Accounting Process Management
Lecture 1
Chapter 1
Information
Users of information need information for the following purposes:
- Information for delegation and accountability (vertical)
If power and responsibilities are delegated, the need to management control arises.
- Information for decision-making (vertical)
- Information for operating the business (horizontal)
This type of information aims at sharing knowledge to enable the organization to
realize its goals, coordinating the activities of two different organizational units, or
communicating a decision made by management.
Information and communication technology (IT) = all the electronic media used to collect,
store and process data, to produce information, and to support or enable communication.
Accounting information systems (AIS)
An accounting information system studies the structuring and operation of planning and
control processes which are aimed at:
- providing information for decision-making and accountability to internal and external
stakeholders
- providing the right conditions for sound decision-making
- ensuring that no assets illegitimately exit the organization
Two important aspects of AIS are governance (= the process of keeping an organization on
track towards goals) and control (= all activities that are aimed at having organization
members cooperate to reach the organization’s goals).
Integral control framework
An integral control framework can be used to describe, analyse and solve AIS problems that
may arise.
Quality spectrum of information
In an attempt to make an objective assessment of the quality of decision-making, some
argue that a list can be developed containing a limited set of quality characteristics of
decision-making. The higher the quality of the decision-making, the better the resulting
decisions. Furthermore, the quality of decision-making is dependent on the quality of
1
,information. Therefore, the information requirements must be determined as accurately as
possible and information provisions must be tailored to these requirements.
Information must possess several quality characteristics, and to assess the quality of
information, the focus is on the degree to which information can be utilized in decision-
making. Main characteristics of information quality:
Validity = if it is in accordance with the represented part of reality in the sense that what is
reported is not too high.
Accuracy = if it is mathematically correct.
Completeness = if it is in accordance with the represented part of reality in the sense that
what is reported is not too low.
Precision = if it has a higher degree of detail.
Timeliness = if it is provided on time to affect the decision-making process.
Understandability = if it is presented in a format that is useful for its user. In general, the
more quantitative the information, the higher the understandability.
Efficiency = if it is economically justified and if it is produced at the lowest possible cost.
Quality spectrum of the IT infrastructure
In assessing the quality of the IT infrastructure, the focus is on the degree to which
information systems meet the requirements of the data processing department. The most
important quality characteristic of the IT infrastructure is its ability to provide high-quality
information.
Maintainability = the degree to which information systems can be tested, renewed and
changed at reasonable cost.
Transferability = the degree to which information systems can be transferred from one
environment to another. This implies that the system can easily be adjusted to changing
conditions like the state of the available IT or changing user requirements.
Efficiency = if the costs of the IT investments are in control (not exceeding its budgeted
costs).
2
,Availability = IT must be at the intended user’s disposal, on time and at the right place.
Threats are denial of service as a results of defects or as a result of system overload.
Confidentiality = only authorized persons are allowed to have access to specific parts of IT.
Authenticity = means that the sender and receiver of a message are who they claim to be.
If we combine the quality spectrum of information and that of the IT infrastructure the result
is a quality spectrum of information systems.
Relationship between information disciplines
Chapter 2
Internal control
Committee of Sponsoring Organizations (COSO) = their mission is to have management
report on the effectiveness of its internal controls and to create greater management
awareness that the control environment, the audit committee, codes of conduct and the
internal audit are important elements in an internal control system.
COSO’s definition of internal control = internal control is a process designed to provide
reasonable assurance regarding the achievement of objectives in the following categories:
- Efficiency and effectiveness of operations
- Reliability of financial reporting
- Compliance with applicable laws and regulations
- Safeguarding of the assets of the organization
COSO’s components of internal control:
- Control environment
- Risk assessment
- Control activities
- Information and communication
- Monitoring
Control environment → the control environment is the organization’s culture with respect
to the importance of internal control. This forms the basis for any internal control system.
The control environments encompasses a wide variety of organizational characteristics, but
in essence a good control environment is one where people in the organization are aware
of the importance of internal control and behave accordingly.
The control environments consists of = integrity and ethical values, management
philosophy, human resource policies, organizational structure.
3
, Risk assessment → risk assessment is focused on establishing such measures that the
residual risk (= cannot be avoided) is reduced to an acceptable level. It is about identifying
and analysing the relevant risks to the achievement of objectives (operational, financial
reporting and compliance). This is also about the cost-benefit analysis; internal control
measures are costly and it is important to make sure that the costs of these measures are
not higher than the generated benefits (i.e. achievement of internal control objectives).
Control activities → the control activities (= internal control measures) that have to be taken
to deal with the risks that are not acceptable for the organization.
A useful classification, based on risk assessment, is a distinction between preventive (=
avoiding deviations) and detective (= detecting deviations) measures. Deviations can be
seen as budget overruns, noncompliance with a certain internal procedure, costs that are
reported to be higher/lower than reality, revenues that are not reported.
Examples = establishing accountability using segregation of duties, procedures for
authorization, physical security of assets, supervision, variance analysis.
Information and communication → information and communication are necessary to
facilitate control. Information is both subject to control (how can the quality of information
be improved?) and a means of control (how can information be used to better control the
organization and its people?).
Examples = accountability, communications of procedures and task assignments.
Monitoring → monitoring assesses the quality of internal control systems over time.
Two forms of monitoring:
- monitoring as a continues process
- monitoring as separate evaluations at a certain moment in time
Cornerstones of internal control
COSO’s cornerstones of internal control:
- Steering paradigm
- Management cycle
- Basic pattern of information provision
- Value cycle
Steering paradigm → the following 4 elements will be present when dealing with
management and control:
- controlled system (what needs to be controlled; organization)
- control system (management)
- information system
- environment
These elements are related and together they form a pattern that is generally referred to as
the steering paradigm. Management needs information to manage the organization, this
information is received from either the information system or the environment.
Management cycle → steering and control are the most important processes for managers.
The steering paradigm specifies a particular way of analysing steering and control processes,
whereas the management cycle indicates in detail which steps management activities
4
Lecture 1
Chapter 1
Information
Users of information need information for the following purposes:
- Information for delegation and accountability (vertical)
If power and responsibilities are delegated, the need to management control arises.
- Information for decision-making (vertical)
- Information for operating the business (horizontal)
This type of information aims at sharing knowledge to enable the organization to
realize its goals, coordinating the activities of two different organizational units, or
communicating a decision made by management.
Information and communication technology (IT) = all the electronic media used to collect,
store and process data, to produce information, and to support or enable communication.
Accounting information systems (AIS)
An accounting information system studies the structuring and operation of planning and
control processes which are aimed at:
- providing information for decision-making and accountability to internal and external
stakeholders
- providing the right conditions for sound decision-making
- ensuring that no assets illegitimately exit the organization
Two important aspects of AIS are governance (= the process of keeping an organization on
track towards goals) and control (= all activities that are aimed at having organization
members cooperate to reach the organization’s goals).
Integral control framework
An integral control framework can be used to describe, analyse and solve AIS problems that
may arise.
Quality spectrum of information
In an attempt to make an objective assessment of the quality of decision-making, some
argue that a list can be developed containing a limited set of quality characteristics of
decision-making. The higher the quality of the decision-making, the better the resulting
decisions. Furthermore, the quality of decision-making is dependent on the quality of
1
,information. Therefore, the information requirements must be determined as accurately as
possible and information provisions must be tailored to these requirements.
Information must possess several quality characteristics, and to assess the quality of
information, the focus is on the degree to which information can be utilized in decision-
making. Main characteristics of information quality:
Validity = if it is in accordance with the represented part of reality in the sense that what is
reported is not too high.
Accuracy = if it is mathematically correct.
Completeness = if it is in accordance with the represented part of reality in the sense that
what is reported is not too low.
Precision = if it has a higher degree of detail.
Timeliness = if it is provided on time to affect the decision-making process.
Understandability = if it is presented in a format that is useful for its user. In general, the
more quantitative the information, the higher the understandability.
Efficiency = if it is economically justified and if it is produced at the lowest possible cost.
Quality spectrum of the IT infrastructure
In assessing the quality of the IT infrastructure, the focus is on the degree to which
information systems meet the requirements of the data processing department. The most
important quality characteristic of the IT infrastructure is its ability to provide high-quality
information.
Maintainability = the degree to which information systems can be tested, renewed and
changed at reasonable cost.
Transferability = the degree to which information systems can be transferred from one
environment to another. This implies that the system can easily be adjusted to changing
conditions like the state of the available IT or changing user requirements.
Efficiency = if the costs of the IT investments are in control (not exceeding its budgeted
costs).
2
,Availability = IT must be at the intended user’s disposal, on time and at the right place.
Threats are denial of service as a results of defects or as a result of system overload.
Confidentiality = only authorized persons are allowed to have access to specific parts of IT.
Authenticity = means that the sender and receiver of a message are who they claim to be.
If we combine the quality spectrum of information and that of the IT infrastructure the result
is a quality spectrum of information systems.
Relationship between information disciplines
Chapter 2
Internal control
Committee of Sponsoring Organizations (COSO) = their mission is to have management
report on the effectiveness of its internal controls and to create greater management
awareness that the control environment, the audit committee, codes of conduct and the
internal audit are important elements in an internal control system.
COSO’s definition of internal control = internal control is a process designed to provide
reasonable assurance regarding the achievement of objectives in the following categories:
- Efficiency and effectiveness of operations
- Reliability of financial reporting
- Compliance with applicable laws and regulations
- Safeguarding of the assets of the organization
COSO’s components of internal control:
- Control environment
- Risk assessment
- Control activities
- Information and communication
- Monitoring
Control environment → the control environment is the organization’s culture with respect
to the importance of internal control. This forms the basis for any internal control system.
The control environments encompasses a wide variety of organizational characteristics, but
in essence a good control environment is one where people in the organization are aware
of the importance of internal control and behave accordingly.
The control environments consists of = integrity and ethical values, management
philosophy, human resource policies, organizational structure.
3
, Risk assessment → risk assessment is focused on establishing such measures that the
residual risk (= cannot be avoided) is reduced to an acceptable level. It is about identifying
and analysing the relevant risks to the achievement of objectives (operational, financial
reporting and compliance). This is also about the cost-benefit analysis; internal control
measures are costly and it is important to make sure that the costs of these measures are
not higher than the generated benefits (i.e. achievement of internal control objectives).
Control activities → the control activities (= internal control measures) that have to be taken
to deal with the risks that are not acceptable for the organization.
A useful classification, based on risk assessment, is a distinction between preventive (=
avoiding deviations) and detective (= detecting deviations) measures. Deviations can be
seen as budget overruns, noncompliance with a certain internal procedure, costs that are
reported to be higher/lower than reality, revenues that are not reported.
Examples = establishing accountability using segregation of duties, procedures for
authorization, physical security of assets, supervision, variance analysis.
Information and communication → information and communication are necessary to
facilitate control. Information is both subject to control (how can the quality of information
be improved?) and a means of control (how can information be used to better control the
organization and its people?).
Examples = accountability, communications of procedures and task assignments.
Monitoring → monitoring assesses the quality of internal control systems over time.
Two forms of monitoring:
- monitoring as a continues process
- monitoring as separate evaluations at a certain moment in time
Cornerstones of internal control
COSO’s cornerstones of internal control:
- Steering paradigm
- Management cycle
- Basic pattern of information provision
- Value cycle
Steering paradigm → the following 4 elements will be present when dealing with
management and control:
- controlled system (what needs to be controlled; organization)
- control system (management)
- information system
- environment
These elements are related and together they form a pattern that is generally referred to as
the steering paradigm. Management needs information to manage the organization, this
information is received from either the information system or the environment.
Management cycle → steering and control are the most important processes for managers.
The steering paradigm specifies a particular way of analysing steering and control processes,
whereas the management cycle indicates in detail which steps management activities
4
