Basic Information Processes In Manual and Automated Accounting Systems

Basic Processes in a Manual AIS

  1. Journalize - Record Entries
  2. Post - To general ledger
  3. Summarize - Prepare a trial balance 

Basic Processes in an Automated AIS

  1. Input - Record or capture event data in system (input to storage). 
  2. Process - Update data storage. 
  3. Output - Retrieve master data from storage. 

AIS File Organization

The accounting records in an AIS fall into four main categories:

  1. Source documents and other data capture records, which may be in two different categories:
    • Manual Form: Customer order forms, sales invoices, journal vouchers, time cards etc.
    • Electronic Form: Online screen entry, “cookies”, auto-fill screens etc. 
    • If possible, data capture techniques should automate data collection and capture to reduce costs and improve accuracy. 
  2. Data accumulation records (or journals), such as daily cash receipt summaries, weekly payroll summaries, monthly purchases journals, etc. 
  3. Subsidiary ledgers (or registers), such as account receivable, accounts payable, and the fixed asset register etc. 
  4. General ledger and financial statement records

Very few manual accounting systems still exist. However, in all current computerized systems, humans perform some tasks. Hence, manual controls matter a lot, even in computer-based systems. 

Risks in Computerized Systems

A. Risks in Computer-Based Systems

  • Organizational risks depend on management’s “risk appetite”, and the organization’s activities and environment. The following risks are heightened with computerized, compared with manual, accounting systems: 
    • Reliance on faulty systems or programs
    • Unauthorized access to data leading to destruction or wrongful changes, inaccurate recording of transactions, or recording of false or unauthorized transactions
    • Unauthorized changes in master files, systems or programs
    • Failure to make necessary changes in systems or programs
    • Inappropriate manual intervention
    • Loss of data

B. All organizations using computer-based systems face these risks. Their significance and the degree of control necessary to mitigate them varies across organizations. 

Comparison of Risks in Manual versus Computer-Based Transaction Processing Systems

Although the objectives of controls in manual and computer-based systems are the same, the risks present in the two systems differ; consequently, the control procedures necessary to mitigate these risks also differ. Some of the implications of manual versus computerized systems for internal control are summarized below. 

  1. Segregation of Duties: A fundamental control in manual systems, the segregation of duties are important aspects of Risk Management. In a computerized environment, transaction processing often results in the combination of functions that are normally separated in a manual environment. For example, when cash receipts are processed by a cashier, the cash deposit, the cash receipts journal, and the A/R subsidiary ledger are usually all updated by a single entry. In a manual environment, at least two of these functions would normally be segregated. 
    • In these instances, a well-designed computer system provides a compensating control. 
      • It helps continue with the cash receipts. In a manual system, when the same person records the cash receipt, prepares the bank deposit and updates the customer’s account in the accounts receivable ledger, then lapping (i.e. posting Customer A’s payment to Customer B’s account to cover up the earlier theft of the Customer B’s payment) is possible. In an automated system, the computer program prevents this fraud by making sure that the same customer is identified with the cash receipt, the bank deposit, and the accounts receivable posting. 
      • Segregation of duties (SoD) software can help identify and resolve segregation of duty conflicts. 
  2. Disappearing Audit Trail: Manual systems depend heavily on a paper audit trail to make sure that transactions are properly authorized and that all transactions are processed. Physical (paper) audit trails are substantially reduced in a computerized environment, particularly in online, real-time systems. (In many batch systems, source documents still exist and provide an excellent paper audit trail.) 
    • Electronic Audit Trails - Audit trails are built into better accounting information systems software. These are created by maintaining a file of all of the transactions processed by the system (transaction log file), including the username of the individual who processed the transaction; when properly maintained, electronic audit trails are as effective as paper-based audit trails. 
    • Uniform Transaction Processing - Computer programs are uniformly executed algorithms - which is not the case with less-reliable humans. Compared with a manual system, processing consistency increases in a computerized environment. Consequently, “clerical” errors such as human arithmetic errors, missed postings are virtually eliminated. 
      • In a computerized environment, however, there is increased opportunity for “systemic” errors, such as errors in programming logic. For example, if a programmer inadvertently entered a sales tax rate of 14% instead of 1.4%, all sales transactions would be affected by the error. Proper controls over program development and implementation help prevent these types of errors. 
    • Computer-Initiated Transactions - Many computerized systems gain efficiency by automatically generating transactions when specified conditions occur. For example: The system may automatically create a purchase order for a product when the quantity on hand falls below the reorder point. Automated transactions are not subject to the same types of authorization found in manual transactions and might not be as well documented. 
      • Automated transactions should be regularly reported and reviewed. Care should be taken to identify transactions that are more frequent or in larger amounts than a predetermined standard. 
    • Potential for Increased Errors and Irregularities - Several characteristics of computerized processing act to increase the likelihood that fraud may occur and remain undetected for long periods. 
      • Opportunity for remote access to data in networked environments increases the likelihood of unauthorized access. 
      • Concentration of Information in computerized systems means that, if system security is breached, the potential for damage is much greater than in manual systems. This particular risk is greater in cloud-based systems. 
      • Decreased human involvement in transaction processing results in decreased opportunities for observation. 
      • Errors or fraud may occur in the design or maintenance of application programs. 
    • Potential for Increased Management Review - Computer-based systems increase the availability of raw data and afford more opportunities to perform analytical reviews and produce management reports. Audit procedures are frequently built into the application programs themselves (embedded audit modules) and provide for continuous monitoring of transactions. 
      • The opportunities for increased reporting and review of processing statistics can prevent the additional risks that are related to computerized processing.