This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Chapter 12 presented a framework for studying an AIS in the larger
context of business strategy and the IT environment. As noted in
Chapter 12, this broader framework can help you better understand
and apply AIS knowledge in the current professional environment.
Our focus in Chapters 1–11 was on two of the boxes in Figure
13.1—business process and AIS applications—and the related risks
and con- trols. Two additional components are shown in Figure
13.1—business strategy and information technology (IT)
environment.
ACCOUNTING SYSTEMS: MANAGING THE IT ENVIRONMENT
13 LEARNING OBJECTIVES After completing this chapter, you should
understand: U1. IT architectures for multi-user systems. U2.
General controls. U3. Information systems planning—IT strategy,
IT
architecture, IT function, and systems develop- ment process.
U4. The organization of the IT function—location of the IT
function, segregation of duties for IT functions, and personnel
controls.
U5. Systems development methodology, program development and
testing, and documentation.
U6. Accounting systems—techniques for control- ling access and
ensuring the continuity of IT operations.
After completing this chapter, you should be able to: P1. Identify
key components of an IS plan. P2. Develop an access control matrix
for an appli-
cation.
635
Figure 13.1 A Framework for Studying an AIS
In Chapter 12, we defined the IT environment in terms of the four
elements in Exhibit 13.1.
62006_JonesRama_CH13.qxd 5/23/2002 12:55 PM Page 635
639Accounting Systems: Managing the IT Environment Chapter 13
User User
Distributed Data Entry
Computer
User
Computer
User
Focus on Problem Solving 13.a
IT Architectures (U1)
Required: Consider the alternative processes for registering for
classes. Indicate which of the four IT configurations apply to the
following examples.
1. The student visits the chairperson of each department to
register for just the classes taught in that department. The
chairperson registers the student for classes taught in that
department using the department’s computer.
2. The student must go the registrar’s office in the administration
building. A clerk in the registrar’s office registers students.
Chairpersons or faculty are unable to do any registering for
students.
3. The student visits the chairperson of the department for his or
her major. The chairperson uses a personal computer to review the
graduation requirements stored in a spreadsheet. The computer is
connected to the mainframe enabling the chairperson to register the
student in all of the classes that the student will take.
4. The chairperson uses a terminal connected to the mainframe to
register the student.
The solution to this Focus on Problem Solving box appears on page
661. Check your answer and make sure you understand the solution
before reading further.
It should be noted that a single company may use all four of the
configurations for different functions. For example, payroll duties
may be centralized to limit access
62006_JonesRama_CH13.qxd 5/23/2002 12:55 PM Page 639
Locate the IT Function Appropriately The location of the IT
function should be appropriate, given business goals and needs. If
information systems are of strategic importance to an
organization’s current or fu- ture operations, the organization
should have a separate IT function. The IT function should not be
under any user department (e.g., marketing manager or controller)
to ensure that the IT staff are independent and support the needs
of all user groups.
Furthermore, the IT function should be located high in the
organizational hi- erarchy. Figure 13.3 shows a typical
organization for the IT function with tradi- tional centralized
systems. As seen from this figure, the IT function is under the
authority of a vice president of Computer Services. Another
possible title is chief information officer (CIO). The VP of
Computer Services could report to the CEO along with the other key
players (e.g., VP of Production and VP of Marketing).
If information systems are not that crucial to an organization’s
operations, the function could be under a user group. The
organization may not even have an IT function; the responsibilities
may be distributed to user groups. Or the IT function may be under
the control of a single user group such as the controller’s
staff.
Segregate Incompatible Functions Review Figure 13.3 to see the way
in which responsibilities are allocated to vari- ous groups under
the VP of Computer Services. The actual job titles and exact or-
ganization will vary from organization to organization.
Figure 13.3 Organization of IT Function for Centralized
Systems
647Accounting Systems: Managing the IT Environment Chapter 13
Vice President Computer Services
Data Library
Computer Operations
Networks & Telecommunications
Database Administration Quality Control
The purpose of our discussion is to help you understand the basic
principles used to segregate duties in the IT function. We now
identify four opportunities for implementing the segregation of
duties involving users, computer operations, sys- tems development,
and systems maintenance.
Separating Users from Computer Operations. Recall that the idea
behind segregation of duties is to separate responsibilities for
(1) authorization, (2) execu- tion, (3) recording, and (4) custody
of assets. In a computerized AIS, the IT func- tion should only be
responsible for the third step. User departments are
responsible
62006_JonesRama_CH13.qxd 5/23/2002 12:55 PM Page 647
Prepare tax returns (E3) The information is entered9 into Mega-Tax,
a tax software product used at the company. The recording and
storage of tax information is handled by the Mega- Tax software and
is separate from the rest of the revenue cycle. The company is not
planning to integrate the tax preparation software with the rest of
the revenue cycle. Thus, in this case, you can disregard the
recording, updating, and processing of detailed tax return
information.
Bill client (E4) As soon as the tax return is finished, the
accountant gives10 the Service Request Form, client information
sheet, and tax return to the secretary. The secretary im- mediately
enters11 the services provided into the computer system. If the
client is new, a client record is first set12 up in the computer
system. As each service code is entered, the computer looks13 up
the description and price. The system com- putes14 and displays the
total amount at the bottom. A record is created15 in the Invoice
Table, and the status is set to “open.” The services provided are
recorded16
in the Invoice_Detail Table. The secretary then prints17 the
invoice. The secretary selects18 the “Post the invoice to master
tables” option. The customer’s balance is then increased.19 The
Year-to-Date_Revenues amount for each service provided is also
updated.20 She then notifies21 the client that the return is
ready.
Collect cash (E5) When the customer arrives to pick up the returns,
he gives22 a check to the secre- tary. The secretary enters23 the
Invoice#, Check#, Date, and Amount_Paid. The sec- retary selects24
the “Post the invoice to master tables” option. The computer then
reduces25 the customer balance to reflect the amount of the
payment. The status of the invoice is set26 to “closed.”
654 Part IV Managing Information Technology and Systems
Development
Exhibit 13.4 Concluded
Revenue Cycle Menu
C. Process Data
D. Display/Print Reports
Event Reports
1. Invoice 2. Services provided 3. Services provided by Service# 4.
Services provided by Service# (Summary) Reference Lists
5. Services reference list Summary and Detailed Status
Reports
6. Detailed client status report 7. Summary client status report 8.
Single client status report
E. Exit
Figure 13.4 Revenue Cycle Menu for H & J Tax Preparation
Service
62006_JonesRama_CH13.qxd 5/23/2002 12:55 PM Page 654
Figure 13.6 shows the screen used in Peachtree Complete Accounting
to limit access. As the screen indicates, the user has full access
for maintaining customers in the sales module. The user can also
enter transactions (Tasks) and read reports.
657Accounting Systems: Managing the IT Environment Chapter 13
Figure 13.5 Security Screen from Great Plains Dynamics
Figure 13.6 Peachtree Complete Accounting Screen for Password
Protection
Limiting access to computers and computer data is one way to avoid
computer downtime that could result from errors by unqualified
users and deliberate fraud or destruction of data. However, the
integrity of the data could also be damaged by hard disk failures
and accidents. The next section discusses techniques for min-
imizing breaks in the continuity of IT operations.
Ensure Continuity of Service During operation of an AIS, ensuring
continuous service is an important objective. The unavailability of
the system for even a short time may cause significant losses
62006_JonesRama_CH13.qxd 5/23/2002 12:55 PM Page 657
Figure 13.6 shows the screen used in Peachtree Complete Accounting
to limit access. As the screen indicates, the user has full access
for maintaining customers in the sales module. The user can also
enter transactions (Tasks) and read reports.
657Accounting Systems: Managing the IT Environment Chapter 13
Figure 13.5 Security Screen from Great Plains Dynamics
Figure 13.6 Peachtree Complete Accounting Screen for Password
Protection
Limiting access to computers and computer data is one way to avoid
computer downtime that could result from errors by unqualified
users and deliberate fraud or destruction of data. However, the
integrity of the data could also be damaged by hard disk failures
and accidents. The next section discusses techniques for min-
imizing breaks in the continuity of IT operations.
Ensure Continuity of Service During operation of an AIS, ensuring
continuous service is an important objective. The unavailability of
the system for even a short time may cause significant losses
62006_JonesRama_CH13.qxd 5/23/2002 12:55 PM Page 657