What is an AIS? Systems are almost always composed of smaller subsystems, each performing a specific...
Transcript of What is an AIS? Systems are almost always composed of smaller subsystems, each performing a specific...
What is an AIS?• Systems are almost always composed of smaller
subsystems, each performing a specific function supportive of the larger system.
• An accounting information system (AIS) consists of:– People– Procedures– Data– Software– Information technology
Functions of an AIS?• What important functions does the AIS
perform in an organization?1 It collects and stores data about activities
and transactions.2 It processes data into information that is
useful for making decisions.3 It provides adequate controls to safeguard
the organization’s assets.
Basic Subsystems in the AIS
ExpenditureCycle
HumanResources
ProductionCycle
RevenueCycle
FinancingCycle
General Ledger & Reporting System
Factors InfluencingDesign of the AIS
OrganizationalCulture
Strategy
InformationTechnology
AIS
The Value Chain• The ultimate goal of any business is to provide value
to its customers. A business will be profitable if the value it creates is greater than the cost of producing its products or services.
• The value chain concept can be extended by recognizing that organizations must interact with suppliers, distributors, and customers.
• An organization’s value chain and the value chains of its suppliers, distributors, and customers collectively form a value system.
The Value Chain
Primary Activities
InboundLogistics
OutboundLogistics
Operations
Marketingand Sales
Service
The Value Chain
Support Activities
Infrastructure
HumanResources
Technology
Purchasing
What is the Value of Information?
• The value of information is the benefit produced by the information minus the cost of producing it.
What is the Chart of Accounts?
• The chart of accounts is a list of all general ledger accounts used by an organization.
• It is important that the chart of accounts contains sufficient detail to meet the information needs of the organization.
Strategy and Strategic Positions
Two Basic Strategies
To be a lower-cost producer than competitors
To differentiate products and services fromcompetitors
11
System Documentation
• The most common systems documentation tools and techniques.1 Data flow diagrams2 Document flowcharts3 Computer system flowcharts4 Program flowcharts
File-Oriented Approach
Applicationprogram #2
Applicationprogram #1
File # 1
Item A Item B Item C
File # 2
Item B Item D Item E
Database Approach
Applicationprogram #3
Applicationprogram #2
Databasemanagement
system
Applicationprogram #1
Item A Item B Item C Item D Item E
Database
Database Approach versus File-Oriented Approach
Minimum data redundancy
Fewer data inconsistencies
Standardized data format
No duplicated processing or storage
Allows cross-functional data analyses
Central data management / data security
Lower cost
Databases
• Database management system (DBMS) is the program that manages and controls access to the database.
• Database system is the combination of the database, the DBMS, and the application program that uses the database.
• Database administrator (DBA) is the person responsible for the database.
Logical & Physical Views of Data
A major advantage of database systems over file-oriented systems is that the database systems separate the logical and physical view of data:– Logical view: It is how the user or programmer conceptually
organizes and understands the data.
– Physical view: It refers to how and where the data are physically arranged and stored on disk, tape, CD-ROM, or other media.
The DBMS controls the database so that users can access, query, or update it without reference to how or where the data are physically stored.
Relational Databases
• A data model is an abstract representation of the contents of a database.
• The relational data model represents everything in the database as being stored in the form of tables.
• Technically, these tables are called relations.• Each row in a relation, called a tuple, contains
data about a specific occurrence of the type of entity represented by that table.
Schemas
• What are schemas?
• A schema describes the logical structure of a database.
• There are three levels of schemas:1 Conceptual-level schema2 External-level schema3 Internal-level schema
Schemas
• The conceptual-level schema is an organization-wide view of the entire database.
• The external-level schema consists of a set of individual user views of portions of the database, also referred to as a subschema.
• The internal-level schema provides a low-level view of the database.
Schema Levels:
1. Conceptual
2. External
3. Internal
The Data Dictionary
• What is a data dictionary?– It contains information about the structure of
the database.
• For each data element stored in the database, such as the customer number, there is a corresponding record in the data dictionary describing it.
Basic Requirements of the Relational Data Model
1 Primary keys must be unique.2 Every foreign key must either be null or have a
value corresponding to the value of a primary key in another relation.
3 Each column in a table must describe a characteristic of the object identified by the primary key.
4 Each column in a row must be single-valued.5 The value in every row of a specific column must be
of the same data type.6 Neither column order nor row order is significant.
E-Business Interactions• E-business encompasses an
organization’s external interactions with its:– Suppliers– Customers– Investors– Creditors– The government– Media
Categories of E-Business
Type of E-Business Characteristics
Interactions between individuals & organizations:
B2C (Business to Consumers)
•Organization-individual
•Smaller dollar value
•One-time or infrequent transactions
•Relatively simple
Inter-organizational e-business:
B2B (Business to Business): B2G (Business to Government)
B2E (Business to Education)
•Inter-organizational
•Larger dollar value
•Established, on-going relationships
•Extension of credit by seller to customer
•More complex
Use of E-Business• E-business includes the use of IT to redesign its
internal processes.• For organizations in many industries, engaging in
e-business is a necessity.• Engaging in e-business in and of itself does not
provide a competitive advantage.• However, e-business can be used to more
effectively implement its basic strategy and enhance the effectiveness and efficiency of its value-chain activities.
E-Business Success Factors
• The degree to which e-business activities fit and support the organization’s overall business strategy.
• The ability to guarantee that e-business processes satisfy the three key characteristics of any business transaction– Validity
– Integrity
– Privacy
E-Business Success Factors
• Implementation of an EDI must overcome the following threats:– Choosing an inappropriate technology– Unauthorized system access– Tapping into data transmission– Loss of data integrity– Incomplete transactions– System failures
EncryptionThere are two principal types of encryption systems:
– Single-key systems: Same key is used to encrypt and decrypt the message
• Simple, fast, and efficient• Example: the Data Encryption Standard (DES) algorithm
– Public Key Infrastructure (PKI): Uses two keys:• Public key is publicly available and usually used to encode
message• Private key is kept secret and known only by the owner of that
pair of keys. Usually used to decode message
Types of Networks
• The private portion can be further divided into two subsets:
1 Local area network (LAN) — a system of computers and other devices, such as printers, that are located in close proximity to each other.
2 Wide area network (WAN) — covers a wide geographic area.
Types of Networks
• What is an Intranet?
• The term Intranet refers to internal networks that connect to the main Internet.
• They can be navigated with the same browser software, but are closed off from the general public.
• What are Extranets?
Company A
AISVPN
equipmentISP
Internet
Types of Networks
• Companies build a virtual private network (VPN) to improve reliability and security, while still taking advantage of the Internet.
Network Configuration Options
• Local area networks (LANs) can be configured in one of three basic ways:
1 Star configuration
2 Ring configuration
3 Bus configuration
Network Configuration Options
• Wide area networks (WANs) can be configured in one of three basic ways:
1 Centralized system
2 Decentralized system
3 Distributed data processing
Network Configuration Options
In a centralized WAN, all terminals and other devices are connected to a central corporate computer.
WAN Configuration:
1. Centralized
2. Decentralized
3. Distributed
Threats to AIS• Natural and political disasters:
– fire / heat / floods / earthquakes / winds / war
• S/W errors & Equipment Malfunctions:– H/W failures / power outages / data transmission errors
• Unintentional acts:– accidents / lost data / human & logic errors /systems that do
not meet company needs
• Intentional acts:– Sabotage / computer fraud / embezzlement
Internal Control Classifications
• The specific control procedures used in the internal control and management control systems may be classified using the following four internal control classifications:1 Preventive, detective, and corrective controls
2 General and application controls
3 Administrative and accounting controls
4 Input, processing, and output controls
COSO’s Internal Control Model Components
1 Control environment
2 Control activities
3 Risk assessment
4 Information and communication
5 Monitoring Performance
Principles of a Reliable System
1. Security of the system against unauthorized physical and logical access.
2. Availability of the system when needed.3. Processing Integrity – data is processed accurately,
completely, in a timely manner and with proper authorization.
4. Privacy – personal information about customers is collected, used, disclosed and maintained in an appropriate manner.
5. Confidentiality – sensitive information is protected from unauthorized disclosure.
Physical Access Controls
• How can physical access security be achieved? – placing computer equipment in locked rooms and
restricting access to authorized personnel
– having only one or two entrances to the computer room
– requiring proper employee ID
– requiring that visitors sign a log
– installing locks on PCs
Logical Access Controls
• Users should be allowed access only to the data they are authorized to use and then only to perform specific authorized functions.
• What are some logical access controls?– passwords
– physical possession identification
– biometric identification
– compatibility tests
Estimate Cost and Benefits• No internal control system can provide foolproof
protection against all internal control threats.
• The cost of a foolproof system would be prohibitively high.
• One way to calculate benefits involves calculating expected loss.
• The benefit of a control procedure is the difference between the expected loss with the control procedure(s) and the expected loss without it.
Expected loss = risk × exposure
Segregation of Duties Withinthe Systems Function
• Organizations must implement compensating control procedures.
• Authority & responsibility must be clearly divided among the following functions:1 Systems analysis
2 Programming
3 Computer operations
4 Users
5 AIS library
6 Data control
Segregation of Duties
Recording FunctionsPreparing source documents
Maintaining journalsPreparing reconciliations
Preparing performance reports
Custodial FunctionsHandling cash
Handling assetsWriting checks
Receiving checks in mail Authorization FunctionsAuthorization of
transactions
Disaster Recovery Plan
• Objectives:1 Minimize the extent of the disruption, damage, and
loss.
2 Temporarily establish an alternative means of processing information.
3 Resume normal operations as soon as possible.
4 Train and familiarize personnel with emergency operations.
General Controls• General controls ensure that overall computer
system is stable and well managed:1. Developing a security plan2. Segregation of duties within the systems function3. Project development controls4. Physical access controls 5. Logical access controls6. Data storage controls7. Data transmission controls8. Documentation standards9. Minimizing system downtime10. Disaster recovery plans11. Protection of personal computers & client/server networks12. Internet controls
Computer-Aided Software Engineering (CASE)
• CASE is an integrated package of computer-based tools that automate important aspects of the software development process.
• CASE tools are used to plan, analyze, design, program, and maintain an information system.
• They are also used to enhance the efforts of managers, users, and programmers in understanding information needs.