SOLUTION MANUAL for Core Concepts of Accounting Information Systems 13e Mark Simkin Carolyn Norman Jacob Rose
Chapter 1 ACCOUNTING INFORMATION SYSTEMS AND THE ACCOUNTANT Discussion Questions 1-1. The answer to this question will vary with each university’s location. However, it is likely most students will reveal that their parents are employed in non-manufacturing jobs. Instructors may wish to emphasize that the large numbers of service sector employees and knowledge workers reflect a trend. 1-2. This question is designed to encourage students to think about some of the information reporting limitations imposed by the traditional accounting general ledger architecture. Other activities that do not require journal entries include (1) obtaining a line of credit, (2) issuing purchase requisitions or purchase orders, (3) signing contracts, (4) hiring a new executive, and (5) sending financial information to investors or bank loan personnel. But instructors may wish to point out that important information about a company’s business transactions may be included in an annual report outside the financial statements. The management letters and footnotes in annual reports may reveal more about a company’s future prospects than the financial statements themselves. Managers have access to much more information than what is published in financial reports. Whether or not they would like to have access to more non-financial information, or if they would prefer that the accounting information system capture data about business events rather than accounting transactions, is debatable. It may also be a function of the accounting system in a particular company. Investors may wish to have more information available to them but the downside is that too much information can be just as problematic as too little information. 1-3. The financial accounting systems we have known for more than 500 years are changing dramatically as a result of advances in information technology and financial accounting software. For example, databases allow accountants to collect and store all the data about a transaction or other file entity in one system, allowing those needing such information to retrieve it quickly, efficiently, and specifically in any format they wish. Financial data can be more easily linked to nonfinancial data as a result of database technology as well. Thus, it is likely that financial reporting will undergo tremendous change in the next few years as we learn to use technology more effectively in the design of financial AISs. ERP systems are another example of the information age's impact on financial accounting. Now, organizations capture more data and produce more information than ever before. This allows companies to integrate more of their financial and non-financial system, better forecast everything from raw materials requirements to finished product production, and to perform more sophisticated analyses of important business functions. For instance, sales can be examined at many different levels and organized according to criteria such as geography, customer, product, or salesperson at the touch of the keyboard.
SM 1.1
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
One of the most important changes in AISs is the way these systems will gather financial information in the future. Although many of these systems will continue to capture data in traditional batch mode or at POS sites, we expect newer systems to collect more of it on mobile devices—for example, cell phones, PDAs, and digital cameras. Because more employees and working at home these days, “digital commuting” may be another trend. 1-4. The objective of a company’s financial statements is to communicate relevant financial information to such external parties as stockholders, investors, and government agencies. Issuing financial statements in XBRL formats contributes to this objective by making such financial data more searchable, comparable, informative, and therefore useful. Also, because XBRL enables companies to use standard tags to identify specific accounting values, the language itself therefore imposes a greater degree of standardization in the informational content of the reports. Finally, XBRL also helps government agencies gather financial data that are more consistent, easier to understand, self-checking, and more quickly communicated. Chapter 14 contains more about XBRL, including the idea that the language also enables its users to verify accounting relationships as assets = liabilities + net worth. 1-5. The questions asked here about suspicious activity reporting (SAR) require opinions from students. Regarding the first question, which asks if SAR activity should be a legal matter, there is little room for disagreement because so much of SAR is mandated by such federal legislation as Annunzio-Wylie Anti-Money Laundering Act of 1992, the Bank Secrecy Act of 1996, and the Patriot Act of 2001. Although statistics on the number of SAR filings, less is known about how much of what appears to be suspicious are, in fact, violations of federal statutes. 1-6. The example given in the question demonstrates one way in which computerization has refined cost estimation and thus has impacted managerial accounting. However, IT has impacted almost every area of managerial accounting (and decision making). Consider, for example, the emergence of such concepts as just-in-time systems, computer integrated manufacturing systems, manufacturing resource planning systems, target costing, and activity based costing – all of these require IT to support managerial decision making. Forecasting and budgeting are other areas of managerial accounting affected by advances in technology, as are the many applications of spreadsheet software, decision support systems, and expert systems. Universities are also impacted by the many advances in IT. You might have students type “university use of scorecards” in their favorite browser to discover the many uses this tool offers to administrators in an academic environment. The search results show a variety of uses that are reported at such universities as The Ohio State University, CSU-Stanislaus, Clemson University, Colorado State University, San Jose State University, and others. For example, the University of Denver adapted a version of the Balanced Scorecard to evaluate their Student Life Assessment Plan (SLAP) which focuses on Learning Outcomes. San Jose State University uses a Scorecard to evaluate and continuously improve their online programs. 1-7. The AICPA website lists hundreds of potential assurance services for CPAs to offer. These include productivity improvement, cost analysis, benchmarking, internal auditing quality assurance, CPA WebTrust for electronic commerce, and SysTrust. Several of the proposed SM 1.2
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
assurance services are in the information technology management/security category. These include information systems security reviews, reviews of computer disks for unauthorized software, and audits of computerized controls. Classroom discussion might address the particular skills that CPAs would need for each of the proposed assurance service areas. Skepticism and integrity, for example, are two characteristics typically associated with public accountants. It is interesting to learn which of the existing or proposed assurance services recommended by the AICPA will actually be offered by a given public accounting organization. Many of the larger firms already offer at least some of these services, and the largest accounting firms today derive a large portion of their revenues from professional services other than auditing and tax consulting. But the industry shake-up in 2002 may also prompt some accounting firms to scale back services and focus on only their auditing business. The AICPA offers one-day training classes for those interested in certifying websites. Many auditors take advantage of this training but it is unclear at this point what the market for website verification services will be. So far, there have not been many adopters of WebTrust. 1-8. This question asks students to interview auditors from professional service firms and ask them whether or not the firms for which they work offer any assurance services. Hopefully, several firms do offer such services and instructors can use this as point of departure for additional discussion about such work. 1-9. Almost every traditional accounting job today requires at least some information systems skills. In addition, there are many job opportunities that require combined skills in both accounting and information systems. Consulting is one key area. Consultants with these skill sets can work at helping companies choose and install accounting software. They can also help companies with analyses of their business processes. Evaluating information systems security is another area of consulting where accounting and information systems skills are valuable. Tax planning, preparation, and consulting are yet other areas. Prior research suggests that it is easier to train an accountant in information systems than vice versa. Whether this is true or not, it is certainly clear that accounting students with information systems skills are valuable employees. Individuals who are technically skilled at computers but lack knowledge about accounting concepts are handicapped when trying to help a company to develop and enhance its information systems. Their lack of accounting skills may lead their employer to install information systems that fail to meet their needs. 1-10. Employers of both accounting and IS personnel often rank “analytical reasoning” and “writing” skills on the same priority as technical skills, and some rank them even higher. Said one recruiter at the school of one author: “I can train new employees to use our computer systems and perform the majority of the technical tasks we will require of them. What I cannot train them to do is to think analytically or logically. And what I refuse to do is to teach them to speak and write clearly and effectively—skills they should have learned in high school.” Another recruiter said it slightly differently: “Give me a technically-competent accounting or IS student who can perform AIS tasks well, and I will pay them X dollars. Give me a student who SM 1.3
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
can explain to my clients how our services can solve their business problems and I will pay them 2X dollars.” There are several other attributes beyond “analytical thinking” and “writing” skills that many employers also value highly. One of them is “teamwork”—i.e., the ease and willingness of an employee to work with others instead of working alone. Another is “dedication”—i.e., the willingness and desire to get a given job done even if this means working more than 40 hours a week. A third is meticulousness—the attention to detail and the desire to get all the details correct. Finally, there is “selflessness”—the willingness to sacrifice personal goals, ego, and time in order to finish important organizational and professional projects. 1-11. This is a growing field of career opportunities for accounting majors that should not be underestimated! An article in the Wall Street Journal (January 12, 2014; D4), "Skill Sets You Might Want to Sharpen This Year", included the following: Computer, Communication, Foreign Language, Data, and Networking. The data section suggests that understanding data has become an increasingly important part of success, that everyone should understand how "big data" or data analysis applies to your career field. A July 2012 White Paper by IT@Intel (Mining Big Data in the Enterprise for Better Business Intelligence by Fania and Miller), notes that one of the biggest challenges in big data is addressing the lack of skilled experts and that by 2018 the US could face a shortage of 140K to 190K of people with deep analytical skills, and perhaps 1.5 million managers and analysts who do not have the knowledge to use big data to make effective decisions. Accounting majors who take IT, statistics, and business analytics courses should be able to take advantage of these shortages by applying their skills and abilities in this area. Predictive Analytics jobs are available literally anywhere in the US from NYC to Columbus, OH to Seattle, WA – and many international opportunities. And the firms include Walmart, Bank of America, healthcare firms, universities, insurance companies and the Big-4 public accounting firms. For more information: http://predictiveanalyticsjobs.org. Another interesting web site is: http://www.icrunchdata.com/Index.aspx. This site identifies the many different types of jobs that are available, such as client service and sales analyst, quantitative analyst, risk analyst, etc. Degrees/courses to prepare for these types of jobs are usually called an MS in Analytics or Business Analytics. (http://analytics.ncsu.edu/?page_id=4184). At this site, you can click on any university program to view the structure and content of the degree program. There are 44 universities that now offer these degree programs—the first was in 2007 and eight just started their MS program in 2014. As you can see, this is a relatively new field for accounting majors to consider. The duration of the programs is as few as 9 months, but most are 12 months or more. The curriculum is a careful mix of applied mathematics, statistics, computer science, and business disciplines. For salary information, this site is very helpful: http://analytics.ncsu.edu/?page_id=248
SM 1.4
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Depending on the decision to be made, the employee who can analyze and make business decisions based on big data is in a position to help the firm realize a competitive advantage. A skill that is a critical shortage and sure to impress even the most discriminating supervisor.
Problems 1-12. a. AAA American Accounting Association b. ABC activity based costing c. AICPA American Institute of Certified Public Accountants d. AIS accounting information systems e. CFO chief financial officer f. CISA certified information systems auditor g. CITP certified information technology professional h. CPA certified public accountant i. CPM corporate performance measurement j. ERP enterprise resource planning k. FASB Financial Accounting Standards Board l. HIPAA Health Insurance Portability and Accountability Act m. ISACA Information Systems Audit and Control Association n. IT information technology o. KPI key performance indicator p. OSC Operation Safe Commerce q. Patriot Act Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act r. REA resources, events, and agents s. SAR suspicious activity reporting t. SEC Securities and Exchange Commission u. SOX Sarbanes-Oxley v. VAR value-added reseller w. XBRL extensible business reporting language 1-13. The number of articles in professional accounting journals that relate to information technology has grown significantly during the past several years. Almost every issue of these journals has a large number of articles on such topics as accounting software, electronic commerce, information systems security, SOX software, and new computer tools for accountants. Several now have separate “Technology” columns or sections devoted to IS topics or developments. Students completing this exercise are likely to conclude that “information technology” now influences almost every aspect of accounting. 1-14. This problem focuses on the human side of organizations—especially ways that employees might devise to “beat the system.” This problem is therefore especially useful in alerting students to the importance of designing and using systems that employees perceive as “fair,” and classroom discussions should reveal that employees can sabotage even the most cleverly-designed accounting systems. SM 1.5
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
a. Organizations often use accounting measures such as return on investment (ROI) for performance evaluation. Unfortunately, managers can manipulate these measures, at least in the short run, by either artificially increasing profits (the numerator) or decreasing assets (the denominator). Some ways to accomplish this are to (1) defer expenses, (2) maximize sales, (3) postpone maintenance on assets, (4) postpone investments in assets, or (5) using historical cost-based assets, adjusted by depreciation instead of market costs (which can result in an infinite return on investment once all the organization's assets have been fully depreciated). Where net profit is used in the calculation, Shervonne's comment about including allocated overhead in deriving profit, is another argument against using return on investment. There are many different performance measures the company might use—some quantitative and some qualitative. Other accounting measures include (1) segment margins, (2) units of sales, (3) increases in the number of customers, (4) increases in new customers, (5) measures of customer satisfaction, (6) decreases in sales returns, (7) employee complaints, or (8) employee turnover. b. Accounting numbers can frequently lead to dysfunctional behavior if their limitations are not universally understood. For example, if the incentives are large enough or the penalties for underperformance are harsh enough, managers might be tempted to record “potential sales” as “actual sales” in a given time period, accelerate the depreciation of assets using alternate depreciation schedules, “forget” to subtract costs in computing returns, or sabotage the “returns” of other managers in order to improve their own performance values. Dysfunctional behavior may also surface if one number is used in isolation. For instance, return on investment discriminates against entities with larger investment bases. It also has the shortcomings mentioned above. However, ROI adjusted for overhead allocations and current asset values might be a good measure when used in conjunction with other measures. c. This part of the problem requires Internet research. However, “residual income” might be a better measure to use in this company. This measure counteracts some of the problems associated with return on investment, although it has shortcomings of its own. Profitability, as mentioned, is problematic where allocations are used. Allocations are really never quite "fair." For instance, rent in a department store might be allocated to departments based on square footage. Certainly, this would lead to complaints by the department located in back on the sixth floor if they pay more than the department just inside the front door! 1-15. The idea behind Mr. Zucker’s observation is that many companies now make less money in the digital age than they did in the analog age. This is perhaps because items like CD music, downloads, and DVD movies are now in digital formats that can easily be copied and transmitted, making copyright infringement common. a. Music company executives are having a difficult time. Music files are small and easily shared once downloaded. Protection is difficult because legitimate users often wish to SM 1.6
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
copy their music from one computer to another, or from one computer to ipods, MP3 players, cell phones, and other portable devices. b. Consumers of course love it when product prices decrease. But they dislike anything that restricts their free and liberal use of digital media. After all, they paid for it and feel they should be free to copy and use it any way they wish. c. TV executives appear to both appreciate and dislike the new reality of the digital age. Digital media makes TV programming easier and cheaper, but decreases the income streams that used to come from VHS tape sales. TV executives also find that making older episodes of popular TV series available on their websites increases the visibility of their works and therefore the popularity of their websites. However, it is not clear whether the advertising revenues from such sites are able to offset the lost revenues of tape and disk sales. 1-16. This problem requires students to find out “what’s new” in the field of AIS now, and to write a report on their findings. A good starting point for this is to read the “Technology” sections of popular accounting journals, or reference the websites of some of the professional accounting associations such as the AICPA or ISACA. 1-17. Instructors might want to mention that this problem asks students to consider the accounting information needs of a subset of not-for-profit organizations, and to note that the accounting data required by them often does not differ much from for-profit organizations. a. Examples of the financial information gathered and maintained by such groups include data on dues payments, revenues from such club activities as bake sales, rummage sales and swaps, car washes, newsletter expenses, advertising expenses, office equipment expenses, professional service expenses, and disbursements for such items as gifts, student scholarships, and travel reimbursements. b. Hopefully, students will realize that they are talking about manual accounting information systems. For example, the manual system gathers the same data that would be gathered by a computerized system, stores it for future reference and further processing, and periodically outputs it in useful formats for club members and perhaps government agencies. c. Most recreational clubs have only a single “treasurer” to look after the financial matters of the organization. This is a good idea to the extent that assigning only one person for the task of treasurer limits the burden of the job to only one individual and ensures accountability and responsibility to a single person for the “money portion” of club activities. But it is also a recipe for fraud, inasmuch as there is no separation of duties and, for example, the same person who spends the money writes the checks for it, most club members do not concern themselves with the financial details of the club, and deception can be very simple. Although it is easy to dismiss the financial activities of most such organizations as immaterial because the amounts of monies involved are small, this is often not true for condo associations. SM 1.7
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
d. Several advantages can accrue to computerizing club finances. Among them are (1) greater accuracy in data recording and data processing, (2) the ability to output financial information in a variety of legible and professional-looking formats, (3) added flexibility in the ways the treasurer can process and output financial information, (4) greater ease in accessing needed data or generating ad-hoc reports, and (5) the potential for more-timely reports. Where club treasurers can use an existing personal computer for club tasks and/or the services of the treasurer are free, such computerization can be cost effective. If a club has to pay for either the computer or the services of a treasurer, the costeffectiveness of computerization becomes less clear. 1-18. In this case, students are asked to look at three different sources of information to help them invest $10,000 in the common stock of a publicly-held company. In general, they will find the following: a. Financial Reports from the company’s own website: Most students will indicate that the information contained in the reports on the website is “complete,” but that it is not sufficient for making an informed investment decision. Three possible shortcomings are: (1) the information is self-promoting and therefore positive and upbeat, even if the company has been losing money year after year; (2) the information is mostly limited to the company itself, and may not discuss the industry in which it competes or possible negative factors that may affect it; (3) the information may not include substantiated predictions about the value of the company’s stock in the future. b. Information found at brokerage or investment firms: For investment purposes, the information provided by firms such as e-trade tends to be more useful than a company’s own financial statements. Among the reasons are: (1) the information tends to focus on investment decisions rather than provide general information, (2) the user can access and even customize historical charts that show stock prices, income, revenues and so forth, and (3) these websites often include links to additional news stories and analytical reports about the company, the industry in which it competes, and the firm’s future prospects, all written by independent and presumably objective reviewers. c. Information from investment services: This information typically includes dispassionate reviews of a company’s operations, its successes and failures, important management changes, the industry in which it operates, and prospects for the future. This information typically also includes an overall rating for a particular company such as “hold,” “accumulate,” or “sell.” Whether or not such ratings are “sufficient” to convince a student to buy stocks is a personal matter, but certainly the information might be considered more useful than the simple facts or historical values provided in items a and b above. d. A large number of dry facts about a company are rarely as informative as an objective analysis of it and a recommendation to “buy” or “sell” its stock. After performing this exercise, students should have a much better feel for the difference between “data” and “information.” SM 1.8
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
1-19. This problem requires students to do some research on the Internet about suspicious activity reporting. Specifically, the question asks students to indicate what types of activities the various banks, casinos, and so forth, should watch for. To illustrate, dealers in gem stones should be sensitive to the possibility of money laundering—for example, when clients buy rare gemstones with cash. There are usually dollar thresholds for such activities—e.g., $50,000 in yearly transactions in the case of gemstones. Instructors might want to remind students that this is an important function of AISs—providing financial information other than annual reports to government agencies. 1-20. This story is a remarkable case of an individual trying to "whistleblow" on a fraud, over the course of many years, and no one would listen! Mr. Markopolos notified the Boston SEC in 2000 about his suspicions regarding Bernie Madoff. A full article may be accessed at this web site: http://www.americanfreepress.net/html/man_who_exposed_madoff_190.html a. What happened when Mr. Markopolos notified the SEC in 2000? In May of 2000, he submitted an 8-page report to the Boston Regional Office of the SEC, listing red flags and mathematical proof of a major fraud but got no reply. b. How many more times did Mr. Markopolos notify the SEC of his concerns? He resubmitted his evidence to the Boston and other SEC offices in 2001, 2005, 2007 and 2008, to no avail. By this time, Markopolos suspected that Madoff had been operating with protection from the inside. c. What was the result of Mr. Markopolos' efforts to notify the authorities about his suspicions regarding Madoff? Surprisingly, no one paid any attention to Markopolos. If not for the 2008 stock market crash, the crime would likely still be in progress. The federal authorities were alerted by Madoff's sons, and Madoff was arrested on December 11, 2008. On March 12, 2009, Madoff pled guilty to 11 federal crimes and admitted that he had been operating a huge Ponzi scheme—as it turned out, the largest in history.
Case Analyses 1-21.
Berry & Associates, LLP
1. It is usually easier to offer extra services to existing clients than to obtain new clients. One of the issues Berry & Associates (B&A), LLP will have to consider is the appearance of independence if the organization offers services that might impact its primary business. For instance, if B&A decides to get into the business of internal auditing where clients outsource this business, the organization will probably want to make sure that it does not perform both the internal and external audit for a client. Probably the best approach would be for the organization to poll its clients to learn what they most value and then offer only two or three new services based on the results.
SM 1.9
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
2. The firm’s expertise is currently in retailing, wholesaling, and property management. It would be a good idea to try to learn what the issues are for these industries (and look at results from the client survey suggested above), and then choose assurance services that match these issues. Retailers, in particular, may be interested in developing their business via electronic commerce. For example, website verification is an assurance service that might make sense for this set of clients. Medium-sized businesses are not likely to employ internal auditors with information systems expertise. Offering assurance services, such as Information Technology Risk Assessment, might be a good practice for B&A. Finally, the AICPA suggests some industry-specific assurance services, such as mystery shopping (for retail clients), rental property operation reviews (for property management clients), and CPA Trust (for companies engaged in electronic commerce). 3. The new hires’ expertise in information systems can be leveraged in several ways. First, the new hires can help train the older staff in computers and information systems. This is a different approach from the past and requires older staff (including partners) to become learners. However, there is no doubt that the students coming out of schools today have much to share with those who graduated even five years ago. The new hires can also work with audit teams to develop new approaches to auditing computerized AISs. For example, they may be able to suggest ways to use computer assisted audit techniques (CAATs – see Chapter 15). The new hires are likely to be able to suggest better ways of conducting audits, based on their computer expertise. For example, they may know an optimal way to download client data for auditor analysis or be more familiar with mobile computing devices that can help the company service clients. Probably the most important point here is for B&A to be willing to recognize these skills and utilize the ideas offered by the new hires. To recognize these skills, the company can hold meetings to generate ideas, and can also have an old-fashioned suggestion box for those hires who wish to contribute ideas anonymously. The company can even sponsor a yearly contest with rewards for the “best new ideas.” 1-22.
Organizational Reports to Stakeholders
1. This question asks students to do some Internet research to learn more about how the SEC involves itself in the annual financial reports that organizations make available to their stakeholders. The following website is helpful: http://www.sec.gov/about/whatwedo.shtml One of the ways that the SEC accomplishes their mission is by enforcing laws, such as: • Securities Act of 1933 • Securities Exchange Act of 1934 • Trust Indenture Act of 1939 • Investment Company Act of 1940 • Investment Advisers Act of 1940 • Sarbanes-Oxley Act of 2002 • Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010
SM 1.10
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Another way the SEC accomplishes their mission is by investigating certain actions, such as: • Misrepresentation or omission of important information about securities • Manipulating the market prices of securities • Stealing customers' funds or securities • Violating broker-dealers' responsibility to treat customers fairly • Insider trading (violating a trust relationship by trading while in possession of material, non-public information about a security) • Selling unregistered securities 2. a. An annual financial report is a one-way communication device. It emphasizes clarity and conciseness, but there is often no immediate feedback from readers about the messages they receive from it. Thus, preparers must attempt to identify the users/audience of the report, and estimate their informational needs. Only then can preparers determine the content and language of the report—i.e., the words and phrases that are most familiar and appropriate to users or readers. The preparer must also consider the length, content, and organization of the material in the annual report. For example, a report that is too long or contains too much detail can detract from the overall goal of communicating important financial information (as opposed to data) to readers. Conversely, a report that is too succinct might trigger reader suspicions that the company is hiding important information. Finally, a logical ordering and an attractive format can also help transmit ideas . At one point, some businesses (e.g., Disney Corporation) traditionally included personal messages from the company’s CEO in order to personalize the report and perhaps make it more appealing. Similarly, companies that put the basic financial information required of them in small print at the end of a yearly report might convey the message that they don’t want readers to see it. b. The different users of annual reports have differing information needs, backgrounds, and abilities. For some users, the annual report may serve as an introduction to the company and/or the only source of information about it. But other users read annual reports from cover to cover, searching for clues about the firm’s future prospects, hidden problems or strengths, and other information useful for evaluating the company’s investment potential. Because the same annual report must communicate with all its users, the problems the corporation faces include the following: •
In attempting to reach several audiences, companies try to include information for each audience. As a consequence, the annual report may grow in size and complexity to the point where it contains more information than many users want or are able to digest—a problem discussed in the chapter as information overload. In some cases, technical concepts may be reduced to simpler terms, losing precision and conciseness and thereby leading to generalizations that readers may perceive as being of little value.
SM 1.11
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
•
The report developers must exercise care in presenting the information contained in the report. Key terms or phrases that may be familiar to one user group—for example, technical terms commonly used in the company’s industry—may not be understood by general investors. Similarly, graphic displays that may be useful to some may be meaningless to others.
3. Other than the financial statements and accompanying footnotes, an annual report often contains: • A discussion and analysis of operating results • Information about organizational objectives, strategies, and long term goals • An indication of management’s outlook for the future (almost always rosy!) • A list of the Board of Directors and the officers and top management of the organization • Segment data and performance information for the firm’s major divisions • Information on new initiatives and research • Recent stock price history and stock information • In the case of retailers, perhaps a coupon entitling the holder to a discount 4. Stating well-defined corporate strategies in a company’s annual report accomplishes the following advantages: • Communicates the company’s plan for the future and resolves any disparate issues • Provides a vehicle for communicating the company’s strengths • Builds investor confidence and portrays a positive image • Reassures nervous investors that the company’s managers are working hard for owner interests • It alerts investors to potential adverse, long-term forces in the company’s industry Some of the disadvantages of including corporate strategies in an annual report are: • It commits management to fulfilling the stated objectives and strategies, a commitment that may cause inflexibility • It communicates to unintended parties who could put the company at risk (i.e., competitors) • The strategies themselves may make the company appear out-dated by the time they are in print. 5. Annual reports fulfill users’ information needs as discussed below. a. Shareholders. Annual reports meet the statutory requirement that publicly-held corporations report annually to stockholders and potential stockholders about the financial operations of the company and the stewardship of management. The annual report gives shareholders financial and operating information such as income from operations, earnings per share, the Balance Sheet, Cash Flow Statement, and related footnote disclosures, all of which potential shareholders may need in order to evaluate the risks of and potential returns from investing in the company. As noted above, however, the volume of data presented in annual reports can result in information overload that reduces the value of the reports. Confusion can also result from reducing technical SM 1.12
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
concepts to common concepts or by the presentation of duplicate messages by different forms of media. b. Creditors. The annual report of public companies provides financial information that allows creditors to project a company’s financial solvency and therefore its ability to repay its loans. This can be a good thing if the company is doing well. c. Employees. The annual report gives employees such information as a description and status of the company’s pension plan and the employee stock incentive plan. This gives employees a base from which to compare their benefits program to those of other companies. Annual reports also provide employees with a year-end review of the results to which they have contributed during the year. In this sense, the annual report provides reinforcement and rewards. The annual report also informs or reminds employees of the organization’s values and objectives, and sensitizes them to the aspects of the organization with which they are not familiar. On the other hand, many employees may already know how their organization is performing so the annual report may not provide any substantive additional information to them. d. Customers. The annual report provides trend information and perhaps information on management performance. Customers can use this information to assess the popularity of selected products, the likelihood that the firm can provide the goods or services they need, or even the company’s longevity. e. Financial analysts. The set of audited comparative financial statements provides the basis for the research done by financial analysts. Notes, which are an integral part of the annual report, describe or explain various items in the statements, provide additional details, or summarize significant accounting policies. Financial analysts are the most sophisticated users of the information in annual reports. For example, they are able to ignore subjective interpretations included in the reports. However, these individuals may find that some of the data contained in the report may be too condensed and therefore need more detailed information than what the annual report provides. 6. Management may decide to omit competitive information entirely from the annual report, or to disguise it because competitors have access to annual reports. The objective of reporting should be to reveal as much as possible without giving away proprietary information or a competitive edge. 1-23.
North Gate Manufacturing
The issue of performance evaluation is one of the most controversial and interesting topics in accounting today. Computerized AISs offer the capability to produce so much more information than was available in the past, allowing for new and better performance evaluation systems. Since performance evaluation affects individuals directly (i.e., in terms of rewards), this topic is one that can create many problems for organizations.
SM 1.13
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
1. It is probably useful for budget specialists to work with management to develop a performance evaluation system. However, it is not a good idea for special staff to be charged with the entire task of performance evaluation reporting. Once a system is in place, the managers should be able to produce these reports. Scott's staff could work with managers at the various plants to derive an evaluation system. Auditors (or perhaps Scott's staff) should periodically review each manager's report to ensure that the reporting is fair and accurate. Students may differ on the matter of who best explains the variances. The managers are correct in asserting that they better understand their suppliers, contractors, and customers, and that Scott's staff is not likely to understand these matters well enough to explain the variances. On the other hand, students can argue that managers are human and have a natural conflict of interest in such reporting. In particular, although they understand their business, it is easy to blame others—including each other—for problems that are well within their own control. Allowing managers to explain variances begs the question: “are self-reported explanations of variances likely to be unbiased assessments of plant activities?” 2. Decentralizing performance evaluation is probably a good idea for this organization. Under the old system, revenues and expenses were consolidated for all plants to produce one income statement. Undoubtedly this required allocation of indirect costs. Such allocation can never please everyone since all allocations are essentially arbitrary. Striving for some consistency in performance evaluation is a good idea so that the performance of each plant can be compared against the others. Use of segment margins which show the difference between direct revenues and expenses would be a good measure. Return on investment which uses current values and the segment margins might be another. Nonfinancial evaluation measures, such as employee turnover, amount of production, customer turnover (customer satisfaction), sales returns, employee productivity, and so on, can also be part of the evaluation system. 3. The performance evaluation report Mr. Stewart receives should be short and concise. Ideally, one page per month per plant should be sufficient. The report can also compare all plants on various financial and nonfinancial measures, such as the ones mentioned above. Any significant variances can include managers’ explanations in footnotes. The point to remember is that this is an "action report." Mr. Stewart will look at it most months, note variances and explanations, and take no action. However, on occasion, the report will call for investigation. Note to Instructor: You might want to have your students design a sample report using spreadsheet software.
SM 1.14
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Chapter 2 ACCOUNTING ON THE INTERNET
Discussion Questions 2-1. An intranet is an internal network created by an organization for the benefit of its employees. Most intranets are local area networks that utilize convenient web-browsing software. Extranets are similar to intranets, except that they are also accessible by a limited number of external parties—for example, employees working from home or suppliers. Both intranets and extranets are valuable to accountants. For example, intranets enable businesses to distribute, and end users to read, information about such items as production reports, announcements, or financial activities. They also enable accountants to collaborate with each other, using group collaboration tools. These same ideas apply to extranets. Finally, these networks are important to accountants because so much commerce and financial information is transmitted over them and also because their security and efficiency are important auditing concerns. 2-2. The term “blogs” is an abbreviation for web logs, and is a groupware (collaboration) tool that allows computer users and web browsers to publish personal messages online. Blogs enable their users to create, share, and leverage knowledge in any kind of organization. Those who are currently exploring the potential of blogs are for-profit companies, government organizations, and universities. 2-3. As of June, 2014, Bitcoin was still a viable currency that was trading at $444.80 (U.S. dollars) per coin. Every other virtual currency has eventually failed, however, so checking the price daily might be important to owners. This question also asks students whether they would buy bitcoins. Their answers can create some lively class discussion. 2-4. Commentary on social media sites such as Facebook or Twitter also contains useful information to businesses. For example, an automobile manufacturer might check such sites to gauge public reaction to a recent safety recall, a fast-food chain might check them to measure public opinion about a new meal offering, or a music figure might check them to assess whether a new record album has created enough “buzz.” According to a recent survey of 2,100 companies by researchers at Harvard University, nearly 80% of survey respondents use, or plan to use, social media for business purposes, while 69% anticipate expanded use of such resources in the future. Again according to this survey, about half of all businesses plan to use it to increase public awareness of their organizations, products, or services—an application of perhaps special interest to public accounting firms. 2-5. Hypertext markup language (html) is a computer programming language that enables users to create web pages for use on the Internet. Most of the web pages that we
SM 2.1
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
view on the Internet employ it. If you use Microsoft Internet Explorer, you can view the source code for a given web page by selecting “Source” from the View menu. HTML is mostly an editing language that tells a web browser how to display the contents of a web page. But HTML tags cannot be changed or customized. To solve this problem, developers have extended HTML with XML—an acronym for “extensible markup language” that allows users to create their own tags. Anyone can create such tags, but businesses need standards. For example, we don’t want one entity using <SalesRevenues> while another uses <Sales>. One XML standard is XBRL—an acronym for “extensible business reporting language.” As noted in the text, the XBRL International Consortium develops international standards for this language. 2-6. As explained in question 5 above, XBRL is a standardized subset of XML. Businesses can use the documents created and saved in XBRL format in many different ways without having to re-key the data—a very real advantage. Until recently, however, most government agencies stored the data submitted to them by individuals or businesses in either hard-copy formats or word documents. Today, however, government agencies are also storing such data in XBRL formats. One such agency is the Securities and Exchange Commission (SEC), which stores corporate financial data such as 10-k reports in a database called IDEA—an acronym for “Interactive Data and Electronic Applications.” The relationship between XBRL and IDEA is very direct, therefore: IDEA is a database containing XBRL-coded, financial information. 2-7. Electronic commerce (EC) means conducting business electronically. Examples of electronic commerce include retail sales over the Internet and EDI (the ability to electronically transmit such documents as invoices, credit memos, purchase orders, bids for jobs, and payment remittance forms). Much EC is performed over the Internet, but companies such as Wal-Mart, IGT, and some of the phone companies also transmit messages over private networks or communications channels to which the general public does not have access. EC is important because (1) there is so much of it today, (2) the uses of EC are expanding, (3) even the smallest company can create a website and compete with larger businesses, and (4) Internet retail sales are growing. As noted in the text, some businesses now rely on the Internet for over half of their annual sales revenues. For businesses such as Dell, Amazon.com, or E-trade, the percentage is much larger. EC is important to accountants because electronic documents can be more difficult to control, authenticate, or audit. Security is also a major issue because assets are less tangible, compromised systems are not obvious, and information losses are not easy to verify. The final section of the chapter discusses some major privacy and security concerns. 2-8. Electronic payments (E-payments) are payments that customers make to sellers electronically. They are similar to credit card payments except that they use third parties. It works like this: A customer buys something from a seller, using credit advanced by the third party—e.g., Paypal. The third party pays the seller and then, in turn, debits the buyer’s credit
SM 2.2
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
card or account. One advantage of using such a system is that buyers need only provide their credit card numbers or otherwise establish accounts with one company—the e-payment company—not each company with which they wish to do business. Another major justification for using E-payments is security. Credit-card information is at risk when it is transmitted over data communications lines or stored in the computer files of many vendors. 2-9. Electronic data interchange (EDI) refers to transmitting routine business documents such as shipping notices, customs forms, invoices, and purchase orders electronically. Companies use EDI because it is often a superior way of doing business. For example, because the outputs from one company (e.g., the information on a computerized purchase order) are the inputs to another company, EDI allows its users to avoid the time delays and costs of transcribing the data once the information has been received. This eliminates data-entry bottlenecks and reduces the errors such data transcription typically introduces into an AIS. Other advantages of EDI discussed in the chapter are: (1) streamlining processing tasks, (2) faster response to customer queries or vendor data transmissions, (3) reductions in paperwork, and (4) a secure processing environment that is separate from the post office or an overnight delivery system. 2-10. This question asks students how comfortable they are giving their credit card numbers to retail websites and therefore has no right or wrong answer. While some individuals are comfortable entering their credit card numbers into websites for Internet purchases, others fear for their cards’ security. There is certainly much to fear. Identity theft, in which someone steals the identity of another, is easy when the thief knows such important information as a person’s credit card number(s) and similar personal information. 2-11. A common way for the owners of one website to charge for advertising from a second party is to charge a set fee (for example, $1) each time a viewer clicks on the advertiser’s link(s). But this requires the website administrator to count the actual number of clicks, per month. Click fraud occurs when website personnel repeatedly click on that link themselves or artificially inflate their counts, thereby defrauding the advertising company. The advertiser loses out in such situations because it pays for advertising services that do not lead to sales, while the website owner benefits from the inflated billing revenues. Judging by the amount of advertising for click-fraud services and software, click fraud is either common or often feared. We also know that savvy computer programmers can write java scripts to simulate user clicks, thereby automating click-fraud activities. Wikipedia notes that it is a felony in many jurisdictions—for example, is covered by Penal code 502 in California as well as the Computer Misuse Act 1990 in the United Kingdom. Several arrests have been made relating to click fraud. Finally, it should be noted that a host’s website personnel are not the only perpetrators of click fraud. Other possibilities include competitors seeking to deplete the advertising budgets of their targets, individuals seeking to damage the reputation of the host-publishers, misguided supporters of the host company (who seek to help it by increasing its ad revenues), and private vandals, who randomly target a particular company.
SM 2.3
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
2-12. Spamming is the act of sending unsolicited emails to a large number of accounts—usually for advertising purposes. Spam is also a growing problem in instantmessaging, faxing, web-searching, and mobile-phone texting venues. One reason why spamming is of interest to accountants is because spamming is relatively costless to advertisers but relatively costly to recipients and Internet service providers who must transmit and deliver spam messages. In 2007, for example, the California legislature estimated that spamming costs the U.S. more than $13 billion in lost time and productivity. Spammers often attempt to pay ISPs for their data transmissions with stolen credit cards—an added cost. Spammers require large lists of email accounts—the types of lists often found in accounting information systems. This makes AISs natural targets for spammers, and therefore a known security risk. The purpose or intent of spammers is also of concern to AISs, as a great deal of spam advertising is to sell pornography, perform an identity theft, or commit some other kind of fraud. Who has not gotten an unsolicited email from an African country, offering to share millions of dollars in exchange for the recipient’s help in the U.S. and of course some additional small payments for “taxes” or other “transaction fees?” Finally, spammers clog the data transmission channels with their communications, adding to the total bandwidth required by the Internet. Although students may argue that all spamming should be illegal, there are several counter arguments as well. Spammers can argue that some of their communications contain legitimate advertising, information that is of use to recipients, or valuable information about political activities or pending legislation. They might also claim that spam email is easily deleted, and often automatically filtered from recipient mail boxes. Wikipedia contains an extensive (and fascinating) discussion of spam at http://en.wikipedia.org/wiki/Spam_(electronic). 2-13. A firewall is an electronic barrier that limits access to corporate intranets or local area networks to bona fide users. Some firewalls are separate hardware systems while others are simply software programs installed on web servers. These firewalls are implemented by IT professionals. The specialized software in firewalls compares the IP addresses of outside users requesting information to current access control lists. As noted in the text, firewalls are themselves limited in what they can do. For example, they cannot guard against certain forms of hacking such as spoofing—i.e., a hacker who uses a bonafide IP address to gain access to a system. A proxy server is a computer and related software that acts as a gateway between internal corporate users and the Internet. One of the primary security functions of a proxy server is to control web access (e.g., to limit employee accesses to professionally-related sites). However, proxy servers can also run the software that creates internal firewalls. 2-14. Data encryption refers to transforming original, plaintext data into scrambled, cyphertext messages that cannot be understood even if it is intercepted during data transmission. The data used to encrypt (code) the message is called the encryption key.
SM 2.4
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Secret key encryption relies upon a shared algorithm and an encryption key that must be kept secret to be effective. Public key encryption uses two keys, a “private key” and a “public key,” both of which must be known before a message can be decoded. These methods are discussed in greater detail in the text. 2-15. The three levels of authentication are (1) what you have, (2) what you know, and (3) who you are. An example of “what you have” is a driver’s license with your picture on it. An example of “what you know” is a password. An example of “who you are” is a fingerprint or retina scan. Most business security systems depend on only one or two of these—rarely all three. High-level security in business and government environments might require all three. Instructors are encouraged to ask students about different situations in which they had to use these different types of authentication. You might also ask students to recall movies such as Mission Impossible or Entrapment, where characters used advanced technologies to prove “who they are.” 2-16. A digital signature is an electronic attachment that verifies and authenticates a business transaction (e.g., a purchase order, bidding document, or contract). The digital signature replaces a hand-written signature, which is difficult to transmit in non-graphic electronic documents. Like hand-written signatures, however, the objective of a digital signature is to assure the recipient that the document itself is legitimate and faithfully represents the intentions of an authentic sender. Thus, digital signatures are important on the Internet and value-added networks as a security tool. 2-17. Commerce is booming on the Internet, and most (but certainly not all) businesses have been able to boost both sales and profits as a result. Will all businesses do well? This is unlikely. However, the chapter notes that selling products and services on the Internet enables businesses to reach wider audiences, stay open around the clock, and maintain up-tothe-minute information on prices and products. Such selling also helps businesses reduce selling costs (because there is less sales labor and overhead-costs), inventory costs (because finished products are produced or ordered from suppliers in response to sales rather than in anticipation of sales), and processing costs (because sales and shipping documents are created by the buyer and/or the system). For businesses that sell many products, a web-based system requires a large investment in technology—both in upfront costs of development and ongoing costs of routine maintenance. Thus, most businesses must weigh the cost of building and maintaining a web presence against the additional revenues that such business generates. It is not a given that revenues will always offset costs. The Internet provides opportunities as well as challenges for businesses. Thus, for individual companies, the Internet can spell “boom” or “bust,” and students should be able to cite specific examples for both possibilities. To illustrate, the very smallest companies typically profit from a web presence because they are no longer limited to physical sales in local markets. At the same time, larger businesses feel increased pressure on prices and therefore profits due to the ease with which both retail and wholesale consumers now have access to a wealth of information and alternate sources for common goods and services.
SM 2.5
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
This chapter provides several additional reasons why businesses can increase both sales and profits using Internet-based technologies. One example is the use of intranets and extranets to better secure LAN communications and increase access to and from trusted suppliers— possibilities that might decrease costs and therefore increase profits. Another example is the use of groupware to increase employee productivity. A third example is the expanded use of XBRL, which may enable a business to better report financial information and therefore reduce its accounting expenses (see Problems 2-20 and 2-21). Similar comments apply to firms that expand sales by accepting e-payments or reducing costs by expanding their ebusiness or EDI capabilities.
Problems 2-18.
Acronyms:
a. EC b. EDI c. E-mail d. HTTP e. IDS f. IETF g. IP address h. ISP i. URL j. VANs k. VPN l. WWW m. XBRL n. XML o. IDEA p. SaaS q. ICANN r. DNS
electronic commerce electronic data interchange electronic mail hypertext markup language intrusion detection system internet engineering task force Internet Protocol address internet service provider universal resource locator value-added networks virtual private network world wide web extensible business reporting language extensible markup language interactive data and electronic applications Software as a service Internet Corporation for Assigned Names and Numbers domain name system (maintained by ICANN)
2-19. Depending on the sources of information used, the students may have a variety of different points about the advantages and disadvantages of implementing an intranet in the local company. Some of the main points that you would include in your “talking paper” are: Disadvantages: • • • •
Developing intranets requires an investment in time, money, and perhaps training Once created, an intranet must be maintained Intranets create a security hazard because shared information is potentially vulnerable to abuse Cloud computing companies may offer cheaper and better alternatives
SM 2.6
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Advantages: • • • • •
• • •
Intranets can be an important group collaboration tool Intranets allow companies to use existing web browsers Intranets can be a valuable method of sharing documents on a secure platform within the company The data stored on an intranet can be made secure so that proprietary data and information are only accessed by authorized users Intranets offer a wide variety of administration tools within the organization such as an online calendar (to schedule appointments, group meetings, and company-wide events), a task manager (for employees to keep track of their tasks, or those of their subordinates), a contact directory of employees, a list of e-mail accounts, and templates for corporate forms such as expense reports Intranets allow an organization to make databases available to authorized employees across the entire company Intranets can be scalable (i.e., can grow with the organization and/or its informational needs) Companies can frequently justify the cost of an intranet by quantifying some savings in operating costs (publish HR manuals, employee manuals, and other company publications on the intranet rather than paper copies)
2-20. This problem requires students to create their own HTML documents, using the example in Figure 2-1. It is important that students use Notepad or a similar word processor that stores data in ASCII (txt) format. 2-21. This problem requires students to log onto EDGAR and access the information from two companies. Note: the website has changed slightly. Students should click on the link “Company or fund name, ticker symbol, CIK (Central Index Key), file number, state, country, or SIC (Standard Industrial Classification)“ instead of “Companies and other Filers.” Instructors may get best use of this question if they require each student to obtain the financial information of a different company. 2-22. This problem requires students to log onto the XBRL home page and then (a) write a one-page summary of a new development and (b) select an article from those describing XBRL benefits and write a summary of it. For example, some of the benefits listed on the XBRL website at the time this instructor’s manual was prepared include (1) improved business processes, (2) improved communications, and (3) enhanced business reporting through standardized tags. 2-23. This problem requires students to write a one page report on each of the items listed below. The answers to most of these questions may be found at: (1) www.xbrl.org, (2) http://accounting.smartpros.com (type XBRL in the search box to find many articles on XBRL), or (3) http://www.xbrleducation.com/.
SM 2.7
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
a. History of XBRL. In April 1998, Charles Hoffman, a CPA in Tacoma, WA,
investigated XML as a medium for the electronic reporting of financial information. He developed prototypes of financial statements and audit schedules using XML. Charlie contacted Wayne Harding, Chairman of the AICPA High Tech Task Force, in July 1998, about the potential of using XML in financial reporting. Charlie made a presentation to the AICPA Task Force in September of 1998. A more complete history of XBRL can be found at www.xbrl.org/history.aspx, and can be printed using the website www.xbrl.org/history-print.aspx. The AICPA was active in supporting the development of the language by funding a project to create prototype financial statements in XML. b. XBRL Specifications. An explanation of XBRL specifications can be found by
choosing “Specifications” from the main menu. “Specifications” provide the fundamental technical definition of how XBRL works. The current specification or version for XBRL is “2.1,” but new ones may become available by the time you assign this problem in class. Current needs are for new formula, functions and taxonomy requirements. c. Continuous Reporting. XBRL-tagged data enable businesses to create a steady
stream of reports based on the underlying information, hence the term “continuous reporting.” Three articles on this subject are: (1) Garbellotto, Gianluca (2009) “How to Make your Data Interactive Strategic Finance Vol. 90, No. 9 (March), pp. 56-57, (2) Chan, Slew H. and Sally Wright (2007) “Feasibility of More Frequent Reporting: A field Study Informed Survey of In-Company Accounting and IT Professionals” Journal of Information Systems Vol. 21, No. 2 (Fall, 2007), pp. 101-115, and (3) Robert Pinsker (2003) “XBRL Awareness in Auditing: A Sleeping Giant?” Managerial Auditing Journal Vol. 18, No. 9, pp. 732-736. Continuous reporting is an interesting concept. Generally speaking, the technology already exists for companies to report information more frequently than they currently do. Presumably, other reasons exist for not reporting more often (and certainly not daily or weekly!). One might be the familiar cost/benefit analysis, which suggests that companies do not believe the benefits of continuous reporting (or reporting more frequently than quarterly) outweigh their costs. A number of articles discuss the topic of continuous auditing. Some authors believe that continuous auditing is inevitable, while others suggest that this is not necessary. In any case, this question should start a lively dialog with the students regarding the future of IT auditing and the implications for corporate America. The following links provide several articles of interest: http://aaahq.org/AM2004/abstract.cfm?submissionID=1118 http://accounting.smartpros.com/x43141.xml http://accounting.smartpros.com/x34375.xml d. XBRL Required Reporting. The first conference on “Financial reporting in the 21st
century: standards, technology, and tools” took place in Macerata, Italy, in September of 2011. The SEC now requires all public companies to file their financial
SM 2.8
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
reports in XBRL format. Students who access the IDEA database will have no problem answering this question. The following websites identify industries and companies that currently produce financial statements in XBRL format: http://www.edgar-online.com/xbrl/industry.asp http://bryant2.bryant.edu/~xbrl 2-24. We ran out of Internet addresses because the number of different IP addresses available with 32 bits was insufficient to accommodate the global demand for different ones. a. The value of 232 = 4,294,967,296. Although this is a large number, the need for distinct addresses world-wide was even greater, and we ran out of them. b. The new IP standard uses 128 bits. The value of 2128 is greater than 340,282,366,920,938,000,000,000,000,000,000,000,000 –a very large number that should satisfy our need for IP addresses for some time to come. c. Several reasons probably account for why we have not run out of telephone numbers, despite their seemingly small size. These reasons include: (1) The base is “10” not “2” so the total number of combinations is 1010 = 10,000,000,000 or 10 billion. (2) These phone numbers are not free—each subscriber pays a monthly fee for them, whereas domain names (IP addresses) are virtually free. “Cost” serves to limit the demand for phone numbers. (3) Each country has a separate three-digit country code in addition to the 10 digits for the telephone number. This increases the number of phone numbers available worldwide by one thousand ( = 103). Interestingly, cell phone carriers maintain their own systems, but use the same 10-digit addressing system. Additional carriers increase the demand for phone numbers, but the supply of phone numbers available for use. 2-25. This problem requires students to encrypt a message, using a simple cyclic substitution cipher. The encrypted message is: BPWAM EPW QOVWZM PQABWZG IZM NWZKML BW ZMXMIB QB 2-26. This problem requires students to decrypt an encrypted message, using a simple cyclic substitution cipher. The decrypted message is: Message 1: “It is not what we don’t know that hurts us, it is what we do know that just ain’t so.” Message 2: Justice delayed is justice denied. Message 3: Too many cooks spoil the broth. As suggested in the problem, this task becomes much easier if you use a spreadsheet. Here’s an example for the last message: Trial key:
12
SM 2.9
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Msg F A A
Value 6 1 1
Value minus Displacement -6 -11 -11
Add 26 if required 20 15 15
New Letter T O O
Y M Z K
25 13 26 11
13 1 14 -1
13 1 14 25
M A N Y
Etc.
Etc.
Etc.
Etc.
Etc.
2-27. This problem asks students to write a one-page summary of an article they find online. Various accounting journals are going online. Besides the AICPA’s Journal of Accountancy website, there is also the ISACA Journal (www.isaca.org), Strategic Finance (www.imanet.org) and The CPA Journal (www.cpajournal.com). An obvious advantage for readers is the ability to search the archives for articles on a specified topic online. The advantages to publishers include (1) making information more accessible to both members and non-members, (2) fulfilling organizational mandates to disseminate information, and (3) enabling users to search articles electronically for specific information or topics. To date, many journals do not charge for online access to articles, although some professional groups limit access to members. Instructors may wish to limit students to specific subjects or to articles less than one year old. 2-28. This problem involves the privacy statement of a fictitious company named Small Computers, Inc. As a general statement, online consumers have several concerns about computer security: • They want to make sure that they will receive what they order • They want their privacy protected • They want a secure method of payment • They want to be sure they will be billed only for what they purchased Small Computers, Inc. addresses some of these concerns, but not all of them. For example, the company stresses privacy but does not say it will limit the use of its customer information to legitimate business purposes. The disclosure of business practices, shipping, and billing is reassuring. It will comfort the consumer to know goods are shipped at an early date and that the consumer need only accept items ordered. The return policy appears lenient although it does not state who is responsible for paying shipping on returned items. The statement about accidental billing actually may make a consumer aware that the chance for this exists. Consumers are more likely to buy from a business online than they are off-line. They are also more likely to buy products with brand names. A business selling goods to end-
SM 2.10
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
consumers online that does not have these characteristics will need to be extremely careful in crafting statements about privacy and business policies.
Case Analyses 2-29. This case requires students to select an accounting blog from the list provided in the question and write a one-page summary of their findings. Answers will vary by student. 2-30.
Me, Inc. (The Do’s, Don’ts, and Ethics of Social Networking Sites)
This case asks students to think about what to say, and what not to say, on social networking sites such as Facebook, Twitter, or LinkedIn. For example, Part 1 asks students to list four personal strengths. Some suggested answers to the various parts of this question are as follows: 1. Possible personal strengths: education, honesty, prior relevant work experience, willingness to learn, ability to commit to corporate goals, team player, good writing skills, and high IQ. 2. Possible red flags: prison or arrest record, making derogatory statements about the company, management, or immediate supervisor, membership in an extremist group such as a white-supremacy organization, overreactions to life reversals, reports of personal dishonest behavior, indications of overspending or excessive personal debt, evidence of drug use. 3. Some of the most popular networking sites are douban, Flixster, Friendster, Facebook, Habbo, LinkedIn, MyLife, MySpace, Netlog, Orkut (India), RenRen (China), Tagged, Twitter, and Vkontakte (Russia). Each of these has more than 50 million members. The website at http://en.wikipedia.org/wiki/List_of_social_networking_websites contains a list of over 200 social networking sites. 4. This part of the case asks students whether or not they would approve a high-level manager as a friend on Facebook. It is likely that students will be torn about this, not wanting to offend this manager but also not wanting him or her to read personal statements. 5. Is it ethical for a boss to fire an employee for postings on Facebook? Again, students are likely to not be sure about this. Are statements made outside of the work environment grounds for dismissal? Does it matter that such statements are written? Suggestion: after obtaining student feedback on this matter, ask them whether they would dismiss an employee under these same circumstances if they were the boss.
SM 2.11
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
2-31.
Anderson Manufacturing (Using XBRL-Enabled Software)
This case continues the systems studies of the cases in Chapter 8. At a minimum, instructors should require students to read Hammaker Manufacturing III to become familiar with the names of the individuals in this case. 1. XBRL-enabled software means that the software has the ability to create financial reports in XBRL format. It usually also means the ability to extract information from XBRLformatted data. In this latter mode, you simply key in your request for information and quickly receive the data, the analysis, or graph(s) you desire. Finally, it means that software applications can import XBRL-coded data for analysis, further data processing, and archiving purposes. Today, most accounting packages provide XBRL formatting capabilities. 2. Figure 2-3 identifies a number of advantages that Lloyd might wish to discuss with Dick. The following articles are also available for additional benefits: http://www.cato.org/pubs/regulation/regv26n3/v26n3-13.pdf http://www.icaew.co.uk/library/index.cfm?AUB=TB2I_53335,MNXI_53335 http://www.xbrl.org/faq.aspx 3. Each student’s memo will be unique. 4. Several examples of XBRL PowerPoint presentations may be found on the Internet. Some examples can be found at: http://www.icgfm.org/XBRLPresentations.htm, http://www.xbrl.org/us/us/SanJose200601/Huh.pdf, and http://www.uhu.es/ijdar/documentos/Present04/Eric.pdf. 2-32.
Barra Concrete (XOR Encryption)
This case requires students to use XOR operations to both encrypt and decrypt a message. 1. Applying the XOR cipher to the cipher message, we have: Cyphertext: Key: XOR Result:
0 1 1
1 1 0
0 1 1
0 0 0
1 1 0
0 1 1
1 1 0
1 0 1
This brings us back to the plaintext message of 1010 0101. 2: Applying the XOR cipher to each letter, we have the results shown below. The encrypted letters are shown in the XOR Result lines:
SM 2.12
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
G Key: XOR Result:
Digit Digit Digit Digit 1 2 3 4 0 1 0 0 1 1 0 0 1 0 0 0
Digit Digit Digit Digit 5 6 7 8 0 1 1 1 0 0 1 1 0 1 0 0
O Key: XOR Result:
0 1 1
1 1 0
0 0 0
0 0 0
1 0 1
1 0 1
1 1 0
1 1 0
, Key: XOR Result:
0 1 1
0 1 1
1 0 1
0 0 0
1 0 1
1 0 1
0 1 1
0 1 1
T Key: XOR Result:
0 1 1
1 1 0
0 0 0
1 0 1
0 0 0
1 0 1
0 1 1
0 1 1
E Key: XOR Result:
0 1 1
1 1 0
0 0 0
0 0 0
0 0 0
1 0 1
0 1 1
1 1 0
A Key: XOR Result:
0 1 1
1 1 0
0 0 0
0 0 0
0 0 0
0 0 0
0 1 1
1 1 0
M Key: XOR Result:
0 1 1
1 1 0
0 0 0
0 0 0
1 0 1
1 0 1
0 1 1
1 1 0
SM 2.13
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Chapter 3 COMPUTER CRIME, ETHICS, AND PRIVACY
Discussion Questions 3-1. Most experts agree with the claim that the known cases of cybercrime are just the tip of the iceberg, and most students are likely to agree with them. Of course, it is not known what percent of all cybercrime is caught because we do not have any measure for the denominator of such a computation. However, if we only detect most cybercrime by luck, chance, or accident, it is reasonable to ask, "What are the really clever computer criminals doing?" Thus, there is every indication that what we have observed about cybercrime in recent years is much less than the total of all cybercrime. 3-2. Among the reasons why more cybercrime is not reported are the following: 1. It is not detected. 2. There are no legal requirements to report cybercrime, especially if the "crime" is detected in private industry. 3. Managers feel that the computer abuses detected within their organizations are embarrassments. Thus, private businesses are reluctant to report them. 4. Some experts fear that certain types of cybercrime are susceptible to the "sky-jack" syndrome—i.e., that reporting a particular cybercrime will lead to a rash of similar ones. 5. Some people consider certain practices unethical but not illegal. Thus, for example, several organizations in the past have chosen not to press charges against students stealing computer time from university computers or employees for using the company resources for privately-contracted programming efforts. These activities are rarely reported. 6. A definition of cybercrime is elusive. Thus, some cybercrime is never reported because it falls into a gray area. 7. For some “small” crimes involving little money, the trouble of reporting it might be greater than the gains from such reporting. 8. Many IT personnel are not fully aware of the laws governing computer usage, and therefore fail to report it because they don’t realize it violates federal or state statutes. The matter of whether or not these reasons are valid is subjective. Currently, there is a debate in the literature over how much cybercrime should be reported and what should be revealed if it is reported. Among the arguments in favor of reporting cybercrime are: 1. Disclosure will alert other organizations about the dangers of computer crime and may result in better protection against it. 2. Disclosure will lead to better controls and a more informed, security-conscious society. 3. Disclosure will strengthen the case for cybercrime legislation and/or a stricter enforcement of the laws. 4. Ultimately, cybercrime injures the public at large. Therefore, the public has a right to know about it.
SM 3.1
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
5. We must learn to use our technology in constructive ways. Philosophically speaking, we must know about our environment, especially where technological abuse works against the common good. 3-3. Most experts believe that cybercrime today is growing, not diminishing. To understand this claim, we must first distinguish between the amount of cybercrime that is committed and the amount of cybercrime that is reported. As stressed in the chapter, experts believe that the number of reported cases of cybercrime is much less than the amount of cybercrime that goes undetected and/or unreported. Other factors that suggest that cybercrime is growing include: 1. The number of computers in use today is growing rapidly. It is reasonable to expect the potential for cybercrime to grow with it. 2. A large number of new computers are personal computers, netbooks, and hand-held PDAs. These systems are usually less secure than larger computer installations and have relatively limited control procedures. 3. More is known about the successes of computer criminals than about the ways such criminals can be thwarted. It is reasonable to assume that the high-gain cybercrime that has accidentally been caught in one place is currently also being tried elsewhere. 4. We believe that expenditures on computer security are growing much more slowly than expenditures on computer hardware and software. The difference between such expenditures is a widening gap that allows for increased cybercrime. 5. We believe that copyright infringement for software usage is common, but that most companies, as well as most police bodies, may not be aware of such infringements or may lack the resources to protect their rights. 6. A growing amount of cybercrime involves phishing and financial scams involving other individuals, not companies. 7. The number of spam emails received by individuals is growing. This is actually illegal in certain states and countries. Losses from known cases of cybercrime have been much greater than the losses resulting from other types of white-collar crime. From this we learn that the vulnerability of a typical computerized accounting information system is much greater than the vulnerability of a typical manual system and that special controls and other safeguards must be installed in an AIS to protect it from abuse. When reviewing specific cases of cybercrime, such as those presented in this chapter, one is struck by the fact that they differ widely in target system, method of approach, and means of deception. These diversities raise the question of whether an accounting information system can really be adequately protected from systematic abuse. Most experts feel that they cannot. Thus, the current decade promises yet more cybercrime of even more spectacular proportions than those crimes of the past. 3-4. Students may strongly agree or disagree on this issue. However, the responses they give should be based on their research (visits to various websites to determine exactly what information different e-retailers collect and what they do with the information that is collected— or other data that might support their point of view). Encourage students to base their opinions
SM 3.2
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
on data that they might find on the Internet or data that might be available in their university library (either reference books or digital media), rather than their “feelings”. This topic can lead to a very lively classroom discussion if half of the students are required to “support” the view that retailers have the right, and the other half of the students are required to find data that suggests retailers do not have this right (For example, are there any laws that might limit what retailers can collect?). A mock debate can be used to bring out both sides of this issue, where 2-3 students from each group might present their findings (perhaps using PowerPoint slides) in front of the class and present their respective points of view. After both presentations, the students in the front of the class could act as facilitators to encourage the rest of their classmates to give their opinions. The protection of computer-based information rests upon the need to safeguard individual rights to privacy. These rights include the protection of personal information when it is collected, maintained, used, or distributed. The issue becomes increasingly important when some of these activities were not authorized by those individuals who (perhaps unwillingly or unknowingly) provided the information. Examples of such vulnerable information include state and federal tax returns, responses to surveys, consumer behavior observed with hidden cameras, employee work evaluations, and medical records. There is remarkably little that an individual can do to protect personalized information in health, mail-order, and private banking applications. However, the following safeguards are available for certain other applications: 1. FAIR CREDIT REPORTING ACT OF 1970 This act guarantees the individual certain rights regarding the use of credit information gathered about him. Among these rights are: a) access to the information b) the ability to challenge the information c) the right to make the credit-information company change the information at company expense if it is shown to be in error 2. PRIVACY ACT OF 1974 This act places general restrictions on the use of personal information collected by agencies of the federal government. An individual is now permitted: a) to ascertain what records pertaining to him are collected, maintained, and used by any agency b) to prevent his records from being used or made available to others without his consent c) to gain access to the information, and to have copies made at a reasonable expense (his expense) d) to correct file information if found to be in error e) to file civil suits to collect for damages in the event that information collected about him is misused by a federal agency
SM 3.3
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
3. SUPREME COURT RULING OF GRISWOLD VERSUS CONNECTICUT This case involved the right of privacy. While the supreme court did not make any definite statement about privacy in the constitution, it did suggest that the right of privacy was implied in the First, Third, Fourth, Fifth, and Ninth Amendments. 4. STATE LEGISLATION Almost all states have now enacted computer crime laws of some type. 5. FREEDOM OF INFORMATION ACT OF 1970 This "sunshine law" guarantees individuals the right to see any information gathered about them by federal agencies, and also prohibits these agencies from gathering information about individuals that is not germane to agency needs. 6. COMPUTER SECURITY ACT OF 1987 This act requires more than 550 federal agencies to develop security plans for each computer system that processes sensitive information. 7. NATIONAL ASSOCIATION OF STATE INFORMATION SYSTEMS (NASIS) This organization, along with concerned consumer groups, has been active in seeking state and federal legislation that regulates the use of computerized information. 3-5. There were a number of factors favorable to the TRW employees in the commission of their crime. Perhaps the most important was the fact that the change of information in the company's computer files, in and of itself, did not involve any cash transactions. Thus, unlike many other computer crimes in which a perpetrator must make a false debit or credit to cover up his activities, the TRW employees merely changed the credit ratings of the individuals who had paid for this “service.” Another factor that aided the participants was the lack of feedback checks which are so often a natural part of other types of accounting information systems. For example, in an accounts receivable system, an improper customer billing is likely to be noticed and brought to the attention of a company manager for correction. In the TRW case, however, TRW’s clients apparently accepted the credit ratings without question and thus extended credit to individuals who were not creditworthy. A final factor that helped TRW employees commit this crime was the seeming lack of internal control on credit-changes in TRW's input operations. In particular, it appears that the input clerk was able to make unauthorized credit-rating changes which reversed individual evaluations from bad ones to acceptable ones. This capability enabled the TRW employees to sell good credit ratings to customers and thus permitted them to carry out their schemes. One control that might have prevented this cybercrime would be more stringent supervision in the altering of credit information in TRW's files. For example, the company might have insisted that all credit-rating reversals be first approved by management. A similar policy might have also been applied to all file changes in which favorable credit information was to be added to unfavorably-rated accounts.
SM 3.4
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Another control might be the maintenance of duplicate credit information by both TRW and the credit-card companies. Although this procedure would be expensive, it has the advantage of installing a feedback characteristic in TRW's credit operations which was obviously missing when the crime was committed. Given the fact that damages resulting from this crime were estimated at over $1 million, such a control procedure has the potential to be cost effective despite such expense. A number of similar cases of cybercrime fall into the category of “valuable information computer abuse.” Examples include: 1. Industrial espionage cases, in which corporate budget plans, bidding data on forthcoming projects, or patent information stored on computer files is the major target 2. Computer snooping, in which information about the volume of accounts of a company or the salaries of specific individuals is the target 3. Software theft, in which the source code for an application program or operating system program is desired 4. Student pilferage, in which one student steals an assignment from another 5. Extortion, in which the information stored on a company's files is threatened if the company does not agree to the perpetrator's demands 6. Blackmail, in which computerized information will be revealed if payment is not made 7. File-napping, which is like kidnapping except that the "kid" is really the computer files of a company, which are subsequently held for ransom 3-6. As commonly used, hacking means gaining illegal or unauthorized access to computers, computer networks, or computer files. To ensure anonymity, the typical hacker accomplishes this from remote locations and with assumed identities. Some hackers gain little financially from their activities, but instead seem to enjoy some psychological satisfaction by successfully gaining access to their target computer resources. The growth of microcomputer usage has added to the problem because anyone with a microcomputer and access to the Internet can "hack." Two major deterrents to hacking are (1) education and (2) prevention. Education includes teaching students, employees, and the general public about computer ethics, helping them understand how costly computer breaches can be to victim organizations, and making them aware of the fact that hacking is now a punishable federal offense. Prevention includes installing and using firewalls, non-dictionary passwords, lockout, dial-back, and/or other security systems, changing passwords often, and prosecuting hackers as examples to others. 3-7. A computer virus is a program or subroutine that can replicate itself in other programs or computer systems. Typically, viruses are also destructive, although a few "benign" viruses have commandeered computer systems just long enough to display harmless messages before returning control to the end user. The damage that can be caused by other virus programs can be much more serious, and includes destroying system or user files, disrupting computer operations, denying others access to a system, launching distributed denial of service attacks against other systems, or disrupting the functioning of a complete system or network.
SM 3.5
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
3-8. As noted in the text, employees are not likely to be aware of the importance or cost of cybercrime. Thus, educating employees about cybercrime laws, the telltale signs of cybercrime, and the importance of making periodic file backups to recover from cybercrime are important. Research also suggests that cybercrime is less likely if companies inform employees about the seriousness of such abuse and aggressively prosecute computer abusers. Although employees can be educated without the support of top management, most experts agree that such support is critical to successful security programs. The education process itself takes valuable employee time, of course, and managers must prepare the necessary policy manuals and training programs must exist with the full consent and encouragement of top executives. 3-9. Given that the Internet is a medium of information exchange and a free market, almost any crime that can be committed in a physical venue can also be committed in an electronic one. This includes misrepresentation, fraud, theft, racketeering, bribery, extortion, etc. In addition, as noted in the chapter, the Internet also gives computer abusers the opportunity to spread computer viruses, hack into computer systems and files for illicit purposes, and destroy or alter computer records or software without permission. Finally, it is important to note that the Internet provides perpetrators the critical anonymity they need to execute these forms of cybercrime. The types of resources targeted by computer abusers vary widely. In some cases, the financial information maintained by a computer system is the target, as illustrated by the TRW case. In other cases, it is the personal identities of customers or taxpayers. In still other cases such as in denial-of-service attacks, the system itself is the target. The controls that are needed to safeguard such recourses also vary widely. 3-10. Ethical behavior means acting in accord with standards of moral conduct. Examples of ethical behavior within AIS environments include protecting confidential information, being socially responsible, respecting the privacy of others, avoiding conflicts of interest, and using work computers only for business purposes. Five ways of encouraging ethical behavior include: 1. Educating employees about the importance of ethical behavior 2. Training employees by providing them with actual cases of ethical behavior in formal educational settings 3. Teaching by example 4. Rewarding ethical behavior with job promotions and similar benefits 5. Asking employees to subscribe (e.g., by signature) to professional codes of conduct 6. Penalizing those who violate ethical codes of conduct At one of the author’s universities, the student judicial office keeps lists of students caught cheating. If the instructor wishes, a student caught cheating can be asked to attend one or more workshops that teach them about student ethics (point 1 above) and what can happen to students who violate the university’s student code (point 6 above). 3-11. Hopefully, Mr. Randy Allen is an honest, hard-working bank employee deserving of the "Employee-of-the-Year" award. However, the presence of (1) a computerized bank data
SM 3.6
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
processing system to handle accounts, (2) the number of complaints from customers about account-balance errors, and (3) the ability of Mr. Allen to rectify these errors manually without additional approval or supervision suggest that additional investigation may be in order. An enforcement of the two-week vacation rule for Mr. Allen, and perhaps an audit of the accounts of customers who have been complaining in his absence, would be good ideas. There are just too many danger signs here to let this situation go unexamined.
Problems 3-12. The scenarios presented in these brief descriptions actually happened. They are controversial matters and can lead to good classroom discussions. Although there are no right or wrong answers, the authors suggest the following as preferred responses: a. Here we have a student filing a formal complaint against a university because it did not rectify a problem caused by her own forgetfulness. If the university has a written policy forbidding techs to provide computer passwords over the phone, the university should be on solid ground. b. An individual’s right to privacy sometimes conflicts with corporate goals. This scenario points to the importance of developing corporate policies about such matters—especially the issue of what materials employees can maintain on business computers. Educating this particular employee to how embarrassing it would be if customers learned about his pornographic materials might be all that was needed to solve this problem. In the end, this case deals with a corporate computer, owned by the company, which therefore should have the final say about what can be stored on it. c. Research shows that allowing individuals to select their own passwords usually results in easy-to-guess, simple passwords and/or the post-it-note behavior described here. But these are undesirable security problems. Again, corporate policies that (1) require employees to use company-assigned or strong passwords, and (2) explicitly require employees to hide their passwords from public view can help. d. This event actually happened. The employee objected to someone snooping his old hard drive on the grounds that it contained personal information, but his superiors argued that he had accepted the new computer and therefore given up his rights to the old one. The information on the old hard drive provided clear evidence that this particular employee was violating corporate policy by working a second job, resulting in a near-dismissal for this employee. e. The discovery from this audit is a major red flag. The company should employ a forensic accountant, and perhaps a lawyer, to investigate further. An interesting question to answer is “Who is cashing the checks?” If it is the same person, this would be evidence of fraud. f. This action is perhaps unethical but not illegal. It is not much different from hiring shills in live auctions to bid up prices. g. This is an example of click fraud. Because the activity appears intentional, it is prosecutable as fraud. 3-13. This problem requires students to create a report on a recent computer abuse that they find discussed in a recent journal or other publication. Although finding such abuses is relatively
SM 3.7
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
easy, the lack of detailed information in most of them usually makes it more difficult to create meaningful analyses of them. The important points to emphasize here are students’ research skills and their ability to find an appropriate example. A good source of information for these types of examples may be found at the following website: http://www.crime-research.org. 3-14.
Suggested Control procedures are as follows:
a. The company should eliminate incompatible functions: the clerk should not be permitted to both create payroll records and be in a position to intercept the payroll checks. The system would also be able to alert others to this activity if it automatically generated confirmation slips of new hires to department managers. b. The incompatible function in this example allows a clerk to handle cash and to manipulate the accounts affected by the cash payments. c. Passwords should not be dictionary words, but nonsense terms like "RES234" instead. Access to corporate computers from outside callers can also be controlled by limiting the number of password tries a caller can make (e.g., to three attempts), or by using a dial-back system. d. The only way lapping accounts receivable can be performed successfully over this much time is by continued access and diligent activity. Enforcing the two-week vacation rule usually thwarts it. e. Educating employees to the problems of viruses and how viruses are introduced to LANs may help. A policy forbidding employees from downloading computer games to corporate computers would also be useful. Finally, many companies now routinely use antiviral software that automatically screens new software for known viruses before it is loaded onto hard disks. f. This is a breach of confidentiality, and certainly unethical behavior. The employees of medical facilities are usually cautioned about the strict, private nature of the information they access. "Education" and "corporate policies" regarding the confidentiality of this information are important controls. Firing employees who violate such policies also helps other employees understand their importance and seriousness. 3-15. 1. 2. 3. 4. 5. 6. 7.
The Association of Fraud Examiners (ACFE) Checklist and points are as follows: Fraud risk oversight (20 points) Fraud risk ownership (10 points) Fraud risk assessment (10 points) Fraud risk tolerance and risk management policy (10 points) Process-level anti-fraud controls/reengineering (10 points) Environmental anti-fraud controls (30 points) Proactive fraud detection (10 points)
This question also asks students whether this checklist “is likely to help organizations prevent most types of fraud.” Although most students are likely to feel that this checklist can help managers and employees prevent and/or detect fraud, it is important to note that even the most stringent controls are worthless if managers ignore them.
SM 3.8
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Case Analyses 3.16
Find-a-Fraud
1. Potential red flags are: After hours sales, sales during vacation periods, large number of sales just below authorization requirements, large returns just after year-end. 2. a. After hours sales: employee could be creating false sales b. Sales during vacation periods: employee could be creating false sales c. Sales below authorization levels: employees may be attempting to avoid authorization, which could indicate the potential for false sales d. Large returns after year-end: this could indicate that sales recorded near year-end were fictitious and created to boost reported revenue 3. It appears most likely that Employee C is engaged in some form of fraud involving fictitious sales, and the company may be intentionally overstating revenue by recording false sales near year-end. 3-17.
The Resort
1. Yes, because it involves a computer, it is possible to call this a cybercrime. 2. This would be classified as fraud because employees are intentionally deceiving the company, they are receiving benefits, and the firm is harmed. 3. One obvious control for this application is for the resort to formally adopt a policy prohibiting employees from receiving booking commissions when they double as travel agents—or perhaps pay them small, fixed bonuses for such work instead of full commissions. The resort should also maintain a current list of approved travel agencies, and use this list before paying booking commissions. It may also be cost effective for managers to handle non-approved agency commissions on an exceptions basis. For example, each month before paying commissions to such agencies, the resort might obtain a printout of unrecognized firms and contact each of them for verification. 4. Classification will depend on the controls that students identify. Using the first example above, any “policy” is intended to be a preventive control. Notice that the content of the policy is to segregate duties, which is itself a preventive control. The last example in 3 above would be a detective control. Students also might suggest training for employees at this resort so that they learn how management expects them to behave in the future, which would be an example of a corrective control. 5. The lack of accountability is critical to this fraud because it is the resort’s policy of paying unverified travel agencies booking commissions that enables this deception to continue. It is not clear that the resort should change its policy (e.g., it may not be cost effective to do so).
SM 3.9
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
However, this seems unlikely. Catching and disciplining one employee may also act as a deterrent to others. 3-18.
The Department of Taxation
1. a) Confidentiality problems that could arise processing input data and recommended corrective actions are as follows: Problems
Controls
1) Unauthorized user of a) Limit physical access to terminal room used for data terminal. input and/or require data input personnel to wear color-coded badges for identification b) Use different passwords for each user and change them frequently 2) Online modification of program by operator to by-pass controls.
a) Prohibit program modification from input or inquiry terminals b) Secure the documentation that indicates how to perform operations other than input of tax returns c) Do not hire operators with programming skills d) Prohibit programmers from computer room
3) Use of equipment for unauthorized processing or searching through files.
a) Use passwords that limit access to only that part of the system needed for input of current tax data b) Secure the documentation that indicates how to perform operations other than input of tax returns
b) Confidentiality problems that could arise processing returns and recommended corrective actions are as follows: Problems
Controls
1) Operator a) Limit operator access to only that part of the intervention to documentation needed for equipment operation input data or to gain b) Prohibit operators from writing programs or modifying the output from files. system c) Daily review of console log messages and/or run times 2) There might be attempts to screen individual returns on the basis of sex, race, surname, etc.
a) Institute programming controls such that there is a definite sequence to creating or maintaining programs. This sequence should contain reviews at general levels and complete trial runs.
SM 3.10
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
c) Confidentiality problems that could arise in the inquiry of data and recommended corrective actions are as follows: Problems
Controls
1) Unauthorized user with a valid taxpayer ID using the system.
a) Use a sign-in/sign-out register for persons using the system b) Require users to show some form of identification c) Use a programmed sequence of questions which only valid users are likely to be able to answer d) Prohibit phone responses
2) Taxpayer or regional state employee use of equipment for unauthorized processing or searching through files.
a) Use passwords to limit access to output of tax information b) Secure the documentation that indicates how to perform tasks other than taxpayer inquiries c) Have the terminals lock out for repeated login errors or attempts to break security d) Have a code system that logs each entry and data inquiry by user e) Provide daily activity reporting to supervisors and/or auditors showing terminal numbers, user numbers, type of processing, name of files accessed, and unacceptable requests
2. Potential problems and possible controls to provide data security against loss, damage, and improper input or use of data are as follows: Problems
Controls
1) Loss of tax return data before any file updates.
a) Keep copies of tax returns in a safe location and (temporarily) organized for reprocessing if necessary b) Maintain a transaction log on backing media for possible recall
2) Improper input or use of data during processing.
a) Verify data entry or enter twice by different operators b) Prohibit data entry through inquiry terminals c) Process routine items at specified times, thus preventing unauthorized runs of vital information
3) Incomplete processing of tax returns.
a) Computer prompting of terminal operators for appropriate input b) Balancing of computer processing at each stage back to input and run control totals
4) Fraudulent program modifications
a) Prohibit programming from input or inquiry terminals; log all such attempts on console log for immediate
SM 3.11
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
entered from input or inquiry terminals.
supervisory action b) Periodic checks of all software packages so that any illegal modifications can be detected
SM 3.12
Chapter 4 INFORMATION TECHNOLOGY AND AISs Discussion Questions 4-1. An AIS is best viewed as a set of interacting components that must all work together to accomplish data gathering, storage, processing, and output tasks. For example, computer hardware runs software, and each would be "lost" without the other. Similarly, software must have data to provide useful information. And all these components would be useless without people and procedures to maintain them, gather them, run them, and use them properly. 4-2. An understanding of information technology (IT) is important to accountants for many reasons. Some examples: a) Much of today's accounting tasks are performed with computers. Thus, it is essential that the modern accountant possess a basic understanding of a computer's functions, capabilities, and limitations. b) Accountants often help clients make hardware and software decisions. A knowledge of IT concepts is critical to these efforts. c) Accounting information systems that are computerized must still be audited. It is impossible to audit such systems without a firm understanding of IS concepts. d) Accountants are often asked to sit on evaluation committees when changes to existing accounting systems are contemplated. An understanding of how a computer operates enables the accountant to participate more intelligently in such committees. e) Accountants are often asked to assist in the design of new computerized accounting information systems. Computer technology often plays an important role in this design work. f) Most accounting systems require controls to assure the accuracy, timeliness, and completeness of the information generated by such systems. An understanding of how computer technology contributes to these objectives, and also how computer technology can thwart these objectives, enables the accountant to evaluate computer controls in an automated accounting environment. g) Those accountants who understand how to use computer hardware and software will have the easiest time in performing such tasks as auditing, budgeting, database use, and so forth. Thus, the more accountants understand about information technology, the easier it is to get hired, noticed, and/or promoted. h) A great deal of accounting data are gathered, transmitted, processed, and distributed via the Internet. A fundamental understanding of the information technology that drives these activities is therefore essential to the accountants that help perform these activities. 4-3. Data transcription refers to the transformation of data from source documents into machine-readable "computerized" input. Data transcription is unnecessary in manual accounting information systems because there is no computer. However, data transcription is critical to those computerized accounting information systems that collect data with manually-prepared source documents.
SM 4.1
Data entry personnel typically transcribe data by copying them onto computer-readable media such as CDs, or more commonly, keying data directly into computers (e.g., when a bank clerk helps a customer make a deposit). Thus, data transcription is usually labor intensive and therefore costly. Data transcription also has the potential to insert errors into data and/or to delay or “bottle-neck” operations. Designers of effective accounting information systems are willing to incur such costs because the benefits of the computerized processing from these systems make them cost-effective. However, data-preparation time and costs can be saved, and transcription delays avoided, if an AIS gathers data that are already in machine readable form (e.g., through automatic tag readers, bar codes, or magnetized-strip cards). 4-4. Computer input equipment includes computer keyboards, computer mice, bar code readers, POS devices, MICR readers, OCR readers, magnetic strip readers, and such specialized microcomputer input devices as computer mice, joysticks, web cams, and microphones. AIS users now input a growing amount of accounting data via mobile devices such as smart phones and computer tablets. The chapter describes the functioning of each device in detail. 4-5. This question asks students to voice their personal opinions about red-light cameras— the ones that automatically issue traffic tickets when drivers run red lights. This question should therefore generate lively discussion. Many drivers hate them—for example, arguing that winter conditions made it difficult to stop or that such systems are more motivated by ticket revenues than by concerns for safety. These concerns have led to local ordinances that restrict local governments from sharing ticket proceeds with camera vendors and caused other cities to eliminate them entirely. Red-light camera proponents argue the opposite, suggesting that such systems merely enforce driving laws already on the books, serve a safety function, can be outsourced to vendors who handle all data processing and ticketing, and save local residents money by generating revenues that could otherwise only be raised by other taxes. According to American Traffic Solutions, an industry advocacy organization, red-light camera contracts in the US has grown from 155 in 2005 to 689 in 2012. 4-6. The three components of the central processing unit are: (1) primary memory, (2) arithmetic/logic unit, and (3) control unit. As its name suggests, the primary memory of the CPU temporarily stores data and programs for execution purposes. The arithmetic-logic units of most central processors have special-purpose storage memories called registers that perform arithmetic operations (such as addition, subtraction, multiplication, division and exponentiation) and logical operations (such as comparisons and bit-manipulating functions). Finally, the control sections of central processing units act as an overseer of operations, interpreting program instructions and supervising their execution. Microprocessor speeds are measured in megahertz (MHz) or gigahertz (GHz)—the number of pulses per second of the system’s timing clock. In larger computers, processor speed is also measured in millions of instructions per second (MIPS) or millions of floating point operations per second (MFLOPS). Processor speeds are rarely important to accounting systems because the speed of the processor drastically exceeds the speeds for input and output operations. Most computers are I/O bound, meaning that their CPUs mostly wait for data to be input or output.
SM 4.2
4-7. The three types of printers mentioned in the text are dot-matrix printers, inkjet printers, and laser printers. Dot-matrix printers a) Advantages: (1) inexpensive, (2) flexible, and (3) able to print on multipart paper (i.e., make “carbon copies”) b) Disadvantages: (1) slow print speeds, (2) low print resolutions Ink-Jet Printers a) Advantages: (1) higher print resolutions than most dot-matrix printers, (2) can print in multiple colors, (3) can print photographic prints, and continuous graphs, (4) selected models can perform faxing, copying, and scanning functions, (5) some can print on both sides and (6) comparatively inexpensive compared to laser printers b) Disadvantages: (1) lower speeds (compared to laser printers), (2) can print single copies only (not carbon copies), and (3) ink cartridges are comparatively expensive Laser Printers a) Advantages: (1) high output quality, (2) fastest print speeds, (3) selected models can perform faxing, copying, and scanning functions b) Disadvantages: (1) comparatively higher costs for both printers and toner cartridges, and (2) can print single copies only 4-8. Secondary storage devices provide a permanent, non-volatile medium for storing and retrieving accounting data. Examples include permanent hard disks, removable disks such as zip disks, CD-ROM disks, DVDs, flash (USB) drives, cartridge tape, and flash memory sticks (e.g., the type used in cameras). Secondary storage is important to AISs because the primary memory of a computer is too small and too volatile to meet the permanent-storage requirements of the typical accounting information system. In addition, such secondary storage media as CD-ROMs and USB devices are removable and therefore useful for backup, mailing, and distribution tasks. These media and their relative advantages and disadvantages are described at length in the chapter. 4-9. Image processing refers to storing graphic images in computer files (usually of business documents) and manipulating them electronically. Examples of image processing applications mentioned in the text include: insurance companies (storing claims forms and accident reports), banks (storing check images), hospitals (storing medical scans), and the IRS (storing tax returns). Other examples include catalog applications (storing merchandise images), personnel applications (storing employee pictures), and legal applications (storing mortgages, deeds, wills and other legal documents). Four advantages of image processing that are important to AISs are: (1) fast data capture, (2) archiving efficiency (the ability to store hundreds of thousands of documents on a small medium), (3) processing convenience (the ability to retrieve, catalog, sort, or otherwise organize images quickly and efficiently), and (4) accessibility (the ability to provide the same images to several users at once). This last, file-sharing advantage is also important for collaborative tasks in professional offices.
SM 4.3
4-10. Data communications protocols are the standards by which computer devices communicate with one another. Examples of such standards include the packet size and format, the transmission rate, the duplex setting, the type of transmission (synchronous versus asynchronous), and the type of parity used (odd, even, or none). Communication protocols are important because they enable computers to transmit data over different types of communications media, and also to interpret data after the transmission takes place. For instance, if the parity bit for a character were different than the parity bit at the time it was transmitted, the character would either be different or unreadable. This enables communication devices to detect transmission errors and request retransmissions if necessary. An observation: the difference between $1 and $1 billion is one bit. 4-11. Local Area Networks (LANs) are collections of computers, file servers, printers, and similar devices that are located in a small area (e.g., the same building), and that are connected to one another for communications purposes. The advantages of LANs are described in the chapter, and include: (1) the ability to facilitate communication among LAN members, and between LAN members and the Internet, (2) sharing computer equipment, (3) sharing computer files, (4) sharing software and thereby saving software costs, and (5) enabling unlike computer equipment to communicate with one another. 4-12. Client/server computing is an alternate to mainframe/host computing. In centralized computing systems, the mainframe computer or minicomputer performs most, if not all, of the processing and database tasks, which are also mostly centralized. In client/computing, processing may be performed by the server computer or the client (typically, a microcomputer), and database information is usually copied onto several file servers. Client/server systems offer several advantages. These include the ability to: (1) substitute the inexpensive processing capabilities of microcomputer hardware and software for comparatively expensive mainframe or minicomputer processing capabilities, (2) reduce data communications time and costs, and (3) utilize thin-client systems. Some disadvantages are: (1) the problem of maintaining multiple copies of important databases on several servers, (2) the additional tasks required to keep server databases current, (3) more difficult backup and recovery, (4) increased difficulty when changing application software from one package to another, and (5) a potential need for greater user training. The security and auditability of client server systems are usually also more complex. 4-13. These days, almost any vendor that offers remote computer services could be classified as a cloud computing vendor. This includes those companies that perform basic payroll functions such as Intuit, tax preparers that create tax returns remotely such as H. & R. Block, and even universities that offer distance-education courses on the Internet. Cloud computing vendors offer the major advantages of other outsourcing suppliers along with nearinstantaneous electronic speed (no more need for a courier service!). But cloud computing isn’t always cheaper, faster, or better. Moreover, the quality of a vendor’s work is not automatically guaranteed simply because it provides online services, and “security” is also a concern because the owner loses control of data. Finally, subscribers that become dependent upon their vendors run an added risk should data failures or data breaches occur.
SM 4.4
4-14. Windowing operating systems such as Windows Vista, Windows 7, and Windows 8 are operating systems that use graphical user interfaces (GUIs) with menus, icons, and other graphics elements. These elements enable users to select processing options and perform computing tasks without the need to memorize system commands. In contrast, command-driven operating systems such as DOS and UNIX force users to memorize system commands because available options are not usually listed or displayed onscreen. Multitasking capabilities enable operating systems to perform more than one task on a singleuser computer. For example, most windowing operating systems are multitasking systems that allow users to operate several concurrent sessions in separate windows, and to switch back and forth among them as needs dictate. Multitasking operating systems enable users to work more efficiently and perhaps be more productive. Windowing operating systems, GUIs, and multitasking operating systems are also important to AISs because so many other microcomputer accounting programs require them. For example, Peachtree, Solomon, Great Plains, Excel, Access, and Word software all run under Microsoft’s Windows operating systems. These programs are used by accountants as personal and professional productivity tools, and also by auditors and the clients of CPA firms for similar reasons. 4-15. Four classes of application software are: (1) personal productivity software, (2) commercial productivity software, (3) accounting software, and (4) communications software. Other types of application software include database software, software for academics (e.g., grade-book management software), medical diagnostic software, game-playing software, software that processes marketing data, production data, personnel data, and enterprise resource planning (ERP) software. Personal productivity software enables users to create and manipulate word documents (word processing software), create and manipulate spreadsheets (spreadsheet software), create and manipulate databases (database management systems software), create and maintain calendars, or maintain personal budgets and finances (personal finance software). Commercial productivity software enables users to plan and track resources on large projects (project management software), design consumer or industrial products (CAD software), control manufacturing processes (CAM software), or create presentations (presentation graphics software). Accounting software performs the familiar accounting tasks involved in payroll, accounts receivable, accounts payable, and inventory control. Chapter 12 of this text discusses integrated accounting packages in detail and Chapter 10 discusses the transaction cycles involved in these applications. Communications software enables users to e-mail one another, transmit data to and from distant computers, and access the Internet and World Wide Web. Finally, ERP software enables businesses to transmit, manipulate, and integrate financial data on a corporate wide basis. 4-16. Computer programmers create the capabilities of each and every computer application by writing computer instructions in a programming language that a computer can understand and execute. Fortran (an acronym for “formula translation”) was one of the first such languages, and excels in translating mathematical expressions into computer code. COBOL (Common Business Oriented Language) enables users to write programming instructions in English-like code and is comparatively self-documenting. RPG (Report Program Generator) is
SM 4.5
good for creating simple reports from existing databases and is widely supported by IBM on minicomputers. Some of the newer programming languages mentioned in the text include (1) C++, which excels at bit manipulations and assembler tasks, (2) HTML (HyperText Markup Language), which programmers use to create web pages, (3) JAVA, which programmers can use to create interactive websites, and (4) Visual Basic, which enables programmers to develop interactive windows programs with easily-manipulated, event-driven programming tools. 4-17. This question asks students whether or not copying software is ok if it is for personal uses. Most students know it is illegal, but only a few are willing to admit that they do it. Typical justifications include that it is a “one-time use,” the inconvenience of paying, the fact that he or she is “just a poor student” who is entitled to a very large discount, or the perception that the developers charge too much for their products.
Problems 4-18.
Classifying equipment:
Item: a) CRT screen b) ALU c) CD-ROM d) keyboard e) modem f) dot-matrix printer g) audio speaker h) POS device i) MICR reader j) laser printer k) ALU l) flash memory m) OCR reader n) magnetic disk o) ATM p) primary memory 4-19.
Classification: output CPU component secondary storage input data communications output output input input output CPU component secondary storage input secondary storage input and output CPU component
Defining acronyms:
Item: a) POS b) CPU c) OCR d) MICR e) ATM f) RAM g) ALU
Meaning: Point of sale Central processing unit Optical character reader Magnetic ink character recognition Automated teller machine Random access memory Arithmetic-logic unit
SM 4.6
h) MIPS i) OS j) MHz k) pixel l) RGB m) CD-ROM n) worm o) modem p) LAN q) WAN r) RFID s) WAP t) Wi-Fi u) ppm v) dpi w) NFC
Millions of instructions per second Operating system Megahertz Picture element red, green, blue compact disk-read only memory Write once read many Modulator demodulator Local area network Wide area network radio frequency identification Wireless application protocol Wireless fidelity Pages per minute Dots per inch Near field communications
4-20. a) one DVD disk capacity = 17 gigabytes b) one hard disk capacity = 1 terabyte or more c) ten CD-ROM disks = 10 * 650 megabytes = 6,500 megabytes = 6.5 gigabytes Conclusion: Choice (b) holds the most data. 4-21.
How many bytes is 500 gigabytes? 500*(1024^3) = 536,870,912,000 bytes
4-22.
a) b) c) d) e) f) g) h) i) j) k) l) m) n)
Brian Fry Products character positions 1-4 5-9 10-19 20-22 23-27 28-32 33-34 35-42 43-46 47-54 55-58 59-61 64-66 67-71
field order number part number part description manufacturing department number of pieces started number of pieces finished machine number date work started (MM/DD/YYYY) hour work started date work completed (MM/DD/YYYY) hour work completed work standard worker number foreman number
SM 4.7
4-23. Go the AICPA website and identify the top ten information technologies for the current year. At the time this answer key was prepared, they are as shown in Figure 4-1. These items change from year to year. 4-24.
An RFID system for a state’s toll roads. Debit
a. b. c. d. e.
Account Title Cash Cash Transponder Deposits Transponder Deposits Owner’s Equity
Credit Amount 20.00 100.00 900.00 25.75 10.00
Account Title Transponder Sales Transponder Deposits Credit Cards Receivable Cash Cash
Amount 20.00 100.00 900.00 25.75 10.00
4-25. This problem requires students to select a type of computer hardware of interest and to write a one-page report. We recommend requiring students to use a spreadsheet with which to embed pictures of three different hardware examples in separate cells. We found that the results are interesting and fun to grade, and that some of our students were surprised to learn that they can embed pictures in spreadsheets. 4-26. This problem requires students to visit the Dell Corporation’s website at www.dell.com and develop their own desktop computer system. The three parts to this problem are: (a) compute the total price of your system, (b) determine whether a system purchased as a complete package might be cheaper, and (c) determine whether a similar laptop system perhaps purchased from another vendor might be cheaper. 4-27. This problem requires students to visit the Accounting Technology website at www.accountingtoday.com/accounting-technology, select an article of interest, and write a onepage summary of it. 4-28. Examples of productivity software include (1) spreadsheet software, (2) email software, (3) word-processing software, (4) database software, (5) presentation software, (6) CAD (design) software, (7) charting or graphics software, (8) software to create or edit electronic music, (8) desktop publishing software, (9) email software, and (10) software to create or edit electronic music. Web browsers are usually considered “personal” but not often considered necessarily “productive.” Web development software that helps individuals create their own web pages might also be considered productivity software. The accounting applications of this software should be self-evident.
SM 4.8
Case Analyses 4-29.
Pucinelli Supermarkets Computations Example: (Column B) UPC Code: 64200115896 Length Test: OK Check Digit is: 6 Sum of odd digits: 19 Sum of even digits: 17 Add digits x 3: 57 Sum: 74 Last digit: 4 Computed check 6 digit: Conclusion: valid number Formulas for Column B 064200115896 (Stored in cell B2) =IF(LEN(B2)=12, "OK", "Not OK") =RIGHT(B2,1) =MID(B2, 1, 1) + MID(B2, 3, 1) + MID(B2, 5, 1) + MID(B2, 7, 1) + MID(B2, 9, 1) + MID(B2, 11, 1) =MID(B2, 2, 1) + MID(B2, 4, 1)+MID(B2, 6, 1) + MID(B2, 8, 1)+ MID(B2, 10,1) =3*B5 =SUM(B6:B7) =RIGHT(B8,1) =IF(B9=0, 0, 10-B9) =IF(AND(B3="OK",VALUE(B10)=VALUE(B4)),"valid number", "invalid number")
SM 4.9
1. UPC Code: Length Test: Check Digit is: Sum of odd digits: Sum of even digits: Add digits x 3: Sum: Last digit: Computed check digit: Conclusion:
639277240453 OK 3 29 20 87 107 7 3 valid number
2. UPC Code: Length Test: Check Digit is: Sum of odd digits: Sum of even digits: Add digits x 3: Sum: Last digit: Computed check digit: Conclusion:
040000234548 OK 8 10 12 30 42 2 8 valid number
SM 4.10
3. UPC Code: Length Test: Check Digit is:
034000087884 OK 4
Sum of odd digits: Sum of even digits: Add digits x 3: Sum: Last digit: Computed check digit:
19 19 57 76 6 4
Conclusion:
valid number
4. UPC Code: Length Test: Check Digit is:
048109352495 OK 5
Sum of odd digits: Sum of even digits: Add digits x 3: Sum: Last digit: Computed check digit: Conclusion: 4-30.
22 23 66 89 9 1 invalid number
Savage Motors (Software Training)
Department
No. of Employees
Word Processing
Spreadsheets
Data-base
Presentation Graphics
Accounting
Sales Operations Accounting
112 82 55
1150 320 750
750 2450 3600
900 650 820
500 100 250
700 500 2500
Answers for: Part 1: Sales Operations Accounting
No. of Employees
Word Processing
Spreadsheets
Data-base
Presentation Graphics
Accounting
112 82 55
10.3 2.9 6.7
6.7 21.9 32.1
8 5.8 7.3
4.5 0.9 2.2
6.3 4.5 22.3
SM 4.11
Part 2: Sales Operations Accounting
1150 2450 3600
Part 3:
No. of Employees
Totals:
249
Word Processing Spreadsheets Spreadsheets Word Processing
Spreadsheets
Data-base
Presentation Graphics
Account ing
2,220 8.9
6,800 27.3
2,370 9.5
850 3.4
3,700 14.9
Average
Spreadsheets are used the most hours. Part 4:
35.0 30.0 25.0 20.0 15.0 10.0 5.0 0.0
Sales
Accounting
Presentation Graphcs
Database
Spreadsheets
Operations
Word Processing
Average per week
Average softrware usage by application and department
Accounting
Software application
Part 5: Answers will vary by students. 4-31.
Backwater University
1. One possible solution is to use a coupon system for students. With this system, students would be given meal coupons rather than ID cards, and the coupon itself “pays” for the meal. Another possibility is to install a local area network in the dining facilities, and use point-ofsale (POS) terminals to check students through the lines. For this latter option, it would probably make sense to use student ID cards with magnetic stripes for faster throughput. A third solution, similar to the second, is to use fingerprint recognition software and a database of authorized students to check them through the lunch lines. Students will probably develop several additional alternatives for this question. 2. No additional hardware is required for the coupon plan, although a centralized database of students on a microcomputer system would be useful for printing coupons each month. In contrast, the two LAN systems will require a file server, POS or biometric scanning terminals, and at least one administrative computer for inputting ID information for those students approved for a specific type of meal plan.
SM 4.12
3. The software required for the coupon system would maintain a central database of student data, including identifying information about the student and the type of meal plan desired. A coupon-printing system could print coupons with student names on each one once a month. The software for the POS or biometric systems would also maintain a centralized list of students, plus information indicating whether or not a student used his or her card for a specific meal (thus controlling the multi-meal problem mentioned in the case). 4. Good information systems pay for themselves quickly. Thus, when evaluating the desirability of either system, the analysis should show that the proposed system is cost effective. The costs of the proposed system include the hardware, software, and personnel mentioned above. The benefits of a proposed system include reduced customer lines at the entrance to the dining facilities, better control of student funds and plans, and perhaps even reduced cashiering labor. More discussions about such system analyses are found in later chapters of the book. 4-32.
Bennet National Bank
1. The special information that must be coded on the magnetic strip of the card would include, but would not necessarily be limited to: a) special bank code b) customer's credit card number c) customer's savings account number d) customer's checking account number e) expiration date of card f) issue date of the card g) date of last use for automatic withdrawal purposes h) the number of withdrawals on date of last withdrawal i) secret passcode 2. The tests of conformity with bank policy and locations for such tests would be: a) correct passcode test performed by client b) Bennet credit card test performed by client c) current credit card test performed by client d) stolen credit card test performed by bank's CPU using central files e) amount of usage test performed by client f) overdrawing of account test performed by bank's CPU using central files 4-33.
Morrigan Department Stores (The Ethics of Forced Software Upgrading)
General comment: This case discusses the difficulties that most companies, government agencies, and individuals face when new hardware or new versions of familiar software force individuals to learn, or relearn, how to accomplish old tasks on new computer systems. Inasmuch as this phenomena is usually well-understood by students, the case can lead to lively discussions of the pains and gains involved in these upgrades.
SM 4.13
1. Roberta Gardner’s description of “64-bit machines” is not wrong, but probably overly simplifies what this term means. The transition to 64-bit microprocessor designs represents a doubling of register size from earlier 32-bit designs, and is a natural extension of the processing capabilities of mainframe computers to microcomputers. The newer, 64-bit systems enable personal computers to access more random access memory as well as perform large-number computations with more significant digits. However, along with these improvements in hardware processing capabilities has come newer software that can take advantage of these capabilities. In the case of Microsoft’s 2010 Office suite, for example, the changes were considerable, requiring users to relearn how to perform formerly familiar tasks using unfamiliar menus and commands. 2. Possible arguments against upgrading current hardware or software include: A. avoid the costs of such hardware and/or software B. the convenience of using current software, which is usually well understood C. compatibility with current accounting applications D. savings in training time and cost E. ability to manage without them 3. Possible arguments in favor of upgrading current hardware or software include: A. compatibility with the word processing, spreadsheet, or database files in other departments or branch offices B. free software support from vendors C. the potential to acquire more capable software than the older versions D. the ability to run new software on new, 64-bit devices E. increased speed of processing F. better security 4. Students are likely to have conflicting views on whether hardware or software upgrades are “more hype than real.” For example, newer operating systems are likely to include additional security features such as better anti-virus protection—a very real advantage—as is the ability to address more bytes of random access memory. It is less clear whether or not the newer versions of say, word processors, are worth the incremental costs in time and effort required to learn how to use them—a question that can best be answered on a case by case basis. 5. This question asks students if they feel if it is ethical for software vendors such as Microsoft, Adobe or Apple to ship software packages with both known and unknown defects in them. While most students are willing to make allowances for “unknown defects,” few are likely to feel that it is ethical for these vendors to ship software with known defects. Hopefully, at least some students will distinguish between “ethical” and “practical,” noting that there will always be some “bugs” in large, integrated and complicated software packages. 6. This question asks students if they agree with the argument that “many hardware and/or software upgrades are unnecessary.” Most students are likely to agree that some upgrades are unnecessary. Thus, a good question to also ask is “are there some upgrades that are necessary?” In answering this question, some students will note that upgrading virus protection software, operating systems, and (eventually) application software is inevitable.
SM 4.14
7. Students are likely to agree with Alex McLeod’s statement that companies should provide training. However, the expectation to learn software “on your own” is a common policy and common expectation especially characteristic of corporate policy in times of tight budgets. Instructors might point out here that end users sometimes skip software training even when it is offered—a factor that sometimes leads to huge implementation failures. An example may be found in the case by Baltzan and Phillips (2009). “Campus ERP” (Boston: McGrawHill/Irwin), pp. 356-357. It might also be worth noting here that the expectation to “keep current” includes a working knowledge of current software as well as a hallmark of professional accountants. 8. This question asks students whether or not they feel it was necessary for the corporate participants in this case to physically meet in one location. Certainly, with the (often free) availability of conferencing software such as Skype or other messaging software, for example, virtual meetings are easily arranged and of course, save companies travel funds. On the other hand, employees are likely to both attend and appreciate the rest and relaxation afforded meetings in lovely tropical settings, and is a benefit likely to foster both employee loyalty and motivation. Students may also mention that traveling to a distant location often leads to increased understanding of problems of other people.
SM 4.15
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Chapter 5 DOCUMENTING ACCOUNTING INFORMATION SYSTEMS Discussion Questions 5-1. The chapter provides ten reasons why documenting AISs is important: (1) depicting how the system works, (2) training users, (3) designing new systems, (4) controlling systems development costs, (5) standardizing communication with others, (6) auditing, and (7) documenting business processes, (8) complying with the Sarbanes Oxley Act, (9) establishing accountability for work, and (10) saving money. Additional reasons include: (1) to help evaluate the performance of system personnel, (2) to help evaluate the adequacy or efficiency of an existing system, and (3) to provide design specifications to outside vendors who might be proposing new systems. Accountants are interested in system documentation for all these reasons. For example, inadequate documentation makes it difficult to use an integrated accounting package effectively, design one for others to use, or audit a system intelligently. Flowcharts and similar systems documentation are also important to auditors. These charts can help auditors spot internal control weaknesses that are not apparent from prototypes or not obvious when observing a system in use. 5-2. Document flowcharts mostly depict the physical flow of paper documents through a system. Document and system flowcharts are similar in that they use similar symbols, although document flowcharts use a few additional symbols, such as envelopes and hand trucks to depict movement of goods. System flowcharts contain more detail about processing logic. Accountants can use data flow diagrams (DFDs) to depict the physical flows of data through an AIS (like document flowcharts), or the logical flow of data through an AIS (like system flowcharts). Like document or system flowcharts, their main objective is to document data flows in an orderly, graphic, and easily-understood format. But DFDs use fewer symbols than either document or system flowcharts, and do not require columns (like document flowcharts). Program flowcharts tend to depict the most detailed level of system flowcharts because they outline the logic sequence for a particular application program. Thus, they are more used by programmers and system analysts than by accountants and auditors. Still, auditors will need to understand these program flowcharts when looking at program logic and program controls. Program flowcharts use many of the same symbols found in system flowcharts, but also use some special ones such as the decision symbol. 5-3. A document flowchart is a pictorial representation of the physical data flow through the various departments of a business. A document flowchart is used in designing or evaluating an accounting information system.
SM 5.1
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
1. A systems analyst uses it when evaluating a system to see if each department is receiving the necessary data and that unnecessary data are not collected, stored, or forwarded to others. 2. A system designer uses it when managers wish to improve or replace an existing system. 3. A computer programmer can use a document flowchart as a blueprint for creating computer programs that will replace a formerly manual system. 4. An auditor uses it to help define, follow, and evaluate an audit trail. 5. An internal data security expert uses it to identify weaknesses in the internal controls or data processing of an accounting system. 5-4. Guidelines for creating data flow diagrams, document flowcharts, system flowcharts, process maps, decision tables, and decision trees may be found in the text. 5-5. Data flow diagrams use a square symbol to show the source or destination of data, a circle to indicate a process, an open rectangle symbol to indicate a store of data, and arrows to depict a data flow or data stream. 5-6. Developers create data flow diagrams in a hierarchy called the top-down approach to systems development. In this approach, developers create these diagrams in levels, beginning with the highest, least-detailed level, and exploding or drilling downward with increasing refinements of each piece of the preceding level until they specify the complete system. The rationale behind this approach is to keep major system objectives in view at first, and to worry about details later as major system components become clear. The process is reiterative, revisions are common, and little is considered “final” until the lowest diagram levels have been specified and approved. The broadest DFD is called a context diagram. The next level (a “level-0" diagram) is also called a physical data flow diagram. Lower levels are numbered “level-1", “level-2", and so forth, and are commonly termed logical data flow diagrams. 5-7. It is usually easier to follow logic with a chart or figure than with a written narrative. For example, when reading a long narrative description of a process, it is often difficult to visualize relationships between system elements and a reader’s attention can wander. In contrast, graphical depictions of the same logic are usually easier to understand because most people grasp the use of arrows to show connections or data flows. 5-8. Decision tables outline the set of conditions that a given processing task might encounter and indicate the appropriate action to take for each condition. Decision tables can therefore help system designers plan data processing functions, develop computer programs, and create written records of the processing logic for later reference. The major advantage of decision tables is that they can summarize a potentially large number of conditions and actions in a compact format. They are therefore also useful for identifying lapses in controls—for example, because a computer program fails to account for a specific set of conditions. Finally, those accountants who audit AISs rely heavily upon internal documentation, and decision tables can help them verify the processing logic and control procedures that were built into these systems.
SM 5.2
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
5-9. Just as word processors enable users to create, store, modify, and print word documents, CASE tools enable IT and accounting personnel to create, store, modify, and print system documentation. The term CASE is an acronym for "computer assisted software engineering." CASE tools automate the development of program and system documentation. Thus, developers use them to create data flow diagrams, entity relationship diagrams, record layouts, data entry screens, report formats, screen menus, system flowcharts, and program flowcharts. Most also include generators for developing data dictionaries. CASE tools are computer programs that typically run on microcomputers. The user selects a particular type of document to develop or modify, and then works on it in much the same way that a manager uses a word processor to work on a word document. It is not necessary to use CASE programs to develop AIS documentation, but it is difficult to imagine why anyone would not use such capable and time-saving tools. 5-10. End user computing refers to the computer activities of non-computer employees, especially the development of large spreadsheets and databases. Although such activities are commonplace today, they also create problems. For example, when non-IT personnel develop important spreadsheet models, a company becomes increasingly dependent upon such individuals to answer questions or to explain how to use the software. Documentation is also important in end-user computing environments because it provides the training aids, user descriptions, tutorials, and reference materials that other users need in order to run the applications effectively. At one company known to the authors, important spreadsheets must be approved by three separate supervisors to guarantee their accuracy and completeness.
Problems 5-11. This problem asks students to familiarize themselves with Excel’s flowcharting symbols. The list includes the following symbols:
Process
Predefined Process
Alternate Process
Decision
Internal Storage
Document
SM 5.3
Data
Multidocument
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Terminator
Preparation
Manual Input
Manual Operation
Connector
Off-page Connector
Card
Punched Tape
Summing Junction
Or
Collate
Sort
Extract
Merge
Stored Data
Delay
Sequential Access Storage
Magnetic Disk
Direct Access Storage
Display
5-12.
Draw a document flowchart for each of the following situations.
SM 5.4
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Prepare Sales Draft
Sales Invoice
Credit Sales Invoices
Transactions
Employee Application Forms
1
File
Batch Control Tape
CPU using “Create New Records” program
Terminal
Customer Inquiry Letters (4 types) List of uncollectable accounts
Review Customer Accounts
Inspect shipments
SM 5.5
Employee Master File
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
g)
h)
Employee time card data
Key entry
Employee time card data
Key entry
Employee time card data
to CPU
to CPU
Employee time card data on floppy disk
i)
The flowcharter should use onpage connectors.
Dept. 1
Dept. 2
Dept. 3
Dept. 4
j) Source Document
Source Document
Source Document
Source Document
File
k)
Dept. 1
Source Document
Copy
Dept. 2
Source Document
File
Ledger
SM 5.6
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
5-13.
Mark Goodwin Convenience Stores
SM 5.7
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
5-14
Garcia-Lanoue Company
SM 5.8
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
5-15.
Ron Mitchell Manufacturing Company Shipping Department
Shipping order
Data Entry Department Shipping order
Computer Operations
File
Key entry
Floppy disk
Verify
Floppy disk
SM 5.9
Floppy disk
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
5-16.
Amanda M Company
Context Diagram:
Sales / Collection Process
Customers
Employees & Bank
Level 0 Diagram:
Customers
Sales Orders
Payments Shipping Notice and Invoice
Order Data
1.0 Process Sales Orders
2.0 Process Shipments
Shipment Data
Sales Reports Order Reports
Payment Reports
Employees & Bank
SM 5.10
3.0 Process Electronic Payments
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
5-17.
Winston Beauchamp Company
System Flowchart:
Product file Manual customer order
Process customer orders
Key entry
Customer order file
Customer orders report
Data Flow Diagram:
Customer
Product file
Customer orders
product information
Key customer order data
Customer order information
Customer order file
one copy of customer order
four copies of customer order
Hold for further processing Other departments
SM 5.11
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
5-18.
LeVitre and Sweezy Credit Union
Customers
Make Deposit
Employers
Make Withdrawal
Make Deposit
Accounting Transactions
Create Monthly Statements
Update Master File Daily
Get Information For Inquiries
Bank Employees
Credit Union Accounts Master File
Prepare Payroll Checks
Pay Bills
Creditors For Rent,Phone, Utilities, Etc.
SM 5.12
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
5-19.
Jeffrey Getelman Publishing Company
New subscription orders, renewals, and checks
Change of address forms
Terminal
Terminal
CPU
CPU Subscriber Master File
using “Edit Subscription Orders“ Program
using “Change of Address“ Program
Summary Report of new subscription renewals
Summary Report of address changes
CPU using “Monthly Mailing Label” Program
Mailing Labels
Notices to new and renewal subscribers
to production department
to mail
SM 5.13
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
5-20.
The Bridget Joyce Company
a. The decision table is shown below. Note that alternate decision rules would also be reasonable here since the case does not specify exactly what action is to be taken for each set of conditions. DECISION TABLE RULES Account Status:
1
Not past due
Y
Less than 30 days past due
2
3
4
5
Y
Y
Y
6
7
8
Y
Y
Y
9
10
11
Y
Y
Y
Y
31-60 days past due 61-90 days past due More than 90 days past due Account Activity: No activity
Y
Y
Y
Written communications
Y Y
Partial payment
Y Y
Y
Y Y
Y
Action: √
Do nothing Send first letter of inquiry Send second letter of inquiry
√
√
√
√
√
√
√ √
√ √
Refer to collection agency
b. This exercise requires some creativity on the part of the student. One possibility is to give each customer a rating on the following: Rating A B C D
Because no prior delinquency history only one prior delinquency only two prior delinquencies more than two prior delinquencies
SM 5.14
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Mr. Smith can now make a decision based upon this categorization of customer account history. We point out that many companies handle delinquencies on an individual basis. Most small companies, for example, will try to work with their customers whenever possible instead of writing to them impersonally because written confrontations rarely produce desired results. 5-21. This problem requires students to draw the flowcharts in Figure 5-20. In a later part of the problem, students must recreate the flowcharts in Figures 5-3, 5-6, 5-8, 5-11, 5-12, 5-13, 5-14, and 5-15. Because these flowcharts are already shown in the text, the outputs are already known. Teaching notes: Students should follow the directions provided in this case to create the two (program) flowcharts shown as well as the link that connects the two flowcharts together. Students can document their links by printing a copy of their formulas. Finally, although using Excel’s drawing tools is straightforward, it still takes time to create even small diagrams with them. Thus, we recommend that instructors do not assign all parts of this case (a through h), but only assign a selection of these diagrams. 5-22. This problem asks students to visit the ConceptDraw products website at: http://mapthink.blogspot.com/2012/10/how-flowcharts-help-companies-save.html and read the blog. According to the website, the primary advantage of flowcharts is to enable companies to communicate with their auditors, thus saving these auditors time and, indirectly, saving money that companies might otherwise have to pay their auditors. But flowcharts save money in many other ways, as suggested by the “ten reasons why documentation is important” section located at the start of the chapter.
SM 5.15
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Case Analyses 5-23.
Big Fun Toys (Data Flow Diagrams)
Context Diagram:
Purchasing
Vendor
Purchase Orders
Checks
Invoices Accounts Payable Processing System
Receiving Reports
Registers and Reports
Accounting and Management
Receiving Department
SM 5.16
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Level-0 Data Flow Diagram: Vendor Information
Vendor Data
Purchasing Department
Purchase Order
Accounts Payable Receiving Department
Receiving Reports
Accounts Payable Information
Process Accounts Payable Accrual Data
Payment Data Invoice
Check Registers Accrual
Vendor
Accounting
Process Vendor Checks
Checks
Vendor Prepare Cash Requirements Forecast
Management
SM 5.17
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
5-24.
The Berridge Company (Document Flowcharts)
1. A document flowchart for the Berridge Company's inventory control system may be found after #3 (below). 2. The company can eliminate one or more copies of the retail store requisition (RSR) form. The document flowchart (and case description) indicate that a retail store prepares three copies of the RSR form. One copy is retained in a file at the retail store, and two copies are forwarded to the warehouse. When warehouse personnel fill the order, they file one copy of the RSR form in their own files, and forward the last copy of this form to the inventory control department for use in updating its records. The end result of this effort is a lot of paperwork. One way to reduce it would be to allow the warehouse personnel to create the computer record that indicates a disbursement to an individual store, thus eliminating the need for the third copy of the RSR form currently sent to inventory control. The company could eliminate all copies of the RSR form by computerizing its warehousing operations completely. In this new system, a retail store would create a computer record for each requisition, which the system could then display onscreen or print on a report of similar requisitions for the warehouse each day. When a requisition order is filled, personnel in the warehouse could indicate this by entering the required data into the computer system. This entry would trigger an inventory update in the inventory file and eliminate the pending requisition record from the file of active requisitions. 3. The company currently creates five copies of each purchase order. These copies are sent to: (1) the vendor, (2) accounts payable, (3) inventory control, and (4) the warehouse. The purchasing department retains the fifth copy. This seems excessive. It is obvious that the company must send one copy of the purchase order to the vendor. In addition, it makes sense for control purposes to send one copy of the purchase order to the receiving department (for use in comparing against the subsequent bill of lading), and to retain one copy of the PO to document the purchase itself. It is less obvious that the company needs to create the other two copies of the purchase order. In fact, the document flowchart indicates that both the inventory control department and warehouse personnel perform the comparison function when goods arrive - a duplication of effort. Similarly, the company can probably eliminate the copy it currently prepares for accounts payable. Instead, warehouse personnel can attach its copy to the receiving report, and the accounts payable department can use the warehouse copy to prepare a check to the vendor.
SM 5.18
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
A document flowchart for the Berridge Company’s inventory control system. Retail Store
Retail Store requisition (RSR)
Inventory control
Warehouse
Purchasing
1
Accounts Payable
Vendor
1 2
2
RSR
3 RSR RSR
RSR
File
File 1 PR Tires and supplies
Tires and supplies
Inventory record
Purchase Requisition (PR)
1
Prepare purchase order
2 PR
Purchase order (PO)
File
Compare
1
1 PO
2
2 PO
3 4
PO
5
PO PO PO 3
1
1 4
PO
Invoice (INV)
INV
PO
2
INV File File Tires and supplies Receiving report (RR) 3 RR
Tires and supplies 1
1
RR
2
2 RR
3 4 RR RR RR
File Compare Compare
2 PO
4 PO
1 1
4 RR
File
SM 5.19
INV RR
Check
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
5-25.
Classic Photography Inc. (System Flowcharts)
Employee Requests
Purchase Requisition
Enter Order
Create Purchase Orders
Fax to Supplier Purchase Orders
Supplier
Open PO
Merchandise Arrives
Check Merchandise vs PO
PO Purchase Order
Enter Order
Prepare open invoices for payment
Supplier
Supplier Invoices
Check
Invoice
SM 5.20
Phone Call if Necessary
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
The systems flowchart is valuable because it shows the “flow” of activities and documents within the sales/collection process. The flowchart is particularly useful for identifying redundant, unnecessary, and risky activities. 5-26.
Filzen Company (Process Maps and Decision Tables)
1. Process map
Customer
Filzon Company – Authorization procedures for credit purchases
Start
Select item for credit purchase
Take receipt of item
End No
End
Extend credit and complete transaction
No
Yes
Existing Customer?
Yes
In good standing?
Yes
Cashier
Determine purchase amount
Under $100?
No
Ask supervisor for approval
Yes
Between $100 and $500?
Yes
No
AR Manager
Supervisor
Ask AR manager for approval
Yes
Review customer account
Review customer account
SM 5.21
Over $500?
Approve?
No
End
Approve?
No
End
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
2. Decision table
Conditions Purchase is less than $100 by known customers in good standing Purchase between $100 and $500 Purchase over $500 Credit purchase attempted by new customer not yet approved for credit Credit purchase by customer not in good standing Actions Approve purchase Require approval of supervisor Require approval of accounts receivable manager Purchase denied
1
Rules 2 3
4
Y * *
N Y *
N N Y
N N N
* *
* *
* *
Y Y
X X X X
3. Decision Tree
4. Student preferences. This question asks for student preferences, which of course will vary by student. As a general rule, most people prefer some kind of chart compared to the table-style decision table. 5. One possible control issue here is the credit limit. The maximum of $500 might be too large for some purchasers, or too small for others. Another issue is the need to acquire the approval of a supervisor for credit purchases of small amounts over $100. This may waste valuable customer time and might be resented by store personnel capable of making these decisions. Finally, these rules might not be followed by store personnel, even if they are the rules.
SM 5.22
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
5-27. Trees)
Stingy Upstate University (Process Maps, Decision Tables, and Decision
1. Process map
Faculty
Stingy Upstate University – Faculty Reimbursements
Start
Submit items for reimbursement to Department
End
End
Left home/hotel before 10am?
Breakfast
Yes
No
Yes
Department
End
Review items
Business Lunch?
No
Meal?
Left home/hotel before 2pm?
Lunch
Yes
Reimburse for max meal amount
Give to reimbursement to faculty member
No End
No Dinner
Yes
Left home/hotel before 8pm?
2. Decision table
Left home after 10am Left home after 2pm Left home after 8pm Meal provided at conference Pay $8 Pay $10 Pay $12 Deny reimbursement
Reimbursement Rules Breakfast Lunch Dinner Y N N * * * * * * * * * Y N N * * * * * * * * * Y N N *
Y
N
N
Y
N
*
Y
N
√ √ √ √
√
SM 5.23
√
√
√
√
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
3. Decision Tree
4. Student preferences. This question asks for student preferences, which of course will vary by student. As a general rule, most people prefer some kind of chart compared to the table-style decision table. 5. Are these rules reasonable? The university’s travel office rules might be justifiable if the institution saves more than the cost of its travel Nazi, Marsha Tightfist—her salary of $50,000 per year (ignoring additional benefits). If university professors were systematically padding their expense reports by claiming for meals that they did not eat, or that were provided to them at conferences, for example, then Marsha might pay for herself in travel cost savings. Another consideration is the ill will generated among faculty members by such stringent rules. Faculty resentment might surface in unforeseen ways—for example, by making it harder to recruit new faculty because of the university’s reputation for stingy reimbursements. Most businesses, and certainly most public accounting offices, understand all this and have more generous reimbursement schedules. Many ignore individual meal costs and use the standard federal per-diem reimbursement rates at: http://www.gsa.gov/portal/category/100120 (click on a state and then select a city for the exact amount). Because many students already work for accounting firms, this might be a springboard for a class discussion on this subject.
SM 5.24
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
5-28.
The Dinteman Company (Document Analysis)
1. a) Data items which should be included on a repair/maintenance work order document are as follows: 1. Job identification - department (or plant) for which work is to be done, machine or work station, and general description of job. 2. Starting and completion dates - both estimated and actual. 3. Materials and supplies data - estimated and actual quantities and costs. 4. Labor data - estimated hours, actual hours cost, and employee number for each job or person completing the work. 5. Applied overhead. b) The company requires at least four copies of the work order, with a possible fifth copy if a work order summary is not prepared. The work order is prepared in the R & M Department and given to the supervisor for review and scheduling. The work order then flows to the person responsible for the work who records the actual hours spent on the job and the actual materials and supplies required to complete the job. After the job is completed, the work order is forwarded to accounting for costing and charging. The distribution of each copy of the work order is as follows: 1. Copy 1 (original) - Once the job is completed and all data has been recorded on the work order, this copy is forwarded to the Accounting Department for costing and then filed in the Accounting Department. 2. Copy 2 - This copy is also fully completed and is filed in the R & M Department in a completed work order file. 3. Copy 3 - This copy would be kept by the R & M Department in a file of scheduled jobs until the work is completed. A reference file is needed for all work orders while the job is in process. Once this job is completed, Copy 3 would be attached to Copy 2 and filed with Copy 2. 4. Copy 4 - This copy would be sent to the Production Department where the work is being done to acknowledge the actual scheduling of the job. An evaluation of the performance of the R & M Department would probably be done in three departments as explained below: The department that requests the work should compare the estimated charges indicated on the Work Order Request with the actual charges and the timeliness of the work, (e.g., the estimated and actual starting and completion times on the Work Order). If the work is not timely or if the actual charges vary considerably from the estimate, the management of the Production Department would contact the supervisor of the R & M Department for an explanation. The supervisor of the R & M Department would conduct a self-evaluation by comparing the Work Order Request and the completed Work Order. The supervisor would want to be sure the actual times and charges were close to the original estimates. Such a
SM 5.25
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
comparison would be important for evaluating the staff in the department and also for preparing future estimates. The Accounting Department (or some other appropriate department) would probably conduct a review of the R & M Department's work. The estimates and actual results shown on the Work Order would be compared. Types of repair and maintenance jobs which have standard times for completion would be compared with actual times required for the work in order to evaluate the department's performance. 2.
Document flowchart.
SM 5.26
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
PRODUCTION DEPARTMENT
REPAIR & MAINTENANCE DEPARTMENT
ACCOUNTING DEPARTMENT
4 3
3
File
2
2
1
1
Service Request
Service Request
Prepare cost estimates for materials and labor. schedule time for work
Post estimates and suggest Time
3 2
2 1
1
Service Request
Service Request
File Work out any scheduling problems with R&M
Review and approve
2
2 1 Service Request
Service Request
2 Service Request
Prepare work order
File
4
File
4
Work Order (Acknowledgement copy)
3 2 1 Work Order File
File
Record actual material and supplies used and labor time required
Activity recording
2 1
2 Work Order (completed)
Work Order (completed)
2 Work Order
Complete detailed costing
File
2 1
3
Work Order Summary
File
2 1
Work Order Summary
Work Order Summary
File
SM 5.27
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Chapter 6 DEVELOPING AND IMPLEMENTING EFFECTIVE ACCOUNTING INFORMATION SYSTEMS
Discussion Questions 6-1. Although some tasks in systems studies overlap, there are major differences between the planning, analysis, and design phases of such studies. The analysis phase involves organizing the system study team, perhaps hiring consultants, and making strategic plans for conducting the systems study. In a sense, the planning phase is continuous, since strategic planning is usually an iterative process. The major purpose of the analysis phase is to enable the study team members to familiarize themselves with a company's current system so that they can make recommendations for improving it. The systems analysis work includes understanding the goals of the current system, performing one or more surveys to acquire information about the company's present system, and generating possible solutions. The analysis phase leads directly to the design phase because the system planners use the information obtained in the analysis phase to design a new system. Therefore, the planning, analysis, and design phases all involve planning at increasing levels of detail. For example, the analysis phase provides a general design for a new system, while the design stage involves detailed design work for system development work. The major purpose of the design phase is to develop specific changes for a company's current system so that weak points can be minimized, if not eliminated. Thus, each phase draws on the information obtained in the prior phase. 6-2. Top managers appoint steering committees to oversee the work of an analysis and design team when it performs a systems study. Thus, a steering committee should be continuously involved in systems development work. The members of its committee should include top management personnel as well as one or more auditors. The role of the steering committee is to represent top management. Thus, its major tasks are to monitor, and interact with, a study team through all the phases of the systems study, and to facilitate communication between an organization’s managers and its study team(s). In many organizations, a steering committee is also responsible for hiring consulting firms to perform systems studies. In such situations, the steering committee serves as an oversight committee that monitors the consultant’s progress and critically reviews its systems analysis reports. These reports enable the committee to consider the consultant’s findings and evaluate the solutions recommended by its team members for solving current system problems. 6-3. Student responses on this question are usually mixed, and it is possible to argue for any one of the three levels here. Some students feel that "general systems goals" are the most important to the effective operation of an organization's information system because such goals as “cost awareness,” “relevant output,” “simplistic structure,” and “flexible structure” are global
SM 6.1
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
in scope and create a framework for an organization’s entire information systems work. Without this framework, an organization’s information systems cannot function effectively. It is also possible to argue that "top management systems goals" are the most important to the effective operation of an organization's information systems because top managers are ultimately the individuals whom the systems must satisfy. This line of thinking in effect says that what is most important is what the top bosses say is most important. Then too, top managers also play an important role as supervisors of successful operational activities and top management's long-range planning and controlling functions are critical to organizational success. Furthermore, top management requires a large variety of decision-making information. Unless the study team gives careful thought and consideration to top management's systems goals, the likelihood of an effective information system will be small. In addition, the systems goals of operating management for the coming year are difficult to develop without taking into consideration top management's systems goals. Finally, if top management's systems goals are not effectively satisfied, it is unlikely that operating management's systems goals could be effectively developed. Finally, it is possible to argue that the most important goals to satisfy are “operating management system goals.” This argument rests on the notion that only operational goals are meaningful. For example, “providing managers with the right information” is a strategic objective which only becomes meaningful when it is restated as “provide Manager X with Payroll Report Y every Monday morning.” 6-4. The purpose of a feasibility evaluation is to determine whether or not a specific new or modified system is technically, operationally, schedule, legally, and economically feasible— i.e., that the system is justifiable and practical in each of these five areas. For this reason, the feasibility evaluation should precede the preparation of a systems specifications report because the data for this report comes from the findings of the feasibility evaluation work (as well as the findings from the detailed systems design work). A systems specifications report should be prepared for only those system designs that are totally feasible—i.e., technical, operational, schedule, legal, and economic feasible. 6-5. This question requires students to imagine what cash benefits and costs an organization might incur when creating an online ordering system. We outline potential benefits and costs below. Note to Instructor: Most students cannot imagine that everything isn’t already computerized and online. However, if you think about such simple applications as address books, recipe files, stamp or doll collections, or the businesses of struggling mom-and-pop shops, manual applications still abound. Before discussing this problem, therefore, it might be interesting to ask the class what manual or non-online applications they can think of. Potential cash benefits: a) Reduced clerical errors b) Increased ability to generate customized sales reports
SM 6.2
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
c) Reduced costs of creating and distributing managerial reports d) Reduced clerical costs and paper generation e) Round-the-clock customer ordering capabilities f) Reduced lost sales and inconvenience caused by stock-outs g) Increased sales to both new and existing customers h) Ability to notify customers of shipping times or problems more quickly through collected email addresses i) Better customer services j) Better market planning k) More efficient management control Potential cash costs (assuming inhouse provision of the online system) a) Computer hardware and software costs b) Costs to initially prepare the company's premises for the computer installation as well as the additional site preparation costs and hardware upgrade costs required during the life of the system c) Physical installation costs d) Employee training costs e) Programming and maintenance costs f) Conversion costs g) Operational costs 6-6. Prototyping involves developing a skeletal software model, or prototype, of an accounting information system. Thus, the prototype is a scaled-down, experimental version of the information system desired by the company’s users. The users should experiment with the prototype and then provide feedback to the developers explaining what they like and dislike about the mockup model. Based on this feedback, the developers will modify the prototype model and again present it to the users for further testing and feedback. This iterative process of “trial use and modification” continues until the users are satisfied that the proposed system adequately meets their needs. As explained in the text, prototyping works well when one or more of the following conditions are present: (1) system users do not understand their information needs very well, (2) system requirements are difficult to define and experimental designs are easier than with a live model, (3) the system to be developed is critical and needed quickly, (4) past interactions have resulted in misunderstandings between users and designers, (5) design mistakes are costly, or (6) the risks associated with developing and implementing the wrong system are high. But prototyping is not always the best solution. As the chapter discusses, prototyping is not recommended when: (1) neither managers nor users trust it, (2) modification requirements are small or outputs and processing needs are already well-defined (many accounting applications fall into this category), (3) only a small subset of a large number of potential users are able to evaluate the model(s), or (4) the application itself, although large, is itself well understood—for example, a general ledger system—and developing a prototype merely duplicates the design work already deployed in existing software packages.
SM 6.3
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
6-7. A system’s specifications report contains detailed information about each design proposal that meets the feasibility requirements of the company's system. The purpose of this report is to facilitate discussions between the design team and the new system’s developers or software vendor(s). But before a vendor can submit a specific system proposal to a client, it must first receive detailed descriptions of that company's information processing needs. The systems specification report provides this information. Regarding the second question, the data included in the systems specifications report differs substantially from the data collected or generated by the design team during its feasibility evaluation work. The systems specification report builds upon the feasibility evaluation data (as well as the detailed systems design work). When members of the design team perform their feasibility evaluation work, they do not normally analyze in detail the specifications of each system proposal. This detailed work is unnecessary because the purpose of the feasibility evaluation is to ascertain whether or not a new system is "totally feasible" for the client company. Only after the steering committee decides that the new system is totally feasible can the design team work on the detailed specifications. Some of the items included in the systems specifications report (that probably would not appear in a feasibility evaluation) are: a) Historical background information regarding the client company's operating activities b) Detailed information about the problems in the client company's present data processing system c) Detailed descriptions of the consultants’ (or study team’s) systems design proposals d) Indication of what the consultants expect the computer vendors to include in their proposals to the client company e) Request for a time schedule from vendors or system developers concerning their implementation of a new system into the client company 6-8. When establishing controls, an implementation team should also design effective audit trails, develop general and application controls for the new computerized system, and create good documentation for the system. Because these controls will affect both the form and content of a company's computer files, the team should create and implement these controls before converting accounting data files to alternate formats. 6-9. Under direct conversion, the organization immediately discontinues using its old system as soon as the new system is installed. Direct conversion may be appropriate when (1) there are many weaknesses in the old system and almost any change is likely to be an improvement, (2) there are only minor or simple revisions to the company's current system, (3) well-tested PC software or hardware is acquired and only a small number of users are involved, or (4) there are drastic differences between the new system and the old system. Compared with parallel or modular conversion, the major advantages of direct conversion are (1) cost, and (2) time savings. Direct conversion saves costs because it is relatively inexpensive—the changeover is immediate. Direct conversion saves time because no time is lost between the changeover from one system to another. The major disadvantage of direct conversion is the possibility that the new system does not function well after it is implemented. This can be very disruptive, costly, and even fatal.
SM 6.4
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Under parallel conversion, an organization operates both its old system and its new system simultaneously for a certain period of time in order to test the new system and compare outputs. The implementation team will investigate differences and either request or make revisions in the new system as required. The major advantage of parallel conversion is that it protects a company’s business processes if the new system does not work properly or fails completely. The major disadvantage of parallel conversion is cost. Because both the old and the new system will process almost all of its accounting transactions throughout the conversion period, organizational facilities and personnel must handle the double-processing workload. This usually leads to overtime work and other extra costs. Under modular conversion, an implementation team decomposes an AIS into smaller units or “modules.” The implementation team then installs the new system "piecemeal" for the specific units associated with the activity. As individual modules are successfully tested and installed, further units are then implemented and tested until the entire system is successfully implemented. The major advantage of modular conversion, therefore, is that the team can identify specific problems early and correct them before implementing the remainder of the system. Because the implementation process takes place on a step-by-step basis, there is a high probability that the complete system will function well. The major disadvantage of modular conversion is that it takes a long time to complete the entire implementation process, thus increasing organizational costs. 6-10. Both Gantt charts and PERT network diagrams are useful tools for scheduling, monitoring, and managing the activities required to implement a new accounting information system (see Figures 6-11 and 6-12 of the text). Of the two, PERT is the more important project management tool. It allows project leaders to plan complex implementation projects, estimate the completion times of these projects, identify the activities on critical paths, and examine “what-if” scenarios in which managers reallocate project resources from some activities to others. Gantt charts are simpler and easier to understand, but they do not indicate the precedence relationships between the various activities as do PERT network diagrams. For this reason, project managers are more likely to use Gantt charts for simple applications, or to illustrate actual-versus-planned completion times of the activities in larger PERT projects. 6-11. When an organization installs a new accounting system, its managers hope that it will eliminate all the old problems and not create new ones. However, as the new system operates on a day-to-day basis, some of the company's original systems problems may reoccur or new problems may develop. The purpose of the follow-up phase of a systems study is to evaluate the new system and determine what problems still exist. A new system should help a company achieve its general systems goals, top management systems goals, and operating management systems goals. Through follow-up analysis work, an implementation team attempts to identify those goals that the new system does not help management achieve. Systems revisions will then be required in these areas. Similarly, new revisions may be needed due to internal and/or external environmental changes, or because the new system no longer provides the types of information required by the company's management. Some specific examples of follow-up work are:
SM 6.5
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
1) Determine whether top management and operating management are satisfied with both the content and the timeliness of the output reports received from the information processing subsystem 2) Evaluate the system controls of the system to ensure they function properly 3) Observe employee work performances to determine if the new system helps them perform their assigned job functions effectively 4) Determine whether processing functions are performed adequately, and also if output schedules for both internal and external reports under the new system are met 5) Talk with local area network users to determine these users’ satisfaction with the information they are accessing from the network 6) Test computer security, privacy, and confidentiality controls to ensure that the new system meets or exceeds expectations in this area The implementation team will prepare a follow-up review report at the end of its follow-up work, which it then submits to the company’s steering committee. It is up to the steering committee to decide what to do next. 6-12. Three major ways that an organization can acquire software are: (1) by acquiring or leasing it from one or more independent vendors, (2) by developing the software in-house, and (3) by outsourcing the data processing tasks required by the system. Technically, however, this last option more refers to accomplishing system tasks than acquiring software. Rather than reinvent the wheel, most organizations obtain their operating systems, communications, and utility program software from outside vendors. The one remaining type of software is application software. When a company has very specific data processing requirements and no available commercial software can satisfy its needs, an organization typically has no choice but to write its own. However, this advantage of “in-house development” also carries over even when commercial software is available—i.e., the fact that the software is customized to meet the organization's specific processing requirements. Because vendor software is usually written for a larger market, it may require considerable modifications to satisfy the organization's data processing needs. The counter argument is that canned software typically costs much less than custom-developed software, and thus, the question is usually whether the costs of purchasing or leasing the initial software, plus the modification costs, are still cheaper than the in-house development alternative. Which approach is better? Depending upon their individual experiences, some students may prefer to acquire software from an independent vendor whereas other students will favor inhouse development. Those students recommending an independent vendor for the acquisition of software often give "lower cost" as the major reason for favoring the independent vendor over the in-house development, but this is not always so. It depends upon the specific software needs of the organization. As a practical matter, however, most companies today prefer to purchase existing software than develop their own. Also, as we noted in earlier chapters, existing software typically incorporates “best practices,” which often requires companies to reengineer some of their processes. While this represents a cost in terms of time and money, successful BPR
SM 6.6
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
initiatives can sometimes reap significant advantages for companies over the long run (i.e., in terms of cost savings due to more efficient and effective processes). 6-13. Business process outsourcing (BPO) means just that—outsourcing the tasks required to perform a specific business function. An example is preparing the weekly company payroll. Typically in such circumstances, the vendor uses its own software, labor, and materials to perform the job. “Knowledge process outsourcing” (KPO) means hiring an outside vendor to perform a knowledge-oriented task. An example is developing software according to client specifications or performing a particular research task. Companies outsource business processes, such as back-office accounting functions, for a variety of reasons. As noted in the text, the number one reason companies outsource is “cost.” Globalization means that any company anywhere in the world may contract with anyone, located anywhere, to perform the required work. Because labor rates vary around the globe, laborintensive tasks that may be done more cheaply elsewhere have the potential for outsourcing. Other reasons mentioned in the textbook include convenience, the ability to depend upon an outside vendor to handle large changes in processing volume, the availability of expertise not found in-house, and relief from the pressures of keeping current with technology. 6-14. “Outsourcing” means contracting with an external organization to perform tasks that a company might otherwise perform internally. Accounting examples include tax preparation and filing, customer billing, or payroll processing. In contrast, “offshoring” means outsourcing tasks to a vendor located in a foreign country. There are many reasons why this difference might be important to managers. One is “cost.” Labor costs are usually cheaper in places such as Ireland or India, and cost savings are likely to be greatest from offshore vendors. Another concern is “language skills”—a particular concern when outsourcing to China or Vietnam, where labor costs are low but “English skills” also tend to be low. A third concern is “security”— the worry that data sent off shore presents bigger risks to contracting companies. Finally, there are the political and currency risks of off-shoring. For example, unless contract amounts are negotiated in domestic currency, there is the risk that the client company must pay increasing amounts simply because of rising exchange rates. Similarly, if there is a contract dispute or some other legal issue, it is usually easier to recover damages from another domestic company than an offshore one.
SM 6.7
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Problems 6-15.
The Chris Hall Company
(a) Information needs of a production plant supervisor: 1) Estimates of periodic requirements (weekly, monthly, etc.) of different types of wine in order to develop periodic production schedules 2) Comparisons of production activities relative to the capacity of production equipment to identify periods when there will be idle plant capacity or overtime work required 3) Information concerning quantities of raw materials needed for manufacturing so that managers can ensure adequate supplies of these materials will be on hand for production 4) Information regarding labor requirements for production so that adequate personnel will be available to meet production schedules 5) Cost reports reflecting variances of actual production costs in comparison to budgeted and standard production costs so that corrective action can be initiated on those production costs that vary significantly from the budget and standard cost data (b) Information needs of top management: 1) Information regarding competitors’ activities (e.g., competitors introduction of new products) and any price and quality changes anticipated or already initiated for competitors present products and how these changes are likely to affect the company's current share of the market 2) Estimates of the company's long-range market potential for each of its product lines 3) Information on the future economic outlook for the country and how the company's future sales will be affected by inflation, unemployment, etc. 4) Projected cost and revenue data associated with wine production and sales in order that long-range budgetary planning can be performed 5) Information on long-term trends in wine consumption both domestically and internationally 6) Information on competing beverages such as beer (c) Marketing manager: 1) Forecasts of expected sales by product line for the coming budget year 2) Information regarding the contribution margin of each product line so that an optimal sales mix can be developed 3) Information regarding production capacities of the manufacturing plant so that managers can determine the ability of the plant to manufacture adequate inventory quantities to meet the anticipated sales mix in the coming budget year 4) Information regarding the effectiveness of various advertising efforts for stimulating demand for the company's products (this information may lead to changes in various promotional endeavors) 5) Information comparing the actual sales to budgeted sales by both product lines and sales personnel; this information can be reported on a management-by-exception basis
SM 6.8
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
6-16. This problem requires students to search the Internet for companies that provide financial and accounting outsourcing (FAO) services. 6-17.
Stevenson Apparel
Note to Instructor: This problem asks students to identify four problems with the system. Here are six of them.
Problems 1. New cashiers are awkward in their use of the POS system. 2. Printing sales tickets seems to take too long. 3. Automatic opening of the cash drawers is erratic. 4. The four-digit STN is inadequate for the number of merchandise items, resulting in frequent dumps of information for discontinued items to make room for new items.
Remedies 1. Conduct POS training for new cashiers. 2. Replace the existing printers with faster models, or speed the processing of sales transactions leading to the printing. 3. Test the voltages sent to the cash drawers under PC control and adjust them to give predictable responses. 4. Add one or more digits to the STN field in all files, reorganize databases, and/or recompile programs (if necessary) for the new STN size, and reload existing STN files. Even better: use automated scanners that eliminate manual keying.
5. Customers become impatient with the long credit approvals.
5. Install electronic credit card verifiers that read the customer’s credit card number and automatically dial the credit card approval service for authorization. Alternately, or in addition, automatically approve credit-card purchases under a set limit—for example, $25.
6. All sales cease when the store server is down.
6. Implement procedures that permits the POS system to ring up sales independent of the computer by: a) Continue to accept sales for cash, but manually record transactions for later computer input b) Maintaining an automated backup server or generator c) Creating a program disk that can be used to restart the PCs and a data disk containing the STN file d) Having cashiers load the program when
SM 6.9
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
the computer fails e) Having the computer retrieve PCcontrolled sales when the computer returns to operation 6-18.
AAZ Consulting
Here are areas where an online, real-time computer system might help the managerial decision making for a professional football team: a) The system could be useful in maintaining up-to-the minute counts of attendance during game days as well as counts by category, e.g., general admission, box seats, VIP, complimentary, etc. b) The system would be able to take ticket orders for future games—an important capability if seats for a certain future game were limited and there were several sales centers for such seats scattered about the ball park or the city. c) For such sports teams as baseball, basketball, and football, the system could be useful in simulating various game-playing situations that could happen during a game and providing statistics about the success of each outcome. d) For all types of athletic teams, the system could help maintain current inventory records for such critical items such as medical and athletic supplies that are needed by the team. e) For all types of athletic teams, a real-time system could be useful to aid the projections of future attendance at games and to help forecast future cash flows as well as other budgetary activities (such as forecasts of future capital expansion). f) For professional baseball, basketball, and football teams that draw heavily upon college graduates when seeking new players, the system could provide current information about each year's available college graduates as well as future college graduates and their unique qualifications. Also, the computer system could maintain information about which players have already been signed to contracts by other teams, which individuals are still free agents, and which teams are competing for these free agents. 6-19.
GuessRight Consultants This company has hired you to help it develop billing software. The answers to specific questions are as follows:
1. The purpose of prototyping is to provide a mockup of a proposed information system without the detailed functionality of the system or the cost. One reason a prototypes is useful is because it enables organizations to avoid the higher costs of actually creating it, and also because it helps end users get the “look and feel” of a real system. Prototypes also help users improve it. 2. A prototype may never become a real system, just as a prototype of an automobile or airplane might never become a real car or airplane. This might be because viewers might prefer alternate systems, or because the expected development or production costs of such items are too high.
SM 6.10
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
3. The advantages of prototypes to end users include an early exposure to software systems and the ability to affect the subsequent development of a system that is more to their liking. Disadvantages include the time and effort end users might spend experimenting with the prototype or providing formal feedback about it as well as the disappointment of never seeing a real system developed (should the project be abandoned). Advantages and disadvantages to managers include these same items, plus perhaps the ability to ask about operational capabilities. One advantage of prototypes to system developers is the ability to correct or modify a system before they spend time creating unwanted functionality or unneeded items (e.g., reports). Perhaps the biggest disadvantage to developers is the extra time and effort required to create prototypes and to interview end users about them. 6-20.
Cook Consultants
Students typically don’t like May’s suggestion. True, implementing the new system on time is important, and can probably be completed much faster under “direct conversion” than “parallel conversion.” However, meeting this date at the expense of installing an inefficient or untested system should normally be avoided. Because The Samuel Company is making major changes to its system, there is a strong likelihood that various problems may occur. “Direct conversion” means that the old system will be discontinued immediately after the new system is implemented. If problems occur with the new system, these problems may be costly, lose customers, waste employee time, and will normally be more difficult to solve if the old system is gone. Furthermore, a company can have serious difficulties maintaining accurate data files if only the new system is operative and problems with the new system corrupt the data in these files. Under parallel conversion, both the old system and the new system operate simultaneously for a period of time until managers believe the new system is free of errors. The problem with parallel conversion is that it takes more time than direct conversion. However, the likelihood is much greater that, under parallel conversion, the new system will operate more efficiently and effectively. For these reasons, parallel conversion should be used even though it may delay the systems implementation schedule. 6-21. This problem asks students to find statistics on the Bureau of Labor Statistics website at www.bls.gove/ooh. According to this site, the median pay for “accountants and auditors” for 2012 (the latest statistics available at the time of this writing) was $63,550 per year or $30.55 per hour. This compares to $93,350 and $44.88 per hour for software developers. Both types of jobs require bachelor’s degrees for entry level positions, but the bureau expects opportunities for software developers to grow at the rate of 22 percent per year—a rate much faster than the average growth expected for all jobs (and the rate of growth expected for accountants). These statistics do not consider “opportunities for advancement” to other jobs, which are probably higher for entry-level accounting than software-developer positions. 6-22. A preliminary Investigation
SM 6.11
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Although this problem is open-ended, the authors have had great success encouraging students to examine the information system of specific companies and requiring them to report their findings in class. One common difficulty is the fact that the study of even the smallest systems tends to be a large and complex undertaking. This is a useful lesson, however, for understanding “scope creep,” and certainly points out the difference between in-class theory and real-world practice. As a practical matter, however, instructors should urge their students to look at very simple systems in very small companies. 6-23.
Understanding PERT Charts
a. Only activity B must be completed before activity C can begin. b. Both activities E and F must be completed before activity G can begin. In turn, activity E requires activity A and activity F requires activity B. c. Activity J requires the immediate completion of activities I, G, and D before it can commence. Indirectly, activity J requires the completion of all the other activities before it can begin. d. The five paths through the network (and their completion times) are: (1) AEHIJ (55), (2) AEGJ (50), (3) BFHIJ (58), (4) BFGJ (53), and (5) BCDJ (48). The critical path is BFHIJ because it is the longest path through the network. e. Activity F can only begin after the company completes activity B. If Activity B requires 14 weeks to complete, then activity F can begin at the beginning of week 15. f. The two paths leading to activity G are AE (requiring 18 weeks) and BF (requiring 21 weeks). Because activity G requires the completion of both activities E and F, the earliest start time for activity G is the beginning of week 22. g. From Part 4 of this question, we know that the entire project can be completed in 58 weeks. If activity J requires 26 weeks to complete, then we can subtract 26 from 58 to get “32.” This means that the latest start time for activity J is at the end of week 32, or the beginning of week 33. h. This part of the problem continues part 7. We know that activity J must start no later than the beginning of week 33. Because activity G requires 6 weeks to complete, we can subtract 6 from 33 to get “27.” Thus, the latest start time for activity G is the beginning of week 27. i. From part 6 of this problem we know that the earliest start time for activity G is the beginning of week 22. From part 8 of this problem, we know that the latest start time for activity G is the beginning of week 27. Subtracting, we obtain the slack time for this activity: 5 weeks. 6-24. a. b. c.
Understanding GANTT charts
Activity G (“convert data files”) is scheduled to begin at the beginning of week 22 and end 6 weeks later (the end of week 28). Activity I (“test computer software”) is scheduled to begin at the beginning of week 28 and end 5 weeks later (the end of week 32). The Gantt chart shows that the actual time to complete activity A (“prepare the physical site”) was 11 weeks. This was less than the 17 weeks originally planned for it.
SM 6.12
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
d. e.
f.
The Gantt chart shows that the actual time to complete activity B (“determine the functional changes”) was 16 weeks. This was more than the 14 weeks originally planned for it. Activity E (“acquire and install computer equipment”) can only begin after the company completes activity A. Because the company was able to complete activity A early (in 11 weeks), it can also begin activity E early—i.e., at the start of week 12. Activity C (“select and assign personnel”) can only begin after the company completes activity B (“determine functional changes”). According to the Gantt chart, there was a delay in completing this activity, which was completed at the end of week 14. Thus, activity C can actually begin at the start of week 15.
Case Analyses 6-25.
Prado Roberts Manufacturing (What Type of Computer System to Implement?)
1. Four advantages of mainframe computer systems are: • The available speed, power, and memory needed to perform the largest, most complex tasks without the complexity and concerns of networks • Multi-user capabilities, enabling hundreds or even thousands of users to access the same computer and files simultaneously • The mainframe programs, partially because they have existed for a long time, are debugged, and, therefore, cheaper than new microcomputer software • A centralized computing environment leads to better control of applications, program development, data files, computer operations, and quality standards with greater uniformity Four disadvantages of mainframe computer systems are: • Such systems may not be user friendly • Such systems may require a high level of expertise to operate and require highly trained, expensive IT staff • There may be time delays in developing and implementing new systems as the programs are complex • New software for the mainframe may not be available, or may be expensive if it is available These advantages and disadvantages are likely to also apply to other manufacturing companies. 2. Factors and/or activities that prolong the lives of mainframe computer systems are: • Systems that were originally developed in-house have now been debugged and work properly • The availability of parallel processing and emerging software capabilities • The high cost of replacing customized systems Two reasons why companies may not want to retire their mainframe computer systems are: SM 6.13
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
• •
These companies have enormous investments in mainframe platforms that would have to be written-off on the financial statements Many users rely on mainframes to perform their most vital computing functions which may require more memory, processing power, and data files than those available on microcomputers
Again, these factors are also likely to apply to other manufacturing companies. 3. Five advantages of microcomputer/client-server systems are: • They are more user-friendly, thus, making it easy for employees to use • They more easily meet rapidly changing business needs with new systems applications • Microcomputer standalone capabilities allow users to continue to perform computer tasks even if the host or server is disabled • Microcomputer low acquisition and maintenance costs, which continue to decline over time • Many software applications are available in the marketplace Two disadvantages of microcomputer/client-server systems are: • The loss of central control since security is more difficult relative to remote stations, the server, and data files • Personnel are tempted to use microcomputer work stations for personal purposes These advantages and disadvantages also apply to Prado. 6-26.
Wright Company (Analyzing System Reports)
Note to Instructor: In the solution below, the word “dysfunctional" refers to a negative contribution toward the company's operating efficiency and the word “functional” refers to a positive contribution toward the company's operating efficiency. 1. Indicate whether each of the four reactions cited in the text contribute positively or negatively to the Wright Company’s operating effectiveness. 1) If the reports contain information that requires immediate attention, any delay in action is likely to be dysfunctional. If the reports continue to accumulate with no action taking place (e.g., the department heads do not catch up during the lulls), this definitely is dysfunctional behavior. 2) Generating too many reports or generating so many of them that managers take the wrong action is a dysfunctional response and a good example of information overload. The department heads were unable to assimilate the supplied information properly, and therefore they either did not use it or used it incorrectly. 3) Delaying action until reminded by someone can be dysfunctional. If delays continually take place and result in complications and/or delays in other departments, this lack of action is dysfunctional.
SM 6.14
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
4) Seeking information from external sources can be both functional and dysfunctional. Gathering information from alternative sources can be dysfunctional because the formal system is not producing the information in a usable form and the process of developing information from other sources probably has a cost. However, the fact that the department heads generate needed information from other sources might be taken as a functional response to the problem. 2. For each negative reaction, recommend alternative procedures that the Wright Company can employ. The dysfunctional behavior that occurred in Wright Company is most likely a direct result of management's failure to recognize that information systems are dynamic. Once a system is designed and implemented, it should be continually reviewed to acknowledge and incorporate any changes. It does not make sense to attack these problems piecemeal. Instead, a follow-up systems study committee composed of both systems staff and users should be established to review the present system and to interview users about their information needs and uses of the system’s outputs. During the systems survey review, the committee should focus on the information needed by department heads, the content, form, and formats this information should take, and the timing of the information. Unnecessary reports should be eliminated, and individual reports should be redesigned to include only relevant information. Once revised, the reporting system should be reviewed periodically to make sure it is functioning smoothly and to make necessary corrections. 6-27.
Viva Vacations (A Systems Study for a Time Share Rental Agency)
This case is about a company that sells time shares and handles both short- and long-term vacation rentals for its clients. It currently keeps manual records, but the owner is considering implementing a computerizing system. Suggested answers for the various requirements are as follows: 1. It is important for Chad to understand that a careful systems analysis of his current system and future needs is a best-practice approach. For example, a review of his current system will enable the study team to identify the strengths and weaknesses of his current manual system, determine what software might meet his future needs, what controls are or could be useful in a new system, and whether a custom-developed or host solution might make the most sense. Some strengths of the current system are (1) the manual system is straightforward and probably requires little training to use it, (2) it is manual and therefore completely human readable, (3) the system can run without electric power, and (4) records are tangible and easily modified. Some weaknesses of the current system are (1) reservations are not possible more than six months in advance, (2) there appear to be no backups in the cases of fire or floods, (3) data are only available from the office and remote access is not possible, (4) physical storage space increases with the number of
SM 6.15
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
manila folders, which may get out of hand if business volume increases, and (5) mathematical and clerical errors are likely. Information that the study team might gather in the systems analysis phase might include (1) the general goals of the system, top management (Chad’s) goals for the system, and the goals/desires of employees using the system, (2) documentation about how the current manual system works, (3) observations of the current system in use, and (4) estimates of current and future transaction volumes. This final item is particularly important if Chad begins advertising on the Internet, which will probably increase business. 2. This part of the case requires the computation of a present value, but an interest rate is purposely not provided. Students must decide what would be a reasonable rate. Illustrative computations on a spreadsheet are:
The computations suggest that the interest rate is important: The project breaks even using an interest rate of about 2.6 percent, and loses money for higher interest rates. This might be a useful springboard to discuss the advantages and pitfalls of cost/benefit analysis. For example, are the benefits and costs given in the problem statement necessarily sure things, or could these estimates be wrong? Are there other costs not included in these calculations? Are there other advantages of computerizing that might compel the owner to pursue this project anyway? 3. This question asks students whether it is ethical for a software developer to pay you a “fee” for finding a customer, and also whether it is ethical for you recommend an inferior package (for example, because it costs less). Student opinions are likely to differ, especially about the second consideration. 4. A request for proposal (RFP) allows a company to solicit and evaluate bids from alternate vendors to solve the same problem. No two bids are likely to be the same, with proposals differing in costs, services included, training options, and amount of vendor support provided. The availability of alternate proposals will give Chad at Viva Vacations an opportunity to decide for himself which option makes the most sense. It might also
SM 6.16
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
happen that Global Adventures not only has the best package, but also offers the package at a lower rate than first understood, thereby solving the dilemma encountered in part 2. 6-29.
Stephen Kerr Cosmetics (Point-Scoring Analysis)
Part I: Using Equal Weights
Equal Weights Required Modifications Ease of Use Internal Controls Flexibility Vendor Support
Fritz’s Ratings Meg's Ratings Fritz’s Ratings Meg's Ratings Vendor Vendor Vendor Vendor Vendor Vendor Vendor Vendor A B A B A B A B
0.2 0.2
3 8
2 3
3 4
3 6
0.6 1.6
0.4 0.6
0.6 0.8
0.6 1.2
0.2 0.2 0.2
3 4 7
4 5 5
2 3 3
4 7 9
0.6 0.8 1.4 5
0.8 1 1 3.8
0.4 0.6 0.6 3
0.8 1.4 1.8 5.8
Fritz prefers Vendor A; Meg prefers Vendor B
Part 2: Using New Weights Fritz’s Ratings Meg's Ratings Fritz’s Ratings Meg's Ratings Compromise Vendor Vendor Vendor Vendor Vendor Vendor Vendor Vendor Weights A B A B A B A B Required Modifications Ease of Use Internal Controls Flexibility Vendor Support
0.2 0.3
3 8
2 3
3 4
3 6
0.6 2.4
0.4 0.9
0.6 1.2
0.6 1.8
0.1 0.1 0.4
3 4 7
4 5 5
2 3 3
4 7 9
0.3 0.4 2.8 6.5
0.4 0.5 2 4.2
0.2 0.3 1.2 3.5
0.4 0.7 3.6 7.1
Fritz still prefers Vendor A; Meg still prefers Vendor B
SM 6.17
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Part 3: Using Average Ratings: Combined Combined Fritz’s Ratings Meg's Ratings Weights Results Compromise Vendor Vendor Vendor Vendor Vendor Vendor Vendor Vendor Weights A B A B A B A B Required Modifications Ease of Use Internal Controls Flexibility Vendor Support
0.2 0.3
3 8
2 3
3 4
3 6
3 6
2.5 4.5
0.6 1.8
0.5 1.35
0.1 0.1 0.4
3 4 7
4 5 5
2 3 3
4 7 9
2.5 3.5 5
4 6 7
0.25 0.35 2 5
0.4 0.6 2.8 5.65
Vendor B has a slightly higher score now. 4. What do these exercises suggest about point scoring analyses? These exercises suggest that even the most “objective” numerical analyses are subject to such problems as assumptions, subjective ratings of underlying data, and compromises in choices if more than one person assigns ratings. They also suggest that important criteria may be omitted from the analyses—for example, the reputation of the vendor, the length of the support contract, the convenience or inconvenience of access to the vendors’ support staff or facilities, and the availability of off-shore help desk support.
SM 6.18
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Chapter 7 DATA MODELING
Discussion Questions 7-1. Almost every AIS must organize and store data in permanent files. This leads to the need for databases that help business and governmental users store, modify, extract, and distribute accounting data. The text discusses seven specific reasons why databases are important to AISs: (1) the fact that AIS databases usually store valuable information, (2) the large volume of data in some databases, which increases the importance of organizing data efficiently, (3) the complexity of modern database designs (e.g., because of client/server networks, (4) the need for privacy and security, (5) the fact that most AIS databases contain irreplaceable data, (6) the importance of accuracy, and (7) Internet uses such as storing online customer transactions. The first section of the chapter discusses each of these reasons in greater detail. 7-2. The hierarchy of data describes the fact that AISs store the data in a database in natural levels. These are, from smallest to largest: data field → record → file → database Examples will vary for each student. 7-3. The data field in each record that uniquely distinguishes one record from another on a computer file is called the primary key. Typically, the primary key is numeric, although alphabetic or alphanumeric primary keys are also possible. A primary key can be a simple number such as a customer account number, or a complicated value such as (1) a composite number (e.g., a bank account number including branch and individual account number) or (2) a large number with imbedded codes (e.g., a credit-card number). AIS databases also use foreign record keys to link the records in one database table to the records in other tables. The presence of all these record keys may seem complicated, but their uses are vital to the efficient functioning of the databases used by AISs. 7-4. Here are some examples of typical accounting information system files and the potential record keys used for each: Computer File Accounts Receivable Master File Accounts Payable Master File Employee Payroll File Employee Personnel File Chart of Accounts File General Ledger File Budget File Purchase Order File
Potential Record Key Customer account number Supplier account number Employee social security number Employee social security number Journal category code General Ledger account number General Ledger account number Invoice number SM 7.1
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Inventory File Check-Writing File Transaction File
Inventory Part number Check number Account number and date
7-5. The data in large, commercial databases pose special challenges for database designers and users. Some major concerns are: (1) data integrity: the requirement that stored data are both complete and completely accurate (2) transaction accuracy and completeness: the concern that any changes made to a database are performed properly and completely (3) concurrency: ensuring that two users do not access and sequentially change the same database record at the same time (4) security: the requirement that database information be protected from external access and fraudulent manipulation. Specific examples will vary by students. 7-6. The term “REA” is an acronym for “resources, events, and agents.” In the REA model, an AIS database stores information about these file entities—for example, information about inventories (resources), cash sales (events), and customers (agents). The REA model differs from traditional accounting systems in that REA databases tend to store information about resources, events, or agents that do not immediately affect the financial statements of a company. Two examples of such information mentioned in the text are “sales orders” and “hiring decisions.” Similar information includes data about customer demographics, interest rates, or competitor activities. 7-7. Database cardinalities represent the relationships between database entities—for example, one-to-one, one-to-many, or many-to-many. In a payroll application, for example, a one-to-one relationship would be “employee” and “social security number,” a one-to-many relationship would be “invoice” and “detail lines,” and a many-to-many relationship would be “employees” and “pay rates.” 7-8. The entity-relationship (E-R) model is a graphic tool for helping developers design databases. Ovals denote data attributes (e.g., hourly pay rate), rectangles denote file entities (e.g., an employee), diamonds denote relationships (e.g., one-to-many), and straight lines denote data flows. E-R diagrams becomes a table in the completed database. 7-9. Assuming that the records in the Salesperson table stores information about individual sales people (e.g., name, employee number, office phone number, etc.) and that the records in the Sales table stores information about individual sales transactions (e.g., date, amount, type of payment, salesperson number, etc.), the relationship between these two tables is one-to-many. This means that each salesperson could have many sales transactions, but each sales transaction could have, at most, one salesperson. To show the sales for each salesperson in any given month, you would need to create a relationship between them to link the file records in these two tables together. The use of foreign keys would be sufficient to do this, and you would not need to create an intermediate relationship table for this purpose.
SM 7.2
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Now suppose that more than one salesperson could make a sale to the same customer. Then, the relationship between “salesperson” and “sales” would be many-to-many. In that case, you would need to create an intermediate relationship table that showed which salesperson made which sale to which customer. This gets complex, which is the reason why database cardinalities and data modeling are important—if challenging—topics in AIS. 7-10. Normalization is a process for ensuring that attributes are stored in the most appropriate tables and are non-redundant. The text describes the first three levels of normalization: first normal form, second normal form, and third normal form. If databases are not normalized, they can suffer from database anomalies such as the inability to add information to the database, the inability to delete data without deleting related information, and difficulty updating data.
Problems 7-11. a) Definitions: 1) Field: A set of characters that describe or define a particular file entity, (e.g., the employee number field in a payroll file). 2) Record: A set of data fields about one file entity, (e.g., the set of data fields that describe an employee in a payroll file). 3) File: A collection of records about similar file entities, (e.g., a collection of employee records in a payroll file). b) 1) A database is a collection of data files that are shared by one or more accounting applications. Typical database files include files containing the accounting data themselves (e.g., payroll information), as well as a set of auxiliary files such as query files and index files that help manage this data. 2) Database advantages: a) Eliminates or reduces data redundancy b) Reduces data conflicts that often result from files of duplicate information c) Centralizes file information d) Separates file data from the applications that use them, enabling the application to focus on its tasks rather than the format of the data e) Enables users to create convenient reports both at the time they first create a database as well as later as new needs dictate f) Availability of excellent software for easily altering, inquiring, or reporting file data Disadvantages: a) Increases work of creating and maintaining databases b) Increases coordination among the data needs of several departments requiring, or collecting, the data in the database c) Increases the need for security to protect informational assets d) Increases complexity of the systems that use them e) Increases cost
SM 7.3
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
7-12. Data items likely to be included in a cash table are: Cash Account #, Type of Account, Bank, Beginning Balance, Beginning Balance Date. As suggested by the underlining, the Cash Account # would be the primary key. The Cash Receipts table would include: Cash Receipt #, [Cash Account #], Date Received, [Employee#], and Amount. Cash Receipt# is a primary key, Cash Account # and Employee# are foreign keys. 7-13. a) Teachers can teach zero to many courses, and each course is taught by one teacher. Courses can be taught many times or may not have been taught. b) A surgery involves one patient, one nurse, and one doctor. A patient can have zero to many surgeries. A doctor can perform zero to many surgeries. A nurse can perform zero to many surgeries. 7-14.
SM 7.4
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
7-15.
7-16.
Here are some potential data fields for a Customer Table: Data field Customer Number Last Name First Name Street Address City State Abbreviation Zip Code Credit Limit
Data type Text Text Text Text Text Text Numeric Numeric
Suggested Size 4 30 20 30 20 2 5 (or 9 digits) 7 (long integer)
As shown here, it would be better to use separate fields for the customer’s first and last names. This will enable the system to search for a customer by either first or last name as separate items. 7-17.
Customer #, customer name, customer address, customer phone Child #, child name, [customer #]
Note: primary keys are underlined and foreign keys are in [ ]. 7-18.
Student #, student name, student address, student phone Class #, class time, class room [Student#], [Class#], grade
Note: primary keys are underlined and foreign keys are in [ ]. 7-19.
Bonadio Electrical Supplies company.
a. The basic differences between a file-oriented system and a database management system (DBMS) include: SM 7.5
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
1) The file-oriented system focuses on individual applications, each with its own set of files and with each file physically separate from the other files 2) In the database management system, the focus is on data rather than on a particular application. This leads to data independence, data standardization, one-time data-entry, data security, and shared data ownership 3) The records in files typically are organized in only one way—for example, sequentially according to some key or chronologically. The records in databases are typically normalized in at least third normal form 4) Most files are local. Most databases are more centralized and accessed by multiple users b. Advantages of database management systems: 1) Reduced data redundancy and inconsistencies 2) Ability to expand data fields without affecting application programs; instead, simple alterations are needed only in the DBMS 3) Single data entry and shared information 4) Data accessibility increases the timeliness, effectiveness, and availability of information Disadvantages of database management systems: 1) Typically more difficult to create initially 2) More highly trained technical personnel are required 3) Increased vulnerability as a common database is highly integrated (A breakdown in hardware or software has a much more severe effect than in a system having separate files and applications.) 4) Audit trails being somewhat obscured as the result of multiple users and perhaps multiple copies of the same database c. The duties and responsibilities of the database administrator include: 1) Design and control of a firm’s database (This responsibility includes ensuring application independence and back-up and recovery procedures.) 2) Definition and control of the data dictionary 3) Assignment of user codes and maintenance of other security measures 4) Control of all changes in data and in programs that use the database
Case Analyses 7-20.
Ian’s Place (Planning a Database Using REA and E-R Diagrams)
1. The resources are cash and inventory. The events are sales orders, shipping goods, and cash collections. The agents are customer, sales personnel, shipping clerks, and billing clerks.
SM 7.6
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
2.
3. Database tables are: cash, sales orders, shipped goods, cash collections, customers, and employees. There should also be a table for the order/inventory and ship goods/inventory relationships as these are many-to-many relationships. An example of the data fields in the cash table includes: account number, cash type, beginning balance, and authorized personnel. 7-21.
Quick Jolt Electronics (Understanding a Relational Database)
This case helps students understand what types of information might be stored in accounting databases, and requires them to use this information to answer important accounting questions. Answers to specific questions: 1. Invoice V-3 shows a sale to customer C-5, or D. Lund, Inc in the amount of $16,000. Details of this sale, found in the "sales by inventory number" records, are: Item
Quantity
Price
Extension
I-1 I-3 I-5 Total
1 6 2
2,000 1,000 4,000
2,000 6,000 8,000 16,000
SM 7.7
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
2. Invoice V-2 shows that J.P. Carpenter purchased $10,000 worth of equipment, but made a payment of only $1,666. Thus, this customer has opted to pay over six months. 3. The quarterly sales amounts for the sales staff are: a) $87,600 for salesperson S-10 b) $23,000 for salesperson S-11 c) $7,200 for salesperson S-12 Note that accounting personnel would have to make additional computations (based on information readily available in the databases) if sales commissions were only paid on the paid sales of customers instead of gross sales. 4. The net accounts receivable amounts are: a) C-1 = 0 b) C-2 = $6,668 c) C-3 = $35,000 d) C-4 = $23,000 e) C-5 = 0 7-22. 1.
Clooney and Bullock Manufacturing (Data Modeling with REA)
2. Order Goods Table: Order #, [Employee#], [Vendor#], Date, Comments Receive Goods Table: Receipt #, [Employee#], [Vendor#], Date, Comments Pay for Goods Table: Cash Payment#, Amount Paid, Date, [Employee#], [Account#] SM 7.8
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Merchandise Inventory Table: Item#, Description, Unit Cost, Sales Price, Quantity on Hand Cash Table: Account#, Account Type, Bank, Current Balance Employee Table: Employee#, First Name, Middle Name, Last Name, Address, City, State, Zip Code, Date of Birth, Date Hired, Last Date of Review Inventory/Order Table: [Order#], [Item#], Quantity, Price Inventory/Receive Table: [Receipt#], [Item#], Quantity, Price Order/Receive Table: [Order#], [Receipt#], Quantity Received Receive/Pay Table: [Receipt#], [Cash Payment#], Amount Paid 7-23.
Kick and Swing Inc. (Normalizing Data)
The raw data is as follows: Purchase Order Number 12345
12346
Customer Phone Number
Customer Customer Item Item Unit Quantity Date Number Name Number Description Cost Unit Ordered Charles 08/19/15 123-8209 Dresser, (752) 433-8733 X32655 Baseballs $33.69 dozen 20 Inc. X34598 Footballs $53.45 dozen 10 Basketball Z34523 20 Hoops $34.95 each Patrice 08/19/15 123-6733 Schmidt's (673) 784-4451 X98673 Softballs $35.89 dozen 10 Sports X34598 Footballs $53.45 dozen 5 SoccerX67453 10 balls $45.36 dozen
SM 7.9
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
1. The data can be put in first normal form by repeating the purchase order information as shown below. The data are now in first normal form because they can be stored in computer records. Purchase
Customer
Order Number 12345 12345 12345 12346
12346
12346
Customer
Customer
Phone
Date
Item
Item
Number Name Number Number Description 08/19/15 123-8209 Charles (752) 433-8733 X32655 Baseballs Dresser, Inc. Charles 08/19/15 123-8209 (752) 433-8733 X34598 Footballs Dresser, Inc. Charles Basketball 08/19/15 123-8209 (752) 433-8733 Z34523 Dresser, Inc. Hoops Patrice 08/19/15 123-6733 Schmidt's (673) 784-4451 X98673 Softballs Sports Patrice 08/19/15 123-6733 Schmidt's (673) 784-4451 X34598 Footballs Sports Patrice Soccer08/19/15 123-6733 Schmidt's (673) 784-4451 X67453 balls Sports
Unit
Quantity
Cost
Unit Ordered
$33.69 dozen
20
$53.45 dozen
10
$34.95 each
20
$35.89 dozen
10
$53.45 dozen
5
$45.36 dozen
10
2. To reorganize the data in part 1 into second normal form, it is necessary to split the file in two—a “customer file” and an “orders file.” The data are in second normal form because the data items in each record depend on the record’s primary key. Customer File: (primary key) Customer Number Customer Name 123-6733 Patrice Schmidt's Sports 123-8209 Charles Dresser, Inc.
Customer Phone Number (673) 784-4451 (752) 433-8733
SM 7.10
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Orders File: (primary key - both items) Purchase Order Number 12345 12345
Item Number X32655 X34598
12345
Z34523
12346 12346 12346
X98673 X34598 X67453
(foreign key) Item Unit Quantity Customer Description Cost Unit Ordered Date Number Baseballs $33.69 dozen 20 8/19/15 123-8209 Footballs $53.45 dozen 10 8/19/15 123-8209 Basketball $34.95 each 20 8/19/15 123-8209 Hoops Softballs $35.89 dozen 10 8/19/15 123-6733 Footballs $53.45 dozen 5 8/19/15 123-6733 Soccerballs $45.36 dozen 10 8/19/15 123-6733
3. The records in the orders file contain transitive dependencies. To put these data into third normal form, we must create a new products file and a new Orders file to eliminate these dependencies as follows: Customer File: (primary key) Customer Customer Phone Number Customer Name Number 123-6733 Patrice Schmidt's Sports (673) 784-4451 123-8209 Charles Dresser, Inc. (752) 433-8733 Purchase Orders File: (primary key) (foreign key) Purchase Order Customer Number Date Number 12345 08/19/15 123-8209 12346 08/19/15 123-6733
SM 7.11
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Ordered Products: (primary key - both items) Item Purchase Number Order X32655 12345 X34598 12345 X34598 12346 X67453 12346 X98673 12346 Z34523 12345 Product File: (primary key) Item Item Number Description X32655 Baseballs X34598 Footballs X67453 Soccerballs X98673 Softballs Basketball Z34523 Hoops
Quantity Ordered 20 10 5 10 10 20
Unit Cost $33.69 $53.45 $45.36 $35.89 $34.95
Unit dozen dozen dozen dozen each
SM 7.12
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Chapter 8 ORGANIZING AND MANIPULATING DATA IN DATABASES Discussion Questions 8-1. There are several other database management systems available to users, including MySQL, Oracle, FoxPro, Microsoft SA SQL, Filemaker Pro, and IBM DB2. 8-2. The different data types available in Access include: Text, Memo, Number, Date/Time, Currency, AutoNumber, and Yes/No. You can also create hyperlinks and OLE (object link and embed) objects. The types of numbers you can create in Access include byte, Integer, Long Integer, Single, Double, ReplicationID (typically used to expand autonumber fields in replicated databases), and Decimal. 8-3.
This problem requires students to create their own Salesperson table.
8-4. Database management systems (DBMS) are computer software packages that enable users to create, maintain, query, retrieve, manipulate, and output the data stored in a database. A DBMS is not the same thing as a database. Rather, a DBMS is a set of software programs that interfaces between the database and users or user programs. Because, database management systems are computer programs, they are software—not hardware. 8-5. Data definition languages (DDLs) are the special programming languages of DBMSs that enable users to design the physical structure of database records. Thus, a DDL enables users to specify the number of data fields for each record in a table, the name for each field, and (for Access) a data type for each field—for example, “text” or “numeric.” The DDL also enables users to further specify the length of each field (for text data types) or the type of number (e.g., “Integer”) for numeric data types. 8-6. The act of linking database tables to one another enables users to extract relevant information from them. For example, a database user might want to prepare a list of suppliers, with a sub-list of all products available from each supplier. A database developer might create two tables for such an application: (1) a table of suppliers and (2) a table of products. If the designer stores the supplier code in each product record, the user could then view or print the desired list. In Access, a user links tables to one another using the “Relationships window.” Chapter 8 describes how to do this. (The fields do not have to have the same name, but they must have identical data types.) Access then enables the user to create queries based upon the linked tables, and can then present the joined information requested by the user—e.g., the report described above. 8-7. Data validation is the process of ensuring that the data input into the data fields of a database record are accurate and complete. Data validation is important because it causes the system to test input data for common errors and reject values that violate the defined validation rules. This helps an organization avoid the costs and confusion caused by such errors. Experts
SM 8.1
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
estimate that it costs ten times as much to correct bad data already stored in a database as it does to correct simple errors at the time they are caught during input. Examples of Access data validation tests discussed in the text include the automatic tests that check for consistent data types, using input masks to help users input data correctly, using drop-down (combo) boxes of predefined data, specifying default values for repetitive data entries, and creating data validation rules. Enforcing referential integrity is yet another database control with data-validation characteristics. This ensures that users do not delete the “one” record joined in a one-to-many relationship with other records—for example, deleting an invoice with existing line items. It also automatically disallows a user’s attempt to link a “many” record with a non-existent parent record—for example, creating invoice detail lines for a non-existent invoice. 8-8. Data manipulation languages or DMLs enable users to define processes for accessing, updating, replacing, deleting, and protecting database records from unauthorized use. Most database management systems include proprietary DMLs that allow users to create queries, forms, reports, and macros that in turn enable users to view, update, delete, or output selected database information. Thus, a DML is that part of a DBMS that enables users to tell the system how to manipulate the underlying data in a database. 8-9. SQL is an acronym for “structured query language.” SQL and Access queries are similar in that both enable users to construct queries that answer user questions about database information. Thus, both SQL and Access enable users to construct query commands that extract the same information from a database—for example, a list of all students in a certain course in the current semester. The primary difference between SQL and Access is that SQL requires users to create queries in text-driven language while Access provides a graphical user interface to frame their questions. Access is among the many database management systems that actually translate user queries into SQL statements. 8-10. Data mining provides users with analytical tools for detecting trends or relationships among seemingly uncorrelated data—typically marketing data. For example, identifying patterns in customer purchasing behavior may enable a marketing department to streamline its marketing efforts by uncovering relationships between customer preferences and their demographics. Accounting uses of data mining techniques include predicting future sales for budgeting purposes, performing audit tasks such as searching for forensic information, assessing payment trends by tax payers, or detecting trends in such areas as bad debts. 8-11. Cloud computing is a form of Internet-based computing. Instead of applications being stored on individual workstations, software is provided through the Internet, processing occurs on a web of computers, and information is ultimately sent to the user’s computer. Cloud computing will allow firms to outsource components of their AISs and expand systems at lower costs than would be necessary if systems were built in-house. 8-12. A data warehouse is a repository of historical information that a firm or governmental agency can collect during the normal course of conducting its business. Data warehouses are similar to databases in that they classify and store data systematically and can help users extract
SM 8.2
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
information for business uses. The major differences between data warehouses and databases are that the information in data warehouses may be stored in multiple databases, often spans multiple accounting periods, and is generally arranged with the purpose of supporting complex queries from external users. 8-13. Data warehouses enable employees to access valuable information on a corporatewide basis, often from areas outside their immediate domains. These data repositories therefore help users answer complex questions in a timely manner, marketing personnel identify purchasing trends or pinpoint customer needs, and can ultimately yield a high return on investment for the firm. But data warehouses are not for every organization. One factor that may deter companies from building data warehouses is the difficulty of collecting and storing diverse information in consistent, useful, and systematic ways—especially where the design process consumes large amounts of organizational resources.
Problems 8-14. This problem is about the Query Corporation. It requires students to create a simple database table, using data supplied in Figure 8-19. A suggested record structure is: Field Name
Size
Type
Decimal Digits
LNAME FNAME SSN DEPT PAYRATE OTIME
20 20 9 1 4 1
alphanumeric alphanumeric alphanumeric numeric numeric yes/no
none 2
a) The employees in Department 5 are: Chapin, Finn, Halpin, Laurin, Maglio, Turner, and Zorich. b) There are three employees with a first name of Brenda: Reeder, Turner, and Bloom. c) The employees with pay rates over $6.50 are: Cunningham, Chapin, McLean, Welsh, Duffy, and Turner. d) The employees eligible for overtime are: Adcox, Bloom, Chapin, Cunningham, Daniels, Davis, Finn, Halpin, Harper, Kozar, Laurin, Maglio, McGuire, Morgan, Reeder, and Zorich. 8-15. This problem requires students to search the Internet for articles on data warehousing. Reasons why companies create data warehouses include: to analyze historical data to predict the future sales, to exam security breaches to develop more effective security procedures, and to make organizational information available on a corporate-wide bases.
SM 8.3
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
8-16. a)
This problem is about the Marcia Felix Corporation A suggested record structure is: Field Name
Size
Type
Decimal Digits
Employ_Name Employ_IDNum Apt_Score Depart_ID Pay_Rate Employee_Gender
20 4 2 2 4 1
alphanumeric numeric numeric alphanumeric numeric alphanumeric
none none 2
b)
Average pay rate:
$8.02
c)
Average female pay rate: Average male pay rate:
$8.16 $7.95
d)
Females scoring over 70: Males scoring over 50:
none Langley, Baker, Moore, Jackson, Markham, Garrow, Conrad, Pettinari, Bliss, Barrett, and Erickson
Case Analyses 8-17.
BSN Bicycles I (Creating a Database from Scratch with Microsoft Access)
1. The resources, events, and agents for this case are as follows: Resources: inventory and cash Events: sales, cash receipts, purchases, and cash payments Agents: the company’s employees (sales personnel, cashiers, and purchasing agents) customers, and vendors. E-R diagram is on the following page
SM 8.4
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
SM 8.5
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
2. Examples of tables and potential data fields for each of these tables: cash: account #, cash type, beginning balance, authorized personnel inventory purchases: purchase order #, item #, item name, quantity purchased, vender ID, vendor name vendor cash payments: check #, vendor ID, vendor name, purchase order #, amount vendors: vendor ID, vendor name, street address, city, state, zip code, contact person, phone #, and fax # employees: employee ID, first name, middle initial, last name, department #, street address (probably not needed inasmuch as there are only three individuals in the company) inventory table: item #, item description, units (e.g., dozens), unit cost, unit retail sales price, quantity on hand vendor purchases/inventory (join) table: purchase order #, item #, quantity purchased customers: First name, Last name, Customer #, Street Address, City, State, Zip Code, Home phone number, Work phone number, Cell phone number, Credit Card type (e.g., Visa), credit card number, credit card expiration date customer invoices: invoice #, invoice date, invoice amount Database tables for the purchasing process are: cash, purchases, cash payments, vendors, and employees. There should also be a table for the purchases/inventory relationship as this is a many-to-many relationship. 3. This part of the case requires students to create several records for each table. 4. This part of the case requires students to create relationships for each of the various tables. 5. This part of the case requires students to print hard copies of each table in data sheet view and also to create a report, documenting their relationships.
SM 8.6
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
8-18
BSN Bicycles II (Creating Queries in Access)
1 and 2.
Create a database of records. This is a continuation of Case 8-17.
3. Create a query that selects all customers living in TX or MA. The results depend upon the underlying data that each student creates. 4. Create a query that selects all customers living in zip code 12345. The selected records will depend upon the underlying data that each student creates. 5. Create a query that selects all customers living in Texas with zip code 12345. The resulting records depend upon the underlying data that each student creates. 6. Create a query that selects all credit customers. The resulting records will depend upon the underlying data that each student creates. 8-19.
Furry Friends Foundation I (Creating a New Database from Scratch)
This case introduces students to a relational database. It requires them to set up the database, create tables, and connect them using relationships. 1.
2. The Contributor ID is used as the primary key for the FFF contributor table. The key is unique and a donation statement can be produced for each contributor for his or her use when filing state or federal taxes. 3. Each student will need to add a unique contributor ID, their last name, first name, street address, city, state, zip and phone number using the correct formats.
SM 8.7
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
4. The relationships between the tables are joined by Contributor ID in the Contributor File and Donation File. The link between the Donation File and the Animal Code File is the Animal Code.
8-20.
Furry Friends Foundation II (Creating Queries for Databases)
1. This is a continuation of Case 8-19. 2. This requires students to create three records using their own name and contributions to the three different categories of dogs, cats, and unspecified. The results depend upon the underlying data that each student creates. 3. Create a query of all contributors donating to cats. The results should include the entry that the student made for himself/herself. The construct for this query is:
4. Create a query of all contributors who donated over $50. If the student made contributions over $50, the donation will also be reflected in this query. The construct for this query is:
SM 8.8
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
5. Create a query of all contributors who donated over $100 to dogs. If the student made a contribution over $100 to dogs, it will be reflected in this query. The construct for this query is:
8-21.
Benjamin Department Store (Data Validation Using a DBMS)
1. Create a record structure as specified in the problem. The primary key should be the Social Security number—not the last name. The “Required?” setting for each data field must be changed to “yes”. 2. This problem requires the following validation rules: Data field Work Phone extension: Pay rate: No. of tax exemptions: Department Code:
Validation Rule >100 And <999 >=12.50 And <=55.00 <=6 "A" Or "B" Or "C"
SM 8.9
Validation text see below see below see below see below
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
3. Example records:
Last Name Smith Strawser Wolfe
First Name Andrew Barbara Carolyn
Social Security Number 123-45-6789 234-56-7890 345-67-8899
Home Phone (111) 222-3333 (222) 333-4444 (333) 444-4567
Work Phone Extension 123 143 456
Pay Rate $ 9.90 $ 10.20 $ 22.35
Tax Exemp -tions 1 2 3
4. Examples of validation text messages (not necessarily the ones for the problem):
SM 8.10
Depart - ment A B C
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
8-22.
North Beach College (Enforcing Referential Integrity)
1. Suggested data types for each field in the database tables are as follows: Table Car Registration Table
Ticket File Table
Parking Violations Code Table
Data field Social Security Number Last Name First Name Phone Number License Plate State License Plate Number Ticket Number License Plate State License Plate Number Date Violations Code Fine Code Explanation
Data type Text Text Text Text Text Text Numeric (Integer) Text Text Date Text Numeric (floating point) Text Text
2. This part of the case requires students to create three records in the car registration table and three records in the Parking Violations Code table. 3. This part of the case requires students to create at least three parking tickets for each car registrant. 4. This part of the case requires students to create a record in the ticket file that contains a nonexistent ticket code in the parking Violations Code file. They should be able to do this because no safeguards have yet been installed to stop them. 5. This part of the case requires students to link the tables together and to enforce referential integrity. 6. This part of the case requires students to again create a record in the ticket file that contains a non-existent ticket code in the parking Violations Code file. Now, they should not be able to do so because the database system enforces referential integrity. 7. This part of the case requires students to attempt to delete a record from the Parking Violations code table. They should not be able to do so because the database system enforces referential integrity.
SM 8.11
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Chapter 9 DATABASE FORMS AND REPORTS Discussion Questions 9-1. ●
●
Some of the advantages and disadvantages of database forms are as follows: Advantages Data entry is less error-prone A number of predefined formats are available for use Usually, all the data fields for a single record appears in one screen Forms are customizable (compared to data sheet views) Forms can include instructions for data entry Forms can be more colorful and graphically appealing It is usually easier to get from one field to any other field using a form The form navigation bar enables users to easily go to the first or last record in the table. Disadvantages Low information density for professionals Good interface design requires time and effort to create Garish form designs or colors can distract the user
9-2. Most students would rather use a form, rather than a datasheet, for entering data into a database. The advantages listed above outweigh the disadvantages. 9-3. Most students would rather use the Form Wizard in Access to create a form. Using the Form Wizard is faster to develop, provides preformatted data fields, and enables you to customize the form as desired. However, it is also true that creating a form from scratch gives the developer full control over the form’s design at all times, and possibly enhances form performance. 9-4. A subform is a form within a form—usually a form that shows the “many” records in a one-to-many relationship. Figure 9-7 provides an example. Subforms are handy for showing subordinate information and they also allow users to enter data at the time the form and subform display—a handy feature if the user wishes to create new records in the subform. There are two methods for creating subforms. One approach is to add a subform to an existing form using the subform object in the Access toolbox. A second approach is to create a subform at the same time you create a form using the Form Wizard. 9-5. Database developers customize forms for many reasons. One is the fact that the form initially created by the Form Wizard will be basic, often presenting users with an unwieldy, uncomfortable, or disorganized interface. A second reason to customize a form is to streamline data entry and manipulation as much as possible—for example, by grouping like text boxes together, logically arranging the tab order of data entry text boxes, or by creating check boxes, SM 9.1
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
radio buttons, or drop down menus (combo boxes) as needs dictate. These features save end users time and company’s money, and can reduce aggravation of employees. A third reason to customize a form is to add explanatory information on it—for example, to further explain data entry requirements or to provide important reminders about the data. A final reason to customize forms is to make them more visually appealing—for example, by adding background colors, graphics, and similar visual objects that both increase the overall appearance of the form and perhaps its usefulness to end users. 9-6. Database reports provide custom information to database users. These reports can be simple documents that only output the contents of a table, or highly complex outputs that combine the information from several tables and limit themselves to selected subsets of database information. Figures 9-8 and 9-12 provide some examples. In addition to simple data from the underlying records, reports can also contain calculated fields (for example, extensions of prices times quantities), the results of logic tests (for example, a display of a reorder amount if the balance-on-hand field of an inventory product is below its reorder point), and computed summary information (for example, subtotals, minimums, maximums, or averages) for selected subgroups of records. 9-7. Most students will agree that it is important to design the format of a report before creating the report itself. Reasons include the usefulness of (1) identifying what information to include, or to omit, from a potentially large set of items, (2) deciding how to best make use of the limited “real estate” of an output page, and (3) grouping data in useful ways to best compute subtotals or other statistical outputs. This is a good opportunity to remind students that the purpose of most AISs is to provide meaningful, decision-oriented information to users—not simply to create “pretty” reports. It is also true that not every report must be planned so carefully. Smaller reports may not have a high redesign cost if redesign is necessary and planning may be a greater cost of time than redesign. 9-8. This questions asks students if they think we will still use hardcopy reports in the future, or will they be replaced with softcopy ones. There is no simple answer to this question, but many forms of print are in decline. Mobile devices enable users to obtain such current information as stock market prices, data about the status of projects, text messages, and emails instantaneously in soft-copy formats. 9-9. This question asks students if they would rather use the Report Wizard to create the format of a report or design it from scratch. Most students prefer the Report Wizard because it automates so much of the work—for example, in ordering the data, creating headings, subheadings, and control breaks, and formatting the output. As an experiment, one of the authors created a report from scratch—and won’t make that mistake again. 9-10. A calculated field in a report is just that—a data value that the database system computes from the underlying data. Examples include years of service on an employee report, invoice extensions on an invoice, student grade point averages, inventory valuations, reorder inventory quantities, and salesperson commissions based on sales. Calculated fields also include SM 9.2
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
the totals, averages, maximums, and minimums that database designers can imbed at control breaks in reports. Reports contain calculated fields for the same reason they contain any other type of data—because such values are meaningful and valuable to report users. 9-11. There are several reasons why databases do not store calculated fields as normal parts of database records. One reason is because these fields can be computed from a record’s basic data and are therefore redundant. Another reason is because calculated values (e.g., a student’s GPA) often depend on data that may change. Storing a static value for dynamic data does not make sense, and doing so anyway just wastes space. It is also important to remember that computers can “think” must faster than they can “read” or “write.” Thus, computing values for each record that ultimately gets displayed or printed requires no additional computer time or other resources. 9-12. This question asks why calculated fields (in Access) are created with database queries rather than created directly in reports. In one sense, this is a trick question. One reason for this is because you can include calculated fields without queries, although it was not discussed in the chapter. Another reason is because such calculated fields as well as totals, averages, maximums, and minimums that database designers are created by the report itself. But DBMS designers cannot possibly anticipate all the needs of database users. Thus, one advantage of using queries to create other types of calculated fields is that it enables form or report designers to customize outputs as user needs require. Another advantage is that queries provide an easy mechanism to retrieve data for manipulations. By abstracting the calculated field from the report, the designer can modify the formulas for calculated fields without affecting the general format of the report itself.
Problems 9-13. From left to right, the symbols on the navigation bar enable the user to access the first record, the previous record, the next record, and the last record. The white box in the middle indicates the number of the current record. 9-14. Figure 9-9 lists the seven components of a typical database report (report header, page header, group header, detail lines, group footer, page footer, and report footer. This figure also describes the location and typical contents of each of these items. Student examples of these components can vary widely. 9-15. This question asks students to explain the difference between each of the following items: a. A bound control displays a data value from an underlying record, or computations from an underlying record, and therefore typically changes from record to record in a form or report. An unbound control does not display values from an underlying record and is therefore typically fixed in the form or report. b. In design mode, a database designer can change the design elements of a form or report, including such items as foreground or background colors, font types, sizes, or similar SM 9.3
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
characteristics, the placement of data fields or other form objects, and even the size of the form or report itself. In run mode, the user cannot perform such formatting, but is a passive viewer of whatever information of what the form or report contains. c. The ◄ symbol in a form’s navigation bar enables the user to access the previous record in the underlying table. In contrast, the ► symbol enables the user to access the next record in that same underlying table. d. A form is a user interface or screen that typically displays the data from the current (parent) record. In contrast, a subform typically displays the subordinate (child) data associated with the parent record if it exists. Thus forms display record information from the “one” side of a one-to-may-relationship while subforms display information from the “many” side of such a relationship. e. A normal data field displays the value of the data for the current record in the underlying database table. In contrast, a calculated data field displays the results of a computation based on such data. f. A page header is the information that the user sees at the top of each page of a database report. Such information typically contains column headings that identify what data appear beneath them. In contrast, a page footer appears at the bottom of each page of a report. g. A report header is the information that the user typically sees on the first page of a report— for example, the name of the report, the date the report was created, the time period for which the report applies (e.g., which calendar month), and perhaps the name and phone number of the report’s creator. In contrast, a report footer is typically a summary statement that contains grand totals or similar numeric summary information. It appears on the last page as the last item of a report. h. A report based on a table simply displays the data (or calculated values) from a single underlying table. A report based on a query can be based on multiple tables, can also include calculated fields, and of course, will display the information for only those records satisfying the query itself. For the Customer report in Figure 9-8, for example, a report based on query might limit the output to those customers in a few specific zip codes.
SM 9.4
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
9-16. This problem requires students to recreate the form in Figure 9-1. The resulting form should look like the following:
This problem also requires students to do the following: a. Add a label in the heading portion of their forms that contain the term “Prepared by:” and add their name. Print a single copy of the completed form. b. Use the navigation bar at the bottom of their form and then identify the first and last records (will vary with the student). c. Add a new record to this form with his or her name as the customer. Then print a copy of this form. d. Close the form, and then verify that their new record exists by going to the Tables portion of the database and opening the Customers table in datasheet view (see Figure 9-2).
SM 9.5
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
9-17. This problem requires students to modify the form they created in problem 9-16 to include a subform similar to the one in Figure 9-7. The resultant form and subform should look like this:
The problem also requires students (a) to use the navigation bar to last record in the Customers table and to print this form, and (b) to find a customer with invoices and to use the navigation bar of the subform to select a particular invoice in the subform. The exact results will depend upon which records students create in their Customers and Invoices Tables.
SM 9.6
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
9-18. This problem requires students to create a report similar to the one in Figure 9-8. The resultant report should look like this:
The directions also require students to (a) add a label to the heading portion of the report that contains the term “Prepared by” and to include their names, and (b) determine who is the first and last customer in their reports. 9-19. This problem requires students to use their Customers Table and the Report Wizard to create a report similar to the one in Figure 9-15. Instructors should note that this requires users to select “subgroup totals” in the Report Wizard and a fairly large amount of reformatting and reorganizing of the template provided by the Report Wizard.
SM 9.7
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Case Analyses 9-20.
A Form for BSN Suppliers (Creating a Simple Form in Access)
a. This case requires students to create a simple form in Microsoft Access, using data that they create and (perhaps), the Form Wizard. The final form should look like the following:
Additional requirements of this case are: b. Identify the first and last records of the BSN Vendors table. c.
Adjust the Tab Order to ensure that the user tabs sequentially through the fields in logical sequence.
d. Use the form to add a new vendor record to the Vendors table, including their own name as the Contact Person. e. Print a copy of the form showing the new record they created in part d. f. Suggest some additional improvements for this form. Possibilities include: • Adding a default value for the City or State • Adding a mask for the phone and/or fax numbers • Putting the Zip code on a separate line of the form • Using an autonumber to automatically generate the number of a new vendor.
SM 9.8
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
9-21.
A Form and a SubForm for the BSN Suppliers (Creating Forms with Subforms)
a. This problem is mostly a continuation of Case 9-20. It requires students to create a form similar to the one above, and then use the subform control in the ToolBox to create a subform. The resulting form should look like this:
Additional requirements of this problem include: b. and c.
Experimenting with the navigation bars in the main form and the subform.
d.
Creating a new purchase order for the current Vendor in the subform.
SM 9.9
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
9-22.
A Listing of BSN Suppliers (Creating Simple Reports in Access)
This problem requires students to create a simple report similar to the one in Figure 9-19. We recommend that they use the Report Wizard for this task. The final product, at run time, is shown in the figure. The finished report, at design time, should look similar to this:
Although straightforward, this report requires a good deal of reformatting because many of the labels in the form occupy two lines, as do the detail lines of the report itself. Students must also embed their own name, the date, and the graphic in the report header. 9-23.
Furry Friends Foundation III (Creating Forms and Reports)
1. This is a continuation of Cases 8-19 and 8-20 in Chapter 8. If you have assigned these cases, the reports will be different for each student. 2. This exercise requires students to create a Contributor Intake Form in two columns and then print a screen capture that includes their own information.
SM 9.10
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
3. This exercise requires students to create a Donation Intake Form in two columns and then print a screen capture of their work. An example is:
4. The requirements for this portion of the assignment requires students to create a list of contributors. The information for the header should include the Foundation Title, a graphic of a furry pet, his or her name as the developer and the current date. The body of the report must list contributors organized alphabetically by contributor last name—a requirement that can be met by choosing the appropriate selections in the Report Wizard. Below is a sample of the report.
5. For this part of the case, students must add at least 10 contributors to the Contributors Table and include donations from them in the Donations Table. They should use the report they created in part 4 of this assignment to list the additions. Finally, they must create a report listing donations made during November and December.
SM 9.11
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
SM 9.12
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Chapter 10 ACCOUNTING INFORMATION SYSTEMS AND BUSINESS PROCESSES: PART I Discussion Questions 10-1. Answers to this question will vary depending on the type of firm the student intends to start up. For example, if the student wanted to start up a pet grooming business, there are a number of possible software choices that might be identified. One is called 123 Pet Software (http://www.123petsoftware.com/), which includes a large number of features: tracks clients, pets, inventory, employees, appointments, payroll, networking, and much more. 123Pet dog grooming and vet software works with cash drawers, bar code scanners, receipt printers, and other hardware, including touch screens. The software can be used for cats or dogs. 10-2. Among the uses of accounting codes are the following: (1) to uniquely identify accounting data (e.g., more than one person or product may have the same name), (2) to compress data (e.g., written descriptions are generally much longer than a code), (3) to classify data (e.g., codes facilitate classification either manually or electronically), and (4) to convey special meanings (e.g., codes can be used to indicate such things as credit ratings, credit limits, prices, or passwords). Students should be able to find examples of such codes as: employee identification numbers, chart of account schemes, product numbers, customer or client identification numbers, and so on. 10-3. There are many outputs of an AIS. These outputs come in a variety of formats including hard copy reports, screen displays, audio, images, tape, and diskette. AIS outputs include: (1) reports to management, investors, and creditors, (2) transaction data files, and (3) current account information. Systems analysts need to begin with outputs in designing an AIS. The outputs dictate what data will be required. Otherwise, analysts will be selecting data sets without justification. This is likely to result in either too much data or the inability to provide managers with the information they need. The outputs literally “drive” the inputs in an AIS. 10-4. Some criteria that should be considered when designing managerial reports are “usefulness,” “convenient format,” “identification,” and “consistency.” These are very broad and cover most uses. In individual situations, other criteria may be necessary such as “adherence to prescribed format,” “adherence to a completion deadline,” or “satisfy the boss.” Designers learn what to include in reports by interviewing the report users, studying business processes, studying documentation, and studying existing reports. 10-5. Note to Instructor: Responses will vary by student, type of organization visited, and documents collected. In general students should find that businesses of all kinds have many
SM 10.1
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
source documents in common. These include purchase requisitions, purchase orders, time tickets, receiving reports, personnel action forms, sales orders, and invoices. 10-6. When data entry clerks add a new customer to an AIS, data items to be entered include customer ID number, customer name, customer shipping address, customer billing address, terms, credit limit, contact name, phone, fax, and e-mail address. Data items entered to record a sales order include customer ID number, sales order number, date, date to be delivered, authorized signatures, detailed information about items ordered including quantity, price, description, and salesperson number. 10-7. Data flow diagrams are logical descriptions of a system whereas systems flowcharts capture a physical view of the system. The data flow diagram would show processes, similarly to a systems flowchart. The systems flowchart, however, is likely to show whether the processes are performed by computer, manually, or by another device. Flow lines in the data flow diagram would show input and output items. These would either go to a data source or destination or a data store. The flowchart would show inputs and outputs apart from flow lines. They might be depicted in manual files, disk files, tape files, documents, etc. Both flowcharts and data flow diagrams may be designed to show increasing levels of detail. For instance, a context data flow diagram corresponds to a high level systems flowchart and each usually shows only one overall process for the revenue cycle. 10-8. Both restaurants and car manufacturers are manufacturing organizations. They take raw materials, process them, and produce finished goods. However, the car manufacturer will deliver the product to a car dealer or intermediary, rather than to the customer. The restaurant does not only deliver the product to the customer; the process doesn't really end until the product is consumed! Insofar as inputs to the purchasing cycle are concerned, both car manufacturers and restaurants are buying raw materials, as mentioned. Therefore, inputs are likely to be similar. They would consist primarily of purchase requisitions and purchase orders. One difference worth mentioning is that a car manufacturer is likely to be closely linked to suppliers via electronic data interchange (EDI). Therefore, the car manufacturer may make use of electronic requests for inventory items. A restaurant may not be large enough or closely linked to specific suppliers for EDI to be effective. 10-9. Business-without-boundaries is the term given to an organization that has outsourced one or several business functions. The organization may have outsourced the function to another company in the US or perhaps to a company that is outside the US (called offshoring). This trend is changing the nature of organizations in a variety of ways. As with national and multinational firms, employees may be located anywhere in the US or the world. Typically, communication and coordination of business processes are very important so that the customer experiences seamless service from the firm. As an example, Amazon.com (headquartered in Seattle, WA) outsourced (offshored) some of their customer service function to a company in India. When customers have problems, it is likely that an e-mail response will originate in India. However, the customer e-mails Amazon.com – not the company in India where the response is generated. Amazon.com has customers worldwide and believes that the customer service function should respond to customer concerns 24/7. By offshoring this function to various
SM 10.2
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
companies in the world, as well as outsourcing to some companies in the US, Amazon.com is able to respond to customers very quickly. As a result of improved technology, networks and improved communications capabilities, companies can interact with each other in new and different ways to provide better, more efficient service to customers, while cutting the cost of doing business. Of course, this also presents new risks and challenges to companies that outsource business processes, because they are no longer able to directly monitor and control the quality of service that is provided to their customers. 10-10. This means that companies have outsourced one or more business functions (processes) to companies that are not located in the US. According to a recent META Group report (www.metagroup.com, Worldwide IT Benchmark Report, 2004), India continues to be the preferred offshore country with more than 500,000 knowledge workers. Other countries compete with India for this offshore business – such as Russia, the Philippines, Ireland, Israel, and China. 10-11. Students might strongly agree or disagree with these claims regarding the availability of qualified IT personnel. However, the responses they give should be based on their research (number of IT graduates at your university or other statistics that might support their view). Encourage students to base their opinions on data that they might find on the Internet or data that might be available in their university library (either reference books or digital media), rather than their “feelings”. This topic can lead to a very lively classroom discussion if half of the students are required to “support” the claims and the other half of the students must find support to refute the claims. A mock debate can be used to bring out both sides of this issue. In this case, 2-3 students from each group would present their findings (perhaps using PowerPoint slides) in front of the class and present their respective points of view. After both presentations, the students in the front of the class could act as facilitators to encourage the rest of the class to give their opinions. A web site that discusses IT Offshoring and the impact on employees is: http://www.mckinsey.com/mgi/rp/offshoring/ 10-12. One interesting new use of RFID tags is for passports. The US Government believes that the benefits outweigh the costs (http://news.cnet.com/RFID-passports-take-off/21007348_3-6130016.html). Another interesting use is that they are implanting in people as an “in” thing (http://www.prisonplanet.com/articles/april2004/040704bajabeachclub.htm) to be considered a VIP at a beach club in Spain. 10-13. For a list of the “Top 15 Weirdest, Funniest, and Scariest Uses of RFID”, visit the following website: http://www.rfidgazette.org/2007/04/top_15_weirdest.html Students’ opinions of this technology will likely differ based on how they interpret the privacy issues surrounding RFID tags. Advantages:
SM 10.3
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
• ability to track people (e.g., patients and babies in hospitals) • ability to track items of all types, such as inventory in warehouses, office buildings, university buildings • convenience (like the smart passes for cars to pass quickly through toll gates) Disadvantages: • for individuals, the primary concern surrounds the perception that personal privacy could be violated • from a manufacturing perspective, the primary concern is the cost of the tags 10-14. While a number of sources are available to help students respond to this question, we selected this site: http://www.buzzle.com/articles/outsourcing-pros-and-cons.html (a) Some of the potential positive aspects of outsourcing are: Lower Operating Costs: Outsourcing to countries like India has helped lower operating costs. India has a well-educated population where people are more than willing to provide the desired service for a fraction of the cost as compared to domestic workers. Corporate Tax Breaks: According to U.S. laws, a company can defer paying taxes on profits earned abroad as long as the profits are not remitted to the parent company located in the U.S. Moreover, the deferral period can be extended indefinitely. Expert Advice: According to the theory of core competence, an organization would do well to focus on its main or core operations and outsource activities that are of an operational nature. This would help the company maintain its competitive advantage, improve efficiency, and consequently increase profits. The Theory of Comparative Advantage: This theory was proposed by the famous economist David Ricardo, who advocated free trade by theorizing its positive effects on the GDP of a country. It was his belief that by trading, irrespective of boundaries, a country could focus on the production of a good for which it had a comparative advantage and barter those with goods produced by other countries. This, in turn would result in maximizing the GDP of the country. Workforce Flexibility: With outsourcing, you may employ a larger workforce as and when tasks become demanding. Additional workforce is employed temporarily, thus the question of the additional personnel being on permanent payroll does not arise. Maintaining Performance: Erroneous decisions and changes can overwhelm a project's success. It is when small-scale companies endure such situations that outsourcing becomes attractive. Through outsourcing, a company can sustain the project and perform as expected. Time-zone Variation: While you wrap up for the day in Asia, the west gets ticking to work. This is where outsourcing plays a major role, especially when your business demands work around the clock.
SM 10.4
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
(b) Some of the potential negative aspects of outsourcing are: Rising Unemployment: Outsourcing manufacturing activities has rendered a number of blue collar workers jobless. The laid-off workers have found it exceedingly difficult to seek alternate employment due to the decreasing demand for their skills. Offshoring White-collar Jobs: It has been estimated that by the year 2015 nearly 3.3 million U.S. white-collar jobs will be offshored by the U.S., and nearly $136 billion worth of wages will be lost. Deteriorating Quality: There exists the potential for diminished quality of work when outsourcing white-collar jobs that require a certain skill set. Loss of Control: The organization to which you outsource a particular job may not adhere to your standards. While you have a contract in place, the decisions pertaining to their management would not be governed by your organization. Security Can be Compromised: Running a thorough check on the outsourcing company should be standard practice, especially if your company might share important documents, product design, or any authentic property of the company. There have been instances where important data has been leaked by the outsourcing company. Lagging In-house Talent: Outsourcing might take job opportunities from current employees. Using in-house resources boosts morale of existing employees. 10-15. Students might express various opinions regarding the practice of outsourcing and its potential impact on them and their career. We suggest that students review Discussion Question 1-11 and the opportunities that are available to accounting majors in the predictive analytics area. In addition, fraud and forensic accounting are fruitful areas of expertise that accounting majors should consider. In general, students should always be building their intellectual capital in expectation of a number of career moves throughout their lifetimes. Students should continue to refresh their skills and abilities and the following actions can help: • Take specific Continuing Professional Education seminars and training • Join professional organizations and be an active participant in at least one of them • Network at all business and professional meetings • Attend useful conferences to build skills and network 10-16. The answer is "Yes, of course!" Some examples include: house cleaning, lawn work, childcare services, pizza or food delivered to the person's home. Most likely, students will identify a number of additional services.
SM 10.5
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Problems 10-17. a) sequence code such as a social security number b) block code or group code c) block code or group code d) block code or group code e) sequence code (by one's) f) sequence code (by one's) g) sequence code (by one's) h) group code i) mnemonic code j) block code k) sequence code (by one's) l) mnemonic code m) sequence code (by one's) n) group code o) sequence code or group code p) sequence code or group code q) block code r) block code s) block code t) alphabetic code or mnemonic code u) sequence code v) sequence code or group code 10-18.
A group code of the following format is recommended for Novelty Gadgets:
Product code = L SSS NNNN A DD PP C R where: L = product line (1=toys and games, 2=party and magic tricks, 3=gifts) SSS = subproduct code (numeric) NNNN = product number (numeric) A = geographic area (mnemonic) DD = sales district (numeric) PP = salesperson (numeric) C = customer type (mnemonic) R = credit rating (numeric) Note that this is a transaction code, not a product code. The product line, subproduct code and product number may be used as a product number. The remaining code is not known until a sales transaction takes place. 10-19. The figure in this problem is a document flowchart for the preparation of purchase orders for the P. Meising Company. Three source documents are involved in the data
SM 10.6
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
processing: (1) new vendor authorization forms, (2) new product authorization forms, and (3) authorized purchase requisitions. When a new vendor is approved, the vendor information from the new vendor form is keyed online through a computer edit program which creates a new vendor record on the vendor master file. Similarly, when a new product is approved, the information from the new product authorization form is keyed online though a computer edit program which creates a new product record on the product master file. When corporate purchasing agents (or other approved personnel) receive authorization to make a purchase, an authorized purchase requisition form is obtained. The information on this form is keyed into an online terminal which in turn connects to a CPU using a “Prepare Purchase Orders” program. This program (1) creates a computer record on the purchase orders pending file, (2) creates a multiple copy purchase order (at least one copy of which is sent to the vendor), and (3) creates a purchase order summary report. 10-20. a. The events in Save Today’s sales process are: i. Customer selects goods ii. Customer and sales clerk participate in sale iii. Customer pays b. The sales process in an online environment is similar, with one main exception. The most important difference is that the store must ship the goods to the customer. This is an additional event. Attributes of the other events change to some degree. The customer still selects the goods, but does so without physical inspection. The customer interacts with software rather than a human sales clerk. As for payment, the customer will always use a credit card if that is the payment option allowed in the online store. In the retail store, the sales clerk may collect some data about the customer at the point of sale. However, if the sale is for cash, it is possible that the store never collects data about the customer. In the online store, the system can collect data about the customer at any point. For instance, when the customer first opens the site, there could be a registration screen. c. Some stores ask customers for their zip code and/or phone number. They do this to track demographic data about customers and sales. Online stores can collect a lot of data about customers easily. If you buy online, you need to supply address and, frequently, credit card information. You may need to provide other data as well. To improve customer satisfaction, you could post an optional satisfaction survey at the web site. You can also use the data you collect about the sale to improve customer satisfaction. For example, you could use data about products most frequently sold online to organize your product offerings online. You can also use data about the pages customers most frequently open to organize your site. In addition, the data collected about customer purchases could be used to suggest similar types of products (cross-selling) the next time the customer visited the website (like Amazon.com).
SM 10.7
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
d. Public accounting firms sell services instead of goods. There are many differences between selling goods and selling services. For example, services are intangible and are experienced. The way a public accounting firm gets its customers is different from a retail store. The firm may have to bid on jobs and the sales process takes place over time as work is performed. Public accounting firms will definitely be interested in customer satisfaction. They can collect the data through surveys and by asking for suggestions from clients on ways to improve their service. One way to collect data to improve service in a public accounting firm or any professional service firm is to create a knowledge management system. These systems may contain data about client Best Practices that professionals can use to better service new and existing clients. Some public accounting firms are creating customer portals where they interact with their clients, providing them updates, for example, on new accounting standards.
Case Analyses 10-21.
Food Court Inc. (Sales Process)
1. The answer depends on the volume of business. The costs are the $400 software charge and the increase in credit card rate. If annual sales are $100,000, the extra .5% amounts to $500. Weighed against the costs are the benefits. The benefit here will be saved labor (it would take less of the accountant’s time). There may be a benefit of fewer errors because the accountant does not need to key in a number. There could also be even more benefits because there are fewer chances for error with swiped cards.
SM 10.8
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
2. See flowchart below: Customer enters credit card & amount
System verifies credit card
Card # Valid?
No
Error Message
Yes – Encrypt data & send to UB computer Accountant retrieves transactions
Accountant charges card and gets validation
Accountant enters validation #
Receipt
Print receipt and update database
SM 10.9
Database
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
3. There are not too many risks associated with the sales process itself. There is the risk that: • a credit card or card number is stolen – although the credit card company is likely to bear that risk • the customer will input an incorrect dollar amount for the sale • the online system could go down • the accountant could forget to enter a transaction • the accountant could record the wrong validation number 10-22.
The Caribbean Club (Customer Relationship Management)
1. The students might have a lot of different ideas from their own point of view, but what we want them to do in this case is to consider the business advantages and disadvantages from an accounting perspective. The possible advantages could include those that are discussed in the chapter: • more accurate data in AIS (avoid human error in entering sales data) • perhaps increased sales (VIP status in club) • servers more attentive to customers (don’t have to spend time getting bill, delivering to table, collecting money) • perhaps avoid fraud (no cash, debit or credit cards in use) Possible disadvantages might include: • initial cost of RFID readers • malfunction of RFID readers – would need alternate means of collecting money for food and drinks • some patrons might object to this sort of technology due to privacy concerns 2. In a retail environment such as this, the following information might be useful: • gender and perhaps age of patron • types of drinks that are most popular • types of entertainment that is preferred by patrons • types of music patrons like to listen to while visiting/talking with friends • peak times for patrons to visit There are a number of CRMs available that students might select. This would be a good time for students to have group discussions in class and then “report” to their classmates which CRM they selected for Ross and why they selected that choice. Some web sites of CRM’s for restaurants and bars include: • http://www.opentable.com/info/newspage.aspx?id=127 • http://www.destinationcrm.com/Articles/Editorial/Magazine-Features/CRM-Where-YouLeast-Expect-It-42800.aspx (discussion of how IHOP uses their CRM) • http://www.netsuite.com The instructor might also want to lead a discussion of the pros/cons of a “hosted” CRM solution vs. an “on-premise” CRM (i.e., cost, upgrades, training, support, etc.)
SM 10.10
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
3. From a patron’s point of view, there might be several advantages: • no need to carry an ID, credit card, or debit card • some patrons appreciate being “known” by the owners/servers who would be able to bring them their favorite beverages without being asked for their order • the status of having access to a VIP area of the club Perhaps the biggest disadvantage is again linked to the concern for personal privacy, although there are many places these days where patrons sacrifice privacy for convenience. 4. This is an interesting question, which the students might enjoy discussing. The point here is this – would having the chip implanted be worth it for just the duration of the vacation? Or, might the person be able to take advantage of this technology in his or her home environment? This would probably be a key question. However, some individuals would have the chip implanted strictly for the novelty even if it were useful only on vacation. 10-23.
Mount Pleasant Community College (Purchasing Process)
1. The events are: Purchase Requisition; Purchase Order; Receipt of Goods/Services; and Cash Payment 2. Employees could complete Purchase Requisition forms on the company’s intranet. The completed requisitions could be forwarded to the appropriate party for approval. Approvals could be online and then the purchase order would be routed to the purchasing department. The accounting or enterprise software could check for approval and forward the requisition to the appropriate purchasing agent. The agent could match the order to an appropriate supplier and enter the data needed to complete a purchase order. Copies of the purchase order can be routed through the Intranet to receiving and accounts payable. Receiving clerks can complete receipt information and forward that via e-mail to the appropriate accounts/payable clerk based on vendor name. The accounting or enterprise software can check all documentation for discrepancies. The software can also perform checks of vendor names, payment dates, invoice numbers, and invoice amounts as an internal control against duplicate payments. The software could also print out a discrepancy report when the vendor invoice, receiving report and purchase order amounts do not agree.
SM 10.11
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Chapter 11 ACCOUNTING INFORMATION SYSTEMS AND BUSINESS PROCESSES: PART II Discussion Questions 11-1. Four data items that both payroll and personnel would use are: employee number (or SSN), employee name, department, and title. Personnel data would also include data such as date hired, date of birth, and contact and family data. Payroll data would include pay rate, job code, and information about deductions. 11-2. Payroll transactions for processing involves essentially the same steps for each employee. Gross pay, deductions, and net pay must all be calculated. These calculations involve a lot of basic math (e.g., footing and cross-footing). Outside service bureaus may be less expensive for payroll processing. They may also offer some advantages in terms of confidentiality. 11-3. Data items likely to be added when inputting a new raw materials inventory item include: merchandise number, description, quantity measure (e.g., yard, pound, pair, etc.), vendor, and cost. When a worker records time spent on a production line, data to be input include: worker identification number, time started and stopped, department to be charged, and rate. In both these examples, there are other data items that an AIS may capture, depending on the nature of the reports to be output. 11-4. Nonfinancial information that an AIS might capture about a manufacturing firm’s production process would primarily consist of information that would help in evaluating productivity and performance. For example, information needed for control would be the amount of wasted materials and machine downtime. Productivity information would relate to the amount of time needed to produce a product or each product component. AISs tend to focus on dollar measurements, but in many cases, measurements of quantities are just as important to a business organization. 11-5. The basic concepts are a commitment to eliminate waste, simplify procedures and speed up production. There are five areas that drive lean manufacturing, and they are cost, quality, delivery, safety, and morale. Non-value added activities (waste) are eliminated through continuous improvement efforts (http://www.1000ventures.com/business_guide/lean_production_main.html). The concepts that are at the heart of lean production/manufacturing are total quality management and continuous improvement. 11-6. AIM Industries, a metal stamping company, located in Grand Haven, MI has been in business for over 40 years. Jeanne Duthler had 10 employees when she bought the plant in 1984. Now there are 37, and last year’s sales were $5 million. The company is doing the same
SM 11.1
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
numbers dollar wise as they did last year, but showing more profit as a result of lean manufacturing. For 2007, the company expected to increase profitability by 10%. Lean practices at AIM include: • Consolidating production steps • Having raw materials set up at hand to save time and increase productivity • Moving presses to make production flow smoother • Finishing a product in one space rather than walking to another room for finishing For more examples, see Karen Kroll, “The Lowdown on Lean Accounting,” The Journal of Accountancy (July 2004), pp. 69-76. 11-7. For examples, see Karen Kroll, “The Lowdown on Lean Accounting,” The Journal of Accountancy (July 2004), pp. 69-76. 11-8. Both homebuilders and cement companies have information needs related to their manufacturing processes. The primary difference between these two companies concerns the need to maintain a job order versus a process costing system. The homebuilder is likely to track many costs for each individual house built. The cement company will use an AIS that uses input and output data to calculate costs for specific quantities. This distinction is likely to impact the type of accounting software a company chooses. Some software packages are specially designed for either job order or process costing manufacturing environments. 11-9. This chapter discussed AISs for the professional services, health care, and not-forprofit industries. Some students feel that “the absence of merchandise inventory” is the unique characteristic of service organizations that causes the greatest problem in their AISs (i.e., budget forecasting of “returns-on-assets employed” can be difficult). However, the greatest problem may be the difficulty in measuring the quantity and quality of output, which gives rise to difficulties in budgetary planning activities, as well as developing pre-established operational quality goals for its intangible products. These difficulties can cause various negligence suits against service organizations. Other vertical market industries include insurance, banking, construction, manufacturing, retail, hospitality, and government organizations. Each is somewhat unique in its AIS needs. Insurance has many special issues including co-insurance. The insurance industry is quite diverse and various kinds of insurers need a variety of accounting information. An important issue for the insurance industry is fraud. The banking industry must deal with check clearing, credit ratings and credit histories, as well as information about financial markets. The construction industry is concerned with projects and has a need for job cost accounting systems and bidding capabilities. Retailers use POS (point-of-sale) systems to collect a variety of data helpful in analyzing sales. Manufacturing systems need inventory control systems that allow them to efficiently manage a variety of inventories. These systems may be quite sophisticated and can include MRP II and/or ERP capabilities (input technologies might also be used, such as RFIDs and bar codes). The hospitality industry includes restaurants and hotels and so its information systems vary. Restaurants are concerned with monitoring costs and perishable inventories. Hotels need sophisticated reservation systems that can handle various billing rates. AISs for government entities are built around fund accounting and must comply with
SM 11.2
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
governmental accounting standards. These are just a few of the issues you might discuss relative to these industries. 11-10. Students might locate a number of different software solutions for this discussion question. For example, we selected Medflow Complete, an ophthalmology practice management solution: http://www.medflowcomplete.com/ophthalmology-practice-management/. This particular solution is scalable and includes the following features: • • • • •
• • • • •
Billing Advanced Code Checking Software Accounts Receivable Electronic Payment Remittance Online Collections
Refunds Module Advanced Scheduling Recall System Front Desk Imaging ImageDoc
11-11. To ensure that a business reengineering effort is successful, managers will want to “champion” the effort. This means obtaining a buy in from employees and showing unwavering commitment and enthusiasm for the project. Honesty is important because many workers equate reengineering with downsizing. Managers should be realistic about jobs that may be lost and should prepare to retrain workers or provide career counseling to affected employees. Management should be conservative in estimating the benefits to accrue from reengineering efforts, as well as the costs that may be incurred. The cost of reengineering can be high. Several good reference articles on this topic are: “The Perfect Tax Office,” R. Scott & D. McClure, The Practical Accountant, August 2006, pp. 414. “Change Champions,” J. Berk, The Internal Auditor, April 2006, pp.64-68. “Get Ready: The Rules are Changing,” K. Melymuka, Computerworld, June 13, 2005, p. 38. “Are Companies Really Ready for Stretch Targets?” C. Chen and K. Jones, Management Accounting Quarterly, Summer 2005, pp.10-18.
Problems 11-12. This question requires students to do some outside research. It is useful for students since it helps them to understand how industries vary in their accounting information needs. Students might be randomly assigned to investigate health care, insurance, banking, construction, manufacturing, retail, professional service, hospitality, not-for-profit, or government organizations. Each of these organizations has very specialized AIS needs. Students may find that accounting systems for these organizations consist of generic accounting software, supplemented by spreadsheets and databases. They may also learn that many of the organizations use very specific programs. For instance, a student who looks at catering firms might learn about catering software and its special complexities. Students can be sent to doctor's offices, retail stores, restaurants, and so on to interview employees about the accounting software used. There are many sources of information about vertical market software programs, including personal computing and accounting magazines/journals.
SM 11.3
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Students might also use an Internet search engine, such as Yahoo or Google, to find sites for many accounting software programs. Using the terms “construction software,” “health software,” and “retail software,” students will find many specialized software vendors. You may want to ask students to print web pages for specific vendors, or to do some analysis of the special features associated with software for each industry. For example, the following web sites offer information on software for dentists to manage their practice: http://www.dentrix.com http://gbsystems.com/os96i.htm http://www.dentalexec.com/dental-exec 11-13. As you might imagine there are a wide variety of choices that students might identify for this problem. The important point to make with the students is that the solution should match the company size, needs, and other factors that the supervisor “should” identify before the search is conducted. However, the following are a representative sampling of the choices available: • ADP Payroll Software for Microsoft Office Small Business Accounting (http://www.microsoft.com/smallbusiness/products/office/accounting/payroll-software.mspx) • ZPay Payroll Systems offers technical support, tutorials, and a free 30-day trial (http://www.zpay.com/) • PenSoft Payroll Solutions is designed for small to mid-sized businesses, and can process virtually any payroll and related tax requirements. (http://www.pensoft.com/aboutus.asp) 11-14. Adoption of EMR or electronic medical records by physicians, healthcare organizations and their related business associates is becoming a fact. As part of the American Recovery and Reinvestment Act of 2009, physicians can receive up to $44,000 in Medicare incentive payments beginning in 2011 for implementing EMR systems. Physicians must be able to demonstrate “meaningful use.” The “meaningful use” standard is measured in stages. Stage 1 started in 2011 and ended in 2012. It required that providers meet 14 to 15 core requirements and choose five more from a menu of 10 options. Some of these requirements include electronic file system for all patients’ health records, medical billing system, and transcription services. Physicians will have until end of 2014 to meet Stage 2. Source: Electronic Medical Records Deadline: Penalties For Not Using EMR? http://www.medicalrecords.com/physicians/electronic-medical-records-deadline#ixzz2tQlpazuY As you might imagine there are a number of choices that students might identify for this problem. For this problem, we selected Allegiance MD, and this software solution may be found at this site: http://www.allegiancemd.com/index.php/PPC/medical-records-software?BING=1 The Allegiance MD software solution is "meaningful use" Stage 2 certified, and may be run on any operating system and on an iPad. The standard features for this software include the following:
SM 11.4
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
•
Electronic Medical Record
•
Medical Billing Software
•
E-Prescription
•
Electronic Statement
•
Evidence-based clinical knowledge
•
Electronic Eligibility
•
E-Lab
•
Electronic Claims & Remittance
•
E-Fax
•
Claim Scrubbing
•
Automated Transcriptionist
•
Electronic Remittance Advice (E-Post)
•
Advanced Scheduling
•
Dashboard
•
Electronic Appointment Reminder
•
Artificial Intelligence
•
Patient Portal
•
Certified HIPAA Secure
11-15. An automated billing system could help this firm in several ways. First, by investing in in-house time and billing software, it may be possible to significantly reduce the expense associated with the outside accountant. Since this type of software may be integrated with a complete AIS, the outside accountant would not need to compile financial statements. The system would do this automatically. Another way the automated time and billing would help is by capturing more detail. A manual system can only keep track of so many items without becoming unwieldy. The automated system can keep track of specific charges by customer and therefore reduce overhead to be allocated. With an automated system, many indirect costs may become direct costs. For instance, secretarial work, phone expenses, and copying may all be directly related to a particular client. An automated system will be able to analyze data in many different ways. Each lawyer's billable hours can be computed and compared for various periods, for example. Productivity reports and reports highlighting budget overruns can be produced easily with an automated system. What an automated system cannot do is force lawyers to record their activities on a timely basis. This is frequently a problem in professional service firms. Some organizations resolve the problem by holding up paychecks until time sheets are filled out completely and accurately. Other solutions lie in technology that makes it easier for professionals to record their time or automatically records the time for individuals. Lawyers who use computers may record time spent on a client's work in the following way. Every time the lawyer logs into a particular file, software can keep track of the time the file is in use. Alternatively, a professional might keep track of time in an on-line organizer. As the individual begins work on a particular client's file, he or she might enter the time in the organizer and then enter the time when finished. Online time sheets work the same way. By assigning a special code to a customer that is used when copying, the amount spent for copying can be captured directly. Special codes entered into the telephone can help record phone charges, particularly long distance charges. Use of customer codes when special mail services are necessary, such as Federal Express, also allows for tracking expenses directly.
SM 11.5
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Software: A number of companies offer this type of software, such as QuickBooks (http://quickbooks.intuit.com) and Imagine Time (http://www.imaginetime.com). Features include: Time & billing (tracks billable time; some programs create reports for individual billing; stopwatch feature accurately times tasks; billable time can be recorded on an hourly, contingent, transactional, or user defined fee individually or firm-wide); due date monitor; calendar/contacts; integrated scheduling; client relations manager; credit card processing; and others.
Case Analyses 11-16.
Hammaker Manufacturing I (AIS for New Manufacturing Firm)
1. Many companies are turning to an AIS or ERP to help them better manage inventory. Automated systems are able to react faster than manual ones. An AIS may place automatic orders when inventories fall below specified levels. Use of e-business or EDI can also help as electronic orders are faster than ones that rely on phone or mail systems. Data analysis and logistics tools can help to manage inventories by considering variables such as lead times, delivery schedules, routing, safety stocks, and others. 2. There are many data elements that the system may include about inventory items. Vendor, delivery time, safety stock, lead times, and average order size are a few of them. As an example of the complexity of configuring a system to manage inventories, consider McDonalds’ distributors. McDonald’s has nine distributors and hundreds of suppliers. They need frozen foods and other perishable food items, in addition to restaurant supplies. They must estimate inventory needs with very tight windows. Further, they need to take into account items such as promotions (remember when McDonald’s ran out of beanie babies?). Delivery times can be very tight. For example, a store may want frozen goods delivered each Tuesday between noon and 12:30 p.m. – leaving only a ½ hour window. As it happens, McDonald’s distributors use JD Edwards software. The software had to be customized to allow for different fields when suppliers used EDI versus manual orders, among other data items needed to accommodate the special needs of this particular business. 11-17.
Hammaker Manufacturing II (Business Process Reengineering or Outsource)
1. Students might select any of the documentation tools identified in Chapter 5 (flowcharts, process maps, or one of the graphical tools such as CASE tools). Most likely, HMC would work on the manufacturing processes – or they might limit their efforts to the inventory process first. 2. Students might locate a variety of sources that list reasons for outsourcing. The Introduction section of Part Two of the textbook, identifies several reasons: global pressures to cut costs, to reduce capital expenditures, and to become as efficient as possible at core competencies. Additional reasons that different companies might use are: • access resources that are not available within the company (people, capacity, technology) a. To access innovative ideas, solutions, expertise of individuals SM 11.6
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
• • • • • •
b. To provide flexibility to meet changing volume requirements – to increase or decrease capacity as needed c. To access plant and equipment without the time and cost of building d. To gain quick access to new process, production, or information systems technology (perhaps too costly or unproven so company is not ready to buy it yet – if at all) To improve speed-to-market of products To accelerate reengineering benefits To share risks To take advantage of offshore capabilities (human capital, lower cost) To better manage difficult or non-core processes and functions To enjoy economies of scale (vendor can accomplish process on much larger scale)
Some believe that investors want companies to expense context work (anything that is not considered a core process of the firm) rather than invest in it. That is, investors would rather see it on the income statement than the balance sheet, which in effect would free up resources (employees) to focus on the processes that generate revenue, and increase share value (http://www.optimizemag.com/article/showArticle.jhtml?articleId=17700604). For example, if we outsource the accounting function, then we might be able to better use the talents of the staff accountants in analyzing other business opportunities, analyzing and improving business processes, etc. So we could use our human capital in endeavors more directly related to our core processes. Hammaker might consider a number of these reasons to decide to outsource. Of course, the first question is: What process (or processes) might Dick want to outsource? Denise does not know the answer to this question, so the company should study the various processes discussed in Chapters 4 and 5 to make this determination. Since frequently outsourced processes are human resources, finance and accounting, customer services, learning services and training, janitorial services, and information technology, these should probably be examined first. Once one or several of these processes have been identified as possible candidates for outsourcing, we would then ask: Which of these processes are core to our business? Of course, in the effort to examine each of these processes, Dick might want his employees to determine where efficiencies may be realized through Business Process Reengineering. 3.
We would probably all agree that producing automotive parts is a core business process for Hammaker. It’s the primary thing the company does. It’s what the company does to produce revenue. It’s also whatever you do to differentiate your company’s products from your competitors’ products.
4. The answer is yes, businesses do sometimes outsource what we would call core processes. A number of examples may be cited here. Probably the best known example is Nike. This sneaker company doesn’t manufacture any sneakers. The entire production process has been outsourced. Insurance companies are another example. Several of their core business processes are risk management, information services, underwriting, claims administration, and customer service. Both customer service and underwriting are processes that are now outsourced by some insurance companies.
SM 11.7
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Why would companies outsource a core process? There is no one answer for every situation, but most likely firms would do this for the same reasons cited above in #1. Sometimes this becomes a strategic alliance with another company (or companies) so that the company that does the outsourcing can focus on other products or on other services to generate revenue. 5. Most likely any business decision that displaces employees will have social and legal implications. Socially responsible organizations are typically admired by the community and the marketplace, so developing options for the displaced workers is always an important consideration. If the employee’s job is deleted, what other jobs might the person do for Hammaker? Is training required? What if there are no employment choices? Should Hammaker offer transition-assistance packages to those employees to help them find jobs at other firms? At what cost? These are all important questions that should be asked. Regarding legal implications, we need to know if the company employees are represented by a union. We might have restrictions that are in contracts with the union that would limit what options we can and cannot exercise. In this case, we know that Hammaker Manufacturing is not limited by any union contracts. The company might have other contractual obligations that they need to honor. For example, is there a mortgage on the manufacturing complex or is there a long-term lease? The lease contract might have certain penalties for breaking the contract if the facilities are no longer needed. 6. This is certainly a case that has many facets and interesting possibilities. Unfortunately, we don’t really have enough information at this point to make an informed recommendation, but many intriguing clues may be found in the case to suggest that some sort of outsourcing would be advantageous to Hammaker. 11-18.
Hammaker Manufacturing III (Lean Production/Lean Accounting)
1. To adopt lean production, HMC would probably want to focus on the five principles of lean thinking that are identified in an article in Strategic Finance, May 2007 (How do your measurements stack up to lean? By Kennedy et al.). These include: • Customer Value: Lean enterprises continually redefine value from a customer’s standpoint. This means that HMC would need to get feedback from their customers. • Value Stream: The lean enterprise is organized in value streams. This means that HMC would need to rethink how they collect data for decision making. • Flow and Pull: In a lean enterprise the customer order triggers or pulls production. This might represent the biggest change in philosophy for HMC – which would be a change from stockpiling inventory to more of a JIT philosophy. • Empowerment: Lean enterprises’ employees are empowered with the authority to interpret information and to take necessary actions. • Perfection: Lean enterprises seek perfection, defined as 100% quality flowing in an unbroken flow at the pull of the customer. HMC is already committed to quality products so this does not represent a change from current thinking. 2. Firms that implement lean production concepts typically benefit in the following ways: • Waste reduction • Production cost reduction SM 11.8
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
• • • • • •
Labor reduction Inventory reduction Production capacity increase Employee involvement and empowerment (multi-skilled workforce) Higher quality products More information: http://www.1000ventures.com/presentations/production_systems.html
3. Denise and her financial analysts might gain the following benefits from attending a Lean Accounting Summit: • Perhaps the most important benefit is the ability to network with professionals at other organizations who have already implemented lean production concepts to gain insights from their efforts – i.e., lessons learned from those who have already worked with these concepts • Learn cutting-edge thoughts and ideas • Discover helpful software packages and accounting methods that support lean production • Identify some best practices from companies currently using lean production concepts • Identify companies to benchmark these concepts
SM 11.9
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Chapter 12 INTEGRATED ACCOUNTING AND ENTERPRISE SOFTWARE Discussion Questions 12-1. Figure 12-1 of the text contains a list of the features provided by most integrated accounting packages. Of these, the most important is the fact that the software integrates the major accounting modules (payables, receivables, inventory, payroll, and general ledger)—i.e., modules that can interface with one another. The textbook highlights five additional features: (1) low cost—an item of obvious importance to the budget-conscious small business, (2) Internet connectivity—the ability of the software to support shopping cart applications on the web, (3) cloud computing—the availability of such useful features as offsite backup, multiuser access, and automatic upgrades on hosted systems, (4) remote access to the system at any time and from anywhere, (4) inventory management, (5) XBRL capabilities (see Chapter 2), and (6) scalability—the ability for a small business user to upgrade to more powerful, compatible software as it grows. Two additional features of possible interest to small businesses are (1) compatibility with existing hardware and software, and (2) the ability to customize the software as needs or interest dictate. 12-2. Most of the features for the accounting software of small businesses listed in Question 12-1 above are also important to larger businesses. The chapter notes some important differences, including: (1) the ability to support more online users concurrently, (2) the availability of additional accounting modules, (3) the ability to process transactions in multiple currencies, (4) the ability to split commissions among multiple salespeople, and (5) the availability of specialized accounting packages for niche markets—for example, car or apartment rental agencies or charities. 12-3. Shopping for a new accounting package requires a careful assessment of business needs in order to match such requirements with software features. As noted at the end of the chapter, this is a good time to hire a consultant who can help with both those assessing needs and evaluating available alternatives. The best package is not necessarily the one with the most features for the money, but the package most likely to satisfy current and future requirements. Yes, it is likely to make a difference if the organization is a not-for-profit. This is because a notfor-profit concern such as a charity or government agency is likely to have specialized accounting needs that generic accounting packages cannot satisfy. 12-4. The chapter lists five advantages of using cloud service providers: (1) anytime, anywhere access to accounting information from a variety of Internet access devices, (2) automatic storage and backup of important accounting data, (3) multi-user access (perhaps from different remote locations), (4) automatic upgrades to newer versions of the software, and (5) the ability to print reports directly from host data sources. “Quick deployment” and “unlimited data storage” are often mentioned as additional benefits.
SM 12-1
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Some important disadvantages of cloud services are: (1) possible downtime of the vendor’s file servers, over which the contracting company has no control, (2) loss of control over sensitive data, (3) long-term contracts with service providers—possibly with inflexible commitments, (4) the inability to switch to an alternate vendor if a customer becomes dissatisfied, and (5) a possible lack of vendor support (for most businesses, 48-hour response time to emails is not acceptable). 12-5. Actually the features available in low-end packages today are truly amazing, when you consider that a decade ago, these features would only have been available in high-end packages. Still, the high end software is often worth its price, primarily because of flexibility and customization capabilities. High-end packages may allow for features such as "user-defined codes." These are extra fields that users can designate to meet the special needs of a particular business. High-end software also typically offers much more in terms of reporting. Wikipedia contains a useful “comparison of accounting software” under that title. 12-6. Traditional ERP systems were back-office systems that addressed the internal information system needs of an enterprise. Today’s extended enterprise systems include a variety of software that allows customers, vendors, employees, and others to access information within a company to enable collaboration across the enterprise and with such outside groups as strategic partners. 12-7. This question tests student understanding of what the term “integrated” really means. Within the context of accounting packages, the term “integrated” refers to a cohesive set of accounting software whose various accounting modules can communicate with one another. In contrast, within the context of ERP systems, the term “integrated” refers to software that combines the processing tasks of the various functional areas of a business—i.e., marketing, manufacturing, finance, and human resources. Some of the basic features of an ERP are: a single database and integration across the enterprise for sharing data (typically includes manufacturing, supply chain management, finance, projects, human resources and customer relationship management). Although accounting software has changed a great deal (i.e., has become increasingly sophisticated with more features available in lower end packages and for less cost than before), these packages lack the integration feature of ERPs – that is, data are not shared across the many functions of the organization. 12-8. The four components of an ERP’s architecture are (1) the systems configuration (i.e., how the system is deployed), (2) a centralized database, (3) application interfaces, and (4) Internet portals. The systems configuration for an ERP system is usually a large mainframe either owned by the organization or file servers hosted by a cloud vendor. In contrast, most alternative accounting software runs on smaller minicomputers or local company file servers. This contrast also applies to the centralized database of the ERP system versus the smaller, typically independent databases maintained by separate accounting functions listed in the problem statement. In terms of application interfaces, an ERP system usually integrates the many functional software components of a business into a single system—either with standard modules that are available
SM 12-2
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
with the system or with bolt-ons that managers can purchase from third-party vendors. In contrast, if an organization uses separate software for each of its accounting functions, then each package can only interface with the others through standardized or customized connections—if at all. In worst-case scenarios involving disparate software, “interfacing” is non-existent and company personnel must manually rekey the outputs from one system as the inputs to a second system—an amazingly inefficient process in this day and age. Finally, most ERP systems have Internet portals that allow external users (such as suppliers or customers) to access the ERP system. This may or may not be the case with silo accounting systems. 12-9. Perhaps the greatest benefit of an ERP’s centralized database is that it helps the software integrate business functions. It does this by standardizing communications between the organization’s functional areas and by storing the persistent data (master file data) for such areas in a single, accessible data repository. This means, for example, that the price for a given manufactured item is stored only once, the name and address of an employee are stored only once, and so forth. A related advantage of a centralized database is that it helps keep important information such as the price of a given product consistent among the various departments that use it. Another advantage of a centralized database is that it helps minimize data redundancy—i.e., storing the same piece of information in several different files. While data redundancy uses up storage space, that isn't its primary drawback. When data elements are stored multiple times, the same data item (e.g., an employee’s name) may be different in different storage sites. Over time, the data can lose its value as data integrity is lost. Finally, and although it is not mentioned in the chapter, a centralized database is usually easier to administer, protect, and keep secure than the multiple databases characteristic of silo business applications. Combining multiple databases requires deciding on consistent formats for each data item in the repository. Along with one name for the data item, there must be one value, and one field specification. For example, in multiple databases an inventory item may have been represented differently by each one. In one, the field name may have been mnemonic, and in another it could have been a 12 position numerical field. Combining the databases requires designers to choose which to use in the new centralized database. These problems especially plague airlines when they merge—for example, deciding on consistent flight numbers or consistent codes for airline passenger tickets. 12-10. Perhaps the best way to select an AIS is to hire a consultant or work with the company’s CPA to get help identifying the best software for the new company. Even though a number of companies have developed ERPs for mid-sized companies, a new business may not need, want, or have the capital initially to invest in a small ERP package. A few companies might acquire an ERP package when they first start their businesses. This enables them to begin with fully-integrated business functions, and avoids the trouble of adapting, and usually reengineering, business processes later. Another advantage is that the company will adopt the best practices for the processes incorporated in the package - from the start and there will literally be nothing to reengineer. A downside is that if the company has some unique processes, these are unlikely to be part of the software.
SM 12-3
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
12-11. There are many articles available about enterprise-wide systems. Good sources for these articles include the Wall Street Journal, Computerworld, Management Accounting, and Business Week. Using an Internet search engine and a search term such as “successful ERP implementations” often reveals vendor websites describing good (if self-glowing) accounts of Successful ERP implementations. As suggested by the AIS-at-Work feature on the end of this chapter, students will discover that many of the cost savings relate to process improvement. This improvement could create a reduction in work force or decreases in manual processing or completion costs. Some companies adopting these systems have found that it was costing $50 to $75 to process a single accounts payable transaction. Reengineering this process can reduce this cost to only a few dollars. Many of the articles concerning enterprise-wide information systems are written because an organization must solve one or more current problems. These problems usually relate to cost overruns, time delays, or the inability to easily perform needed processing or communication tasks. Companies can spend literally hundreds of millions of dollars on their information systems (e.g., General Motors and Procter and Gamble). It can take anywhere from a few months to several years for an installation of these systems to be completed. Regarding implementation issues, data conversion might be most time-consuming but designing new business processes is likely to be the most challenging. Moving to an ERP represents a great deal of change for an enterprise. Most businesses are "siloed." Each functional area is separate and keeps its own data. The ERP requires breaking down the silos and integrating. An ERP represents new ways of doing things also because it typically involves redesigning business processes. When you implement an ERP, you will not receive the benefits from it without making significant changes in the way things are done. Change management activities help to counter some of the fears people have about change. These activities also help employees to understand the differences in the new system and how those differences affect them. Using the new system the old way will not achieve the goals of the ERP. Oddly it may be more difficult to select a low-end accounting package than an ERP. There are very limited choices with ERP software and the packages have reached the point where all the major ones have the capability to handle the basics. Specific vendors have staked out certain territory in terms of industry so that it would be easy to choose a package that incorporates best practices for your industry. While there are dominant players in the lower end and middle markets, no one package has everything, so it may require more analysis to make sure you choose the best fit. 12-12. A VAR will, by definition, have sales relationships with a set of software vendors. For example, a VAR may be trained in Great Plains software. Therefore it is in the VAR's best interest to recommend the package(s) he or she represents. Students can use an Internet search engine to find sites for many accounting software programs that are available for specific types of organizations. Using the terms “construction software,” “health software,” and “retail software,” students will find many specialized software vendors.
SM 12-4
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
You may want to ask students to print web pages for specific vendors, or to do some analysis of the special features associated with software for each industry. For example, many retail packages are specifically designed to accommodate point-of-sale transactions. 12-13. There are many consequences in making a bad decision in acquiring a new accounting information system. Aside from the wasted financial investment, time will have been wasted. In trying to “make it work,” employees are likely to become frustrated and discouraged. Managers will not have the information they need to make good decisions about the business. In the worst case scenario, a company may have trouble managing its inventories, paying its bills, collecting on accounts receivable, managing cash flows, reporting net income, and meeting payroll deadlines. 12-14. ERPs support and integrate business processes, and as such, incorporate “best practices” for business processes. Thus, it is important for companies to align their business processes with the methodology embedded in the ERP to gain maximum efficiencies and effectiveness from the ERP. In fact, some experts claim that an ERP implementation is not as much about technology as it is about business transformation. Successful aspects for a BPR project include (from Figure 12-6): • Allocate appropriate time for the BPR project: approximately two-thirds of the time planning and designing and one-third of the time on development and implementation • Allow an appropriate amount of time to complete the project. An average BPR project takes a little over a year (13.8 months) • Engage a proven change management consultant, which is critical to meet or exceed project objectives • Make sure that the BPR team is dedicated to the project, they have support from top management, and that it has a clear vision of objectives and goals • Use consultants as leaders/key facilitators of the BPR project to coordinate team efforts and for technical systems advice and expertise 12-15. A dashboard is a display screen that uses graphical images to depict items of interest to managers—e.g., sales of selected products or sales by store or sales region. Refer to Figure 14 in Chapter 1. Within the context of the current chapter, a mashup is a dashboard that displays information from both within and outside an organization. The objective of a mashup is to provide information that helps managers better perform their jobs. A bond trader, for example, would appreciate, and be able to take advantage of a mashup that depicts current inventory of bonds for sale as well as up-to-the-minute market yields on such issues obtained from outside sources. Similarly, a mashup depicting both current manufacturing schedules and customer orders might enable a production manager to better schedule work flows on a shop floor. Finally, even students can use mashups to schedule future courses based upon what courses they’ve already taken.
SM 12-5
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Problems 12-16. Students might give a number of reasons for selecting specific software – like the ability to download a free trial, support offered by the vendor, price, etc. Here are some sources for specific types of packages: a. Boutique software: http://www.wfxondemand.com/ b. Golf management software: http://www.activegolfsolutions.com/technologysolutions?gclid=CKCXl4bY5JcCFQSenAodVWE_DQ c. Time and Billing for CPAs: http://www.imaginetime.com/?gclid=CPzghanY5JcCFRgqHgoda0YNDg d. Software for animal breeders: http://www.tenset.co.uk/ba/ e. Equipment rental software: http://www.orion-soft.com/ f. Point-of-sale software for retail stores: http://www.apparelsearch.com/software_retail_pos.htm 12-17. To find lists of vendors for low-end accounting and enterprise systems, suggest that students visit www.2020software.com, www.ctsguides,com, or www.top10erp.com. The capabilities of such software are sometimes related to product price, but not always. Many packages today also are scalable, which means that one product may serve processing needs ranging from “low-end” to “middle-end.” 12-18. As defined in the chapter, scalability is the ability of software or hardware to seamlessly accommodate growth of a company (i.e., increased demands on the system) – to easily be expanded or upgraded as necessary. For a business owner (and managers of larger firms), this means that an investment in a software package and/or hardware is a long-term investment, i.e., the system will not have to be replaced when the company grows and expands – the system can grow with the company. 12-19.
Tom O’Neal
a. This question should get a lively discussion started among the students. Obviously, we have an entrepreneur who started a business, took on a business partner to help him grow the bike shop, and now has a business that is growing “out of control.” As with many small, familyowned businesses or small partnerships, growth seems desirable, but many problems and issues may confront the owner(s). For example, the owners must concern themselves with issues of cash flows, buying vs. leasing (office or production space, equipment, etc.), inventory control, internal controls, division of responsibilities, etc. An investment in IT is really not the question to answer yet. It sounds like Steven and Tom only have an accounting firm to do their annual financial statements. While that may have been fine for one small bike shop, more than likely it is not adequate for a growing business such as this one. For example, how do the owners address such questions as: How are we managing our Accounts payable? Are we paying our bills on time? How are we managing cash receipts? Accounts receivable? Do we have cash reserves? If so, what are we doing
SM 12-6
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
with them? Do we have any internal controls? What are they? Are they adequate? If the owners are managing fine and can answer these questions already, new accounting software may not be necessary. The chances are that at least integrated accounting package running on a microcomputer might be useful here, although a hosted cloud system might make sense too. b. One way to find software for this company is to consider the “Top 7” Small Business Accounting software options identified (and compared) by 2020 Software (http://www.2020software.com). Certainly, the bicycle shop meets the criteria for this level of accounting software (i.e., revenues of less than $5 million, and up to 20 employees). Students will find several software alternatives by using a search engine on a term such as “accounting software for a bicycle shop.” However, you might want to discuss the fact that the business is growing and might be at the upper limit of the capabilities of a number of the software solutions in the “small business” category. Perhaps the bicycle shop should consider the next higher level of software (midmarket) so that the capabilities will not soon be exceeded—it might be costly for the bike shop to invest in an accounting software package only to discover in the following year or two that the software is inadequate. Steven and Tom might want to consider the following features: sales, payroll, inventory control, purchasing, accounts payable, accounts receivable, etc. They should also ask questions such as: What reports are available? Will we be able to query the system to get answers to questions (those we have now or new questions we may have in the future that we have not thought about yet)? c. There is no easy answer to this question. Frequently, students will say a consultant is necessary and give very little thought to the cost of such services or whether the firm would be financially able to do so. In the case of our bicycle shop, most likely a consultant would be able to help Steven and Tom. However, the owners should first do their homework! Steven and Tom should do a sufficient amount of research on the available software solutions that are targeted for the size of their company. For example, they might read professional journals or talk with business associates in the Chamber of Commerce, the State Society of CPAs, and other professional organizations so that they obtain as much information as possible about the software systems that others are using (businesses that are of a comparable size) and about any consulting firms they might choose. Steven and Tom need to decide what they expect of the software and what they hope to achieve by selecting an appropriate system. Several of the articles in the Recommended Readings section at the end of this chapter offer help in comparing software and understanding the variety of features available. Specifically, Johnston (A Strategy for Finding the Right Accounting Software) cautions that this is not a task to take lightly, claiming that it is one of the most challenging tasks of a professional career! Here are some steps that Johnston recommends: (1) establish a technology advisory committee (this would be Steve and Tom); (2) prepare a needs analysis (this should include all of the employees)
SM 12-7
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
that identifies all the tasks that each person (department) does; (3) consider an outside consultant – a wise decision if this project is beyond the time and technical resources of the business. 12-20.
B&R, Inc.
a. B&R, Inc. may want to implement an ERP system. The company is concerned with reducing expenses and a system such as SAP may be a way to accomplish that. Other benefits may be better supply chain relationships with suppliers and improved service for customers. The Internet connectivity features of such software are particularly beneficial. A consumer products company probably also needs the software to maintain a competitive position in the industry. Many of the benefits are intangible – such as customer satisfaction – and are difficult to evaluate or quantify. Another possible quantifiable benefit is a reduction of employees, which may or may not actually occur. b. Customers of ERP software are usually big companies—often Fortune 500 firms. However, as we mentioned in the chapter, a number of software companies now offer smaller ERP systems that can accommodate the needs of mid-sized companies unable to afford the millions of dollars needed for the earlier ERPs. The SAP web site allows you to search its list of customers by country, industry, and solution. c. Figure 12-8 lists four examples of ERP failures involving millions of dollars. In general, common problems concern cost overruns, disrupted business operations, unrealistic or unfulfilled expectations, poor implementation, failure to meet reasonable expectations, or prolonged implementation. As an example, several universities had problems with PeopleSoft implementations. The software did not solve some problems and created several new ones. Some companies have found that they can only use parts of the ERP system and need to keep some of their old systems running. Because some ERP software handles business processes one way only (according to best practices), some organizations may not be able to fit the mold. There are many articles available to read that have stories about failed ERP implementations. A search of the Wall Street Journal interactive web site can turn up some of these. One of the most famous stories was Hershey’s failure to deliver Halloween candy on time – and the company blamed it on the new ERP. 12-21. This problem requires students to visit a website such as www.top10ERP.org. This website enables students to compare ERP packages for a company and industry of their choosing.
Case Analyses 12-22.
Mar-Bal’s New ERP System (Analyzing an ERP Study and Implementation)
1. Indicators that a company may need a new or upgraded system: SM 12-8
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Item Indicator 1 Late payment of vendor invoices 2 3 4 5 6
Late deliveries to customers Growth in inventories Slowdown in inventory turnover Increased time in collecting receivables Late periodic reports
7
Increased time to close accounting books
8
Managerial concern about cash flows Managerial complaints about lack of information Owner worries about cash flows, taxes, and profitability
9
10
Case example Current system did not provide a way to add or reduce vendor managed inventory based on shipments and consumption Customer complained about an antiquated EDI system. Also, there was no advanced notification of shipping Not stated explicitly, but employees “spent an average of 6 hours per day verifying inventory” NA NA Inventory reports delayed while employees manually counted inventory; month-end reports delayed while waiting for this process Monthly inventory counts required the company to shut down manufacturing processes; company saved 2,750 hours of employee time (and probably shortened closing time for accounting tasks) NA Consigned inventory difficult to manage; inventory system unable to maintain inventory balances on hand; current system had limited reporting capabilities NA
2. Value of an ERP system. Item Task 1 Determine how you will measure success 2 Set up specific metrics based on your industry
3 4
Perform regular postimplementation audits Analyze your performance numbers
Case examples The ability of the new system to solve its inventory, reporting, and plant-closing problems Reduction in time spent on inventory, time to handle customer orders, ability to track vendor supplies, enhanced reporting and forecasting capabilities of the new system, automation of inputting finished material inventories, newfound ability of sales people to access information about production statuses NA The new system (1) enables managers to monitor scrap generated per production shift, (2) customers now able to create their own orders though web portal, (3) improved system processing speeds (the new system can process 10 SM 12-9
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
5
Set up universal processes Create a continuous learning loop Prepare for inevitable security failures
6 7
orders per minute), (4) availability of new reporting tools: the new system automatically generates invoices and advanced shipping notices, and (5) “taking inventory” now limited to once per year NA Case states that employees now participate in a process of continuous improvement NA
3. List of intangible benefits Item Benefit 1 Better managerial understanding of business costs and profits, and where they come from 2 Increased accuracy of inventory records, because there is now no need to take monthly inventories—a savings of employee time and the ability to keep manufacturing processes running 3 Improved customer relationships because customers can now input their own orders through the web portals, and also because sales staff can now “confidently and accurately provide price quotes to customers.” 4 Ability to better negotiate volume prices from suppliers because the company can now bid globally for the supplies needed by all four of its plants 5 Increased employee awareness of “the big picture” due to greater visibility of departmental efforts and newly-available data 6 A new culture of continuous improvement attributed in part to #6 above 7 An edge over competitors because the company can do more without hiring more employees 4. Did any business process reengineering take place at Mar-Bal? Almost assuredly, it did. For example, production personnel on the shop floor had to learn a new way of entering manufacturing data such as product volume and scrap volume, while managers had to familiarize themselves with the reports now available with the new system. Even customers had to retool in order to use the new web portals available with the new software. 12-23.
The RETAIL Cooperative (Creating an Enterprise Portal)
1. Enterprise portals (EPs) are gaining in popularity because of their ability to address the information and application access requirements of knowledge workers. Firms want the capability to offer information “inside the enterprise” to different groups of people (employees, partners, vendors, distributors, etc.). In general, a well-designed ERP can help reduce inefficiencies from different computer systems and technologies, paper-intensive processes, and outdated manual procedures. There are many ways to describe a portal but the characteristic that distinguishes a portal
SM 12-10
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
from say, a website, is the ability to organize both data and functionality from multiple sources across the organization into a single, easy-to-use interface. Several recognizable examples of successful portal technology are Amazon.com, Landsend.com, and eBay – customer sites that offer the convenience of purchasing products and services online. Enterprise portal platform vendors include IBM WebSphere, SAP Enterprise Portal, Oracle, and Microsoft SharePoint. Some of the advantages of an ERP portal include: For the organization: • a tool for knowledge management • early implementation of an EP might give a competitive advantage • could help with improving “time-to-market” • might offer opportunities to change how company is operating For employees: • online support, training, and worldwide information distribution • access information quickly for decision-making • convenience of quick access to applications that are used frequently For suppliers, partners, customers, and those with strategic alliances: • opportunity to place orders, confirm status, or search resources at any time; presumably this will also increase loyalty to the firm with the portal • Examples: Hewlett-Packard implemented a human resources portal for employees Whirlpool implemented a B2B portal to handle sales growth from $7B to $10B Virginia Commonwealth University has a human resources portal for staff and faculty to access all sorts of payroll and personal data maintained by the university As you might imagine, organizations have a wealth of structured and unstructured information that is stored across the enterprise in a variety of enterprise applications, databases, content repositories, archives, and perhaps legacy systems. The challenge for a successful implementation of an Enterprise Portal is to integrate the current content management with the portal application so that the organization’s information will be easily accessed and used by the intended individuals and groups of people. 2. Students should have fun with this and should be encouraged to develop interesting and informative presentations. 3. Surveys of companies who implemented EPs indicate that: • •
Most firms were in the financial management, process manufacturing, and business/legal services industries Almost half had no performance metrics in place to measure the financial impact of their portal initiative SM 12-11
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
• •
The EP implementations were usually accomplished by a cross-functional team Implementations usually started with a specific department or departments and then expanded to the rest of the organization (providing time to focus on problems and issues with individuals, software, technology, etc.)
A variety of sources suggest useful steps that organizations might take to implement an EP. Not surprisingly, these steps are similar to any large project implementation that an organization might attempt. Accordingly, students should identify several of the following: • • • • •
Select a function or department in the organization to get started (don’t try to implement an EP for the entire organization immediately) As with any project, select a team of individuals (preferably from across the organization) and have them define the scope of the project and the information needs of the department The project team should next work with IT people (and perhaps consultants) to identify the systems requirements and determine what is feasible If possible, have the vendor do a prototype for individuals in the organization to use and test the features of the portal; evaluate and continue to work with the vendor until users are satisfied Implement the portal application, perhaps in parallel with existing systems so that employees and other stakeholders are comfortable with the new system before the old one is disabled
4. Depending on how many EP vendors are considered, students might come up with a variety of different recommendations. As the instructor, you may wish to select 2-4 vendors and then ask the students to only evaluate those vendors and make a selection from this short list. Either way, the students will learn a great deal more about EPs and be able to evaluate (and hopefully benefit from) such an application when they are in the workforce. 12-24.
Linda Stanley and State University (Legacy Systems to an ERP)
1. Probably the ERP adopted by most universities is the Banner Suite that includes the following modules: Student, Financial Aid, Human Resources, Finance, and Advancement. The source for the following information about each of these modules is: http://www.ellucian.com/Software/ Student module: fuses administrative and academic functions, giving prospects, current students, and faculty secure, 24x7, online access to the information they need. Prospects can apply for admissions. Students can search and register for classes by term or date, and retrieve financial aid data. Faculty can manage course information, rosters, grading, and advise students. Financial Aid module: aligns with enrollment practices, including early decision, early action, and regular admissions, to provide financial aid services to students; automates dayto-day responsibilities; offers students many services (i.e., complete requirements; accept, decrease, and reject awards; and communicate with the financial aid office – all over the
SM 12-12
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
web). Human Resources module: administrative and self-service solution to manage personnel information across the institution; accommodates payrolls, budgeting policies and procedures, and workforce management; enables employees to obtain answers to routine inquiries, personnel and payroll information. Finance module: makes data available 24x7 to all key stakeholders—from procurement and accounts payable to sponsored research programs and endowment management; finance professionals can prepare and control budgets to facilitate sound decisions. Banner Finance was built using higher education fund accounting principles, so it is easier and more costeffective to implement, configure, maintain, upgrade, and use. Advancement module: facilitates relationships with alumni, donors, friends, parents, community members, corporations, foundations, and other organizations. Offers fundraising support that includes campaign management, event management, annual giving programs, stewardship activities, corporate/foundation programs, planned giving, and major donor efforts. Self-service features provide internet access to staff, alumni, and other friends of the institution. This makes it easy for alumni to make donations and keep in touch with their former classmates, and it gives fundraising staff quick access to complete constituent information—anytime, anywhere. Staff can monitor the progress of assigned prospects. All activity recorded for a prospect, including new gift and contact information, is immediately available. It is not unusual for a university that is in the process of adopting an ERP to have a place on the university web site that is dedicated to informing the university community of all aspects of the implementation. 2. The business processes that would be most affected would be those that correspond to the modules of the ERP that the university intends to adopt (see #1 above). 3. A number of the benefits are identified above in the descriptions of the modules, such as: • Integration of data across the modules for information sharing, enabling better decision making • Stakeholders have access to appropriate information 24x7 over the Internet • Enables better communication across user groups • Enables better customer service (includes students, faculty, and many others identified in #1 above) Some of the typical costs include: • Cost of the software package • Consultants to help implement the ERP • BPR projects, especially the employee time spent (opportunity cost because they can’t do their normal responsibilities while they work on the BPR project) • Potential morale issues that must be considered and dealt with (change management)
SM 12-13
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
•
4.
Training so employees can use the system and that the university can more fully realize benefits of the new system
As we discussed in the chapter, and included in Figure 12-6, consultants can help implement an ERP system. One key is “leadership.” An interesting article on this topic is by Edwin Cornelius, entitled, “Who Should Lead Your Campus ERP Implementation?” and may be found at this site: http://www.collegiateproject.com/articles/Who%20should%20lead%20your%20campus%2 0ERP%20implementation.pdf Examples of the different types of support that a consultant can offer are: • Change management • Leader/key facilitator of the project (working with the university project manager) • Coordination of the ERP implementation team(s) efforts • IT or technical systems advice and expertise
5.
A number of articles discuss timelines for implementing an ERP (for example, see http://ercerp.wordpress.com/how-long-does-it-take-to-implement-erp/). Some use graphical representations, some use a table format, but the information conveyed is the same – giving the viewer an idea of the length of time to implement the ERP and the progression of the implementation across the university. Student opinions will vary as to whether to include timeline information in the report to the Provost. They should defend their insight.
12-25.
Springsteen, Inc. (Planning for an ERP System)
This is a fun case to use in class. It's also a good way for students to understand the various issues associated with implementing a large-scale information system. You might want to assign it ahead of time and allow the groups to do some research before their in-class "meeting." The following describes some of the information each "role" should discuss. Patricia (CEO) - she might mention that the new system could help the company to redesign their processes so that they reflect the best practices in their industry. Since the competition has done it, they might be able to fill orders faster, which could hurt Springsteen. Bruce (CFO) - the dollar costs can include direct and indirect costs. Direct costs are for the software, hardware, and consultants. Indirect costs would be those associated with diverting employee time to the ERP project. There are also going to be ongoing costs associated with training and upgrades. Wendy (CIO) - will mention the centralized database and the advantages of it. Some of the technical issues she might describe concern security, data conversion, customization, and screen design.
SM 12-14
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Clarence - is just a salesman! He should talk about the consultant's role and the expectations the consultant will have of the client during the implementation. The cost and time should be on par with the norm - several months to over a year and several million dollars. Rosalita - can discuss the problems some projects encounter. One of the primary reasons for failure can be lack of management involvement and interest. Change management can help ensure the success of the new system. Two important components of the change management will be training in the new business processes and frequent, firm-wide communication. Steve - can talk about back-office ERP with distribution, manufacturing, financial, and human resource functions. He can also describe ERP II, including SCM, CRM, APS, and so on.
SM 12-15
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Chapter 13 INTRODUCTION TO INTERNAL CONTROL SYSTEMS Discussion Questions 13-1. The primary provisions for the 1992 COSO Report and the 2013 Report are outlined in Figure 13-1; additional information on the 2013 Report is contained in Figure 13-3. For additional explanation: ✓ The 1992 COSO Report established a common definition of internal control, and a standard to assess internal control systems so that they can be improved if needed. According to the COSO report, an internal control system should consist of these five components: (1) the control environment, (2) risk assessment, (3) control activities, (4) information and communication, and (5) monitoring. ✓ The 2013 COSO Report keeps the basic features of the 1992 COSO Report, such as the definition of internal control, the five components of internal control, and the COSO cube (see Figure 13-2). The 2013 framework adds 17 principles that support the five components of internal control. While these 17 principles were considered implied in the 1992 framework, the 2013 COSO Report makes them explicit and codifies those principles. The chart in Figure 13-3 identifies the five components of internal control and depicts which of the principles is associated with each component. 13-2. The primary provisions of the original version of COBIT, as well as the current version (5), are outlined in Figure 13-1. 13-3. COSO stands for Committee of Sponsoring Organizations, which was established by the Treadway Commission to work on a common definition for internal control. COBIT stands for Control Objectives for Information and Related Technology. It was a project undertaken by the Information Systems Audit and Control Foundation that involved an extensive examination of the internal control area. An important role played by COSO in the internal control area was to come up with a definition of internal control along with a description of five interrelated components (control environment, risk assessment, control activities, information and communication, and monitoring) that should be included within an internal control system. Regarding COBIT and its role in the internal control area, COBIT adapted its definition of internal control based on the COSO report. COBIT (as well as COSO) emphasizes that people at every level of an organization are a very important part of the organization’s internal control system. COSO is an important framework that management of organizations might use to help ensure that they have effective corporate governance. This is the case because the COSO framework presents criteria to evaluate an organization’s internal control systems. According to SOX, Section 404, management must now document the effectiveness of their internal controls and
SM 13.1
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
then issue a report that accompanies the company’s annual report. Similarly, COBIT is used by managers to ensure effective IT governance. 13-4. The control environment establishes the tone of a company, influencing the control awareness of the company’s employees. It is the foundation for all the other internal control components. Risk assessment recognizes the fact that every organization faces risks to its success and that risks which appear to affect the accomplishment of a company’s goals should be identified, analyzed, and acted upon. Control activities reflect the policies and procedures that help ensure that management directives are carried out. Regarding information and communication, the former refers to the accounting system, which includes the methods and records used to record, process, summarize, and report a company’s transactions as well as maintain accountability for the company’s assets, liabilities, and equity. The latter, communication, refers to providing a company’s personnel with an understanding of their roles and responsibilities in regard to internal control over financial reporting. Finally, monitoring is the process that assesses the quality of internal control performance over time. Performance reports prepared on a timely basis contribute to the monitoring component of an internal control system. Concerning which component is the most important, this is a matter of opinion. Most students indicate that the control environment is the most important component of an internal control system because, as mentioned in the book, it is the foundation for all the other internal control components, providing discipline and structure. 13-5. Accountants should be concerned that their organization’s financial resources are protected from activities such as loss, waste, or theft. To protect organizational assets, an internal control system must be developed and implemented within a company’s AIS as well as within other parts of the company’s system. In addition to safeguarding assets, an efficient and effective internal control system should also: 1) Check the accuracy and reliability of accounting data 2) Promote operational efficiency 3) Encourage adherence to prescribed managerial policies Accountants should be concerned that all of these objectives are accomplished by their organization’s internal control system. 13-6. Preventive control procedures are designed and implemented before an activity is performed to prevent some potential problem (e.g., the inaccurate handling of cash receipts) from occurring that relates to the activity. Detective control procedures are designed and implemented to provide feedback to management regarding whether or not operational efficiency and adherence to prescribed managerial policies have been achieved. In other words, preventive controls should be developed prior to operating activities taking place and detective controls should be developed to evaluate if operating efficiency and adherence to policies of management have occurred after operating activities have taken place. Corrective control procedures come into play based on the findings from the detective control procedures. That is, through detective controls, corrective control procedures should be developed to identify the cause of an organization’s problem, correct any difficulties or errors resulting from the problem, and modify
SM 13.2
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
the organization’s processing system so that future occurrences of the problem will hopefully be eliminated or at least minimized. Examples of each type of control is as follows: Preventive: scenario planning, risk management, segregation of duties, controlling access to assets Detective: duplicate check of calculations, bank reconciliations, monthly trial balances Corrective: backup copies of transactions and master files, training personnel to perform their jobs 13-7. Competent employees are definitely important to an organization's internal control system because employees will be working continually with the organization's various asset resources. The employees will be, for example, handling cash, acquiring and disbursing inventory, and operating expensive production equipment. If the organization has incompetent employees, there is a strong likelihood that inefficient use of the firm's asset resources will result. This inefficiency will lead to overall operating inefficiency within the organization, thereby preventing the achievement of management's prescribed policies. 13-8. The “separation of duties” element of an organization’s internal control system means that, for instance, employees who are given responsibility for the physical custody of specific company assets (e.g., handling cash or inventory) should not also be given responsibility for the record-keeping functions relating to the assets (e.g., recording cash or inventory transactions in the company's journals and ledgers). Otherwise, an employee could misappropriate company assets and then attempt to conceal this fraud by falsifying the accounting records. Through the separation of duties, one employee acts as a check on the work of another employee. Thus, if an employee attempts to embezzle cash from a customer payment, but does not have access to the accounts receivable subsidiary ledger to cover up this theft, he or she would likely be detected. The other employee who performs the record-keeping activities for accounts receivable would not have recorded the customer's payment since it was embezzled by the employee handling cash. Consequently, the customer would complain to the company upon receiving a subsequent billing statement which would not reflect his or her recent payment. Upon investigating this complaint, the dishonest employee would likely be caught. It should be noted, however, that through collusion among the employees handling assets and recording assets, irregularities are usually not detected as quickly as when individuals work alone (as described earlier). In addition to detecting irregularities, separation of duties can also be helpful in detecting accidental errors. If the same employee performs all accounting functions related to a specific activity (e.g., handling inventory items and recording the inventory transactions), an accidental human error by this employee, such as incorrectly recording an inventory transaction, may not be detected. However, with two or more employees handling the accounting functions relating to a specific activity, an accidental human error made by one employee should be detected by another employee involved with the same activity.
SM 13.3
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
13-9. Many organizations have a large volume of cash disbursement transactions. In order to detect any errors and irregularities relating to cash disbursements, a good audit trail for cash issuances is essential. If an organization uses both a voucher system and prenumbered checks for cash disbursement transactions, its audit trail of cash outlays can easily be traced. The use of prenumbered checks for making authorized cash disbursements enables a company to maintain accountability over its issued checks and its unissued checks. After the issued checks clear the bank in a particular month and are returned to the organization with the monthly bank statement, these checks represent evidence of the actual cash disbursements that were made. Two advantages of employing a voucher system along with prenumbered checks are (1) the number of cash disbursement checks that are written is reduced, since several invoices to the same vendor can be included on one disbursement voucher, and (2) the disbursement voucher is an internally generated document; thus, each voucher can be prenumbered to simplify the tracking of all payables, thereby contributing to an effective audit trail over cash disbursements. Sometimes, prenumbered checks are not efficient for an organization to use. For example, for expenditures of small dollar amounts (e.g., spending a few dollars to have the company president's car washed) cash expenditures might be a better choice. Because of the time and effort involved in processing checks, it is normally more efficient to use a petty cash fund for making various small, miscellaneous expenditures. However, to exercise good internal control over the petty cash fund's use, one employee (called the petty cash custodian) should be given the responsibility for handling petty cash transactions. 13-10. Under the cost-benefit concept, an analysis is performed on each potential control procedure (i.e., compare the expected costs of designing, implementing, and operating each control to its expected benefits). Only those controls whose benefits are expected to be greater than, or at least equal to, the expected costs should be implemented into the company’s system. Cost-effective controls are those whose anticipated benefits exceed their anticipated costs. Ideal control procedures (i.e., those that would reduce the risk to practically zero of any undetected errors and irregularities occurring) may be impractical for a company because the expected costs may be larger than their expected benefits. The implementation of controls whose costs are expected to exceed the controls benefits would not contribute to a company’s overall operating efficiency. In these cases, control procedures which are less than ideal for detecting errors and irregularities (but whose expected benefits exceed the expected costs) should be implemented within the company’s internal control system. From the standpoint of evaluating a company’s internal control system, a performance report is a type of report that provides information to management on how efficiently and effectively its company’s internal controls are functioning. Based on accurately prepared performance reports, management receives feedback on the success or failure of the previously implemented package of internal controls. The preparation of a performance report is a detective control procedure. Performance reports should be an essential element within a company’s internal control system because they are the major means of communicating to management regarding the actual operations of the company’s internal control systems. For specific controls that are not operating
SM 13.4
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
the way they were originally planned, as indicated by a performance report, management can then begin action to correct identified problems. Timely information to managers, regarding internal control problems, is critical so that mangers can initiate action to correct the problems. Thus, performance reports should be prepared on a timely basis in order that a minimum period elapses between the occurrence of operational problems with certain controls and the feedback to management on these poorly functioning controls. 13-11. Discussion question 13-5 identifies a number of reasons why organizations are so concerned about their internal control systems. However, the managers of these organizations are particularly concerned about the effectiveness and efficiency of internal controls due to the SOX legislation. Under Section 302 of this legislation, the CEO and CFO are legally responsible for establishing and maintaining internal controls in the organization. In addition, they must have evaluated the effectiveness of the company’s internal controls and submitted their report to the external auditors, who evaluate the sufficiency of those internal controls. Further, when we talk about the control environment of an organization, we know that management’s support of a strong internal control system is critical. 13-12. COSO’s 2009 Guidance on Monitoring Internal Control Systems (COSO’s Monitoring Guidance) was developed to clarify the monitoring component of internal control. It does not replace the guidance first issued in the COSO Framework or in COSO’s 2006 Internal Control over Financial Reporting — Guidance for Smaller Public Companies (COSO’s 2006 Guidance). Rather, it expounds on the basic principles contained in both documents, guiding organizations in implementing effective and efficient monitoring. To read the entire document “Guidance on Monitoring Internal Control Systems”, go to this site: http://www.coso.org/documents/COSO_Guidance_On_Monitoring_Intro_online1.pdf
Problems 13-13. a. Cost-benefit analysis:
Cost of reproducing production cost data Risk of data errors Reprocessing cost expected ($12,000 * risk) Cost of validation control procedure (incremental cost) Net estimated benefit from validation control procedure
Without Control Procedure
With Control Procedure
Net Expected Difference
$12,000
$12,000
16% $ 1,920
2% $ 240
$1,680
$0
$ 800
($ 800) $ 880
SM 13.5
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
b. Management should implement the data validation control procedure because of the $880 net estimated benefit that is projected with this procedure. 13-14. a) As a member of the company’s management, you would hopefully reject the control recommendations. Specific internal controls should not be implemented into a company’s system unless the anticipated benefits from the controls are expected to exceed the controls anticipated costs. In the case of Sandra’s recommendations, it is obvious that the costs to operate these suggested controls would exceed the benefits from having the controls. The maximum monthly benefit from Sandra’s recommended controls would be the $350 estimated monthly loss that could be eliminated; however, to achieve this benefit, a separate room for storing supplies would have to be used and an employee would have to be assigned the full-time job of supervising the issuance of supplies. The costs of using a separate room and having an employee work full-time in handling office supplies would definitely be much greater than the $350 estimated monthly loss that could be eliminated. A couple of possible control procedures that the company might wish to implement to reduce the monthly loss from employee theft of office supplies are mentioned below. b) Rather than storing the supplies on shelves at the back of the office facility whereby employees have easy access to these supplies, they could be locked in a cabinet. An authorized company employee (such as a secretary) would be given the responsibility for issuing supplies when requested by various employees. The authorized employee in charge of the supplies would have this new job responsibility along with his or her other job responsibilities. When an individual needed office supplies, he or she would go to the authorized employee's desk and indicate the request. The employee in charge of supplies would then unlock the cabinet and issue the requested supplies. The person receiving the supplies would have to sign a supplies-received voucher, which serves as evidence of the specific supplies issued. Another suggestion might be to use a separate room for storing the supplies (as suggested by Sandra). This room would be kept locked throughout the day except for possibly one hour each day. Company employees would be made aware of the specific time every day during which the supply room was open. As a result of this procedure, an employee would not be used full-time in issuing the supplies. Rather, the employee assigned the responsibility for supervising the issuance of supplies could still perform his or her other job functions throughout the day. Approximately one hour each day away from his or her other job functions would be required to issue office supplies. As in the preceding suggestion, each person receiving supplies would have to sign a supplies-received voucher.
SM 13.6
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
13-15. Weaknesses 1. Raw materials may be removed from the storeroom upon oral authorization from one of the production foremen.
Recommended Improvements 1. Raw materials should be removed from the storeroom only upon written authorization from an authorized production foreman. The authorization forms should be prenumbered and accounted for, list quantities and job or production number, and be signed and dated.
2. Ashland's practice of monthly physical inventory counts does not compensate for the lack of a perpetual inventory system. Quantities on hand at the end of one month may not be sufficient to last until the next month's count. If the company has taken this into account in establishing reorder levels, then it is carrying too large an investment in inventory.
2. A perpetual inventory system should be established under the control of someone other than the storekeepers. The system should include quantities and values for each item of raw material. Total inventory value per the perpetual records should be compared with the general ledger at reasonable intervals. When physical counts are taken, they too should be compared to the perpetual records. Where differences occur, they should be investigated, and if the perpetual records are in error, they should be adjusted. Also, controls should be established over obsolescence of stored materials.
3. Raw materials are purchased at a predetermined reorder level and in predetermined quantities. Since production levels may often vary during the year, quantities ordered may be either too small or too great for the current production demands.
3. Requests for purchases of raw materials should come from the production department management and be based on production schedules and quantities on hand per the perpetual records.
4. The accounts payable clerk handles both the purchasing function and payment of invoices. This is not a satisfactory separation of duties.
4. The purchasing function should be centralized in a separate department. Prenumbered purchase orders should originate from and be controlled by this department. A copy of the purchase order should be sent to the storeroom clerks. Consideration should be given as to whether the storeroom clerks’ copy should show quantities.
5. Raw materials are always purchased from the same vendor.
5. The purchasing department should be required to obtain competitive bids on all purchases over a specified amount.
SM 13.7
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
6. There is no receiving department or receiving report. For proper separation of duties, the individuals responsible for receiving should be separate from the storeroom clerks.
6. A receiving department should be established. Personnel in this department should count or weigh all goods received and prepare prenumbered receiving reports. These reports should be signed, dated, and controlled. Copies should be sent to the accounting department, purchasing department, and storeroom.
7. There is no inspection department. Since high cost electronic components are usually required to meet certain specifications, they should be tested for these requirements when received.
7. An inspection department should be established to inspect goods as they are received. Prenumbered inspection reports should be prepared and accounted for. Copies of these reports should be sent to the accounting department.
13-16. a. The separation of duties is meant to safeguard assets; in this case, cash receipts. b. Signature plates are used to authenticate checks. Keeping them secure is a means of preventing their unauthorized use. c. Matching the vendor invoice with a receiving report (or similar document) ensures payment for goods or services actually received. d. Separating these functions helps ensure payment only for legitimate obligations of the organization. e. This procedure would help ensure that disbursements are made only for authorized purchases. f. Pre-numbered documents have to be securely stored if this preventive control is to be effective. g. Using an imprest or special account for payroll limits the loss due to incorrectly printed checks associated with each period’s total payroll. h. Separation of functions prevents one person from diverting cash assets and subsequently concealing the wrongdoing. i. Check protectors use a number of methods which make it difficult to successfully change the check amount. j. Both the surprise counts and the knowledge of their likelihood deter the unauthorized use of cash. k. Approved vendor lists help prevent unauthorized purchases (irregularities or embezzlement of assets). l. Such separation of duties helps prevent unauthorized purchases. 13-17. Most students believe that Ron Mitchell’s method of stealing cash receipts will be detected by the movie theater's manager assuming that the manager uses a few internal control procedures.
SM 13.8
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
First, the tickets issued by Ron to theater patrons should be pre-numbered and controlled by the manager. At the beginning of Ron's work shift, he should be made accountable for a specific quantity of pre-numbered tickets and not have access to any other tickets. At the end of Ron's work shift, the manager should count the total number of ticket-halves that he has accumulated from customers who have entered the theater. From multiplying the selling price per ticket by the number of ticket-halves in his possession, the manager can determine the total cash receipts that should have been collected by Ron. If there is more than one price for tickets, such as children prices and adult prices, the different priced-tickets can be color-coded to enable the manager to compute the total cash receipts that should have been collected. The manager can then count the total actual cash that Ron collected during his work shift. (Of course, the amount of change fund that Ron was provided at the start of his shift should be subtracted from his total cash). Through this procedure, the manager can determine if the actual cash receipts collected by Ron are equal to the cash receipts that should have been collected (based on the manager's accumulated ticket-halves). The cash receipts that were pocketed by Ron should thus be detected, since the manager's count of actual cash receipts would fall short of the cash receipts that should have been collected. An additional control procedure that the theater manager may want to implement is to periodically observe Ron while he is performing his work functions. This procedure should take place without Ron being aware that he is being observed. If, as a result of observing Ron's work activities, the manager is suspicious of irregular acts, he can watch Ron even closer until his suspicions are fully confirmed.
Case Analyses 13-18.
Lobs, Love & Lessons Tennis Club Weaknesses
Recommended Improvements
1. The employee at the desk could allow friends to enter at no charge.
1.
There needs to be some separation of duties. There could be another person at the front desk where the visitor completes the waiver form and obtains a daily pass. The first employee would then require a pass and would not handle cash. (Note - this may be cost prohibitive)
2. The employee at the desk could pocket cash.
2.
The same control as #1.
3. The cash receipts are not controlled.
3.
The cash receipts should be kept in a file. They should also be sequentially numbered.
4. There may be many different desk employees throughout the day. If cash is missing, there
4.
There should be a log of employees and their working hours. They need to sign in and out.
SM 13.9
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
will be no accountability. 5. There does not appear to be a procedure for comparing the cash receipts journal entry and bank deposit with the cash receipts given to employees at the desk. 13-19.
5. Someone other than the accountant and the desk employees should periodically compare the cash receipts journal entries, bank deposit slips, and cash receipts kept on file.
West End Boutiques
1. (a) The risk is that merchandise is stolen. (b) Shoplifting is a very large problem for retailers. There should be better inventory controls. These might include closed circuit cameras, tags that are removed during the sales process, and security personnel. 2. (a) The risk is that stolen merchandise (perhaps at the same two stores in #4) is being returned for cash. (b) Returns should require a sales receipt. The store may also consider a policy of allowing returns for merchandise credit only. 3. (a) The risk is that the store is losing income. (b) Either revenues are down or cost of sales has increased. Management needs to inspect these numbers closely to see where the problem lies. At least part of it could be attributable to poor inventory control. 4. (a) The risk is that cash will not be deposited. (b) This can easily be controlled by requiring daily reconciliations by a party not involved in receiving or depositing cash. 5. (a) The risk is that cash will not be collected from customers. (b) The employee should be reprimanded. Either all checks or checks exceeding a specific dollar amount should be approved by someone other than the salesperson. 6. (a) The risk is that petty cash will be pilfered. (b) There should be a custodian over petty cash who has sole responsibility for it. The custodian should never disburse cash without obtaining a receipt.
SM 13.10
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
13-20.
Chesapeake Grocery Store
1. This is a list of several risks that should be obvious to students: Risk
Internal Control to Mitigate Risk
1
The managers might intentionally or unintentionally report the wrong number of hours worked for each employee.
2
Charlie's job as the accountant suggests that there is no segregation of duties (recording, authorizing, and custody).
Charlie should check the number of hours on the timecards for each employee, and reconcile the number of hours with the report each manager turns in weekly. He should also confirm that each employee reported by each manager is currently an employee of the store. This is one of the most important concerns for small businesses, but one that owners ignore at their own peril. Since this is a once-a-month occurrence, George should consider oversight of this process by his independent auditor (you)!
3
Charlie is using an Excel spreadsheet to enter pay information about employees. Input errors can happen. Again, they might be either intentional or unintentional errors.
Input controls are necessary. While this topic is not covered in this next chapter, students should be aware that the process of entering data can introduce human error. In any case, controls are important to ensure the validity, accuracy and completeness of the data Charlie enters.
4
Following up on #2 above, Charlie prints the payroll checks and distributes them. He should not have the responsibility to do both of these tasks.
5
The problem does not indicate whether the checks are prenumbered or not.
Again, since this is a once-a-month occurrence, George should consider oversight of this process by his independent auditor (you). After Charlie prints the checks, you should distribute the checks to each employee and have them sign for the check. This ensures that Charlie does not pay someone who is not an employee, or that Charlie pays himself more than he should. Checks should be pre-numbered to account for all of the checks and reconcilede against the payroll register.
2. Here again, the students might find a variety of acceptable software solutions. The important thing for students to understand is the company size, number of employees, and cost. Hopefully, George will request you do a cost-benefit analysis of using a software solution that is specifically intended for payroll purposes. While the actual quantitative factors might be less obvious, the qualitative factors (risks noted above) should be considered.
SM 13.11
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
In Chapter 11, we identified several examples of payroll software solutions. Those that we found, which could also be useful for George, are the following: •
ADP Payroll Software for Microsoft Office Small Business Accounting (http://www.microsoft.com/smallbusiness/products/office/accounting/payrollsoftware.mspx)
•
ZPay Payroll Systems offers technical support, tutorials, and a free 30-day trial (http://www.zpay.com/)
•
PenSoft Payroll Solutions is designed for small to mid-sized businesses, and can process virtually any payroll and related tax requirements. (http://www.pensoft.com/aboutus.asp)
3. We discussed outsourcing in detail in Chapters 10 and 11, however, not in the context of a small business such as the Chesapeake Grocery Store (CGS). We used the following web site for this question: http://www.buzzle.com/articles/outsourcing-payroll-pros-and-cons.html As George's advisor, you would discuss with him the following Pros and Cons of outsourcing: Outsourcing Payroll Pros • • • •
Use a company that specializes in payroll, which helps reduce potential errors. The outsource company could provide valuable benchmarking information to George to potentially improve operations. Can be cost-effective since CGS is not large enough to effectively segregate duties. Charlie could be used in a more strategic role to help George find cost efficiencies.
Outsourcing Payroll Cons • • • • •
Allowing access of sensitive proprietary data to a third party. Careful consideration of the viability of the outsource company is critical. Can the company ensure privacy and security of your data? Is the company scalable? That is, will the company be able to grow with CGS (if CGS determines that to be a strategic goal)? Careful consideration to the contract and oversight of the work of the outsource company. The company must be experienced and competent.
SM 13.12
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Chapter 14 COMPUTER CONTROLS FOR ORGANIZATIONS AND ACCOUNTING INFORMATION SYSTEMS Discussion Questions 14-1. A security policy is a comprehensive plan that helps protect the organization from internal and external threats. More and more organizations have become dependent on networks (of all sorts) to conduct business, share data, and communicate with suppliers, customers, business partners, and employees who are traveling or working at home. As a result, more proprietary data and organizational information must be accessible to a wide variety of individuals. However, very real risks are present and more prevalent than ever before. Firms are realizing that the traditional approach to security is not efficient or sufficient. That is, even if a firm has several products, they are usually not integrated and do not work together. The result is that integrated security has emerged as the most useful plan to protect the firm. By adopting a comprehensive, holistic strategy that addresses network security at the gateway, server, and client tiers, organizations may be able to reduce costs, improve manageability, enhance performance, tighten security, and reduce the risk of exposure (enterprisesecurity.symantec.com, article ID 1128). This article claims that the following key security technologies can be integrated to more efficiently protect the firm against a variety of threats at each tier to minimize the effects of network attacks: firewalls, intrusion detection, content filtering, virtual private networks, vulnerability management, and virus protection. In general, integrated security is getting a lot more attention in the business press and in technical journals. The reason is obvious – companies are more aware than ever before that security breaches can be very costly! As a result, organizations are becoming more attentive to such precautions as: physical security of computers and networks (access controls), authentication procedures for access to applications and data, and encryption procedures. 14-2. The concept of convergence of physical and logical security means that an organization has integrated these two forms of security. Thus, incidents that might individually go unnoticed do not go undetected when they are combined. Referring again to Figure 14-3 in the textbook, we can see how the combination of these two forms of security can make an organization less vulnerable to embezzlement or fraud. 14-3. To help organizations comply with SOX and the PCAOB requirements, the IT Governance Institute (ITGI) issued “IT Control Objectives for Sarbanes-Oxley” in April 2004. Neither the SOX legislation, nor PCAOB Standards No. 2 or No.5, includes detailed guidance for organizations. The ITGI publication provides that detail by starting with the IT controls from COBIT and linking those to the IT general control categories in the PCAOB standard, and then the control objectives are linked to the COSO framework. As we discussed in Chapter 8, COBIT is an IT governance framework that provides company-level objectives and controls around those objectives, as well as activity-level objectives and controls. Thus, it may be used
SM 14.1
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
effectively by managers at all levels of the firm. It is important to remind students that COBIT identifies controls that may be used for both operational and compliance objectives. The ITGC document only focuses on controls that support financial reporting. 14-4. First, we should probably define a Local Area Network (LAN). A LAN is where you have a number of computers that are geographically close together – usually in the same building or a group of buildings. However, one LAN can be connected to other LANs over any distance via telephone lines and radio waves (which is then called a Wide Area Network or WAN). LANs are capable of transmitting data at very fast rates, much faster than data can be transmitted over a telephone line; but the distances are limited, and there is also a limit on the number of computers that can be attached to a single LAN. Probably the primary difference between a wireless LAN and a hard-wired LAN is the method used to transmit information. Wireless LAN technology is based on radio wave transmission, whereas hard-wired LANs might be based on twisted-pair cable (used by older telephone networks), coaxial cables (more expensive than standard telephone wire, but is much less susceptible to interference and can carry much more data), or fiber optic cables (very popular for LANs – data can be transmitted in digital form). Wireless LAN technology is relatively new, whereas hard-wired LANs (using twisted-pair cable) have been in use for quite some time. Security risks are important considerations for both types of LANs, and the technology for each is different. A wireless local area network (WLAN) must have a secure gateway, such as a Virtual Private Network (VPN), so that users may safely access the network. Such a VPN handles authentication of users and appropriately encrypts the information that is transmitted. Of course, data encryption is an important control for all networks. Others include a checkpoint control procedure, routing verification procedures, and message acknowledgment procedures (These procedures are discussed in the chapter). 14-5. Business continuity planning (BCP) is also called contingency planning and disaster planning. A business continuity plan is necessary because a variety of unforeseen disasters might occur that would cause a data processing center to not be operational. Examples of these disasters include natural events such as fires, floods, hurricanes, earthquakes, and manmade catastrophes such as terrorist attacks. A company’s BCP should describe procedures to be followed in the event of an emergency, as well as the role of every member of the disaster recovery team (which is made up of specific company employees). The company’s management should appoint one person to be in charge of disaster recovery and one person to be second-in-command. Part of BCP specifies backup sites to use for alternate computer processing. These backup sites may be other locations owned by the company, such as another branch of the same bank. Alternatively, these sites may be owned by other organizations and used for short-term periods in the event of a disaster. It is a good idea for the various hardware locations for data processing to
SM 14.2
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
be some distance away from the original processing sites in case a disaster affects a regional location. An example would be companies located near the San Andreas Fault in California. Since a severe earthquake could destroy the data processing centers of those companies within the earthquake area, organizations within this area should have disaster recovery arrangements with organizations located outside any area likely to be affected by an earthquake. There are a number of reasons to test the business continuity plan on a regular basis and these are identified below.1 • To practice a succession plan for the CEO, in the event something happens to the CEO. • To train backup employees to perform emergency tasks. The employees a firm counts on to lead in an emergency may not always be available. • To practice crisis communication with employees, customers, and the outside world. • To determine alternate means of communication in case the telephone networks go down. • To involve all employees in the exercises so that they get practice in responding to an emergency. • To make exercises realistic to tap into employees' emotions so that you can see how they'll react when the situation gets stressful. • To form partnerships with local emergency response groups (such as firefighters, police and EMTs) and establish a good working relationship. Let them become familiar with your company and site. • To evaluate your company's performance during each test, and work toward constant improvement. Continuity exercises should reveal weaknesses. • To reveal and accommodate changes. Technology, personnel, and facilities are in a constant state of flux at any company. 14-6. Backup is an example of a control designed to mitigate or reduce business risk. As pointed out in the chapter, backup is similar to redundancy in creating fault tolerant systems. Through backup, a duplicate copy of a data file is created. To illustrate, data that you currently have stored on your hard drive could be copied onto a CD, flash drive, or other portable media for backup purposes. An example was provided in this chapter of a common control procedure that companies use for backing up accounting data – called the grandfather-parent-child procedure of file security. Backup is extremely important when operating a computerized accounting system. If, for example, backup copies containing important accounting data become corrupted or lost, all of the accounting data will be lost. Within a company's computerized accounting system, the loss of data that is not backed up could result in a severe interruption of business and loss of income. The term "backup" is not limited to just the backup of data. A company can also back up its hardware and electrical power. For example, through its disaster recovery plan, a company might provide for backup of its hardware by making arrangements for renting computer time from another organization should the company's own computer become inoperative. Regarding electrical power backup, surge protectors, for instance, provide protection should short, intermittent power shortages or failures occur. 1
Source: http://www.csoonline.com/article/print/204450.
SM 14.3
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
14-7. Large organizations can afford to have alternate sites with the capability to recover quickly should a disaster occur which disrupts the functioning of the business. However, smaller businesses can rarely afford such a setup. As a result, smaller organizations can benefit from the capabilities that cloud computing offers with respect to backing up their data. If smaller organizations use cloud computing, their operating system, applications, patches, and data can all be contained in a single software bundle or virtual server. Everything can be copied or backed up to an offsite data center and can be ready to use in a matter of minutes. Since the virtual server is hardware independent, the operating system, applications, patches and data can be safely and accurately transferred from one data center to a second data center without reloading each component of the server. As a result, recovery times can be significantly reduced compared to conventional disaster recovery approaches where servers need to be loaded with the operating systems and application software and patched to the last configuration used in production before the data can be restored.2 14-8. The unique control risks associated with the use of PCs and laptops compared to mainframes occur in two basic areas: (1) hardware, and (2) data and software. Regarding hardware, because laptops are portable, they or any part of their peripheral equipment can easily be stolen or destroyed. Limiting access to such equipment is difficult. It is not difficult to remove the hard drive from a PC or take a monitor home. The problem is compounded further with laptop computers since many powerful laptops can now be hidden inside a briefcase. Regarding data and software, these two items are easy to access, modify, copy, or destroy, and thus are difficult to control. A person with reasonable computer know-how and access to a PC can access all the data and software on the machine. Consequently, there is a danger that an employee of an organization using PCs might access unauthorized records and manipulate the data, or that a disgruntled employee might decide to reformat a PC’s hard disk, destroying all software and data it contained. Students will likely come up with different lists of the three most important control procedures that should be implemented for laptops and the reasons these procedures are important. A suggested list with reasons is presented below.
Control Procedures
Reasons
1. An inventory should be taken of all laptops used in a company along with the various applications for which each laptop is used.
This control procedure is important because a company is able to physically account for all of its laptops and based on the various applications for which each laptop is used, a determination can be made of the types of risks and exposures associated with every laptop’s applications. For those laptops whose
2
http://www.onlinetech.com/resources/e-tips/disaster-recovery/benefits-of-disaster-recovery-in-cloud-computing
SM 14.4
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
applications are subject to greater risks and exposures, stronger control procedures are required.
2. Secret passwords that are periodically changed should be required for all authorized users of laptops.
This control procedure is important because it prevents unauthorized individuals from using laptops to access data files and possibly tamper with the data within the files.
3. Each employee having a laptop should be required to place his or her laptop in a locked cabinet before leaving at night.
This control procedure is important because of the size of laptops. The laptops’ smallness of size makes them susceptible to theft if left on employees’ desks when they go home at night.
14-9. 1) Test of completeness: The number should be exactly eight digits. 2) Test of sign: The number should be positive. 3) Test of numeric field content: The number should contain only numeric data; no letters or special characters. 4) Test of reasonableness: Each eight-digit number should fall within a range of allowable values. 5) Redundancy test: The four-digit product number should be valid for the four-digit "major-category" number. 6) Check digit: A ninth digit can be added to the eight-digit number for checking purposes. 14-10. a) Edit tests are computer routines that examine selected fields of input data for such attributes as accuracy, completeness, reasonableness, and sequence. They reject those data items that fail preestablished standards of data quality. b) A check digit helps ensure the accurate and complete input of an important number, such as an account number. If the check digit computed by a computer fails to match the associated check digit input by the user, the number (and perhaps the associated transaction) is rejected. Check digits thus help guard against the accidental alteration of the wrong master file record when an incorrect account number was input. c) Passwords are sets of numbers or letters that computer system users must input to gain access to further computer time or files. Well-constructed passwords and associated lock-out
SM 14.5
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
and dial-back systems guard against unauthorized computer access by denying computer time to "hackers" or other unwarranted users. d) Activity or proof listings are detailed listings of computerized data processing. Typically, these listings indicate what data processing was performed for each transaction or account in the system. Thus, these listings help assure data processing accuracy by providing system users with hard-copy evidence (and therefore an audit trail) of processing results. e) Control totals are financial, nonfinancial, hash, or record-count totals that are computed from input data. The initial control totals, input separately, are recomputed during actual data processing and ultimately compared. Unmatched values are investigated for causes. Thus, control totals guard against the loss of data during data processing activities. Matching control totals also helps assure users that data input was accurate and complete. 14-11. Logical access to the computer is typically performed by using a remote terminal to log onto the computer system to obtain access to software and data. Control of such access is usually accomplished by having procedures that limit access to only those individuals who are properly authorized (i.e., properly identified and authenticated by the computer system). Physical access to the computer means being physically able to gain access to the computer system or the data processing center. Good security requires that both logical and physical access to the computer system be restricted to only those individuals who have authorization for such access. Computerized accounting information systems require human interaction with computers at many levels, including the input of data, the distribution of output, the programming of computer runs, and the inquiry of the system. However, not everyone involved with the accounting information system needs logical access to the computer system and few of the above activities require physical access to the computer. Restrictions on logical access safeguard computer time and maintain the privacy of the data files available to remote users. Restrictions on physical access protect the physical assets of the computer system and the data processing center. 14-12. The separation of duties control is intended to deter an individual from committing an intentional accounting error and concealing this error in the normal course of his or her duties. To the extent that computerized accounting systems will handle functions that would be performed by more than one person under a manual system, the computerized version of the accounting information system cannot entirely adhere to this policy of separate responsibilities for related accounting processing functions. On the other hand, strict control over the development and use of computer programs, for instance, through the requirement of authorization for program changes and through the strict distinction between programmers and operators, is an example of effective separation of duties. Good separation of duties in the data processing center, for example, would require that a computer operator would not have authority to make computer program changes and that a programmer would not have access to the computer for running programs. A computerized accounting information system will tend to combine certain traditionally separated accounting tasks in its data processing, but use alternate means for the application of the separation of duties control.
SM 14.6
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Problems 14-13. a. It is likely that former employees are going to work for the competition - and taking proprietary information with them! The former employees may even continue to have remote access to Bentley's information system. b. There are several controls that could help here. One is to have each employee sign a confidentiality agreement or a non-compete agreement. Another is to allow employees limited access only to the database on a "need to know" basis. A third control would be to make sure that employee user IDs (access privileges) are deactivated upon termination with the company. 14-14. These transactions might have been discovered by the absence of merchandise in the company warehouse. However, the problem with this is timing: the final proof of fraud could only be confirmed after it has been established that the merchandise was not lost in shipment or misplaced at the warehouse. A perpetual inventory system with close monitoring of discrepancies between actual physical inventory on hand and the quantity balances recorded in the accounting records would be an effective control for the present situation. Also, the company should require cash disbursement checks be issued for merchandise purchases only after the purchase order, the purchase invoice, and the inventory receiving report have all been reviewed by an authorized employee, other than the check writer. Other effective controls would include: 1) Require a supervisor’s authorization for creation of all accounts payable master-file records. 2) Require a supervisor’s authorization for all orders exceeding a pre-determined level. 3) Require a computer printout of all orders exceeding a given dollar level. 4) Authorize payment for merchandise only upon documented receipt of merchandise in good condition. The receipts voucher must include a signature of the person receiving the merchandise. 14-15. We agree with the seminar leader's statement that all errors in processing accounting data can be classified as either accidental or intentional. A key point to emphasize is that many of the controls installed in an accounting information system are designed to detect accidental errors, not intentional errors. Edit tests are particularly important in this regard inasmuch as they are performed at the time of data input and therefore early in the processing stream of the system. Not all personnel controls are concerned with intentional errors, but the vast majority of them are concerned with this matter. An example of a personnel control which is not necessarily aimed at thwarting intentional errors is the requirement that employees take their earned vacations to relax from a stressful job. Nonetheless, intentional errors are, by definition, not accidents. If an error is intentional, it is committed purposefully and therefore involves an individual. Controls that limit the amount of harm an employee or outsider can do to a company's accounting information system are aimed at thwarting intentional errors.
SM 14.7
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
14-16. a. An edit test for a reasonable number of hours worked would guard against this problem. Requiring a supervisor to verify hours worked would also be useful. b. A control should be programmed into the computer enabling the credit manager to cut off credit sales to delinquent accounts. The account representative for Grab and Run Electronics should also be notified that no new sales on credit are to be made to this account. c. This problem could be solved through a separation of duties control procedure and insistence on the two-week vacation rule. d. The system should prompt any key-entry operator about which account is being accessed. The system should also be programmed to: 1. Require the input of the account number as part of the update process 2. Indicate an error message when account numbers fail to match 3. Refuse to create multiple account records with identical account numbers e. The creation of vendor records for suppliers eligible for payments should require an authorization procedure. This controls against the creation of dummy companies. Also, the existence of damaged merchandise should be confirmed by more than one person; for example, through a supervisory control. Finally, an informal knowledge of Ben Landsford may have provided clues to his fraud. 14-17. Among other things, this question is intended to emphasize the importance of employee relations as a component of computer security. Thus, perhaps the most important control which the organization might have used would be adherence to the general policy of dismissing employees who are known to be very unhappy with their jobs. Additional controls include pre-testing of computer programs by alternate programming staff members and the requirement that only authorized versions of computer programs be used to update and maintain computer files. It is also likely that record counts were not being used since, if they were, there would have been a discrepancy between the number of records written on the new file and the number of records read from the old file.
SM 14.8
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
14-18.
Sequence
X
X
X
X X X X X X
X X X X X X
X X X X X X
X X X X X X
X
X
X
X X X
X X
X X
X
X
X
X
X
X
X
X X X X
X X X X
X X X X
X X X X
X
X
X
X
X
X
X
X
X X X
X X X
X X X
X X X
X
X
X
X
X X X X
X X X X
X X X X
Consistency
Code from Internal Table
X
X
Redundancy
Sign
X
Alphabetic Data
Completeness
INVOICING: Customer number Customer name Salesperson number Invoice number Item catalog number Quantity sold Unit price Total price SALESPERSON ACTIVITY: Salesperson number Salesperson name Department number Sales volume Regular hours worked Overtime hours worked INVENTORY CONTROL: Item catalog number Item description Unit cost Units out Units in PURCHASING: Vendor catalog number Item description Vendor number Number ordered Cost per unit Total amount
Numerical Data
APPLICATIONS: Field name
Reasonableness
-----------------------------------------Test for--------------------------------
X
X
X
X
X X X X X
SM 14.9
X
X
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
14-19. a. Bank transactions should be pre-coded with either a deposit code or withdrawal code. Transactions encoded on different colored paper may help. Also, the bank should batch transactions by type. Finally, the error would cause a teller to be out of balance at the end of the day. b. An edit test of length would guard against this error. c. An edit test of reasonableness should be used. d. This is a programming error. The program should also be tested first with a test deck. The program should not be permitted to withhold deductions in excess of earnings and a sign test would be useful. e. A check digit would catch this error at run time. f. The computer program which processes this form should compare the first two digits of the employee number against a list of acceptable codes. The input should be rejected if a nonexistent department was encoded on the form. g. The computer system involved should use passwords (or ID cards and passwords) limiting access to authorized users. h. A batch control total should be used. 14-20.
Some of the ways that this “separation of duties” is achieved is as follows:
1. All systems changes and transactions should be initiated and authorized by user departments. 2. Asset custody should reside with designated operational departments. 3. Corrections for errors detected in processing data should be entered on an error log, referred
back to the specific user department for correction, and subsequently followed up on by the data control group. 4. Changes to existing systems as well as all new systems should involve a formal written authorization from the user department.
Case Analyses 14-21.
Bad, Bad Benny: A True Story
1. The same person handles all cash functions/lack of segregation of duties, lack of sufficient oversight or reviews (e.g., internal/external audits), no control infrastructure, no forced vacations or cross-training, improper monitoring of key employee, organizational structure not set up to encourage ethical behavior, too much trust put in family for sensitive positions, too much authority given to one employee.
SM 14.10
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
2. Set policies for cash handling (e.g., require two signatures on checks over a certain amount, procedures for vendor selection), mandatory vacations and cross-training; separate recording, reconciliation, custody functions; institute regular audits (both internal and external); set up an internal control structure to include authorization/signature requirements; define organizational structure and responsibilities; keep updated list of approved vendors and customers; segregate duties related to cash and liquid asset oversight. 3. Testing audit trails (transactions from origination to destination), reconciliations of account balances, confirmation of bank balances, accounts receivable and accounts payable, physical counts of inventory compared to records, visit vendors, tests of logical relationship with business activity, review of procedures for purchases and cash disbursements.
14-22.
Hammaker Manufacturing: Security Controls
1. Hammaker Manufacturing (HM) could experience several data security problems if proper controls are not instituted with the new system. Without proper controls, unauthorized employees could gain access to the data files, authorized employees could gain access to the data files outside their jurisdiction and responsibility, or outsiders could monitor data transmission lines without Simmons' knowledge. As a result, data could be used improperly, interpreted improperly, or altered, causing significant problems for the company. Confidential data files of a sensitive nature should be protected from unauthorized use. Personal data, such as personnel records (health records, salary) and customer records (account balance, credit rating), could be damaging to the company if they were disseminated improperly. If proprietary information (i.e., product profit margin) were not restricted, competitors eventually would learn of this information, which could put The Big Corporation at a competitive disadvantage. 2. HM must incorporate control measures to limit access to the system itself and to the data files. Only those individuals who need to use the system should be provided access to the system and data files. Access can be restricted by the use of secret password codes or by the use of both ID cards and passwords, or by the use of biometric identifications. Some users may be authorized to use the system, but are not authorized to access all data within the files. Protective techniques can be extended below the file level at the data-set level. This entails an examination of the field of each record involved before data are released for use. If the company is concerned with unauthorized access by outsiders, data encryption could be employed. 3. (a) The following are some of the physical safeguards HM could adopt to protect its computer equipment: 1) Restrict access to only those who are authorized to use the equipment. 2) Protect against fire damage by installing water-fed sprinkler or carbon dioxide systems.
SM 14.11
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
3) Protect against water damage by providing a proper water drainage system under the floor of the computer room. In addition, plastic covers should be available to place over the equipment to provide protection from overhead leakage. 4) Properly insure all equipment. (b) Some physical safeguards which can be employed to provide protection for the data are as follows: 1) Protect the files from deliberate damage by limiting the number of people who have access to them, by limiting access to the data processing facilities, and by establishing a strong librarian function. 2) Files should be stored in a fire-resistant cabinet or vault when not in use. In addition, the company should have regularly scheduled backup of files (and they should be stored in a safe location – perhaps electronic vaulting) in case the current copy of a file is damaged or destroyed. 3) All files should have external labels for easy identification. (c) Possible measures which can be employed to provide physical security for the data processing center facilities are listed below: 1) Select a location for the data processing facilities that is away from possible hazards or high risk areas. Factors which should be considered are location above anticipated flood levels, location away from steam lines, water lines, and windows, and limit the number of doors. 2) Limit access to the data processing center facilities by employing guards, by requiring personnel to wear security badges, and/or by the use of dial-lock combinations. 3) Fire-resistant materials should be employed in the construction of the facilities. Smoke detectors and/or heat sensors should be installed to detect fires; water-fed sprinkler or carbon dioxide systems should be installed to extinguish fires. 4) The company should make arrangements for backup sites (or electronic vaulting) in case there is a major breakdown for an extended period of time. Arranging for backup sites should be part of the company’s development of a formal disaster recovery plan. 14-23.
Brazos Valley Inc.
1. At least four computer control weaknesses that existed at BV prior to the flood occurrence include: 1) Systems documentation being prepared only when time is available; consequently, documentation will likely be incomplete and not current. 2) The systems and programming staff having access to the data processing center without supervision of the operations staff; programmers could alter data files or operational programs. 3) The location of the facility on the ground floor behind large plate glass windows which invites attention and possible exposure risk, as well as failure to protect against flooding. 4) No regularly scheduled backups being prepared, thus exposing the company to loss of data processed between backups.
SM 14.12
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
2. At least five components that should be incorporated in a formal disaster recovery plan in order for BV to become operational within 72 hours after a disaster affects its computer operations capability include: 1) Off-site alternatives for continuation of service (e.g., contingency plans for operations on a temporary basis) and backup hardware sites such as hot sites. 2) Off-site storage of program and data files, documentation (systems and operations), and supplies. 3) Detailed written procedures for recovery of operations, which should include instructions on obtaining critical information from off-site storage, planning of a communications link between headquarters and the emergency site, as well as telephone numbers of all the team members. 4) Procedures for on-going control and maintenance of a temporary site. 5) The testing and training for plan implementation, including testing each department individually, testing the whole plan (mock disaster), trial runs, testing backup procedures, testing restore operations, and recording test results. 3. At least three factors, other than the plan itself, that BV’s management should consider in formulating a formal disaster recovery plan include: 1) Maintaining business operations and cash flows as well as meeting obligations and contractual requirements. 2) Maintaining customer service and competitive position. 3) Determining appropriate levels of business interruption insurance and/or other insurance.
SM 14.13
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Chapter 15 INFORMATION TECHNOLOGY AUDITING
Discussion Questions 15-1. As noted in the text, an internal auditor is an individual working for the company being audited while the external auditor works for an outside organization, typically a CPA firm. Thus, the responsibility of the internal auditor is to report to the staff supervisor conducting the audit while the responsibility of the external auditor is to report to external parties. Whereas the activities of both the internal and external auditors are governed by “generally accepted accounting procedures” or GAAP, the external auditors’ procedures are also affected by federal and state laws that specifically define the relationship between the external auditor and client, and how this relationship is to be implemented during the course of an audit. The chief concern of the external auditor is that the financial condition of the organizational entity be accurately and fairly represented in its financial statements. In this sense the external auditor is limited to the attest function. Among the matters that may have more interest to the internal auditor are: • Inventory records that have no financial implications • Personnel records that have no financial implications • Production or marketing records that have no financial implications • Inefficiencies in reporting that affect the timing, rather than the accuracy, of monetary variables • Minor discrepancies in financial accounts (immaterial) • Organizational procedures that are primarily a matter of policy and do not involve assets or liabilities • The moral, motivation, and productivity of individual departments or work groups Preferences vary. Many accounting graduates begin their career as external auditors and then move into internal auditing. 15-2. The primary objective of a financial audit is to attest to the reliability of financial statements. The audit process includes an evaluation of internal controls (now mandated). Some of these controls are present in all processing environments, while others are unique to computerized data processing. The financial auditor may lack the expertise needed to evaluate the computer-type controls. In this event, the information systems auditor is called in. The information systems auditor’s primary objective is to evaluate internal controls and risks associated with the computerized data processing system (general and application controls). The information systems auditor may also become engaged in assisting a client to improve security over the computerized system environment. Financial auditors should possess technical accounting skills, knowledge of accounting and business processes, a certain amount of skepticism, knowledge of the audit process, internal control expertise, knowledge of financial audit standards, communication skills, and SM 15.1
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
interpersonal skills. Information systems auditors should possess an understanding of technical information systems security, internal control expertise, knowledge of information systems audit standards, computer expertise, communication skills, a certain amount of skepticism, and interpersonal skills. It would be best if financial auditors possessed knowledge of information systems audit standards and technical information systems security knowledge, and computer expertise. It would also be best if information systems auditors possessed technical accounting skills, knowledge of accounting and business processes, and knowledge of the financial audit process. The reality is that it is difficult for one individual to possess all skills in both realms. This reality has led to a shortage of information systems auditors with a solid foundation in accounting. Because of this, it may be difficult for financial auditors to know how to use the work of the information systems auditor. Likewise, it may be hard for the information systems auditor to understand which accounting areas are high risk and particularly vulnerable. Courses in AIS help to bridge the gap in knowledge. 15-3. General-use software is software that has a wide range of applicability. This software may be used by auditors, managers, accountants, system designers, and others. It includes word processing, spreadsheet, database, presentation, and communication software. Generalized audit software is software that has been developed specifically for use by auditors. Spreadsheet software is most useful when computations are required. Recalculating totals for fixed assets or depreciation schedules can be facilitated with spreadsheet software. Database software might be used to keep track of fixed assets and repairs and maintenance to these assets. An auditor might use word processing software to communicate with the client about audit issues related to fixed assets. Word processing software can also generate letters verifying the existence of fixed assets. 15-4. Interviewing is one of the most important functions performed by auditors. Interestingly, auditing and accounting curricula do not always work on these skills with students. Some techniques and skills that would be helpful to an interviewer would include: session planning, interview structuring, understanding the use of various question formats, options for controlling and documenting an interview, and, perhaps most important – how to listen. Interviewers need to understand the need to plan for an interview session. This includes structuring the interview a priority, informing the person to be questioned of the interview, deciding on how much time will be needed, researching the interview subject, and deciding on messages the interviewer wants to convey. Interviews may be structured in a variety of ways to maximize information gathering. A common technique is to ask innocuous questions first in order to relax the subject of the interview. Both general and specific questions are useful but each has advantages and disadvantages. The interviewer needs to know when to use which and also must decide how open-ended the questions should be. A skilled interviewer is always in control of the session and knows how to bring a subject back on track. Each approach to documenting an interview (i.e., note-taking, recording, or having an observer) has advantages and disadvantages. The interviewer should be familiar with these and decide on the best
SM 15.2
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
approach for documentation. Finally, an effective interview is one where the subject does most of the talking rather than the questioner. A good listener is the best interviewer. 15-5. With an integrated test facility, it is necessary to observe the complete cycle of activities. Thus, a set of fictitious purchase transactions would be introduced to the transaction stream representing hypothetical business activity with one or more bogus companies. These transactions would be designed to test the processing efficiency of the company and also, the ability of the company’s system to handle exceptions conditions. For example, one important test would be to see how the system handles a fictitious account. Another test would be to see how effectively the system pays debt in time to take advantage of time-dependent discounts. Yet a third test would be to see whether or not the system will pay an outside company for goods which in fact have not been received, or for goods which have been received in damaged condition. With the passage of time, the auditor would observe the systems response to these and other such tests and compare his findings with those as expected from documentation outlines and interviews with company officials. Discrepancies would be noted and the auditor would prepare a final report, complete with recommendations, to top management. 15-6. The recommendations to use certain controls or not is ultimately dependent upon the organizations attitude towards risk. More often than not, a collective group is likely to be conservative and avoid risks. In such instances, it would only take a very small probability of hazards before any given control for it would be desirable. Individuals may sometimes exhibit less risk aversion than groups, as for example, when an individual gambles. Thus, in such cases, a larger probability of occurrence is required before a given accounting control becomes cost effective. For the case at hand, we are not told who the decision maker might be or the organizations attitude toward risk. Thus, it would seem prudent for Mr. Rodriguez to present an analysis of his findings with neither a positive recommendation nor a negative recommendation for controls which are not determined to be cost effective. This is a decision for management rather than the auditor. 15-7. The Better Business Bureau offers a BBB Online Trustmark that symbolizes compliance with a variety of standards and rules of practice. These include privacy and security standards, as well as advertising and other business policies. CPA WebTrust provides assurance that a Certified Public Accountant has examined a site and finds it to meet the standards set by the AICPA for a particular set of criteria, such as that over privacy or security. The TRUSTe seal has two forms. One provides assurance with respect to privacy and the other is for email. Several accounting firms and other organizations offer their own assurance. These may rely on the brand of the company offering the assurance, rather than on a generic assurance label. Another website seal is the Good Housekeeping website seal. This capitalizes on the brand of the offline seal of approval program that has existed for decades.
SM 15.3
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
Problems 15-8. a. Hazard
Equipment failure Software failure Vandalism Embezzlement Brownout Power surge Flood Fire
Probability that loss will occur .08 .10 .65 .05 .40 .40 .15 .10
Expected Losses Low High $50,000 4,000 1,000 3,000 850 850 250,000 150,000
$150,000 18,000 15,000 9,000 2,000 2,000 500,000 300,000
Estimated Control Costs $ 2,000 1,400 8,000 1,000 250 300 2,500 4,000
b. Comparing the expected losses with the hazard control costs would result in the following decisions: 1) The hazard controls should be implemented for equipment failure, brownout, power surge, flood, and fire. The cost of implementing these controls are outweighed by the expected savings. 2) The hazard control for embezzlement should not be implemented as its cost exceeds any potential benefit. 3) The implementation of hazard controls for software failure and vandalism fall in the grey area of the decision process. The control costs exceed the low expected loss estimate but are less than the high expected loss estimate. These findings should simply be reported for managers’ decisions. 15-9. There are many case studies available at the ISACA web site. An example is the Harley Davidson case. The Abstract for the case explains the value of COBIT to the company. For Harley Davidson, there was a need to increase internal control and minimize risks, within the company’s unique organizational culture. COBIT provided a framework to do this and build consensus among management, IT and audit. 15-10. Simply by searching on the term “computer security,” students will be able to identify many resources that would be helpful in auditing an information system. There are also a few guides or indices available that classify audit advisories, tools, and security techniques. An example of a site that issues security advisories is Carnegie Mellon’s Computer Emergency Response Team at www.cert.org. An example of help available is the Department of Defense’s online guide to selecting effective passwords. 15-11. By searching on the phrase “continuous auditing examples,” a student should be able to find many instances of organizational use of continuous auditing (CA) techniques. As an example, I found a health care company that used CA for efficiency. They were typically only auditing various parts of the organization every three or four years but by adopting CA
SM 15.4
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
techniques, they could have more confidence in their systems on an ongoing basis, freeing resources for other analyses.
Case Analyses 15-12
Basic Requirements (Systems Reliability Assurance)
1. There are many security, availability, and privacy risks faced by Basic Requirements due to their online access. (Comprehensive lists of general risks may be found in the AICPA’s Trust Services document, which describes principles and criteria for trust services.) Security risks concern unauthorized physical and/or logical access. For Basic Requirements, some specific security risks would include hacker access to the web site, student access to the computer (while in the office), and unauthorized access to accounts or passwords by student workers. Availability of the web site is important to a retail business as downtime may mean lost sales and lack of credibility. For Kara and Scott, availability risks include hardware and software malfunctions that make the website inoperable for any period of time, problems with software that disallow customers from accessing their order status, and failure of logon procedures for accounts. Privacy is particularly important for online customers. Basic Requirements needs to take many actions to ensure that customer information is kept private. This means ensuring that hackers cannot “steal” mailing lists and that there is no unauthorized access to customer accounts. A small business such as Basic Requirements will have difficulty in segregating duties to ensure that there are multiple controls over access to information. Student workers need to be carefully monitored and cautioned over discussion or dissemination of customer information. 2. Risk Hacker access to web site Student access to computers (physical)
• • • •
Student access to accounts or passwords (logical)
• • • •
Hardware and software malfunctions
•
SM 15.5
Control Maintain anti-virus software Use acceptable length passwords Do not leave student workers in office alone or always have two workers Do not use group logons for access in office Use a hierarchy of passwords and logons to secure sections of the system Change default passwords of system administrators Maintain anti-virus software Maintain proper environmental conditions over hardware Have backup and contingency plans and test them
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
•
Failure of logon procedures
•
Student workers compromising privacy
• •
Provide quick response to customers experiencing difficulties with logon or forgotten passwords Be sure to describe logon procedures fully to customers, including case sensitivity of passwords. Possibly maintain a system for forgotten passwords where a private question is used to authenticate (e.g., mother’s maiden name) Check student references Convey policies and privacy warnings to workers
3. To be effective, an internal control must be auditable. This means that the auditor must be able to inspect it. For example, Kara might tell the auditor that she always checks references of student workers. However, if she doesn’t maintain documentation showing this was done, the auditor has no way to verify her assertion. The IT auditor could check all of the controls described in Part 2 in a variety of ways, providing that Basic Requirements kept evidence of those controls. Some specific examples are: • Auditors would check that the system uses current versions of anti-virus software and that there is a subscription that allows for continuous updates • The IT auditor will check the access control software to view the requirements for passwords with respect to length • The IT auditor will check the user listing for the system to ensure that there are no group passwords (e.g., STUWRKER) • The auditor will ask to see evidence that management has checked references of student workers (e.g., reference letters, logs of phone interviews) • The IT auditor will test the system to see if the described logon procedures actually work 15-13.
Tiffany Martin, CPA (Information Technology Audit Skills)
1. Unfortunately, Dick's approach is a typical one. Small accounting firms, in particular, lack
personnel with information systems audit expertise. The inability of a financial auditor to understand risks associated with computerized processing pose a threat to the validity of the audit process. Expanding the scope of an audit to 100% of all transactions is one way to reduce risk. However, it is inefficient as significantly increased substantive testing is costly. It is also not as beneficial to the client as a controls review would be. If errors are found, the sources of the errors will still be unknown with increased transaction testing. A controls review would show where potential problems are and the scope of the audit could be adjusted accordingly.
SM 15.6
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
2. Tiffany should suggest calling in personnel who are experienced in information systems
auditing for a controls review. If the firm does not employ these personnel, this stage of the audit should be subcontracted. The firm might decide in future hiring to take on some personnel with accounting information systems or management information systems backgrounds. 3. Public accounting firms are faced with a dilemma. The nature of auditing is changing rapidly
due to computerized information systems. Many firms are moving towards the concept of providing "assurance" rather than "audit" services to clients. These call for different training for personnel and non-traditional hiring practices. Hiring a certain number of accounting majors and a certain number of management information systems majors will not solve the problem. Accountants and systems staff need to be cross-trained. Without the ability for financial and information systems auditors to communicate with each other, the audit will be both inefficient and ineffective. For instance, financial auditors might be told to call in information systems auditors for engagements where the information systems processing has a certain level of complexity. The information systems auditors may then evaluate the general and application controls associated with computerized processing and deliver a report detailing this evaluation to the financial auditors. Unless the financial auditors understand what lies behind the report, they are likely to disregard it and expand the scope of the audit to a conservative level with respect to risk. 4. Tiffany needs to call in information systems auditors for this particular engagement. She
should also work with them so that she understands what they are doing. In addition, the firm should provide her with some formal training in information systems technology and information systems controls. One thing an accounting firm can do to facilitate crossunderstanding between financial auditors and information systems auditors is to have individual members of each group work in the other group’s area for a certain period of time each year. 15-14.
Consolidated Company (Audit Program for Access Controls)
1. There are many risks associated with a lack of controls to restrict logical access to programs and data. These include posting of erroneous or fraudulent transactions allowed by bypassing approval levels and segregation of duties controls. 2. It is important to include an audit of User IDs and passwords in order to evaluate the levels of access allowed and the potential for breaching access controls. This evaluation might also allow the auditor to consider what mitigating controls could be used to protect data. Any breach in logical access makes all assets of an organization, including information and data, at risk. 3. There are many different control procedures that Jason could use to ensure that only authorized users access the system. Some of them are: • Unique IDs - each user is assigned their own unique ID and a system setting exists to prevent the same ID being used twice
SM 15.7
Core Concepts of Accounting Information Systems, 13th Edition, by Simkin, Rose, and Norman
• • • • • • •
Preloaded IDs - the passwords for preloaded IDs are changed or these are locked/deleted Groups - groups are established within the application according to SOD determinations and group rights are reviewed periodically Periodic review - individual rights and access is reviewed regularly by appropriate management Automated removal - when a user is terminated they are automatically removed from having ERP access or a strong manual process is in place Job changes - a process is in place to change user rights when a user's job title changes Passwords are of a certain length, complex, rotating, and an indefinite lockout exists Process to add users requires documented authorization from management
SM 15.8