Summary lectures
Auditing & accounting information systems
Lecture 1
Accounting = process of identifying, measuring, and communicating economic information to
permit informed judgements and decisions by internal and external users of the information
Information purposes
Delegation and accountability
Decision-making
Operating the business
System consists of interdependent elements that are set up to achieve one or more
specific objectives
Subsystem can exist without the containing system, but usually has no useful function by
itself
Element/component cannot be used alone
Information system = set of interdependent components working together to collect,
process, store, and provide information
Accounting information system = organized collection of software and hardware for
inputting, processing, and storing data on business events, aimed at providing information to
internal and external stakeholders that complies with specified quality criteria, and creating
the right conditions for effective and efficient delegation and accountability, decision-
making, and operating the business
AIS adds value to the organization
Improving quality of information, better decision-making
Improves efficiency
Shares knowledge by communicating procedures
Improves internal control structure
Lecture 2
Goal of internal control = provide a shield that protects assets against undesirable events
(risks) that destroy the organization
Internal control = process effected by management, designed to provide reasonable
assurance regarding the achievement of the objectives related to
Effectiveness and efficiency of operations
Reliability of internal and external reporting
Compliance with applicable laws and regulations
Fraud triangle
Pressure persons incentive or motivation to commit
fraud
, Rationalization individual’s justification for committing fraud
Opportunity circumstances that allow fraud to occur
Sarbanes-Oxley act (2002) restore investor confidence in the capital market and the audit
profession by improving the accuracy and reliability of corporate disclosure
Sections concerning internal control: 302 and 404 (financial reports and internal controls)
COSO framework for implementing 404 management’s assessment of internal controls
COSO = committee of sponsoring organizations of the treadway commission
integrated framework for designing, implementing, and
assessing an internal control system, combined dimensions
includes five inter-related components which help achieving
all internal control objectives and cover the entire
organization
Control environment
Risk assessment
Control activities
Information and communication
Monitoring activities
COSO house if one element of the house suffers, it impacts
the substance of the entire house
Risk uncertainty and has unwanted consequences or losses
17 COSO principles: risk assessment
06 identification of objectives to enable risk identification and assessment
07 risk identification and analysis as a basis for risk management
08 fraud taken into consideration
09 identification and assessment of changes with impact on internal control system
Common tool for risk assessment = risk and control matrix
Lecture 3
SaaS = software as a service
PaaS = platform as a service
IaaS = infrastructure as a service
Information security goals
Confidentiality
Integrity
Availability
Lecture 4
Porter’s value chain
Primary activities
Inbound logistics receiving, storing, and distributing inputs internally
Auditing & accounting information systems
Lecture 1
Accounting = process of identifying, measuring, and communicating economic information to
permit informed judgements and decisions by internal and external users of the information
Information purposes
Delegation and accountability
Decision-making
Operating the business
System consists of interdependent elements that are set up to achieve one or more
specific objectives
Subsystem can exist without the containing system, but usually has no useful function by
itself
Element/component cannot be used alone
Information system = set of interdependent components working together to collect,
process, store, and provide information
Accounting information system = organized collection of software and hardware for
inputting, processing, and storing data on business events, aimed at providing information to
internal and external stakeholders that complies with specified quality criteria, and creating
the right conditions for effective and efficient delegation and accountability, decision-
making, and operating the business
AIS adds value to the organization
Improving quality of information, better decision-making
Improves efficiency
Shares knowledge by communicating procedures
Improves internal control structure
Lecture 2
Goal of internal control = provide a shield that protects assets against undesirable events
(risks) that destroy the organization
Internal control = process effected by management, designed to provide reasonable
assurance regarding the achievement of the objectives related to
Effectiveness and efficiency of operations
Reliability of internal and external reporting
Compliance with applicable laws and regulations
Fraud triangle
Pressure persons incentive or motivation to commit
fraud
, Rationalization individual’s justification for committing fraud
Opportunity circumstances that allow fraud to occur
Sarbanes-Oxley act (2002) restore investor confidence in the capital market and the audit
profession by improving the accuracy and reliability of corporate disclosure
Sections concerning internal control: 302 and 404 (financial reports and internal controls)
COSO framework for implementing 404 management’s assessment of internal controls
COSO = committee of sponsoring organizations of the treadway commission
integrated framework for designing, implementing, and
assessing an internal control system, combined dimensions
includes five inter-related components which help achieving
all internal control objectives and cover the entire
organization
Control environment
Risk assessment
Control activities
Information and communication
Monitoring activities
COSO house if one element of the house suffers, it impacts
the substance of the entire house
Risk uncertainty and has unwanted consequences or losses
17 COSO principles: risk assessment
06 identification of objectives to enable risk identification and assessment
07 risk identification and analysis as a basis for risk management
08 fraud taken into consideration
09 identification and assessment of changes with impact on internal control system
Common tool for risk assessment = risk and control matrix
Lecture 3
SaaS = software as a service
PaaS = platform as a service
IaaS = infrastructure as a service
Information security goals
Confidentiality
Integrity
Availability
Lecture 4
Porter’s value chain
Primary activities
Inbound logistics receiving, storing, and distributing inputs internally
