www.downloadslide.net
www.downloadslide.net
Accounting
Information
Systems
A01_ROMN4021_14_SE_FM.indd 1
02/11/16 4:00 PM
www.downloadslide.net
This page intentionally left blank
www.downloadslide.net
Accounting
Information
Systems
FOURTEENTH EDITION
Marshall B. Romney
Brigham Young University
Paul John Steinbart
Arizona State University
A01_ROMN4021_14_SE_FM.indd 3
02/11/16 4:00 PM
Creative Director: Blair Brown
www.downloadslide.net
Vice President, Business Publishing: Donna Battista
Director of Portfolio Management: Adrienne D’Ambrosio
Senior Portfolio Manager: Ellen Geary
Vice President, Product Marketing: Roxanne McCarley
Director of Strategic Marketing: Brad Parkins
Strategic Marketing Manager: Deborah Strickland
Product Marketer: Tricia Murphy
Field Marketing Manager: Natalie Wagner
Field Marketing Assistant: Kristen Compton
Product Marketing Assistant: Jessica Quazza
Vice President, Production and Digital Studio, Arts and Business:
Etain O’Dea
Director of Production, Business: Jeff Holcomb
Managing Producer, Business: Ashley Santora
Content Producer: Daniel Edward Petrino
Operations Specialist: Carol Melville
Manager, Learning Tools: Brian Surette
Content Developer, Learning Tools: Sarah Peterson
Managing Producer, Digital Studio, Arts and Business: Diane Lombardo
Digital Studio Producer: Regina DaSilva
Digital Studio Producer: Alana Coles
Digital Content Team Lead: Noel Lotz
Digital Content Project Lead: Martha LaChance
Full-Service Project Management and Composition: Thistle Hill
Publishing Services / Cenveo® Publisher Services
Interior Design: Jerilyn Bockorick, Cenveo® Publisher Services
Cover Design: Jerilyn Bockorick, Cenveo® Publisher Services
Cover Art: aa_amie / Fotolia
Printer/Binder: LSC Communications
Cover Printer: Phoenix Color
Credits and acknowledgments borrowed from other sources and reproduced, with permission, in this textbook appear on the
appropriate page within text.
Photo Credits: p. 1, FreshPaint/Shutterstock; p. 3, Vitalinka/Shutterstock; p. 25, Jesus Sanz/Shutterstock; p. 51, Stephen VanHorn/
Shutterstock; p. 85, rawpixel/123rf; p. 125, Dusit/Shutterstock; p. 127, Ryan R. Fox/Shutterstock; p. 157, pseudopixels/Shutterstock;
p. 237, Maksim Kabakou/Shutterstock; p. 271, Oliver Hoffmann/Shutterstock; p. 297, ViewApart/Fotolia; p. 323, ollyy/Shutterstock;
p. 353, CandyBox Images/Shutterstock; p. 395, Image Source/Getty Images; p. 433, Olga Serdyuk/123rf; p. 463, Gary Arbach/
123rf; p. 493, wrangler/Shutterstock; p. 619, leedsn/Shutterstock; p. 655, Semisatch/Shutterstock; p. 683, audy_indy/Fotolia
Microsoft and/or its respective suppliers make no representations about the suitability of the information contained in the d ocuments
and related graphics published as part of the services for any purpose. All such documents and related graphics are p rovided “as is”
without warranty of any kind. Microsoft and/or its respective suppliers hereby disclaim all warranties and c onditions with regard to this
information, including all warranties and conditions of merchantability, whether express, implied or statutory, fitness for a particular
purpose, title and non-infringement. In no event shall Microsoft and/or its respective suppliers be liable for any special, indirect
or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract,
negligence or other tortious action, arising out of or in connection with the use or performance of information available from the services.
The documents and related graphics contained herein could include technical inaccuracies or typographical errors. Changes are periodically
added to the information herein. Microsoft and/or its respective suppliers may make improvements and/or changes in the product(s) and/
or the program(s) described herein at any time. Partial screen shots may be viewed in full within the software version specified.
Microsoft® and Windows® are registered trademarks of the Microsoft Corporation in the U.S.A. and other countries. This book is
not sponsored or endorsed by or affiliated with the Microsoft Corporation.
Copyright © 2018, 2015, 2012 by Pearson Education, Inc. or its affiliates. All Rights Reserved. Manufactured in the United
States of America. This publication is protected by copyright, and permission should be obtained from the publisher prior to
any prohibited reproduction, storage in a retrieval system, or transmission in any form or by any means, electronic, mechanical,
photocopying, recording, or otherwise. For information regarding permissions, request forms, and the appropriate contacts within
the Pearson Education Global Rights and Permissions department, please visit www.pearsoned.com/permissions/.
Acknowledgments of third-party content appear on the appropriate page within the text.
PEARSON, ALWAYS LEARNING is an exclusive trademark owned by Pearson Education, Inc. or its affiliates in the U.S. and/or
other countries.
Unless otherwise indicated herein, any third-party trademarks, logos, or icons that may appear in this work are the property of
their respective owners, and any references to third-party trademarks, logos, icons, or other trade dress are for demonstrative or
descriptive purposes only. Such references are not intended to imply any sponsorship, endorsement, authorization, or promotion
of Pearson’s products by the owners of such marks, or any relationship between the owner and Pearson Education, Inc., or its
affiliates, authors, licensees, or distributors.
Library of Congress Cataloging-in-Publication Data
Names: Romney, Marshall B., author. | Steinbart, Paul John, author.
Title: Accounting information systems / Marshall B. Romney, Brigham Young
University, Paul John Steinbart, Arizona State University.
Description: Fourteenth Edition. | New York : Pearson, [2016] | Revised
edition of the authors’ Accounting information systems, [2015] | Includes
bibliographical references and index.
Identifiers: LCCN 2016043449| ISBN 9780134474021 (hardcover) | ISBN
0134474023 (hardcover)
Subjects: LCSH: Accounting—Data processing. | Information storage and
retrieval systems—Accounting.
Classification: LCC HF5679 .R6296 2016 | DDC 657.0285—dc23
LC record available at />10 9 8 7 6 5 4 3 2 1
ISBN 10: 0-13-447402-3
ISBN 13: 978-0-13-447402-1
A01_ROMN4021_14_SE_FM.indd 4
02/11/16 4:00 PM
www.downloadslide.net
Brief Contents
Preface xix
PART I Conceptual Foundations of Accounting
Information Systems 1
CHAPTER 1 Accounting Information Systems: An Overview 2
CHAPTER 2 Overview of Transaction Processing and Enterprise
Resource Planning Systems 24
CHAPTER 3 Systems Documentation Techniques 50
CHAPTER 4 Relational Databases 84
PART II Control and Audit of Accounting Information
Systems 125
CHAPTER 5 Fraud 126
CHAPTER 6 Computer Fraud and Abuse Techniques 156
CHAPTER 7 Control and Accounting Information Systems 196
CHAPTER 8 Controls for Information Security 236
CHAPTER 9 Confidentiality and Privacy Controls 270
CHAPTER 10 Processing Integrity and Availability Controls 296
CHAPTER 11 Auditing Computer-Based Information Systems 322
PART III Accounting Information Systems Applications 351
CHAPTER 12 The Revenue Cycle: Sales to Cash Collections 352
CHAPTER 13 The Expenditure Cycle: Purchasing to Cash
Disbursements 394
CHAPTER 14 The Production Cycle 432
CHAPTER 15 The Human Resources Management and
Payroll Cycle 462
CHAPTER 16 General Ledger and Reporting System 492
v
A01_ROMN4021_14_SE_FM.indd 5
02/11/16 4:00 PM
www.downloadslide.net
vi
BRIEF CONTENTS
PART IV The REA Data Model 525
CHAPTER 17 Database Design Using the REA Data Model 526
CHAPTER 18 Implementing an REA Model in a Relational Database 560
CHAPTER 19 Special Topics in REA Modeling 584
PART V The Systems Development Process 617
CHAPTER 20 Introduction to Systems Development and
Systems Analysis 618
CHAPTER 21 AIS Development Strategies 654
CHAPTER 22 Systems Design, Implementation, and Operation 682
Glossary 708
Index 729
A01_ROMN4021_14_SE_FM.indd 6
02/11/16 4:00 PM
www.downloadslide.net
Contents
Preface xix
PART I Conceptual Foundations of Accounting Information
Systems 1
CHAPTER 1 Accounting Information Systems: An Overview 2
Introduction 3
Information Needs and Business Processes 4
Information Needs 5
Business Processes 6
Accounting Information Systems 10
How an AIS Can Add Value to an Organization 11
The AIS and Corporate Strategy 13
The Role of the AIS in the Value Chain 13
Summary and Case Conclusion 15 ■ Key Terms 16
AIS IN ACTION: Chapter Quiz 16 ■ Discussion Questions 17 ■ Problems 18
CASE 1-1 Ackoff’s Management Misinformation Systems 21
AIS IN ACTION SOLUTIONS: Quiz Key 22
CHAPTER 2 Overview of Transaction Processing and Enterprise
Resource Planning Systems 24
Introduction 25
Transaction Processing: The Data Processing Cycle 26
Data Input 26
Data Storage 27
Data Processing 33
Information Output 33
Enterprise Resource Planning (ERP) Systems 35
Summary and Case Conclusion 38 ■ Key Terms 38
AIS IN ACTION: Chapter Quiz 38 ■ Discussion Questions 39 ■ Problems 40
CASE 2-1 Bar Harbor Blueberry Farm 46
AIS IN ACTION SOLUTIONS: Quiz Key 47
CHAPTER 3 Systems Documentation Techniques 50
Introduction 51
Data Flow Diagrams 52
Subdividing the DFD 54
vii
A01_ROMN4021_14_SE_FM.indd 7
02/11/16 4:00 PM
www.downloadslide.net
viii
CONTENTS
Flowcharts 58
Types of Flowcharts 58
Program Flowcharts 63
Business Process Diagrams 63
Summary and Case Conclusion 65 ■ Key Terms 66
AIS IN ACTION: Chapter Quiz 66 ■ Comprehensive Problem 67 ■ Discussion Questions 67 ■
Problems 68
CASE 3-1 Dub 5 75
AIS IN ACTION SOLUTIONS: Quiz Key 76 ■ Comprehensive Problem Solution 78
CHAPTER 4 Relational Databases 84
Introduction 84
Databases and Files 85
Using Data Warehouses for Business Intelligence 86
The Advantages of Database Systems 87
The Importance of Good Data 87
Database Systems 88
Logical and Physical Views of Data 88
Schemas 88
The Data Dictionary 90
DBMS Languages 90
Relational Databases 90
Types of Attributes 90
Designing a Relational Database for S&S, Inc. 92
Basic Requirements of a Relational Database 94
Two Approaches to Database Design 95
Creating Relational Database Queries 95
Query 1 97
Query 2 99
Query 3 100
Query 4 100
Query 5 102
Database Systems and the Future of Accounting 102
Summary and Case Conclusion 103 ■ Key Terms 104
AIS IN ACTION: Chapter Quiz 104 ■ Comprehensive Problem 105 ■
Discussion Questions 106 ■ Problems 106
CASE 4-1 Research Project 113
AIS IN ACTION SOLUTIONS: Quiz Key 114 ■ Comprehensive Problem Solution 115 ■
Appendix: Data Normalization 118 ■ Summary 121 ■ Second Normalization Example 121
PART II Control and Audit of Accounting Information
Systems 125
CHAPTER 5 Fraud 126
Introduction 127
AIS Threats 128
Introduction to Fraud 130
Misappropriation of Assets 131
Fraudulent Financial Reporting 132
SAS No. 99 (AU-C Section 240): The Auditor’s Responsibility to Detect Fraud 133
Who Perpetrates Fraud and Why 133
The Fraud Triangle 134
A01_ROMN4021_14_SE_FM.indd 8
02/11/16 4:00 PM
www.downloadslide.net
CONTENTS
ix
Computer Fraud 138
The Rise in Computer Fraud 138
Computer Fraud Classifications 140
Preventing and Detecting Fraud and Abuse 142
Summary and Case Conclusion 143 ■ Key Terms 144
AIS IN ACTION: Chapter Quiz 144 ■ Discussion Questions 145 ■ Problems 146
CASE 5-1 David L. Miller: Portrait of a White-Collar Criminal 150
CASE 5-2 Heirloom Photo Plans 152
AIS IN ACTION SOLUTIONS: Quiz Key 153
CHAPTER 6 Computer Fraud and Abuse Techniques 156
Introduction 156
Computer Attacks and Abuse 157
Social Engineering 165
Malware 170
Summary and Case Conclusion 179 ■ Key Terms 180
AIS IN ACTION: Chapter Quiz 181 ■ Discussion Questions 182 ■ Problems 182
CASE 6-1 Shadowcrew 192
AIS IN ACTION SOLUTIONS: Quiz Key 193
CHAPTER 7 Control and Accounting Information Systems 196
Introduction 197
Why Threats to Accounting Information Systems are Increasing 197
Overview of Control Concepts 198
The Foreign Corrupt Practices and Sarbanes–Oxley Acts 199
Control Frameworks 200
COBIT Framework 200
COSO’S Internal Control Framework 202
COSO’S Enterprise Risk Management Framework 202
The Enterprise Risk Management Framework Versus the Internal Control
Framework 204
The Internal Environment 204
Management’s Philosophy, Operating Style, and Risk Appetite 205
Commitment to Integrity, Ethical Values, and Competence 205
Internal Control Oversight by the Board of Directors 206
Organizational Structure 206
Methods of Assigning Authority and Responsibility 206
Human Resources Standards that Attract, Develop, and Retain
Competent Individuals 206
External Influences 208
Objective Setting and Event Identification 208
Objective Setting 208
Event Identification 209
Risk Assessment and Risk Response 209
Estimate Likelihood and Impact 210
Identify Controls 211
Estimate Costs and Benefits 211
Determine Cost/Benefit Effectiveness 211
Implement Control or Accept, Share, or Avoid the Risk 211
Control Activities 212
Proper Authorization of Transactions and Activities 212
Segregation of Duties 213
A01_ROMN4021_14_SE_FM.indd 9
02/11/16 4:00 PM
www.downloadslide.net
x
CONTENTS
Project Development and Acquisition Controls 215
Change Management Controls 216
Design and Use of Documents and Records 216
Safeguard Assets, Records, and Data 216
Independent Checks on Performance 217
Communicate Information and Monitor Control Processes 218
Information and Communication 218
Monitoring 218
Summary and Case Conclusion 221 ■ Key Terms 222
AIS IN ACTION: Chapter Quiz 222 ■ Discussion Questions 224 ■ Problems 224
CASE 7-1 The Greater Providence Deposit & Trust Embezzlement 232
AIS IN ACTION SOLUTIONS: Quiz Key 233
CHAPTER 8 Controls for Information Security 236
Introduction 237
Two Fundamental Information Security Concepts 238
1. Security Is a Management Issue, Not Just a Technology Issue 238
2. The Time-Based Model of Information Security 239
Understanding Targeted Attacks 240
Protecting Information Resources 241
People: Creation of a “Security-Conscious” Culture 242
People: Training 242
Process: User Access Controls 243
Process: Penetration Testing 246
Process: Change Controls and Change Management 247
IT Solutions: Antimalware Controls 247
IT Solutions: Network Access Controls 247
IT Solutions: Device and Software Hardening Controls 251
IT Solutions: Encryption 254
Physical Security: Access Controls 254
Detecting Attacks 255
Log Analysis 255
Intrusion Detection Systems 256
Continuous Monitoring 256
Responding to Attacks 257
Computer Incident Response Team (CIRT) 257
Chief Information Security Officer (CISO) 257
Security Implications of Virtualization, Cloud Computing,
and the Internet of Things 258
Summary and Case Conclusion 259 ■ Key Terms 260
AIS IN ACTION: Chapter Quiz 260 ■ Discussion Questions 261 ■ Problems 262
CASE 8-1 Assessing Change Control and Change Management 266
CASE 8-2 Research Project 267
AIS IN ACTION SOLUTIONS: Quiz Key 267
CHAPTER 9 Confidentiality and Privacy Controls 270
Introduction 271
Preserving Confidentiality 271
Identify and Classify Information to Be Protected 272
Protecting Confidentiality with Encryption 272
Controlling Access to Sensitive Information 272
Training 274
A01_ROMN4021_14_SE_FM.indd 10
02/11/16 4:00 PM
www.downloadslide.net
CONTENTS
xi
Privacy 274
Privacy Controls 274
Privacy Concerns 275
Privacy Regulations and Generally Accepted Privacy Principles 277
Encryption 278
Factors That Influence Encryption Strength 279
Types of Encryption Systems 280
Hashing 282
Digital Signatures 282
Digital Certificates and Public Key Infrastructure 284
Virtual Private Networks (VPNS) 285
Summary and Case Conclusion 285 ■ Key Terms 286
AIS IN ACTION: Chapter Quiz 286 ■ Discussion Questions 288 ■ Problems 288
CASE 9-1 Protecting Privacy of Tax Returns 292
CASE 9-2 Generally Accepted Privacy Principles 293
AIS IN ACTION SOLUTIONS: Quiz Key 293
CHAPTER 10 Processing Integrity and Availability Controls 296
Introduction 296
Processing Integrity 297
Input Controls 297
Processing Controls 299
Output Controls 300
Illustrative Example: Credit Sales Processing 301
Processing Integrity Controls in Spreadsheets 302
Availability 303
Minimizing Risk of System Downtime 303
Recovery and Resumption of Normal Operations 304
Summary and Case Conclusion 308 ■ Key Terms 309
AIS IN ACTION: Chapter Quiz 309 ■ Discussion Questions 310 ■ Problems 311
CASE 10-1 Ensuring Systems Availability 318
CASE 10-2 Ensuring Process Integrity in Spreadsheets 319
AIS IN ACTION SOLUTIONS: Quiz Key 320
CHAPTER 11 Auditing Computer-Based Information Systems 322
Introduction 323
The Nature of Auditing 324
Overview of the Audit Process 324
The Risk-Based Audit Approach 326
Information Systems Audits 327
Objective 1: Overall Security 327
Objective 2: Program Development and Acquisition 329
Objective 3: Program Modification 330
Objective 4: Computer Processing 331
Objective 5: Source Data 334
Objective 6: Data Files 335
Audit Software 336
Operational Audits of an AIS 338
Summary and Case Conclusion 338 ■ Key Terms 339
AIS IN ACTION: Chapter Quiz 339 ■ Discussion Questions 340 ■ Problems 341
CASE 11-1 Preston Manufacturing 348
AIS IN ACTION SOLUTIONS: Quiz Key 348
A01_ROMN4021_14_SE_FM.indd 11
02/11/16 4:00 PM
www.downloadslide.net
xii
CONTENTS
PART III Accounting Information Systems Applications 351
CHAPTER 12 The Revenue Cycle: Sales to Cash Collections 352
Introduction 354
Revenue Cycle Information System 356
Process 356
Threats and Controls 356
Sales Order Entry 359
Taking Customer Orders 359
Credit Approval 362
Checking Inventory Availability 364
Responding to Customer Inquiries 365
Shipping 366
Pick and Pack the Order 367
Ship the Order 368
Billing 371
Invoicing 371
Maintain Accounts Receivable 373
Cash Collections 377
Process 377
Threats and Controls 378
Summary and Case Conclusion 380 ■ Key Terms 381
AIS IN ACTION: Chapter Quiz 381 ■ Discussion Questions 382 ■
Problems 382
CASE 12-1 Research Project: How CPA Firms Are Leveraging
New Developments in IT 391
AIS IN ACTION SOLUTIONS: Quiz Key 391
CHAPTER 13 The Expenditure Cycle: Purchasing to Cash
Disbursements 394
Introduction 395
Expenditure Cycle Information System 396
Process 396
Threats and Controls 399
Ordering Materials, Supplies, and Services 402
Identifying What, When, and How Much to Purchase 402
Choosing Suppliers 405
Receiving 409
Process 409
Threats and Controls 410
Approving Supplier Invoices 411
Process 411
Threats and Controls 413
Cash Disbursements 415
Process 415
Threats and Controls 415
Summary and Case Conclusion 417 ■ Key Terms 418
AIS IN ACTION: Chapter Quiz 418 ■ Discussion Questions 419 ■
Problems 420
CASE 13-1 Research Project: Impact of Information Technology on Expenditure Cycle Activities,
Threats, and Controls 429
AIS IN ACTION SOLUTIONS: Quiz Key 429
A01_ROMN4021_14_SE_FM.indd 12
02/11/16 4:00 PM
www.downloadslide.net
CONTENTS
xiii
CHAPTER 14 The Production Cycle 432
Introduction 433
Production Cycle Information System 435
Process 436
Threats and Controls 436
Product Design 437
Process 437
Threats and Controls 439
Planning and Scheduling 439
Production Planning Methods 439
Key Documents and Forms 439
Threats and Controls 443
Production Operations 444
Threats and Controls 444
Cost Accounting 446
Process 446
Threats and Controls 447
Summary and Case Conclusion 452 ■ Key Terms 453
AIS IN ACTION: Chapter Quiz 453 ■ Discussion Questions 454 ■ Problems 455
CASE 14-1 The Accountant and CIM 459
AIS IN ACTION SOLUTIONS: Quiz Key 459
CHAPTER 15 The Human Resources Management and
Payroll Cycle 462
Introduction 463
HRM/Payroll Cycle Information System 464
Overview of HRM Process and Information Needs 464
Threats and Controls 466
Payroll Cycle Activities 469
Update Payroll Master Database 470
Validate Time and Attendance Data 471
Prepare Payroll 474
Disburse Payroll 477
Calculate and Disburse Employer-Paid Benefits, Taxes, and Voluntary
Employee Deductions 479
Outsourcing Options: Payroll Service Bureaus and Professional
Employer Organizations 479
Summary and Case Conclusion 480 ■ Key Terms 481
AIS IN ACTION: Chapter Quiz 481 ■ Discussion Questions 482 ■ Problems 483
CASE 15-1 Research Report: HRM/Payroll Opportunities for CPAs 489
AIS IN ACTION SOLUTIONS: Quiz Key 489
CHAPTER 16 General Ledger and Reporting System 492
Introduction 493
General Ledger and Reporting System 494
Process 495
Threats and Controls 495
Update General Ledger 497
Process 497
Threats and Controls 497
Post Adjusting Entries 501
Process 501
Threats and Controls 502
A01_ROMN4021_14_SE_FM.indd 13
02/11/16 4:00 PM
www.downloadslide.net
xiv
CONTENTS
Prepare Financial Statements 502
Process 502
Threats and Controls 507
Produce Managerial Reports 508
Process 508
Threats and Controls 508
Summary and Case Conclusion 513 ■ Key Terms 514
AIS IN ACTION: Chapter Quiz 514 ■ Discussion Questions 515 ■ Problems 515
CASE 16-1 Exploring XBRL Tools 520
CASE 16-2 Evaluating a General Ledger Package 521
CASE 16-3 Visualization Tools for Big Data 521
AIS IN ACTION SOLUTIONS: Quiz Key 521
PART IV The REA Data Model 525
CHAPTER 17 Database Design Using the REA Data Model 526
Introduction 526
Database Design Process 527
Entity-Relationship Diagrams 528
The REA Data Model 529
Three Basic Types of Entities 530
Structuring Relationships: The Basic REA Template 530
Developing an REA Diagram 533
Step 1: Identify Relevant Events 533
Step 2: Identify Resources and Agents 535
Step 3: Determine Cardinalities of Relationships 536
What an REA Diagram Reveals About an Organization 540
Business Meaning of Cardinalities 540
Uniqueness of REA Diagrams 541
Summary and Case Conclusion 542 ■ Key Terms 543
AIS IN ACTION: Chapter Quiz 543 ■ Comprehensive Problem 546 ■
Discussion Questions 546 ■ Problems 547
CASE 17-1 REA Data Modeling Extension 551
AIS IN ACTION SOLUTIONS: Quiz Key 552 ■ Comprehensive Problem Solution 556
CHAPTER 18 Implementing an REA Model in a Relational
Database 560
Introduction 561
Integrating REA Diagrams Across Cycles 561
Merging Redundant Resource Entities 564
Merging Redundant Event Entities 565
Validating the Accuracy of Integrated REA Diagrams 566
Implementing an REA Diagram in a Relational Database 566
Step 1: Create Tables for Each Distinct Entity and M:N Relationship 566
Step 2: Assign Attributes to Each Table 568
Step 3: Use Foreign Keys to Implement 1:1 and 1:N Relationships 569
Completeness Check 570
Using REA Diagrams to Retrieve Information from a Database 571
Creating Journals and Ledgers 571
Generating Financial Statements 572
Creating Managerial Reports 573
Summary and Case Conclusion 573 ■ Key Term 574
A01_ROMN4021_14_SE_FM.indd 14
02/11/16 4:00 PM
www.downloadslide.net
CONTENTS
xv
AIS IN ACTION: Chapter Quiz 574 ■ Comprehensive Problem 575 ■
Discussion Questions 575 ■ Problems 576
CASE 18-1 Practical Database Design 578
AIS IN ACTION SOLUTIONS: Quiz Key 579 ■ Comprehensive Problem Solution 581
CHAPTER 19 Special Topics in REA Modeling 584
Introduction 585
Additional Revenue and Expenditure Cycle Modeling Topics 585
Additional Revenue Cycle Events and Attribute Placement 585
Additional Expenditure Cycle Events and Attribute Placement 587
Sale of Services 590
Acquisition of Intangible Services 590
Digital Assets 591
Rental Transactions 591
Additional REA Features 593
Employee Roles 593
M:N Agent–Event Relationships 593
Locations 593
Relationships Between Resources and Agents 593
Production Cycle REA Model 594
Additional Entities—Intellectual Property 594
Production Cycle Events 596
New REA Feature 596
Combined HR/Payroll Data Model 597
HR Cycle Entities 597
Tracking Employees’ Time 598
Financing Activities Data Model 599
Summary and Case Conclusion 600
AIS IN ACTION: Chapter Quiz 603 ■ Discussion Questions 604 ■ Problems 605
CASE 19-1 Practical Database Assignment 610
AIS IN ACTION SOLUTIONS: Quiz Key 610 ■ Appendix: Extending the REA Model to Include
Information About Policies 614
PART V The Systems Development Process 617
CHAPTER 20 Introduction to Systems Development and Systems
Analysis 618
Introduction 619
Systems Development 621
The Systems Development Life Cycle 621
The Players 622
Planning Systems Development 623
Planning Techniques 623
Feasibility Analysis 625
Capital Budgeting: Calculating Economic Feasibility 626
Behavioral Aspects of Change 628
Why Behavioral Problems Occur 628
How People Resist Change 628
Preventing Behavioral Problems 629
Systems Analysis 630
Initial Investigation 630
Systems Survey 631
A01_ROMN4021_14_SE_FM.indd 15
02/11/16 4:00 PM
www.downloadslide.net
xvi
CONTENTS
Feasibility Study 633
Information Needs and Systems Requirements 633
Systems Analysis Report 635
Summary and Case Conclusion 636 ■ Key Terms 637
AIS IN ACTION: Chapter Quiz 638 ■ Comprehensive Problem 639 ■
Discussion Questions 639 ■ Problems 640
CASE 20-1 Audio Visual Corporation 648
AIS IN ACTION SOLUTIONS: Quiz Key 649 ■ Comprehensive Problem Solution 652
CHAPTER 21AIS Development Strategies 654
Introduction 655
Purchasing Software 655
Selecting a Vendor 656
Acquiring Hardware and Software 656
Evaluating Proposals and Selecting a System 657
Development by In-House Information Systems Departments 659
End-User-Developed Software 659
Advantages and Disadvantages of End-User Computing 660
Managing and Controlling End-User Computing 661
Outsourcing the System 662
Advantages and Disadvantages of Outsourcing 662
Methods for Improving Systems Development 663
Business Process Management 664
Prototyping 665
Agile Methodologies 667
Computer-Aided Software Engineering 670
Summary and Case Conclusion 671 ■ Key Terms 671
AIS IN ACTION: Chapter Quiz 672 ■ Comprehensive Problem Freedom from
Telemarketers—the Do Not Call List 673 ■ Discussion Questions 673 ■
Problems 674
CASE 21-1 Wong Engineering Corp. 678
AIS IN ACTION SOLUTIONS: Quiz Key 679 ■ Comprehensive
Problem Solution 681
CHAPTER 22Systems Design, Implementation, and Operation 682
Introduction 683
Conceptual Systems Design 683
Evaluate Design Alternatives 683
Prepare Design Specifications and Reports 685
Physical Systems Design 685
Output Design 686
File and Database Design 686
Input Design 687
Program Design 688
Procedures and Controls Design 689
Systems Implementation 690
Implementation Planning and Site Preparation 690
Selecting and Training Personnel 691
Complete Documentation 692
Testing the System 692
Systems Conversion 693
Operation and Maintenance 694
A01_ROMN4021_14_SE_FM.indd 16
02/11/16 4:00 PM
www.downloadslide.net
CONTENTS
xvii
Summary and Case Conclusion 695 ■ Key Terms 696
AIS IN ACTION: Chapter Quiz 696 ■ Comprehensive Problem Hershey’s Big Bang ERP 697 ■
Discussion Questions 698 ■ Problems 699
CASE 22-1 Citizen’s Gas Company 704
AIS IN ACTION SOLUTIONS: Quiz Key 705 ■ Comprehensive Problem Solution 707
Glossary 708
Index 729
A01_ROMN4021_14_SE_FM.indd 17
02/11/16 4:00 PM
www.downloadslide.net
This page intentionally left blank
www.downloadslide.net
Preface
To the Instructor
This book is intended for use in a one-semester course in accounting information systems at
either the undergraduate or graduate level. Introductory financial and managerial accounting
courses are suggested prerequisites, and an introductory information systems course that covers a computer language or software package is helpful, but not necessary.
The book can also be used as the main text in graduate or advanced undergraduate management information systems courses.
The topics covered in this text provide information systems students with a solid understanding of transaction processing systems that they can then build on as they pursue more indepth study of specific topics such as databases, data warehouses and data mining, networks,
systems analysis and design, cloud computing, virtualization, computer security, and information system controls.
ENHANCEMENTS IN THE FOURTEENTH EDITION
We made extensive revisions to the content of the material to incorporate recent developments,
while retaining the features that have made prior editions easy to use. Every chapter has been
updated to include up-to-date examples of important concepts. Specific changes include:
1. We discuss the new revision to the COSO framework and have updated the discussion of
IT controls to reflect the new distinction between governance and management that was
introduced in COBIT 5.
2. Updated discussion of information security countermeasures, including the security and
control implications associated with virtualization and cloud computing.
3. Updated end-of-chapter discussion questions and problems, including Excel exercises that are based on articles from the Journal of Accountancy so that students can
develop the specific skills used by practitioners. Most chapters also include a problem
that consists of multiple-choice questions that we have used in our exams to provide
students with an additional chance to check how well they understand the chapter
material.
4. Many new computer fraud and abuse techniques have been added to help students understand the way systems are attacked.
5. Chapter 21 includes a new section on agile development technologies that discusses
scrum development, extreme programming, and unified process development.
CUSTOMIZING THIS TEXT
Pearson Custom Library can help you customize this textbook to fit how you teach the course.
You can select just the chapters from this text that you plan to cover and arrange them in the
sequence you desire. You even have the option to add your own material or third party content.
xix
A01_ROMN4021_14_SE_FM.indd 19
02/11/16 4:00 PM
www.downloadslide.net
xx
PREFACE
In addition, you may choose an alternate version of the REA material presented in
Chapters 17–19 that uses the Batini style notation instead of the crows feet notation featured in
this book.
To explore how to create a customized version of the book you can contact your Pearson
representative.
SUPPLEMENTAL RESOURCES
As with prior editions, our objective in preparing this fourteenth edition has been to simplify
the teaching of AIS by enabling you to concentrate on classroom presentation and discussion,
rather than on locating, assembling, and distributing teaching materials. To assist you in this
process, the following supplementary materials are available to adopters of the text:
●●
●●
●●
●●
●●
Solutions Manual prepared by Marshall Romney at Brigham Young University and Paul
John Steinbart at Arizona State University
Instructors Manual prepared by Robyn Raschke at University of Nevada–Las Vegas
Test Item File prepared by Lawrence Chui at University of St. Thomas
TestGen testing software, a computerized test item file
PowerPoint Presentation slides developed by Robyn Raschke at University of Nevada–
Las Vegas
The fourteenth edition includes an entirely new set of PowerPoint slides that make extensive use of high-quality graphics to illustrate key concepts. The slides do not merely consist
of bullet points taken verbatim from the text, but instead are designed to help students notice
and understand important relationships among concepts. The large number of slides provides
instructors a great deal of flexibility in choosing which topics they wish to emphasize in class.
In addition, you can access all these supplements from the protected instructor area of
www.pearsonhighered.com.
We recognize that you may also wish to use specific software packages when teaching
the AIS course. Contact your Pearson representative to learn about options for bundling this
text (or a customized version) with software packages or other texts such as Computerized
Practice Set for Comprehensive Assurance & System Tool (CAST); Manual Practice Set for
Comprehensive Assurance and Systems Tool (CAST); Comprehensive Assurance & System
Tools (CAST): An Integrated Practice Set; or Assurance Practice Set for Comprehensive Assurance & System Tool (CAST), all written by Laura R. Ingraham and J. Gregory Jenkins, both
at North Carolina State University.
REVEL™
Educational Technology Designed for the Way Today’s Students Read, Think, and Learn
When students are engaged deeply, they learn more effectively and perform better in their
courses. This simple fact inspired the creation of REVEL: an interactive learning environment
designed for the way today’s students read, think, and learn.
REVEL enlivens course content with media interactives and assessments—integrated directly within the authors’ narrative—that provide opportunities for students to read, practice, and
study in one continuous experience. This immersive educational technology replaces the textbook and is designed to measurably boost students’ understanding, retention, and preparedness.
Learn more about REVEL />
To the Student
As did previous editions, the fourteenth edition of Accounting Information Systems is designed
to prepare you for a successful accounting career whether you enter public practice, industry,
or government. All of you will be users of accounting information systems. In addition to being
users, some of you will become managers. Others will become internal and external auditors,
and some of you will become consultants. Regardless of your role, you will need to understand
how accounting information systems work in order to effectively measure how cost-effectively
A01_ROMN4021_14_SE_FM.indd 20
02/11/16 4:00 PM
www.downloadslide.net
PREFACE
xxi
they perform, to assess their reliability and that of the information produced, or to lead the
redesign and implementation of new and better systems. Mastering the material presented in
this text will give you the foundational knowledge you need in order to excel at all those tasks.
This text discusses important new IT developments, such as virtualization and the move to
cloud computing, because such developments affect business processes and often cause organizations to redesign their accounting systems to take advantage of new capabilities. The focus,
however, is not on IT for the sake of IT, but on how IT affects business processes and controls.
Indeed, new IT developments not only bring new capabilities, but also often create new threats
and affect the overall level of risk. This text will help you understand these issues so that you
can properly determine how to modify accounting systems controls to effectively address those
new threats and accurately assess the adequacy of controls in those redesigned systems. We also
discuss the effect of recent regulatory developments, such as the SEC mandate to use XBRL and
the pending switch from GAAP to IFRS, on the design and operation of accounting systems.
In addition to technology- and regulatory-driven changes, companies are responding to the
increasingly competitive business environment by reexamining every internal activity in an effort to reap the most value at the least cost. As a result, accountants are being asked to do more
than simply report the results of past activities. They must take a more proactive role in both
providing and interpreting financial and nonfinancial information about the organization’s activities. Therefore, throughout this text we discuss how accountants can improve the design and
functioning of the accounting information system (AIS) so that it truly adds value to the organization by providing management with the information needed to effectively run an organization.
Key Learning Objectives
When you finish reading this text, you should understand the following key concepts:
●●
●●
●●
●●
●●
●●
●●
●●
●●
●●
●●
●●
●●
The basic activities performed in the major business cycles
What data needs to be collected to enable managers to plan, evaluate, and control the
business activities in which an organization engages
How IT developments can improve the efficiency and effectiveness of business processes
How to design an AIS to provide the information needed to make key decisions in each
business cycle
The risk of fraud and the motives and techniques used to perpetrate fraud
The COSO and COSO-ERM models for internal control and risk management, as well as
the specific controls used to achieve those objectives
The Control Objectives for Information and Related Technology (COBIT) Framework
for the effective governance and control of information systems and how IT affects the
implementation of internal controls
The AICPA’s Trust Services framework for ensuring systems reliability by developing
procedures to protect the confidentiality of proprietary information, maintain the privacy
of personally identifying information collected from customers, assure the availability of
information resources, and provide for information processing integrity
Fundamentals of information security
Goals, objectives, and methods for auditing information systems
Fundamental concepts of database technology and data modeling and their effect on an AIS
The tools for documenting AIS work, such as REA diagrams, data flow diagrams, business processing diagrams, and flowcharts
The basic steps in the system development process to design and improve an AIS
Features to Facilitate Learning
To help you understand these concepts the text includes the following features:
1. Each chapter begins with an integrated case that introduces that chapter’s key concepts and topics and identifies several key issues or problems that you should be able
A01_ROMN4021_14_SE_FM.indd 21
02/11/16 4:00 PM
www.downloadslide.net
xxii
PREFACE
to solve after mastering the material presented in that chapter. The case is referenced
throughout the chapter and the chapter summary presents solutions to the problems and
issues raised in the case.
2. Focus Boxes and real-world examples to help you understand how companies are using
the latest IT developments to improve their AIS.
3. Hands-on Excel exercises in many chapters to help you hone your computer skills.
Many of these exercises are based on “how-to” tutorials that appeared in recent issues of
the Journal of Accountancy.
4. Numerous problems in every chapter provide additional opportunities for you to demonstrate your mastery of key concepts. Many problems were developed from reports in
current periodicals. Other problems were selected from the various professional examinations, including the CPA, CMA, CIA, and SMAC exams. One problem consists of a set of
multiple-choice questions in order to provide practice in answering exam-style questions.
Each chapter also has one or more cases that require more extensive exploration of
specific topics.
5. Chapter quizzes at the end of each chapter enable you to self-assess your understanding
of the material. We also provide detailed explanations about the correct answer to each
quiz question.
6. Extensive use of Full-Color Graphics. The text contains hundreds of figures, diagrams,
flowcharts, and tables that illustrate the concepts taught in the chapters. Color is used to
highlight key points.
7. Definitions of key terms are repeated in the glossary margins in each chapter. In addition, a comprehensive glossary located at the back of the book makes it easy to look up
the definition of the various technical terms used in the text.
8. Extensive on-line support at Pearson’s content-rich, text-supported Companion Website
at www.pearsonhighered.com/romney/.
Excel Homework Problems
Accountants need to become proficient with Excel because it is a useful tool for tasks related
to every business process. That is why each of the chapters in the business process section
contains several homework problems that are designed to teach you new Excel skills in a context related to one of the business processes discussed in the chapter.
As with any software, Microsoft regularly releases updates to Microsoft Office, but not
everyone always immediately switches. Eventually, however, during your career you will periodically move to a newer version of Excel. When you do, you will find that sometimes you
need make only minor changes to existing spreadsheets, but other times you may have to
make more significant changes because the newer version of Excel now incorporates different
features and functions.
So how do you keep abreast of changes? And how can you learn new Excel skills “on
the job” to simplify tasks that you now find yourself doing repeatedly? You could pay to
take a course, but that can be costly, time-consuming and may not always be timely. Alternatively, you can develop life-long learning skills to continuously update your knowledge.
One important way to do this is to begin now to save copies of two types of articles that regularly appear in the Journal of Accountancy. The first is the monthly column titled “Technology Q&A,” which often contains answers to questions about how do you do something
in a newer version of Excel that you know how to do in an older version. The second type
of article is a complete tutorial about a powerful way to use one or more Excel functions to
automate a recurring task. Often, this second type of article has an online spreadsheet file
that you can download and use to follow along with the example and thereby teach yourself
a new skill.
The Journal of Accountancy web site maintains an archive of these articles that you can
search to see if there is one that addresses a task that is new for you. Even if the article explains how to do something (such as create a pivot table) in an older version of Excel, in most
cases you will find that many of the steps have not changed. For those that have, if you read
A01_ROMN4021_14_SE_FM.indd 22
02/11/16 4:00 PM
www.downloadslide.net
PREFACE
xxiii
the old way to do it as described in the article, you can then use Excel’s built-in help feature to
see how to do the same task in the newer version that you are now using.
The Excel homework problems in the five business process chapters in this textbook let
you practice using Journal of Accountancy articles to help you develop new skills with Excel.
Many of the problems reference a Journal of Accountancy tutorial article. Some are written
for the version of Excel that you currently use, in which case it will be straightforward to
follow the article to solve the problem. Others, however, were written for earlier versions of
Excel, which gives you an opportunity to practice learning how to use Excel’s help functions
to update the steps in the tutorial.
Content and Organization
This text is divided into five parts, each focused on a major theme.
PART I: CONCEPTUAL FOUNDATIONS OF ACCOUNTING
INFORMATION SYSTEMS
Part I consists of four chapters which present the underlying concepts fundamental to an understanding of AIS. Chapter 1 introduces basic terminology and provides an overview of AIS
topics. It discusses how an AIS can add value to an organization and how it can be used to help
organizations implement corporate strategy. It also discusses the types of information companies need to successfully operate and introduces the basic business processes that produce that
information. It concludes by describing the role of the AIS in an organization’s value chain.
Chapter 2 introduces transaction processing in automated systems, presenting basic information input/output, processing, and data storage concepts. You will see the wide range
of data that must be collected by the AIS. This information helps you to understand what
an AIS does; as you read the remainder of the book, you will see how advances in IT affect
the manner in which those functions are performed. Chapter 2 also introduces you to Enterprise Resource Planning (ERP) systems and discusses their importance and uses in modern
business.
Chapter 3 covers three of the most important tools and techniques used to understand,
evaluate, design, and document information systems: data flow diagrams, business process
diagrams, and flowcharts. You will learn how to read, critique, and create systems documentation using these tools.
Chapter 4 introduces the topic of databases, with a particular emphasis on the relational
data model and creating queries in Microsoft Access. The chapter also introduces the concept
of business intelligence.
PART II: CONTROL AND AUDIT OF ACCOUNTING INFORMATION SYSTEMS
The seven chapters in Part II focus on threats to the reliability of AIS and applicable controls
for addressing and mitigating the risks associated with those threats. Chapter 5 introduces
students to the different kinds of threats faced by information systems, primarily focusing on
the threat of fraud. The chapter describes the different types of fraud and explains how fraud is
perpetrated, who perpetrates it, and why it occurs.
Chapter 6 discusses computer fraud and abuse techniques. Three major types of computer
fraud are discussed: computer attacks and abuse, social engineering, and malware. The chapter explains the dozens of ways computer fraud and abuse can be perpetrated.
Chapter 7 uses the COSO framework, including the expanded enterprise risk management (COSO-ERM) model, to discuss the basic concepts of internal control. It also introduces
the COBIT framework which applies those concepts to IT, thereby providing a foundation for
effective governance and control of information systems.
Chapter 8 focuses on information security. It introduces the fundamental concepts of defense-in-depth and the time-based approach to security. The chapter provides a broad survey
of a variety of security topics including access controls, firewalls, encryption, and incident
detection and response.
A01_ROMN4021_14_SE_FM.indd 23
02/11/16 4:00 PM
www.downloadslide.net
xxiv
PREFACE
Chapter 9 discusses the many specific computer controls used in business organizations to
achieve the objectives of ensuring privacy and confidentiality, and includes a detailed explanation of encryption.
Chapter 10 addresses the controls necessary to achieve the objectives of accurate processing of information and ensuring that information is available to managers whenever and
wherever they need it.
Chapter 11 describes principles and techniques for the audit and evaluation of internal
control in a computer-based AIS and introduces the topic of computer-assisted auditing.
PART III: ACCOUNTING INFORMATION SYSTEMS APPLICATIONS
Part III focuses on how a company’s AIS provides critical support for its fundamental business
processes. Most large and many medium-sized organizations use enterprise resource planning
(ERP) systems to collect, process, and store data about their business processes, as well as to
provide information reports designed to enable managers and external parties to assess the organization’s efficiency and effectiveness. To make it easier to understand how an ERP system
functions, Part III consists of five chapters, each focusing on a particular business process.
Chapter 12 covers the revenue cycle, describing all the activities involved in taking customer orders, fulfilling those orders, and collecting cash.
Chapter 13 covers the expenditure cycle, describing all the activities involved in ordering,
receiving, and paying for merchandise, supplies, and services.
Chapter 14 covers the production cycle, with a special focus on the implications of recent
cost accounting developments, such as activity-based costing, for the design of the production
cycle information system.
Chapter 15 covers the human resources management/payroll cycle, focusing primarily on
the activities involved in processing payroll.
Chapter 16 covers the general ledger and reporting activities in an organization, discussing topics such as XBRL, the balanced scorecard, the switch from GAAP to IFRS, and the
proper design of graphs to support managerial decision making.
Each of these five chapters explains the three basic functions performed by the AIS: efficient transaction processing, provision of adequate internal controls to safeguard assets (including data), and preparation of information useful for effective decision making.
PART IV: THE REA DATA MODEL
Part IV consists of three chapters that focus on the REA data model, which provides a conceptual tool for designing and understanding the database underlying an AIS. Chapter 17 introduces the REA data model and how it can be used to design an AIS database. The chapter
focuses on modeling the revenue and expenditure cycles. It also demonstrates how the REA
model can be used to develop an AIS that can not only generate traditional financial statements and reports but can also more fully meet the information needs of management.
Chapter 18 explains how to implement an REA data model in a relational database system. It also shows how to query a relational database in order to produce various financial
statements and management reports.
Chapter 19 explains how to develop REA data models of the production, HR/payroll, and
financing cycles. It also discusses a number of advanced modeling issues, such as the acquisition and sale of intangible products and services and rental transactions.
PART V: THE SYSTEMS DEVELOPMENT PROCESS
Part V consists of three chapters that cover various aspects of the systems development process. Chapter 20 introduces the systems development life cycle and discusses the introductory steps of this process (systems analysis, feasibility, and planning). Particular emphasis is
placed on the behavioral ramifications of change.
Chapter 21 discusses an organization’s many options for acquiring or developing an AIS
(e.g., purchasing software, writing software, end-user-developed software, and outsourcing)
and for speeding up or improving the development process (business process reengineering,
prototyping, agile methodologies, and computer-assisted software engineering).
A01_ROMN4021_14_SE_FM.indd 24
02/11/16 4:00 PM