AIS Notes
AIS Notes
AIS Notes
Journal voucher
- source of input to the general ledger.
- Used to represent summaries of similar transactions
or a single unique transaction
- Identifies the financial amounts and affected general
ledger (GL) accounts
Controlling the GL/FRS
GLS DATABASE
- The Sarbanes-Oxley legislation requires that
1. General ledger master file - principal file in the GLS
management design and implement controls over the
database; based on the organization’s published chart of
financial reporting process. This includes the
accounts.
transaction processing systems that feed data into the
2. General ledger history file - same format as the GL
FRS
master; provide historical financial data for comparative
financial reports. The Potential Risks to the FRS
3. Journal voucher file - total collection of the journal 1. A defective audit trail
vouchers processed in the current period 2. Unauthorized access to the general ledger
4. Journal voucher history file – contains journal vouchers 3. GL accounts that are out of balance with subsidiary
for past periods accounts
5. Responsibility center file - Contains the revenues, 4. Incorrect GL account balances because of unauthorized or
expenditures, and other resource utilization data for each incorrect journal vouchers
responsibility center in the organization
6. Budget master file - Contains budgeted amounts for SAS 78/COSO INTERNAL CONTROL FRAMEWORK
revenues, expenditures, and other resources for control environment
responsibility centers. risk assessment,
information and communication
Financial reporting system
monitoring
- system that produces traditional financial statements,
control activities
such as income statements, balance sheets,
statements of cash flows, tax returns, and other TRANSACTION AUTHORIZATION
reports required by law. - It is vital to the integrity of the accounting records that
- nondiscretionary/ mandatory. Nondiscretionary the journal vouchers be properly authorized by a
reporting is a type of reporting in which the responsible manager at the source department.
organization has few or no choices in the information
it provides. Segregating of Duties
Individuals with access authority to GL accounts should not:
Financial reporting procedure 1. Have record-keeping responsibility for special journals or
- Financial reporting is the final step in the overall subsidiary ledgers.
accounting process that begins in the transaction 2. Prepare journal vouchers.
cycles. 3. Have custody of physical assets.
- The process begins with a clean slate at the start of a
new fiscal year. Access Controls
- Only the balance sheet consisting of permanent - Unauthorized access to the GL accounts can result in
accounts are carried forward from the previous year. errors, fraud, and misrepresentations in financial
statements. SOX legislation explicitly addresses this
area of risk by requiring organizations to implement
controls that limit database access to authorized
individuals only.
Accounting Records
The GL and other files that constitute the audit trail should be
detailed and rich enough to:
INDEPENDENT VERIFICATION
XBRL (Extensible Business Reporting Language) Provide proof of the accuracy of the independent verification
- The internet standard specifically designed for step:
business reporting and information exchange. Its 1. Journal voucher listing - provides relevant details about
objective is to facilitate the publication, exchange, and each journal voucher posted to the GL
processing of financial and business information 2. GL change report - presents the effects of journal
voucher postings to the GL accounts.
XML (Extensible Markup Language)
- metalanguage for describing markup languages INTERNAL CONTROL IMPLICATIONS OF XBRL
1. Taxonomy creation - Controls must be designed and put
“Extensible” - any markup language can be created using
in place to ensure the correct generation of XBRL
XML
taxonomies.
2. Taxonomy mapping error - Correctly generated XBRL
tags may be incorrectly assigned to internal database
accounts resulting in material misrepresentation of evaluating the performance of subordinates against
financial data. standards
3. Validation of instance documents - Independent Measuring performance is difficult because sound
verification procedures need to be established to validate decisions with long-term benefits may negatively
the instance documents to ensure that appropriate impact the short-term bottom line.
taxonomy and tags have been applied before posting to a 4. Operational control decisions:
Web server. deal with routine tasks
narrower focus, dependent on details
MANAGEMENT REPORTING SYSTEM
highly structured
- Produce financial and nonfinancial information
needed by management to “plan, evaluate, control” short time frame
- Usually seen as discretionary reporting 3 basic elements or steps:
- Can argue that Sarbanes-Oxley requires MRS (1) set attainable standards
- MRS provide a formal means for monitoring the (2) evaluate performance
internal controls (3) take corrective action
Ethics
- the principles of conduct that individuals use in
making choices and guiding their behavior in
situations that involve the concepts of right and
wrong.
Business Ethics
Involves finding the answers to:
(1) How do managers decide what is right in
conducting their business?
(2) Once managers have recognized what is right,
how do they achieve it?
Why make ethical decisions? Business
organizations have conflicting responsibilities to their
employees, shareholders, customers, and the public.
MAJOR DECISION = CONSEQUENCE TO
CONSTITUENTS
In seeking a balance between these consequences is
the managers’ ethical responsibility which is guided by
POS Control Issues the principle of PROPORTIONALITY.
Authorization
Supervision
Access control
Accounting records
Independent verification
Computer Ethics
- the analysis of the nature and social impact of
computer technology and the corresponding
formulation and justification of policies for the ethical
use of such technology with concerns such as
software, hardware, networks and computers.
3 LEVELS OF COMPUTER ETHICS
(1) POP - exposure to stories and reports found in
the popular media regarding the good/bad
ramifications of computer technology
(2) PARA - involves taking a real interest in
computer ethics cases and acquiring some level
of skill and knowledge in the field
(3) THEORETICAL - interest to multidisciplinary
researchers who apply the theories of philosophy,
sociology and psychology to computer science
with the goal of bringing some new understanding
to the field
FRAUD
- denotes a false representation of a material fact made
by one party to another party with the intent to THE PERPETRATORS OF FRAUDS
deceive and induce the other party to justifiable rely According to the ACFE fraud study conducted, the
on the fact to his/her detriment. opportunity factor explains much of the financial loss
Fraud in the business environment differential in each of the demographic categories.
- an intentional deception, misappropriation of a individuals in the highest positions are beyond the
company’s assets, or manipulation of a company’s internal control structure and have the greatest
financial data to the advantage of the perpetrator. In access to company funds and assets
accounting literature, fraud is commonly known as women are not fundamentally more honest than men,
white-collar crime, defalcation, embezzlement, and but men occupy high corporate positions in greater
irregularities. numbers than women. Thus, men have greater
FRAUDULENT ACT MUST MEET THE FOLLOWING FIVE (5) access to assets
CONDITIONS: older employees tend to occupy higher-ranking
(1) False representation – there must be a false statement positions in their organizations and therefore have
or a nondisclosure greater access to company finds and other assets
(2) Material fact – a fact must be a substantial factor in when individuals in critical positions collude, they
inducing someone to act create opportunities to control or gain access to
(3) Intent – intent to deceive or the knowledge that one’s assets that otherwise would not exist
statement is false FRAUD SCHEMES
(4) Justifiable reliance – misrepresentation must have been 1. Fraudulent statements - These are associated with
a substantial factor on which the injured party relied management fraud. The financial statement
(5) Injury or loss – deception must have caused injury or loss misrepresentation must itself bring direct or indirect
to the victim of the fraud financial benefit to the perpetrator.
Employee fraud UNDERLYING PROBLEMS:
- Fraud by non-management employees Lack of auditor independence
- a generally design to directly convert cash or other Lack of executive independence
assets to the employee’s personal benefit Questionable executive compensation schemes
3 STEPS OF EMPLOYEE FRAUD Inappropriate accounting practices
(1) stealing something of value (an asset) 2. Corruption - involves executive, manager, or employee of
(2) converting the asset to a usable form (cash) the organization in collusion with an outsider
(3) concealing the crime to avoid detection Bribery - involves giving, offering, soliciting, or
receiving things of value to influence an official in the
Management fraud performance of his or her lawful duties
- more insidious than employee fraud because it often Illegal gratuities - involves giving, receiving, offering,
escapes detection until the organization has suffered or soliciting something of value because of an official
irreparable damage or loss. act that has been taken.
3 DEFINING CHARACTERISTICS Economic extortion – the use (or threat) of force
(1) The fraud is perpetrated at levels of management (including economic sanctions) by an individual or
above the one to which internal control structures organization to obtain something of value.
generally relate. Conflict of interest - occurs when an employee acts
(2) The fraud frequently involves using the financial on behalf of a third party during the discharge of his or
statements to create an illusion that an entity is her duties or has self-interest in the activity being
healthier and more prosperous than, in fact, it is. performed.
(3) If the fraud involves misappropriation of assets, it 3. Asset misappropriation
frequently is shrouded in a maze of complex Skimming – involves stealing cash from n
business transactions, often involving related organization before it is recorded on the
third parties. organization’s books and records.
Cash larceny - which cash receipts are stolen from an
THREE (3) FACTORS OF FRAUD TRIANGLE
organization after they have been recorded in the
organization's books and records
BILLING SCHEMES - also known as vendor fraud, are
perpetrated by employees who cause their employer to issue a
payment to a false supplier (vendor) by submitting invoices for
fictitious goods or services, inflated invoices, or invoices for
personal purchases.
PAYROLL FRAUD - distribution of fraudulent paychecks to SARBANES – OXLEY & INTERNAL CONTROL
existent and/ or nonexistent employees. REQUIREMENT - requires management of public
companies to implement an adequate system of internal
EXPENSE REIMBURSEMENT - schemes in which an controls over their financial reporting process
employee makes a claim for reimbursement of fictitious or SECTION 302 - requires corporate management
inflated business expenses. (including CEO) certify the organization’s internal controls
on a quarterly and annual basis.
THEFTS OF CASH - schemes that involve the direct theft of
SECTION 304 - requires the management of public
cash on hand in the organization.
companies to assess the effectiveness of the
NON-CASH MISAPPROPRIATION - schemes that involve the organization’s internal controls
theft or misuse of the victim organization’s noncash assets.
Annual Report of the Following Points:
COMPUTER FRAUD - important to auditors because computer 1. A statement of management’s responsibility for
lie at the heart of modern accounting information systems. establishing and maintaining adequate internal control
2. An assessment of the effectiveness of the company’s
INTERNAL CONTROL CONCEPTS internal controls over financial reporting
Four (4) Broad Objectives: 3. A statement that the organization’s external auditors have
(1) To safeguard assets of the firm issued an attestation report on management’s assessment
(2) To ensure the accuracy and reliability of accounting of the company’s internal controls
records and information 4. An explicit written conclusion as to the effectiveness of
(3) To promote efficiency in the firm’s operations internal control over financial reporting
(4) To measure compliance with management’s prescribed 5. A statement identifying the framework used in the
policies and procedures assessment of internal controls.
Modifying Assumptions COSO (Committee of Sponsoring Organizations of the
Management Responsibility - establishment and Treadway Commission)
maintenance of a system of internal control is a (1) Control environment - the foundation for the other four
management responsibility control components
Reasonable Assurance - internal control system should (2) Risk assessment - organizations must perform a risk
provide reasonable assurance that the four broad assessment to identify, analyze, and manage risks
objectives of internal control are met in a cost-effective relevant to financial reporting.
manner (3) Information & communication - the accounting
Methods of Data Processing - internal controls should information system consists of the records and methods
achieve the four broad objectives regardless of the data used to initiate, identify, analyze, classify, and record the
processing method used organization’s transactions and to account for the related
Limitations - the possibility of error circumvention assets and liabilities
management override changing conditions (4) Monitoring - the process by which the quality of internal
control design and operation can be assessed.
INTERNAL CONTROL SYSTEM (5) Control activities - policies and procedures used to
PURPOSE: Mitigate risk ensure that appropriate actions are taken to deal with the
a shield that protects the firm’s assets from numerous organization’s identified risks. (IT controls & Physical
risks including: unauthorized access, fraud, errors, faulty controls)
computer programs, and malicious acts.
Destruction of Assets (Physical & Information) Transaction authorization
Theft of Assets - its purpose is to ensure that all material transactions
Corruption of Information processed by the information system are valid and in
Disruption of the Information System accordance with management’ objectives.
SUPERVISION - implementing adequate segregation
of duties requires that a firm employ a sufficiently
large number of employees
ACCESS CONTROL - its purpose is to ensure that
only authorized personnel have access to the firm’s
asset
ACCOUNTING RECORD - consist of source
documents, journals, and ledgers
INDEPENDENT VERIFICATION - verification
procedures are independent checks of the accounting
system to identify errors and misrepresentations.
INPUT CONTROLS
- verification procedures are independent checks of the
accounting system to identify errors and
misrepresentations.
Check digit
Missing data check
Numeric alphabetic check
Limit check
Range check
Reasonableness check
Validity check
Check digit
- data codes are used extensively in transaction
processing system for representing such things as
customer accounts, items of inventory, and GL
accounts in the chart of accounts