ACCOUNTING INFORMATION SYSTEM BSAC 3rd yr Cutiee

AIS | Prelims | Semester 2 | Sy. 2024 – 2025

from error and bias and faithfully
TOPIC 1: AIS AN OVERVIEW represents
3. COMPLETE: inclusion in reported
WHAT IS A SYSTEM? information of everything material that is
- SYSTEM: A set of two or more interrelated necessary for faithful representation of the
components interacting to achieve a goal relevant phenomena.
- GOAL CONFLICT: Occurs when 4. TIMELY: Having information available to a
components act in their own interest decision maker before it loses its capacity
without regard for overall goal to influence decisions
- GOAL CONCURRENCE: Occurs when 5. UNDERSTANDABLE: quality of
components acting in their own interest information that enables users to perceive
contribute toward overall goal its significance.
WHAT IS A SYSTEM? 6. VERIFIABLE: The ability through
Data vs. Information consensus among measurers to ensure
 Data: are facts that are recorded and that information represents what it
stored. purports to represent or that the chosen
 Insufficient for decision making. method of measurement has been used
without error or bias
i.e Businesses need to collect several kinds of 7. ACCESIBLE: Available when needed (see
data, such as the activities that take place, the Timely) and in a useful format (see
resources affected by the activities, and the Understandable).
people who participate in the activity
Business Process
 Information: is processed data used in - Systems working toward organizational
decision making. goals
 Information Overload: Too much - is a set of related, coordinated, and
information however, will make it structured activities and tasks that are
more, not less, difficult to make performed by a person, a computer, or a
decisions. machine
 Information Technology: The computers 1. Transaction: an agreement between two
and other electronic devices used to store, entities to exchange goods or ser vices or
retrieve, transmit, and manipu late data. any other event that can be measured in
economic terms by an organization.
Value of Information 2. Transaction processing: process that
- The benefit provided by information less begins with capturing transaction data and
the cost of producing it. ends with informational output, such as
Benefits Costs the financial statements
Reduce Uncertainty Time & Resources
Improve Decisions Produce Information
Improve Planning Distribute Information
Improve Scheduling

What makes Information Useful?

Charactersitics

1. RELEVANT: capacity of information to

make a difference in a decision by helping
users to form predictions about the
outcomes of past, present, and future
events
2. RELIABLE: quality of information that
assures that information is reasonably free
ACCOUNTING INFORMATION SYSTEM BSAC 3rd yr Cutiee
AIS | Prelims | Semester 2 | Sy. 2024 – 2025
- is the intelligence—the information-
Business Process Cycles providing vehicle—of that language.
1. Revenue: where goods and services are - If Accounting = language of business
sold for cash or a future promise to o AIS = information providing vehicle
receive cash. o Accounting = AIS
2. Expidenture: where companies purchase Six Components of AIS
inventory for resale or raw materials to use 1. The people who use the system
in producing products in exchange for 2. The procedures and instructions used
cash or a future promise to pay cash to collect, process, and store data
3. Production/Conversion: where raw 3. The data about the organization and its
materials are transformed into finished business activities
goods 4. The software used to process the data
4. Human resources/Payroll: where 5. The information technology
employees are hired, trained, infrastructure, including the computers,
compensated, evaluated, promoted, and peripheral devices, and network
terminated. communications devices used in the AIS
5. Financing: where companies sell shares 6. The internal controls and security
in the company to investors and bor row measures that safeguard AIS data
money, and where investors are paid
dividends and interest is paid on loans. 3 Business Functions of AIS
1. Collect and store data about
These four cycles interface with the general organizational activities, resources, and
ledger and reporting system, which con sists of personnel.
all activities related to the preparation of financial 2. Transform data into information so
statements and other managerial reports. management can plan, execute, control,
Business Transactions and evaluate activities, resources, and
a. Give-Get Exchanges: Transactions that personnel.
happen a great many times, such as 3. Provide adequate controls to safeguard
giving up cash to get inventory from a the organization’s assets and data.
supplier and giving employees a paycheck
in exchange for their labor. How can AIS Add Value
- Improve Quality and Reduce Costs
- Improve Efficiency
- Improve Sharing Knowledge
- Improve Supply Chain
- Improve Internal Control
- Improve Decision Making

DECISION MAKING
 Identify the problem
 Collect and interpret information
 Evaluate ways to solve the problem
 Select a solution methodology
 Implement the solution.

Improve Decision Making

 Identify situations that require action.
 Provide alternative choices.
Accounting Information Systems
 Reduce uncertainty.
- Collect, process, store, and report data
 Provide feedback on previous decisions.
and information
 Provide accurate and timely information.
ACCOUNTING INFORMATION SYSTEM BSAC 3rd yr Cutiee
AIS | Prelims | Semester 2 | Sy. 2024 – 2025
Predictive Analysis uses data warehouses and a. AIS is part of the firm
complex algorithms to forecast future events, infrustructure.
based on historical trends and calculated 2. Human resources activities include
probabilities. recruiting, hiring, training, and
Value Chain compensating employees.
- The set of activities a product or service 3. Technology activities improve a product
moves along before as output it is sold to or service
a customer 4. Purchasing activities procure raw
- consisting of five primary activities that materials, supplies, machinery, and the
directly provide value to customers buildings used to carry out the primary
activities
Primary Activities: value chain activities that
produce, mar ket, and deliver products and AIS and Corporate Strategy
services to customers and pro vide post-delivery - Organizations have limited resources, thus
service and support. investments to AIS should have greatest
impact on ROI.
- Organizations need to understand:
o IT developments
o Business strategy
o Organizational culture

a. Inbound logistics consists of receiving,

storing, and distributing the materials an
organization uses to create the services
and products it sells.
b. Operations activities transform inputs
into final products or services.
(Manufacturing Repackaging)
c. Outbound logistics activities distribute
finished products or services to Notes:
customers. - An organization’s value chain is a part of a
d. Marketing and sales activities help larger system called a supply chain.
customers buy the organization’s products
or services. (Advertising)
e. Service activities provide post-sale
support to customers. (Repair
maintenance)

SUPPORT ACTIVITIES:
1. Firm infrastructure is the accounting,
finance, legal, and general administration
activi ties that allow an organization to
function.
ACCOUNTING INFORMATION SYSTEM BSAC 3rd yr Cutiee
AIS | Prelims | Semester 2 | Sy. 2024 – 2025
TOPIC 2: Overview of Transaction SOURCE DATA AUTOMATION: devices capture
Processing and ERP Systems transaction data in machine-readable form at the
time and place of their origin.
Data Processing Cycle - Examples include ATMs used by banks,
point-of-sale (POS) scanners used in retail
stores, and bar code scanners used in
warehouses.

The second step in processing input is to make

sure captured data are accurate and complete.
 Accurate
 Provide instructions and
prompts
- The operations performed on data to  Check boxes
generate meaningful and relevant informa  Drop-down boxes
tion are referred to collectively as the data  Complete
processing cycle.  Internal control support
DETERMINES:  Prenumbered documents
 What data is stored?
 Who has access to the data? The third step in processing input is to make sure
 How is the data organized? company policies are followed, such as approving
 How can unanticipated information needs or verifying a transaction.
be met?
Data Input Data Storage
- is usually triggered by a business activity 1. LEDGERS: Cumulative accounting
- As a business activity occurs data is information is stored in general and
collected about: subsidiary ledgers
o Each activity of interest a. General ledger: contains
o The resources affected summary-level data for every
o The people who are participating asset, liability, equity, revenue, and
expense account.
PAPER SOURCE DOCUMENTS: Documents b. Subsidiary Ledger: ontains
used to capture transaction data at its source – detailed data for any general
when the transaction takes place. ledger account with many
- Examples include sales orders, purchase individual subaccounts
orders, and employee time cards. i. The general ledger account
- The data from paper-based will eventually corresponding to a
need to be transferred to the AIS subsidiary ledger is called a
control account.
TOURNAROUND DOCUMENTS: Records of 2. JOURNALS: Transaction data are often
company data sent to an external party and then recorded in a journal before they are
returned to the system as input. Turn around entered into a ledger. A journal entry
documents are in machine-readable form to shows the accounts and amounts to be
facilitate their subsequent processing as input debited and credited.
records. a. General Journal: A journal used to
- Usually paper based record infrequent or nonrou tine
- Org to customer then returned back to org transactions, such as loan
- An example is a utility bill payments and end-of-period
adjusting and closing entries.
b. Specialized Journal: A journal
used to record a large num ber of
ACCOUNTING INFORMATION SYSTEM BSAC 3rd yr Cutiee
AIS | Prelims | Semester 2 | Sy. 2024 – 2025
repetitive transactions such as - File:Group of related Records
credit sales, cash receipts,
purchases, and cash FILE TYPES
disbursements  Transaction
3. CODING TECHNIQUES: the systematic  Contains records of a business
assignment of numbers or letters to items from a specific period of time
to classify and organize them  Master
a. Sequence Codes: items are  Permanent records
numbered consecutively to  Updated by transaction with the
account for all items. Any missing transaction file
items cause a gap in the numerical  Database
sequence  Set of interrelated files
b. Block Codes: blocks of numbers
are reserved for specific categories
of data.
c. Group Codes: which are two or
more subgroups of digits used to
d. code items, are often used in
conjunction with block codes.
i. Positioning of digits in code
provide meaning
e. Mnemonic codes
Data Processing
i. Letters and numbers
1. Creating new data records, such as
ii. Easy to memorize
adding a newly hired employee to the
iii. Code derived from
payroll database.
description of item
2. Reading, retrieving, or viewing existing
f. Chart of Accounts: which is a list
data.
of the numbers assigned to each
3. Update existing records
general ledger account.
4. Delete records or data from records
ENTITY:
- Person, place, or thing (Noun)
- Batch processing - Accumulating
- Something an organization wishes to store
transaction records into groups or batches
data about
for process ing at a regular interval such
- Attributes: Facts about the entity
as daily or weekly.
- Fields: Where attributes are stored
- Online, real-time processing - The
- Records: Group of related attributes
computer system processes data
about an entity
immediately after capture and provides
updated informa tion to users on a timely
basis.

Data Output
 Soft copy: Displayed on a screen
 Hard copy: Printed on paper

DOCUMENTS: are records of transaction or other

company data. Some, such as checks and
invoices, are transmitted to external parties.
REPORTS: are used by employees to control
operational activities and by managers to make
decisions and to formulate business strategies.
ACCOUNTING INFORMATION SYSTEM BSAC 3rd yr Cutiee
AIS | Prelims | Semester 2 | Sy. 2024 – 2025
QUERY: A request for the database to provide the
information needed to deal with a problem or
answer a question. The information is retrieved,
displayed or printed, and/or analyzed as
requested.

Enterprise Resource Planning Systems

- A system that integrates all aspects of an
or ganization’s activities—such as
accounting, finance, marketing, human
resources, manufactur ing, inventory
management— into one system.
- ERP modules:
o Financial: (general ledger and
reporting system)
o Human resources and payroll:
o Order to cash (revenue cycle)
o Purchase to pay (disbursement
cycle)
o Manufacturing (production cycle)
o Project management
o Customer relationship
management
o System tools
- An ERP system is modularized;
companies can purchase the individual
modules that meet their specific needs.

ADVANTAGES OF ERPS:
 Integration of an organization’s data and
financial information
 Data is captured once
 Greater management visibility, increased
monitoring
 Better access controls
 Standardizes business operating
procedures
 Improved customer service
 More efficient manufacturing

DISADVANTAGES OF ERPS:
 Cost
 Time-consuming to implement
 Changes to an organization’s existing
business processes can be disruptive
 Complex
 Resistance to change
ACCOUNTING INFORMATION SYSTEM BSAC 3rd yr Cutiee
AIS | Prelims | Semester 2 | Sy. 2024 – 2025
TOPIC 3: Systems Documentation processing, and output in an
Techniques information system
DOCUMENTATION c. Program flowchart, which shows
 Set of documents and models the sequence of logical operations
 Narratives, data flow models, a computer per forms as it
flowcharts executes a program.
 Narrative Description: Written, step-by- 3. Business Process diagrams, which are
step explanation of system components graphical descriptions of the business
and how they interact processes used by a company
 Describe who, what, why, when, and
where of systems: Data Flow Diagrams
 Input, process, storage, output, - describes the flow of data within an
and controls organization.
 SAS 94 requires independent auditors to - It uses the first four symbols to represent
understand all internal control procedures. four basic elements: data sources and
 Documentation assists in auditor destinations, data flows, transformation
understanding and documentation processes, and data stores.
of their understanding
 Sarbanes-Oxley states that management:
 Is responsible for internal control
system
 Is responsible for assessing the
effectiveness of the IC System
 Both management and external
auditors need to document and
test IC System
 The Sarbaes-Oxley Act SOX of 2002
requires an internal control report in public
company annual reports that ENTITY:
 states that management is  Represents a source of data or input into
responsible for establishing and the system
maintaining an adequate internal or
control structure and  Represents a destination of data or output
 assesses the effectiveness of the from the system
company’s internal control DATA FLOWS:
 Movement of data among:
Documentation Tools  Entities (sources or destinations)
1. Data flow diagram (DFD), a graphical  Processes
description of data sources, data flows,  Data stores
transfor mation processes, data storage,  Label should describe the information
and data destinations moving
2. Flowchart, which is a graphical PROCESS: Represents the transformation of
description of a system. There are several data
types of flow charts, including: DATA STORE: Represents data at rest
a. Document flowchart, which shows CONTEXT DIAGRAM: highest-level DFD; a
the flow of documents and summary-level view of a system, showing the
information between departments data processing system, its input(s) and output(s),
or areas of responsibility and their sources and destinations
b. System flowchart, which shows the
relationship among the input, DATA FLOW DIAGRAM LEVELS
 Context
ACCOUNTING INFORMATION SYSTEM BSAC 3rd yr Cutiee
AIS | Prelims | Semester 2 | Sy. 2024 – 2025
 Highest level (most general) 2. Processing symbols show data
 Purpose: show inputs and outputs processing, either electronically or by
into system hand.
 Characteristics: one process 3. Storage symbols show where data is
symbol only, no data stores stored.
 Level-0 4. Flow and miscellaneous symbols
 Purpose: show all major indicate the flow of data, where flowcharts
activity steps of a system begin or end, where decisions are made,
 Characteristics: processes and how to add explanatory notes to
are labeled 1.0, 2.0, and so flowcharts.
on
Five Data Processing Activities
1. Updating the employee/payroll master file
(first paragraph).
2. Handling employee compensation
(second, fifth, and sixth paragraphs). Later
in this chapter, you will see a breakdown
of this activity into smaller parts in a lower-
level DFD.
3. Generating management reports (third
paragraph).
4. Paying taxes (fourth paragraph).
5. Posting entries to the general ledger (last
paragraph).

DFD Creation Guidelines

- Understand the system
- Ignore certain aspects of the system
- Determine system boundaries
- Develop a context DFD
- Identify data flows
- Group data flows
- Number each process
- Identify transformational processes
- Group transformational processes
- Identify all data stores
- Identify all sources and destinations
- Label all DFD elements
- Subdivide DFD

Flowcharts
 Use symbols to logically depict transaction
processing and the flow of data through a
system.
 Using a pictorial representation is easier to
understand and explain versus a detailed
narrative.

Flowchart Symbols Internal control flowchart - used to describe,

1. Input/output symbols show input to or analyze, and evalu ate internal controls, including
output from a system.
ACCOUNTING INFORMATION SYSTEM BSAC 3rd yr Cutiee
AIS | Prelims | Semester 2 | Sy. 2024 – 2025
identifying system strengths, weaknesses, and
inefficiencies.

Types of Flowcharts
1. Document
a. Illustrates the flow of documents
through an organization
b. Useful for analyzing internal control
procedures
2. System
a. Logical representation of system
inputs, processes, and outputs
b. Useful in systems analysis and
design
3. Program: Represent the logical sequence
of program logic

Business Process Diagrams

 a visual way to describe the different steps
or activi ties in a business process
ACCOUNTING INFORMATION SYSTEM BSAC 3rd yr Cutiee
AIS | Prelims | Semester 2 | Sy. 2024 – 2025
TOPIC 4: Relational Databases Logical view - How people con ceptually
- DATABASE: A set of interrelated, organize, view, and understand the relationships
centrally coordinated data files that are among data items
stored with as little data redundancy as Physical view - The way data are physically
possible. arranged and stored in the computer system.
- DATABASE MANAGEMENT
SYSTEM(DBMS): The program that Schemas
manages and controls the data and the - A description of the data elements in a
interfaces between the data and the database, the relationships among them,
application pro grams that use the data and the logical model used to organize
stored in the database. and describe the data.
- DATABASE SYSTEM: The data base, the Conceptual-level schema - The
DBMS, and the appli cation programs that organization-wide view of the entire database
access the database through the DBMS. that lists all data elements and the relation
- DATABASE ADMINISTRATOR (DBA): ships between them.
The person responsible for coordinating, Three Levels of Schemas
controlling, 1. External-level schema - An in dividual
- DATAWAREHOUSE: Very large user’s view of portions of a database; also
databases containing detailed and called a subschema.
summarized data for a number of years 2. Subschema - A subset of the schema; the
that are used for analysis rather than way the user defines the data and the data
transac tion processing. relationships
- BUSINESS INTELLIGENCE: Analyz ing 3. Internal-level schema - A low-level view
large amounts of data for strategic of the entire database describing how the
decision making data are actually stored and accessed
- ONLINE ANALYTICAL PROCESSING Data Dictionary
(OLAP): Using queries to inves tigate - Information about the structure of the data
hypothesized relation ships among data. base, including a description of each data
- DATA MINING: Using sophis ticated element.
statistical analysis to “discover” DBMS Languages
unhypothesized rela tionships in the data. Data definition language (DDL) - DBMS
language that builds the data dictionary, creates
Advantages of Database Systems the da tabase, describes logical views, and
1. Data integration. Master files are specifies record or field security constraints
combined into large “pools” of data that Data manipulation language (DML) - DBMS
many application programs access. language that changes database content,
2. Data sharing. Integrated data are more including data element cre ations, updates,
easily shared with authorized users. insertions, and deletions.
3. Minimal data redundancy and data Data query language (DQL) - High-level,
inconsistencies English-like, DBMS language that contains power
4. Data independence ful, easy-to-use commands that enable users to
5. Cross-functional analysis. retrieve, sort, order, and display data.
Report writer - DBMS language that simplifies
Database Systems report creation.

Logical and Physical Views of Data Relational Databases

Record layout - Document that shows the items - Data model - An abstract repre sentation
stored in a file, including the order and length of of database contents.
the data fields and the type of data stored. - Relational data model - A two-
dimensional table repre sentation of data;
each row rep resents a unique entity
ACCOUNTING INFORMATION SYSTEM BSAC 3rd yr Cutiee
AIS | Prelims | Semester 2 | Sy. 2024 – 2025
(record) and each column is a field where
record attributes are stored.
- Tuple - A row in a table that contains data
about a specific item in a database table.
TYPES OF ATTRIBUTES:
- Primary key - Database attribute, or
combination of attributes, that uniquely
identifies each row in a table.
- Foreign key - An attribute in a table that is
also a primary key in another table; used
to link the two tables.
ACCOUNTING INFORMATION SYSTEM BSAC 3rd yr Cutiee
AIS | Prelims | Semester 2 | Sy. 2024 – 2025
TOPIC 5: COMPUTER FRAUD Treadway Comission to Reduce Fraud
1. Establish an organizational environment
Common Threats to AIS that contributes to the integrity of the
1. Natural disasters and terorrist threats financial reporting process.
2. Software errors and/or equipment 2. Identify and understand the factors that
malfunction lead to fraudulent financial reporting.
3. Unintentional acts (Human Error) 3. Assess the risk of fraudulent financial
4. Intentional Acts (Computer Crimes) reporting within the company.
4. Design and implement internal controls to
Fraud provide reasonable assurance of
- gaining an unfair advantage over another preventing fraudulent financial reporting.
person.
- Legally, for an act to be fraudulent there SAS 99: AUDITOR;S RESPO TO DETECT
must be: FRAUD
1. A false statement, representation, or  Understand fraud.
disclosure  Discuss the risks of material fraudulent
2. A material fact, which is something that misstatements.
induces a person to act  Obtain information.
3. An intent to deceive  Identify, assess, and respond to risks.
4. A justifiable reliance; that is, the person  Evaluate the results of their audit tests.
relies on the misrepresentation to take an  Document and communicate findings.
action  Incorporate a technology focus.
5. An injury or loss suffered by the victim
The Fraud Triangle
Forms of Fraud
1. Misappropriation of Assets
a. Theft of a companies assers
b. Largest factors for theft of assets
i. Absence of internal control
system
ii. Failure to enforce internal
conrol system
2. Fraudulent financial reporting
a. Decieve investors or creditors
b. Incraese a company’s stock price
c. Meet cash flow needs
d. Hide ompany losses or other
problems
White-collar criminals - Typically, 1. PRESSURE: motivation or incentive to
businesspeople who commit fraud. White-collar commit fraud
criminals usually resort to trickery or cun ning, a. Types:
and their crimes usually involve a violation of trust i. Employee
or confidence. 1. Financial
Corruption - Dishonest conduct by those in 2. Emotional
power which often involves actions that are 3. Lifetstyle
illegitimate, immoral, or incom patible with ethical ii. Financial
standards. 1. Industry conditions
Investment fraud - misrepre senting or leaving 2. Management
out facts in order to promote an investment that characteristics
promises fantastic profits with little or no risk. 2. OPPORTUNITY: condition or situation
thatv allows a person or organization to:
ACCOUNTING INFORMATION SYSTEM BSAC 3rd yr Cutiee
AIS | Prelims | Semester 2 | Sy. 2024 – 2025
a. Commit the fraud
b. Conceal the Fraud COMPUTER FRAUD AND ABUSE
i. Lapping: concealing the TECHNIQUES
theft of cash by means of a HACKING: Unauthorized access, modification, or
series of delays in posting use of an electronic device or some element of a
collections to accounts computer system
receivable.
ii. Check kiting: Creating HIJACKING: Gaining control of someone else’s
cash us ing the lag computer to carry out illicit activities, such as
between the time a check is sending spam without the com puter user’s
deposited and the time it knowledge.
clears the bank.
c. Convert the theft or BOTNET: A network of powerful and dangerous
misrepresentation to personal gain hijacked com puters that are used to attack
3. RATIONALIZATION: justification of illegal systems or spread malware.
behavior - Bot herder: The person who creates a
a. Justification botnet by installing software on PCs that
b. Attitude responds to the bot herder’s electronic
c. Lack of personal integrity instructions.
Computer Fraud
- Any illegal act in which knowledge of ZOMBIE - A hijacked computer, typically part of a
comuper technology is necessary for: botnet, that is used to launch a variety of Internet
o Perpetration attacks.
o Investigation
o Prosecution DENIAL OF SERVICE (DoS) attack - A computer
attack in which the attacker sends so many e-mail
RISE OF COMUPUTER FRAUD: bombs or web page requests, often from
- Definition is not agreed on randomly generated false addresses, that the
- Many go undetected Internet service provider’s e-mail server or the
- High percentage is not reported web server is overloaded and shuts down.
- Lack of network securiy
- Step-by-step guides are easiy available SPAMMING: Simultaneously sending the same
- Law enforvement is overburdened unsolicited message to many people, of ten in an
- Difficuly calculating loss attempt to sell them something

DICTIONARY ATTACK: Using special software to

Computer Fraud Classifications
- INPUT FRAUD: alter or falsify computer guess company e-mail addresses and send them
input. blank e-mail messages.
- PROCESSOR FRAUD: unauthorized
system use SPLOG: Spam blogs created to increase a
- COMPUTER INSTRUCTIONS FRAUD: website’s Google Pagerank, which is how often a
modifying software, illegal copying of web page is referenced by other web pages.
software, using sftware in an unathorized
mnner, creating software oo undergo
unathorized activities
- DATA FRAUD: illegally using, copying,
browsing, seraching or harming company SPOOFING: Altering some part of an electronic
data communication to make it look as if someone else
- OUTPUT FRAUD: stealing, copying, or sent the communication in order to gain the trust
misusing computer printouts or displayed of the recipient.
information
ACCOUNTING INFORMATION SYSTEM BSAC 3rd yr Cutiee
AIS | Prelims | Semester 2 | Sy. 2024 – 2025
- E-mail spoofing - making a sender overwrites the next computer instruction, caus ing
address and other parts of an e-mail the system to crash.
header appear as though the e-mail
originated from a different source. SQL injection (insertion) attack - Inserting a
- Caller ID spoofing - Displaying an malicious SqL query in input such that it is passed
incorrect number on the re cipient’s caller to and executed by an application program. This
ID display to hide the caller’s identity. allows a hacker to convince the application to run
- IP address spoofing - Creating Internet SqL code that it was not intended to execute
Protocol packets with a forged IP address
to hide the sender’s identity or to Man in the MiddLE (MITM) attack - A hacker
impersonate another computer system placing him self between a client and a host to
- Address resolution Protocol (ArP) intercept communications between them
spoofing - Sending fake ArP messages to
an Ethernet LAn. ArP is a computer net Masquerading/impersonation - Gaining
working protocol for determin ing a access to a system by pretending to be an
network host’s hardware address when authorized user. This requires that the per
only its IP or net work address is known petrator know the legitimate user’s ID and
- MAC address - A media Access Control passwords.
address is a hardware address that
uniquely identifies each node on a Piggybacking
network. - Tapping into a communications line and
- SMS spoofing - Using short message elec tronically latching onto a le gitimate
service (SmS) to change the name or user who unknowingly carries the
number a text message appears to come perpetrator into the system.
from. - The clandestine use of a neighbor’s Wi-Fi
- Web-page spoofing - phishing network.
- DNS spoofing - Sniffing the ID of a - An unauthorized person fol lowing an
Domain name System (DnS, the “phone authorized person through a secure door,
book” of the Inter net that converts a bypass ing physical security controls.
domain, or website name, to an IP
address) request and replying before the Password cracking - When an in truder
real DnS server. penetrates a system’s de fenses, steals the file
containing valid passwords, decrypts them, and
Zero Day Attack: An attack between the time a uses them to gain access to programs, files, and
new soft ware vulnerability is discovered and data.
“released into the wild” and the time a software
devel oper releases a patch to fix the problem War dialing - Programming a computer to dial
- Patch - Code released by soft ware thousands of phone lines searching for dial up
developers that fixes a particular software modem lines. hackers hack into the PC attached
vulnerability. to the modem and access the network to which it
is connected.
Cross-site scripting (XSS): vulnerability in
dynamic web pages that allows an at tacker to War driving - Driving around looking for
bypass a browser’s security mechanisms and unprotected home or corporate wireless
instruct the victim’s browser to execute code, networks.
thinking it came from the desired website.
War rocketing - Using rockets to let loose
Buffer overflow attack - When the amount of wireless access points attached to parachutes
data entered into a program is greater than the that de tect unsecured wireless networks.
amount of the input buffer. The input overflow Phreaking - Attacking phone systems to obtain
free phone line access; use phone lines to
ACCOUNTING INFORMATION SYSTEM BSAC 3rd yr Cutiee
AIS | Prelims | Semester 2 | Sy. 2024 – 2025
transmit malware; and to ac cess, steal, and
destroy data. Internet auction fraud - Using an Internet
auction site to de fraud another person.
Data diddling - Changing data before or during
entry into a computer system in order to delete, Internet pump-and-dump fraud - Using the
alter, add, or incorrectly update key system data. Internet to pump up the price of a stock and then
sell it
Data leakage - The unauthorized copying of
company data, often without leaving any indi Click fraud - manipulating the number of times
cation that it was copied. an ad is clicked on to inflate advertising bills.

Podslurping - Using a small de vice with storage Web cramming - offering a free website for a
capacity (iPod, flash drive) to download unau month, develop ing a worthless website, and
thorized data from a computer. charging the phone bill of the people who accept
the offer for months, whether they want to
Salami technique - Stealing tiny slices of money continue using the website or not.
from many dif ferent accounts
Software piracy - The unauthorized copying or
Round-down fraud - Instructing the computer to distribution of copyrighted software.
round down all interest calculations to two
decimal places. The fraction of a cent rounded Social Engineering
down on each calculation is put into the pro - techniques or psychological tricks used to
grammer’s account. get people to comply with the perpetrator’s
wishes in order to gain physical or logical
Economic espionage - Theft of information, access to a building, com puter, server, or
trade secrets, and intellectual property network—usually to get the information
needed to access a system and obtain
Cyber-extortion - Threatening to harm a confidential data.
company or a person if a specified amount of - Seven human traits to reveal information:
money is not paid. o Compassion
o Greed
Cyber-bullying - Using computer technology to o Sex appeal
support delib erate, repeated, and hostile o Sloth
behavior that torments, threat ens, harasses, o Trust
humiliates, em barrasses, or otherwise harms o Urgency
another person.
o Vanity
- Minimize social engineering:
Sexting - Exchanging sexually explicit text
o Never let people follow you into a
messages and revealing pictures with other
restricted building.
people, usually by means of a phone.
o Never log in for someone else on a
computer, especially if you have
Internet terrorism - Using the Internet to disrupt
administrative access.
electronic commerce and harm computers and
o Never give sensitive information
communications.
over the phone or through e-mail.
Internet misinformation - Using the Internet to o Never share passwords or user
spread false or misleading information. IDs.
o Be cautious of anyone you do not
E-mail threats - Threats sent to victims by e-mail. know who is trying to gain access
The threats usually require some follow-up action, through you.
often at great expense to the victim.
ACCOUNTING INFORMATION SYSTEM BSAC 3rd yr Cutiee
AIS | Prelims | Semester 2 | Sy. 2024 – 2025
Identity theft - Assuming someone’s identity, Tabnapping - Secretly changing an already open
usually for economic gain, by illegally ob taining browser tab in order to capture user IDs and
confidential information such as a Social Security passwords when the victim logs back into the site.
num ber or a bank account or credit card number.
Scavenging/dumpster diving - Searching
Pretexting - Using an invented scenario (the documents and records to gain access to con
pretext) that cre ates legitimacy in the target’s fidential information. Scavenging methods include
mind in order to increase the likelihood that a searching garbage cans, communal trash bins,
victim will divulge information or do something and city dumps.

Posing - Creating a seemingly legitimate Shoulder surfing - When perpetrators look over
business, collecting personal information while a person’s shoulders in a public place to get
mak ing a sale, and never delivering the product. information such as ATm PIn numbers or user IDs
and passwords
Phishing - Sending an elec tronic message
pretending to be a legitimate company, usually a Lebanese looping - Inserting a sleeve into an
financial institution, and requesting information or ATm that prevents it from ejecting the card. The
verification of information and often warning of a perpetrator pretends to help the victim, tricking
consequence if it is not provided. the person into entering the PIn again.
- once the victim gives up, the thief removes
Vishing - Voice phishing; it is like phishing except the card and uses it and the PIn to
that the victim enters confidential data by phone. withdraw money.

Carding - Activities performed on stolen credit Skimming - Double-swiping a credit card in a

cards, including making a small online purchase legitimate termi nal or covertly swiping a credit
to determine whether the card is still valid and card in a small, hidden, hand held card reader
buying and sell ing stolen credit card numbers. that records credit card data for later use.

Pharming - redirecting website traffic to a Chipping - Planting a small chip that records
spoofed website. transaction data in a legitimate credit card reader.
- The chip is later removed or electronically
Evil twin - A wireless network with the same accessed to re trieve the data recorded on
name (Service Set Identifier) as a legitimate it.
wireless access point. Users are connected to the
twin because it has a stronger wireless signal or Eavesdropping - Listening to private
the twin disrupts or disables the legitimate access communications or tap ping into data
point. transmissions intended for someone else. one
way to intercept signals is by setting up a wiretap
Typosquatting/UrL hijacking - Setting up
similarly named websites so that users making Malware
typographical errors when entering a website - Any software that is used to do harm
name are sent to an invalid site
Spyware: Software that secretly monitors
QR Barcode replaements:Fraudsters cover valid computer usage, collects personal information
quick response codes with stickers containing a about users, and sends it to someone else, often
replacement qr code to fool people into going to without the computer user’s permission
an unintended site that infects their phones with
malware. Adware: Spyware that causes banner ads to pop
up on a monitor, collects information about the
user’s web-surfing and spending habits, and for
ACCOUNTING INFORMATION SYSTEM BSAC 3rd yr Cutiee
AIS | Prelims | Semester 2 | Sy. 2024 – 2025
wards it to the adware creator, often an unlocked and the confidential information is reas
advertising or media organization. sembled. –
- Adware usually comes bundled with - The host file can still be heard or viewed
freeware and shareware downloaded from because humans are not sensitive enough
the Internet to pick up the slight decrease in image or
sound quality
Torpedo software - Software that destroys
competing mal ware. This sometimes results in Rootkit - A means of concealing system
“malware warfare” between competing malware components and mal ware from the operating
developers. system and other programs; can also modify the
operating system.
Scareware - malicious software of no benefit that
is sold using scare tactics Superzapping - The unauthor ized use of a
- The most common scare tactic is a dire special system program to bypass regular system
warning that a computer is infected with a controls and perform illegal acts.
virus, spyware, or some other catastrophic - The superzap utility was originally written
prob lem. to handle emergencies, such as restoring
a system that had crashed
Ransomware - Software that encrypts programs
and data until a ransom is paid to remove it. Virus - A segment of executable code that
attaches itself to a file, program, or some other
Keylogger - Software that records computer executable system component.
activity, such as a user’s keystrokes, e-mails sent - When the hidden program is triggered, it
and received, websites visited, and chat session makes unauthorized alterations to the way
participation. a system operates

Trojan horse - A set of unau thorized computer Worm - Similar to a virus, except that it is a
instructions in an authorized and otherwise program rather than a code segment hidden in a
properly functioning program host program.
- A worm also copies itself automatically
Time bomb/logic bomb - A program that lies idle and actively transmits itself directly to
until some specified circumstance or a particular other systems
time triggers it. once triggered, the program
sabotages the system by de troying programs or Bluesnarfing - Stealing (snarfing) contact lists,
data. images, and other data using flaws in bluetooth
applications.
Trap door/back door - A set of computer
instructions that allows a user to bypass the sys Bluebugging - Taking control of someone else’s
tem’s normal controls. phone to make or listen to calls, send or read text
messages, connect to the Internet, forward the
Packet sniffers - Programs that capture data victim’s calls, and call numbers that charge fees
from information packets as they travel over the
Internet or company networks.
- Captured data is sifted to find confidential
or proprietary information

Steganography program - A program that can

merge con fidential information with a seemingly
harmless file, pass word protect the file, and send
it anywhere in the world, where the file is
 ACCOUNTING INFORMATION SYSTEM BSAC 3rd yr Cutiee
AIS | Prelims | Semester 2 | Sy. 2024 – 2025
TOPIC 7: INTERNAL CONTROL management and not
 Provide reasonable assurance that objecti misleading
es are met such as:  The auditors were told
o Safegyard ssets about all material internal
o Maintain records in sufficient detail control weaknesses and
to report company assets fraud
avcurately and fairly o New Internal Control Requirements
o Provide accurate and reliable  Management is responsible
inormation for establishing and
o Prepare financil reports in maintaining an adequate
accordance with established internal control system
criteria SOX Management Rules
o Promote and improve operational - Base evaluation of internal control on a
efficiency]encourage adherence to recognized framework
prescribed manaegerial policies - Disclose all material internal control
o Comply with applicable laws and weaknesses
regulations - Conclude a company does not have
Functions Categories effective financial eporting internal controls
Preventive – deter General – overall IC of material weaknesses
problems system and processes
Detective – discover Application – transactions Internal Control Frameworks
problems are processed correctly
Corrective – correct COBIT – Control Objectives for Information
problems and Related Technology
- Business objectives
Sarbanes Oxley (2002) - IT resources
- Designed to prevent financial statement
- IT processes
fraud, make financial reports more
transparent, protect investors, strengten
COSO – Committee of Sponsoring
internal contrrols and punish executives
Organizations
who perpetuate fraud
- Internal control – integrated framework
o Public Company Cccounting
o Control Environment
Oversight Board (PCAOB)
o Control Activities
 Oversight of auditing
o Risk Assesment
profession
o Information and Communication
o New Auditing Rules
o Monitoring
 Partners must rotate
periodically
 Prohibited from performing Enterprise Risk Management Model
certain non-audit services - Risk based vs. control based
o New Roles for Audit Committee - Components
o Internal Environment
 Be part of board of
directors and be o Objective setting
independent o Event identification
 One member must be a o Risk assesment and risk response
financial expert o Control activities
 Oversees external auditors o Information and communication
o New Rules for Management o Monitoring
 Financial statements and
disclosures are fairly
presented – reviewed by
ACCOUNTING INFORMATION SYSTEM BSAC 3rd yr Cutiee
AIS | Prelims | Semester 2 | Sy. 2024 – 2025
Internal Environment
- Management’s philosophy, operating style
and risk appetite
- The board of directors
- Commitment to integrity, ethical vallues
and competence
- Organizational structure
- Methods of assigning authority and
responsibility
- human resource standards
- external influences

Objective Setting
STRATEGIC – high-level goals aligned with
corporate mission
OPERATIONAL – effectiveness and efficiency of
operations
REPORTING – complete and reliable, improve
decision making
COMPLIANCE – laws and regulations are
followed
Control Activities
Event Identification - policies and procedures to provide
- an incident or occurrence emanating from
reasonable assurance that control
internal or external sources that affects
objectives are met
implementation of strategy or achievement
o proper authorization of
of objectives
transactions and activities
o positive or negative impacts
 signature or code on
o events may trigger other events
document to signal
o all events should be anticipated authority over a process
o segregation of duties
Risk Assesment o project development and
IDENTIFY RISK – identify likelihood of risk
acquisition controls
- identify positive or negative impact
o change management controls
o design and use of documents and
TYPES OF RISK
records
INHERENT – risks that exists before any plans
o safeguarding assets, records, and
are made to control it
RESIDUAL – remining risk after controls are in data
place to reduce it o independent checks on
performance
Risk Response Segragation of Accounting Duties
REDUCE – implement effectove internal control - no one employee should be given too
ACCEPT – do nothing, accept likelihood of risk much responsibility
SHARE – buy insurance, outsource, hedge - Separate:
AVOID – do not engage in activity that produce o Authorization – approving
risk transactions and decisions
o Recording
 Preparing source docments
 Entering data into AIS
ACCOUNTING INFORMATION SYSTEM BSAC 3rd yr Cutiee
AIS | Prelims | Semester 2 | Sy. 2024 – 2025
 Maintaining accounting - Employ a security officer and compliance
records officer
o Custory - Engage forensic specialists
 Handling cash, inventory, - Install fraud detection software
fixed assets - Implement a fraud hotline
 Receiving incoming checks
 Waiting checks

Segragation of System Duties

- Should also be separated
- Include:
o System administration
o Network management
o Security management
o Chance management
o Users
o System analysts
o Programmers
o Computer operations
o Information system librarian
o Data control
Information and Communication
Primary purpose of an AIS
- Gather
- Record
- Process
- Summarize
- Communicate
Monitoring
- Evaluate internal control framework
- Effective supervision
- Responsibility accounting system
- Monitor system activities
- Track ourchased software and mobile
devices
- Conduct periodic audits