I. Supply and Demand A. The market matches buyers and sellers of good and services. B. Demand is the quantity of a good or service that consumers are willing and able to purchase at various prices. 1. Law of demand - the price of a product and the quantity demanded are inversely related. 2. Substitution effect - when prices decrease, buyer will enter the market. The product will be cheaper relative to other goods and is substituted for them. 3. Income effect - people buy more when prices are lower. a. Normal goods - commodities for which demand is negatively related to income. b. Inferior goods - commodities for which demand is negatively related to income. c. Substitutes - increase is price of one product will generate an increase in demand for another. d. Complements - increase in the price for one product will generate a decrease in demand for another. Bread prices go up, jelly demand goes down C. Demand curves 1. Elasticity of demand - the parentage change in quantity demanded divided by the percentage change in price. D. Supply is the amount of goods or services that producers are willing to offer at a given price. 1. Law of supply - the price of a product and the quantity supplied are positively related. 2. Price elasticity of supply - percentage change in quantity supplied divided by the percentage change in price. 3. Equilibrium - the point at which the demand and supply curves intersect. E. Law of diminishing returns - a fixed amount of production resources, the addition of increments of labor will produce diminishing returns. F. Law of diminishing marginal utility - useful will decline as consumers acquired additional units of a product.
II. GDP and Business Cycles A. National income - the measure of the output and performance of a nations economy. 1. Gross domestic product (GDP) - the total market value of all final goods and services produced within the US whether domestic or foreign during a year. 2. Gross national product (GNP) - value of output produced with the US owned resources regardless of their location. GNP is GDP plus output of US owned resources abroad minus foreign owned resources in the US.
2 3. Measurement of GDP can use one of two approaches. a. Income approach - GDP is sum of various types of income such as wages, interest, rents, indirect business taxes, net foreign income. b. Expenditure approach - GDP is sum of spending such as personal consumption spending, gross private domestic investment, government purchases, net exports. 4. Net domestic product - GDP - deprecation (consumption of fixed assets) 5. National income - NDP + US net income earned abroad - indirect business taxes such as sales taxes. 6. Personal income - NI - corporate taxes - social security contributions + transfer payments 7. Disposable income - PI - personal income taxes B. Business cycles 1. Peak phase - economy has reached its highest level of production (GDP). 2. Trough - low levels of economic activity and under use of resources. 3. Recovery (expansion) - increasing economic activity. 4. Recession - activity severely contracts. 5. Depression - conditions are similar but longer lasting. C. Economic indicators - 1. Consumer price index (CPI) - based on prices of 364 goods and services over time. 2. Leading indicators such as new orders, building permits, weekly production. 3. Lagging indicators - unemployment consumer credit, D. Employment 1. Natural rate of unemployment - the long-term rate that would exist even if there were no cyclical unemployment. 2. Full employment - when the real rate of unemployment is equal to the natural rate. 3. Frictional unemployment - employees are between jobs. 4. Structural unemployment - includes those who have skills but do not match the required skill levels. by employers. 5. Cyclical unemployment - downturn in the business cycle.
III. Fiscal Economics A. Deals with the ability of the economy to generate and maintain full employment over the long run without government intervention. Three assumptions about this theory. 1. The difference between savings plans and investment plans is fundamental to an understanding of changes in the level of income. 2. Price flexibility cannot be relied upon to provide full employment. 3. Equilibrium GDP does not necessarily provide full employment. B. Multiplier - a change in consumption, investment, net exports or government spending results in a multiplied change in equilibrium GDP. 1. Marginal propensity to consume (MPC) - the percentage of additional income that is consumed. 2. Marginal propensity to save (MPS) - the percentage of additional income that is saved. a. MPC + MPS = 1 or MPS = 1 - MPC
3 IV. Money and the Economy A. M1 - coins and currency, checking deposits B. M2 - M1 plus savings, small time deposits, money market accounts. C. Monetary policy by the FED is designed to control the economy through the supply of money in the banking system. Tools to accomplish this are: 1. Reserves 2. Discount rates.
V. Unemployment, Inflation, Deflation, Government A. Unemployment - types 1. Frictional - caused by the normal workings of the labor market. 2. Structural - aggregate demand is sufficient to provide full employment but the distribution of demand does not relate to labor force. 3. Cyclical 4. Seasonal 5. Regional 6. Technological. B. Inflation 1. Cost-push - increased production costs are passed on to the consumer. 2. Demand-pull - demand for goods and services is excessive. 3. Consumer price index C. Governments role 1. Taxation a. Progressive b. Regressive c. Proportional 2. Direct taxes are paid by the taxpayer directly such as income taxes. 3. Indirect taxes are paid by someone else even though the individual will eventually pay the taxes.
VI. International Trade A. Comparative advantage - countries should produce products when they have the competitive advantage for sale and buy when they do not. 1. Production possibilities curve - represents the tradeoffs between two alternative goods that can be produced from the same amount of resources.
VII. Trade Barriers A. The following items are barriers to successful trade. 1. Tariffs - consumption taxes to restrict imports. a. Antidumping taxes 2. Import quotas a. Embargo - total ban on some kinds of imports.
VIII. Foreign Currency Rates and Markets A. Exchange rate determination 1. Spot rate - rate paid for immediate delivery of a currency. 2. Forward exchange rate - future price of currency. B. Avoiding the problem through hedging.
4 1. Purchased or selling forward contracts.
IX. Balance of Payments A. Balance of trade is difference between total exports and imports of goods.
5
AUDITING AND BUSINESS INFORMATION SYSTEMS
I. Characteristics of Computer Processing A. Transaction trails - trails may exist for only a short period of time B. Uniform processing of transactions - computers will process transactions in the same manner and helps eliminate errors. C. Segregation of functions - in a manual system segregation of duties helps prevent errors and fraud. In a computer system, one operator may be performing overlapping duties. Therefore, other controls must be in place to help prevent problems. D. Possible errors and fraud - the possibility of individuals getting access to data, changing data and access to assets is greater in a computer environment. E. Better supervision - management can use analytical tools to watch over the situation better than in a manual system. It improves the quality of information as well.
II. Information Systems - covers 4 areas A. Operational level - transaction processing systems (TPS) 1. Part of the accounting system such as general journal and ledgers, payroll records, cash records, production planning records. B. Knowledge level - knowledge work systems (KWS) 1. Used by profession and technical professional. Such things as CAD or computer aided design systems and office automation systems (OAS) are used to process normal information C. Management level - Management information systems (MIS) and decision support systems (DSS). 1. Used to help management in monitoring, controlling, decision-making and ordinary administrative functions such as logistics, personnel, marketing, finance, manufacturing, etc. It is very interactive and helps automate certain decisions where logic can be implemented. 2. Accounting information systems (AIS) is used to process financial transactions. This system records journal entries and the ledger system. D. Strategic level - executive support systems (ESS) or Executive Information System 1. This system helps management with changing unstructured problems and is focused on the broader more narrow decisions that senior management must make.
6 III. Systems Development and the Life Cycle Approach A. The System Development life cycle approach - used the develop highly structured application systems. The major advantage is better management and control of the entire process. The steps are: 1. Proposal - application that addresses the need for a system, support for it, and the scheduling of the process. 2. Feasibility study - determines whether the system is technically, economically and operationally feasible. One looks at the cost-benefit analysis 3. Information requirements - the requirements of users, reports needed, databases and other operating characteristics. 4. General design - user specifications, inputs and outputs of the system, processing flow, controls, and documentation. 5. Physical system design 6. Physical database design 7. Procedure development - layout chart 8. Flowcharting and diagrams 9. Program development - coding and testing the system. a. Structured programming - divides the system into modules that can concurrently be programmed. b. Computer aided systems engineering (CASE) - It allows software design and development through computer documentation for routine types of programs. 10. Implementation - installation and operation a. System conversion b. Training c. Follow-up
IV. Effects of It on Business Processes A. The effects of this process relates to information security, privacy, risk management, internal controls.
V. Enterprise Resource Planning (ERP) A. ERP is designed to integrate business-wide information systems by creating one database linked to all of the other applications. 1. The architecture of an ERP deals with client-server configuration such as local area networks and wide area networks and database management systems. B. Material requirement planning (MRP) - designed to control materials used in a production setting by placing raw materials into production at the precise moment of need. C. Manufacturing resource planning (MRP-II) - a more advanced stage of MRP that integrates production, sales, inventory, scheduling and cash flows into one control and planning system.
VI. Artificial Intelligence A. AI is computer software designed to perceive, reason, and understand business decisions. It begins with: 1. Knowledge database 2. Inference engine to help make decisions.
7 3. Heuristics or exploration problem-solving techniques that uses self-education methods to evaluate feedback and improve performance. 4. Network logic to learn from mistakes. 5. Fuzzy logic system to deal with imprecise data and problems that have many solutions. B. These systems allow us to make decisions quicker and with more uniformity, such as choosing an audit program within a given set of circumstances.
IT CONTROLS I. Functional Areas of IT Operations A. Controls should ensure that the system is running efficient and effectively. 1. Control environment and the assignment of authority and responsibility. B. Segregation of duties 1. Database administrator - overall responsibility for developing and maintaining the database and controls of data. 2. Systems analyst - the architect of the system. They flowchart and design the system. 3. Programmers - write the program according to the design from the analyst. 4. Operators - data entry. 5. Help desk - log in problems and provide helpful information to users. 6. Data conversion operators - data preparation and transmission from remote terminals. 7. Librarians - controls the programs and documentation. 8. End users- applies the application programs.
II. Disaster Recovery and Business Continuity A. Recovery plans deal with the regeneration of information and files should they be destroyed. They create backup copies for such situations. B. The various types of processes dictate the type of recovery plans necessary. 1. Batch processing - checkpoint procedures involve capturing data and program indicators at specific points and storing those valued in another file. Processing could be restarted at one of the checkpoints. 2. Online processing - rollback and recovery involves dumping the master file contents onto a backup file. 3. Database management system - used dual logging with the use of two transaction logs written simultaneously on two separate storage media. C. Hot and cold sites 1. Hot site is an arrangement with the hardware vendor to provide a fully operational backup facility configured to the users needs in case of emergency. 2. Cold site does not have this capability.
III. Documentation and Development Methods A. Systems documentation - narratives, flowcharts, definitions, input and output forms, record layouts, etc. B. Program documentation - program flowcharts, source code, and test data, data structure.
8 C. Operating documentation - setup, files, input procedures, run times, recovery procedures and controls. D. Procedural documentation - master plan and operations to be performed, files, and data definition. E, User documentation - describes the system and producers for data entry, error checking and correction, and formats and uses of reports.
IV. Hardware Controls A. Dual read - an input device may read an input twice for comparison. B. Duplicate circuitry - allows the arithmetic logic unit of the CPU to perform calculations twice and compare. C. Echo check - provides peripheral device to return a signal sent by the CPU such as a printer before printing. D. Write protection - all data storage media, except hard disks, have a ring, table or notch that can be used to prevent writing. E. Parity check - adds a digit to the end of a binary code to determine if data has been altered.
V. Access Controls A. Physical security controls - limit access and protect against environment risks and natural catastrophes. B. Logical security controls - needed for communications network and connections externally. 1. Passwords and ID numbers. a. Encryption - uses algorithm to scramble text for transmission. b. Callback - user to call the computer, give id, hang up, and wait for an authorized number. c Biometrics - uses physical characteristics to id a person VI. Application Controls - relate to the actual operations of the computer system. A. Types of controls 1. Preventive - attempts to head off problems before they occur. 2. Detective - checks to determine if preventive controls are working. These might also be called feedback controls. 3. Feedforward - help look into the future and control future events - budgets. 4. Directive - provide for limitations in decision making within parameters. 5. Corrective - controls designed to fix problems. B. Input Controls - are concerned with the accuracy and completeness of date entered into the processing system. 1. Control totals - designed to detect errors in processing by being aware of the information before processing. a. Batch totals - such as total hours by department. b. Record counts - how many being processed. c. Hash totals - non-accounting number such as social security numbers. 2. Computer editing
9 a. Self-checking digits - a pre-tested number is assigned to an item and entered by this number. If the number is entered incorrectly, the computer will catch the problem. b. Validity check - checks the validity of a number against a master file of pre-approved numbers. c. Reasonableness tests - put a limit on the number of hours an employee can work in a week or the amount of pay they can make in a week and the computer will edit against that amount and not process entries in excess. d. Sequence checks - records are in the right order. C. Processing Controls 1. Procedures to prevent processing incorrect files and identify the operator who caused the error. 2. Logic checks are incorporated to provide assurance that transactions are properly valued. 3. Run-to-run totals are verified where appropriate. D. Output controls 1. Control totals. 2. Limit processing time. 3. End of run markers for completeness. 4. Controlling distribution of the reports.
VIII. End-User Computing (EUC) A. This involves user-create systems that are maintained and operated outside the normal system. B. Audit trails are usually bad since the operator created the system and it might have poor documentation.
IX. Internet Security A. Passwords. B. Firewall - separates an external network and prevents passage of specific types of traffic from entering the system.
HARDWARE, SOFTWARE AND DATA I. Characteristics of an Information System A. Hardware - The physical components of the system which include the CPU (arithmetic logic unit, controls, primary storage), drives, disks, printers, terminals, etc. 1. Mainframes - large, high-speed computers. 2. Microcomputers - such as personal computers are small but have many independent business applications. 3. Workstations - desktop machines but have enhanced math and graphic abilities 4. Storage devices include a. Random access - has direct access to data no matter how it is stored physically. b. Sequential - data is processed in the order it is stored. Can be indexed to get one to the point in the text quicker - like a textbook. c. Magnetic tape -cheap form of secondary storage.
10 d. Magnetic disks - larger space for storage. e. CD-ROM f. WORM - read once write many and cannot be erased. 5. Peripheral devices a. Magnetic ink character reader (MICR) - banks use to read checks. b. Point of sale terminals such as teller machines. c. Voice recognition compares ones voice with their patterns. d. Optical scanners - used to pass a light pen over the price tage to record. e. Laser bar code scanners - reads bar codes to record transaction. B. Software - the brains behind the operations of the computer. 1. Operating systems or supervisory program - performs the functions of controls, scheduling, and interfacing with the application programs. They include utility programs that perform basic operations such as merging and sorting files. a. Multiprogramming - a program can be accessed and data sent to print while another program is opened and running. b. Multiprocessing - multiple CPUs process data while sharing peripherals. 2. Utility programs - perform simple tasks such as sorting and merging file. 3. Source program - language used in the original program, which is a high level language. a. BASIC b. COBOL c. FORTRAN d. Java e. Pascal f. C, C+, C++ 4. Object program - the program, which was converted to a machine-readable form from the source program. 5. Interpreter program - converts a source program into an object program one line at a time and must be done with every use of the computer. 6. Compiler program - converts source program to object program for the entire program at once. 7. Application program or user program - program used to process data such as Excel, Word, etc. 8. Database management system - an intermediate program, which controls the processing of data for an entire system database through access controls.
III. Data Structure A. Terms for data systems 1. Bit - a zero or one and is the smallest unit of measurement for a computer. 2. Byte - group of 8 bits. 3. Field - a group of related characters such as id numbers 4. File - group of related fields such as an address. 5. Transactions file - data for a given account. 6. Master file - permanent data file such as general ledger accounts.
11 IV. The Role of Information Systems Within Business A. The role of IS today for the accountant is to process complex accounting information and reports the results to management in a timely manner so that business decision can be made effectively. The decision is extremely dependent upon the quality and correctness of the information. Therefore, proper design and controls are a vital element of any information system.
PROCESSING MODES, DATABASES, AND NETWORKS
I. Processing Systems A. Batch Process 1. Transactions are accumulated and processed in groups. The transaction summary is then posted to a mater file (general ledger). This system is simple and easy to operate but is slow. An example of this system would be payroll. B. On-Line, Real Time Systems 1. On-line systems give individuals immediate access to data. Real time refers to the ability of the individual to update data immediately. This system is fast but more difficult to audit. C. Distributed Processing Systems (Decentralized vs. centralized) 1. Refers to the fact that instead of using mainframes for access to programs and files, there is a stand-alone computer on the desk of an individual with full programming and processing capabilities. D. Separate File System 1. Each file is updated individually in separate processing runs.
II. Databases A. Database system 1. Database system - software that helps utilize the data within the system. It allows for one single storage site for all data without any redundancy. Data integrity is of ultimate importance since contamination ruins the data for all users. 2. Database management system - software that helps communication take place between application programs and regulates the access and ownership of data structures. 3. Database structure would include - we get to data with pointers and keys a. Hierarchical - data ownership looks like an organizational chart. b. Network - each element can have multiple owners. c. Relational - each element is connected logically based upon their interrelationships. 4. Data dictionary - describes the use of data from the database in applications. 5. Schema - a description of the logical structure of the database since data is stored randomly.
III. Data Communications and Networks A. Movement of data
12 1. Multiplexors - switching devices that route the flow of data. 2. Modem - hardware device to convert digital signals from terminals and the CPU into analog for transmission. 3. Communication channels a. Narrowband - telegraph lines b. Voice band - telephone lines. c. Broadband - multiple paths that permits simultaneous transmissions of different kinds of data.
B. Types of networks 1. Value-added networks (VAN) - mailbox services where the sender and receivers are never directly connected to each other but runs through a third party network. 2. Local area network (LAN) - local distribution of data 3. Wide area network (WAN) or distributed data processing - distributed in a wide geographic area C. Applications 1. Electronic mail 2, Voice mail 3. Teleconferencing 4. Fax machines 5. Electronic bulletin board - database into which computer users may dial to read or post messages. D. Network configuration - how lines of communication will flow in a network. 1. Point-to-point - from one terminal to another along a straight line. 2. Bus - many connected computers where the line of communication is along a straight line. 3. Ring - the communication line connects the computers in a circle. 4. Fully connected - the lines of communication go directly from one terminal to another. 5. Star - a dedicated server is placed in the center and the individual terminals from out from that center like a star. Communication flows through the server before going to the intended terminal.
E-COMMERCE I. EDI A. The communication of electronic documents directly from a computer in one business to a computer in another business. B. It uses standards to convert documents into an electronic form. C. Encryption is a vital part of the protection of secure information.
II. Electronic Funds Transfer A. The ability for financial institutions worldwide to access and transfer funds.
III. Point of Sale Transactions A. A point of sale system captures and transmits a retail transaction instantly.
13
IV. Software Attacks A. Protection from malicious software 1. Trojan horse - an innocent program houses a hidden function meant to destroy. 2. Virus - copies itself from file to file. 3. Worm - copies itself from computer to computer.
AUDITING IN A COMPUTER ENVIRONMENT I. Auditing in a Computer Environment - the auditor must test the EDP system to see if it is working the way it is designed to work. A. Test data approach - auditor may develop test data by using valid and invalid data and entering this into the system and see how it is processed. Such things as invalid numbers, duplicate entries, excess hours. B. Integrated test facility (ITF) - establishes a dummy entity within a client's system to see if the data will be processed correctly. C. Snapshots - auditor embeds software routines at different points within an application to capture and report images of selected transactions as it is processed at preselected points in the program. D. System control audit review file (SCARF) - uses software embedded in the system to gather information at predetermined points in a system. It is stored and reported to the auditor at predetermined intervals. E. Parallel simulation - auditor builds a program independent of the client's software. The two programs are run parallel to each other and the outputs are compared for consistency. F. Code review - auditor reviews computer code in the client's program looking for an inappropriate code or program logic. G. Code comparison - EDP control group keeps a control copy of the original program (blueprint) and compares the original copy to the program currently in use looking for changes.
IX. On-Line Real Time System Controls A. In this type of system, the major concern is access and the ability to change data without leaving an audit trail. 1. Use passwords to enter the system. 2. Passwords should periodically be voided and changed. 3. Input editing is very important - validity checks. 4. All activity should be logged into a history file with user identification. 5. File backup should be maintained.