CHAPTER 1: ROLE AND PURPOSE OF AIS 1.

Inputs – documents
ACCOUNTING INFORMATION SYSTEM – a set of interrelated activities, documents,
and technologies designed to collect data, process it, and report to a diverse group of
internal external decision makers in organizations.
Three reasons why AIS is important: (H-A-D)
1. Helps achieve some components of the FASB Conceptual Framework
2. Acquiring knowledge help students learn more about business processes
3. Develop core competencies by AICPA.
AIS relates to Conceptual Framework by
 Capturing data on the elements of FS.
 Transforming data into relevant and reliable information.
 Recognizing and adapting to the cost-benefit constraint
Core competencies (B-F-P)
 Broad business perspective competencies
 Strategic/Critical thinking – ability to link data, knowledge and insight
together to provide information for decision making
 Resource management – being able to apply management and human
resource theories to HR issues and organizational problems
 Functional competencies
 Risk analysis – understanding business risk
 Research – needs to have strong research skills
 Personal competencies
 Problem solving and decision making
 Communication – skills necessary to give and exchange information,
and the ability to listen, deliver powerful presentations and produce
examples
AIS STRUCTURE
Internal Control
Inputs processes outputs Storage
a. What kind of source documents will system users need?
b. Should the source documents be paper-based, electronic or both?
c. How many copies of each source document will be required?
d. What information should the documents contain?
2. Processes – computers and satellites
a. Which processing tools should the AIS use?
b. Should the tools be manual, computer-based or both?
c. If computer-based, which software and hardware should be implemented?
3. Outputs – general purpose FS
a. What other reports will managers and system users need?
b. How should the AIS be designed to facilitate their production?
4. Storage – paper form, electronic or mix
a. How should data be stored?
b. Where should it be stored?
c. How long should it be stored?
d. Under what conditions can/should data be destroyed?
5. Internal Controls – daily back up of data and separation of duty
a. What controls are necessary to promote integrity?
b. What behavioral effects are controls likely to have?
c. Are controls cost-effective?
AIS INFORMATION SOURCES AND INFO LITERACY CONCEPTS
Information Competence (IC) – evaluating validity is a critical skill for reaching
conclusions and finding genuinely valuable information
Five criteria: (A-A-O-C-C)
1. Authority – Who created the information? The purpose of creation?
2. Accuracy – Where does the information come from? Does it contain obvious
errors or misleading graphs?
3. Objectivity – Does the information contain advertising? Is it available freely?
4. Currency – when was it created? When was it last updated?
5. Coverage – is the source still in construction? Did it cover sufficient depth?
CRITICAL THINKING
- The mental process of actively and skillfully conceptualizing, applying,
synthesizing and evaluating information to reach an answer or conclusion
 -
Journal – a chronological listing of all the organization’s recordable transactions
CHAPTER 2: TRANSACTION PROCESSING IN AIS
Trial balance – a listing of all the accounts in an organization’s general ledger, with their
ACCOUNTING AND BOOKKEEPING
balances, that demonstrates the equality of debits and credits in the ledger
Accounting – the process of identifying, measuring and communicating economic
information to permit informed judgments and decisions by users of the information. Adjusting entries:
 Accrued revenue – service provided before collection of cash
Bookkeeping – the part of accounting devoted to identifying and measuring the  Accrued expense – receive service before paying cash
economic information  Deferred revenue – receives cash before service
 Prepaid expenses – uses up assets that was previously been paid for
ACCOUNTING CYCLE
 Uncollectible accounts – estimates of amounts that customers are unwilling to
1. Obtain information pay
2. Analyze transactions  Depreciation – periodic allocation of an asset’s cost
3. Record transactions
4. Post to general ledger General purpose financial statements:
5. Prepare unadjusted trial balance  Income statement – summarizes the results of business operations; reports
6. Record adjusting entries revenues and expenses
7. Prepare adjusted trial balance  Statement of Changes in Shareholder’s Equity – reports changes in capital
8. Prepare financial statements stock and retained earnings account
9. Close temporary accounts  Balance sheet – financial position of the organization; assets, liabilities and
10. Prepare post-closing trial balance capital
 Statement of cash flows – three categories of cash flows: investing operating
Two basic types of transaction:
and financing
Internal – adjusting entries, closing entries and reversing entries
External – exchanges of goods and services with other individuals and business entities
CODING SYSTEMS

Common internal controls with source documents:

Williamson (2006) coding systems:
 Sequential numbering
 Sequential coding – numbers the items in sequence
 Physical security
 Block coding – numbers are assigned in blocks (exg. All current asset
 Transaction limits
accounts starts with the code “1”)
 Hierarchal coding – each digit/block of digits conveys important information to
Five steps of transaction analysis:
people who know the code; “fund coding”
1. Identify accounts affected
 Mnemonic codes – help people remember the meaning of the code.
2. Identify effect of transaction
3. Determine element of FS by each account
HUMAN JUDGMENT AND IT
4. Determine which kind of entry is required for each account
5. Verify total debits = total credits
Human judgment comes into play in AIS in:
  Designing source documents- should be clear and easy to read
 Recognizing recordable transactions – (exg. Market value of land are not
recordable)
 Estimating amounts and interpreting accounting rules
CHAPTER 3: INTERNAL CONTROLS
INTERNAL CONTROL – a process, effected by an entity’s board of directors,
management and other personnel designed to provide reasonable assurance regarding
achievement of objectives relating to operations, reporting and compliance
a. Systems risk – relating to information technology
b. Human error risk – possibility of people in the org to make mistakes
3. Strategic risks – relates to the decision-making process of the higher
management
a. Legal and regulatory risk – chances that the parties will break laws
b. Business strategy risk – poor decision making related to a company’s
basis for competing
4. Hazard risk
1. Director’s and Officers’ liability – accused of mismanagement
COSO’S INTERNAL CONTROL INTEGRATED FRAMEWORK

Foreign Corrupt Practices Act (FCPA) – passed in the US Congress in 1977 in order to Control environment – establishing the “tone at the top”
stop corrupt practices (bribery) in the business world of US
Risk assessment – clarifying an organization’s risk exposures
Sarbanes-Oxley Act of 2002 (SOX) – management and external auditors must annually
assess internal control; certain required disclosures to SEC; personally signed Control activities – developing specific controls to address the risk exposures
certifications and reports; most sweeping accounting-related legislation
Information and communication – ensuring stakeholders know about the internal
Purpose of Internal Control (C-A-R-E-S) control plan
 Compliance with applicable laws and regulations
 Accomplishment of the company’s mission Monitoring – creating a process for keeping the plan update and relevant
 Relevant and reliable financial reporting
 Effective and efficient operations
CHAPTER 4: MANAGEMENT CONCEPTS
 Safeguarding of assets

Enterprise risk management – a process applied in strategy setting and across the
RISKS
enterprise, designed to identify potential events that may affect the entity, and manage
Brown’s Taxonomy of Risk
risk to be within its risk appetite, to provide reasonable assurance regarding the
achievement of the entity’s objectives
1. Financial Risks – related to monetary activities
a. Market Risks – changes in company’s stock prices, investment values and
ERM FRAMEWORK ELEMENTS
interest rates
1. Internal Environment – encompasses the tone of an organization, and sets
b. Credit Risks – customer’s unwillingness to pay amounts owed to the
basis for how risk is viewed and addressed by an entity’s people; overall
organization
organizational attitude about ERM
c. Liquidity risks – possibility that the company will not have enough cash
and near-cash assets to meet obligations
2. Objective Setting – this should support and align with the entity’s mission and
2. Operational Risks – concerned with people, assets and technologies used to
are consistent with its risk appetite; what an organization is trying to accomplish
create value for the org’s customers
 3. Event identification – events that could interfere with achieving the objectives 7. Communicate early and often
BEHAVIORAL ISSUES
4. Risk assessment – chance that the interfering events will occur
Expectancy theory – says that motivation is the product of three factors: expectancy
5. Risk response – generic ways to manage risks (events) (will I be successful?), instrumentality (will I be rewarded?), valence (do I value the
reward?)
6. Control activities – specific ways to manage risks (events)
𝑴𝒐𝒕𝒊𝒗𝒂𝒕𝒊𝒐𝒏 = 𝑬𝒙𝒑𝒆𝒄𝒕𝒂𝒏𝒄𝒚 × 𝑰𝒏𝒔𝒕𝒓𝒖𝒎𝒆𝒏𝒕𝒂𝒍𝒊𝒕𝒚 × 𝑽𝒂𝒍𝒆𝒏𝒄𝒆
7. Information and communication – wats to share the ERM plan
CHAPTER 5: INFORMATIONS SYSTEMS CONCEPTS
8. Monitoring – ensure the ERM plan stays relevant Systems Development Life Cycle (SDLC) – a methodology for designing,
NATURE OF BUSINESS PROCESS MANAGEMENT implementing, and maintaining virtually any kind of information system

Business process management 7 parts:

- a business improvement strategy based on documenting, analyzing and 1. Initiation/planning – unfulfilled need present
redesigning processes for greater performance 2. Requirements analysis – what is to be accomplished
- a systematic approach to analyzing, redesigning, improving and managing 3. Design – how system should look
specific process 4. Build – writing codes; customizing
5. Test – critique the system and suggestion for improvement
Generalized model of BPM 6. Implementation – actual use by the org
1. Select the process and define its boundaries. 7. Operations and Maintenance
2. Observe, document and map the process steps and flow.
3. Collect process-related data Capability Maturity Model (CMM) – Watts Humphrey (1980s) to assess business
4. Analyze the collected data processes in an objective way
5. Identify and prioritize potential process improvements
6. Optimize the process 5 Levels:
7. Implement and monitor process improvements 1. Chaotic – unstable and noncohesive processes
2. Repeatable – development of major milestones for projects
BASIC PRINCIPLES 3. Defined – more detail and with more rigor; processes are defined but not
1. Understand how the business processes interact with/support measured
organizational strategy. 4. Managed - management develops metrics to establish goals and control
processes
Strategy – the ways an organization gains competitive advantage in the market 5. Optimized – “continuous improvement”

2. Move away from “we’ve always done it this way”. Be open to alternatives. INFORMATION TECHNOLOGY SELECTION
3. Enlist top management support
4. Hire the right people Two kinds of issues to consider:
5. Value people who has experience with the process  Macro-level issues
6. Well defined task for consultants
  Micro-level issues
Flowchart – a graphical representation of some part of an information system.
Micro-level factors to consider
Classification of flowcharts:
 Need
 Strategic fit – indicates how an organization competes in market
 Mission statement – explains why an organization exists; how it is different
from competitors
 Personnel involvement -
 Financing
Macro-level factors
 Cost – total cost of the IT: upfront cost, training, maintenance and customization
 Adaptability – can it be adapted effectively to the organization?
 Training – how easy will the employees learn to use the new IT?
 Vendor reliability – is it a well-established, reputable company
3-Stage Process (Sylla and Wen, 2002) for evaluating IT investments
CHAPTER 6: FLOWCHARTING
 Systems flowchart – gives the user a “big picture” look at an information
system
 Program flowchart – shows the logic associated with a computer program
 Document flowchart – shows the various documents involved in a system.
- Portrays the procedures performed on these documents
 Hardware flowchart –shows the computers, printers, monitors, input devices
and other hardware elements associated with an information system
Good flowcharting habits:
1. Should be from top to bottom, left to right
2. Should have plenty of white space
3. Have a title
4. Should be organized in columns that depict areas of responsibility
5. If document involved in business process, must have clear origin and clear
termination
6. Rough drafts should be discussed by involved persons

Step 1: intangible benefits evaluation

- management support
- competitive advantage
- business transformation
Step 2: IT investments risk analysis
- physical risks
- managerial risk
Step 3: Tangible benefits evaluation
- productivity
- operating process performance

*weighted-rating technique

FLOWCHARTING TOOLS AND SYMBOLS

 7. Data must be moved by a process
FLOWCHART DESIGN STEPS 8. Data cannot move directly from external entity to a data store; by a process
1. Establish the system boundary – putting a box around the system; delimiting 9. Cannot move data to external entity; a process
2. Determine column headings – column headings should focus on area of 10. Data store has a noun phrase label
responsibility 11. Cannot move data from external entity to another EE
3. List actions performed within each column – what a department do within 12. EE has a noun phrase label
the system 13. Data flow has only one direction between symbols
4. Select appropriate symbols 14. Data flow cannot directly go back to the same process it leaves.
5. Prepare a first draft 15. A data flow can go directly to a data store
6. Discuss flowchart with others 16. Data flows has noun phrase label
7. Revise as needed
DATA FLOW DIAGRAMS AND FLOWCHARTS
CHAPTER 7: DATA FLOW DIAGRAMMING
DFD FC
DFD SYMBOLS AND DESIGN CONSIDERATIONS - Four symbols - Many symbols
- Leveled sets - Columns
Process – any set of - Level zero, depicting area of
1.0,1.1.. responsibility
procedures an organization
- Focus on data - Numbers can be
uses to gather data, change and how they used even not for
data to information, or report move between process
the information to system business - Concerned w
users; starts with an action processes, data, also w docs
word; two identifying external entities and processing
characteristics: a number and and data stores tools
- Line represents - Line represent
a name
data with noun movement
phrase label
External entity – any person or org outside the boundary of information system
LEVELED SETS OF DFDS
Data store –a place for collecting data; file
Leveled sets – a collection that models related business processes
Data flow – a directional line; refers to the data itself, not what happens to it.
Context diagram – show how the process, a single circle, related to the external entities,
GOOD DFD RULES: rectangles.
1. Processes should have unique names
2. Inputs to a process should differ from the outputs to a process DATABASE DESIGN
3. Any single DFD should not have more than seven processes Database tables – the fundamental building blocks of relational databases
4. No process can have only outputs. Primary key – a field that uniquely identifies every record within the table
5. No process can have only inputs.
6. Process = verb phrase label
Query – a set of instructions that examines records in one or more tables, then outputs
data in accordance with instructions
Reports – a third database object
Forms – allows user to input data to a table and/or look up data in a table
Normalization – the process of making a database table efficient and effective
Three-stage process:
1. First Normal Form (1NF) –eliminates repeating groups
2. Second Normal Form (2NF) – eliminates repeating groups and redundant data
3. Third Normal Form (3NF) – eliminates repeating groups, redundant data and
columns not dependent on the Primary key
CHAPTER 8: REA MODELING
TYPES OF AIS
 View-driven – traditional accounting systems; focus on general purpose
financial statements; idea that departments can remain separate and unrelated
 Five key problems:
1. Focus on very small, well-defined group of important
business events
2. Process data in batches, data are often outdated
3. System captures limited set of data
4. Data are highly aggregated and stored in multiple places
5. Internal control is often protective and expensive
 Event-driven – focus on business processes; assumes that the purpose of AIS
is to provide info about economic events that is useful in a variety of decision
context.
 Capture more data about individual transactions
 Organize data so can be accessed and understood by variety of
people
 Equipped to answer questions that cannot be answered by view-driven
REA MODELING
REA – “resources, events and agents”
 Events:
1. Operating events focus on activities involved with providing goods and
services to customers.
2. Information events deal with recording and maintaining data, as well
as reporting information
3. Decision/management events concerned with human decision making
Agents – people involved in the information system: employees (internal), customers
(external)
Resources – the things agents need to complete the events: cash, inventory, supplies
Resources – left column
Events – middle column
Agents – right column
Six-step REA model:
1. Understand the org’s environment and objectives – to have a thorough
grasp of what the organization does
2. Review the business process and identify the strategically significant
operating events. Focus on strategically significant operating events.
3. Analyze each strategically significant operating events to identify the
relevant event resources and agents.
4. Identify the relevant behaviors, characteristics and attributes of the REA
model elements. Helps create database tables.
5. Identify and document the direct relationships among elements of the REA
Model.
6. Validate the REA model with business people.
CARDINALITIES – tell the accounting professional about the relationships between
elements of a REA model.
DATABASE CREATION FROM A REA MODEL
1ST RULE. When the maximum cardinalities between two elements of a REA model
are one and many, include the primary key from the “one side” in the table on the
“many side.”
2nd RULE. When the maximum cardinalities between two elements of a REA model
are many and many, create a separate junction table to reflect the combined
relationship.
The idea is to create a workable model that reflects an organization’s
STRATEGICALLY SIGNIFICANT OPERATING ACTIVITIES.
 CHAPTER 9: XBRL (eXtensible Business Reporting Language) 3. Language.

TERMINOLOGIES Own rules regarding punctuation.

 Extensible GLOBAL TAXONOMIES AND TAGGING TOOLS

 “X” in XBRL;
 the XBRL language is ‘able’ to be ‘extended’; Global Ledger taxonomy – commonly known as XBRL-GL, helps organizations
 quality of XBRL that allows users to add tags manage internal information.
 Specification - Allows representation of anything that is found in a chart of accounts, journal
 A specific example of a broader class of objects entries or historical trans.
 XBRL is a part of a larger group of languages called XML (eXtensible
Markup Language) ORGANIZATIONAL BENEFITS
 XBRL is focused on descriptors of business reporting information
 Taxonomy XBRL helps the organization in 2 ways:
 A way to organize knowledge
1. Allows more efficient data collection and reporting
 “table of contents”
2. Facilitates data consumption and analysis.
 “asset, liabilities, equity”
 XBRL is focused on specific industry groups XBRL Benefits:
 Namespace
 The internet location of an XBRL taxonomy 1. Save costs
 “dictionary” of XBRL 2. Consolidates results
 Instance document 3. Improve accuracy and reliability of financial data
 A document that includes data properly tagged with XBRL 4. Focus effort on analysis, forecast, etc
5. Achieve quicker, efficient decisions
HISTORY AND STRUCTURE 6. More effective use of internet
7. Improve investor relations
 XBRL is one application of XML. 8. Simplify process and reduce costs
9. Obtain quicker responses
XML – a standard for the electronic exchange of data between businesses and on
10. Free from systems and software
the internet. Under this, identifying tags are applied to items of data so that they can
be processes efficiently by computer software. INTERNAL CONTROL
eXtensible BusinessReporting Language Risks and control activities:
1. extensible. 1. Comprised data – firewall, backup
2. Tagging errors – electronic tagging
Users can ‘extend’ the language beyond original parameters based on needs.
3. Hardware/Software failure – disaster recovery plans
2. business reporting. 4. Selection of inappropriate taxonomy – periodic review and approval of taxonomy
used
It is specifically designed to tag and transmit financial information.
 3. G2C – Government to Consumer – Internal Revenue Service
4. G2B – Government to Business – EDGAR (SEC)
Chapter 10 – E-business and Enterprise Resource Planning Systems 5. C2C – Consumer to Consumer – eBay
 Enterprise Resource Planning (ERP) – a relational database that provides
 E-commerce – the exchange of goods and services by means of the Internet or comprehensive information for making decisions in organizations (ex. Oracle’s
other computer networks PeopleSoft and SAP)
 Benefits of E-business:  More holistic (complete) view of the organization
1. Marketing: geographic market expansion, hard-to-reach markets, more  Modular Organization of ERP Systems
targeted marketing
2. Reduced operating costs: marketing, telecommunications, transactions Primary Stakeholder Module Components in
processing, doesn’t suffer the costs of maintaining real-world stores Generic Module Name
Group SAP
thereby charging less to consumers
Customer Relationship
3. Streamlined (organized) operations Customers Sales and distribution
Management (CRM)
4. Quicker, easier product and service delivery Human Resource
 Costs of E-business: Employees Human Resources
Management (HRM)
1. Financial costs associated with setting up networks Supply Chain
2. Need to develop different, better internal control systems Vendors Materials management
Management
 Control Number – a three digit number printed next to the card Financial Management Stockholders Financial Accounting
number itself, above the signature panel on the back of the card
 Trust Services – a set of professional assurance and advisory  Database Tables in ERP systems
services based on a common framework (a core set of principles and
criteria) to address the risks and opportunities of IT.
 WebTrust – the accounting profession’s answer to concerns relating Generic Module Name Table Names Table Primary Key
electronic commerce
 SysTrust – the accounting profession’s answer to concerns relating to Customer Relationship Customer ID, sales
Customers, Sales
system reliability Management (CRM) transaction ID
 Data Encryption Human Resource Employee ID, payroll
Employee, pay employees
Management (HRM) transaction ID
3. Potential for customer distrust
Supply Chain
4. Severe consequences for technology breakdowns: Los of customer Vendor, inventory Vendor ID, Inventory ID
Management
confidence, lost sales, overloaded customer service phone lines, and
Financial Management Chart of Accounts Account Number
generalized damage to a company’s reputation
 Amazon’s marketing strategy (six pillars)
1. It freely proffers(offers) products and services
 10 major causes of ERP implementation failures (Umble and Umble 2002):
2. It uses a customer friendly interface
1. Poor leadership from top management  Clear, strong leadership and
3. It scales easily from small to large
support from top management
4. It exploits its affiliate’s products and resources
2. Automating existing redundant or non-value added processes in the
5. It uses existing communication systems
new system  few policies need to be changed to make the most of the
6. It utilizes universal behaviors and mentality
ERP system, otherwise, managers will be doing the same ineffective
 E-business Taxonomies:
things, only faster
1. B2C – Business to consumer – Travelocity
2. B2B – Business to Business – Dell computers
 3. Unrealistic Expectations  Systems are not a panacea (cure) for
problems with organizational culture, poorly designed business processes,
or inadequate internal controls
4. Poor project management  managers have to apply solid project
management techniques for selecting the right people, completing the
tasks in the right order, and staying on schedule
5. Inadequate education and training  seeing the ERP as solely an
information technology project, rather than a an opportunity to analyse
business processes and make them better
6. Trying to maintain the status quo  be upfront and honest from the start
about the purpose and possible results of implementing ERP systems
7. A bad match between ERP software and organizational process 
consult with colleagues about which ERP software has worked well, and
which has worked poorly, in a specific industry
8. Inaccurate data in the system  the information generated by an ERP
system are as only as valid and useful as the data that undergird them
9. ERP implementation viewed as an IT project  view ERP project as
holistic, touching not only information technology, but also business
processes and organizational behaviour issues
10. Significant technical difficulties  such as bugs in the software,
problems interfacing with existing information systems, and hardware
difficulties
 Six necessary conditions for a successful ERP implementation:
1. Obtain organizational commitment: get a clear, strong commitment to
the project throughout the organization
2. Communicate strategic goals clearly: employees must understand the
goals of the ERP project – typically, providing better information more
quickly for decision making
3. View ERP as an enterprise-wide venture: ERP touches every aspect of
operations
4. Select a compatible ERP system: don’t believe everything the software
vendor or implementation consultants tell you! Do your own research; ask
for other companies that have had successful (and unsuccessful)
implementations
5. Resolve multisite issues: the project management plan must deal
specifically with multisite issues
6. Ensure data accuracy: the project team needs to do significant employee
education about the importance of accurate data entry; test runs with
fictitious data before the system “goes live” also can help achieve this goal
 Application Service Provider – an organization that provides a contractual
service to deploy, host and manage applications for customers remotely from a
centralized location (Jaruzelski and Lake 2014)
 ASP subcategories: (5)
1. Enterprise ASPs – deliver high end business applications
2. Local/Regional ASPs – supply wide variety of application services for
smaller businesses in a local area
3. Specialist ASPs – provide applications for a specific need, such as Web
site services or human resources
4. Vertical Market ASPs – provide support to a specific industry such as
healthcare
5. Volume Business ASPs – supply general small/medium-sized businesses
with prepackaged application services in volume
 COSO’s Enterprise Risk Management – Integrated Framework – discuss
ASPs as a form of risk sharing, one way of responding to risks in an
organization’s environment
 Uses of ASPs: (5)
1. Process insurance claims
2. Complete the steps in accounting cycle
3. Manage stock market
4. Provide personal financial planning
5. Prepare income tax returns
 ASPs benefits:
1. Less costly than purchasing software outright
2. Increased flexibility
3. Potentially improved customer service
4. Role in disaster recovery plans
 ASPs risk:
1. Psychological and behavioural factors
2. Service interruptions
3. Compromised data
4. Inability to pay monthly fees
 Internal controls that will address ASPs risk:
1. Establish a budget for the ASP project
2. Back up data on a daily basis
3. Provide ongoing training for employees using ASP
4. Create firewalls and encryption protocols
 Service Organizational Control Reports – internal control reports on the
services provided by a service organization providing a valuable information that
users need to assess and address the risk associated with an outsourced ervice
 3 broad types of SOC reports:
 1. SOC 1 – control relevant to user entities internal control over financial
reporting
2. SOC 2 – controls over security, availability, processing integrity,
confidentiality, or privacy
3. SOC 3 – less-detailed but similar to SOC 2 reports
Chapter 11 – Computer Crime and Information Technology Security
 Taxonomy for Computer Crime (Carter)
1. Target – the system or its data. The objective of these crimes is to impact
the confidentiality, availability, and/or integrity of data stored on the
computer
2. Instrumentality – uses the computer to further a criminal end; the
computer is used to commit a crime
3. Incidental – encompasses crimes where the computer is not required for
the crime but is related to the criminal act
4. Associated – the growth of the internet has generated new version of fairly
traditional crimes
 Business risk and threats to information systems
1. Fraud
 Any illegal act for which knowledge of computer technology is
used to commit the offense
 Data diddling – intentional modification of information
 Theft of information
 Sarbanes-Oxley Act – introduced with the firm resolve to increase
corporate responsibility and requires that companies establish
extensive governance policies to prevent and respond to
fraudulent activities
2. Error
 Implementing preventive controls that will detect and correct
errors before they can occur can prevent financial losses and
negative impacts to the organization’s image
3. Service Interruption and Delays
 Delay - Can bring the organization to a standstill
 Service interruption: accidental (can be caused by someone
shutting down the wrong machine), wilful neglect (could be due to
outdated antivirus software), and malicious behaviour (can be
caused by a hacker launching a denial of service attack against
an organization’s Web site
4. Disclosure of Confidential Information
 Can have major impacts on an organization’s financial health
 Privacy laws have made managers and other stakeholders aware
of the critical need to protect information assets
5. Intrusions
 to gain access to a network or a system by bypassing security
controls or exploiting lack of adequate controls
 hacker for profit/hacker for fun
6. Information Theft
 Targets the organization’s most precious asset: information
 Results in potentially higher losses for the organizations
7. Information Manipulation
 Input manipulation – hard to detect since the fraudulent input may
look valid until an in depth examination is performed
 Program manipulation – involves the modification or insertion of
specific functions in the computer information system
 Salami technique – where unnoticeable slices of a financial
transaction are removed and transferred to another account
8. Malicious Software (Malware)
 Can take many different forms: a virus infecting a system and
modifying its data, a worm replicating over the network causing a
bottleneck, or a Trojan horse allowing an unauthorized backdoor
into a system that directly impacts the confidentiality of the files
residing on the system
 Logic bombs
9. Denial of Service Attacks
 Attacks prevent computer systems and networks from functioning
in accordance with their intended purpose
 Causes loss of service to the users by consuming scarce
resources such as bandwidth, memory, processor cycles
 Can disrupt configuration information or physical components
10. Website Defacements
 A form of digital graffiti where intruders modify pages on the site
in order to leave their mark, send a message, or mock the
organization
 Hacktivism – politically motivated defacement that attempts to
send a message to the organization or some part of the online
community
11. Extortion
 the result of the computer being the object of a crime; the
extortionist contacts an organization after successfully stealing
information or launching a DOS attack
 Information Security – the protection of data in a system against unauthorized
disclosure, modification, or destruction, and protection of the computer system
itself against unauthorized use, modification, or denial of service.
 Basic Principles of Information Security:
1. Confidentiality – condition that exists when data are held in confidence and
are protected from unauthorized disclosure
2. Data integrity – state that exists when data stored in an information system
are the same as those in the source documents or have been correctly
processed from source data and have not been exposed to accidental or
malicious alteration or destruction
3. Availability – achieved when the required data can be obtained within the
required time frame
 Classification of IT controls:
1. Physical security controls – are required to protect computers, related
equipment, and their contents from espionage, theft, and destruction or
damage by accident, fire, or natural disasters.
2. Technical security controls (logical controls) – involve the use of
safeguards incorporated in computer and telecommunication hardware and
software
 Firewalls – the first line of defense in protecting the corporate
network from network based threats
 Access control policy – determines which packets can flow
between the network segments protected by firewalls
 Intrusion detection systems and intrusion prevention
systems – detect potentially malicious data and access patterns
(Network based: examine network traffic, they look for specific
patterns of anomalous behaviour or deviations from the standard
behaviour of the network & Individual based: detect malicious
activity by examining system calls, event logs, critical system files,
and other valuable system information
 Cryptography – transforms data to (1) hide them, (2) prevent them
from being modified and/or, (3) prevent unauthorized access to
them
3. Administrative Security Controls – management constraints, as well as
operational and accountability procedures
 Security policies – a clear and concise set of guiding
statements supported by management; it provides a framework
that ensures that information assets are secured
 Security awareness training – is an often overlooked part of a
security management program.
 Adequate supervision of employees - This should be the first
line of defense in protecting critical computing infrastructures
 Security Reviews – monitor the program to ensure compliance,
fine tune the security policy and controls in accordance with the
organization’s goals, and ensure that any deficiencies are
corrected
 Security audits – examine whether the information systems
operate in accordance with the security policy and ensure that
the controls are effective in protecting these systems
 Administrative security controls – established for three main
reasons: (1) to provide supplemental controls (2) to protect
information processing resources (3) to ensure that all
employees have proper authorization to access computing
resources
Note: Preventive controls are implemented to keep unwanted
events from occurring, detective controls attempt to identify
anomalous and unwanted events once they have occurred, whereas
corrective controls remedy problems discovered by detective
controls
 ISACA (Information Systems Audit and Control Association) – a
professional group that bridges the gap between accounting and information
technology
 COBIT 5.0 – five principles that form the foundation of a strong IT
governance and management:
1. Meeting Stakeholder needs: When an organization manages its IT well,
the system will meet legitimate information needs of all stakeholder groups
2. Covering the enterprise end to end: A well designed plan for managing
information covers the whole entity not just the IT function
3. Applying a single integrated framework: incorporates ad builds on other
frameworks to produce a unified set of ideas
4. Enabling a holistic approach: integrating IT governance and
management throughout the entity
5. Separating governance from management: governance focuses on
strategic decision making, goal setting, and prioritization; management
focuses more on day to day actions needed to achieve those goals
 Seven enablers (tools that make the best possible uses of information and
information technology)

Enabler ISACA Explanation
Vehicle to translate the
1. Principles, policies, and desired behaviour into
frameworks practical guidance for day
to day management
Organized set of practices
and activities to achieve
certain objectives and
2. Processes
produce a set of outputs in
support of achieving overall
IT related goals
3. Organizational Key decision making
Structures entities in an enterprise
Very often underestimated
4. Culture, ethics, and as a success factor in
behavior governance and
management activities
Required for keeping the
organization running and
well governed, but at the
5. Information
operational level very often,
the key product of the
enterprise itself
Infrastructure, technology,
and applications that
6. Services, Infrastructure
provide the enterprise with
and applications
information technology
processing and services
Required for successful
completion of all activities,
7. People, skills, and
and for making correct
competencies
decisions, and taking
corrective actions
CHAPTER 12 SALES/COLLLECTION PROCESS
 Business Process – a set of procedures and policies designed to create value
for some organizational stakeholder
 Value Chain – a way to think about the processes organizations use for their
stakeholder (Porter’s Value Chain)
 Primary activities: directly involved in value creation
 Inbound logistics: move raw materials
Example  Operations: transform materials into finished products
 Outbound Logistics: move finished product
 Marketing & sales: sell the product
Enterprise Risk
 Service: provide support as needed
management plan, internal
 Support activities: provide essential services to the organization
control plan
 Procurement: purchasing function
 Information technology: R & D, other transforms of IT
Sales/collection process,
 Human resource management: personnel-related functions
acquisition/payment
 Infrastructure: other aspects of the organization
process, conversion
process, human resource  Process Description (Sales/collection) – TAP-FISH-BICOP
process, financing process 1. Take a customer’s order – either face to face, via the Internet, through the
mail, over the phone and others
C-suite executives 2. Approve the customer’s credit - such as scanning the credit card
3. Fill the order based on the approved credit – preparing the order for
Valuing open dialogue and shipment
cooperation 4. Ship the product (if necessary)
5. Bill the customer
6. Collect payment – (1) open invoice system – a customer remittance is tied
to a specific invoice or set of invoices (provides more detail though
Product demand, employee
complex). (2) balance forward system – remittances are not applied to a
satisfaction, vendor
particular invoice; rather, they are simply applied to a customer’s total
reliability
outstanding balance
7. Process uncollectible receivables as necessary
 Documents Associated with the Sales/ Collection Process
Enterprise resource
planning systems, relational
databases, transaction Document Name Basic Purpose Originator Recipient
processing software To summarize items
Customer Order Sales department Warehouse
ordered and prices
To guide selection of items Shipping
Functional experts, cross Picking List Warehouse
from warehouse department
functional thinking To specify contents of Shipping
Packing List Customer
shipments department
Shipping
Bill of Lading To specify freight terms Common Carrier
department
Customer Invoice To bill client Billing department Customer
Cash receipts
Customer Check To remit payment Customer
department
To provide a source Accounting
Remittance Advice Customer
document department
To transmit cash receipts to Cash receipts
Deposit slip Bank
bank department
 a. Incorporating independent order checking
 File Structures in the Sales/Collection Process b. Using information technology to fill orders
4. Damaging goods in the delivery process
File Name File Type Primary Key Other Data a. Packing merchandise adequately prior to shipment
Last name, First name b. Insuring goods in transit
Street Address, city state, ZIP ode 5. Billing the customer incorrectly
Phone number a. Machining documents prior to billing
Employee Master Employee ID
Emergency Contact b. Using information technology to ensure numerical accuracy
Department 6. Mishandling cash receipts
Hire date a. Separating duties
Customer company name b. Restrictively endorsing checks when they are received
Street address, city, state, ZIP Code c. Reconciling the bank statement at least monthly
Phone number
Customer Master Customer ID CHAPTER 13 ACQUISITION/PAYMENT PROCESS
Contact person name
Credit limit
Date of first sale  Basic steps: (Hollander, Denna and Cherrington) – RAP REDIW
Product name 1. Request goods and services based on monitored need
Beginning balance date 2. Authorize a purchase
Inventory Master Product ID Beginning balance quantity 3. Purchase goods/services
Beginning balance cost per unit 4. Receive goods and services (blind copy – indicates what items are
Preferred supplier expected from what vendor but not the item in quantities)
Transaction date 5. Disburse Cash
Transaction
Sales Transaction Customer ID 6. When necessary, process purchase returns
ID
Employee ID  Documents Used in the Acquisition Payment Process
Product ID
Transaction Document Name Basic Purpose Originator Recipient
Sales/Inventory Junction Quantity sold
ID To request that the purchasing
Selling price per unit Purchase Operating Purchasing
department order goods or
requisition department department
services from a vendor
 Common Risk Faced in the sales/collection process and the internal To specify the items to be
controls that might lessen those risks: ordered, freight terms, shipping Purchasing
Purchase Order Vendor
address, and other information department
1. Granting credit to customers who are not creditworthy
for the vendor
a. Relying on third-party vendors to grant credit (Visa, Discover, or
To ensure that goods have
American Express) Receiving Various
Receiving report been ordered and received in
b. Establishing a formal credit approval process, independent of the department departments
good condition
sales function (example of separation of duties) To request payments from a Accounting
c. Conducting a cash-only business Vendor Invoice Vendor
customer department
2. Selling products that are not available Accounting
a. Checking stock on hand before completing a customer’s order Check To pay the vendor Vendor
department
(maintain a relational organization/ERP system controlled by a query)
b. Maintaining adequate inventory (just in time, economic order quantity,
and reorder point)  File Structures in the Acquisition/ Payment Process
3. Filing the customer’s order incorrectly
 c. Insure products en route
File name File Type Primary Key Other data 4. Experiencing theft of inventory and/or cash
Last name, first name a. Establish an internal audit function
Street Address, city state, ZIP b. Reconcile bank statements promptly
code c. Separate authorization, custody, and usage functions for both
Employee Master Employee ID Phone Number inventory and cash
Emergency Contact d. Install employee monitoring systems
Department e. Bond employees who handle high value goods – Fidelity bonding –
Hire date insurance focused on employee behavior: (1) individual bonds – cover
Vendor company name theft by a specific named individual (2) Schedule bonds – list every
Street address, city state, ZIP name or position to be covered (3) Blanket bonds – the most
code
encompassing, covers all employees without reference to individual
Vendor Master Vendor ID Phone number
names or positions
Contact person name
Credit limit 5. Making errors in paying invoices
Date of fist purchase a. Require document matching (purchase order, receiving report, invoice)
Product Name b. Employ information technology to take advantage of available
Beginning balance date discounts
Inventory Master Product ID Beginning balance quantity c. Stamp documents paid to avoid duplicate payments
Beginning balance cost per unit  Comprehensive view of sales/collection process and acquisition/payment
Preferred supplier process
Transaction date 1. An operating department in the buying organization request goods and
Purchases Transaction Transaction ID Vendor ID services
Employee ID 2. The purchasing department in the buying organization authorizes purchase
Product ID 3. The sales department in the selling organization takes the customer’s order
Purchases/Inventory Junction Transaction ID Quantity Purchased 4. The credit department in the selling organization approves the customer’s
Purchase price per unit credit
5. The warehouse in the selling organization fills the order based on the
approved credit
 Common Risk Faced in the acquisition/payment process and the internal
6. The selling organization’s shipping department ships the product
controls that might lessen those risks:
7. The buying organization’s receiving department receives the goods
1. Ordering unneeded goods
8. The billing department in the selling organization bills the client
a. Institute a system for monitoring inventory levels
9. The cash disbursements department in the buying organization disburses
b. Require justification for unusual orders or orders over a specified dollar
the cash
amount 10. The cash receipts department in the selling organization collects payment
c. Specify the business purpose for ordered goods
2. Purchasing goods from inappropriate vendors CHAPTER 14 OTHER BUSINESS PROCESSES
a. Develop and enforce a conflict of interest policy
b. Establish criteria for supplier reliability and quality of goods  Conversion process – basic purpose is to convert direct material, direct labor,
c. Create strategic alliances with preferred vendors and manufacturing overhead (factors of production) into a finished product.
3. Receiving unordered defective goods  Job costing – units of product are differentiated from one another
a. Match receiving reports with approved purchase orders  Process costing – systems produced are undifferentiated goods
b. Inspect the goods before accepting a shipment
  Hybrid system – combine some elements of both job and process costing  Time to repayment
system  Frequency of payments
 Conversion Process Documents  Lender identification data
Form Name Purpose Originator Recipient  Human resource process
Request raw material from the  Payroll forms:
Materials requisition Production Warehouse
warehouse for production Form Name Purpose Data Included
Summarizes material, labor, and Form W-4 Establishes payroll withholding status Employee identification data
Job cost sheet Production Accounting
overhead cost in a job costing system Withholding status
Accumulates labor data (time, pay rate, Number of withholding allowances
Labor time ticket Production Accounting
total labor cost) Form W-2 Reports year-end information for tax Employee identification data
Production cost Summarizes cos and quantity purposes Employer identification data
Production Accounting
report information a process costing system Gross pay and tax withholdings
Documents he movement of materials 401(k) contributions
Material move ticket Warehouse Production
from the warehouse into production Payroll register Computes payroll data for all Employee identification data
employees for a given pay period Hours worked
 Risk and Control in the Conversion Process Pay rate
Risk Control Total gross pay
Special storage conditions Tax and benefit withholdings
Damage to raw materials Net pay
Backup power supplies for heating and cooling
Secured storage areas Employee Summarizes payroll data for a single Virtually the same as the payroll
Loss/theft of raw earnings record employee for multiple pay periods register
Adequate documentation
materials Form 1099 Reports amounts paid to an I.C identification data
Separation of duties
Workers’ compensation insurance independent contractor (IC) Payer’s identification data
Worker injuries Safety training Total amount paid
Protective clothing Form 940 Reports employer’s federal Company name
unemployment taxes Amount Paid
Form 941 Reports amounts withheld by
 Financing Process employer to IRS
 Information needed for financing process transactions
 Equity financing transactions
CHAPTER 15 DECISION-MAKING MODELS AND KNOWLEDGE MANAGEMENT
 No. of shares
 Par value per share
 Information overload (Eppler and Mengis)
 Market value per share
 the amount of information actually integrated into the decision begins
 Shareholder identification data
to decline
 Dividend per share
 the volume of information supply exceeds the limited human
 Dividend dates (declaration, record, payment)
information processing capacity
 Debt financing transactions
 the information processing requirements exceed the information-
 Principal
processing capacity
 Coupon interest rate (rate of interest paid in cash)
 the decision maker estimates he or she has to handle more
 Market interest rate (the rate prevailing in the market for
information than he or she can efficiently use
investments of similar risk
 Issue date
 Causes of information overload (5)
1. Personal factors - everyone’s limitations to process information
2. Information characteristics
3. Task and process parameters\
4. Organizational design – people in groups have differing ideas and
approaches for problem solving and decision making
5. Information technology
 Symptoms and effects of Information overload
1. Limited information search and retrieval strategies
 Less systematic searching
 Increased problems differentiating relevant and irrelevant
information
2. Arbitrary information analysis and organization
 Overlapping and inconsistent categories
 Difficulty seeing the big picture
3. Suboptimal decisions
 Inefficient work
 Reduced quality and accuracy of decisions
4. Strenuous personal situations
 Stress, confusion, and cognitive strain
 Overconfidence
 Countermeasures for information overload
1. Allow more time to complete important tasks
2. Compress, aggregate, categorize, and structure information
3. Create, small, self-contained tasks rather than trying to do everything at
once
4. Define decision models and rules for common decision contexts
5. Focus on creating value added information
6. Formalize the language used to describe information
7. Handle information as it comes to you – don’t put it off
8. Improve personal information management
9. Improve personal time management skills and techniques
10. Use graphs and other visual aids
 2 additional reasons why people don’t always make the best decisions:
(Simon)
1. Satisficing – people’s tendency to stop looking for solutions to a problem
when they find a solution that works- whether the decision is best or not
2. Bounded rationality – a separate, but related, idea which means that
people will inherently avoid uncertainty and rely on proven rules for
problem solving whenever they can
 Knowledge management – the organization generate value from their
intellectual resources and information systems within a business environment
 the process through which organizations generate value from such
assets involves sharing them to employees, departments and even
with other companies in an effort to devise best practices (Santosus
and Surmacz)
 Four objectives of knowledge management (Rowley)
1. To create knowledge repositories
2. To improve knowledge access
3. To enhance the knowledge environment
4. To manage knowledge as an asset
 Seven steps to create knowledge management system (Nesbit)
1. Create an organizational culture that supports the ideas of knowledge
sharing and development
2. Define the business goals the knowledge management system will address
3. Perform a knowledge audit to identify any duplication, gaps, and overlaps
in an organization’s knowledge base
4. Create a visual map that describes units of knowledge and the
relationships between them
5. Develop a knowledge management strategy based on the content
management, integration, search mechanisms, information delivery, and
collaboration
6. Purchase or build appropriate tools for capturing, analyzing, categorizing,
and distributing knowledge
7. Periodically reassess the value of the knowledge management system and
make necessary adjustments
 Steps for better thinking (Wolcott and Lynch)
Foundation Knowing: acquire background knowledge and skills
1. Identifying: Problem, Relevant information, uncertainties
2. Exploring: Biases, Assumptions, Qualitative interpretation from various
POV, information organization
3. Prioritizing: Ranked list of factors to consider, Conclusion
4. Envisioning: Solution limitations, Information use for future decisions
CHAPTER 16: PROFESSIONALISM, ETHICS AND CAREER PLANNING
PROFESSIONALISM
7 Characterisctics of Professionals (Dr. Nancy Bell, 2004)
 Communicates effectively
 Thinks rationally, logically and coherently
  Appropriately uses technical knowledge 8 Step Model of Dealing with Ethical Dilemmas (Langenderfer and Rockness, 1989)
 Integrates knowledge from many disciplines
1. Identify the facts
 Exhibits ethical professional behavior
2. Identify the ethics issues and the stakeholders involved
 Recognizes the influence of political, social economic, legal and regulatory
3. Define the norms, principles and values related to situation
forces
4. Identify the alternative courses of action
 Actively seeks additional knowledge
5. Evaluate the consequences of each possible course of action
4 Criteria of Being Professional (McDonald, 2001) 6. Decide the best course of action consistent with the norms, principles and
values
 Specialized knowledge base. Financial reporting rules, auditing standards. 7. If appropriate, discuss the alternative with a trusted person
 Complex skills. Use of judgment and computations. 8. Reach a decision
 Autonomy of practice. Refers to independence or self-sufficiency.
ETHICAL CASES
“independence of mind”
 Adherence to a code of ethical behavior Charles Ponzi – committed a multimillion-dollar fraud with international postal reply
coupon; “pyramid” or “multilevel marketing” scheme
ETHICS
Adelphia Communications Corporation – the management engaged in deceptive
Nature of Ethics (Boss, 2014)
accounting practices to meet analyst’ expectations for profitability
1. Ethics is a set of standards that:
Enron/Arthur Andersen – best known accounting fraud in recent history (Enron);
a. Differentiates “right” from “wrong”
downfall of one of the then “Big Five” CPA firms because of Enron (Arthur)
b. Is established by a particular group
c. Is imposed on members of the group to regulate behavior CAREER PLANNING
2. Ethics is a discipline that:
a. Studies values and guidelines for living Steps in Career Planning
b. Considers the justification (or lack) of values
1. Determine your strengths, aptitudes and abilities
Ethical Egoism – teaches that people are fundamentally solitary creatures, each 2. Create a career mission statement
pursuing their own best interest. 3. Research employment opportunities related to the first two
4. Build your resume
Utilitarianism – teaches that the most ethical action is the one that promotes the greatest 5. Practice interview skills
good for the greatest number
CHAPTER 17: AUDITING AND EVALUATING THE AIS
Deontology – “rights and duties” school of ethical thought that believes individuals have
rights and that ethical principles are developed through reasoning; Auditing – the area of accounting associated with AIS evaluation.
- Ethical decisions are based on a universal moral code, not on the outcome of a
TYPES OF AUDIT (7)
decision

Virtue ethics – ethical behavior is a natural product of being fundamentally ethical and 1) FINANCIAL AUDIT – involves the examination of a company’s accounting
virtuous; being a good person is more important information system and financial statements.
 o Financial Audit Reports: (4) FORMAT
 Unmodified Report – “clean report” says that the company’s statements  INTRODUCTION - explains when the standard applies in audit engagement
are prepared in accordance with GAAP.  OBJECTIVE – discusses the overall goal of the standard; what is being tried to
 Qualified Report – one or more items don’t conform with GAAP – but does achieve
not compromise the overall fairness  DEFINITIONS – identifies key terms and their meaning
 Adverse Report – statements are not prepared in accordance with GAAP  REQUIREMENTS – explain what the auditor needs to do to fulfill that standard
 Disclaimer – denotes that the auditors could not tell if they were in  GUIDANCE AND EXPLANATORY MATERIAL - gives additional information
accordance with GAAP about the requirements and related matters
2) OPERATIONAL AUDIT – auditors examine a company’s rules and procedures
for conducting business. Internal auditors are often involved. GENERALLY ACCEPTED AUDITING STANDARDS
3) SYSTEMS AUDIT – determines whether the various forms of information
technology in an AIS are producing expected results. It also examines the issue  GENERAL STANDARDS – focus on
of systems security very closely. the auditor’s background and
4) COMPLIANCE AUDIT – Governmental and NPOs are subject to this, virtually approach to the audit.
devoid of judgment  Training – well-trained in auditing
5) MANAGEMENT AUDIT – may involve the greatest degree of judgment.  Independence – auditor’s mental
Determines the degree to which the assumptions underlying decisions are valid attitude
or how these management decisions are supported.  Professional care – properly
6) INVESTIGATIVE AUDIT – “fraud audit”; associated with forensic accounting. It planned
may be triggered by observation of unusual behavior or discrepancies in the
AIS.  FIELD WORK – set out important ideas for conducting the audit
 Review of documents  Supervision – all staff members must be adequately supervised; as experience
 Interview of neutral third-party witnesses increases, need for supervision decreases
 Interview of corroborative witness  Internal control – assess an organization’s risk exposures and determine if IC
 Interview of coconspirators ameliorates
 Interview of target  Evidence – importance of having an objective, reasonable basis for expressing
7) INTERNATIONAL AUDIT – it requires the auditor to understand the accounting opinion
rules in another country but also necessitates an intimate understanding of
national culture, laws, regulation and other nonaccounting issues.  REPORTING – speak to the ultimate opinion the auditors express
 GAAP – opinion must state if be in accordance
AUDIT CLARITY PROJECT (Skinner, 2012)  Consistency – report inconsistencies between current and prior application
Two main objectives:  Disclosure – state if it is appropriate
i. To make auditing standards easier  Opinion – explain the reasons for opinion
to read, understand and apply
ii. To converge the US Auditing
Standards with IAS
GENERIC AUDIT STEPS
I. Assessment of management’s integrity
II. Evaluate management’s credentials.
III. Review the internal control system.
IV. Perform compliance testing
V. Issue the audit report.

ASSERTIONS BY MANAGEMENT (5)

 Existence or occurrence – Did the transaction really happen? Do the assets
exist?
 Rights and obligations – Does the company really own the assets?
 Valuation and allocation – are the accounts valued correctly?
 Completeness – are the financial statements complete?
 Presentation and disclosure – were all the transactions recorded in the
correct accounts? Are the disclosures understandable?

SARBANES-OXLEY ACT
 Section 302. Evaluation of internal controls in an audit. Responsibility of CEO
and CFO.
 Section 401. Disclosures in Periodic Reports. Financial statements must be
accurate and presented correctly.
 Section 404. Management Assessment of Internal Controls, reemphasizes the
importance of sound internal control in AIS integrity and reliability.
 Section 409. Real-time reporting is the primary issue of this section.
Disclosures should be made in nontechnical, easy-to-understand terms
 Section 802. Spells out the penalties for noncompliance with the Act.
 “
D
i
s
7
7
7
7
7
7
7