Accounting information systems study notes

Week 1 Lecture 1
Data and information

Characteristics that make information useful

1. Relevant -Information needed to make a decision.
2. Reliable-Information free from bias.
3. Complete -Does not omit important aspects of event or activities.
4. Timely information-Information needs to make in time to make a decision.
5. Understandable-Information must be presented in a meaningful manner.
6. Verifiable-Two individual people can produce the same conclusion.
7. Accessible- available are when needed.

Accounting information systems in value chain and databases

AIS- Stores, collects, records and processes data to produce information for decision making.

Interaction between AIS and external and internal parties.

How does an AIS add value to an organisation?
1. Reducing operating costs
2. Improving efficiency
3. Increase in knowledge.
4. Supply chain strengthening
5. Improved internal control structure.
6. Improved decision making

Isolated Accounting system

1. Safeguard accounting data
2. Analyse accounting data
3. Store accounting data

Integrated enterprise system

Value and Supply chain

Value chain-Value chain activities are primary and support activities.
Primary-Activities that provide direct value to customers.
Support-Activities that support primary activities for efficiency and effectiveness.

Supply chain-An extended system that includes the value chain as well as its distributors,
suppliers, and creditors.
Business processes and transaction cycles

Baseline Accounting system with transaction cycles

Accounting information systems study notes

Week 2 Lecture 2
Strategy for competitive advantage
A company that has the following:
 An edge over competitors
 Superior margins
 Value
 Difficult or impossible to replicate.

VRIO Framework

Source of competitive
advantage
Porters five forces of competitive advantage

1. Threat of new entrants-The threat of new companies and ideas infiltrating the
market and gravitating serious market share.
2. Threat of internal competition-The threat of competitors offering similar
products/services for an improved perceive value.
3. Threat of alternatives-The threat of further competitors offering alternative
products and services for the same need.
4. Customer bargaining power-When the customer is in few, and the market is
saturated with similar products (Price war results).
5. Supplier bargaining power- When the supplier market is saturated, and
companies have a wide array to choose from.

Key strategies for competitive advantage

Broad market
 Cost leadership
 Differentiation
Narrow segments
 Focus
Examples of competitive advantages
  Ease of use
 Experience
 Trade secrets
 Patents/trademarks
 Natural resources
 Technology
 Innovation
 Personal touch
 Scale
 Sustainability
 Brand equity
 Ambassadors
 Supply chain and logistics

Upcoming advantages
 Supplier and customer intimacy
 CSR

Information systems and business strategy

Effects of the internet of things on competitive advantage

 Intensify competitive rivalries.
 Increased customer bargaining power (Low switching costs)
 Opportunities to create sand enlarge customer base.

IT influences firm level vale chain.

IT influence
intra firm processes
  Improve synergies. -Pooling of resources between companies
 Improve knowledge sharing as a core competency. -Encourages sharing between
business units

Network based strategies.

 Takes advantage of network economies-The cost of adding another participant
is negligible but marginal gain is higher.
 Creates virtual organisations. -Uses networks to link ideas, assets to create and
distribute products/services.
 Business ecosystem-Keystone firms that dominate and create platforms used
by niche forms.

Business and IT alignment

It and business alignment can be described as the integration of IT with a firm’s strategy,
mission and goals.

IT driving and enabling relationships.

IT alignment framework

Six characteristics of excellent business-IT alignment

1. Engine of innovation
2. CRM is of supreme importance.
3. Integrate all employees from departments to strength the core values and to align
business expectations.
4. SMART goals
5. IT employees understand the businesses financial position.
6. Vibrant and inclusive company culture

Business process and Information systems

 Business process- a activity(s) that adds value to the organisation.
 BP elements-Input, output, resources
 Objectives- Efficiency and effectiveness

Business process improvement (BPI)

Five bases of BPI
1. Define
2. Measure
3. Analyse
4. Improve
5. Control

Business process management (BPM)

Five bases of BPM
1. Imitation
2. Development
3. Implementation
 4. Controlling
5. Optimising

Business process reengineering

Radical redesign of the whole business

Industry best practices

 Created by consulting companies, research organisations, government body’s and
industry associations.

Accounting information systems study notes

Week 3 Lecture 3

Overview of ERM
The Core Information Systems

Enterprise resource planning

ERP Systems, Business Processes and Best Practice

-An ERP system is a set of computer program modules that attempts to integrate the different
functional areas of the organization.

-An ERP is designed based on best practice – the best way of performing a particular process.

ERP stands for Enterprise Resource Planning.

Goal: improve and streamline internal business processes.
Customer Relationship
Management CRM
Operational CRM Systems

Two Major Components

Customer-facing applications
Customer touching applications
Operational CRM Systems provide the following benefits: Efficient, personalized marketing,
sales, and service
A 360-degree view of each customer.

The ability of sales and service employees to access a complete history of customer
interaction with the organization, regardless of the touch point.

Interact directly with customers.

- Sales

 -  Field service

 -  Customer call centres and reps

Customer-Facing Applications

 Customer Service and Support

  Sales Force Automation (SFA) • Marketing • Campaign Management

Customer Interact directly with technology and applications.

Customer-Touching Applications

Search and Comparison Capabilities Technical and Other Information and Services
Customized Products and Services Personalized web pages
FAQs
E-mail and Automated Response
Loyalty Programs

Provides business intelligence by analysing customer.

behaviours and perceptions

Copyright © 20110 John Wiley & Sons, Inc. All rights reserved.

Front-office business processes.

Better knowledge of customers

Better segmentation

Better customer retention

Better anticipation of needs

Better communication
Better protection of data privacy

Benefits of CRM

CRM and business strategy?

 Better customer knowledge and anticipation of needs

 Customer intimacy Differentiation

 Segmentation

 Focus

 Better communication

 Many strategies, esp reputation/brand/based/CSR- based strategies.

 Customer retention

 All strategies, esp differentiation and focus

 Protection of data privacy

 All strategies

Supply Chain Management SCM

The Structure of Supply Chains

Upstream Internal Downstream

The Components of Supply Chains

The Flows in the Supply Chain

Tiers of suppliers Material flows Information flows

Financial Flows

Procurement Distribution

Five Basic Processes of Supply Chain Management

Differentiation Focus Customer Intimacy Cost leadership

Two Basic Strategies of SCM

Benefits of SCM

Select and partner with high quality

suppliers.

Help with modifications in internal product

design and innovation.

Evaluate and analyse your historical data for insights.

Adapt to changing markets and customer demands.

Tracking raw materials and finished inventory.

Key take away points:

SCM stands for Supply Chain Management.

Goal: improve coordination between participants of the supply chain.

(suppliers, distributors, manufacturers, etc.) .

Accounting information systems study notes

Week 4 Lecture 4
Control activities, business processes and accounting

• Errors can occur in the financial reporting process.

• Auditing standards are the basis of external financial statement audits.

• Primary concern is the financial accuracy of the statements.

• For an accountant working with a AIS, the concern extends beyond financial to non-
financial risks and controls.

Internal controls as part of enterprise risk management

 Applying internal controls involves an evaluation of assertions coupled with a risk

assessment.

 Once risk has been identified, the extent needs to be evaluated.

 After identifying risks, policies, and procedures to address the risks will be
implemented – these policies are called control activities.

Types of control activities

Australian Auditing Standard ASA 315 classifies controls into five types:

 Authorisation

 Performance reviews

 Information processing controls

  Physical controls

 Segregation of duties

Types of control activities

1. Authorisation:
• Activities and procedures to assure transactions and events are carried out by those with the
higher clearance. Set defined roles, responsibilities, and adherence mechanisms for
individuals within the organisation.

2. Performance reviews: Review or analysis of performance

3. Information processing controls:

Work towards the accuracy, completeness, and authorisation of transactions.

4. Accuracy: data entered is correct and reflects actual recorded events.

Completeness: all events are recorded. General controls: policies and procedures that
support applications and application controls. Application controls: manual or automated
procedures, at business process level, related to the processing of transactions by individual
applications.

5. Physical controls: Controls put in place to physically protect the resources of the
organisation, including protecting them from the risk of theft or damage.

6. Segregation of duties: Certain key functions should not be performed by the same person.
Applies across the IT systems within the organisation.

Preventive, detective, and corrective controls

Preventive controls are designed to prevent errors or irregularities. For example: password,
required fields, a firewall or an input control preventing a data error.

Detective controls will not prevent errors, but instead alert those using the system to Detect
errors. For example: virus software scan.

Corrective controls are designed to correct an error or irregularity after it has occurred.
• For example: disaster recovery plan or virus protection software.

This classification scheme of preventive, detective and corrective controls can be applied
to both general and application controls.

Where control activity takes place

 Input controls: operate as data ____ the system. Address accuracy, validity, and
completeness.
  Processing controls: ensure correct ________ of data e.g., making sure data is
correctly updated in the various data stores.

 Output controls: protect outputs generated by the process e.g., how outputs are
prepared.

Input, processing, and output controls operate within a business process and are
designed based on the particular risks present within the process – they are
application controls.

Controls for a Computerised AIS

Aims of a computerised accounting information system

Proper authorisation
• User privileges, access rights, user restrictions, approval over threshed
Proper recording
• Records right type and format, reflect the reality of the underlying transaction or
event.

• E.g. Input accuracy

Completeness
• at individual transaction and business process level
Timeliness
• Processing does not need to occur immediately – need to suit organisational needs

• Batch/online real-time processing/ Online data gathering and batch processing

General controls

General controls are those that relate across all the information systems in an organisation.

 PHYSICAL CONTROLS

 SEGREGATION OF DUTIES

 USERACCESS

 SYSTEMS DEVELOPMENT PROCEDURES

  USER AWARENESS OF RISKS

 DATASTORAGEPROCEDURES.

General controls

Physical controls are concerned with restricting access to the physical resources.

Major concern is who has physical access.

 Organisations employ a range of physical controls:

 Locked computing premises.

 Discrete premises that do not attract attention.

 Swipe card access.

 Biometric access controls.

 Onsite security.

 Security cameras to record access to the premises.

General controls

Segregation of duties:

 The separating of employee duties and to prevent fraud.

 Between the users of IT, the maintainers of the IT systems, system designers, system
testers and those with access to the data.

User access:

 Logical access of users to the systems within the organisation.

 E.g., use of passwords and a unique identification code to restrict system access.

General controls

Systems development procedures:

  MAINTENANCE AND DEVELOPMENT OF DIFFERENT INFORMATION
SYSTEMS.

 REQUIRES POLICIES, PROCEDURES AND RESTRICTIONS.

 Different user privileges, such as the system administrator.

 Preventive control: assurance that untested or incompatible software and

software that has not been appropriately reviewed or licensed will not be
placed on the system.

General controls

User awareness of risks:

• SECURITY EDUCATION TRAINING AND AWARENESS PROGRAMS TO

ENSURE EMPLOYEES ARE AWARE OF:

 Information system risks.

 Security threats and issues.

 Organisational security policies.

 The policies for detection of fraud.

General controls

Data storage procedures:

• INFORMATION ABOUT CUSTOMERS, STAFF AND INTELLECTUAL
PROPERTY

IS STORED ON SERVERS→
• If released it could financially and non-financially consequences.

 Controls: data access logs, restriction of user privileges

and encryption of stored data.

 MAJOR RISKS ASSOCIATED WITH CLOUD STORAGE:

 Inability to audit and monitor at file level.

 Inability to access the internet to access data.

  Unresolved security issues include data security, network security, data
integrity, web application security and so on.

• Controls: schedule backups (batch or real time).

General controls

Security policies:
• Information security policies to protect electronic.

resources.
• Document an organisation’s approach to security. • Usually by following a framework
and/or standard.

• Should be understood and used by all users.

Application controls

Application controls:

• Built around the operation of a particular process.

• Relate to the key system stages of:

• INPUT
• PROCESSING • OUTPUT.

Application controls

Input controls:

• Standardised forms.

• Pre-numbering documents.

• Sequence checks.

• Turnaround documents:

• Automated form completion.

  Transaction authorisation procedures.

 Batch totals.
• Independent reviews.

Application controls

Processing controls:
• AIM TO ENSURE THAT DATA WITHIN THE SYSTEM IS

CORRECTLY AND ACCURATELY PROCESSED.

 Run-to-run totals.

 Reconciliations.

 Batch totals.

 Sequence checks.

 Hash totals.

Application controls

Output controls:
• PROTECTACCESSTODIGITALOUTPUTS

(SEGREGATION OF DUTIES).

• Examples: access privileges, ability to generate reports, page numbering of reports and end-
of- report footers; integrated ERP system

• PHYSICALCONTROL.

• Example: confidential information should not be printed on a printer accessible by all staff.

• DATABASEQUERIES: DETECTINGIRREGULARITIESOR ANOMALIES.

• Example: queries of credit return to detect cash/AR fraud

Disaster control plan

Disaster recovery plans

Disaster types:
• Terrorism e.g., September 11.
• Natural disasters e.g., fire or flood, cyclones.
• Online operations e.g., web server going down.

Disaster recovery plan: the strategy that will be put into action, in the event of a disaster that
disrupts normal operations, ____________as soon as possible and _________that relate to its
processes.

Disaster recovery plans COMPONENTS

• Hot site • Cold site

• Evacuation staff: present at the location of the disaster.

• Access staff: after the disaster.

 Key employees in the recovery plan need to be contactable:

 Contact and staff responsibilities, role/s and reporting plan; drills; remote site staff.

• Extranets

• Need to consult with such partners and related bodies when developing plans

Limitations of internal control

The limitations of controls

Threats to an organisation’s objectives:

 Judgement error

 Unexpected transactions: designers of a control system cannot predict every possible

outcome and every future event.
  Collusion: when two or more people conspire to jointly commit a fraud.

 Management override: controls are only effective if management is ethical.

and responsible in promoting ‘good’ behaviour.

 Weak internal controls: controls that are poorly designed or weak.

 Conflicting signals: possibility that different signals are being sent by management to
employees.

An internal control system does not provide 100% assurance that an organisation’s
objectives will be achieved:

The limitations of controls

Additional threats to internal controls include:

 Management incompetence: incompetence at the top can flow down and impact on
the remainder of the organisation.

 External factors: external factors beyond our control that can have dramatic impacts
on an organisation e.g., natural disasters.

 Fraud: working around internal controls for personal gain.

 Regulatory environment: changes in the regulatory environment can

impact the way that organisations operate.

 Information technology: in a constant state of flux e.g., threats from viruses.

Key take away points.

Accounting and control activities was inter-related.

Types of controls based on how to deal with risk and where control activity takes place.

Aims of a computerised AIS

The components and importance of a disaster recovery plan were discussed.

Internal control is not foolproof, it is prone to risks and limitations.

.

Fresh foods should use SCM to address its challenges. Based off the information provided the
business has stated they are facing issues regarding its supply chain efficiency. This has led to
a reduced delivery success rate which has reduced customer satisfaction. SCM should be
integrated as it is the first issue to arise. Therefore, by eradicating the issue using SCM it will
act as a response to the logistical issue and a preventative issue for further customer
dissatisfaction. SCM involves establishing close relationships with suppliers and establishing
new production and logistical chains to better suit the forecast expansion of the business.
Fresh food has clear problems with meeting delivery time. This implies that its current
production facilities are either to small and not located near customers or perhaps both.
Therefore, Fresh food must consider expanding its manufacturing facilities or to solely invest
in new areas that are nearer to multiple suppliers. It is likely that Fresh foods current
suppliers are facing the same geographical constraint as the Fresh food. This relationship is
simply a survival relationship and will affect Fresh food’s ability to grow into the future. By
seeking a new manufacturing hub in an ideal location, a business in need of expansion and
radical redesign will be able to establish a bargaining power with new suppliers, therefore it
is clear that SCM can be utilised to eradicate the problem if Fresh foods moves its majority
manufacturing capacity to new preferred locations.