (read from Updated employee/
employee change forms file and record) payroll file
(from H.R. Dept.)
DATA FLOW DIAGRAMS
Depart-
ments Employees
Employee
New employee Time paychecks
Human form cards
Resources
1.0
Update 2.0
Employee Payroll
Empl. Pay
change check
Payroll Employ- Bank
form
File ees

Payroll
disburse-
3.0 5.0
ment data
Prepare Employee/ Update
Reports Payroll File Gen.
Ledger
Payroll tax
Payroll disb. voucher
report
4.0 General
Pay Ledger
Taxes Tax report
Manage- & payment
ment Govt.
Agencies
FLOWCHARTS

• A flowchart is an analytical technique that describes some aspect of an information system in a

clear, concise, and logical manner.
• Flowcharts use a set of standard symbols to depict processing procedures and the flow of data.
• Flowcharting History:
– Introduced in 1950s by industrial engineers to document
business processes and document flows for process
improvement.
– Sarbanes-Oxley 2002 increased importance by requiring
companies to document business processes and internal
controls procedures.
FLOWCHARTS
•There are four types of flowcharting symbols:
• Input/output symbols

Input/output symbols indicate the type of device or media that

provides input to or records output from a process.
FLOWCHARTS
• There are four types of flowcharting symbols:
• Input/output symbols
• Processing symbols

Processing symbols indicate the type of device used to

process the data or whether the data is processed manually.
FLOWCHARTS
• There are four types of flowcharting symbols:
• Input/output symbols
• Processing symbols
• Storage symbols

Storage symbols indicate the type of device used to store data while the
system is not using it.
FLOWCHARTS
• There are four types of flowcharting symbols:
• Input/output symbols
• Processing symbols
• Storage symbols
• Flow and miscellaneous symbols
• Flow and miscellaneous symbols may
indicate:
– The flow of data and goods
– The beginning or end of the flowchart
– The location of a decision
– An explanatory note
FLOWCHARTS
• Click on buttons below if you wish to review symbols in the various categories.

Symbols
Input/Output Symbols
Processing

Input/Output Processing
Symbols Symbols

Symbols
Storage Flow Misc.
Symbols

Storage Flow & Misc.

Symbols Symbols
DOCUMENT FLOWCHARTS
• A document flowchart shows the flow of documents and information among areas of
responsibility in an organization.
• These flowcharts trace a document from cradle to grave and show:
• Where a document comes from
• Where it’s distributed
• How it’s used
• It’s ultimate disposition
• Everything that happens as it flows through the system
DOCUMENT FLOWCHARTS

• Internal control flowcharts are document flowcharts used to evaluate the adequacy of
internal controls, such as segregation of duties or internal checks.
• They can reveal weaknesses or inefficiencies such as:
• Inadequate communication flows
• Unnecessarily complex document flows
• Procedures that cause wasteful delays
• Document flowcharts are also prepared in the system design process.
This is part of the document flowchart
GUIDELINES FOR PREPARING FLOWCHARTS

• Guidelines for preparing flowcharts:

• As with DFDs, you can’t effectively prepare a flowchart if you don’t understand the system,
so:
• Interview users, developers, auditors, and management
• Administer questionnaires
• Read through narratives
• Walk through systems transactions
GUIDELINES FOR PREPARING FLOWCHARTS

•Identify:
•Entities to be flowcharted, e.g., departments, functions, external
parties (the parties who “do” things in the story)
•Documents or information flows
•Processes
What are the entities in this flowchart?
GUIDELINES FOR PREPARING FLOWCHARTS

•Flowchart the normal course of operations and identify exceptions with

annotations.
•As much as possible, the flow should go from top to bottom and left to right.
•Use standard flowcharting symbols and draw with a template or computer.
•Clearly label all symbols. Use annotations if necessary to provide adequate
explanation.
GUIDELINES FOR PREPARING FLOWCHARTS

•Give the flowchart a clear beginning and ending.

• Show where each document originated and its final disposition.
•One approach you can use is to read through the narrative and for each step define:
• What was (were) the input(s)
• What process was carried out
• What was (were) the output(s)
•Note on the next slide that the flow sequence is input—process—output.
Identifies where input is coming from
Inputs
Process
Output to
storage
Input for
next
process
Process
Output
GUIDELINES FOR PREPARING FLOWCHARTS

•Every manual process should have at least one input and at least one output.
•Show all data entered into or retrieved from a computer file as passing through a
process first.
•Do not show process symbols for:
• Forwarding a document to another entity
• Filing a document
Forwarding
a document
Filing
a document
GUIDELINES FOR PREPARING FLOWCHARTS

•Do not connect two documents except when forwarding

to another column.
•When a document is forwarded, show it in both locations.
Show forwarded document in both
locations
When using multiple
copies of a document,
place document
numbers in the upper, What happens to the document numbers
as the documents move to other locations?
right-hand corner.
Show on-page connectors and label them
clearly to avoid excess flow lines.
Use off-page
connectors if
the flow goes
to another
page.
Are there other off-page connectors on this
flowchart?
GUIDELINES FOR PREPARING FLOWCHARTS

• If a flowchart takes more than one page, label the pages as 1 of 5, 2 of 5, 3 of 5, etc.
• Show documents or reports first in the column where they are created.
• Start with a rough draft; then redesign to avoid clutter and crossed lines.
• Verify the accuracy of your flowchart by reviewing it with users, etc.
• Place the flowchart name, the date, and the preparer’s name on each page of the final
copy.
SYSTEM FLOWCHARTS

•A system flowchart depicts the relationship among the inputs, processes, and
outputs of an AIS.
•The system flowchart begins by identifying the inputs to the system.
• These inputs can be:
– New data
– Data stored for future use
– Both
SYSTEM FLOWCHARTS

•A system flowchart depicts the relationship among the inputs, processes, and
outputs of an AIS.
• The system flowchart begins by identifying the inputs to the system.
• Each input is followed by a process, i.e., the steps performed on the data.
• If the process is performed by a computer,
the logic of the computer program would be
depicted in a program flowchart.
SYSTEM FLOWCHARTS

• A system flowchart depicts the relationship among the

inputs, processes, and outputs of an AIS.
• The system flowchart begins by identifying the inputs to the
system.
• Each input is followed by a process, i.e., the steps performed • The output may be:
–
on the data. –
Stored for later use
Displayed on a screen
• The process is followed by outputs—the resulting new – Printed on paper

information. – An input to the next process

SYSTEM FLOWCHARTS

•A system flowchart depicts the relationship among the inputs,

processes, and outputs of an AIS.
•The system flowchart begins by identifying the inputs to the system.
•Each input is followed by a process, i.e., the steps performed on the data.
•The process is followed by outputs—the resulting new information.
•In other words, it’s the same basic input— process—output pattern that we saw
in the document flowchart.
Can you spot the input—
process—output pattern?
PROGRAM FLOWCHARTS

•Program flowcharts illustrate the sequence of logical

operations performed by a computer in executing a
program.
•They also follow an input—process— output pattern.
• Note that the program flowchart details
the logic of processes performed by
the computer.
• This flowchart becomes the
programmer’s blueprint for writing the
actual computer program.
FLOWCHARTS VS. DFDs

•EXAMPLE: The registrar’s office of a small college receives paper

enrollment forms from students. They sort these records
alphabetically and then update the student record file to show the
new classes. They also prepare class lists from the same data. The
sorted enrollment forms are forwarded to the bursar’s office for
billing purposes. Class lists are mailed to faculty members.
Here’s a DFD that goes with
the story.
Students

Enrollment
Forms

1.0
Update Student
Student Records
Records
Enrollment
Forms

2.0
Prepare Bursar
Enrollment
Class Lists Forms

Class
Lists

Faculty
Registrar’s Office

Students Enrollment Sort

Students
Forms Forms
Enrollment
Forms

Update Sorted
1.0 A Enrollment
Update Student Student
Records Forms
Student Records
Records
Enrollment Sorted Prepare
Forms
Enrollment Class
Forms Lists
2.0
Prepare Bursar Here’s a flowchart
Enrollment
Class Lists Forms that goes with the Sorted
Class
story Enrollment
Class Lists
Lists Forms

Faculty
Faculty Bursar
FLOWCHARTS VS. DFDs

Now let’s change the story so that students enter enrollment

data online. The registrar’s office sends a tape file of the
enrollment data to the bursar’s office and continues to send
paper class lists to faculty.
Here’s the revised DFD. How
Original DFD
has it changed?
Students Students

Enrollment Enrollment
Forms Data

1.0 1.0
Update Student Update Student
Student Records Student Records
Records Records
Enrollment Enrollment
Forms Data

2.0 2.0
Prepare Bursar Prepare Bursar
Enrollment Enrollment
Class Lists Forms Class Lists Data

Class Class
Lists Lists

Faculty Faculty
Registrar’s Office Registrar’s Office

Enrollment Sort Enrollment

Students Forms Students
Forms Data

Update Sorted Enrollment Update

A Student Enrollment
Forms Student
Records Data
Records

Sorted Enrollment Prepare Class

Forms Bursar Prepare
Lists Student Class
Records Lists

Sorted Enrollment
Class Lists Forms
Here’s the revised flowchart. How has it
changed? Class Lists

Faculty Bursar
Faculty
Original Flowchart
DATABASE SYSTEMS AND THE FUTURE OF
ACCOUNT ING

•Database systems may profoundly affect the fundamental nature of

accounting:
• May lead to abandonment of double-entry accounting, because the redundancy
of the double entry is not necessary in computer data processing.
• May also alter the nature of external reporting.
• EXAMPLE: External users could have access to the company’s database and
manipulate the data to meet their own reporting needs.
DATABASE SYSTEMS AND THE FUTURE OF
ACCOUNT ING

•The use of accounting information in decision making will be enhanced

by:
•Powerful querying capabilities that accompany database packages.
•The ability to accommodate multiple views of the same underlying
phenomenon.
•The ability to integrate financial and operational data.
INTRODUCTION
• Companies face four types of threats to their information systems:
• Natural and political disasters • Include:
– Fire or excessive heat
– Floods
– Earthquakes
– High winds
– War and terrorist attack
• When a natural or political disaster strikes, many companies
can be affected at the same time.
– Example: Bombing of the World Trade Center in NY.
• The Defense Science Board has predicted that attacks on
information systems by foreign countries, espionage agents,
and terrorists will soon be widespread.
INTRODUCTION • Include:
– Hardware or software
failures
– Software errors or bugs
• Companies face four types of threats to their information systems: – Operating system crashes
• Natural and political disasters – Power outages and
fluctuations
• Software errors and equipment malfunction – Undetected data
transmission errors
• Estimated annual economic
losses due to software bugs =
$60 billion.
• 60% of companies studied
had significant software errors
in previous year.
INTRODUCTION • Include
– Accidents caused by:
• Companies face four types of threats to their • Human carelessness
• Failure to follow established
information systems: procedures
• Natural and political disasters • Poorly trained or supervised
personnel
• Software errors and equipment malfunction – Innocent errors or omissions
• Unintentional acts – Lost, destroyed, or misplaced data
– Logic errors
– Systems that do not meet needs or are
incapable of performing intended tasks
• Information Systems Security Assn.
estimates 65% of security problems are
caused by human error.
INTRODUCTION
• Companies face four types of threats to their information systems:
• Natural and political disasters
• Software errors and equipment malfunction
• Include:
• Unintentional acts
– Sabotage
• Intentional acts (computer crime) – Computer fraud
– Misrepresentation, false use, or
unauthorized disclosure of data
– Misappropriation of assets
– Financial statement fraud
• Information systems are increasingly
vulnerable to these malicious attacks.
THE FRAUD PROCESS
• Fraud refers to an intentional act by one or more individuals among management, • The definition is the same
those charged with governance, employees or third parties, involving the use of whether it is a criminal or
civil fraud case.
deception to obtain an unjust or illegal advantage. – The only difference is
• In most cases, to be considered fraudulent, an act must involve: the burden of proof
required.
• A false statement (oral or in writing) • Criminal case:
beyond a
• About a material fact reasonable doubt.
• Knowledge that the statement was false when it was uttered (which implies an intent to • Civil case:
deceive) preponderance of
the evidence OR
• A victim relies on the statement clear and convincing
evidence.
• And suffers injury or loss as a result
THE FRAUD PROCESS
•Fraud perpetrators are often referred to as white-collar criminals.
•Distinguishes them from violent criminals, although some white-collar crime
can ultimately have violent outcomes, such as:
• Perpetrators or their victims committing suicide.
• Healthcare patients killed because of alteration of information, etc., that can result
in their deaths.
MISAPPROPRIATION OF ASSETS
(EMPLOYEE FRAUD)
Misappropriation of assets

• Involves theft, embezzlement, or misuse of company

assets for personal gain.
• Examples include billing schemes, check tampering,
skimming, and theft of inventory.
• In the 2004 Report to the Nation on Occupational
Fraud and Abuse, 92.7% of occupational frauds
involved asset misappropriation at a median cost of
$93,000.
MISAPPROPRIATION OF ASSETS
(EMPLOYEE FRAUD)
• A typical employee fraud has a number of important elements or characteristics:
• The fraud perpetrator must gain the trust or confidence of the person or company being defrauded in order to
commit and conceal the fraud.
• Instead of using a gun, knife, or physical force, fraudsters use weapons of deceit and misinformation.
• Frauds tend to start as the result of a perceived need on the part of the employee and then escalate from need to
greed. Most fraudsters can’t stop once they get started, and their frauds grow in size.
• The fraudsters often grow careless or overconfident over time.
• Fraudsters tend to spend what they steal. Very few save it.
• In time, the sheer magnitude of the frauds may lead to detection.
• The most significant contributing factor in most employee frauds is the absence of internal controls and/or the failure
to enforce existing controls.
FRAUDULENT FINANCIAL REPORT ING
(MANAGEMENT FRAUD)

• Financial statement fraud - misstating the financial

condition of an entity by intentionally misstating
amounts or disclosures in order to deceive users
• Financial statements can be misstated as a result of
intentional efforts to deceive or as a result of undetected
asset misappropriations that are so large that they
cause misstatement.
FRAUDULENT FINANCIAL REPORT ING
(MANAGEMENT FRAUD)
•Financial statements can be falsified to:
•Deceive investors and creditors
•Cause a company’s stock price to rise
•Meet cash flow needs
•Hide company losses and problems
THE FRAUD PROCESS

•Common approaches to “cooking the books” include:

•Recording fictitious revenues
•Recording revenues prematurely
•Recording expenses in later periods
•Overstating inventories or fixed assets (WorldCom)
•Concealing losses and liabilities
WHO COMMITS FRAUD AND WHY
• Perpetrators of computer fraud tend to be younger and possess more computer knowledge,
experience, and skills.
• Hackers and computer fraud perps tend to be more motivated by:
• Curiosity
• A quest for knowledge
• The desire to learn how things work
• The challenge of beating the system
WHO COMMITS FRAUD AND WHY
• They may view their actions as a game rather than dishonest behavior.
• Another motivation may be to gain stature in the hacking community.
• Some see themselves as revolutionaries spreading a message of anarchy and freedom.
• But a growing number want to profit financially. To do so, they may sell data to:
• Spammers
• Organized crime
• Other hackers
• The intelligence community
WHO COMMITS FRAUD AND WHY

•Some fraud perpetrators are disgruntled and unhappy with their jobs and are
seeking revenge against their employers.
•Others are regarded as ideal, hard-working employees in positions of trust.
•Most have no prior criminal record.
•So why are they willing to risk everything?
The “Fraud Triangle”
Donald Cressey

Rationalization
Pressure

•Cressey referred to this pressure as a “perceived non-shareable

need.”
•The pressure could be related to finances, emotions, lifestyle, or
some combination.
Pressure

•The most common pressures were:

-Not being able to pay one’s debts, nor admit it to one’s
employer, family, or friends (which makes it non-shareable).
• May be associated with vices, such as
drugs, gambling, mistresses, etc.
Pressure

•The most common pressures were:

-Not being able to pay one’s debts, nor admit it to one’s employer, family, or
friends (which makes in non-shareable).
-Fear of loss of status because of a personal failure
• Example would be mismanagement of a
personal investment or retirement fund.
WHO COMMITS FRAUD AND WHY

•The most common pressures were:

-Not being able to pay one’s debts, nor admit it to one’s
employer, family, or friends (which makes in non-shareable).
-Fear of loss of status because of a personal failure
-Business reversals
• Not many people can walk away from a
failing business.
WHO COMMITS FRAUD AND WHY
•The most common pressures were:
-Not being able to pay one’s debts, nor admit it to one’s employer, family, or
friends (which makes in non-shareable).
-Fear of loss of status because of a personal failure
-Business reversals • When an individual is isolated, physically
or psychologically, almost any pressure

-Physical isolation
becomes non-shareable.
WHO COMMITS FRAUD AND WHY
•The most common pressures were:
-Not being able to pay one’s debts, nor admit it to one’s employer, family, or friends (which
makes in non-shareable).
-Fear of loss of status because of a personal failure
-Business reversals
-Physical isolation • Many frauds are motivated by nothing
-Status gaining more than a perceived need to keep up
with the rich.
WHO COMMITS FRAUD AND WHY
• The most common pressures were:
-Not being able to pay one’s debts, nor admit it to one’s employer, family, or friends (which
makes in non-shareable).
-Fear of loss of status because of a personal failure
-Business reversals
-Physical isolation • May create pressure to get revenge,
take the money you feel is rightfully
-Status gaining owed to you, etc.

-Difficulties in employer-employee relations

Pressure
• In the case of financial statement frauds, common pressures include:
• To prop up earnings or stock price so that management can:
• Receive performance-related compensation.
• Preserve or improve personal wealth held in company stock or stock options.
• Keep their jobs.
• To cover the inability to generate cash flow.
• To obtain financing.
• To appear to comply with bond covenants or other agreements.
• May be opposite of propping up earnings in cases involving income-tax motivations, government contracts, or
regulation. Pressures

• Click here for a comprehensive list of pressures. Pressures

OPPORTUNITY

•Opportunity is the opening or gateway that allows an

individual to:
•Commit the fraud
•Conceal the fraud
•Convert the proceeds
OPPORTUNITY

Committing the fraud might involve acts such as:

•Misappropriating assets.
•Issuing deceptive financial statements.
•Accepting a bribe in order to make an arrangement that is not in
the company’s best interest.
OPPORTUNITY
Concealing the fraud often takes more time and effort and leaves more evidence
than the actual theft or misrepresentation.
•Examples:
•Charge a stolen asset to an expense account or to an account receivable that is
about to be written off.
•Create a ghost employee who receives an extra paycheck.
OPPORTUNITY

•Concealing the fraud often takes more time and effort and leaves
more evidence than the actual theft or misrepresentation.
•Examples:
•Lapping. • Steal a payment from Customer A.
• Apply Customer B’s payment to Customer A’s account so
Customer A won’t get a late notice.
• Apply Customer C’s payment to Customer B’s account, so
Customer B won’t get a late notice, etc.
OPPORTUNITY
• Concealing the fraud often takes more time and effort and leaves more evidence than the actual
theft or misrepresentation.
• Examples of concealment efforts:
• Kiting. • Creates “cash” by transferring money between banks.
• Requires multiple bank accounts.
• Basic scheme:
– Write a check on the account of Bank A.
– Bank A doesn’t have sufficient funds to cover the check, so write a check from an
account in Bank B to be deposited in Bank A.
– Bank B doesn’t have sufficient funds to cover the check, so write a check from an
account in Bank C to be deposited in Bank B, etc.
OPPORTUNITY

•Unless the target of the theft is cash, then the stolen goods must be converted
to cash or some form that is beneficial to the perpetrator.
•Checks can be converted through alterations, forged endorsements, check washing,
etc.
•Non-cash assets can be sold (online auctions are a favorite forum) or returned to
the company for cash.
OPPORTUNITY

If the fraud is a financial statement fraud, then the gains received

may include:
•I have to keep my job.
•The value of my stock or stock options rose.
•I received a raise, promotion, or bonus.
•I have power.
OPPORTUNITY
•There are many opportunities that enable fraud. Some of the most common are:
•Lack of internal controls
•Failure to enforce controls (the most prevalent reason)
•Excessive trust in key employees
•Incompetent supervisory personnel
•Inattention to details
•Inadequate staff
• Click here for a comprehensive list of opportunities.
Opportunities

Opportunities
OPPORTUNITY
• Internal controls that may be lacking or un-enforced include:
• Authorization procedures
• Clear lines of authority
• Adequate supervision
• Adequate documents and records
• A system to safeguard assets
• Independent checks on performance
• Separation of duties
•One control feature that many companies lack is a background check on all potential employees.
WHO COMMITS FRAUD AND WHY

•Management may allow fraud by:

•Not getting involved in the design or enforcement of internal controls;
•Inattention or carelessness;
•Overriding controls; and/or
•Using their power to compel subordinates to carry out the fraud.
RATIONALIZAT ION
•How many people do you know who regard themselves as being unprincipled or sleazy?
•It is important to understand that fraudsters do not regard themselves as unprincipled.
• In general, they regard themselves as highly principled individuals.
• That view of themselves is important to them.
• The only way they can commit their frauds and maintain their self image as principled
individuals is to create rationalizations that recast their actions as “morally acceptable”
behaviors.
RATIONALIZAT ION
•I was just borrowing the money.
•It wasn’t really hurting anyone. (Corporations are often seen as non-persons,
therefore crimes against them are not hurting “anyone.”)
•Everybody does it.
•I’ve worked for them for 35 years and been underpaid all that time. I wasn’t
stealing; I was only taking what was owed to me.
•I didn’t take it for myself. I needed it to pay my child’s medical bills.
RATIONALIZAT ION

•Creators of worms and viruses often use rationalizations like:

•The malicious code helped expose security flaws, so I did a good service.
•It was an accident.
•It was not my fault—just an experiment that went bad.
•It was the user’s fault because they didn’t keep their security up to date.
•If the code didn’t alter or delete any of their files, then what’s the problem?
COMPUTER FRAUD

•The U.S. Department of Justice defines computer fraud as any illegal

act for which knowledge of computer technology is essential for its:
•Perpetration;
•Investigation; or
•Prosecution.
COMPUTER FRAUD

•Unauthorized theft, use, access, modification, copying, and destruction of software or

data.
•Theft of money by altering computer records.
•Theft of computer time.
•Theft or destruction of computer hardware.
•Use or the conspiracy to use computer resources to commit a felony.
•Intent to illegally obtain information or tangible property through the use of computers.
COMPUTER FRAUD

•In using a computer, fraud perpetrators can steal:

•More of something
•In less time
•With less effort
•They may also leave very little evidence, which can make these
crimes more difficult to detect.
COMPUTER FRAUD

•Computer systems are particularly vulnerable to computer crimes for several reasons:
• Company databases can be huge and access privileges can be difficult to create and enforce.
Consequently, individuals can steal, destroy, or alter massive amounts of data in very little
time.
• Organizations often want employees, customers, suppliers, and others to have access to their
system from inside the organization and without. This access also creates vulnerability.
• Computer programs only need to be altered once, and they will operate that way until:
• The system is no longer in use; or
• Someone notices.
APPROACHES TO COMPUTER FRAUD

•Economic espionage, the theft of information and

intellectual property, is growing especially fast.
•This growth has led to the need for investigative
specialists
APPROACHES TO COMPUTER FRAUD

•Computer fraud classification

• Frauds can be categorized according to the data processing model:
• Input
• Processor
• Computer instructions
• Stored data
• Output
COMPUTER FRAUD CLASSIFICAT IONS

Data
Fraud

Input Processor Output

Fraud Fraud Fraud

Computer
Instructions
Fraud
INPUT FRAUD

• Can take a number of forms, including:

• Disbursement frauds

• The perpetrator causes a company to:

– Pay too much for ordered goods; or
– Pay for goods never ordered.
INPUT FRAUD

• Can take a number of forms, including:

• Disbursement frauds
• Inventory frauds

• The perpetrator enters data into the system to show

that stolen inventory has been scrapped.
INPUT FRAUD

• Can take a number of forms, including:

• Disbursement frauds
• Inventory frauds
• Payroll frauds •Perpetrators may enter data to:
– Increase their salaries.
– Create a fictitious employee.
– Retain a terminated employee on the records.
• In the latter two instances, the perpetrator intercepts
and cashes the resulting paychecks.
INPUT FRAUD

• Can take a number of forms, including:

• Disbursement frauds
• Inventory frauds
• Payroll frauds
• The perpetrator hides the theft by falsifying system
• Cash receipt frauds input.
• EXAMPLE: Cash of $200 is received. The
perpetrator records a cash receipt of $150 and
pockets the $50 difference.
INPUT FRAUD

• Can take a number of forms, including:

• Disbursement frauds
• Inventory frauds
• Payroll frauds
• The perpetrator files for an undeserved refund, such
• Cash receipt frauds as a tax refund.

• Fictitious refund fraud

PROCESSOR FRAUD

•Involves computer fraud committed through unauthorized system use.

•Includes theft of computer time and services.
•Incidents could involve employees:
• Surfing the Internet;
• Using the company computer to conduct personal business; or
• Using the company computer to conduct a competing business.
PROCESSOR FRAUD

• In one example, an agriculture college at a major state university was experiencing very sluggish
performance from its server.
• Upon investigating, IT personnel discovered that an individual outside the United States had effectively
hijacked the college’s server to both store some of his/her research data and process it.
• The college eliminated the individual’s data and blocked future access to the system.
• The individual subsequently contacted college personnel to protest the destruction of the data.
• Demonstrates both:
• How a processor fraud can be committed.
• How oblivious users can sometimes be to the unethical or illegal nature of their activities.
COMPUTER INSTRUCTIONS FRAUD

•Computer instructions fraud

• Involves tampering with the software that processes company data.
• May include:
• Modifying the software
• Making illegal copies
• Using it in an unauthorized manner
• might include developing a software program or module to carry out an unauthorized
activity.
COMPUTER INSTRUCTIONS FRAUD

•used to be one of the least common types of frauds because it required

specialized knowledge about computer programming beyond the scope of most
users.
•Today these frauds are more frequent—courtesy of Web pages that instruct
users on how to create viruses and other schemes.
DATA FRAUD

• Altering or damaging a company’s data files; or

• Copying, using, or searching the data files without authorization.
•In many cases, disgruntled employees have scrambled, altered, or destroyed data files.
•Theft of data often occurs so that perpetrators can sell the data.
• Most identity thefts occur when insiders in financial institutions, credit agencies, etc., steal
and sell financial information about individuals from their employer’s database.
OUTPUT FRAUD

•Involves stealing or misusing system output.

•Output is usually displayed on a screen or printed on paper.
•Unless properly safeguarded, screen output can easily be read from a remote location
using inexpensive electronic gear.
•This output is also subject to prying eyes and unauthorized copying.
•Fraud perpetrators can use computers and peripheral devices to create counterfeit
outputs, such as checks.
METHODS TO COMMIT COMPUTER FRAUD AND ABUSE

• Data diddling - Changing data before, during, or after it is entered into the system.
• Can involve adding, deleting, or altering key system data.
• Data leakage - Unauthorized copying of company data
• Denial of service attacks - An attacker overloads and shuts down an Internet service provider’s email
system by sending email bombs at a rate of thousands per second—often from randomly generated
email addresses.
• May also involve shutting down a Web server by sending a load of requests for the Web pages.
METHODS TO COMMIT COMPUTER FRAUD AND ABUSE

•Denial of service attacks

• Carried out as follows:
– The attacker infects dozens of computers that have
broadband Internet access with denial-of-service
programs. These infected computers are the zombies.
– The attacker then activates the denial-of-service
programs, and the zombies send pings (emails or
requests for data) to the target server. The victim
responds to each, not realizing they have fictitious return
addresses, and waits for responses that don’t come.
– While the victim waits, system performance degrades
until the system freezes up or crashes.
– The attacker terminates the program after an hour or two
to limit the victim’s ability to trace the source.
COMPUTER FRAUD AND ABUSE TECHNIQUES

• Eavesdropping - Perpetrators surreptitiously observe private communications or transmission of data.

• Equipment to commit these “electronic wiretaps” is readily available at electronics stores.
• Email threats - A threatening message is sent to a victim to induce the victim to do something that would
make it possible to be defrauded.
• Several banks in the Midwest were contacted by an overseas perpetrator who indicated that:
• He had broken into their computer system and obtained personal and banking information about all of
the bank’s customers.
• He would notify the bank’s customers of this breach if he was not paid a specified sum of money.
COMPUTER FRAUD AND ABUSE TECHNIQUES

• Email forgery (aka, spoofing) Involves sending an email message that appears to have come from someone other than the actual sender.
• Email spoofers may:
• Claim to be system administrators and ask users to change their passwords to specific values.
• Pretend to be management and request a copy of some sensitive information.
• Hacking - Unauthorized access to and use of computer systems—usually by means of a personal computer and a telecommunications
network.
• Most hackers break into systems using known flaws in operating systems, applications programs, or access controls.
• Some are not very malevolent and mainly motivated by curiosity and a desire to overcome a challenge.
• Others have malicious intent and can do significant damage.
COMPUTER FRAUD AND ABUSE TECHNIQUES

• Phreaking -Hacking that attacks phone systems and uses phone lines to transmit viruses
and to access, steal, and destroy data.
• They also steal telephone services and may break into voice mail systems.
• Some hackers gain access to systems through dial-up modem lines.
• Hijacking - Involves gaining control of someone else’s computer to carry out illicit activities
without the user’s knowledge.
• The illicit activity is often the perpetuation of spam emails.
COMPUTER FRAUD AND ABUSE TECHNIQUES

• Identity theft - Assuming someone’s identity, typically for economic gain, by illegally obtaining and using confidential
information such as the person’s social security number, bank account number, or credit card number.
• Identity thieves benefit financially by:
• Taking funds out of the victim’s bank account.
• Taking out mortgages or other loans under the victim’s identity.
• Taking out credit cards and running up large balances.
• If the thief is careful and ensures that bills and notices are sent to an address he controls, the scheme may be
prolonged until such time as the victim attempts to buy a home or car and finds out that his credit is destroyed.
COMPUTER FRAUD AND ABUSE TECHNIQUES

• Internet misinformation - Using the Internet to spread false or misleading information about people or companies.
• May involve:
• Planting inflammatory messages in online chat rooms.
• Websites with misinformation.
• Pretending to be someone else online and making inflammatory comments that will be attributed to that person.
• A “pump-and-dump” occurs when an individual spreads misinformation, often through Internet chat rooms, to
cause a run-up in the value a stock and then sells off his shares of the stock.
COMPUTER FRAUD AND ABUSE TECHNIQUES

• Internet terrorism - Hackers use the Internet to disrupt electronic commerce and destroy company and
individual communications.
• Viruses and worms are two main forms of Internet terrorism.
• Logic time bombs - A program that lies idle until triggered by some circumstance or a particular time.
• Once triggered, it sabotages the system, destroying programs, data, or both.
• Usually written by disgruntled programmers.
• EXAMPLE: A programmer places a logic bomb in a payroll application that will destroy all the payroll records
if the programmer is terminated.
COMPUTER FRAUD AND ABUSE TECHNIQUES

• Masquerading or impersonation - The perpetrator gains access to the system by pretending to be

an authorized user.
• The perpetrator must know the legitimate user’s ID and password.
• Once in the system, he enjoys the same privileges as the legitimate user.
• Packet sniffers - Programs that capture data from information packets as they travel over the Internet or
company networks.
• Confidential information and access information can be gleaned from the captured data—some of which is
later sold.
COMPUTER FRAUD AND ABUSE TECHNIQUES

• Password cracking - An intruder penetrates a system’s defenses, steals the file of valid passwords, decrypts them, and then uses them to
gain access to almost any system resources.
• Phishing - Sending out a spoofed email that appears to come from a legitimate company, such as a financial institution. eBay, PayPal, and
banks are commonly spoofed.
• The recipient is advised that information or a security check is needed on his account, and advised to click on a link to the company’s
website to provide the information.
• The link connects the individual to a Website that is an imitation of the spoofed company’s actual Website. These counterfeit Websites
appear very authentic, as do the emails.
• One newly graduated college student recently took a job in California and deposited his first paycheck of approximately $5,000 in the
bank.
COMPUTER FRAUD AND ABUSE TECHNIQUES

• Piggybacking - Tapping into a telecommunications line and latching onto a legitimate user before that user logs
into a system.
• The legitimate user unknowingly carries the perpetrator into the system.
• Round-down technique - Made famous in the movie, Office Space.
• The programmer instructs the computer to round interest calculations down to two decimal places and deposits
the remaining fraction into the account of a programmer or an accomplice.
• Salami technique - Involves the theft of tiny slices of money over a period of time.
• The round-down is just a special form of a salami technique.
COMPUTER FRAUD AND ABUSE TECHNIQUES

• Social engineering - Perpetrators trick employees into giving them information they need to get into the
system.
• A perpetrator might call an employee and indicate he is the systems administrator and needs to get the
employee’s password.
• Software piracy - Copying software without the publisher’s permission.
• Spamming - Emailing an unsolicited message to multitudes of people, often in an attempt to sell a product.
• Many times the product offers are fraudulent.
COMPUTER FRAUD AND ABUSE TECHNIQUES

•Spamming - Spammers use creative means to find valid email addresses:

• Scanning the Internet for addresses posted online.
• Hacking into company databases and stealing mailing lists.
• Staging dictionary (aka direct harvesting) attacks.
• These attacks use special software to guess addresses at a particular company and send blank emails.
• Messages not returned are usually valid.
• These attacks are very burdensome to corporate email systems.
COMPUTER FRAUD AND ABUSE TECHNIQUES

Spyware - Software that monitors computing habits, such as Web-surfing habits, and sends the data it gathers to someone else, typically without the user’s permission.
• One type, called adware (for advertising-supported software) does two things:
• Causes banner ads to pop up on your monitor as you surf the net.
• Collects information about your Web-surfing and spending habits and forward it to a company gathering the data—often an advertising or large media
organization.
• May be disclosed in the licensing agreement, but users are unlikely to read it.
• Reputable adware companies claim they don’t collect sensitive or identifying data.
• But there is no way for users to control or limit the activity.
• It is not illegal, but many find it objectionable.
• Software has been developed to detect and eliminate spyware, but it may also impair the downloaded software.
• Some is intentionally difficult to uninstall.
COMPUTER FRAUD AND ABUSE TECHNIQUES

Keystroke loggers - record a user’s keystrokes and emails them to or saves them for the party that planted the logger. These are sometimes used by:
• Parents to monitor their children’s computer usage.
• Businesses to monitor employee activity.
• Fraudsters to capture passwords, credit card numbers, etc.
• can be a hardware device attached to a computer or can be downloaded on an individual’s computer in the same way that any Trojan horse
might be downloaded.
• Spyware and keystroke loggers are very problematic for companies with employees who telecommute or contact the company’s computer from
remote locations.
• Spyware on those computers makes the company’s systems vulnerable.
• Individuals are also exposed when they use wireless networks, such as those that may be available in coffee shops.
COMPUTER FRAUD AND ABUSE TECHNIQUES

Superzapping - Unauthorized use of special system programs to bypass regular system controls and perform illegal
acts.
• The name is derived from an IBM software utility called Superzap that was used to restored crashed systems.
Trap doors - Also called back doors.
• Programmers create trap doors to modify programs.
• The trap door is a way into the system that bypasses normal controls.
• The trap door should be removed before the program is implemented.
• If it is not, the programmer or others may later gain unauthorized access to the system.
COMPUTER FRAUD AND ABUSE TECHNIQUES

• Trojan horse - A set of unauthorized computer instructions planted in an authorized and otherwise properly functioning program.
• Allows the creator to control the victim’s computer remotely.
• The code does not try to replicate itself but performs an illegal act at some specific time or when some condition arises.
• Programs that launch denial of service attacks are often Trojan horses.
• War dialing - Hackers search for an idle modem by programming their computers to dial thousands of phone lines.
• Hackers enter through the idle modem and gain access to the connected network.
• War driving - Driving around in cars looking for unprotected home or corporate wireless networks.
• If the hackers mark the sidewalk of the susceptible wireless network, the practice is referred to as warchalking.
COMPUTER FRAUD AND ABUSE TECHNIQUES
Virus - Many viruses have two phases:
• First, when some predefined event occurs, the virus replicates itself and spreads to other systems or files.
• Another event triggers the attack phase in which the virus carries out its mission.
• A virus may lay dormant or propagate itself without causing damage for an extended period.
• Damage may take many forms:
• Send email with the victim’s name as the alleged source.
• Destroy or alter data or programs.
• Take control of the computer.
• Destroy or alter file allocation tables.
• Delete or rename files or directories.
• Reformat the hard drive.
• Change file content.
• Prevent users from booting.
• Intercept and change transmissions.
• Print disruptive images or messages on the screen.
• Change screen appearance.
COMPUTER FRAUD AND ABUSE TECHNIQUES

• Virus symptoms:
• Computer will not start or execute
• Performs unexpected read or write operations
• Unable to save files
• Long time to load programs
• Abnormally large file sizes
• Slow systems operation
• Unusual screen activity
• Error messages
COMPUTER FRAUD AND ABUSE TECHNIQUES

• Viruses - contagious and easily spread from one system to another.

• They are usually spread by:
• Opening an infected email attachment or file (most common); or
• Running an infected program.
• Some viruses can mutate, which makes them more difficult to detect and destroy.
• The emails often appear to come from sources like Microsoft and seem very convincing.
COMPUTER FRAUD AND ABUSE TECHNIQUES

Virus protections include:

• Install reliable virus software that scans for, identifies, and destroys viruses.
• Keep the antivirus program up to date.
• Scan incoming email at the server level, rather than when it hits the desktops.
• Certify all software as virus-free before loading it.
• Software from unknown sources may be virus bait, especially if it seems too good to be true.
• Deal with trusted software retailers.
• Use electronic techniques to make tampering evident.
• Check new software on an isolated machine.
• Have two backups of all files.
• Do not put diskettes or CDs in strange machines, or let others put unscanned disks in your machine.
• Viruses attack computers, but any device that is part of the communications network is vulnerable, including:
• Cell phones
• Smart phones
• PDAs
COMPUTER FRAUD AND ABUSE TECHNIQUES

• Worms similar to a virus except that:

• A worm is a stand-alone program, while a virus is only a segment of code hidden in a host program or executable file.
• A worm will replicate itself automatically, while a virus requires a human to do something like open a file.
• Worms often reproduce by mailing themselves to the recipient’s mailing list.
• They are not confined to PCs and have infected cell phones in Japan.
• A worm typically has a short but very destructive life.
• It takes little technical knowledge to create worms or viruses; several Websites provide instructions.
• Most exploit known software vulnerabilities that can be corrected with a software patch, making it important to install all patches as soon
as they are available.
COMPUTER FRAUD AND ABUSE TECHNIQUES

• The low-tech, do-it-yourself attack - You receive an email from a friend, apologizing profusely that he/she has previously sent you an email
that was infected with a virus.
• The friend’s email gives you instructions to look for and remove the offending virus.
• You delete the file from your hard drive. The only problem is that the file you just deleted was part of your operating system.
• Your friend was well-intended and has done the same thing to his/her computer.
• REMEDY: Before even considering following instructions of this sort, check the list of hoaxes that are available on any virus protection Website,
such as:
• www.norton.com
• www.mcafee.com
INTERNAL CONTROLS IN AN IT
ENVIRONMENT
1. General Controls - control policies and procedures that relate to the overall computer
information system
- covers controls over the entity's IT processes that support the continued proper operation of
the IT environment, including the continued effective functioning of information processing
controls and the integrity of information (ie., the completeness, accuracy and validity of
information) in the entity's information system.
GENERAL CONTROLS

These may include:

A. ORGANIZATIONAL CONTROLS - designed to define the strategic direction and establish an organization framework over IT activities
including
• strategic information and technology plan
• policies and procedures
• segregation of incompatible functions
i. between the IT department and user departments
ii. segregation of duties within the IT departments
• monitoring of IT activities performed by third party consultants
ORGANIZATIONAL CONTROLS
Responsibility within an Information System Department

1. Information System Management - handled by a Chief Information Officer and supervise the operation of the department
2. System Analysis - responsible for designing the information systems. Focus on setting the goals of the information system and means of
achieving them after considering the goals of the organization and the computer processing needs of the entity.
3. Application Programming - codes the system specifications determined by system analysts using programming languages
4. Database Administration - focus on planning and administering the database by designing it and controlling its use
5. Data Entry - prepare and verify input data for processing
6. Computer Operation - run and monitor central computer in accordance with standard instructions. Sometimes operators may need to access
computer console to correct indicated errors in processing, this is a risk exposure that an operating system should be designed to maintain a log
of computer operator intervention. Also, computer operation should be separated with application programming to mitigate the possibility of
unauthorized changes in computer programs.
7. Program and File Library - protects computer programs, master files, transaction tapes and other records from loss, damage, unauthorized
use or alteration.
8. Data Control - review and test all input procedures, monitor computer processing, reviews exception reports, handles reprocessing of
exceptions detected by the computer and distributes all computer output, also review ramcomputer log of operator intervention and library log
of program usage.
9. Telecommunications - responsible for maintaining and enhancing computer networks and network connections
10.Systems Programming - responsible for troubleshooting the operating system or systems in use, upgrading it N and working with application
system programs in case of incompatibility with the operating systems
11.Quality Assurance - ensures that new systems developed and old ones being replaced are controlled with and ensures the new system to meet
user specification and documentation standards
GENERAL CONTROLS
B. SYSTEM DEVELOPMENT, MAINTENANCE AND DOCUMENTATION
CONTROLS
1) User department must participate in system design
2) Written system specification must be required and approved by management and user
department
3) Both user and IT personnel must test new systems
4) Management, user and IT personnel must approve new system before implementation
5) Control of all master and transaction files to avoid unauthorized changes
6) All program changes should be approved
7) Adequate documentation should be made to facilitate the use of programs
GENERAL CONTROLS
C. ACCESS CONTROLS - provide reasonable assurance that access to equipment, files and programs are limited only to authorized personnel

1. Physical access control

a) Limited physical access-guard, automated key cards and manual key locks
b) Visitor entry log
2. Electronic access control
a) Requiring user identification (specially on on-line systems) and regular changes of passwords
b) Defining user data access privilege
c) Call back-users dial up for access to the IT system, the system logs them out and then re-establish communication link when identification is
established
3. Hardware controls
a) Diagnostic routines- hardware of software supplied by manufacturers to check the internal operations and devices within the computer system
b) Boundary protection to ensure integrity of the allocated memory for a job currently running under a simultaneous processing in a
multiprogramming environment
c) Periodic maintenance
4. Data transmission controls- procedures established to prevent unauthorized access or changes to information being transmitted via telecommunication
facilites
a) Parity check-data are processed and transmited by computers in arrays of bits. Redundant bit may be added to verify the integrity of the
information that is processed or transmitted.
b) Data encryption data are coded into secret characters to avoid unauthorized individuals from reading the information
c) Message acknowledgement technique (ex. Echo check) - receiving device sends a message that verifies a transmission back to the sending
device
d) Private lines-using phone Ines owned or leased by the organization, thereby more secure
GENERAL CONTROLS
Other Access Control Activities:
a. Programming the operating system to generate a computer log of failed access
attempt and generates warnings for repeated access failure
b. Programmers should not have access to input data or application programs that
are currently used
c. Computer operators should be restricted only to the application programs
currently being used
d. Computer operators should be limited access only to operations manual
(instructions for processing programs) and not detailed program
documentations
GENERAL CONTROLS
D. DATA AND PROCEDURAL CONTROLS
1. Data control group receives all data for processing, ensures complete recording, and follow up errors. determine
that data are corrected and resubmitted by user departments and verity output distribution
2. Processing controls
a) Written manual of systems and procedures for all computer operation
b) Back-up and recovery
i. Grandfather-father-son principle on file retention - a back-up system employed in batch processing
that enable reproduction of destroyed or lost master files from multiple (3) generations of master files
ii. Snapshots-daily picture (copy) of the data files taken and retained until the weekly file is prepared.
which are retained until the monthly file is prepared, which are also retained until the annual file is
created
GENERAL CONTROLS
c) Contingency processing-detailed processing plans to be tapped in case of disasters and
may include a:
i. Reciprocal agreement/Mutual aid pact
ii. Internal site
iii. Hot site-back-up centers that are already installed with equipment
iv. Cold site-back-up centers that are ready for equipment to be brought in
d) File Protection Rings- enables writing to a magnetic tape only when the ring is on the
magnetic tape. This controls operator error by writing data on tapes containing critical
information.
e) Internal and External Labels-provides identification of files to avoid destruction
GENERAL CONTROLS
E MONITORING CONTROLS-design to ensure that IT controls are
working effectively. These may include:
• Monitoring of key IT performance indicators
• Internal/external IT audits
INTERNAL CONTROLS IN AN IT
ENVIRONMENT
2. IT APPLICATION CONTROLS - control policies and procedures that
relate to specific use of the system in order to provide reasonable assurance that
all transactions are authorized, recorded, and are processed completely,
accurately and on a timely basis.
In an IT environment, application controls are controls relating to the
processing of information in IT applications that directly address risks to the
integrity of information (ie, the completeness, accuracy and validity of
transactions and other information).
IT APPLICATION CONTROLS
A. CONTROLS OVER INPUT- designed to provide reasonable assurance that
• Transactions are properly authorized before being processed by the computer
• Transactions are accurately converted into machine readable form and recorded in
the computer data files.
• Transactions are not lost, added, duplicated, or improperly changed.
• Incorrect transactions are rejected, corrected and, if necessary, resubmitted on a
timely basis
• Common examples of controls over input are key verification, field check, validity
check, self-checking digit, limit check, control totals (financial, hash and record
count)
CONTROLS OVER INPUT
1. Limit test- test of reasonableness of a field of data using predetermined upper and lower limit
EXAMPLE: A system accepts order quantities for products. The system has set a limit where the maximum allowed
order quantity is 1000. A user attempts to enter an order with a quantity of 1200.
2. Validity test - a comparison of data against a master file or table for accuracy
EXAMPLE: A company's payroll system requires an employee's ID to be entered for each pay transaction. The
system checks each ID against a master employee database to ensure it matches an existing record.
3. Self-checking digit - contains redundant information permitting accuracy check
EXAMPLE: A user enters a product serial number with a control digit at the end. The system validates the serial
number using the control digit to check for input errors.
4. Completeness check - processing will not continue unless all data required are supplied (also missing data check)
EXAMPLE: A system prompts users to enter customer data for a new account, including name, address, and phone
number. The system will not allow the submission to proceed unless all required fields are filled out.
CONTROLS OVER INPUT
5. Control total - the total of one field of information for all items in a batch
a) Item (Record) count- a count of the number of items or transactions being input in a given
batch
EXAMPLE: An accounts payable system processes a batch of invoices, and the total amount of all
invoices in the batch is calculated as a control total to verify the sum.
b) Financial total- the total of the amount for all items in a batch
EXAMPLE: A retail system processes a batch of sales transactions, and the total amount for all
transactions is calculated and verified to ensure no discrepancies.
c) Hash total- a total of one field of information for all items in a batch that has no intrinsic
meaning
EXAMPLE: A shipping company processes a batch of items, each identified by an item code that has
no intrinsic meaning. The system calculates the sum of the item codes as a hash total to verify the
data.
CONTROLS OVER INPUT
6. Menu driven input- contains of set of menus or Q&As that guides the user completion of all the required data
EXAMPLE: A system prompts users with a set of choices or questions to guide them through entering information, such
as choosing payment method or shipping options.
7. Field check only or alphanumeric only) -ensures that the proper character is supplied in a given field (ie. Character
only, numeric
EXAMPLE: A user enters their email address in a registration form, and the system checks that only alphanumeric
characters and symbols like “@” and “.” are used in the address.
8. Field size check- ensures that the data supplied is within the number of digits or string of characters required for the
field
EXAMPLE: A form asks users to input their ZIP code, which must be 5 digits long. The system will reject the input if it
doesn't meet this requirement.
9. Logic tests- rejects data encoded which are illogical or inconsistent
EXAMPLE: A system checks that the entered date of birth is not in the future, rejecting any data entries that contain
future dates as logically inconsistent.
IT APPLICATION CONTROLS
B. CONTROLS OVER PROCESSING - designed to provide reasonable
assurance that:
• Transactions are processed accurately
• Transactions are not lost, added, excluded, duplicated or improperly changed
• Processing errors are identified and corrected on a timely basis
C. CONTROLS OVER OUTPUT - designed to provide reasonable assurance
that:
• Results of processing are complete, accurate
• Output is distributed to authorized personnel only

Accounting Information System With Activities
No ratings yet
Accounting Information System With Activities
37 pages
Ch01 - 2021
No ratings yet
Ch01 - 2021
81 pages
Intro to Accounting Info Systems
No ratings yet
Intro to Accounting Info Systems
54 pages
Chapter 1
No ratings yet
Chapter 1
84 pages
Intro to Information Systems
No ratings yet
Intro to Information Systems
36 pages
Accounting Information Systems
No ratings yet
Accounting Information Systems
308 pages
Chap 1 AIS For Class 11
No ratings yet
Chap 1 AIS For Class 11
61 pages
Accounting Information Systems
92% (13)
Accounting Information Systems
308 pages
Ais Lecture One PDF
No ratings yet
Ais Lecture One PDF
85 pages
AIS CH1 (Overview)
No ratings yet
AIS CH1 (Overview)
50 pages
Ch01 - 2021
No ratings yet
Ch01 - 2021
81 pages
1.accounting Information System
No ratings yet
1.accounting Information System
43 pages
Accounting Information Systems: An Overview
No ratings yet
Accounting Information Systems: An Overview
84 pages
Chapter One Fundamentals of Information Systems
No ratings yet
Chapter One Fundamentals of Information Systems
46 pages
Accounting Vinformation System - Chapter One
No ratings yet
Accounting Vinformation System - Chapter One
70 pages
CH 01introduction To Information Systems
No ratings yet
CH 01introduction To Information Systems
49 pages
Chapter One Modular
No ratings yet
Chapter One Modular
18 pages
Information Systems - Basic Concepts
No ratings yet
Information Systems - Basic Concepts
64 pages
Prelim Lesson1
No ratings yet
Prelim Lesson1
19 pages
Information System Notes
No ratings yet
Information System Notes
24 pages
Overview of Information Systems
No ratings yet
Overview of Information Systems
26 pages
Chapter 1 AIS Overview of AIS 2014 Edited-1
No ratings yet
Chapter 1 AIS Overview of AIS 2014 Edited-1
49 pages
Ch-1 Fundamentals of MIS
No ratings yet
Ch-1 Fundamentals of MIS
42 pages
Lecture 01
No ratings yet
Lecture 01
37 pages
310 AIS Chapter 01-2016 NP
No ratings yet
310 AIS Chapter 01-2016 NP
93 pages
Chapter 1 AIS
No ratings yet
Chapter 1 AIS
61 pages
Chapter 1 AIS-1
No ratings yet
Chapter 1 AIS-1
12 pages
Acc109 Notes
No ratings yet
Acc109 Notes
116 pages
Technology in Banking Services: Soumitra Chakraborty
No ratings yet
Technology in Banking Services: Soumitra Chakraborty
84 pages
DATA (Repaired)
No ratings yet
DATA (Repaired)
19 pages
Business Information System: Department of Management Admas University
No ratings yet
Business Information System: Department of Management Admas University
28 pages
Chapter 1
No ratings yet
Chapter 1
36 pages
Introduction
No ratings yet
Introduction
87 pages
CH 1 PDF
No ratings yet
CH 1 PDF
85 pages
Chapter 1 - MIS
No ratings yet
Chapter 1 - MIS
32 pages
SIA Unit 1
No ratings yet
SIA Unit 1
48 pages
PRESENTATION SYSTEMS THINKING CHAPTER 2 - Information Systems
No ratings yet
PRESENTATION SYSTEMS THINKING CHAPTER 2 - Information Systems
57 pages
Ism 1 To 9 Sessions
No ratings yet
Ism 1 To 9 Sessions
214 pages
Sheet - 1: Arrange-Ment
No ratings yet
Sheet - 1: Arrange-Ment
7 pages
Unit - 1 Information Management
No ratings yet
Unit - 1 Information Management
21 pages
Decision Support System
No ratings yet
Decision Support System
357 pages
IS Lecture 1: Introduction To Information Systems: Learning Objectives
No ratings yet
IS Lecture 1: Introduction To Information Systems: Learning Objectives
36 pages
Untitled
No ratings yet
Untitled
28 pages
Mis Mod 1
No ratings yet
Mis Mod 1
47 pages
Reviewer in Accounting Information System
No ratings yet
Reviewer in Accounting Information System
6 pages
CH 06
No ratings yet
CH 06
38 pages
Chapter 1
No ratings yet
Chapter 1
62 pages
Ais CH1 Part1
No ratings yet
Ais CH1 Part1
19 pages
Information System Management
No ratings yet
Information System Management
24 pages
Lecture 16 - Management Information Systems I
No ratings yet
Lecture 16 - Management Information Systems I
16 pages
Management Information Systems: Rizwan Ali Khan
No ratings yet
Management Information Systems: Rizwan Ali Khan
36 pages
Lesson 2 - Data and Information
No ratings yet
Lesson 2 - Data and Information
16 pages
Intro to Systems Analysis & Design
No ratings yet
Intro to Systems Analysis & Design
138 pages
Management Information System "System Vs Procedure"
50% (2)
Management Information System "System Vs Procedure"
12 pages
MIS Basics for Business Students
No ratings yet
MIS Basics for Business Students
94 pages
AIS-ASSIGNMENT2
No ratings yet
AIS-ASSIGNMENT2
3 pages
INTERVIEW
No ratings yet
INTERVIEW
2 pages
Case 4
No ratings yet
Case 4
2 pages
Physci
No ratings yet
Physci
1 page
G.R. No. 136448. November 03, 1999 (Case Brief - Digest)
No ratings yet
G.R. No. 136448. November 03, 1999 (Case Brief - Digest)
2 pages
FINDINGS
No ratings yet
FINDINGS
2 pages
Case 2
No ratings yet
Case 2
3 pages
CONCEPTMAP
No ratings yet
CONCEPTMAP
2 pages
MODULE #4 MICE - Mañalac, Franchesca N.
No ratings yet
MODULE #4 MICE - Mañalac, Franchesca N.
38 pages
Motor Car Loan Application Form3
No ratings yet
Motor Car Loan Application Form3
7 pages
Parking With BAPI - ACC - DOCUMENT - POST: Symptom
No ratings yet
Parking With BAPI - ACC - DOCUMENT - POST: Symptom
2 pages
Inferential & Hypothesis Testing
No ratings yet
Inferential & Hypothesis Testing
6 pages
Jref - Masterseal 550
No ratings yet
Jref - Masterseal 550
21 pages
Odiamar v. Valencia
No ratings yet
Odiamar v. Valencia
14 pages
Real Estate Crowdfunding Guide
No ratings yet
Real Estate Crowdfunding Guide
12 pages
Event Management Basics for Vietnam
No ratings yet
Event Management Basics for Vietnam
24 pages
Abhishek Kamboj Resume - pdf1570919187
No ratings yet
Abhishek Kamboj Resume - pdf1570919187
2 pages
Resume Headline Examples
100% (1)
Resume Headline Examples
8 pages
879 Smart Pension Plan
No ratings yet
879 Smart Pension Plan
32 pages
PLP Change Note
No ratings yet
PLP Change Note
3 pages
Nume Agentie Date de Contact: Office@innerlook
No ratings yet
Nume Agentie Date de Contact: Office@innerlook
10 pages
In-App Configuration For SAP S4HANA Cloud Scope Item J58 (6PR) - How To Guide
No ratings yet
In-App Configuration For SAP S4HANA Cloud Scope Item J58 (6PR) - How To Guide
7 pages
Agreement of CEO of HP Innovations PVT LTD
No ratings yet
Agreement of CEO of HP Innovations PVT LTD
4 pages
QA Automation Roadmap Guide
No ratings yet
QA Automation Roadmap Guide
17 pages
R 2020 1 TT APRIL 2025 BE All Sem
No ratings yet
R 2020 1 TT APRIL 2025 BE All Sem
22 pages
Daniel Bloom - Achieving HR Excellence Through Six Sigma-CRC Press (2021)
No ratings yet
Daniel Bloom - Achieving HR Excellence Through Six Sigma-CRC Press (2021)
269 pages
Data Warehouse Architecture Guide
No ratings yet
Data Warehouse Architecture Guide
3 pages
Organizing Technical Activities
No ratings yet
Organizing Technical Activities
16 pages
SM 1
No ratings yet
SM 1
58 pages
Shipping Schedule & Guidelines for Expeditors Vietnam
No ratings yet
Shipping Schedule & Guidelines for Expeditors Vietnam
1 page
SSV Enterprises - Catalogue For Cotton & Canvas Bags
No ratings yet
SSV Enterprises - Catalogue For Cotton & Canvas Bags
17 pages
wDogecoin: Yield Farming on BSC
No ratings yet
wDogecoin: Yield Farming on BSC
16 pages
Diversity Assessment 1
No ratings yet
Diversity Assessment 1
8 pages
RSO22071301389401 Firdaus
No ratings yet
RSO22071301389401 Firdaus
2 pages
ACCOMMODATION PURCHASE With
No ratings yet
ACCOMMODATION PURCHASE With
6 pages
Assessment Rates Charges 2022 2023
No ratings yet
Assessment Rates Charges 2022 2023
2 pages
Aadya Shakti Gayatri Ki Samarth Sadhana Hindi Book AWGP PDF
No ratings yet
Aadya Shakti Gayatri Ki Samarth Sadhana Hindi Book AWGP PDF
33 pages
ST Unit3 Slides
No ratings yet
ST Unit3 Slides
76 pages