Summary
Auditing & accounting information systems
Chapter 1
Information provision = the systematic gathering, recording and processing of data aimed at
the provision of information for management decision-making, operating the entity and
controlling it, including accountability.
3 purposes of information provision
Information for delegation and accountability
Decision-making
Operating business
Data = most elementary representation of applicable parts of reality that does not have
meaning until it is processed
Information = all the processed data that contributes to the recipients understanding of
applicable parts of reality
IT = all the electronic media used to input, process and store data, to provide information,
and to support or enable communication
System = organized collection of connected components that form a more complex whole,
aimed at attaining certain goals
Information system = organized collection of software and hardware for inputting,
processing and storing data, and providing information aimed at the attainment of
organizational goals
Accounting information is based on data from business events
Business event = an action by an organization or one or more of its transaction
counterparties, that impacts or will impact the state of the organization
AIS = study that focuses on the IT-based processes that are aimed at: providing information
to internal and external stakeholders that complies with specified quality criteria, and
creating the right conditions for effective and efficient delegation and accountability,
decision-making, and operating the business
Accounting information system = organized collection of software and hardware for
inputting, processing, and storing data on business events, aimed at providing information to
internal and external stakeholders that complies with specified quality criteria, and creating
the right conditions for effective and efficient delegation and accountability, decision-
making, and operating the business
Control backward and forward looking
Backward = comparing “what is” and “what should be”
,Forward = decision-making, enhancing future organizational performance
Control by managers = the continuous realization of legitimized goals through deliberate and
cooperative actions by organization members
Governance = the process of keeping an organization on track towards legitimized goals
Information-based Control Framework
Consists of 3 dimensions
Strategy formulation vs strategy implementation external and internal
environment, strategies into concrete actions
Business domain, information and communication domain, data domain, IT domain
To audit and control, aligns actual state with applicable normative framework
Quality important to integrate in model
Quality is a perception, subjective concept
Quality has a positive connotation higher quality is always better
Using quality in the model, comparing intended business or information strategy with the
quality criteria for the operations or information
Quality of operations
Efficiency and effectiveness of internal processes
Innovative power
Customer satisfaction
Financial performance
Quality of information
Effectiveness
o Reliability
Validity only existing events are recorded, processed, and reported
upon
Accuracy free from mathematical errors
(transposition/OCR/conversion errors)
Completeness every event is recorded, processed, and reported
upon
o Relevance
Precision higher level of detail, higher level of hierarchy less precise
the information is
, Timeliness timely enough to affect the decision-making process
Understandability useful for and intelligible to its user,
unambiguous interpretability of information
Efficiency economically justified, lowest possible costs
Quality of data
Input
o Validity data on business events that represent events in accordance with
business rules
o Accuracy free from mathematical, conversion, and transcription errors
o Completeness all valid business events are captured in data
Update
o Accuracy correctly recording of business events in applicable master files
o Completeness all valid business events are recorded in applicable master
files
Efficiency economically justified and produces at lowest possible costs
Quality of IT infrastructure
Technology
o Confidentiality only authorized people have access; confidential
information should not become at disposal of people who want to use it to
their own advantage
o Integrity highly reliable data (validity, accuracy, and completeness of
information and data)
o Availability at intended user’s disposal at the right time and place
Organization
o Scalability adding resources to IT infrastructure to handle more data
without hampering its operational effectiveness
o Maintainability the degree to which IT infrastructure can be tested,
renewed, and changed at reasonable cost
o Transferability conversion from one environment to another; easy
adjustment to changing situational conditions
Efficiency costs of IT investments are in control (not exceeding budget)
Compliance laws and regulations regarding computer crime, and privacy
Chapter 2
Committee of Sponsoring Organizations of the Treadway Commission = COSO-report have
management report on the effectiveness of its internal controls to create greater
management awareness of a few important elements in an internal control system
Control environment
Audit committee
Codes of conduct
Internal audit
Internal control = a process, effected by an entity’s board of directors, management, and
other personnel, designed to provide reasonable assurance regarding the achievement of
objectives relating to operations, reporting, and compliance
Auditing & accounting information systems
Chapter 1
Information provision = the systematic gathering, recording and processing of data aimed at
the provision of information for management decision-making, operating the entity and
controlling it, including accountability.
3 purposes of information provision
Information for delegation and accountability
Decision-making
Operating business
Data = most elementary representation of applicable parts of reality that does not have
meaning until it is processed
Information = all the processed data that contributes to the recipients understanding of
applicable parts of reality
IT = all the electronic media used to input, process and store data, to provide information,
and to support or enable communication
System = organized collection of connected components that form a more complex whole,
aimed at attaining certain goals
Information system = organized collection of software and hardware for inputting,
processing and storing data, and providing information aimed at the attainment of
organizational goals
Accounting information is based on data from business events
Business event = an action by an organization or one or more of its transaction
counterparties, that impacts or will impact the state of the organization
AIS = study that focuses on the IT-based processes that are aimed at: providing information
to internal and external stakeholders that complies with specified quality criteria, and
creating the right conditions for effective and efficient delegation and accountability,
decision-making, and operating the business
Accounting information system = organized collection of software and hardware for
inputting, processing, and storing data on business events, aimed at providing information to
internal and external stakeholders that complies with specified quality criteria, and creating
the right conditions for effective and efficient delegation and accountability, decision-
making, and operating the business
Control backward and forward looking
Backward = comparing “what is” and “what should be”
,Forward = decision-making, enhancing future organizational performance
Control by managers = the continuous realization of legitimized goals through deliberate and
cooperative actions by organization members
Governance = the process of keeping an organization on track towards legitimized goals
Information-based Control Framework
Consists of 3 dimensions
Strategy formulation vs strategy implementation external and internal
environment, strategies into concrete actions
Business domain, information and communication domain, data domain, IT domain
To audit and control, aligns actual state with applicable normative framework
Quality important to integrate in model
Quality is a perception, subjective concept
Quality has a positive connotation higher quality is always better
Using quality in the model, comparing intended business or information strategy with the
quality criteria for the operations or information
Quality of operations
Efficiency and effectiveness of internal processes
Innovative power
Customer satisfaction
Financial performance
Quality of information
Effectiveness
o Reliability
Validity only existing events are recorded, processed, and reported
upon
Accuracy free from mathematical errors
(transposition/OCR/conversion errors)
Completeness every event is recorded, processed, and reported
upon
o Relevance
Precision higher level of detail, higher level of hierarchy less precise
the information is
, Timeliness timely enough to affect the decision-making process
Understandability useful for and intelligible to its user,
unambiguous interpretability of information
Efficiency economically justified, lowest possible costs
Quality of data
Input
o Validity data on business events that represent events in accordance with
business rules
o Accuracy free from mathematical, conversion, and transcription errors
o Completeness all valid business events are captured in data
Update
o Accuracy correctly recording of business events in applicable master files
o Completeness all valid business events are recorded in applicable master
files
Efficiency economically justified and produces at lowest possible costs
Quality of IT infrastructure
Technology
o Confidentiality only authorized people have access; confidential
information should not become at disposal of people who want to use it to
their own advantage
o Integrity highly reliable data (validity, accuracy, and completeness of
information and data)
o Availability at intended user’s disposal at the right time and place
Organization
o Scalability adding resources to IT infrastructure to handle more data
without hampering its operational effectiveness
o Maintainability the degree to which IT infrastructure can be tested,
renewed, and changed at reasonable cost
o Transferability conversion from one environment to another; easy
adjustment to changing situational conditions
Efficiency costs of IT investments are in control (not exceeding budget)
Compliance laws and regulations regarding computer crime, and privacy
Chapter 2
Committee of Sponsoring Organizations of the Treadway Commission = COSO-report have
management report on the effectiveness of its internal controls to create greater
management awareness of a few important elements in an internal control system
Control environment
Audit committee
Codes of conduct
Internal audit
Internal control = a process, effected by an entity’s board of directors, management, and
other personnel, designed to provide reasonable assurance regarding the achievement of
objectives relating to operations, reporting, and compliance
