Chapter 3

Documentation

Narrative description

Data flow diagram (DFD)

Data source

Data destination

Data flow

the narratives, flowcharts,

diagrams, and other written
materials that explain how a
system works. Covers the who,
what, where, when, why, and
how of data entry, processing,
storage, information output, and
system controls.
written, step-by-step explanation
of system components and how
they interact

A graphical description of the

flow of data within an
organization, including data
sources/destinations, data
flows, transformation processes,
and data storage
The entity that produces or sends
the data that is entered into
system
The entity that receives data
produced by a system

The movement of data among

processes, stores, sources, and
destinations

Process

The action that transforms data

into other data or information

Data store

The place or medium where

system data is stored

Context diagram

Flowchart

Highest level DFD; a summarylevel view of a system, showing

the data processing systems, its
inputs and outputs and their
sources and destinations
An analytical technique that uses
a standard set of symbols to
describe pictorially some aspect
of an IS in a clear, concise, and
logical manner

Document flowchart

Internal control flowchart

System flowchart

Program flowchart

Business process diagram

(BPD)

Illustrates the flow of documents

and data among areas of
responsibility within an
organization
Used to describe, analyze, and
evaluate internal controls,
including identifying system
strengths, weaknesses, and
inefficiencies
Depicts the relationships among
system input, processing,
storage, and output
Illustrates the sequence of logical
operations performed by a
computer in executing a program
A visual way to describe the
different steps or activities in a
business process

Chapter 7
Likelihood

Internal Controls

Preventive Controls

The probability that a threat will

come to pass.

The processes and procedures

implemented to provide
reasonable assurance that
control objectives are met.
Controls that deter problems
before they arise.

Detective Controls

Controls designed to discover

control problems that were not
prevented.

Corrective Controls

Controls that identify and correct

problems as well as correct and
recover from the resulting errors.

General Controls

Application Controls

Controls designed to make sure

an organization's information
system and control environment
is stable and well managed.
Controls that prevent, detect, and
correct transaction errors and

fraud in application programs.

Sarbanes-Oxley Act (SOX)

Enterprise Risk Management Integrated Framework (ERM)

Risk Appetite

Strategic Objectives

Operations Objectives

Reporting Objectives

Compliance Objectives

Expected Loss

Control Activities

Legislation intended to prevent

financial statement fraud, make
financial reports more
transparent, provide protection to
investors, strengthen internal
controls at public companies, and
punish excutives who perpetuate
fraud.
A COSO framework that improves
the risk management process by
expanding (adds three additional
elements) COSO's Internal
Control-Integrated.
The amount of risk a company is
willing to accept to achieve its
goals and objectives. To avoid
undue risk, ____ ________ must be
in alignment with company
strategy.
High-level goals that are aligned
with and support the company's
mission and create shareholder
value.
Objectives that deal with the
effectiveness and efficiency of
company operations and
determine how to allocate
resources.
Objectives to help ensure the
accuracy, completeness, and
reliability of company reports;
improve decision making; and
monitor company activities and
performance.
Objectives to help the company
comply with all applicable laws
and regulations.
The mathematical product of the
potential dollar loss that would
occur should a threat become a
reality (called impact or
exposure) and the risk or
probability that the threat will
occur (called likelihood).
Policies, procedures, and rules
that provide reasonable

assurance that control objectives

are met and risk responses are
carried out.

Steering Committee

Chapter 12 Revenue Cycle

Accounts receivable aging
report
back order

balance-forward method

bill of lading

cash flow budget

credit limit

credit memo

Customer relationship
management systems (CRM)

cycle billing

An executive-level committee to
plan and oversee the information
systems function.

a report listing customer account

balances by length of time
outstanding.
a document authorizing the
purchase or production of items
that is created when there is
insufficient inventory to meet
customer orders.
method of maintaining accounts
receivable in which customers
typically pay according to the
amount shown on a monthly
statement, rather than by
individual invoices.
document used to establish
responsibility for shipping goods
via a third party.
a budget that shows projected
cash inflows and outflows for a
specified period so that an
organization can anticipate the
need for short-term borrowing.
the maximum allowable account
balance that management wises
to allow for a customer based on
the customer's past credit history
and ability to pay.
a document used to authorized
reducing the balance in a
customer account.
a system that contains customerrelated data organized in a
manner to facilitate customer
service, sales, and retention.
producing monthly statements
for subsets of customers at

different times.

Electronic data interchange

(EDI)

electronic funds transfer (EFT)

financial electronic data

interchange (FEDI)

lockbox

monthly statements

open-invoice method

packing slip

picking ticket

the use of computerized

communications and a standard
coding scheme to submit
business documents
electronically in a format that can
be automatically processed by
the recipient's information
system.
the transfer of funds between two
or more organizations or
individuals using computers and
other automated technology.
a system theat integrates EFT
and EDI information.

post office box to which

customers send payments

a document summerizing all

transactions that occurred during
the past month and informing
customers of their current
account balance.
method of maintaining customer
accounts that generates paments
for each individual sales
transaction.
list the quantity and description
of each item included in the
shipment.

document that athorized removal

of merchandise from inventory.

remittance list

Revenue cycle

sales invoice

sales order document

a document listing all checks

received by mail.

a recurring set of business

activities and related information
processing operations associated
with providing goods and
services to customers and
collecting cash in payment for
those sales.
a document that notifies
customers of the amount to be
paid and where to send payment.

an electronic form displayed on a

computer monitor screen.

Chapter 13 Expenditure Cycle

blanket purchase order

Carrying cost

debit memo

a commitment to purchase
specified items at designated
prices from particular supplier
for a set time period, often one
year.
cost associated with holding
inventory
a document used to record a
reduction to the balance due to
a vendor.

Economic order quantity

(EOQ)

a document that identifies the

vendor, list the outstanding
invoices, and indicates the net
amount to be paid after
deducting any applicable
discounts and allowances.
the optimal order size to
minimize the sum of ordering,
carrying, and stockout costs.

evaluated receipt settlement

(ERS)

an invoiceless appproach to
accounts paable tat replaces the
three-way matching process with

disbursement voucher

Expenditure cycle

Just-in-time (JIT) inventory

system

Materials requirements
planning (MRP)

nonvoucher system

procurement card

purchase order

Purchase requisition

receiving report

Stockout cost

a two-way math of te pruchase

order and receiving report.
a recurring set of business
activities and related information
processing operations associated
with the purchase of and
payment for goods and services.
a system that minimizes or
vitually eliminates manufacturing
inventories by scheduling
inventory deliveries at the
precise times and locations
needed.
an approach to inventory
management that seeks to
reduce required inventory levels
by improving the accuracy of
forecasting techniques to better
schedule purchases to satisfy
production needs.
a method for processing accounts
payable in which each approved
invoice is posted to individual
vendor records in the accounts
payable file and is then stored in
an open invoice file.
a corporate credit card that
employees can use only at
disgnated suppliers to purchase
specific kinds of items.
a document or electronic form tat
formally requests a supplier to
sell and deliver specified
products at designated prices.
a document or electronic form
that identifies the requistioner;
specifies the delivery location
and date needed; identifies the
item numbers, descriptions,
quantity, and price of each item
requested; and may suggest a
vendor.
document details about each
delivery, includig the date
received, shipper, supplier, and
purchase order number.
cost that result from inventory
shortages, such as lost sales or

production delays

Chapter 20
System Analysis

Information about system needs,

costs, and so on are gathered.

Conceptual Design

Gather system/user
requirements.

Physical Design

Concepts are translated into

detailed specifications.

Implemenation and
Conversion

Operation and Maintenance

Feasibility Study

Economic Feasibility

Technical Feasibility

1.New hardware and software are

installed and tested.
2. Employees are hired and
trained or existing employees
relocated.
3. Processing procedures are
tested and modified.
4. Standards and controls for the
new system are established and
system documentation
completed.
1. New system is periodically
reviewed.
2. Modifications are made as
problems arise or as new needs
become evident.
An investigation to determine if
the development of a new
application or system is practical.
This is one of the first steps in the
systems evaluation and selection
process.
Will system benefits justify the
time, money, and resources
required to implement it?
Can the system be developed
and implemented using existing
technology?

Legal Feasibility

Scheduling Feasibility

Operational Feasibility

Cost-Benefit-Analysis

Master Plan

Program Evaluation and

Review Technique (PERT)

GANTT Chart

Does the system comply with all

applicable federal and state laws,
administrative agency
regulations, and contractual
obligations?
Can the system be developed
and implemented in the time
allotted?
Does the organization have
access to people who can design,
implement, and operate the
proposed system? Will people use
the system?
- Benefits and costs are
estimated and compared to
determine whether the system is
cost beneficial.
- Benefits and costs that are not
easily quantifiable are estimated
and included.
- If they cannot be accurately
estimated, they are listed, and
their likelihood and expected
impact on the organization
evaluated.
It shows what the system will
consist of, how it will be
developed, who will develop it,
how needed resources will be
acquired, and where the AIS is
headed.
- Network of arrows and nodes
representing project activities
that require an expenditure of
time and resources and the
completion and initiation of
activities
- Completion time estimates
made
- Critical paththe path requiring
the greatest amount of time is
determined
- A bar chart with project
activities on the left-hand side
and units of time across the top
- Graphically shows the entire
schedule for a large, complex
project