A Study on the Internal Control of Accounting Information Processing System under the Computer Environment

Transcription

1 A Study on the Internal Control of Accounting Information Processing System under the Computer Environment 1 Hongxia Zhang, 2 Changqing Guo, 3 Qian Sun 1 Jilin University of Finance and Economics, Changchun, Jilin, China,[email protected] 2 Jilin University, Changchun, Jilin, China, @qq.com 3 China Construction Bank co., LTD., SiPing Branch, [email protected] Abstract Since enterprises installed the computer-based accounting information system, the environment for financial accounting and accounting control therein have changed dramatically, and the accounting data processing has been accelerated. In addition, the financial accounting has witnessed great improvement in its accuracy and reliability. Meanwhile, the huge differences between the artificial accounting information processing and computer-based accounting information processing have brought new problems and challenges to the internal control. As a result, it is of great significance to study and enhance the internal control of accounting information processing system under the computer environment. Keywords: Accounting Information Processing System, Internal Control, Computer Environment 1. Introduction The computer-based system has brought us the convenient automated data processing; however, the openness of resources has posed a threat to the financial information security of enterprises. The threat to financial information brought about due to the use of computer-based accounting system has been mainly manifested as follows: firstly, there are bugs present in the system itself, which cause the loss of data; secondly, all kinds of power failures cause the loss of data; thirdly, the human factors cause the data distortion or information leakage. Whatever risk happens, the huge loss will certainly occur to enterprise. It can be said that the introduction of computer-based accounting information system has posed a threat to the internal control of enterprise. The Chinese scholars have also studied the matter concerning how to enhance the internal control of accounting information system under the computer environment from different perspectives. Chen Zhishan (2005) has studied the matter concerning the internal accounting control under computer-based information processing environment [1]. Zhang Yanhong (2007) has studied the methods specific to enhance the internal control of computer-based accounting information system [2]. Xu Nan (2008) has put forward the measures specific to improve and perfect the internal control of accounting information system under computer environment [3]. Liao Min (2011) has studied the cause of information risk present in the computer-based accounting system and also proposed to enhance the internal control of computer-based accounting information system in terms of the process control of computer-based accounting system [4]. The scholars listed above have illustrated how to enhance the internal control of accounting information system from different perspectives; and in this paper, the study is mainly targeted at the internal control of the accounting information processing system that serves as a subsystem of information processing system. 2. Main contents of accounting information processing system under the computer environment It is generally regarded that a system is an organic integrity that comprises several factors bound based on certain structural forms and possesses some sort of functions[5]. The accounting information International Journal of Advancements in Computing Technology(IJACT) Volume4, Number22,December 2012 doi: /ijact.vol4.issue

2 system is one of the most important subsystems in the organizational management information system; it is built by conducting an organic integration between information technology and accounting theory, based on the progress of technology as well as the continuous improvement of accounting theory. The accounting information system can be classified according to the functional structure as accounting information processing system, accounting management information system and accounting decision support system. The accounting information processing system is a computer-based system and can be used for the following purposes: converting the accounting data into information; utilizing the information technology for the collection, storage and processing of accounting information in order to complete the financial account; and providing the auxiliary information used for accounting management, analysis and decision-making. In terms of the process of information formation, the accounting information processing treatment under the computer environment can be classified as three parts, namely information input, information processing and information output. The information input serves as a process, in which such three links as accounting recognition, measurement and accounting voucher records are used to convert the economic transaction occurred in enterprise to the data information recognizable to computer and input them into computer[6]. The information processing serves as a bridge to link information input with information output; the data processing is used to complete financial accounting and generate accounting information; the information output is used to achieve the registration of accounting book as well as the formation of accounting statement; as a result, the accounting record and report can be accomplished finally. The process is detailed in Fig. 1 as follows: Accounting recognition Data input Accounting measurement Accounting voucher record Converting economic transaction to information recognizable to computer Data processing Generation of accounting information Converting economic transaction to information recognizable to computer Data output Record of account book Accounting report Formation of complete accounting information under computer environment Figure 1. Accounting Information Processing System under Computer Environment In terms of function, the accounting information processing system under computer environment mainly comprises payroll accounting subsystem, fixed asset management subsystem, procurement plan subsystem, inventory management subsystem, sales accounting subsystem and the accounting statement subsystem; the relations between all the subsystems and accounting information processing system are seen in Fig

3 Procurement system Warehouse warrant Labor cost Cost accounting system Depreciation cost Fixed asset system Material expense Inventory system Financial accounting subsystem Warehouse-out warrant Sales accounting system Payroll accounting system Statement preparation system Figure 2. Relations among All the Function Systems in Accounting Information Processing System 3.Risks of accounting information processing system under computer environment The accounting information processing under computer environment is conducted following the flow Input----Verify----Keep accounts----settle accounts----extract statement.the process to generate accounting information is manifested as the connection between human and computer. It is particularly important to enhance the internal control of accounting information processing system due to the following reasons: the hardware system of computer is subject to the physical vulnerability; the accuracy and high efficiency of accounting data processing are mainly dependent on the quality and performance of financial software; the accounting data are mainly saved in the disc, floppy or optical disk of computer; and there is no evidence left in case that the electronic data directly recorded on the disk or optical disk are illegally adjusted. The accounting information processing system under the computer environment mainly involves the risks listed below: 3.1. Poor data security The outstanding feature of accounting information processing system under computer environment lies in the centralization of its processing and storage. This poses a certain threat to the data security. Besides, the data are largely concentrated in the magnetic and optical medium and very easy to be deleted or adjusted without any evidence left; in case that the incidents such as fire and water disasters as well as be stolen, etc., all the data are possible to be lost or damaged; meanwhile, the magnetic and optical medium require that the environment shall be water, fire and dust proof, anti-magnetic and be appropriate in temperate; as a result, the vulnerability of data has dramatically increased Errors occur repeatedly The programming of internal control makes the internal control possess irregular dependence and make the errors more likely to occur in a repeated manner. The internal control in the accounting 859

4 information processing system features the integration of artificial control and program control. Many applications of accounting information processing system have contained the internal control function; the validity of internal control programmed depends on application and this can be explained as follows: in case that the errors occur to the program or the program malfunctions, the dependence of people and repeatability of program during running cause the invalid control not be discovered for a long time, so as to make the system more likely to be subject to errors or violations in specific aspects Illegal invocation and amendment of program The transaction authorization and execution of accounting information system differ from that artificial accounting system. The Authorization control is a common and basic internal control; each link in a business transaction shall be signed by some personnel entitled to special permission. However, in the accounting information processing system under the computer environment, the staff can utilize special authorization document or passwords to obtain certain rights or run specific procedure for business processing; in addition, the electronic data directly recorded in the disc or optical disk are illegally amended without any evidence left; as a result, all of what mentioned above will make the accounting information processing system under computer environment be exposed to relatively larger risks Illegal use of computer by corporate personnel Some corporate staff utilize the computers to browse web pages without permission or privately use the mobile devices to cause the whole system be affected by the computer virus, lead to the intrusion of external terminal, make the corporate confidential information be stolen or give rise to the breakdown of the whole system and disappearance of all the financial data[7]. The risks brought about by the internal users require to be guarded against by enforcing the internal control of accounting information processing system under computer environment. 4.Types of internal control of accounting information processing system under computer environment The internal control of accounting information processing system under computer environment is generally classified as two categories: general control and application control (See Fig. 3). They all belong to the special controls generated by the computer-based accounting information processing system and can be used to prevent, discover and correct the errors, faults and failures occurred in system to ensure the normal operation of system and serve as an important guarantee to offer the reliable and timely accounting information. 860

5 Organizational control processing system Internal control of accounting information General control Application control Control of software quality Control of system documents Control of working environment of Control of operation security of Control of information input Control of information processing Control of information output Figure 3. Internal Control of Accounting Information Processing System 4.1. General control The general control refers to control over the development, organization, authentication and application environment of computer based accounting information processing system[8]. The control measures adopted by general control generally apply to the accounting information processing system of a certain unit and provide the environment to each application system. The strength of general control has a direct impact on the accuracy of accounting information; in a manner of speaking, the general control is the basis of application control. The general control mainly comprises: 1. organizational control; 2. quality control of software; 3. Control of system documents; 4. control of working environment of system; 5. control of operation security and others Organizational control: The organizational control refers to the control over organization setup, personnel staffing and internal check and is carried out with a view to separating the incompatible duties of accounting information system, namely the duties that are more likely to increase the errors and faults in case that a certain economic activity is concentrated in one department for handling. In the accounting information processing system, the program design, computer operation and data retention are three basically incompatible duties and must be separated Quality control of software:the quality control of software refers to the control implemented for the sake of ensuring the basic quality of software during the development and application of software. The quality control of software consists of two aspects as follows: one is the quality control of software development, namely requiring the software developers to study and develop a standardized accounting software in line with the specification of software development; the other is the quality control of software application and mainly involves the control of software maintenance, including the maintenance of software during normal use as well as the corresponding amendment and improvement made to the software as the business condition changed Control of archive files:in order to ensure the normal operation of system, it is a must to prepare a complete set of documents during system development. The main documents include: system specification, program specification, data structure specification, operation specification and others. 861

6 4.1.4 Control of working environment:all kinds of equipment in the computer system require a high level of working environment; for example, the antimagnetic and dust-proof environment must be available for the disk on which the information is loaded and other medium, otherwise the performance of these medium in information storage will lower and even be damaged, leading to the suspension of operation. As a result, it is a must to protect the working environment Control of operation security:control of operation security is designed to ensure the safety and confidentiality of accounting computerization software during application; whether the accounting computerization system can operate reliably or not is largely depending on the operation security control of system. The control of operation safety comprises two aspects as follows: one is security control of system files. During the setup and design of system, a series of files concerning the operation of system will be generated and special discs and directories are generally required to store these files. These discs and records will be invoked one by one during the operation of system, which serve as a key to ensure whether the system can operate safely. The other is security control of system operation. In the system software that is solidified during design, most of operation security measures function to prevent the illegal users from operating in the system Application control The application control is designed to control the detailed data processing function; the application control is quite distinctive and the process modes and links differ in various application systems; as a result, there are different control problems and control requirements. However, generally speaking, the application control of computer-based accounting information system consists of: 1. input control; 2. processing control; 3. control of output Control of information input:the input control is designed to control the integrity and correctness of data input. The human-interface operated in the accounting information processing system includes input and output; in terms of the reliability of system operation, the quality control during input is more significant. As long as certain conditions are met, the computer program will accept data; furthermore, as soon as the data were accepted, they will not be inspected by people in all aspects as they were under artificial processing conditions; as a result, in case that the wrong data were input, the accounting information processing system can only deal with the wrong data and the data output finally will definitely incorrect Control of data processing: The data processing control of computer-based accounting information processing system refers to the measures to control the internal data processing activity conducted in the accounting information system; these measures tend to be written into the computer program and therefore, the processing control tends to be automatic control as well. In the computer based accounting system, the accounting business processing must be carried out strictly in compliance with this flow Input----Verify----Keep accounts----settle accounts---- Extract statement ; as a result, the control of data processing is used to ensure all the process data be scientific, accurate and complete Control of information output The output of accounting information processing system contains two types: one involves the output into storage and the other involves the output by printer or display screen; the output control is mainly targeted at the latter. The content of system output can be classified as the output of data processing results and that of control information. The control over the output of data processing results is mainly used to control the accounting bills and other statements, including the control of data accuracy as well as that of distribution & custody. The control information comprises the feedback information of all kinds of programs done by the computer during input control and processing control. 862

7 5. Enhancing the internal control measures of computer-based accounting information processing system 5.1 Enhancing the organization and management control of computer-based accounting information system Enhancing the function control of personnel:the computer-based accounting system is the same as the artificial accounting system in that each business that can cause faults can not be handled by one person or one department to the end, and must be undertaken by several people or departments. The enterprise must start with the computer-based accounting work, conduct the post division and post coordination in a reasonable manner, stipulate the duties of each post clearly, formulate scientific and normative working regulations, establish reasonable and high-efficient workflow, improve the efficiency of accountancy to the greatest extent and guard against and address the risks of accounting work. The posts of computer-based accounting consist of system management, system maintenance, cashier, accounting, audit, accountant officer, accounting archives custody and others. The accounting posts shall be set up in keeping with what required in the internal check system; and the exact duties and authorities shall be given to each post and the software functioning as restricting privilege can be used to authorize each financial staff to conduct system functions; furthermore, in the management of privilege level, the password must be changed irregularly Enhancing the management control of operation of computer:in order to guarantee the operation security of computer system, the measures shall be taken as follows: Firstly, it is required to ensure the safety of equipment in computer room; the computer room shall be kept clean and tidy; the attention shall be paid to the protection against moisture, fire, dust, magnetism, radiation and maintaining a moderate temperature and moisture; furthermore, the management system concerning computer room and equipment shall be formulated. Secondly, the code for operation of computer and operation procedures shall be formulated. The code for operation of computer mainly involves the general provisions made for the work in computer room, including steps of operating switches, procedures for shift change, registration of running log, as well as the time, content and storage location of data backup; furthermore, the provisions also include the usable range of computer and the floppy disk special for cutting off the channel of virus infection. The operation procedures refer to the procedures of concrete operation steps during the business processing of computer, including all kinds of operational order, the usage and application methods of various equipment, the generation and custody of all the records in console, the illustration and treatment of common fault phenomenon, the recovery and reconstruction after failure, the regular detection and maintenance of system as well as the sample report on the program output. In the accounting software, the program control used to prevent the repetition and omission of operation as well as the misoperation shall be designed in order to show revelation and curb during violation of operation procedures and operation time. The system of operation log shall be established and all the operations shall be recorded in the program of computer, including operation time, name of operator and operation content, etc Enhancing the control of accounting archives: It refers to the control over the accounting data stored in the computer disc and magnetic medium or optical discs as well as that stored in written form. In the computer system, one feature that differs from the traditional accounting is the use of magnetic medium to store files, meanwhile the backup is a common means to prevent data loss and damage and conduct data recovery and reconstruction. The double backup system can be implemented to the files stored in magnetic medium in order to ensure the authenticity and reliability of the backup file; each piece shall be indicated with the time to form files and name of operator and it shall be stored in more than two places to avoid the destruction and breakdown of the whole computer-based accounting system caused by natural disasters. When saving these files, being far from magnetic field is required; and emphasis shall be given to the protection against moisture and dust; besides, it is also required to conduct the regular inspection and copy to prevent the accounting file from losing due to the damage of the electromagnetic medium. Furthermore, the file stored in magnetic medium still needs to be saved by different personnel and the paper files shall be checked at regular intervals to guarantee that it not be adjusted or changed. 863

8 5.2.Enhancing the application control of computer-based accounting information system Input control:the input control of computer-based accounting information system is designed to ensure that only the authorized and approved accounting business can be input into the computer system and guarantee the accuracy of data input. The computer is strongly capable in data processing and fast in processing speed, as a result, in case that the operator input the voucher that fails to be approved or the wrong data, a series of errors would be caused and the normal operation of the whole computer was affected; as a result, the enterprise shall strengthen its control over the data input. As for the data input, it is required to obtain the necessary authorization and be inspected by relevant internal control department; secondly, various control methods shall be taken to verify the accuracy of data input; the main methods concerning input control are listed in the figure as follows: (1) the control of sequence number is explained as follows: once the economic transactions occur, the number of original voucher will be unified; when the original voucher enters into the computer department, the personnel for data preparation shall inspect the sequence number mentioned above to prove that there is neither number missing nor double sign; in case that there is the number missing, it shows that the voucher loss may occur; in case that there is double sign, the illegal data may occur; (2) the control of total amount of data is explained as follows: the total amount of data record is calculated by the business department and accounting information processing system respectively and both of them are checked for consistency, as the control information of data processing; after the data were input into the computer, the program is executed to accumulate the data record output its result; in case that the accumulated data output is consistent with the total amount of data record calculated by the departments mentioned above, it can be regarded that all the data are input correctly; (3) the control of data conversion is mainly designed to prevent and find out the errors generated when Control of sequence number Control of total amount of data Checking the integrity of voucher input in economic transaction Checking the correctness of data input Control methods of data input Control of data conversion Control of input securty Control of program detection Checking the correctness of data Avoiding illegal startup of system and inputting illegal data Automatically finding the error of input data by program Control of error corection Figure 4. Control methods of data input Offering the opportunity for amendment and re-input converting the economic transaction into the type that is recognizable to computer. This type of control includes: inspection of check bit as well as repeatable input in twice; (4) the control of input security refers to that the startup or operation password shall be set for the input of procedure document and data document of human-computer interface in order to control the security 864

9 of input and avoid the illegal startup of system and input of illegal data; (5) the control of program inspection. It is a method to automatically find out the error of input data by the execution of program; the detection program commonly used can be classified as: blank check, relativity check, range check and balance check; (6) the control of error correction. It is designed to allow the data that fail to pass the control of total amount of data to be amended and re-input. This control includes the formal procedure used for correction and re-input as well as written records established for all the data that are rejected to be accepted, etc Control of processing:the control of processing of computer based accounting information system refers to the measures to control internal data processing activities of accounting computerization information system and these measures tend to be written in computer program; as a result, the control of processing tends to be the automatic control as well. In the computer-based accounting system, the accounting business processing must be carried out strictly in compliance with this flow Input----Verify----Keep accounts----settle accounts---- Extract statement ; in case that the voucher input fails to be checked, the system does not allow keeping accounts; in case that the accounts are kept for voucher, the system shall offer prompt to avoid keeping accounting in a repeated manner. As for the control of data amendment, if the error is discovered before the end of processing, it can be written into the document to be processed and input and processed again with the business data of the same batch or other batch after correction; if the error is discovered after the end of processing, the function of counter keeping accounts and counter settling accounts shall be used with caution and the principle of Amending with trace must be reflected and this can be explained as follows: as for the voucher that is entered into account, the system can only function as amending with trace; as for the voucher and account book whose accounts have been settled as well as the report data generated by the account book of computer, the system does not offer the function of amending; besides, for each amendment, the method of generating log files by the system itself shall be adopted to make a chronological record for the amended information concerning name of operator, data and contents in order to achieve an effective supervision to data amendment Control of output:the data output control of computer-based accounting information system is mainly designed to ensure the correctness and integrity of output information. The control of output data is generally used to make sure through inspection whether the output data be consistent with the input data, the output data be complete, the output result be correct; and the permission for output shall be set up and the output instruction shall not be executed or the relevant confidential documents shall not be offered without permission and approval. In addition, in order to ensure that the output result can be delivered to the legal output object and the document transmission is safe and correct and also guarantee that there are explicit stipulations concerning the transmission object and copies of data. The paper accounting materials output shall be collected, registered, distributed, kept and checked by specially designated person for checking its integrity and correctness, inspecting whether the number of account book and statement printed are consecutive and ensuring whether there is number missing or double sign; all in all, all kinds of technical means are adopted to ensure the data to be transmitted in correct, safe and reliable manner Improving the quality of accountants The accountants shall master not only the solid accounting knowledge and skills but also the corresponding knowledge concerning computer and software application. The main duties of accountants have been transferred from concurrent keeping accounts, casting accounts and post submitting accounts to the forecast and planning in advance, concurrent control and supervision as well as post analysis and decision-making. As a result, it is required that the accountants shall not only be acquainted with the knowledge concerning management and decision making, but also be capable of utilizing the information technology to accomplish the analysis and assessment to the information system and resources. The versatile talents are cultivated in the computer-based accounting information system that brings the competencies, code of ethics and standard of behavior directly into the internal control structure. Various training programs are implemented to improve the quality of accountants and 865

10 the post assessment is conducted, in which the staff can only work on his post after qualified training. 6. References [1] Chen Zhishan, Internal Accounting Control under Computer-based Information Processing Environment, Journal of Sci-Tec Information Development and Economy, vol.15, no.9, pp , [2] Zhang Yanhong, Internal Control of Computer-based Accounting Information System, Journal of China Township Enterprises Accounting, vol.26, no.7, pp , [3] Xu Nan, Internal Control under Computer-based Accounting In formation System, Journal of The South of China Today (Version of Theoretical Innovation), vol.91, no.5, pp , [4] Liao Min, Information Risk of Computer-based Accounting System and Internal Control of Enterprise, Journal of Foreign Investment in China, vol. 243, no.5, pp , [5] Wenyi Li, Yong Mu, "Two-dimensional Model of Financial Accounting System Implementation Based on Customer Awareness in China", AISS, vol. 3, no. 9, pp , [6] Yuan Wang, Yihua Zhang, "Research on Efficiency and Efficiency Dynamic Change of China Accounting Firms Based on DEA- Malmquist Index Model", AISS, vol.4,no. 12, pp , [7] Hongjun Guan, "Design of Team Economic Accounting Management System in Petrochemical Industry ", JDCTA, vol. 5, no. 1, pp , [8] Guo Yaxiong,"Evolution and Thinking of the Accounting Supervision Mode of China s State-owned Enterprises", JDCTA, vol. 5, no. 6, pp ,