Ais revision

Lecture 1
Explain what an AIS is and its role in value creation
2. How does an AIS add value
3. Overview the five major transaction cycles
4. Discuss the data processing cycle
value chain:
primary activties and second activities
Primary activities: Inbound Logistics, operations, outbound logistics, marketing and sales,
servicing
secondary activities
Firm infrastructure, HR mgmt., Technology, Procurement
understand journal entry and processes within each business cycles
input processing storage output

Lecture 2
1. Explain the difference between database and file-based systems
Database: a set of inter related centrally managed files
File-based system: files are set up based on functions and independent of each other.
Benefits of database systems:
Data integration, data sharing, reporting flexibility, minimize data redundancy and
inconsistencies
Data independence, central mgmt. of data, cross function analysis
2. Describe what a relational database is and how it organizes data
3. Explain the difference between logical and physical views of a database
Logical view is the view of the users which can be customized according to individual
requirement. Physical view is the manner the data is stored within the database which is
maintained by programmers and database managers.
4. Create a set of well-structured tables to properly store data in a relational database

Lecture 3 Computer Fraud

1. The fraud process: Fraud are means to gain unfair advantage over another person
2. Why fraud occurs
Fraud triangle: Motivation, opportunity and rationalization
Persons will be motivated to commit fraud due financial issues living a lavish lifestyle and
Greed.
Person will be able to commit fraud due to available opportunities due to lack of internal controls
and excessive trust in key employees. Opportunities include chance to commit, conceal and
convert the items to proceeds or funds.
Person after committing fraud will have a logical explanation for his actions
3. Computer fraud
Input, processing, storage and output fraud.
Types of fraud
Input fraud require lower
level of skill
Processing Fraud
unauthorized system use
Computer instruction fraud
temper with software used to
process data
Data fraud

Output Fraud

Example
Controls
Enter fictitious records, enter
wrong amounts to pocket
difference
Use company computer for
personal business
Modifying software eg salami
attack
Altering damaging data files
Copy data files without
authorization (sell to
competitor)
Read data output from remote
locaiton

salami technique, DDOS few questions, identity theft, malware, (following tut)
understand each one and diferences
Social engineering: Person pretending to be someone else in order gain information.
Malware: software to do harm
Virus self-replicating, executable code attached to programs or files when triggered make
unauthorized changes to computer

Salami technique: taking small amounts of money over time

Round down: type of salami technique round down cents in account
4. Methods to prevent and detect fraud
1. Make fraud less likely to occur: create culture of integrity, sufficient supervision, have
proper operating policies in place
2. Increase difficulty of committing fraud: have strong internal control (eg restrict access to
systems to authorized persons), segregation of duties, independent reconciliation and
checks
3. Improve detection methods: Encourage whistleblowing, assess fraud risk
4. Reduce fraud losses: buying insurance, having backups
Lecture 4 control & AIS
1. Overview control concepts
2. Describe & explain the elements of the ERM framework
3. Outline control activities commonly implemented in
companies
benefits of controls
understanding control activities: training encryption, authorisation authentication,
understanding broad framework of ERM
purpose of ERM is risk management
framework
control activities:
Authorization
segregation of duties: custodian, recorder and approval duties must be performed by different
persons
lecture 5 Information Security & Privacy Controls
1. Identify the factors that affect systems reliability
Security, Processing Integrity, Confidentially, Privacy, Availability
2. Defense in depth vs time-based model of security
Defense in depth: having many layers of controls in case one control fail there are still other
controls to safeguard.
Time-based model of security
3 types of controls: Preventive, Detective, Corrective

(P >D+ C) Focus is to prevent any unauthorized access or have ample time to detect and correct
the loop holes

3. Identify security controls that prevent unauthorized access

Under preventive control: Authorization vs authentication
Authorisation is granting rights to certain individuals
Authentication is verifying the actual identity of individuals. Only authorized personnel are
allowed to access the system hence requiring authentication
Training employees to set strong passwords and detect malicious emails
4. Identify controls designed to ensure processing integrity & systems availability
Encryption and decryption of data when data is in transfer.
Confidentially vs privacy
Confidentially is targeted for safeguarding of internal information
Privacy is for safeguard of customers or external parties information.
topic 6 lecture slide 3 triangle diagram
defense in depth: multiple layersof controls time based system authorisation vs authencation
which one first what is the difference
purpose of training
confidentially vs privacy
important checks: reasonableness check,
validity, field check, limit check
what check is the best to solve the problem
controls to solve the problem

Revenue

Cycle Activities

Key Decisions

Threats

Control Procedures

Sales order entry

Customization
Inventory level
Delivery method
Price
Credit limit
amount
Payment
processing

Sales order entry

Inaccurate sales order

Validity check to ensure customer

exist
Field check and reasonableness
test to ensure that data entered is
reasonable

Shipping
Billing
Cash collection

Production
(DPPA)

Product design
-accountant collect cost
information and assist
design team to minimize
cost
Planning and scheduling
-meet orders and
minimize inventory
Production operations
-check inventory
-check material bill to
order materials needed
-adjust master
production schedule to
include new orders
Cost accounting
-collect cost information
to determine profitability

-Mix of product to
produce
-Product price
-How much
resource allocated
-How to manage
cost & evaluate
performance

Shipping
Shipping errors
Theft of inventory
Billing
Failure to bill
Bill wrongly

Segregation of duties to ensure

that person recording and
handling cash is different to
prevent theft

Cash collection
Error in maintaining
Theft of cash

Reconciliation through issue

customer statement of accounts

-Poor product design

-Poor decision to invest in
fixed assets not suited
for company
-over or underproduction
-theft of inventories or
fixed assets

Poor product design

-analyse possible warranty cost
suboptimal asset investment
-review asset requisition plan to
determine appropriateness
Over or underproduction
-check inventory level and adjust
production accordingly
-improve forecasting
Theft of inventories
-restrict access, install CCTV

Expenditur
e

Purchase inventory
-how much to buy
JIT or MRP system
Receiving goods
-accepting and counting
Paying goods
-approve and pay vendor
invoice

-Optimal level of
inventory
-Which supplier is
best price and
quality
-Inventory
storage location
-Consolidate
purchase to get
optimal price

Purchasing
-purchase too much or
too little
-kickbacks
Receiving
-receive wrong goods,
bad condition, wrong
amount
-theft
Paying
-error in invoice
-misappropriation of cash

HR &
payroll

GL
Financial
reporting

Update Payroll master

file for new empee
Validate time &
attendance record
Prepare payroll
Pay payroll
Pay CPF & other
deductions
-update GL
-routine
-non routine transaction
-post adjusting entries
-produce financial
statements
-produce managerial
reports

Recruit
Train
Assign job
Compensation
(payroll)
Performance
evaluation
termination

-recruit poor performing

empee
-Inaccurate
compensation
-Payment to terminated
or fictitious empee
-Violate relevant laws
- Error in updating
- loss or altered or
unauthorized disclosure
of data
-poor performance

Purchasing
-approved price list, vendor list
-approved PR
-good inventory mgmt system
consult inventory before
purchasing
Receiving
-create receiving report
-segregation of duties for counter
and custodian
-physical safeguard for inventory
RFID tagging
Paying
-using Evalued
-regular reconciliation, request for
statement of accounts from
creditor
-review hiring policies to ensure
good quality staff hired
-ensure personnel records are
matched to physical empees
-attend training to keep up to date
with relevant regulations
Reconciliation
Audit trial
Back up
Access control

XBRL
-what
Publish financial statement electronically using tags

Benefits
-can extract data for analysis without reentering data
-data can be transformed into different formats for use

Balanced scorecard
-measuring financial and non-financial measures
-four perspective
Learning & growth
Internal Business
Customer
Financial