AIS literature summary
Chapter 1
Information system: consists of interrelated components and the people who use and maintain it
Data: facts or statistics about a person or an object that are collected for reference or analysis
Accounting information system (AIS): performs the same data collection, transformation, and reporting
as all other information systems, but it is specific to accounting and financial data
Business event: a single business activity in a business process
As companies grow, their information systems grow in complexity
Purpose of a business: to make a profit and generate enough cash flow to continue operating. Two
reasons for the profit motive:
- Stockholders have to expect a competitive return
- Profit is reinvested into the company
Business model: a company’s plan for operations. Types:
- Franchise business model
- Subscription business model
- Freemium business model
- Peer-to-peer business model
- Direct-to consumer business model
Business process: a group of related business events designed to accomplish the strategic objectives of
the business. Basic business model has three primary types of business processes:
- Acquisitions and payments processes
- Conversion processes
- Marketing, sales, and collections processes
Types of business events:
- Operating events: occur during the normal operations of a company’s business and directly
relate to the company’s creating and providing a good or service to its customers
- Financing events: help the company operate by acquiring income cash flows to fund operating
events
- Investing events: provide long-term value to the company by purchasing long-term assets that
will deliver value in the future
- Information events: involve an exchange of information and never involve an exchange of
economic resources
Today, we use process-based information systems. Before, we used transaction-based AIS to record
only accounting transactions
An AIS provides financial and other metrics that determine how well management is implementing
and controlling business processes. Management’s responsibilities for overseeing business processes
include:
- Planning
- Implementing
- Monitoring
- Changing and improving processes
Information quality: the suitability of information for a particular purpose in a specific task
Data integrity: the completeness, accuracy, reliability, and consistency of data throughout its life cycle
in the information system
Fundamental characteristics of useful information:
- Relevance
- Faithful representation
1
,Enhancing characteristics of useful information:
- Verifiability
- Timeliness
- Understandability
- Comparability
An overall constraint of the usefulness of information is its cost-effectiveness
Decision context; the preferences, constraints, and other factors that affect how a decision is made. It
helps you understand the intended use of information.
Reporting: the process of aggregating data into information on the activities and performance in a
company
Data analytics: the process of using technology to transform raw data, or facts, into useful information
Mahama et al. (2016)
Paper proposes a reinterpretation of the agency of information system (IS) as rational. Agency refers
to a cause-effect relationship.
Three views for the agency of information systems:
- Technocentric view
- Anthropocentric view
- Relational view
They propose information systems should viewed from the relational view. This suggests that the
social and material entities that make up the information system have no absolute essence when
viewed in isolation, but that their collective force defines the agency of IS.
Chapter 2
Risk: the likelihood of an unfavorable event occurring.
Risk often drives innovation. If a company wants to be at the forefront of its industry, it must be
willing to accept calculated risk. A risk-aware culture lets business proactively identify and manage
risk. A risk-aware culture at a business is characterized by leadership that sets a risk-awareness tone at
the top, management that encourages employees to discuss risks openly and honestly, and an
alignment of risk across all corporate initiatives.
Risk assessment: identifies, categorizes, and prioritizes individual risks so companies can leverage
their understanding of risk in strategic planning
Business function: a high-level business area or department that performs business processes to
achieve company goals
Two views of risk:
- Portfolio view: the risk at the entity level
- Profile view: the risk at the more granular level of a business function, process, or event
Enterprise risk management (ERM): comprehensive processes:
- Formal risk assessment:
o Identifying
o Categorizing
o Prioritizing
- Addressing the risk:
o Responding
2
, Identifying risks requires assuming the worst.
Risk statement: two parts: the issue and the possible outcome.
Types of risks:
- Internal risks: occur throughout a company’s operations and arise during normal operations.
May relate to an external party. Types:
o Operational risk: occurs during day-to-day business operations and causes
breakdowns in business activities. Technology risk is an operational risk that exists
when technology failures have the potential to disrupt business. Cyber risk is a unique
type of technology risk that occurs when an external party accesses the company’s
technology assets and performs unauthorized actions that are malicious.
o Financial risk: refers to money going into and out of a company and the potential loss
of a substantial sum
o Reputational risk: occurs when the reputation of a company is damaged
- External risks: are not related to business operations and come from outside the company.
Types:
o Compliance risk: when a company fails to follow regulation and legislation and is
subjected to legal penalties
o Strategic risk: inevitable risk that results when a strategy becomes less effective
o Physical risk: threats such as adverse weather, crimes, and physical damage
Risk inventory: a listing of all the business’s known risks.
Risk severity: two parts:
- Likelihood: estimated probability of risk occurrence, ranked on a spectrum
- Impact: damage that could be caused if a risk occurs, ranked on a spectrum
Using risk formulas: two steps:
- Qualitative approach: assign likelihood and impact
- Quantitative method: score each risk on a 1-5 scale. You can then calculate a final risk score
by multiplying the two numbers together.
Each company will have its own criteria for what each point value means. And risks with similar risk
scores may be treated differently, based on judgmental decision making.
Risk matrix: helps paint a clearer picture of risk than just a number. Heat map: a type of risk matrix
that uses different colors to represent values of data in a map or diagram format:
Four traditional risk responses:
- Accept: not acting at all
- Mitigate: accept the risk but minimize its impact
- Transfer: shift the risk to a third party
- Avoid: completely avoiding the event causing the risk
Risk appetite: the amount of risk a company is willing to take on at a particular time
3
Chapter 1
Information system: consists of interrelated components and the people who use and maintain it
Data: facts or statistics about a person or an object that are collected for reference or analysis
Accounting information system (AIS): performs the same data collection, transformation, and reporting
as all other information systems, but it is specific to accounting and financial data
Business event: a single business activity in a business process
As companies grow, their information systems grow in complexity
Purpose of a business: to make a profit and generate enough cash flow to continue operating. Two
reasons for the profit motive:
- Stockholders have to expect a competitive return
- Profit is reinvested into the company
Business model: a company’s plan for operations. Types:
- Franchise business model
- Subscription business model
- Freemium business model
- Peer-to-peer business model
- Direct-to consumer business model
Business process: a group of related business events designed to accomplish the strategic objectives of
the business. Basic business model has three primary types of business processes:
- Acquisitions and payments processes
- Conversion processes
- Marketing, sales, and collections processes
Types of business events:
- Operating events: occur during the normal operations of a company’s business and directly
relate to the company’s creating and providing a good or service to its customers
- Financing events: help the company operate by acquiring income cash flows to fund operating
events
- Investing events: provide long-term value to the company by purchasing long-term assets that
will deliver value in the future
- Information events: involve an exchange of information and never involve an exchange of
economic resources
Today, we use process-based information systems. Before, we used transaction-based AIS to record
only accounting transactions
An AIS provides financial and other metrics that determine how well management is implementing
and controlling business processes. Management’s responsibilities for overseeing business processes
include:
- Planning
- Implementing
- Monitoring
- Changing and improving processes
Information quality: the suitability of information for a particular purpose in a specific task
Data integrity: the completeness, accuracy, reliability, and consistency of data throughout its life cycle
in the information system
Fundamental characteristics of useful information:
- Relevance
- Faithful representation
1
,Enhancing characteristics of useful information:
- Verifiability
- Timeliness
- Understandability
- Comparability
An overall constraint of the usefulness of information is its cost-effectiveness
Decision context; the preferences, constraints, and other factors that affect how a decision is made. It
helps you understand the intended use of information.
Reporting: the process of aggregating data into information on the activities and performance in a
company
Data analytics: the process of using technology to transform raw data, or facts, into useful information
Mahama et al. (2016)
Paper proposes a reinterpretation of the agency of information system (IS) as rational. Agency refers
to a cause-effect relationship.
Three views for the agency of information systems:
- Technocentric view
- Anthropocentric view
- Relational view
They propose information systems should viewed from the relational view. This suggests that the
social and material entities that make up the information system have no absolute essence when
viewed in isolation, but that their collective force defines the agency of IS.
Chapter 2
Risk: the likelihood of an unfavorable event occurring.
Risk often drives innovation. If a company wants to be at the forefront of its industry, it must be
willing to accept calculated risk. A risk-aware culture lets business proactively identify and manage
risk. A risk-aware culture at a business is characterized by leadership that sets a risk-awareness tone at
the top, management that encourages employees to discuss risks openly and honestly, and an
alignment of risk across all corporate initiatives.
Risk assessment: identifies, categorizes, and prioritizes individual risks so companies can leverage
their understanding of risk in strategic planning
Business function: a high-level business area or department that performs business processes to
achieve company goals
Two views of risk:
- Portfolio view: the risk at the entity level
- Profile view: the risk at the more granular level of a business function, process, or event
Enterprise risk management (ERM): comprehensive processes:
- Formal risk assessment:
o Identifying
o Categorizing
o Prioritizing
- Addressing the risk:
o Responding
2
, Identifying risks requires assuming the worst.
Risk statement: two parts: the issue and the possible outcome.
Types of risks:
- Internal risks: occur throughout a company’s operations and arise during normal operations.
May relate to an external party. Types:
o Operational risk: occurs during day-to-day business operations and causes
breakdowns in business activities. Technology risk is an operational risk that exists
when technology failures have the potential to disrupt business. Cyber risk is a unique
type of technology risk that occurs when an external party accesses the company’s
technology assets and performs unauthorized actions that are malicious.
o Financial risk: refers to money going into and out of a company and the potential loss
of a substantial sum
o Reputational risk: occurs when the reputation of a company is damaged
- External risks: are not related to business operations and come from outside the company.
Types:
o Compliance risk: when a company fails to follow regulation and legislation and is
subjected to legal penalties
o Strategic risk: inevitable risk that results when a strategy becomes less effective
o Physical risk: threats such as adverse weather, crimes, and physical damage
Risk inventory: a listing of all the business’s known risks.
Risk severity: two parts:
- Likelihood: estimated probability of risk occurrence, ranked on a spectrum
- Impact: damage that could be caused if a risk occurs, ranked on a spectrum
Using risk formulas: two steps:
- Qualitative approach: assign likelihood and impact
- Quantitative method: score each risk on a 1-5 scale. You can then calculate a final risk score
by multiplying the two numbers together.
Each company will have its own criteria for what each point value means. And risks with similar risk
scores may be treated differently, based on judgmental decision making.
Risk matrix: helps paint a clearer picture of risk than just a number. Heat map: a type of risk matrix
that uses different colors to represent values of data in a map or diagram format:
Four traditional risk responses:
- Accept: not acting at all
- Mitigate: accept the risk but minimize its impact
- Transfer: shift the risk to a third party
- Avoid: completely avoiding the event causing the risk
Risk appetite: the amount of risk a company is willing to take on at a particular time
3
