Professional Documents
Culture Documents
AIS Final Notes
AIS Final Notes
Requires a misrepresentation of a material fact, with an intent to deceive. There must be justifiable reliance by the victim party who
suffered an injury or loss.
4 types of AIS Threats:
Natural and Political Disaster
Software error and equipment malfunction
Unintentional Acts -logic errors, negligence (Greatest risk to information systems and causes greatest loss of dollars
Intentional Acts/Computer Crimes
Sabotage = An intentional act where the intent is to destroy a system or some of its components
Cookie – a text file created by a website and stored on a visitor’s hard drive. Cookies store information about who the user is and what the user has
done on the site.
Most fraud perpetrators are knowledgeable insiders with the requisite access, skills, and resources.
White-Collar Criminals = Typically, businesspeople who commit fraud. White-collar criminals usually resort to trickery or cunning, and their crimes
usually involve a violation of trust or confidence.
Corruption = Dishonest conduct by those in power which often involves actions that are illegitimate, immoral, or incompatible with ethical
standards. Examples include bribery and bid rigging.
Investment Fraud = misrepresenting or leaving out facts in order to promote an investment that promises fantastic profits with little or no risk.
Examples include Ponzi schemes and securities fraud
Misappropriation of Assets = Theft of company assets by employees
Fraudulent Financial Reporting = Intentional or reckless conduct, whether by act or omission, that results in materially misleading financial
statements.
Reduce By:
1. Establish an organizational environment that contributes to the integrity of the financial reporting process
2. Identify and understand the factors that lead to fraudulent reporting
3. Assess the risk of fraudulent financial reporting within the company
4. Design and implement internal controls to provide reasonable assurance of preventing fraudulent financial reporting.
3 Instances of ERP: production – handles daily activities; second for testing and development; third stored online as a backup to provide real-time
recovery if one of other two becomes corrupted
Sales Order: The document created during sales order entry listing the item numbers, quantity, prices, and terms of sale
Electronic data interchange (EDI) = The use of computerized communications and a standard coding scheme to submit business documents
electronically in a format that can be automatically processed by the recipient’s information system.
Credit limit = the maximum allowable credit account balance for each customer, based on past credit history and ability to pay
Accounts receivable aging report = a report listing customers account balances by length of time outstanding
Back order = A document authorizing the purchase or production of items that is created when there is insufficient inventory to meet customer
orders
Picking ticket = A document that lists the items and quantities ordered and authorizes the inventory control function to release that merchandise
to the shipping department
Customer relationship management system (CRM) = Software that organizes information about customers in a manner that facilitates efficient
and personalized service.
Packing slip – A document listing the quantity and description of each item included in a shipment
Bill of lading = A legal contract that defines responsibility for goods while they are in transit
Sale invoice = A document notifying customers of the amount of a sale and where to send payment
Open-invoice method = Method for maintaining accounts receivable in which customers typically pay according to each invoice
Remittance advice = A copy of the sales invoice returned with a customer’s payment that indicates the invoices, statements, or other item being
paid
Balance-forward method = Method of maintaining accounts receivable in which customers typically pay according to the amount shown on a
monthly statement, rather than by individual invoices. Remittances are applied against the total account balance, rather than specific invoices
Monthly statement = A document listing all transactions that occurred during the past month and informing customers of their current account
balance
Cycle billing = producing monthly statements for subsets of customers at different times
Credit memo = a document, approved by the credit manager, authorizing the billing department to credit a customer’s account
Remittance list = A document listing the names and amounts of all customer payments received in the mail
Lockbox = a postal address to which customers send their remittances
Electronic lockbox = a lockbox arrangement in which the bank electronically sends the company information about the customer account number
and the amount remitted as soon as it receives payment.
Electronic funds transfer (ETF) = the transfer of funds through use of online banking software
Financial electronic data interchange (FEDI) = The combination of EFT and EDI that enables both remittance data and fund transfer instructions to
be included in one electronic package
Universal Payment Identification Code (UPIC) = A number that enables customers to remit payment via ACH credit without requiring the seller to
divulge detail information about its bank
Cash Flow Budget = A budget that shows projected cash inflows and outflows for a specified period
Following Duties Should be Segregated
Handling cash or checks and posting remittances to customer accounts
Handling cash or checks and authorizing credit memos
Handling cash or checks and reconciling bank Statements
Expenditure Cycle
Expenditure cycle = A recurring set of business activities and related data processing operations associated with the purchase of and payment for
goods and services. Primary external exchange with suppliers/vendors. Tends to mirror revenue cycle. All expenditure cycle activities depend on
the integrated database that contains information about suppliers, inventory and purchasing activities
Activity Threat Control
General issues throughout 1. Inaccurate or invalid master data 1.1 Data processing integrity controls
entire expenditure cycle 2. Unauthorized disclosure of sensitive 1.2 Restriction of access to master data
information 1.3 Review of all changes to master data
3. Loss or destruction of data 2.1 Access controls – limit who can view
4. Poor Performance 2.2 Encryption of sensitive data
3.1 Backup and disaster recovery procedures
4.1 Managerial Reports
Ordering materials supplies 5. Stockouts and Excess Inventory 5.1 Perpetual inventory system
and services 6. Purchasing items not needed 5.2 Bar coding or RFID tags
Identifying what, when, 7. Purchasing at inflated prices 5.3 Periodic physical counts of inventory
and how much to 8. Purchasing goods of inferior quality 6.1 Perpetual inventory system
purchase 9. Unreliable suppliers 6.2 Review and approval of purchasing requisitions
Choosing from which 10. Purchasing from unauthorized 6.3 Centralized purchasing function
supplier to purchase suppliers 7.1 Price lists
o Consider price, 11. Kickbacks 7.2 Competitive bidding
quality, dependability 7.3 Review of purchasing orders
7.4 Budgets
8.1 Purchasing only from approved suppliers
8.2 Review and approval of purchases from new suppliers
8.3 Tracking and monitoring product quality by supplier
8.4 Holding purchasing managers responsible for rework and
scrap costs
9.1 Requiring suppliers to possess quality certification
9.2 Collecting and monitoring supplier delivery performance
data
10.1 Maintaining a list of approved suppliers and configuring the
system to permit purchase orders only to approved
suppliers
10.2 Review and approval of purchases from new suppliers
10.3 EDI-specific controls (access, review of orders, encryption,
policy)
11.1 Prohibit acceptance of gifts from suppliers
11.2 Job rotation and mandatory vacation
11.3 Requiring purchasing agents to disclose financial and
personal interests in suppliers
11.4 Supplier audits
Receiving Material supplies 12. Accepting unordered items 12.1 Requiring existence of approved purchase order prior to
and services 13. Mistakes in counting accepting any delivery
Receiving goods 14. Not verifying receipt of services 13.1 Do not inform receiving employees about quantity ordered
Transferring goods 15. Theft of inventory 13.2 Require receiving employees to sign receiving report
to inventory stores 13.3 Incentives
or departments 13.4 Use bar codes and RFID tags
13.5 Configuration of ERP system to flag discrepancies between
received and ordered quantities that exceed tolerance
threshold for investigation
14.1 Budgetary controls
14.2 Audits
15.1 Restriction of physical access to inventory
15.2 Documentation of all transfers of inventory between
receiving and inventory employees
15.3 Periodic physical counts of inventory and reconciliation to
record quantities
15.4 Segregation of duties: custody of inventory versus
receiving
Approving supplier Invoices 16. Errors in supplier invoices 16.1 Verification of invoice accuracy
17. Mistakes in posting to accounts 16.2 Requiring detailed receipts for procurement card
payable purchases
16.3 ERS
16.4 Restriction of access to supplier master data
16.5 Verification of freight bill and use of approved delivery
channels
17.1 Data entry edit controls
17.2 Reconciliation of detailed accounts payable records with
the general ledger control account
Cash disbursement 18. Failure to take advantage of 18.1 Filing of invoices by due date for discount
discounts for prompt payments 18.2 Cash flow budgets
19. Paying for items not received 19.1 Requiring that all supplier invoices be matched to
20. Duplicate payments supporting documents that are acknowledged by both
21. Theft of cash receiving and inventory control
22. Check alteration 19.2 Budgets (for service)
23. Cash flow problems 19.3 Requiring receipts for travel expenses
19.4 Use of corporate credit cards for travel expenses
20.1 Requiring a complete voucher package for all payments
20.2 Policy to pay only from original copies of suppler invoices
20.3 Canceling all supporting documents when payment is
made
21.1 Physical security of blank checks and check-signing
machine
21.2 Periodic accounting of all sequentially numbered checks by
cashier
21.3 Access controls to EFT terminals
21.4 Use of dedicated computer and browser for online banking
21.5 ACH block on accounts not used for payments
21.6 Separation of check-writing function from accounts
payable
21.7 Requiring dual signatures on checks greater than a
specified amount
21.8 Regular reconciliation of bank account with recorded
amounts by someone independent of cash disbursement
procedures
21.9 Restriction of access to supplier master file
21.10 Limiting the number of employees with ability to
create one-time suppliers and to process invoices from
one-time suppliers
21.11 Running petty cash as an imprest fund
21.12 Surprise audits of petty cash fund
22.1 Check-protection machines
22.2 Use of special inks and papers
22.3 “positive Pay” arrangements with banks
23.1 Cash Flow Budget
Economic order quantity (EOQ) = The optimal ordering size to minimize the sum of ordering, carrying, and stockout costs
Ordering Costs = all expenses associated with processing purchase transactions
Carrying Costs = those associated with holding inventory
Stockout Costs = those resulting from inventory shortages, such as lost sales or production delays
Recorder point = Specifies the level to which the inventory balance must fall before an order to replenish stock is initiated
Material requirements planning (MRP) = An approach to inventory management that seeks to reduce required inventory levels by improving the
accuracy of forecasting techniques to better schedule purchases to satisfy production needs
Just-In-Time (JIT) inventory System = A system that minimizes or virtually eliminates inventories by purchasing and producing goods only in
response to actual, rather than forecasted, sales
Purchase requisition = A document or electronic form that identifies the requistioner; specifies the delivery location and date needed; identifies
the item numbers, descriptions, quantity, and price of each item requested; and may suggest a supplier
Purchase order = A document that formally requests a supplier to sell and deliver specified products at designated prices. It is also a promise to pay
ad becomes a contract once the supplier accepts it
Blanket purchase order (Blanket Order) = A commitment to purchase specified items at designated prices from a particular supplier for a set time
period, often one year
AS2 Protocol – makes it possible for sender to encode and receiver to correctly decode purchase orders and other documents sent over the internet
Vendor-Managed Inventory (VMI) = Practice in which manufacturers and distributors manage a retail customer’s inventory using EDI. The supplier
accesses its customer’s point-of-sale system in order to monitor inventory and automatically replenish products when they fall to agreed-upon
levels.
Kickbacks = gifts given by suppliers to purchasing agents for the purpose of influencing their choice of suppliers
Receiving report = A document that records details about each delivery, including the date received, shipper, supplier, and quantity received
Debit memo = A document used to record a reduction to the balance due to a supplier
Voucher package = The set of documents used to authorize payment to a supplier. Consists of a purchasing order, receiving report, and supplier
invoice
Nonvoucher system = A method for processing accounts payable in which each approved invoice is posted to individual supplier records in the
accounts payable file and is then stored in an open invoice file. (Contrast with voucher system)
Voucher system = A method for processing accounts payable in which a disbursement voucher is prepared instead of posting invoices directly to
supplier records in accounts payable subsidiary ledger. The disbursement voucher identifies the supplier, lists the outstanding invoices, and
indicates the net amount to be paid after deducting any applicable discounts and allowances. (Contrasts with nonvoucher system)
Reduces number of checks that need to be written, prenumbered to simplify tracking, facilitates separating the time of invoice approval
from the time of invoice payment, making it easier to schedule both activities to maximize efficiency.
Disbursement voucher = A document that identifies the supplier, lists the outstanding invoices, and indicates the net amount to be paid after
deducting any applicable discounts and allowances.
Evaluation receipt settlement (ERS) = An invoice-less approach to accounts payable that replaces the three-way matching process (Supplier
Invoice, Receiving Report, Purchase Order) with a two-way match of the purchase order and receiving report
Procurement card = A corporate credit card that employees can use only at designated suppliers to purchase specific kinds of items
Imprest fund = A cash account with two characteristics: it is set at a fixed amount (such as $100) and vouchers are required for every disbursement.
At all times, the sum of cash plus vouchers should equal the preset fund balance.
Journal Voucher File = A file that stores all journal entries used to update the general ledger
Trial Balance = A report listing the balances of all general ledger accounts
Audit Trail = A path that allows a transaction to be traced through a data processing system from point of origin to output or backwards from
output to point of origin
XBRL = eXtensible Business Reporting Language is a variant of XML specifically designed for use in communicating the content of financial data
Instance Document = An XBRL file that contains tagged data (facts about specific financial statement line items, values and contextual information
such as measurement unit (dollar, euros, yen) and whether the value is for a specific point in time, or a period of time)
Element = A specific data item in an XBRL instance document, such as a financial statement line item
Taxonomy = A set of XBRL files that define elements and the relationship among them
Schema = An XBRL file that defines every element that appears in a specific instance document
Linkbase = One or more XBRL files that define the relationships among elements found in specific instance documents
Reference linkbase = identifies relevant authoritative pronouncements for that element (GAAP IFRS)
Calculation linkbase = specifies how to combine elements
Definition linkbase – indicates hierarchical relationships among elements
Presentation linkbase = describes how to group elements
Label linkbase = associates human readable labels with elements
Style Sheet = An XBRL file that provides instructions on how to display/render an instance document on either a computer screen or printed report
Extension Taxonomy = A set of custom XBRL tags to define elements unique to the reporting organization that are not part of the standard
generally accepted taxonomies for that industry
Responsibility Accounting = A system of reporting financial results on the basis of managerial responsibilities within an organization
Flexible Budget = A budget in which the amounts are stated in terms of formulas based upon actual level of activity
Balance Scorecard = A management report that measures four dimensions of performance: Financial, internal operations, innovation and learning,
and customer perspective of the organization
Activity Threat Control
General issues throughout entire 1. Inaccurate or invalid general 1.1 data processing integrity controls
general ledger and reporting cycle ledger data 1.2 Restriction of access to general ledger
2. Unauthorized disclosure of 1.3 Review of all changes to general ledger data
financial statement 2.1 Access controls – limit functions that can be performed by
3. Loss or destruction of data each manager, and at each terminal to what is needed to
do that individuals job.
2.2 Encryption
3.1 Backup and disaster recovery procedures
Update General Ledger 4. Inaccurate updating of 4.1 data entry processing integrity controls
Consists of postings journal entries general ledger 4.1.1 validity check – ensure account exists for each
that originate from accounting 5. Unauthorized journal entries account number
subsystems (summary Entries) or 4.1.2 field check = amount field contains only numeric data
the treasurer(direct entries) 4.1.3 zero balance check = verify debits equal credits
4.1.4 closed-loop verification = matches account number
with account description
4.1.5 Completeness check – ensures all pertinent data are
entered, especially source of entry
4.1.6 Sign check – verify balance of the account once
updated is of the appropriate nature (debit vs credit)
4.1.7 Run-to-run totals – verify accuracy of journal voucher
batch processing
4.2 reconciliation and control reports – trial balance
4.3 audit trail creation and review
5.1 Access Controls
5.2 Reconciliation and control reports
5.3 Audit trail creation and review
Post adjusting entries 6. Inaccurate adjusting entries 6.1 Data entry processing integrity control
Originate in controller’s office after 7. Unauthorized adjusting 6.2 spreadsheet error protection controls
initial trial balance has been prepared. entries 6.3 standard adjusting entries
5 basic categories 6.4 reconciliations and control reports
Accruals = entries made at end of 7.1 Access controls
accounting period to reflect events 7.2 Reconciliations and control reports
that have occurred but for which 7.3 Audit trail creation and review
cash has not yet been received or
disbursed
Deferrals = entries made at the
end of the accounting period to
reflect the exchange of cash prior
to performance of the related
event
Estimates = entries that reflect a
portion of expenses expected to
occur over a number of accounting
periods
Revaluations = entries made to
reflect either differences between
actual and recorded value of an
assets, or a change in accounting
principles
Corrections = entries made to
counteract the effects of errors
found in the general ledger
Prepare financial statements 8. Inaccurate financial 8.1 Processing integrity controls
statements 8.2 Use of packaged software
9. Fraudulent financial 8.3 Training and experience in applying IFRS and XBRL
reporting 8.4 Audits
9.1 Audits
Produce Managerial Reports 10. Poorly designed reports and 10.1 responsibility accounting
graphs 10.2 Balanced Scorecard
10.3 Training on proper graph design