Financial Information System

1. Why is business finance important?

Finance plays a central role in a business, so financial information does as well. Without money a
business could not exist: it could not pay its expenses, it could not acquire inventory, and it could not
employ labor. It would not want to exist: businesses exist to make money, that is, a profit. All businesses
require a level of finance to get started, and then a balance of money coming in and going out in order
to stay in existence. Businesss finances play an important, indeed, central role in what it does.
Most of a business's stakeholders have finance at stake in the business; shareholders and
lenders obviously invest directly in the business, but in addition managers' and other employees'
personal finances depend on it, suppliers need to be paid by it, customers depends on it for
goods and services that will in turn support their finances, and the government wants tax
revenue from it
The primary objective of a business is a financial one: to make money for shareholders (to
increase their wealth by creating shareholder value)
Finance is a separate function in the organizational structure of most businesses
How much finance the business needs and how this can be raised often determine the legal
form it takes
Together with its competitive strategy and its investment strategy, the business's financial
strategy is central to its overall corporate strategy
Businesses are exposed to financial risks of various kinds and must find ways of managing these
risks Because of the central importance of finance in a business it follows that information on
the business's finances will be needed.
2. Uses and types of financial information
Businesses and managers require financial information for:
Planning
Controlling
Recording transactions
Performance measurement
Decision making



2.1.1 Planning
Once a decision has been made, say on what competitive strategy to follow, it is necessary to plan how
to implement the steps necessary to make it effective. Planning requires knowledge of, among other
things, available resources, possible time-scales for implementation and the likely outcome under
alternative scenarios.
2.1.2 Controlling
Once a plan is implemented, its actual performance must be controlled. Information is required to
assess whether implementation is proceeding as planned or whether there is some unexpected
deviation from plan. It may consequently be necessary to take some form of corrective action.
2.1.3 Recording transactions
Information about each transaction or event is required for a number of reasons.
Documentation of transactions can be used as evidence in a case of dispute
There may be a legal requirement to record transactions, for example for accounting and audit purposes
Detailed information on production costs can be built up, allowing a better assessment of profitability
The efficiency of labour utilised in providing a particular service can be measured
2.1.4 Performance measurement
Just as individual operations need to be controlled, so overall performance must be measured in order
to enable comparisons of the actual outcome with the plan. This may involve collecting information
on,for example, costs, revenues, volumes, time-scale and profitability.
2.1.5 Decision making
Information is required as a basis on which to make informed decisions. This completes the full circle of
the business management process.

2.2 Type of information
Information can be classified according to the use to which it is put. The same type of information will
note provided to a front-line manager of a team of machine operatives as to the board of directors. This
is because the front-line manager needs to know how many operatives can be employed on one shift,
for instance, while the board of directors want to know whether enough skilled operatives can be
available in the medium-term to resource increased production of a successful new product.
Information can thus be classified as follows.
Planning information helps people involved in the planning process
Operational information helps people carry out their day-to-day activities, eg how many
operatives are needed on one shift
Tactical information helps people deal with short-term issues and opportunities, eg monthly
variance reports for the factory
Strategic information supports major long-term decision-making, eg can resources be made
available to expand production?
3 Qualities of good information
Quality Example
Accurate Figures should add up, the degree of rounding should be appropriate, there should be
no typographical errors, items should be allocated to the correct category, and assumptions
should be stated for uncertain information (no spurious accuracy).
Complete Information should include everything that it needs to include, for example external
data if relevant, or comparative information.
Cost-beneficial It should not cost more to obtain the information than the benefit derived from
having it. Providers of information should be given efficient means of collecting and analyzing it.
Presentation should be such that users do not waste time working out what it means.
User-targeted the needs of the user should be borne in mind, for instance senior managers may
require summaries, whereas junior ones may require detail.
Relevant Information that is not needed for a decision should be omitted, no matter how
'interesting' it may be.
Authoritative The source of the information should be a reliable one
Timely The information should be available when it is needed.
Easy to use Information should be clearly presented, not excessively long, and sent using the
right medium and communication channel (e-mail, telephone, hard-copy report etc).
4.1 What are data and information?
These two terms are often used interchangeably and it is useful at this point to make sure you are clear
about the distinction between them.
Definition
Data (plural; singular is 'datum'): Distinct pieces of information, which can exist in a variety of forms as
numbers or text on pieces of paper, as bits or bytes stored in electronic memory, or as facts stored in a
person's mind.
Information: The output of whatever system is used to process data. This may be a computer system,
turning single pieces of data into a report, for instance.
4.2 Internal data sources
Capturing data/information from inside the organization involves the following.
A system for collecting or measuring transactions data for example sales, purchases, inventory
etc which sets out procedures for what data is collected, how frequently, by whom, and by
what methods, and how it is processed, filed or communicated.
Informal communication of information between managers and staff (for example, byword-of-
mouth or at meetings).
Communication between managers.

Inside the business, data/information comes from the following internal sources.
The accounting records: sales ledgers, purchase ledgers, general ledgers and cash books etc hold
information that may be of great value outside the finance function, for example, sales
information fort he marketing function. To maintain the integrity of its accounting records, a
business operates controls over transactions. These also give rise to valuable information. An
inventory control system,
Human resources and payroll records, holding information on people, their skills and
aspirations, and so on
Machine logs and computer systems in production/operations containing information about
machine capacity, fuel consumption, movement of people, materials, and work in progress, set
up times, maintenance requirements and so on
Timesheets in service businesses, notably accountants and solicitors, containing data on the
time spent on various activities, both to justify fees to clients and to assess the efficiency and
profitability of operations
Staff. Information may be obtained either informally in the course of day-to-day business or
throughmeetings, interviews or questionnaires
4.3 External data sources
Capturing data information from outside the business may be formal or informal.
Formal collection of data from outside sources includes the following.
A business's tax specialists will gather information about changes in tax law and how this will
affect the business-VAT
Obtaining information about any new legislation on health and safety at work, or employment
regulations, must be the responsibility of a particular person who must then pass on the
information to managers affected by it
Research and development (R&D) work often relies on information about other R&D work being
done by another business or by government institutions
Marketing managers need to know about the opinions and buying attitudes of potential
customers.


To obtain this information, they carry out marketing research exercises
Informal gathering of information from the environment goes on all the time, consciously or
unconsciously, because the employees of an organization learn what is going on in the world around
them perhaps from the internet, newspapers, television reports, meetings with business associates or
the trade press.
A business's files (paper and computerized) include information from external sources such as invoices,
letters, e-mails, advertisements and so on received from customers and suppliers. Sometimes additional
external information is required, requiring an active search outside the business.
The following sources may be identified.
The internet
The government
Advice or information bureau, such as Reuters or Bloomberg
Consultancies of all sorts
Newspaper and magazine publishers
Specific reference works which are used in a particular line of work
Libraries and information services
The systems of other businesses via electronic data interchange (EDI)
5 Information processing
In the information processing system data is input, processed and then output as information.
Information processing needs to be complete, accurate, timely, inalterable, verifiable and assessable

5.1 How is data/information processed?
Definition
Information processing: Data once collected is converted into information for communicating more
widely within the business. To be effective, information processing should meet the following criteria:
Completeness Everything that needs to be processed should be processed.
Accuracy Processing should be done so that the data remains true to its sources, and the
information produced contains no errors.
Timeliness Processing should occur in line with data availability and information needs, which
means real time (instantaneously) in many cases.
Inalterability The process should be open to neither unauthorized intervention whilst in action
nor alteration once completed (this aids accuracy and security).
Verifiability The sources of the data and the trail from data through processing to information
should be capable of being followed through.
Assess ability The effectiveness of the processing should be open to scrutiny so that its quality
can be judged.
5.2 Information systems
Just as materials and labor are processed into outputs by the business's production or operations
system, so are data processed into information by the business's information systems.
Definitions
A system: A set of interacting components that operate together to accomplish a purpose.
A business system: A collection of people, machines and methods organized to accomplish a set of
specific functions.
Information systems (IS): All systems and procedures involved in the collection, storage, production and
distribution of information.
Information technology (IT): The equipment used to capture, store, transmit or present information. IT
provides a large part of the information systems infrastructure.

A system has three component parts: inputs, processes and outputs. Other key characteristics of a
system are the environment and the system boundary
Information system

1. The data input may be output from other systems: for example, the output from transactions
2. Processing system forms the input for a management information system (as we shall see)
Processing transforms input data into output information. There is not necessarily a clear
relationship between the number of inputs to a process and the number of outputs
3. Output information is the result of the processing
4. A system boundary separates the information system from its environment. For example, the
marketing information system and the accounting information system are generally separate,
but there may be an interface between the two systems to allow the exchange of resources.
There may also be interfaces between internal and external information systems, for instance
between a processing system and the sales system of its major suppliers
Anything which is outside the system boundary belongs to the system's environment and not to the
system itself. A system accepts inputs from the environment and provides outputs into the
environment. The parts of the environment from which the system receives inputs may not be the same
as those to which it delivers outputs. The environment exerts a considerable influence on the behavior
of a system; but the system can do little to control the behavior of the environment
Types of MIS
Financial information system
The transaction processing system, and
The management information system
Expert system
Transaction processing system
Transaction processing system (TPS): A system which performs records and processes routine
transactions. A TPS is used for routine tasks in which data items or transactions must be processed so
that operations can continue. A TPS supports most business functions in most types of businesses.

5.4 The management information system (MIS)
Definition
Management information system (MIS): Converts data from mainly internal sources into information (eg
summary reports, exception reports). This information enables managers to make timely and effective
decisions for planning, directing and controlling the activities for which they are responsible.
An MIS provides regular reports and (usually) on-line access to the business's current and historical
performance. The MIS transforms data from underlying TPS into summarised files that are used as the
basis for management reports. It:
Supports structured decisions at operational and management control levels
Is designed to report on existing operations
Has little analytical capability
Is relatively inflexible
Has an internal focus
5.5 Expert systems
Expert systems allow users to benefit from expert knowledge and information. The system will consist of
a database holding specialized data and rules about what to do in, or how to interpret, a given set of
circumstances.
Business and finance
Business applications of expert systems:
Legal or tax advice
Forecasting of economic or financial developments, or of market and customer behavior
Surveillance, for example of the number of customers entering a supermarket, to decide what
shelves need restocking and when more checkouts need to be opened, or of machines in a
factory, to determine when they need maintenance
Diagnostic systems, to identify causes of problems, for example in production control in a
factory, or in healthcare
Project management
Education and training, diagnosing a student's or worker's weaknesses and providing or
recommending extra instruction as appropriate
Conditions when expert systems are most useful:
The problem is reasonably well-defined
The expert can define some rules by which the problem can be solved
The problem cannot be solved by conventional transaction processing or data handling
The expert could be released to more difficult problems. Experts are often highly paid, meaning
thevalue of even small time savings is likely to be significant
The investment in an expert system is cost-justified
The output of all the systems become an input to a financial information system
Financial Management Information System (FMIS)
FMIS usually refers to computerization of expenditure management processes including budget
formulation, budget execution, and accounting with the help of a fully integrated system

A financial management information system, or integrated financial management information system
(IFMIS), is an information system that tracks financial events and summarizes financial information.

The term IFMIS refers to the use of information and communications technology in financial
operations to support management and budget decisions, fiduciary responsibilities, and the preparation
of financial reports and statements


As the name implies, there are, and should be, three guiding characteristics for a well-designed FMIS:

1. It is a management tool. When developing an FMIS it is important that it cater to management
needs not just those of the central agencies, but also line agencies. Moreover, as a
management tool it should support the management of change. It must be viewed as an integral
part of budget system reform hence not be designed just to meet present requirements, but
also to support those needs that are likely to arise as parallel budget peforms are implemented.
2. It should provide a wide range of nonfinancial and financial information. As a tool of
management it should provide the information required for decision making. It should be
designed to perform all necessary accounting functions as well as generate custom reports for
internal and external use. However, this does not mean that it should exclusively concentrate on
financial information. Managers will require other nonfinancial information.

3. It is a system. Its role is to connect, accumulate, process, and then provide information to all
parties in the budget system on a continuous basis. All participants in the system, therefore,
need to be able to access the system, and to derive the specific information they require to
carry out their different functions.
In a nut shell the system has the following basic features:

1. Standard data classification for recording financial events;
Importance of Coding for FISs
Record, store, classify, and retrieve information
Utilize numeric and alphanumeric codes
Design Considerations
Must serve a useful purpose
Must be consistent
Plan for future expansion
Types of code
Sequential- Documents are numbered consecutively to account form them, any
gaps in the sequence code indicate missing documents that should be
investigated.
Block -Blocks of numbers within a numerical sequence reserved for categories
having meaning to the user.
Group codes -Two or more subgroups of digits that are used to code an item. A
group code is often used in conjunction with a block code.
Mnemonic Codes-Helps user remember what they represent

2. Internal controls over data entry, transaction processing, and reporting
Efficiency data entry technique
Pre-numbered and well-designed documents
Validating data
Correcting detected errors before the data are posted to the general ledger
Compiling standardized adjusted entries
Pre-computing batch control totals
Using turn around document
Report Design Considerations
o Should be effective
o Expectations of outputs
Outputs of an AIS
o Reports to management
o Reports to investors and creditors
o Files retaining transaction data
o Files retaining current data about accounts


3. Common processes for similar transactions and a system design that eliminates unnecessary
duplication of data entry.



Advantages of IFMIS

Provide timely, accurate, and consistent data for management and budget decision-making;
Support policy decisions;
Integrate budget and budget execution data, allowing greater financial control and reducing
opportunities for discretion in the use funds;
Facilitate financial statement preparation; and
Provide a complete audit trail to facilitate audits.

Reactive information (provided by the operating systems, analysis instruments, scenarios,
investment alternatives, cash flow alternatives etc.) for supporting the managers decisions;
Correlation between costs and prices (monitoring the profitability of products and activities);
Planning the production based on a forecast, contracts, planning the supply based on a global
image regarding existent stocks (the high costs for supplying and storage/massive stock
immobilization are reduced);
Controlling ongoing investment projects and budgets that are grouped in
operations/expenditure/stages in real time, as well as monitoring expenses for investment
projects;
A centralized basis that comprises information regarding clients and suppliers (including
contracts, requests and their settlements) and high costs for providing services;
The possibility of eliminating redundant information ;
Shortening the time used for making decisions and direct access to the information of all levels
of decision;
Channeling financial resources in one direction thus eliminating integrating costs;
The possibility of correlating results and performing complex analyses regarding the activities;

Attributes of a well-designed FMIS

The FMIS should:
Be modular, and capable of progressive upgrading to cater to future needs;
Offer a common platform and user interface to the stakeholders in different department
responsible for financial management, for adding to and accessing the information database (in
its absence each agency will have the incentive to develop its own FMIS to meet its currently
perceived needs);
Maintain a historical database of budget and expenditure plans; transaction data at the highest
level of detail; cash flows and bank account operations including cheques issued, cancelled, and
paid, cash balances and floats;
Have dedicated modules to handle monthly, rolling, short-term (one to three months) and
longer-term (three months to end of year) forward estimates of revenues, and expenditures
prepared by agencies, and corresponding estimates of the resulting cash flows;
Have built-in analytical tools to offer trend analysis of various elements of fiscal operations to
permit a forward look at the emerging events bearing on the fiscal stance;
Compile formal accounts from the database of authorizations and cash allocations, primary
revenue and expenditure transactions of the agencies; and treasury operations, avoiding the
need to duplicate data entry for accounting purposes;
Enable real-time reconciliation of parallel but related streams of transaction data at the
agency level: cheques issued with those paid by the banks; at treasury: receipts from banks with
the cheques paid by taxpayers; cash balances reflected in the agency ledgers with the cash
balances in the banks;
Mechanize all possible routine tasks at the central and spending agencies generating various
forms/authorizations, cheques, outputting hard copies of key registers and statements, etc.; and
Be flexible enough to provide user-defined management information, aggregated at the desired
level of detail, from the database.

BASIC COMPONENTS OF FMIS

An IFMIS will generally consist of several distinct components or modules that use information to
perform different functions.


1. General Ledger -At the core of the system is the General Ledger. The General Ledger constitutes
the central books of any IFMIS. Every transaction entered into the system posts to the General
Ledger, starting with the allocation of budget funds through to the commitments to payment for
goods and services

2. Cash Management monitors and forecasts cash flows and financing requirements, and
performs reconciliation between bank accounts and IFMIS records.

3. Commitment control ensures that before a purchase is committed to, there is sufficient cash
allocated for the expense and the allocation matches the appropriated budget.
4. Accounts payable Processes and generates payments, with built-in checks to ensure invoices
match approved commitments.
5. Accounts receivable produces bills and processes and records receipts, including all types of
inflows received by government units, including nontax revenues and fees.

6. Budget preparation/planning
7. Procurement and contracts management
8. Payroll and human resources
9. Revenue administration (tax and customs)
10. Debt management
11. Assets management


FMIS architecture



Main Steps in Introducing an FMIS
Stage 1: Preparatory
- Preliminary concept design including an institutional and organizational assessment
- Analysis of the key problem areas and ongoing reform programs
- Feasibility study
- Design project and draft project proposal
- Formal approval of the project-securing government approval and donors funding
Stage 2: Design
- Develop functional specification
- Outline information technology (IT) strategy, including hardware and organizational issues
- Prepare tender documents
Stage 3: Procurement
- Issue tenders for hardware and software and associated requirements
- Evaluation of bids and award contract
Stage 4: Implementation
- Configuration analysis and specify any additional IT, infrastructure, and communication
requirements
- Detailed business process and gap analysis mapping required functionality to package and
identifying and specifying detailed parameterization, customization, procedural etc, changes
- Detailed action plan for phased implementation and the pilot-run of the system
- Agreed customization and configuration of the system
- Determine training needs and conduct training of personnel
- Pilot runparallel run of the system, resolve initial problems and evaluate system performance for
roll-out
- Roll-out system to other ministries and agencies
- Phased implementation of additional modules
- Strengthening of internal system support and phasing out consultant/contractor support


SYSTEMS ACQUISITION AND SOFTWARE DEVELOPMENT
After a system is designed, either partially or fully, the next phase of the systems development starts
which relates to the acquisition of hardware, software and services. In this section, we will explore how
this process takes place.
Procuring Computer Hardware

Selecting a computer is a major commitment for any organisation not only because of its high cost
but also since a computer has a profound and long range effect on a companys operations. The user
depends upon the vendor for support services, systems design, education and training etc, and
expansion of computer installation for almost an indefinite period. Hence, selection of a computer
may be made after careful appraisal of various factors. Following points may be born in mind at the
time of selection of a computer system:
(i) All computer systems offered in the market today have good hardware, competent software
and roughly similar facilities. Due to the rapid development of computer technology, the
more recent the computer, the better its performance is and the lower its cost. Therefore,
as far as possible the latest possible technology should be acquired.
(ii) ) Computer performance for commercial work is mainly determiend by the speeds and
capabilities of input/output and storage peripherals. Scientific, engineering and operations
problems require good computational facilities. Thus, the efficiency of a computer in
handling such problems will depend on the main storage available and the instrution
execution speed, and repertoire. A comparison along these lines can be made quickly and
quite effectively.
(iii) The software supplied by the manufacturer may make a significant difference if it contains a
package of special applicability to the jobs envisaged. Experts maintain that since hardware
speed and facilities are uniformly good, today the selection of computer should be made on
software considerations.
(iv) Modern computers are marketed as series of compatible machines with increasingly
powerful central processors and interchangeable peripherals. Thus, the choice of a
computer really becomes a choice of a model within a series, based on a long range plan of
expansion.
(v) The selection of a computer does not end within the choice of a manufacturer and a model.
It continues to the selection of a configuration and a plan for its gradual expansion.
(vi)
Software acquisition: Make or Buy: At this stage, the system developers must determine whether the
application software should be created in-house or acquired from a vendor. This decision is often called
the make-or-buy decision. In the past several years, pre-packaged application software or application
software packages have become increasingly popular for many business functions, including accounting
(for example, payroll and personnel accounting), general ledger, manufacturing, financial planning and
numerous other applications. Many of these packages consist of several programs and a complete set of
documentation tools. Vendors providing these software packages even impart training about how to use
the software to its full potential. Factors affecting the make or buy decision of application software
are as follows:
Availability of skilled manpower: If sufficient number of programmers is not available, the
organization may be forced to purchase packages that it otherwise would develop.
Cost of programming: In case the cost of developing the software is more than the price
of pre-written software, the organization may decide to buy the software.
Backlog of program: The in-house software development takes long time. If there is lot of
backlog of programs awaiting development, the organization may choose to buy the
software.
Suitability of software: Sometimes the available software may not be suitable for specific
needs of the organization. Hence, it may be better to develop software in such instances.
Time frame available for implementation: If the time available for implementation of the
new computerized system is very short, the organization may decide to buy the software.
Availability of sophisticated software: In many instances, the programs available for purch

Steps involved in Selection of A Computer System :
The selection of an appropriate computer system, both hardware and application software package
demands a high level of expertise and many organisations use a consultant either to provide guidance to
their personnel or to manage this activity. The steps involved in selection of a computer system are:
1. Prepare the design specifications.
2. Prepare and distribute an RFP (Request for proposal) to selected computer vendors.
3. On the basis of an analysis of proposals, eliminate vendors whose proposals are inferior.
4. Have vendors present their proposals.
5. Conduct further analysis of the proposals.
6. Contact present users of the proposed systems.
7. Conduct equipment benchmark tests.
8. Select the equipment.

Conversion and start-up from Manual to Computerised System:
Conversion or changeover is the process of changing from the old system (manual system) to the new
system. It requires careful planning to establish the basic approach to be used in the actual changeover.
There are many conversion strategies available to the analyst who has to take into account several
organisational variables in deciding which conversion strategy to use. The five strategies used for
conversion from manual to computerised system are briefly discussed below:

(i) Direct Changeover: Conversion by direct changeover means that on a specified date, the old system
is dropped and the new system is put into use.

Advantages: The users have no possibility of using the old system other than the new one. Adaptation is
a necessity.
Disadvantages: Direct changeover can only be successful if extensive testing is done beforehand. Long
delays might ensue if errors occur. Also, users may resent being forced into using an unfamiliar system
without recourse.
Finally, there is no adequate way to compare new results with old ones.
(ii) Parallel Conversion: This refers to running the old systems and the new system at the same time, in
parallel. This approach works best when a computerized system replaces a manual one. Both systems
are run simultaneously for a specified period of time and the reliability of results is examined. When the
same results are gained over time, the new system is put into use and the old one is scrapped.
Advantages: There is a possibility of checking new data against old data in order to catch any errors in
the processing of the new system. It also offers a feeling of security to users who are not forced to make
an abrupt change to the new system.
Disadvantages: Cost of running two systems at the same time is high. The workload of employees during
conversion is almost doubled. In case the system being replaced is a manual one, it is difficult to make
comparisons between output of the new system and the old one.
(iii) Gradual Conversion: It attempts to combine the best features of the earlier two plans, without
incurring the risks. In this plan, the volume of transactions is gradually increased as the system is phased
in.
Advantages: It allows users to get involved with the system gradually. It also offers the possibility of
detecting and recovering from the errors without a lot of downtime.
Disadvantages: It takes too long to get the new system in place. It is not appropriate for conversion of
small, uncomplicated systems.
(iv) Modular Prototype Conversion: This approach of conversion uses the building of modular,
operational prototypes to change from old system to new in a gradual manner. As each module is
modified and accepted, it is put into use.
Advantages: Each module is thoroughly tested before being used. Users become familiar with each
module as it becomes operational.
Disadvantages: Many times prototyping is not feasible and hence this conversion method cannot be
used for such systems. Further, under this approach, special attention must be paid to interfaces so that
the modules being built actually work as a system.
(v) Distributed Conversion: This refers to a situation in which many installations of the same system are
contemplated, such as in banking. One entire conversion is done using any of the aforesaid four
approaches at any one site. When that conversion is successfully completed, other conversions are done
for other sites.
Advantages: Problems can be detected and contained at one site rather than inflicting them, in
succession, on all sites.
Disadvantages: Even when one conversion is successful, each site will have its own peculiarities to work
through and these must be handled.
What is financial information used for?
Users use financial information to make economic decisions, such as those to:

Decide when to buy, hold or sell shares on the basis of their risk and return
Assess how effectively the business's management has looked after its affairs (its stewardship)
and decide whether to replace or reappoint them
Assess a business's ability to provide benefits to its employees
Assess security for amounts lent to the business
Who uses financial information?
Users Need financial information to:
Present and potential investors (shareholders)
Make investment decisions, therefore need information on:
Risk and return of investment
Ability of company to pay dividends
Employees Assess their employer's stability and profitability
Assess their employer's ability to provide remuneration, employment opportunities and
retirement and other benefits
Customers Assess whether business will continue in existence important where customers
have a long-term involvement with, or are dependent on, the business, eg where they are
supply chain partners
Suppliers and other business partners-Assess the likelihood of being paid when due
Governments and its agencies -Assess allocation of resources and, therefore, activities of
o businesses
o Assist in regulating activities
o Assess taxation income
o Provide a basis for national statistics
o Help direct policy on, for instance, health and safety and equal opportunities issues

The public and community representatives - Assess trends and recent developments in the
business's prosperity and its activities important where the business makes a substantial
contribution to a local economy, eg by providing employment and using local suppliers
Lenders - Assess whether loans will be repaid, and related interest willbe paid, when due

When is financial information useful?
Financial information is useful to users when it:

Helps them to make economic decisions, and
Shows the results of management's stewardship of the resources entrusted to them For
financial information to meet these two objectives it must be prepared on the basis of two
underlying assumptions:
The accrual basis of accounting: the effects of transactions and other events are recognized
when they occur (not as they are realized in cash), and they are recorded and reported in the
financial statements of the periods to which they relate

The business is a going concern and will continue in operation for the foreseeable future

7.4 Information for making economic decisions and making managers accountable
When users make economic decisions they need financial information to evaluate:
The ability of a business to generate cash so as to
Pay employees and suppliers
Meet interest payments
Repay loans and
Pay dividends
The timing and certainty of cash flows
In order to make the evaluation as to whether the business can generate sufficient cash on time
the user needs information on the business's:
Financial position (its balance sheet, which is now more formally known as the 'statement of
financial position' following the revision of IAS 1 Presentation of Financial Statements in
September 2007)
Financial performance (its income statement, or 'statement of comprehensive income' in IAS 1
(revised) terminology) andChanges in financial position (its cash flow statement, or 'statement
of cash flows' in IAS 1 (revised) terminology)
7.4.1 Information on the financial position

7.4.2 Information on financial performance
Information on the business's profitability, especially variability in profits over time, helps the user to
predictor assess:
Potential changes in the economic resources the business is likely to control in the future
The business's capacity to generate cash flows from its existing resource base
How effectively the business might employ additional resources
7.4.3 Information on changes in financial position
Information on the business's past cash flows helps the user to predict or assess its investing, financing
and operating activities during the reporting period. This helps the user to assess:
How able the business is at generating cash
How well the business uses cash that it has generated
7.5 Qualitative characteristics of financial statements
Definition
Qualitative characteristics: The attributes that make information provided in financial statements
usefulto users
Understandability
Relevance
Reliability, and
Comparability
7.5.1 Understandability
Information should be readily understandable. Users are assumed to have a reasonable knowledge of
economic and business affairs and to be willing to be reasonably diligent in the way they study financial
information. Relevant information should not be excluded from financial statements merely because it is
hard to understand.
7.5.2 Relevance
Information is relevant to users when it influences their economic decisions because they can thereby:
Evaluate past, present or future events, or Correct or confirm past evaluations
Information need not be in the form of a forecast for it to help users make predictions, but it helps them
if unusual, abnormal or infrequent items are separately disclosed.
Relevance is affected by:
The nature of certain items: some pieces of information are highly relevant whatever their monetary
value, such as the acquisition of a new business with significantly increased risks
The materiality of certain items: a piece of information is material if its omission or misstatement could
influence users' economic decisions. Materiality depends on the size of the item or error judged
in the particular circumstances of the omission or misstatement
7.5.3 Reliability
Information is reliable if it:
Is free from material error
Is free from bias ie neutral
Can be depended on to be a faithful presentation of what it purports to represent, or what it
couldreasonably be expected to represent
Is presented in accordance with its commercial substance rather than its strict legal form
(substance over form)
Is complete within the bounds of materiality and cost
Is prepared with prudence, that is a degree of caution is exercised when including items for
which estimates are needed and conditions are uncertain
7.5.4 Comparability
Measurement and display of the financial effect of like transactions and other events must be carried
out ina consistent way:
Throughout the business
Over time, and
Across different businesses
7.6 Constraints on relevance and reliability of information
There are two constraints on the relevance and reliability of information:
Timeliness: undue delay in reporting may reduce relevance, but to provide information on a
timely basis it may have to be reported before all aspects of a transaction or other event are
known, thus impairing reliability. In balancing the two characteristics, the overriding
consideration is how best tosatisfy the economic decision-making needs of users.
Balance of benefit and cost: the benefits derived from information for all users should exceed
the cost of providing it.
8. Limitations of financial information in meeting users' needs
8.1 Conventionalized representation
Financial information, particularly financial statements, are usually highly standardised in terms of their
overall format and presentation although businesses are very diverse in their nature. This may limit the
usefulness of the information.
Financial statements are highly aggregated in that information on a great many transactions and
balances is combined into a few figures in the financial statements, which can often make it difficult for
the reader to evaluate the components of the business.
8.2 Backward-looking
Financial statements cover a period that has already ended; they are inherently historical and backward
looking, whereas most users of financial information base their decisions on expectations about the
future. Financial statements contribute towards this by helping to identify trends and by confirming the
accuracy of previous expectations, but they cannot realistically provide the complete information set
required for all economic decisions by all users.
8.3 Omission of non-financial information
By their nature, financial statements contain information that is financial, not non-financial such as:
Narrative description of major operations
Discussion of business risks and opportunities
Narrative analysis of the business's performance and prospects
Management policies and how the business is governed and controlled
Instead these are normally covered in the Chairmans' Statement and the Directors' Report,
published alongside the financial statements.
8.4 Other sources of information
There are other sources of information available to at least some users of the basic financial statements.
In owner-managed businesses, the owners have access to internal management information because
they are the management. This information is, potentially, available on a continuous real-time basis and
will include:
Future plans for the business
Budgets or forecasts
Management accounts, including, for example, divisional analysis
Banks will often gain additional access to business information under the terms of loan agreements
Potential investors, if they are planning to take a major stake or even a controlling interest, will
negotiate additional access to information
Suppliers may be able to obtain reports on the business's credit standing via credit reference agencies
such as Experian. These are also used by lenders
Some information, such as brochures and publicity material (eg press releases), is available to all

9 The effects of poor financial information
Financial information is poor if it does not:
Meet the needs of users
Display the qualitative characteristics set out above
The effect of poor financial information is:
To undermine the integrity of financial markets
To fail to serve the public interest
Financial Reporting
A. There are two types of reports used to facilitate the reconciliation process, delivered reports
and prompted reports. Delivered reports are run monthly once the GL and sub-systems have
closed. Prompted reports can be run at any time but are limited to only the current and prior
period data.
B. Reports
1. Appropriations Summary lists the fiscal activity for a budget-based departmental
budgetary cost center summarized at an account code level so departments understand
the associated available spending authority and all related components that impact that
calculation.
2. Cash Summary lists the fiscal activity for a cash-based departmental budgetary cost
center summarized at an account code level so departments understand the associated
available spending authority and all related components that impact that calculation.
3. Transaction Detail lists the monthly transaction details for budgetary it helps the
department to understand the specific fiscal activity that impacted the departmental
budgetary cost centers available spending authority.
4. Open Encumbrance lists the amount for each encumbrance for a departmental
budgetary cost center subtotaled at an account code level so departments understand
what funds are remaining for any open encumbrance.
5. Payroll Cost Distribution lists individual employee payroll costs for a budgetary cost
center with all applicable deductions for a given departmental budgetary cost center so
departments understand the personnel expense attributed to their payroll costs paid.
6. Projected Payroll Cost Distribution lists the projected payroll remaining in the fiscal
year for each employee in a departmental budgetary cost center subtotaled at an
account grouping level so departments understand the cost of each employees
employer paid payroll earnings, benefits, and taxes.
7. KK to GL Summary Comparison lists the monthly expenditure totals in the
commitment control (KK) ledger and the general ledger in a departmental budgetary
cost center subtotaled at an account grouping level so departments understand any
expenditure variances between KK and GL.
H. Effectiveness and efficiency of operations, Reliability of financial reporting
internal Controls Internal controls are a process designed to provide reasonable assurance regarding
the achievement of objectives in the following categories: Effectiveness and efficiency of
operations, Reliability of financial reporting, Compliance with applicable directives, laws and
regulations. Fundamentally, controls help to ensure that the universitys assets are being protected.
Through effective controls, a department can safeguard assets and also detect and correct errors and
irregularities.
1. Basic Internal Controls
a. There should be an audit trail for each financial transaction.
Documentation can be in either electronic or paper form.
b. Accounting data must be checked to ensure that it is accurate and
reliable.
c. All financial data must be checked against departmental source
documents. For financial data to be validated, it must be reconciled.
d. During the reconciliation process, departments must ensure that only
expenses related to their budgetary cost center are recorded in that
budgetary cost center. The department must follow up on all inaccurate
charges. Reconciliation is a critical step in ensuring that the university
properly manages its resources.
2. Segregation of Duties for Reconciliation
a. Segregation of duties is critical. Segregation deters fraud and detects
errors.
b. Appropriate authorizations must be in place.
c. Authorization of expenditures and recording of expenditures should be
segregated duties.
d. Reconciliation of financial transactions and the recording of those
transactions should be segregated duties.
e. If a department is too small to have two or more employees who can
segregate duties, then the department administrator must frequently
review departmental transactions.
3. Documentation
a. Millions of financial transactions are recorded annually into the
Universitys general ledger. Required documentation is not the same for
all transactions. For example, an adjustment to an expense between
account codes within a department is not as critical from the
perspective of internal controls and risk as processing additional pay in
the human resources system.
b. Documentation must be aligned with internal controls and level of risk,
therefore, required documentation for transactions depends closely on
the level of risk associated with the transaction. Documenting general
ledger entries are based on the following considerations:
I. Minimal documentation is required when:
i. There are system controls that minimize errors.
Examples are transactions that have workflow
associated with them. These transactions are reviewed
and approved by someone other than the initiator
before it posts to the general ledger.
ii. The transactions can be fully documented in the system
itself. Comments describing the transaction and its
purpose as well as the operator ID of the person who
initiated the transaction are available in the on-line
system. The transaction can be audited from the system
itself.
II. Increased documentation is required when the transaction:
i. is for a large dollar amount.
ii. is part of a legally binding contract.
iii. is created via the purchasing card.
iv. in part of the procurement process.
v. pertains to personnel actions.
I. Reconciliation
1. Ledger summaries and supporting detail ledgers are provided to departments
on a monthly basis and can be run more frequently through the FIT cube. These
ledgers provide the department with information regarding their financial
operations and conditions. They also are used by department fiscal staff to
verify or check to ensure that the information they contain is accurate and
reliable. This process is often referred to as Reconciliation and is an important
overall University control process. This process must be performed at least
monthly after the ledgers are received.
2. Since department size and complexity varies significantly, there is not one set of
specific fiscal procedures that fits all departments. However, there are certain
important fiscal requirements that all departments are required to meet. These
requirements help ensure that management is properly informed of their fiscal
operations and condition, but that proper controls are in place to ensure that
revenues are maximized, prudently spent, that University funds are properly
safeguarded, and that proper accountability is maintained.
Reconciliation to source documents is required to be performed
for all transactions $100 and over.
For transactions under $100, reconciling consists of spot
checking at least 25% of the budgetary cost center transactions
to the source documents.
Security
Security (in information management): the protection of data from accidental or deliberate threats
which might cause unauthorised modification, disclosure or destruction of data, and the protection of
the
information system from the degradation or non-availability of services (Lam: Security of computer
based information systems).

Ensuring the security of information

Aspects of security include the following:
Prevention. It is in practice impossible to prevent all threats cost-effectively, but prevention is better
than cure
Detection. Detection techniques are often combined with prevention techniques: a log can be
maintained of unauthorised attempts to gain access to a computer system
Deterrence. As an example, computer misuse by personnel can be made grounds for disciplinary
action
Recovery procedures. If the threat occurs, its consequences can be contained (for example,
checkpoint programs)
Correction procedures. These ensure the vulnerability is dealt with (for example, by instituting
stricter controls)
Threat avoidance. This might mean changing the design of the system



Physical access controls

Personnel, including receptionists and, outside working hours, security guards can help control
human access
Door locks can be used where frequency of use is low. (This is not practicable if the door is in
frequent use.)
Locks can be combined with:
A keypad system, requiring a code to be entered
A card entry system, requiring a card to be 'swiped'
Intruder alarms
Laptop and other portable computers with access to the system should be kept secure
Staff should be allocated an individual personal identification number, or PIN, which identifies him
or her to the building

Security controls in the system
These help to prevent:
Human error
Entering incorrect transactions
Failing to correct errors
Processing the wrong files
Technical error such as malfunctioning hardware or software
Deliberate actions such as fraud
Commercial espionage
Malicious damage

Integrity controls in the system

Data will maintain its integrity if it is complete and not corrupted.
The original input of the data must be controlled in such a way as to ensure that the results are
complete and correct. Input controls should ensure the accuracy, completeness and validity of
input
Data verification involves ensuring data entered matches source documents
Data validation involves ensuring that data entered is not incomplete or unreasonable. Various
checks include:
Check digits. A digit calculated by the program and added to the code being checked to
validate it
Control totals. For example, a batch total totalling the entries in the batch
Hash totals. A system generated total used to check processing has been performed as
intended
Range checks. Used to check the value entered against a sensible range, eg ledger account
number must be between 5,000 and 9,999
Limit checks. Similar to a range check, but usually based on an upper limit, eg must be less
than 999,999.99
Information Systems Control and Audit

1. NEED FOR CONTROL
Everyone is aware of the need for information security in today's highly networked business
environment. Information is arguably among an enterprise's most valuable assets, so its
protection from predators from both within and outside has taken center stage as an IT priority.
Hence, there is a need to institute strong control environment.
2. EFFECT OF COMPUTERS ON INTERNAL AUDIT Since the 1970s, around the world there has been a
large increase in the number of organisations using computers to process transactions and prepare their
financial statements. The move towards more automated financial systems has had an impact in the
way auditors carry out their work. The impact can be summarised under four main headings:
(i) changes in the audit trail and audit evidence;
(ii) change in the internal controls environments;
(iii) new opportunities and mechanisms for fraud and error;
(iv) new audit procedures.


(i) Changes in the audit trail and audit evidence: The existence of an audit trail is a key financial audit
requirement, since without an audit trail, the financial auditor may have extreme difficulty in gathering
sufficient, appropriate audit evidence to validate the figures in the clients accounts.

(a) Data retention and storage: A clients storage capabilities may restrict the amount of historical data
that can be retained on-line and readily accessible to the auditor. If the client has insufficient data
retention capacities the auditor may not be able to review a whole reporting periods transactions on
the computer system.
(b) Absence of input documents: Transaction data may be entered into the computer directly without
the presence of supporting documentation, e.g. input of telephone orders into a telesales system. The
increasing use of EDI will result in less paperwork being available for audit examination.
(c) Lack of a visible audit trail: The audit trails in some computer systems may exist for only a short
period of time. The absence of an audit trail will make the auditors job very difficult and may call for an
audit approach which involves auditing around the computer system by seeking other sources of
evidence to provide assurance that the computer input has been correctly processed and output.
(d). Lack of visible output: The results of transaction processing may not produce a hard copy form of
output, i.e. a printed record. In the absence of physical output it may be necessary for the auditor to
directly access the electronic data retained on the clients computer. This is normally achieved by having
the client provide a computer terminal and being granted read access to the required data files. (See
chapter 9 for an explanation of access permissions such as read).
(e) Audit evidence. Certain transactions may be generated automatically by the computer system. For
example, a fixed asset system may automatically calculate depreciation on assets at the end of each
calendar month. The depreciation charge may be automatically transferred (journalised) from the fixed
assets register to the depreciation account and hence to the clients income and expenditure account.
Where transactions are system generated, the process of formal transaction authorisation may not have
been explicitly provided in the same way as in a manual environment, i.e. each transaction is not
supported by the signature of a manager, supervisor or budget holder. This may alter the risk that
transactions may be irregular or ultra vires.
(f) Legal issues: The use of computers to carry out trading activities is also increasing. More
organisations in both the public and private sector intend to make use of EDI and electronic trading over
the Internet. This can create problems with contracts, e.g. when is the contract made, where is it made
(legal jurisdiction), what are the terms of the contract and who are the parties to the contract.


(ii) Change in the type and nature of internal controls: The internal controls within a clients financial
systems,manual and computerised, can be divided into several categories.
Personnel : Whether or not staff are trustworthy, if they know what they are doing and, if they have
the appropriate skills and training to carry out their jobs to a competent standard. Competent standard.
Segregation of duties: a key control in any financial system. Segregation basically means that the
stages in the processing of a transaction are split between different people, such that one person cannot
process a transaction through from start to finish. The various stages in the transaction cycle are spread
between two or more individuals.
Authorization procedures: to ensure that transactions are approved. In some on-line transaction
systems written evidence of individual data entry authorization, e.g. a supervisors signature, may be
replaced by computerized authorization controls such as automated controls written into the computer
programs (e.g. programmed credit limit approvals).
Record keeping: the controls over the protection and storage of documents, transaction details, audit
trails etc.
Access to assets and records: In the past manual systems could be protected from unauthorised
access through the use of locked doors and filing cabinets. Computerised financial systems have not
changed the need to protect the data. A clients financial data and computer programs are vulnerable to
unauthorised amendment at the computer or from remote locations. The use of wide area networks,
including the Internet, has increased the risk of unauthorised access. The nature and types of control
available have changed to address these new risks.
Management supervision and review: Managements supervision and review helps to deter and
detect both errors and fraud.


(iii) New causes and sources of error
(a) System generated transactions: Financial systems may have the ability to initiate, approve and record
financial transactions. This is likely to become increasingly common as more organisations begin to
install expert systems and electronic data interchange (EDI) trading systems. Automated transaction
processing systems can cause the auditor problems. For example when gaining assurance that a
transaction was properly authorised or in accordance with delegated authorities. The auditor may need
to look at the applications programming to determine if the programmed levels of authority are
appropriate.
(b) Systematic Error : Computers are designed to carry out processing on a consistent basis. Given the
same inputs and programming, they invariably produce the same output. This consistency can be
viewed in both a positive and a negative manner. If the computer is doing the right thing, then with all
other things being equal, it will continue to do the right thing every time. Similarly, if the computer is
doing the wrong thing and processing a type of transaction incorrectly, it will continue to handle the
same type of transactions incorrectly every time. Therefore, whenever an auditor finds an error in a
computer processed transaction, s(he) should be thorough in determining the underlying reason for the
error. If the error is due to a systematic problem, the computer may have processed hundreds or
thousands of similar transactions incorrectly

(iv) New audit processes: Within a computerized environment the auditor may be required to adopt a
different audit approach to gain sufficient audit evidence to provide an opinion on the financial
statements. For example, new procedures to cope with different internal controls, new causes of errors
or the different nature of audit trails.


INFORMATION SYSTEMS CONTROL TECHNIQUES

Accounting controls, i.e. those controls which are intended to safeguard the clients assets and ensure
the reliability of the financial records; The
Operational controls: These deal with the day to day operations, functions and activities to ensure
that the operational activities are contributing to business objectives;
Administrative controls: These are concerned with ensuring efficiency and compliance with
management policies, including the operational controls.


Auditors categorisation of controls

We put the controls into categories depending on when they act.

We categorise the controls into following four groups:

(i). Preventive Controls: Preventive controls are those inputs, which are designed to prevent an error,
omission or malicious act occurring. An example of a preventive control is the use of passwords to gain
access to a financial system.

The broad characteristics of preventive controls are:
(i) A clear-cut understanding about the vulnerabilities of the asset
(ii) Understanding probable threats
(iii) Provision of necessary controls for probable threats from materializing


Examples of preventive controls
Employ qualified personnel
Segregation of duties
Access control
Vaccination against diseases
Documentation
Prescribing appropriate books for a course
Training and retraining of staff
Authorization of transaction
Validation, edit checks in the application
Firewalls
Anti-virus software (sometimes this acts like a corrective control also), etc
Passwords


(ii). Detective Control: These controls are designed to detect errors, omissions or malicious acts that
occur and report the occurrence

The main characteristics of such controls are as follows:
Clear understanding of lawful activities so that anything which deviates from these is reported as
unlawful, malicious, etc.
An established mechanism to refer the reported unlawful activities to the appropriate person or group
Interaction with the preventive control to prevent such acts from occurring
Surprise checks by supervisor Examples of detective controls include
Hash totals
Check points in production jobs
Echo control in telecommunications
Error message over tape labels
Duplicate checking of calculations
Periodic performance reporting with variances
Past-due accounts report
The internal audit functions
Intrusion detection system
Cash counts and bank reconciliation
Monitoring expenditures against budgeted amount


(iii). Corrective Controls: Corrective controls are designed to reduce the impact or correct an error once
it has been detected


The main characteristics of the corrective controls are:
Minimize the impact of the threat
Identify the cause of the problem
Remedy problems discovered by detective controls
Get feedback from preventive and detective controls
Correct error arising from a problem
Modify the processing systems to minimize future occurrences of the problem Examples of Corrective
Controls
Contingency planning
Backup procedure
Rerun procedures
Treatment procedures for a disease
Change input value to an application system
Investigate budget variance and report violations.

(Iv). Compensatory Controls: Controls are basically designed to reduce the probability of threats, which
can exploit the vulnerabilities of an asset and cause a loss to that asset


Audit Trails
Audit trails are logs that can be designed to record activity at the system, application, and user level.
When properly implemented, audit trails provide an important detective control to help accomplish
security policy objectives.


(1) Detecting Unauthorized Access: Detecting unauthorized access can occur in real time or after
the fact. The primary objective of real-time detection is to protect the system from outsiders
who are attempting to breach system controls. A real-time audit trail can also be used to report
on changes in system performance that may indicate infestation by a virus or worm.
When properly designed, they can be used to determine if unauthorized access was
accomplished, or attempted and failed

(2) Reconstructing Events: Audit analysis can be used to reconstruct the steps that led to events
such as system failures, security violations by individuals, or application processing errors.
Knowledge of the conditions that existed at the time of a system failure can be used to assign
responsibility and to avoid similar situations in the future.
Audit trail analysis also plays an important role in accounting control.


(3)Personal Accountability: Audit trails can be used to monitor user activity at the lowest level of detail.
This capability is a preventive control that can be used to influence behavior. Individual are likely to
violate an organisations security policy if they know that their actions are recorded in an audit log.