Page 163 - Accounting Information Systems
P. 163
134 PART I Overview of Accounting Information Systems
The quality of information the accounting information system generates impacts management’s ability to
take actions and make decisions in connection with the organization’s operations and to prepare reliable
financial statements. An effective accounting information system will:
Identify and record all valid financial transactions.
Provide timely information about transactions in sufficient detail to permit proper classification and
financial reporting.
Accurately measure the financial value of transactions so their effects can be recorded in financial
statements.
Accurately record transactions in the time period in which they occurred.
SAS 78/COSO requires that auditors obtain sufficient knowledge of the organization’s information
system to understand:
The classes of transactions that are material to the financial statements and how those transactions are
initiated.
The accounting records and accounts that are used in the processing of material transactions.
The transaction processing steps involved from the initiation of a transaction to its inclusion in the
financial statements.
The financial reporting process used to prepare financial statements, disclosures, and accounting
estimates.
Monitoring
Management must determine that internal controls are functioning as intended. Monitoring is the process
by which the quality of internal control design and operation can be assessed. This may be accomplished
by separate procedures or by ongoing activities.
An organization’s internal auditors may monitor the entity’s activities in separate procedures. They
gather evidence of control adequacy by testing controls and then communicate control strengths and
weaknesses to management. As part of this process, internal auditors make specific recommendations for
improvements to controls.
Ongoing monitoring may be achieved by integrating special computer modules into the information
system that capture key data and/or permit tests of controls to be conducted as part of routine operations.
Embedded modules thus allow management and auditors to maintain constant surveillance over the func-
tioning of internal controls. In Chapter 17, we examine a number of embedded module techniques.
Another technique for achieving ongoing monitoring is the judicious use of management reports.
Timely reports allow managers in functional areas such as sales, purchasing, production, and cash dis-
bursements to oversee and control their operations. By summarizing activities, highlighting trends, and
identifying exceptions from normal performance, well-designed management reports provide evidence of
internal control function or malfunction. In Chapter 8, we review the management reporting system and
examine the characteristics of effective management reports.
Control Activities
Control activities are the policies and procedures used to ensure that appropriate actions are taken to deal
with the organization’s identified risks. Control activities can be grouped into two distinct categories: in-
formation technology (IT) controls and physical controls.
IT CONTROLS. IT controls relate specifically to the computer environment. They fall into two broad
groups: general controls and application controls. General controls pertain to entity-wide concerns such
as controls over the data center, organization databases, systems development, and program maintenance.
Application controls ensure the integrity of specific systems such as sales order processing, accounts
payable, and payroll applications. Chapters 15, 16, and 17 are devoted to this extensive body of material.
In the several chapters that follow, however, we shall see how physical control concepts apply in specific
systems.
