Accounting and Information Systems

Question 1

Explain the difference between data and information

Answer 1

Data is facts collected, recorded, and stored in a system - numbers, date, name etc.

Information is adding context to the data (numbers) - invoice date: 1/1/2022, invoice #: 100

Question 2

When is information knowledge?

Answer 2

When having human interpretation

Question 3

What makes information useful?

Answer 3

Relevant, reliable, complete, timely, understandable

Question 4

What are business processes?

Answer 4

A set of related, coordinated, and structured activities and tasks performed by people and/or machines to achieve a specific organizational goal.

Question 5

What are the 5 business processes?

Answer 5

Revenue, expenditure, production, payroll, financing

Question 6

What value is an AIS adding?

Answer 6

improving quality and reducing costs, improving efficiency, sharing knowledge, improving efficiency and effectiveness of supply chain, improving internal control structure and improving decision making.

Question 7

What factors are influencing AIS?

Answer 7

Corporate strategy, organizational culture, information technology
–> need alignment between all

Question 8

Data differ from information in which way?

Answer 8

Data is input and information is output

Question 9

Which of the following is a function of an AIS?

• Reducing the need to identify a strategy
• Transforming data into useful information
• Allocating organizational resources
• Automating all decision making

Answer 9

Transforming data into useful information

Question 10

What are the elements in the data processing cycle?

Answer 10

Data input, data storage, data processing, and information output

Question 11

Explain the “data input” element of the data processing cycle

Answer 11

1) capture the transaction data triggered by and event
2) make sure that the captured data is accurate and complete
3) ensure company policies are followed

Question 12

Explain the “data storage” element of the data processing cycle

Answer 12

There are different kinds of data:
1) Master files are permanent and exist across fiscal periods, which includes resource and people data

2) transaction files contain data from one of the transaction cycles and are not permanent

Question 13

What are the different types of data processing?

Answer 13

• Creating new records (could be adding a customer)
• Reading existing data
• Updating previous record or data
• Deleting data

Question 14

What are the advantages of a ERP system?

Answer 14

• Integrated enterprise-wide single view of the organization’s data which streamlines the flow of information
• Data captured once – no need for sales to enter data about a customer and then accounting needs to enter the same customer data for invoicing
• Improve access of control
• Standardization of procedures and report

Question 15

What are the disadvantages of a ERP system=

Answer 15

costly and complex

Question 16

Which of the following would be identified as a record?

• A collection of information on a customer
• The information on all customers
• a characteristic of a customer
• A particular information on a customer

Answer 16

• A collection of information on a customer

Question 17

What are the different documentation tools?

Answer 17

1) business process diagram
2) Flowchart
3) data flow chart

Question 18

What is the business process diagram

Answer 18

A visual way to present the activities in a business process so that all users understand it.

Swim lanes with different employees, and then the flow of the activities back and forth

Question 19

What is the flowchart?

Answer 19

To describe an information showing the inputs and outputs, information activities, data storage, data flows and decision steps.

Storage to and back process which has both input and output

Different types:

1. Document flowcharts (flow of document and data for a process)
2. Internal control flowchart (to evaluate internal controls)
3. System flowcharts (relationship among input, processing, storage and output)
4. Program flowchart

Question 20

What is the data flow diagram?

Answer 20

A graphical description that focuses on the data flow for sources and destinations of the data, the process, and data storage

Question 21

A DFD is a representation of which?

• Computer hardware configuration
• Decision rules in a SW program
• Flow of data in an organization
• Logical operations performed by SW

Answer 21

• Flow of data in an organization

Question 22

How are data sources represented in a DFD?

• As a curved arrow
• As a square
• As a circle
• None

Answer 22

• As a square

Question 23

Which flowcharts show the relationship among input, processing, and output?

• System flowchart
• Document flowchart
• Program flowchart

Answer 23

• System flowchart

Question 24

What is a file, record and a field?

Answer 24

• File: a related group of records
• Record: a related group of fields
• Field: a specific attribute of interest for the record

Question 25

What is the difference between the database approach and the file approach?

Answer 25

Database approach: data is an organization resource that is used by the entire organization, not just one department.

File approach: having files and programs for each new information that occurs. Difficult to integrate and update data to get an organizational-wide view of data, and data were inconsistent across files, e.g., customer address could be updated in one file but not in the other.

Question 26

What are the advantages of having databases?

Answer 26

• Data is integrated and easy to share
• Data is independent of the programs that use the data
• Minimize data redundancy and inconsistencies
• Data is easily accessed
• Access can be restricted to certain users

Question 27

What is database management systems?

Answer 27

Database management (DBMS) links the way data are physically stored with each user’s logical view of the data. The DBMS allows users to access, query, or update the database without reference to how or where data are physically stored. A database management system (DBMS) is the program that manages and controls the data and the interfaces between the data and the application programs that use the data stored in the database.

Question 28

What are schemas?

Answer 28

A schema is a description of the data elements in a database, the relationships among them, and the logical model used to organize and describe the data.
There are three levels of schema:
1. External level: individual user’s view
2. Conceptual level: organizational wide view of the entire database
3. Internal level: low level view (describe how data are stored)

Question 29

What are primary and foreign keys?

Answer 29

Primary key: is the database attribute, or combination of attributes, that uniquely identifies a
specific row in a table.
Foreign key: is an attribute in a table that is also a primary key in another table and is used
to link the two tables.

Question 30

What are the criteria for a good question?

Answer 30

Specific
Measurable
Acheivable
Relevant
Timely

Question 31

According to EY, an analytical mindset is the ability to…?

Answer 31

1. Ask the right questions
2. Extract, transform, and load relevant data
3. Apply appropriate data analytic techniques
4. Interpret and share the results with stakeholders

Question 32

What is a data mart?

Answer 32

hold structured data, can be by function, geographic etc.

Question 33

What is data structuring?

Answer 33

Data structuring is the process of changing the organization and relationships among data fields to prepare the data for analysis.
Extracted data often needs to be structured to enable analysis, this can entail:
- Aggregating the data
- Joining the data
- Pivoting the data

Question 34

What is data standardization

Answer 34

Data standardization is the process of standardizing the structure and meaning of each data element so it can be analyzed and used in decision making. Important when merging data from several sources.

Question 35

What is data cleaning?

Answer 35

Data cleaning is the process of updating data to be consistent, accurate, and complete

Question 36

What are the different processes for data validation?

Answer 36

1. visual inspection
2. basic statistical test
3. audit a sample
4. advanced testing techniques

Question 37

What is descriptive analytics?

Answer 37

“What happened?”

Uses exploratory data analysis, and approach that explores data without testing formal models or hypothesis – can be qualitative data put into numbers

Question 38

What is diagnostic analytics?

Answer 38

“Why did this happen?”

Both informal and formal analysis: informal builds on descriptive analytics, where formal employ confirmatory data analysis

Question 39

What is predictive analytics?

Answer 39

“What is likely to happen in the future?”

Uses historical data to find patterns likely to happen in the future

Question 40

What is prescriptive analytics?

Answer 40

“What should be done?”

Either be recommendations or programmed actions based on predictive analytics results

Question 41

What are the threats to AIS?

Answer 41

1. Natural and political disasters
2. Software errors and equipment malfunctions
3. Unintentional errors
4. Intentional acts - fraud

Question 42

What are the two types of fraud?

Answer 42

1. Theft of company assets (physical or digital)

2. Fraudulent financial reporting

Question 43

What are the conditions for fraud?

Answer 43

Three conditions must be present for fraud to occur:

1. Pressure (from the employee herself or from financial statement)
2. Opportunity to commit
3. Rationalize behavior

Question 44

How can one prevent and detect fraud?

Answer 44

1. Make fraud less likely to occur (culture of integrity, security policies)
2. Make it difficult to commit (restricting access, having strong internal control)
3. Improve detection (auditors, fraud hotline, monitor systems)
4. Reduce fraud losses (insurance, backup of programs)

Question 45

What are the different types of computer fraud attacks?

Answer 45

1. Hacking - Unauthorized access
2. Social engineering - Techniques or tricks on people to gain physical or logical access to confidential information
   - Could be: identify theft, URL hijacking, phishing
3. Malware
   - Software used to harm
   - Types: spyware, virus, trap door etc.

Question 46

What is the COBT framework?

Answer 46

“Control Objective for Information and Related Technology Standards”Framework for control of enterprise IT.

Based on five principles:

1. Meeting stakeholder needs (create value for stakeholders)
2. Covering the enterprise end-to-end (not only IT functions)
3. Applying a single integrated framework (aligns with other governance frameworks)
4. Enabling a holistic approach
5. Separating governance from management

Question 47

What is the COSO framework?

Answer 47

“Committee of sponsoring organizations”, is an internal control incorporated into policies, rules and regulations used to control business activities.

Question 48

What is the COSO ERM?

Answer 48

COSO’s Enterprise risk management is a second control framework to set strategy, identify events that may affect the company, assess and manage the risks, and provide assurance that the company will achieve its objectives and goals:

1. Objective setting
2. Event identification (identifying external and internal incidents that could affect the achievement of the organization’s objectives)
3. Risk assessment (assess the likelihood and impact of the incident)
4. Risk response (reduce, accept, share, avoid the incident)
5. Control activities
6. Information and communication
7. Monitoring

Question 49

What is the trust service framework?

Answer 49

The portions of COBIT that relates to IT-controls. Organizes these controls into five principles that jointly contribute to systems reliability. For good system reliability you need a good foundation of security. The four pillars focus on maintaining good system reliability.

Security = foundation
Confidentiality, privacy, processing integrity, and system availability = four pillars
–> systems reliability

Question 50

Explain the security part of the framework?

Answer 50

Access to the system and data is controlled and restricted to legitimate users.

Security is a management issue, and management must choose response: 1) reduce risk, 2) accept risk, 3) share risk, or 4) avoid risk. Management must reassess risk and repones. (COSO-ERM).

Actions to mitigate risk of attacks:

1) protection controls
2) detective controls
3) response to attaks - CISO

Question 51

What is confidentiality?

Answer 51

Sensitive organizational data/intellectual property is protected (strategic plans, trade secrets, cost information, legal documents etc.)

Question 52

What is privacy?

Answer 52

Protecting personal information about trading partners, investors, and employees are protected

Question 53

How to protect confidentiality and privacy?

Answer 53

1. Identify and classify information
   a. Where should the information be located and who has access?
   b. Classify the value of the information to the organization
2. Encryption
   a. Only way to protect information in transit over the internet
   b. Necessary part of defense-in-depth to protect information stored on websites or in public cloud
3. Access controls
   a. Authentication and authorization are not sufficient for protecting confidentiality
   b. A life cycle view is needed including distribution and disposal, regardless of it being physical or digital storage
4. Training
   a. Most important control for ensuring confidentiality – employees need to be taught how to protect confidential data

Question 54

What are the different types of encryption?

Answer 54

1. Symmetric
   a. Uses one key to encrypt and decrypt
   b. Both parties need to know the key and need to securely communicate the shared key and cannot share the key with multiple parties
   - -> fast
2. Asymmetric
   a. Uses two keys
   b. One is public where everyone has access, and the other is private only known by you
   - -> slow

Question 55

What is processing integrity?

Answer 55

Data are processed accurately, completely, in a timely manner, and only with proper authorization –> input-processing-output controls

Input controls: only authorized personal to prepare source documents, have data entry controls

Processing controls: data matching, file labels, zero-balance test

Output controls: users review, data transmission controls

Question 56

What is system availability?

Answer 56

Having systems and information available

Main objective:
- Minimize the risk of system downtime
o Preventive maintenance (cleaning disk drives)
o Training employees to make less mistakes
o Data center location and design (raised floor to prevent flooding, fire detection etc.)
- Quickly recover and resume normal operations
o Full back up of the database – use multiple backups both onsite and offsite

Have a business continuity plan (BCP), and disaster recovery plan (DRP)

Question 57

Explain the revenue cycle

Answer 57

the revenue cycle is a transaction cycle from which the organization conducts business with its customers - 4 key activities:

1. sales order entry - get inquiry, check goods available, respons to inquiry, get order –> make sure customer sale is legitimate and accurate
2. shipping - ship goods –> make sure to ship the correct products
3. billing - send invoices –> make sure that customer is invoiced for the items
4. cash collections - get payment

Question 58

explain the expenditure cycle

Answer 58

Recurring set of business activities and related information processing operations associated with the purchase of and payment for goods and services.

there is primarily external exchange of information with suppliers – but within the organization, information about the need to purchase goods flow to the expenditure cycle from the revenue and production cycle, inventory control etc.

Primary objective –> keep down costs

Key decisions are optimal level of inventory, selected of suppliers who has the lowest cost, and how to take advantages of cash discounts.

4 activities:

1. Order materials, supplies and services
2. receive it
3. approve invoice
4. cash disbursement

Question 59

explain the production cycle

Answer 59

Recurring set of business activities and related information processing operations associated with the manufacture of products.

This cycle uses information from other departments - e.g., forecast, raw materials, personel

Has 4 processes:

1. Product design – creates source documents of bill of materials and operations list
2. Planning and scheduling – create source documents of master production schedule and order
3. Production operations
4. Cost accounting systems – can provide information for planning, controlling and accurate cost data

Question 60

How does an AIS play a vital role in the production cycle?

Answer 60

A company’s AIS plays a vital role in the production cycle, as accurate and timely cost accounting information is essential input to decisions about:

• Product mix
• Product pricing
• Resource allocation and planning
• Cost management

Question 61

What are the basic processes of the payroll cycle?

Answer 61

1. Update payroll master data
2. Validate time and attendance data
3. Prepare payroll
4. Disburse payroll
5. Disburse payroll taxes and deductions

Question 62

What are the primary function of a general ledger?

Answer 62

Primary function is to collect and organize data from 1) the four cycles which provides information about regular transactions, 2) the treasurer with information about financing and investing activities, 3) the budget responsible, and 4) the controller

Question 63

What are the basic processes/activities in the general ledger?

Answer 63

1. Update general ledger
2. Post adjusting entries (accruals, deferrals, estimates, corrections)
3. Prepare financial statements
4. Produce managerial reports
   a. To evaluate performance, responsibility accounting, flexible budgets, BSC, and graphs can be used

Question 64

Why would a company change its AIS?

Answer 64

Changes to an information system can be due to a full replacement or an upgrade to the system, due to technology changes, need to become more effective and efficient, competitive advantages etc.

Question 65

Explain the five stages of the system development life cycle

Answer 65

How to design and implement a new system – 5 stages/steps

1. Systems analysis – initial investigation, define scope of project
   a. Find the problem the IS must solve
2. Conceptual design – determine how to meet user needs, develop design specifications
   a. Evaluate design alternatives
   b. Prepare design specifications
3. Physical design – translate broad conceptual design into the specific code and build database
4. Implementation and conversion – install and test new hardware/software and train employee
5. Operations and maintenance – ongoing review of the system

Question 66

Who is involved in making a new AIS?

Answer 66

Management, users, system analysts, development team, programmers

Question 67

Explain the ongoing activities during the project

Answer 67

1. Planning
   - two plans are needed: project development plan and master plan
   - different planning techniques are petra evaluation and review and Gantt
2. Managing behavioral reactions to change
   - The system will fail without support of the people it serves.
   - People can resist change because of fear, lack of support, poor communication, biases etc.
   - One can cope with these problems by having management support, performance evaluation, involvement of users etc.
3. feasbility
   - economic feasibility
   - technical feasibility
   - legal feasibility
   - scheduling feasibility
   - operational feasibility

Question 68

How can a firm obtain a AIS?

Answer 68

1. Purchase
2. Develop in-house – gives a significant competitive advantage but requires time
   a. Either by own developers
   b. Or external developers
   c. Or end-user computing
3. Outsource – allows companies to concentrate on core competencies, but is inflexible and loss of control

Question 69

What is the elements of the security life cycle?

Answer 69

1. Assess threats and select response
2. Develop and communicspe policy
3. Acquire and implement resources
4. Monitor performance