Upgrade to remove ads
Only $2.99/month

Accounting Systems EXAM 1

Terms in this set (93)

Data
facts stored in the system
Information
result of accumulation of data that can be used in decision making

Valuable when the benefits exceed the costs of gathering, maintaining and storing the data
System
two or more interrelated components that interact to achieve a goal, often composed of subsystems that support the larger system
Transaction
an agreement between two entities to exchange goods or service;

any other event that can be measured in economic terms by an organization
Business Process
The major give-get exchanges that occur frequently in most companies
Revenue Cycle
where goods and services are sold for cash or a future promise to receive cash;

give goods - get cash
Expenditure Cycle
where companies purchase inventory for resale or raw materials to use in producing products in exchange for cash or a future promise to pay cash;

give cash - get goods/raw materials
Production or Conversion Cycle
where raw materials are transformed into finished goods;

give labor
- get finished goods
give raw materials
Human Resources/Payroll Cycle
where employees are hired, trained, compensated, evaluated, promoted and terminated;

give cash - get labor
Financing Cycle
where companies sell shares in the company to investors and borrow money; and where investors are paid dividends and interest is paid on loans;

give cash - get cash
Components of an Accounting Information System (6)
1. The PEOPLE who use the system
2. The PROCEDURES AND INSTRUCTIONS used to collect, process, and store data
3. The DATA about the organization and its business activities
4. The SOFTWARE used to process the data
5. The INFORMATION TECHNOLOGY INFRASTRUCTURE, including the computers, peripheral devices and network communications devices used in the AIS
6. The INTERNAL CONTROLS AND SECURITY MEASURES that safeguard AIS data
AIS Business Functions (3)
1. COLLECT ans store data about organizational activities, resources and personnel
2. TRANSFORM data into information so management can plan, execute, control and evaluate activities, resources and personnel.
3. PROVIDE adequate CONTROLS to safeguard the organization's assets and data
QUIZ: What is the major difference between the revenue and the expenditure cycle?
In the revenue cycle, cash is received; in the expenditure cycle, cash is paid out
QUIZ: All transaction cycles feed information directly into the........
General ledger and reporting system
QUIZ: What are the steps apart of the data processing cycle?
-Data storage
-Data input
-Data processing
-Information output


NOT:
-Feedback from external sources
QUIZ: Data must be collected about three facts of each business activity. What are they?
-Each activity of interest
-The resources affected by each activity
-The people who participate in each activity
QUIZ: Businesses usually use some type of documents in the data input step of the data processing cycle. Documents that are sent to customers or suppliers and then sent bank to the organization in the course of a business transaction are known as:
Turnaround documents
Data Processing Cycle
The four operations (data input, data storage, data processing, information output) performed on data to generate meaningful and relevant information
Source Documents
Documents used to capture transaction data at its source - when the transaction takes place

Example:
Sales orders, purchase orders, employee time cards
Turnaround Documents
Records of company data sent to an external party and then returned to the system as input

Example:
Utility bill
Source Data Automation
The collection of transaction data in machine-readable form at the time and place of origin

Example:
ATMS, point-of-sale terminals, scanners
Audit Trail
A traceable path of a transaction through a data processing system from point of origin to final output, or backward from final output to point of origin;

It is used to check the accuracy and validity of ledger postings
Entity
The item about which information is stored in a record

Example:
Employee, inventory item, customer
Attributes
The properties, identifying numbers and characteristics or interest of an entity that is stored in a database

Example:
Employee number, pay rate, name, address
Field
The proportion of a data record where the data value for a particular attribute is stored;

Cell in an Excel worksheet
File
A group of related records

Example:
Payroll records of all employees
Master File
A permanent file of records that stores cumulative data about an organization, like a ledger in a manual AIS
Transaction File
A file that contains records of individual business transactions that occur during a specific time, like a journal in a manual AIS
Database
A set of interrelated, centrally coordinated files that are stored with as little data redundancy as possible
Batch Processing
Accumulating transaction records into groups or batches for processing at a regular interval such as daily or weekly. The records are usually sorted numerically or alphabetically before processing
Real Time Processing
The computer system processes data immediately after capture and provides updated information to users on a timely basis
We perform four operation on data - CRUD
Creating new records
Reading existing data
Updating previous record or data
Deleting data
Enterprise Resource Planning (ERP)
A system that integrates ALL aspects of an organization's activities into one system

modular
Advantages of an ERP system
- Provides an integrated, enterprise-wide, single view of the organization's data and financial situation, breaking down inter-company barriers

- Data input is captured or keyed once

- Management has greater visibility to monitor and employees more efficient because can access data from inside and outside their department

- Consolidates multiple permissions and security models into a single data access structure

- Procedures and reports are standardized across business units; especially valuable for mergers and acquisitions

- Customer service improves because employees can quickly access orders, available inventory, shipping information and past customer transactions

- Manufacturing plants receive new orders in real time, automation of plants leads to increased productivity
Disadvantages of an ERP System
- Cost

- Amount of time required to incorporate system; ERP implementations have a high risk of project failure

- Changes to business processes; failure to map current business processes to existing ERP software is a main cause of ERP project failures

- Complexity

- Resistance
FLOWCHART
FLOWCHART
Threat / Event
Any potential adverse occurrence or unwanted event that could injure the AIS or the organization
Exposure / Impact
The potential dollar loss should a particular threat become a reality
Internal Controls
The processes and procedures to provide reasonable assurance that control objectives are met
COSO
Committee of Sponsoring Organizations

A private-sector group consisting of the American Accounting Association, the AICPA, the Institute of Internal Auditors, the Institute of Management Accountants, and the Financial Executives Institute;

Issued the Internal Control-Integrated Framework
FCPA
Foreign Corrupt Practices Act

Legislation passed to prevent companies from bribing foreign officials to obtain business; also requires all publicly owned corporations maintain a system of internal accounting controls
SOX
Sarbanes-Oxley Act

Legislation intended to prevent financial statement fraud, make financial reports more transparent, provide protection to investors, strengthen internal controls at public companies and punish executives who perpetrate fraud
Three important functions of internal controls...
Preventive
Detective
Corrective
Two categories of internal controls
General controls
Application controls
Five components of COSO's internal control model
1. Control environment

2. Control activities

3. Risk assessment

4. Information and communication

5. Monitoring
Risk Assessment and Response
Accept
Avoid
Share
Reduce
Financial justification for implementing controls
Expected loss = exposure * risk
Segregation of Duties
Three functions to be segregated:

1. Authorization
2. Recording
3. Custody
QUIZ: Which of the following is NOT a reason for the increase in security problems for AIS?
Increasing efficiency resulting from more automation
QUIZ: An adverse or unwanted event that could occur is referred to as a... ?
Threat
QUIZ: There are different types of internal controls available to an organization. The type of controls that deters problems before they arise are called.....?
Preventative controls
QUIZ: Corrective controls remedy problems discovered with detective controls. What is NOT a corrective control procedure?
Deter problems before they arise
QUIZ: The COSO control model has five crucial components. Which of the following is NOT one of them?
Compliance with federal, state or local laws
Authentication
Verifying the identity of the person or device attempting to access the system
Authorization
The process of restricting access to specific portions of the systems and limited what actions they are permitted to perform
Biometric identifier
Physical or behavioral characteristic that is used as an authentication credential
CIRT
Computer Incident Response Team

Team that is responsible for dealing with major security problems

Recognition -> Containment -> Recovery -> Follow-Up
Defense-in-Depth
Employing multiple layers of controls to avoid a single point-of-failure
Firewall
*
Hardening
Process of modifying the default configuration of endpoints to eliminate unnecessary settings and services;

taking unneeded features out
Intrusion detection system
System that creates logs of all network traffic that was permitted to pass the firewall and then analyzes those logs for signs of attempted or successful intrusions;

Only a warning alert
Intrusion prevention system
Software or hardware that monitors patterns in the traffic flow to identify and automatically block attacks;

Real time response to attacks
Multifactor authentication
Used of two or more types of authentication credentials in conjunction to achieve a greater level of security
Multimodel authentication
The use of multiple authentication credentials of the same type to achieve a greater level of security
Penetration Test
Authorized attempt to break into the organization's information systems network
Physical access controls
*
Router
*
TCP/IP
Transmission Control Protocal / Internet Protocal

How computers interact with each other in a network
CIRT process
***************
Five Categories of the Trust Services Framework
1. Security - access to the system and its data is controlled and restricted to legitimate users

2. Confidentiality - sensitive organizational information is protected from unauthorized disclosure

3. Privacy - personal information about customers, employees, suppliers or business partners is collected, used, discovered and maintained only in compliance with internal policies and external regulatory requirements and is protected from unauthorized disclosure

4. Processing Integrity - data are processed accurately, completely, in a timely manner and only with proper authorization

5. Availability - the system and its information are available to meet operational and contractual obligations
P > D + C
Time based model of security.

P = Time it takes an attacker to break through preventative controls

D (detect) = Time it takes to detect an attack is in progress

C (correct) = Time it takes to respond to the attack and take corrective action
Which of the following is a preventative control?
Training
Which of the following is a detective control?
Penetration testing
Which of the following techniques is the most effective way for a firewall to use to protect the perimeter?
Deep packet inspection
Which of the following combinations of credentials is an example of mulitfactor authentication?
Pin and ATM card

The PIN is somethings the person KNOWS, the ATM card is something the person HAS
QUIZ: Preventative controls require two related functions, which are........?
Authentication and authorization
Asymmetric encryption
Uses two keys, Private and Public
Ciphertext
Unreadable text due to encryption
Encryption
****
Hashing
Transforming plaintext of any length into a short code

Fixed short text

Cannot be transformed back into plaintext

Used to verify copies of documents
NDA
non disclosure agreement??????
Symmetric encryption
*
VPN
Virtual private network

Securely transmits encrypted data between the sender and receiver
Five Steps that must be taken to preserve confidentiality [T.I.R.E.D.]
1. Identify and classify the information to be protected

2. Encrypt the information

3. Control access to the information

4. Train employees to properly handle the information
CAN-SPAM
Applies to commercial e-mail, defined as any e-mail that has the primary purpose of advertising or promotion

Key Provisions:

- The sender's identity must be clearly displayed in the header of the message

- The subject field in the header must clearly identify the message as an advertisement or solicitation

- Body of message must include a link to opt-out. Once requested to opt-out, has to comply within 10 days
QUIZ: Which of the following is true of a VPN?
Used to encrypt information as it traverses the Internet. It also uses SSL and IPSec to give employees remote access to the corporate network and incorporates encryption to securely connect two offices
QUIZ: The first step in preserving confidentiality of critical data is to........?
Identify the confidential / sensitive information and where it resides
Incremental backup
Involves copying only the data items that have changed since the last PARTIAL backup;

Produced a set of incremental backup files
Differential backup
Involves copying all changes made since the last FULL backup;

Except for the first day following a full backup, daily differential backups take longer than incremental backups
RAID
Redundant Arrays of Independent Drives

A fault tolerance technique that records data on multiple disk drives instead of just one to reduce the risk of data loss;

Thus if one fails, the data can be accessed from another
Cross-footing balance test
A processing control which verifies accuracy by comparing two alternative ways of calculating the same total
Zero-balance test
A processing control that verifies that the balance of a control account equals zero after all entries to it have been made
QUIZ: An organization's recovery time objective is.......?
Based on how long an organization believes it can function without its information systems
YOU MIGHT ALSO LIKE...