Deck 4 Accounting Information Systems Romney and Steinbart Linda Batch May 2012

Contents Learning Objectives Review of the Components of a Transaction (REA) Chapter Quiz Questions Review the answers to Problem 17.4 and 17.6 Review Power Points for Chapters 5 Microsoft Access – Continue with the database exercise

Homework from Last Week Problem 17.4 and 17.6 – hand in at the beginning of the next class Chapter 17 pp. 492 to 502 – Read again Chapter 17 quiz questions Read Chapter 5 pp. 121 to 135 (whole chapter) Read Chapter 6 pp. 149 to 167 (whole chapter)

Moving on to: Steps in Developing a Database (REA) Step 1: Identify the events about which management wants to collect and store information Step 2: Identify the resources and agents affected by each event The Events Resources and Agents are Entities Each entity will be represented by a different table in a relational database Step 3: Determine the cardinalities of the relationships between entities

Identify the events of interest to management Step 1 - Event Identify the events of interest to management A solid understanding about the activities performed in each business cycle (give / get relationships) Revenue Cycle: Take customer orders (neither give nor get) Fill customer orders (give) - sale Bill customers (neither give nor get) Collect payment from customers (get)

Step 2 – Resources and Agents Identify resources and agents What economic resource is reduced by the give event What economic resource is acquired by the get event What economic resource is affected by a commitment give inventory (or product), get cash employee gives the inventory to the customer employee gets the cash from the customer

Rules for Structuring Relationships Every event must be linked to at least one resource entity Every event entity must be linked to at least one other event entity Every event entity must be linked to at least two agent entities Order the event entities from top to bottom in the order that they occur

Step 3 – How are Data Cardinalities Represented on a REA Diagram? Relationship type is based on maximum cardinality: One-to-One: One-to-Many: Many-to-Many: These relationships are not arbitrary but must reflect the organization’s business policies (pg. 505)

Problem 17.4 Sue’s Gallery only purchases finished paintings (it never commissions artists). It pays each artist 50% of the agreed price at the time of purchase, and the remainder after the painting is sold. All purchases are paid by check from Sue’s main checking account. Draw an REA Diagram, complete with cardinalities, of the gallery’s expenditure cycle. Identify Resources, Events and Agents and note this is the Expenditure Cycle

Problem 17.4 Build up the REA Diagram Resources Events Agents Artwork Cash Purchase paintings Pay Artists Artists Gallery buyer Gallery seller

Problem 17.4

Problem 17.6 Provide an example (in terms of companies with which you are familiar) for each of the business situations described by the following relationship cardinalities: (a) A company may receive multiple cash payments on a single sale or a company may receive one payment for several sales. This scenario could take place between any vendor and any customer. The vendor is allowing customers to make multiple payments on a single invoice and is allowing customers to pay for multiple invoices with a single payment.

Problem 17.6 (b) A sale can include multiple items, but an item can be included in only one sale. This type of arrangement would involve individual items like art work or automobiles. (c) In this scenario, some inventory purchases can be paid for with multiple payments, while at times a single disbursement may pay for multiple purchases. This scenario represents a revolving credit plan offered by suppliers. (d) In this scenario, inventory purchases are to be paid for with a single payment. For example, a vendor sends a monthly bill for merchandise delivered to a customer. The supplier does not accept or allow installment payments. This is typical for many business to business transactions that involve low-priced items.

Problem 17.6 (e) In this scenario, a single purchase of inventory is paid for with multiple payments. For example, a car dealership makes installment payments for cars delivered from the manufacturer. (f) In this scenario, each sale must be preceded by one and only one order. The fact that both the order and sales events are recorded implies that there is probably a time lag between taking the customer’s order and filling that order, so that the selling organization needs to be able to track the status of orders. An internet sale is an example of this type of scenario. When a customer places an order with Amazon.com, there is a time lag between the time the order is sent by the customer and the time Amazon fills the order.

Problem 17.6 (g) In this scenario, each sale can be comprised of multiple orders and each order can be associated with multiple sales. Thus, we have here a situation where the selling company batches orders and only ships periodically – e.g., with restaurants, suppliers may take orders daily but fill them only on Mondays and Thursdays. Moreover, suppliers may occasionally run out of some items, requiring multiple deliveries (sales) to fill a specific order. (h) Payment upfront for a single sale similar to the way DELL sells computers; i.e., no installment payments are allowed, the customer must pay in full in advance (prior to shipment).

Problem 17.6 (i) In this scenario, a sale can include multiple inventory items. Also, a single inventory item can be included in multiple sales. For example, Wal-Mart customers can purchase many inventory items such as detergent, tires, and clothing items. These mass-produced inventory items can also be sold to many customers. Therefore, a sale can include a box of detergent, a set of tires, and a sweatshirt. By the same token, the same brand of detergent can be included in many different sales. (j) Sales need not be preceded by orders, but any orders are associated with only one sale (filled individually, not batched). An example is a hardware store in which some sales are made to walk-in customers (sales without preceding orders), but which also allows contractors to place orders by phone, fax, or over the Internet in advance and then pick up the order later.

Chapter 5 – Computer Fraud Learning Objectives Explain the threats faced by modern information systems. Define fraud and describe the process one follows to perpetuate a fraud. Discuss who perpetrates fraud and why it occurs, including: the pressures, opportunities, and rationalizations that are present in most frauds. Define computer fraud and discuss the different computer fraud classifications. Explain how to prevent and detect computer fraud and abuse.

Threats to AIS Natural Disasters and Terrorist Threats Software Errors and/or Equipment Malfunction Unintentional Acts (Human Error) Intentional Acts (Computer Crimes)

What is Fraud Gaining an unfair advantage over another person Individuals who commit fraud are referred to as white-collar criminals. Legally for an act to be fraudulent there must be: A false statement, representation, or disclosure A material fact that induces a person to act An intent to deceive A justifiable reliance on the fraudulent fact in which a person takes action An injury or loss suffered by the victim

Forms of Fraud Misappropriation of assets Theft of a companies assets. Largest factors for theft of assets: Absence of internal control system Failure to enforce internal control system Fraudulent financial reporting “…intentional or reckless conduct, whether by act or omission, that results in materially misleading financial statements” (The Treadway Commission).

Reasons for Fraudulent F/S Deceive investors or creditors Increase a company’s stock price Meet cash flow needs Hide company losses or other problems The Association of Certified Fraud Examiners found that an asset misappropriation is 17 times more likely than fraudulent financial reporting but the amounts involved are much lower.

SAS #99 – The Auditors Responsibility to Detect Fraud SAS – Statement on Auditing Standards Auditors responsibility to detect fraud Understand fraud Discuss risks of material fraudulent statements Among members of audit team Obtain information Look for fraud risk factors Identify, assess, and respond to risk Evaluate the results of audit tests Determine impact of fraud on financial statements Document and communicate findings Incorporate a technological focus

Who Perpetuates Fraud and Why? Very little difference between the general public and those that perpetuate white collar crime Most have no prior criminal history Most are upstanding citizens in the community A growing number of computer fraud perpetuators seek monetary gain from their actions Malicious software is big business Cyber-criminals are at top FBI priority because they have moved from isolated and uncoordinated attacks to organized fraud schemes targeting individuals and businesses.

The Fraud Triangle - Pressure Opportunity Rationalization Employee Financial Emotional Lifestyle Financial Reporting Industry Conditions Mgmt Characteristics Employee Pressure Triangle Financial Statement Pressure Triangle

The Fraud Triangle - Opportunity Pressure Opportunity Rationalization Condition or situation that allows a person or organization to: Commit the fraud Conceal the fraud Lapping Kiting Convert the theft or misrepresentation to personal gain Opportunity Commit Conceal Convert

The Fraud Triangle - Rationalization Pressure Opportunity Rationalization Justification of illegal behavior: Justification I am not being dishonest. Attitude I don’t need to be honest. Lack of personal integrity Theft is valued higher than honesty or integrity. Rationalization Justification Attitude Lack of Peronal Integrity

Fraud Triangle Summary Usually all three elements need to exist before an employee will perpetuate a fraud Fraud can be prevented by eliminating one or more fraud triangle elements Pressure Opportunity Rationalization

Computer Fraud - Classifications Input Fraud Alteration or falsifying input Processor Fraud Unauthorized system use Computer Instructions Fraud Modifying software, illegal copying of software, using software in an unauthorized manner, creating software to undergo unauthorized activities Data Fraud Illegally using, copying, browsing, searching, or harming company data Output Fraud Stealing, copying, or misusing computer printouts or displayed information

Preventing and Detecting Fraud and Abuse Table 5-5 pg.134 Make Fraud Less Likely to Occur Organizational Culture Adopt an organizational structure, management style, operating style, and risk appetite that minimizes the risk of fraud Active involved independent audit committee Train employees on ethical considerations Increase the Difficulty of Committing Fraud Develop a strong system of internal controls Segregate the functions of authorization, recording, and custody Proper segregation of duties between functions System access to authorized personnel

Preventing and Detecting Fraud and Abuse Table 5-5 pg.134 Improve Detection Methods Create an audit trail of individual transactions Conduct periodic internal and external audits Install fraud detection software Implement a fraud detection hotline Reduce Fraud Losses Maintain adequate insurance Develop comprehensive fraud contingency, disaster recovery, and business continuity plans Store backup copies of program and data files in a secure off-site location Use software to monitor system activity and recover from fraud

Homework TBD