What is an AIS?• Systems are almost always composed of smaller

subsystems, each performing a specific function supportive of the larger system.

• An accounting information system (AIS) consists of:– People– Procedures– Data– Software– Information technology

Functions of an AIS?• What important functions does the AIS

perform in an organization?1 It collects and stores data about activities

and transactions.2 It processes data into information that is

useful for making decisions.3 It provides adequate controls to safeguard

the organization’s assets.

Basic Subsystems in the AIS

ExpenditureCycle

HumanResources

ProductionCycle

RevenueCycle

FinancingCycle

General Ledger & Reporting System

Factors InfluencingDesign of the AIS

OrganizationalCulture

Strategy

InformationTechnology

AIS

The Value Chain• The ultimate goal of any business is to provide value

to its customers. A business will be profitable if the value it creates is greater than the cost of producing its products or services.

• The value chain concept can be extended by recognizing that organizations must interact with suppliers, distributors, and customers.

• An organization’s value chain and the value chains of its suppliers, distributors, and customers collectively form a value system.

The Value Chain

Primary Activities

InboundLogistics

OutboundLogistics

Operations

Marketingand Sales

Service

The Value Chain

Support Activities

Infrastructure

HumanResources

Technology

Purchasing

What is the Value of Information?

• The value of information is the benefit produced by the information minus the cost of producing it.

What is the Chart of Accounts?

• The chart of accounts is a list of all general ledger accounts used by an organization.

• It is important that the chart of accounts contains sufficient detail to meet the information needs of the organization.

Strategy and Strategic Positions

Two Basic Strategies

To be a lower-cost producer than competitors

To differentiate products and services fromcompetitors

11

System Documentation

• The most common systems documentation tools and techniques.1 Data flow diagrams2 Document flowcharts3 Computer system flowcharts4 Program flowcharts

File-Oriented Approach

Applicationprogram #2

Applicationprogram #1

File # 1

Item A Item B Item C

File # 2

Item B Item D Item E

Database Approach

Applicationprogram #3

Applicationprogram #2

Databasemanagement

system

Applicationprogram #1

Item A Item B Item C Item D Item E

Database

Database Approach versus File-Oriented Approach

Minimum data redundancy

Fewer data inconsistencies

Standardized data format

No duplicated processing or storage

Allows cross-functional data analyses

Central data management / data security

Lower cost

Databases

• Database management system (DBMS) is the program that manages and controls access to the database.

• Database system is the combination of the database, the DBMS, and the application program that uses the database.

• Database administrator (DBA) is the person responsible for the database.

Logical & Physical Views of Data

A major advantage of database systems over file-oriented systems is that the database systems separate the logical and physical view of data:– Logical view: It is how the user or programmer conceptually

organizes and understands the data.

– Physical view: It refers to how and where the data are physically arranged and stored on disk, tape, CD-ROM, or other media.

The DBMS controls the database so that users can access, query, or update it without reference to how or where the data are physically stored.

Relational Databases

• A data model is an abstract representation of the contents of a database.

• The relational data model represents everything in the database as being stored in the form of tables.

• Technically, these tables are called relations.• Each row in a relation, called a tuple, contains

data about a specific occurrence of the type of entity represented by that table.

Schemas

• What are schemas?

• A schema describes the logical structure of a database.

• There are three levels of schemas:1 Conceptual-level schema2 External-level schema3 Internal-level schema

Schemas

• The conceptual-level schema is an organization-wide view of the entire database.

• The external-level schema consists of a set of individual user views of portions of the database, also referred to as a subschema.

• The internal-level schema provides a low-level view of the database.

Schema Levels:

1. Conceptual

2. External

3. Internal

The Data Dictionary

• What is a data dictionary?– It contains information about the structure of

the database.

• For each data element stored in the database, such as the customer number, there is a corresponding record in the data dictionary describing it.

Basic Requirements of the Relational Data Model

1 Primary keys must be unique.2 Every foreign key must either be null or have a

value corresponding to the value of a primary key in another relation.

3 Each column in a table must describe a characteristic of the object identified by the primary key.

4 Each column in a row must be single-valued.5 The value in every row of a specific column must be

of the same data type.6 Neither column order nor row order is significant.

E-Business Interactions• E-business encompasses an

organization’s external interactions with its:– Suppliers– Customers– Investors– Creditors– The government– Media

Categories of E-Business

Type of E-Business Characteristics

Interactions between individuals & organizations:

B2C (Business to Consumers)

•Organization-individual

•Smaller dollar value

•One-time or infrequent transactions

•Relatively simple

Inter-organizational e-business:

B2B (Business to Business): B2G (Business to Government)

B2E (Business to Education)

•Inter-organizational

•Larger dollar value

•Established, on-going relationships

•Extension of credit by seller to customer

•More complex

Use of E-Business• E-business includes the use of IT to redesign its

internal processes.• For organizations in many industries, engaging in

e-business is a necessity.• Engaging in e-business in and of itself does not

provide a competitive advantage.• However, e-business can be used to more

effectively implement its basic strategy and enhance the effectiveness and efficiency of its value-chain activities.

E-Business Success Factors

• The degree to which e-business activities fit and support the organization’s overall business strategy.

• The ability to guarantee that e-business processes satisfy the three key characteristics of any business transaction– Validity

– Integrity

– Privacy

E-Business Success Factors

• Implementation of an EDI must overcome the following threats:– Choosing an inappropriate technology– Unauthorized system access– Tapping into data transmission– Loss of data integrity– Incomplete transactions– System failures

EncryptionThere are two principal types of encryption systems:

– Single-key systems: Same key is used to encrypt and decrypt the message

• Simple, fast, and efficient• Example: the Data Encryption Standard (DES) algorithm

– Public Key Infrastructure (PKI): Uses two keys:• Public key is publicly available and usually used to encode

message• Private key is kept secret and known only by the owner of that

pair of keys. Usually used to decode message

Types of Networks

• The private portion can be further divided into two subsets:

1 Local area network (LAN) — a system of computers and other devices, such as printers, that are located in close proximity to each other.

2 Wide area network (WAN) — covers a wide geographic area.

Types of Networks

• What is an Intranet?

• The term Intranet refers to internal networks that connect to the main Internet.

• They can be navigated with the same browser software, but are closed off from the general public.

• What are Extranets?

Company A

AISVPN

equipmentISP

Internet

Types of Networks

• Companies build a virtual private network (VPN) to improve reliability and security, while still taking advantage of the Internet.

Network Configuration Options

• Local area networks (LANs) can be configured in one of three basic ways:

1 Star configuration

2 Ring configuration

3 Bus configuration

Network Configuration Options

• Wide area networks (WANs) can be configured in one of three basic ways:

1 Centralized system

2 Decentralized system

3 Distributed data processing

Network Configuration Options

In a centralized WAN, all terminals and other devices are connected to a central corporate computer.

WAN Configuration:

1. Centralized

2. Decentralized

3. Distributed

Threats to AIS• Natural and political disasters:

– fire / heat / floods / earthquakes / winds / war

• S/W errors & Equipment Malfunctions:– H/W failures / power outages / data transmission errors

• Unintentional acts:– accidents / lost data / human & logic errors /systems that do

not meet company needs

• Intentional acts:– Sabotage / computer fraud / embezzlement

Internal Control Classifications

• The specific control procedures used in the internal control and management control systems may be classified using the following four internal control classifications:1 Preventive, detective, and corrective controls

2 General and application controls

3 Administrative and accounting controls

4 Input, processing, and output controls

COSO’s Internal Control Model Components

1 Control environment

2 Control activities

3 Risk assessment

4 Information and communication

5 Monitoring Performance

Principles of a Reliable System

1. Security of the system against unauthorized physical and logical access.

2. Availability of the system when needed.3. Processing Integrity – data is processed accurately,

completely, in a timely manner and with proper authorization.

4. Privacy – personal information about customers is collected, used, disclosed and maintained in an appropriate manner.

5. Confidentiality – sensitive information is protected from unauthorized disclosure.

Physical Access Controls

• How can physical access security be achieved? – placing computer equipment in locked rooms and

restricting access to authorized personnel

– having only one or two entrances to the computer room

– requiring proper employee ID

– requiring that visitors sign a log

– installing locks on PCs

Logical Access Controls

• Users should be allowed access only to the data they are authorized to use and then only to perform specific authorized functions.

• What are some logical access controls?– passwords

– physical possession identification

– biometric identification

– compatibility tests

Estimate Cost and Benefits• No internal control system can provide foolproof

protection against all internal control threats.

• The cost of a foolproof system would be prohibitively high.

• One way to calculate benefits involves calculating expected loss.

• The benefit of a control procedure is the difference between the expected loss with the control procedure(s) and the expected loss without it.

Expected loss = risk × exposure

Segregation of Duties Withinthe Systems Function

• Organizations must implement compensating control procedures.

• Authority & responsibility must be clearly divided among the following functions:1 Systems analysis

2 Programming

3 Computer operations

4 Users

5 AIS library

6 Data control

Segregation of Duties

Recording FunctionsPreparing source documents

Maintaining journalsPreparing reconciliations

Preparing performance reports

Custodial FunctionsHandling cash

Handling assetsWriting checks

Receiving checks in mail Authorization FunctionsAuthorization of

transactions

Disaster Recovery Plan

• Objectives:1 Minimize the extent of the disruption, damage, and

loss.

2 Temporarily establish an alternative means of processing information.

3 Resume normal operations as soon as possible.

4 Train and familiarize personnel with emergency operations.

General Controls• General controls ensure that overall computer

system is stable and well managed:1. Developing a security plan2. Segregation of duties within the systems function3. Project development controls4. Physical access controls 5. Logical access controls6. Data storage controls7. Data transmission controls8. Documentation standards9. Minimizing system downtime10. Disaster recovery plans11. Protection of personal computers & client/server networks12. Internet controls

Computer-Aided Software Engineering (CASE)

• CASE is an integrated package of computer-based tools that automate important aspects of the software development process.

• CASE tools are used to plan, analyze, design, program, and maintain an information system.

• They are also used to enhance the efforts of managers, users, and programmers in understanding information needs.