Deze samenvatting is gebaseerd op het studiejaar 2013-2014.

Week 1

Accounting Information System (AIS) = een systeem voor betrouwbare informatie ten behoeve van besluitvorming en verantwoording. Het bestaat uit mensen, procedures en systemen.

Hoofdfuncties:

• Het verzamelen en opslaan van gegevens over bedrijfstransacties zodat de organisatie kan vaststellen wat er is gebeurd.

• Het management voorzien van relevante besluitvormingsinformatie.

• Het zorgen voor adequate beheersmaatregelen om te waarborgen dat de informatie en bezittingen van de organisatie betrouwbaar zijn en bezittingen beschermd worden.

System = a set of interrelated components that interact to achieve a goal. Most systems are composed of smaller subsystems.

Goal = iedere organisatie heft doelen. Subsystemen moeten zijn ontworpen om te ondersteunen bij het behalen van die doelen.

Data = the facts that are collected, stored and processed by an information system (verzamelen, vastleggen en bewerken). Organizations collect data about:

• Events that occur

• Resources that are affected by those events

• Agents who participate in the events.

Information is data that have been organized and processed to provide meaning.

Benefits of information – cost of producing information = value of information

Benefits of information:

• Reduction of uncertainty

• Improved decisions

• Improved ability to plan and schedule activities

Costs of producing information:

• Collecting data

• Processing data

• Storing data

• Distributing information to users

Characteristics of useful information:

• Relevance = it reduces uncertainty by helping you predict what will happen or confirm what already has happened.

• Reliability = it is dependable, i.e., free from error or bias and faithfully portrays events and activities.

• Completeness = it does not leave anything that is important.

• Timeliness = you get it in time to make your decision.

• Understandability = It is presented in a manner you can comprehend and use.

• Verifiability = a consensus notion – the nature of the information is such that different people would tend to produce the same result.

• Accessibility = you can get it when you need it and in a format you can use.

Administratieve Organisatie (AO) = de organisatie gericht op het systematisch verzamelen, vastleggen en bewerken van gegevens gericht op het verstrekken van informatie met betrekking tot het sturen, beheersen, doen functioneren van organisaties alsmede van de verantwoording die daaromtrent worden afgelegd.

Interne Controle (IC) = controle op oordeelsvorming of activiteiten door of namens de leiding van een organisatie.

Cycle benadering:

• Revenu cycle

• Expenditure cycle

• Production cycle

Strategisch (bovenste laag piramide)

Tactisch (midden laag piramide)

Operationeel (onderste laag piramide)

Structured decisions: Repetitive and routine, can be delegated to lower-level employees  kunnen geautomatiseerd worden!

Semi-structured decisions: Incomplete rules, require subjective assessments.

Non-structured decisions: Non-recurring and non-routine, require a great deal of subjective assessments.

Occupational control decisions (day-to-day)

Management control decisions (budgeting)

Stretegic planning decisions (Whether to diversify the company into other product lines)

The higher a manager is in the organization, the more likely h is to be engaging in less structured decisions and broader scope decisions.

AIS consists of 5 components:

1. The people who operate the system

2. The procedures involved in collecting, processing, and storing data

3. The data about the business processes

4. The software used to process the data

5. The information technology infrastructure

Each activity requires different types of decisions.

Each decision requires different types of information (financial, non-financial, internal sources, external sources).

External parties: Customers, vendors, creditors and governmental agencies.

Internal parties: Employees and management.

Accountants (controllers) play an important role in data processing: What data should be entered and stored? Who should be able to access the data? How should the data be organized, updated, stored accessed, and retrieved? How can scheduled and unanticipated information needs be met? 

Accountants must understand data processing concepts.

Data processing cycle bestaat uit 4 stappen:

1. Data input

2. Data storage

3. Data processing

4. Information output

1. Data input: Grondpatroon informatieverzorgingsproces

First step in data processing is to capture data:

• Event that occurred

• Resources affected by the event

• Agents who participated

Data needs to be organized for easy and efficient access.

2. Data storage:

Some computer-based storage concepts:

• Entity = something about which information is stored (students).

• Attribute = are characteristics of interest with respect to the entity (Student ID/Address).

• Field = the physical place where an attribute is stored (student ID field).

• File = a group of related records (student file).

• Master File = a file that stores cumulative information about an organization’s entities (vaste gegevens)

• Transaction File = a file that contains records of individual transactions (events) that occur during a period (mutaties).

• Database = a set of interrelated, centrally-coordinated files (Student file, Class file and instructor file  together a database).

3. Data processing

There are 4 different types of file processing:

1. Updating data: to record the occurrence of an event, the resources affected by the event, and the agents who participated (recording a sale to a customer).

2. Changing data (customer address).

3. Adding data (new customer).

4. Deleting data (removing an old customer that has not purchased anything in 5 years).

Updating can be done through several approaches. Data processing:

• Batch processing: source documents are grouped into batches. Periodically, the batches are entered into the computer system, edited, sorted and stored in an temporary file.

• Online batch processing: periodically, the temporary transaction file is run against the master file to update the master file.

• Online, real-time processing: Transactions are entered into a computer system as they occur. The master file is immediately updated with the data from the transaction.

4. Information output:

Information output can be in the form of:

• Documents (employee paychecks or purchase orders for merchandise).

• Reports (are used by employees to control operational activities by managers to make decisions and design strategies).

• Queries (are user requests for specific pieces of information. On the monitor: SOFT copy. On the screen: HARD copy).

Week 2

• Hardware

• Inputapparatuur: Toetsenbord, muis, automatisering brongegevens.

• Outputapparatuur: Printers, beeldschermen, geluidsweergave.

• Primair geheugen.

• Secundair geheugen: Schijf, magneetband.

• Communicatieapparatuur

• Centrale verwerkingseenheid

Hardware – system software – applicatie software – gebruikers

The combination of the database, DBMS and application programs that access the database is referred to as the database system.

Database management system (DBMS) serves as the interface between the database and the various application programs.

Importance and advantages of database systems:

• Data integration = achieved by combining master files into larger pools of data accessible by many programs.

• Data sharing.

• Reporting flexibility = Reports can be revised easily and generated as needed. The database can easily be browsed to research problems or obtain detailed information.

• Minimal data redundancy and inconsistencies = because data items are usually stored only once.

• Data independence = Data items are independent of the programs that use them. Consequently, a data item can be changed without changing the program and vice versa. Makes programming easier and simplifies data management.

• Central management of data = data management is more efficient because the database administrator is responsible for coordinating, controlling, and managing data.

Bad data leads to: Bad decisions, embarrassment and angry users.

The DBMS uses the mappings to translate a request by a user or program for data into the indexes and addresses needed to physically access the data.

Data dictionary contains information about the structure of the database. For each data element, there is a corresponding record in the data dictionary describing that element.

Three basic functions of DBMS (languages):

• Creating a database

• Changing a database

• Querying a database

Data definition language (DDL) = the set of commands used to create the database. DDL is used to:

• Build the data dictionary

• Initialize or create the database

• Describe the logical views for each individual user or programmer

• Specify any limitations or constraints on security imposed on database records or fields

Data manipulation language (DML) = the set of commands used to change the database. DML is used for maintaining the data including:

• Updating data

• Inserting data

• Deleting portions of the database

Data query language (DQL) = the set of commands used to query the database. DQL is used to interrogate the database, including:

• Retrieving records

• Sorting records

• Ordering records

• Presenting subsets of the database

Report writer:

• Searches the database

• Extracts specified data

• Prints them out according to specified format

Two basic ways to design well-structured relational databases:

1. Normalization

2. Semantic data modelling

Documentation includes the following types of tools:

• Narratives (written descriptions) = a graphical description of data sources, flows, processes, storage and destinations

• Flowcharts = document flowcharts, system flowcharts and program flowcharts

• Diagrams

• Other written material

Documentation covers the who, what, when, where, why, and how of:

• Data entry

• Processing

• Storage

• Information output

• System controls

SOX (2002) effectively requires that publicly-traded corporations and their auditors document and test the company’s internal controls.

Data Flow Diagram (DFD) (simpele versie) wordt het meest gebruikt. DFD graphically describes the flow data within an organization. It is used to: document existing systems, plan and design new systems.

Four basic elements of DFD:

1. Data sources and destinations (VIERKANT)

2. Data flows (PIJLTJES)

3. Transformation processes (CIRKELS)

4. Data stores (TWEE HORIZONTALE LIJNEN)

Highest level of DFD is a context diagram. It provides a summary-level view of the system.

A flowchart is an analytical technique that describes some aspect of an information system in a clear, concise, and logical manner.

There are four types of flowcharting symbols:

1. Input/output symbols indicate the type of device or media that provides input to or records output from a process.

2. Processing symbols indicate the type of device used to process the data or whether the data is processed manually.

3. Storage symbols indicate the type of device used to store data while the system is not using it.

4. Flow and miscellaneous symbols may indicate:

   1. The flow of data and goods

   2. The beginning or end of the flowchart

   3. The location of a decision

   4. An explanatory note

A document flowchart shows the flow of documents and information among areas of responsibility in an organization.

DFD’s place a heavy emphasis on the logical aspects of a system  eenvoudiger.

Flowcharts place more emphasis on the physical characteristics of the system.

Week 3

Leer de fraudedriehoek goed!

Companies face four types of threats to their information systems:

• Natural and political disasters

• Software errors and equipment malfunction

• Unintentional acts

• Intentional acts (computer crime)

Fraud against companies may be committed by an employee or an external party (former and current employees [knowledgeable insiders]).

Treadway commission defined fraudulent financial reporting as intentional or reckless conduct, whether by act or omission, that results in materially misleading financial statements. Financial statements can be falsified to:

• Deceive investors and creditors

• Cause a company’s stock price to rise

• Meet cash flow needs

• Hide company losses and problems

Treadway Commission recommended four actions to reduce the possibility of fraudulent financial reporting:

1. Establish an organizational environment that contributes to the integrity of the financial reporting process.

2. Identify and understand the factors that lead to fraudulent financial reporting

3. Assess the risk of fraudulent financial reporting within the company

4. Design and implement internal controls to provide reasonable assurance that fraudulent financial reporting is prevented.

Three factors in the Fraud Triangle:

1. Pressure : druk van bijvoorbeeld familie, of om hypotheek af te betalen.

2. Opportunity: Iemand moet de kans hebben om het te doen (mogelijkheid)

3. Rationalization:  ‘t is niet zo erg, ze kunnen het wel missen, iedereen doet het.

Opportunity is the opening or gateway that alllows an individual to:

• Commit the fraud

• Conceal the fraud

• Convert the proceeds

Many computer frauds that are uncovered are not reported because of fear of:

• Adverse publicity

• Copycats

• Loss of customer confidence

Frauds can be categorized according to the data processing model:

• Input: Er is weinig kennis over computers nodig om met opzet foutieve gegevens in te voeren.

• Processor: Unauthorized system use.

• Computer instructions: Making illegal copies of company data, etc.

• Stored data: Altering or damaging a company’s data files.

• Output: Stealing/misusing system output

Certain measures can significantly decrease the potential for fraud and any resulting losses:

1. Make fraud less likely to occur

2. Increase the difficulty of committing fraud: segregation of authorization, Recording, Custody

3. Improve detection methods

4. Reduce fraud losses

Internal Control = the process implemented by the board of directors, management, and those under their direction to provide reasonable assurance that the following control objects are achieved:

• Assets (incl. data) are safeguarded

• Records are maintained in sufficient detail to accurately and fairly reflect company assets

• Accurate and reliable information is provided

• There is reasonable assurance that financial reports are prepared in accordance with GAAP

• Operational efficiency is promoted and improved

• Adherence to prescribed managerial policies is encouraged

• The organization complies with applicable laws and regulations

IC is a process because it permeates an organization’s operating activities and it is an integral part of basic management activities.

IC provides reasonable assurance because complete assurance is difficult or impossible to achieve and prohibitively expensive.

Internal controls perform 3 important functions:

1. Preventive controls

2. Detective controls

3. Corrective controls

General controls

Application controls

Sarbanes-Oxley Act (SOX 2002): applies to publicly held companies and their auditors.  COSO The report must contain a statement identifying the framework used. Management must disclose any and all material IC weaknesses. Management cannot conclude that the company has effective IC if there are any material weaknesses.

Frameworks:

COBIT || COSO || COSO’s Enterprise Risk Management (ERM)

COSO internal control framework:

• Defines IC

• Provides guidance for evaluating and enhancing IC-systems

• Widely accepted as the authority on IC’s

• Incorporated into policies, rules, and regulations used to control business activities

Five crucial components:

1. Control environment

2. Control activities

3. Risk assessment

4. Information and communication

5. Monitoring

COSO’s Enterprise Risk Management: COSO began investigating how to effectively identify, assess, and manage risk so that organizations could improve the risk management process  ERM

• Provide reasonable assurance that company objectives and goals are achieved and problems and surprises are minimized

• Achieve its financial and performance targets

• Assess risks continuously and identify steps to take and resources to allocate to overcome or mitigate risk

• Avoid adverse publicity and damage to the entity’s reputation

ERM issues: it has too narrow of a focus. Focusing on controls first has an inherent bias towards past problems and concerns, so  ERM

Leer 3 control activities met voorbeelden!

Control activities = policies, procedures, and rules that provide reasonable assurance that management’s control objectives are met and their risk responses are carried out:

1. Proper authorization of transactions and activities (General authorization and special auth.).

2. Segregation of duties (an employee should not be in a position to commit and conceal fraud or unintentional errors)  segregation of accounting duties and segregation of duties within the systems function.

3. Project development and acquisition controls

4. Change management controls = the process of making sure that the changes do not negatively affect: systems reliability, security, confidentiality, integrity and availability.

5. Design and use of documents and records

6. Safeguard assets, records, and data

7. Independent checks on performance  100e gestolen, maar staat niet in de boeken: wel onafhankelijke checks uitvoeren!!

Segregation of accounting duties:

1. Authorization = approving transactions and decisions

2. Recording = preparing source documents, maintaining journals, ledgers, preparing performance reports

3. Custody = handing cash, maintaining an inventory storeroom, receiving incoming customer checks, etc.

Als twee van de bovenstaande functies aan 1 persoon is toegewezen kunnen er problemen ontstaan. Als twee of meer mensen collude (samenwerken), dan ontstaat er ook een probleem.

Week 4

Information security and system reliability

Security is het fundament van systems reliability.

Systems reliability bestaat uit:

1. Security

2. Confidentially

3. Privacy

4. Processing integrity

5. Availability

Confidentiality:

• Encryption is a fundamental control procedure for protecting the confidentiality of sensitive information.

• Confidential information should be encrypted:

  • • While stored

    • Whenever transmitted

• It is critical to encrypt any sensitive information stored in devices that are easily lost or stolen, such as laptops, PDAs, cell phones, and other portable devices.

Privacy:

• The privacy principle is closely related to the confidentiality principle.

• Primary difference is that privacy focuses on protecting personal information about customers rather than organizational data.

• Key controls for privacy are the same that were previously listed for confidentiality.

Process integrity:

Three categories/groups of integrity controls:

• Input controls

• Processing controls

• Output controls

The following input controls regulate integrity of input:

• Forms design

  • Pre-numbered forms sequence test

  • Turnaround documents

• Cancellation and storage of documents

• Authorization and segregation of duties

• Visual scanning

Once data is collected, data entry control procedures are needed to ensure that it’s entered correctly. Common tests to validate input include:

• Field check

• Sign check

• Limit check

• Range check

• Size (or capacity) check

• Completeness check

• Validity check

• Reasonableness test

• Check digit verification

Additional online data entry controls:

• Online processing data entry controls include:

  • Automatic entry of data

  • Prompting

  • Pre-formatting

  • Closed-loop verification

  • Transaction logs

  • Error messages

• Processing controls to ensure that data is processed correctly include:

  • Data matching

  • File labels

  • Recalculation of batch totals

  • Cross-footing balance test

  • Write-protection mechanisms

  • Database processing integrity procedures

• Output Controls

  • Careful checking of system output provides additional control over processing integrity.

  • Output controls include:

    • User review of output

    • Reconciliation procedures

    • External data reconciliation

Availability:

Reliable systems are available for use whenever needed.

Threats to system availability originate from many sources, including:

• Hardware and software failures

• Natural and man-made disasters

• Human error

• Worms and viruses

• Denial-of-service attacks and other sabotage

Week 5

System development life cycle: whether systems changes are major or minor, most companies go through a systems development life cycle.
The five stages in the systems development life cycle are:

1. Systems analysis:

• • • Initial investigation

    • Systems survey

    • Feasibility study

    • Determination of information needs and system requirements

    • Delivery of systems requirements
       

2. Conceptual design: In the conceptual systems design phase, a general framework is created for implementing user requirements and solving the problems identified in the analysis phase. Elements:

• Output

• Data storage

• Input

• Processing procedures and operations
   

3. Physical design: During the physical systems design phase, the company determines how the conceptual AIS design is to be implemented.
   The broad, user-oriented requirements of conceptual design are translated into detailed specifications used to code and test computer programs. Phases:

• Designing output

• Creating files and databases

• Designing input

• Writing computer programs

• Developing procedures

• Building in controls
   

4. Implementation & conversion: Systems implementation is the process of installing hardware and software and getting the AIS up and running. Phases

• Developing a plan

• Preparing the site

• Installing and testing hardware and software

• Selecting and training personnel

• Completing documentation

• Testing the system

Conversion is the process of changing from the old AIS to the new. Elements:

• • • Hardware

    • Software

    • Data files

    • Procedures

5. Operation & maintenance. The last step in the SDLC is to operate and maintain the new system.

A post-implementation review should be conducted to ensure the new AIS meets its planned objectives.

Many people are involved in developing and successfully implementing an AIS, including:

• • • Top management

    • Accountants

    • The information systems steering committee

    • The project development team

    • Systems analysts

    • Computer programmers

    • External players

Top management’s role in systems development is to:

• • Provide support and encouragement a clear signal that user involvement is important.

  • Help align the systems with corporate strategies.

  • Establish system goals and objectives.

  • Review IS department performance and leadership.

  • Establish policies for project selection and organizational structure.

  • Participate in important systems decisions.

Accountants also play an important role in systems development:

• As AIS users, they must determine their information needs and systems requirements and communicate them to system developers.

• As members of project development teams or steering committees, they help management in the development process.

• They are also active in:

  • Designing system controls and monitoring and testing these controls.

  • Ensuring the system is easy to audit.

• Controls and “auditability” need to be built in early to minimize costs and inefficiencies later.

The project development team includes systems specialists, managers, accountants, auditors, and users whose responsibility is to guide development.

Their job:

• Plan each project.

• Monitor to ensure timely and cost-effective completion.

• Ensure the human element is considered.

• Communicate project status to top management and steering committee.

• Communicate and meet with users to:

• • Consider ideas

  • Discuss progress

  • Eliminate surprises

Canned software is sold on the open market to a broad range of users with similar requirements.

• Some companies sell hardware and software together as a package.

  • These systems are called turnkey systems.

  • Many are written by vendors who specialize in a particular industry.

A major problem with canned software:

• It often does not meet all of a company’s information needs.

• Can be overcome by modifying the canned software.

  • Usually best done by the vendor.

  • Unauthorized modifications may render the program unreliable and unstable.

Benefits of outsourcing:

• Provides a business solution

• Asset utilization

• Access to greater experience and more advanced technology

• Lower costs

• Improved development time

• Elimination of peaks-and-valleys usage

• Facilitation of downsizing

Risks of outsourcing:

• • Inflexibility

  • Loss of control

  • Reduced competitive advantage

  • Locked in system

  • Unfulfilled goals

  • Poor service

  • Increased risk

Week 6

Basisfuncties AIS:

• Het efficiënt en effectief verwerken van gegevens over de door een organisatie uitgevoerde transacties

  • registreren transactiedata op brondocumenten

  • verwerken data in dagboek

  • registreren data in (sub)grootboek

  • audit trail

• Het voorzien in de behoefte aan financiële stuurinformatie

Toegevoegde waarde AIS:

• Verbeteren van de kwaliteit en reduceren van de kosten van producten en diensten

• Bevorderen van efficiency en effectiviteit

• Bevorderen van de kwaliteit van de besluitvorming

• Verhogen van (het delen) van kennis in een organisatie

• Voorwaarde hierbij is natuurlijk dat de informatie:

• • relevant

  • betrouwbaar

  • compleet

  • begrijpelijk

  • tijdig

  • en verifieerbaar is

Waardekringloop: deze moet je uit je hoofd kennen!

Revenue Cycle Activities:

1. Sales order entry

2. Shipping

3. Billing

4. Cash collections

Expenditure Cycle:

1. Ordering materials, supplies, and services

2. Receiving materials, supplies, and services

3. Approving supplier invoices

4. Cash disbursements

Production Cycle Activities:

1. Product design

2. Planning and scheduling

3. Production operations

4. Cost accounting