Summary AAIS
Lecture 1 – Introduction to AIS
Accounting = the process of identifying, measuring and communicating economic information to
permit informed judgments and decisions by internal and external users of the information.
Accounting is an information-providing activity, so accountants need to understand how the system
that provides that information is designed, implemented, and used; how (non-)financial information
is reported; and how information is used to make decisions. The accounting process
Accounting > auditing. Accounting is not the same as auditing.
Information purposes
- Delegation and accountability
- Decision-making
- Information for operating the business
Data = the most elementary representation of applicable parts of
reality that does not have meaning until it is processed
Information = all the processed data that contributes to the recipients
understanding of applicable parts of reality
IT = all the electronic media used to input, process and store data, to
provide information, and to support or enable communication
System = consists of interdependent (connected) elements (components)
and is set up to achieve one or more specific objectives. A sub-system can
exist without the containing system, but usually has no useful function by itself. An element or
component cannot be used alone.
Information system = a set of interdependent components working together to collect, process,
store, and provide information.
AIS = accounting information system = an organized collection of
software and hardware for inputting, processing, and storing data on
business events, aimed at providing information to internal and external stakeholders that complies
with specified quality criteria, and creating the right conditions for effective and efficient delegation
and accountability, decision-making, and operating the business. Governance and control are two
important, strongly related aspects of AIS.
AIS as a subsystem collect, processes and reports information related to the financial aspects
(accounting) of business events. AIS = specialized subsystem of IS.
AIS adding value to the organization.
- Improves quality of information better decision-making (internal and external)
- Improves efficiency automation saves resources, information more timely
- Shares knowledge by communicating procedures
- Improves internal control structure safeguarding an organization’s assets
Quality spectrum of information Quality spectrum of data
,Quality spectrum of IT Quality of information system. Different dimensions of the
information-based control framework need to be of high
quality in order to achieve a well-functioning (accounting)
information system, including informational and
operational alignment as well as controls.
Read preparation material
Lecture 2 – Internal Control
Goal of internal control = to provide a shield that protects assets against undesirable events (risks)
that bombard the organization.
Internal control = the process effected by an entity’s board of directors, management, and other
personnel, designed to provide reasonable assurance regarding the achievement of the objectives
related to:
- Effectiveness and efficiency of operations
- Reliability of internal and external reporting
- Compliance with applicable laws and regulation
The Fraud Triangle
- Pressure = persons incentive or motivation to commit fraud. Think about: pressure
to perform, meet stakeholder expectations or personal incentives like the need to
pay bills
- Rationalization = refers to an individual’s justification for committing fraud. Think
about tone at the top and misbehavior of upper management, or fear or losing a
job which motivates to commit fraud to prevent the loss of job
- Opportunity = refers to circumstances that allow fraud to occur. In the fraud
triangle, it is the only component that a company exercises control over. Weak
internal control open opportunities to commit fraud
Big accounting scandals, such as Tyco scandal (2002), WorldCom scandal (2002) and Enron scandal
(2001) caused gigantic regulatory reactions: Sarbanes-Oxley Act (SOX) (2002) = restore investor
confidence in the capital market and the audit profession by improving accuracy and reliability of
corporate disclosure. SOX 60 laws were invented to:
- Prevent financial statement fraud
- Make reporting more transparent
- Protect investor
- Strengthen internal control
- Punish executives who perpetrate fraud
- Re-establish public confidence
And had an effect on how:
- Board of directors and management operate
o Implement and test internal controls
o Hold executives accountable for accuracy of financial statement
, o Improvement of audit committees
- Auditors operate
o Specific focus on auditor independence through auditor rotation, restricting non-
audit services
Research article: Auditor attestation under SOX section 404 & earnings
informativeness.
- SOX 302 Management takes responsibility for financial reporting and
controls (2002)
- SOX 404 Management’s assessment and testing of the company’s
internal controls and procedures for financial reporting (2004)
COSO Framework to support SOX 404. COSO = Committee of Sponsoring
Organizations of the Treadway Commission. It is an integrated framework for
designing, implementing and assessing an internal control system. COSO includes
five inter-related components which help achieving all internal control objectives
and cover the entire organization.
COSO house ‘’if one element of the house suffers, it impacts the substance of the
entire house’’. Risk has two characteristics:
1. Uncertainty = an event may or may not happen
2. Loss = an event has unwanted consequences or losses
17 COSO principles: control environment
1. Commitment to integrity and ethical values
2. Board of directors independent from management, oversees internal control
3. Management establishes structures, reporting lines and authorities and
responsibilities
4. Commitment to competence
5. Accountability and responsibilities
17 COSO principles: risk assessment
6. Identification of objectives to enable risk identification and assessment
7. Risk identification and analysis as a basis for risk management
8. Fraud taken into consideration
9. Identification and assessment of changes with impact on internal control system
17 COSO principles: control activities
10. Controls to mitigate risk to acceptable level
11. General controls over technology
12. Policies and procedures to help ensure that management’s risk responses are carried out
17 COSO principles: information & communication
13. Use of relevant, quality information to support internal control
14. Internal communication to support internal control
15. Communication with external parties regarding internal control
17 COSO principles: monitoring activities
16. Selection, development, and performance of ongoing and separate evaluation of (other)
internal control components
17. Timely evaluation and communication of internal control deficiencies to parties responsible
for taking corrective action
Possible risk responses: activity elimination, automation, centralization, risk sharing
Managing risks
Value Cycle – Segregation of duties
Lecture 1 – Introduction to AIS
Accounting = the process of identifying, measuring and communicating economic information to
permit informed judgments and decisions by internal and external users of the information.
Accounting is an information-providing activity, so accountants need to understand how the system
that provides that information is designed, implemented, and used; how (non-)financial information
is reported; and how information is used to make decisions. The accounting process
Accounting > auditing. Accounting is not the same as auditing.
Information purposes
- Delegation and accountability
- Decision-making
- Information for operating the business
Data = the most elementary representation of applicable parts of
reality that does not have meaning until it is processed
Information = all the processed data that contributes to the recipients
understanding of applicable parts of reality
IT = all the electronic media used to input, process and store data, to
provide information, and to support or enable communication
System = consists of interdependent (connected) elements (components)
and is set up to achieve one or more specific objectives. A sub-system can
exist without the containing system, but usually has no useful function by itself. An element or
component cannot be used alone.
Information system = a set of interdependent components working together to collect, process,
store, and provide information.
AIS = accounting information system = an organized collection of
software and hardware for inputting, processing, and storing data on
business events, aimed at providing information to internal and external stakeholders that complies
with specified quality criteria, and creating the right conditions for effective and efficient delegation
and accountability, decision-making, and operating the business. Governance and control are two
important, strongly related aspects of AIS.
AIS as a subsystem collect, processes and reports information related to the financial aspects
(accounting) of business events. AIS = specialized subsystem of IS.
AIS adding value to the organization.
- Improves quality of information better decision-making (internal and external)
- Improves efficiency automation saves resources, information more timely
- Shares knowledge by communicating procedures
- Improves internal control structure safeguarding an organization’s assets
Quality spectrum of information Quality spectrum of data
,Quality spectrum of IT Quality of information system. Different dimensions of the
information-based control framework need to be of high
quality in order to achieve a well-functioning (accounting)
information system, including informational and
operational alignment as well as controls.
Read preparation material
Lecture 2 – Internal Control
Goal of internal control = to provide a shield that protects assets against undesirable events (risks)
that bombard the organization.
Internal control = the process effected by an entity’s board of directors, management, and other
personnel, designed to provide reasonable assurance regarding the achievement of the objectives
related to:
- Effectiveness and efficiency of operations
- Reliability of internal and external reporting
- Compliance with applicable laws and regulation
The Fraud Triangle
- Pressure = persons incentive or motivation to commit fraud. Think about: pressure
to perform, meet stakeholder expectations or personal incentives like the need to
pay bills
- Rationalization = refers to an individual’s justification for committing fraud. Think
about tone at the top and misbehavior of upper management, or fear or losing a
job which motivates to commit fraud to prevent the loss of job
- Opportunity = refers to circumstances that allow fraud to occur. In the fraud
triangle, it is the only component that a company exercises control over. Weak
internal control open opportunities to commit fraud
Big accounting scandals, such as Tyco scandal (2002), WorldCom scandal (2002) and Enron scandal
(2001) caused gigantic regulatory reactions: Sarbanes-Oxley Act (SOX) (2002) = restore investor
confidence in the capital market and the audit profession by improving accuracy and reliability of
corporate disclosure. SOX 60 laws were invented to:
- Prevent financial statement fraud
- Make reporting more transparent
- Protect investor
- Strengthen internal control
- Punish executives who perpetrate fraud
- Re-establish public confidence
And had an effect on how:
- Board of directors and management operate
o Implement and test internal controls
o Hold executives accountable for accuracy of financial statement
, o Improvement of audit committees
- Auditors operate
o Specific focus on auditor independence through auditor rotation, restricting non-
audit services
Research article: Auditor attestation under SOX section 404 & earnings
informativeness.
- SOX 302 Management takes responsibility for financial reporting and
controls (2002)
- SOX 404 Management’s assessment and testing of the company’s
internal controls and procedures for financial reporting (2004)
COSO Framework to support SOX 404. COSO = Committee of Sponsoring
Organizations of the Treadway Commission. It is an integrated framework for
designing, implementing and assessing an internal control system. COSO includes
five inter-related components which help achieving all internal control objectives
and cover the entire organization.
COSO house ‘’if one element of the house suffers, it impacts the substance of the
entire house’’. Risk has two characteristics:
1. Uncertainty = an event may or may not happen
2. Loss = an event has unwanted consequences or losses
17 COSO principles: control environment
1. Commitment to integrity and ethical values
2. Board of directors independent from management, oversees internal control
3. Management establishes structures, reporting lines and authorities and
responsibilities
4. Commitment to competence
5. Accountability and responsibilities
17 COSO principles: risk assessment
6. Identification of objectives to enable risk identification and assessment
7. Risk identification and analysis as a basis for risk management
8. Fraud taken into consideration
9. Identification and assessment of changes with impact on internal control system
17 COSO principles: control activities
10. Controls to mitigate risk to acceptable level
11. General controls over technology
12. Policies and procedures to help ensure that management’s risk responses are carried out
17 COSO principles: information & communication
13. Use of relevant, quality information to support internal control
14. Internal communication to support internal control
15. Communication with external parties regarding internal control
17 COSO principles: monitoring activities
16. Selection, development, and performance of ongoing and separate evaluation of (other)
internal control components
17. Timely evaluation and communication of internal control deficiencies to parties responsible
for taking corrective action
Possible risk responses: activity elimination, automation, centralization, risk sharing
Managing risks
Value Cycle – Segregation of duties
