financial information system notes
TRANSCRIPT
Financial Information System
1. Why is business finance important?
Finance plays a central role in a business, so financial information does as well. Without money a
business could not exist: it could not pay its expenses, it could not acquire inventory, and it could not
employ labor. It would not want to exist: businesses exist to make money, that is, a profit. All businesses
require a level of finance to get started, and then a balance of money coming in and going out in order
to stay in existence. Business’s finances play an important, indeed, central role in what it does.
Most of a business's stakeholders have finance at stake in the business; shareholders and
lenders obviously invest directly in the business, but in addition managers' and other employees'
personal finances depend on it, suppliers need to be paid by it, customers depends on it for
goods and services that will in turn support their finances, and the government wants tax
revenue from it
The primary objective of a business is a financial one: to make money for shareholders (to
increase their wealth by creating shareholder value)
Finance is a separate function in the organizational structure of most businesses
How much finance the business needs and how this can be raised often determine the legal
form it takes
Together with its competitive strategy and its investment strategy, the business's financial
strategy is central to its overall corporate strategy
Businesses are exposed to financial risks of various kinds and must find ways of managing these
risks Because of the central importance of finance in a business it follows that information on
the business's finances will be needed.
2. Uses and types of financial information
Businesses and managers require financial information for:
Planning Controlling Recording transactions Performance measurement Decision making
2.1.1 Planning
Once a decision has been made, say on what competitive strategy to follow, it is necessary to plan how to implement the steps necessary to make it effective. Planning requires knowledge of, among other things, available resources, possible time-scales for implementation and the likely outcome under alternative scenarios.
2.1.2 Controlling
Once a plan is implemented, its actual performance must be controlled. Information is required to assess whether implementation is proceeding as planned or whether there is some unexpected deviation from plan. It may consequently be necessary to take some form of corrective action.
2.1.3 Recording transactions
Information about each transaction or event is required for a number of reasons.
Documentation of transactions can be used as evidence in a case of dispute
There may be a legal requirement to record transactions, for example for accounting and audit purposes
Detailed information on production costs can be built up, allowing a better assessment of profitability
The efficiency of labour utilised in providing a particular service can be measured
2.1.4 Performance measurement
Just as individual operations need to be controlled, so overall performance must be measured in order to enable comparisons of the actual outcome with the plan. This may involve collecting information on,for example, costs, revenues, volumes, time-scale and profitability.
2.1.5 Decision making
Information is required as a basis on which to make informed decisions. This completes the full circle of the business management process.
2.2 Type of information
Information can be classified according to the use to which it is put. The same type of information will note provided to a front-line manager of a team of machine operatives as to the board of directors. This is because the front-line manager needs to know how many operatives can be employed on one shift, for instance, while the board of directors want to know whether enough skilled operatives can be available in the medium-term to resource increased production of a successful new product.
Information can thus be classified as follows.
Planning information helps people involved in the planning process
Operational information helps people carry out their day-to-day activities, eg how many operatives are needed on one shift
Tactical information helps people deal with short-term issues and opportunities, eg monthly variance reports for the factory
Strategic information supports major long-term decision-making, eg can resources be made available to expand production?
3 Qualities of good information
Quality Example
Accurate Figures should add up, the degree of rounding should be appropriate, there should be no typographical errors, items should be allocated to the correct category, and assumptions should be stated for uncertain information (no spurious accuracy).
Complete Information should include everything that it needs to include, for example external data if relevant, or comparative information.
Cost-beneficial It should not cost more to obtain the information than the benefit derived from having it. Providers of information should be given efficient means of collecting and analyzing it. Presentation should be such that users do not waste time working out what it means.
User-targeted the needs of the user should be borne in mind, for instance senior managers may require summaries, whereas junior ones may require detail.
Relevant Information that is not needed for a decision should be omitted, no matter how 'interesting' it may be.
Authoritative The source of the information should be a reliable one Timely The information should be available when it is needed. Easy to use Information should be clearly presented, not excessively long, and sent using the
right medium and communication channel (e-mail, telephone, hard-copy report etc).
4.1 What are data and information?
These two terms are often used interchangeably and it is useful at this point to make sure you are clear about the distinction between them.
Definition
Data (plural; singular is 'datum'): Distinct pieces of information, which can exist in a variety of forms –as numbers or text on pieces of paper, as bits or bytes stored in electronic memory, or as facts stored in a person's mind.
Information: The output of whatever system is used to process data. This may be a computer system, turning single pieces of data into a report, for instance.
4.2 Internal data sources
Capturing data/information from inside the organization involves the following.
A system for collecting or measuring transactions data – for example sales, purchases, inventory etc – which sets out procedures for what data is collected, how frequently, by whom, and by what methods, and how it is processed, filed or communicated.
Informal communication of information between managers and staff (for example, byword-of-mouth or at meetings).
Communication between managers.
Inside the business, data/information comes from the following internal sources.
The accounting records: sales ledgers, purchase ledgers, general ledgers and cash books etc hold information that may be of great value outside the finance function, for example, sales information fort he marketing function. To maintain the integrity of its accounting records, a business operates controls over transactions. These also give rise to valuable information. An inventory control system,
Human resources and payroll records, holding information on people, their skills and aspirations, and so on
Machine logs and computer systems in production/operations containing information about machine capacity, fuel consumption, movement of people, materials, and work in progress, set up times, maintenance requirements and so on
Timesheets in service businesses, notably accountants and solicitors, containing data on the time spent on various activities, both to justify fees to clients and to assess the efficiency and profitability of operations
Staff. Information may be obtained either informally in the course of day-to-day business or throughmeetings, interviews or questionnaires
4.3 External data sources
Capturing data information from outside the business may be formal or informal.
Formal collection of data from outside sources includes the following.
A business's tax specialists will gather information about changes in tax law and how this will affect the business-VAT
Obtaining information about any new legislation on health and safety at work, or employment regulations, must be the responsibility of a particular person who must then pass on the information to managers affected by it
Research and development (R&D) work often relies on information about other R&D work being done by another business or by government institutions
Marketing managers need to know about the opinions and buying attitudes of potential customers.
To obtain this information, they carry out marketing research exercises
Informal gathering of information from the environment goes on all the time, consciously or unconsciously, because the employees of an organization learn what is going on in the world around them – perhaps from the internet, newspapers, television reports, meetings with business associates or the trade press.
A business's files (paper and computerized) include information from external sources such as invoices, letters, e-mails, advertisements and so on received from customers and suppliers. Sometimes additional external information is required, requiring an active search outside the business.
The following sources may be identified.
The internet The government Advice or information bureau, such as Reuters or Bloomberg Consultancies of all sorts Newspaper and magazine publishers Specific reference works which are used in a particular line of work Libraries and information services The systems of other businesses via electronic data interchange (EDI)
5 Information processing
In the information processing system data is input, processed and then output as information.
Information processing needs to be complete, accurate, timely, inalterable, verifiable and assessable
5.1 How is data/information processed?
Definition
Information processing: Data once collected is converted into information for communicating more widely within the business. To be effective, information processing should meet the following criteria:
Completeness Everything that needs to be processed should be processed. Accuracy Processing should be done so that the data remains true to its sources, and the
information produced contains no errors. Timeliness Processing should occur in line with data availability and information needs, which
means real time (instantaneously) in many cases. Inalterability The process should be open to neither unauthorized intervention whilst in action
nor alteration once completed (this aids accuracy and security). Verifiability The sources of the data and the trail from data through processing to information
should be capable of being followed through. Assess ability The effectiveness of the processing should be open to scrutiny so that its quality
can be judged.
5.2 Information systems
Just as materials and labor are processed into outputs by the business's production or operations system, so are data processed into information by the business's information systems.
Definitions
A system: A set of interacting components that operate together to accomplish a purpose.
A business system: A collection of people, machines and methods organized to accomplish a set of specific functions.
Information systems (IS): All systems and procedures involved in the collection, storage, production and distribution of information.
Information technology (IT): The equipment used to capture, store, transmit or present information. IT provides a large part of the information systems infrastructure.
A system has three component parts: inputs, processes and outputs. Other key characteristics of a system are the environment and the system boundary
Information system
1. The data input may be output from other systems: for example, the output from transactions 2. Processing system forms the input for a management information system (as we shall see)
Processing transforms input data into output information. There is not necessarily a clear relationship between the number of inputs to a process and the number of outputs
3. Output information is the result of the processing 4. A system boundary separates the information system from its environment. For example, the
marketing information system and the accounting information system are generally separate, but there may be an interface between the two systems to allow the exchange of resources. There may also be interfaces between internal and external information systems, for instance between a processing system and the sales system of its major suppliers
Anything which is outside the system boundary belongs to the system's environment and not to the system itself. A system accepts inputs from the environment and provides outputs into the environment. The parts of the environment from which the system receives inputs may not be the same as those to which it delivers outputs. The environment exerts a considerable influence on the behavior of a system; but the system can do little to control the behavior of the environment
Types of MIS
Financial information system The transaction processing system, and The management information system Expert system
Transaction processing system
Transaction processing system (TPS): A system which performs records and processes routine transactions. A TPS is used for routine tasks in which data items or transactions must be processed so that operations can continue. A TPS supports most business functions in most types of businesses.
5.4 The management information system (MIS)
Definition
Management information system (MIS): Converts data from mainly internal sources into information (eg summary reports, exception reports). This information enables managers to make timely and effective decisions for planning, directing and controlling the activities for which they are responsible.
An MIS provides regular reports and (usually) on-line access to the business's current and historical performance. The MIS transforms data from underlying TPS into summarised files that are used as the basis for management reports. It:
Supports structured decisions at operational and management control levels Is designed to report on existing operations Has little analytical capability Is relatively inflexible Has an internal focus
5.5 Expert systems
Expert systems allow users to benefit from expert knowledge and information. The system will consist of a database holding specialized data and rules about what to do in, or how to interpret, a given set of circumstances.
Business and finance
Business applications of expert systems:
Legal or tax advice Forecasting of economic or financial developments, or of market and customer behavior Surveillance, for example of the number of customers entering a supermarket, to decide what
shelves need restocking and when more checkouts need to be opened, or of machines in a factory, to determine when they need maintenance
Diagnostic systems, to identify causes of problems, for example in production control in a factory, or in healthcare
Project management Education and training, diagnosing a student's or worker's weaknesses and providing or
recommending extra instruction as appropriate
Conditions when expert systems are most useful:
The problem is reasonably well-defined The expert can define some rules by which the problem can be solved The problem cannot be solved by conventional transaction processing or data handling The expert could be released to more difficult problems. Experts are often highly paid, meaning
thevalue of even small time savings is likely to be significant The investment in an expert system is cost-justified
The output of all the systems become an input to a financial information system
Financial Management Information System (FMIS)
FMIS usually refers to computerization of expenditure management processes including budget formulation, budget execution, and accounting with the help of a fully integrated system A financial management information system, or integrated financial management information system (IFMIS), is an information system that tracks financial events and summarizes financial information. The term “IFMIS” refers to the use of information and communications technology in financial operations to support management and budget decisions, fiduciary responsibilities, and the preparation of financial reports and statements As the name implies, there are, and should be, three guiding characteristics for a well-designed FMIS:
1. It is a management tool. When developing an FMIS it is important that it cater to management
needs – not just those of the central agencies, but also line agencies. Moreover, as a
management tool it should support the management of change. It must be viewed as an integral
part of budget system reform – hence not be designed just to meet present requirements, but
also to support those needs that are likely to arise as parallel budget peforms are implemented.
2. It should provide a wide range of nonfinancial and financial information. As a tool of
management it should provide the information required for decision making. It should be
designed to perform all necessary accounting functions as well as generate custom reports for
internal and external use. However, this does not mean that it should exclusively concentrate on
financial information. Managers will require other nonfinancial information.
3. It is a system. Its role is to connect, accumulate, process, and then provide information to all
parties in the budget system on a continuous basis. All participants in the system, therefore,
need to be able to access the system, and to derive the specific information they require to
carry out their different functions.
In a nut shell the system has the following basic features:
1. Standard data classification for recording financial events;
Importance of Coding for FISs
Record, store, classify, and retrieve information
Utilize numeric and alphanumeric codes
Design Considerations
Must serve a useful purpose
Must be consistent
Plan for future expansion
Types of code
Sequential- Documents are numbered consecutively to account form them, any gaps in the sequence code indicate missing documents that should be investigated.
Block -Blocks of numbers within a numerical sequence reserved for categories having meaning to the user.
Group codes -Two or more subgroups of digits that are used to code an item. A group code is often used in conjunction with a block code.
Mnemonic Codes-Helps user remember what they represent
2. Internal controls over data entry, transaction processing, and reporting
Efficiency data entry technique
Pre-numbered and well-designed documents
Validating data
Correcting detected errors before the data are posted to the general ledger
Compiling standardized adjusted entries
Pre-computing batch control totals
Using turn around document
Report Design Considerations
o Should be effective
o Expectations of outputs
Outputs of an AIS
o Reports to management
o Reports to investors and creditors
o Files retaining transaction data
o Files retaining current data about accounts
3. Common processes for similar transactions and a system design that eliminates unnecessary duplication of data entry. Advantages of IFMIS
Provide timely, accurate, and consistent data for management and budget decision-making; Support policy decisions; Integrate budget and budget execution data, allowing greater financial control and reducing
opportunities for discretion in the use funds; Facilitate financial statement preparation; and Provide a complete audit trail to facilitate audits.
Reactive information (provided by the operating systems, analysis instruments, scenarios,
investment alternatives, cash flow alternatives etc.) for supporting the manager’s decisions;
Correlation between costs and prices (monitoring the profitability of products and activities);
Planning the production based on a forecast, contracts, planning the supply based on a global
image regarding existent stocks (the high costs for supplying and storage/massive stock
immobilization are reduced);
Controlling ongoing investment projects and budgets that are grouped in
operations/expenditure/stages in real time, as well as monitoring expenses for investment
projects;
A centralized basis that comprises information regarding clients and suppliers (including
contracts, requests and their settlements) and high costs for providing services;
The possibility of eliminating redundant information ;
Shortening the time used for making decisions and direct access to the information of all levels
of decision;
Channeling financial resources in one direction thus eliminating integrating costs;
The possibility of correlating results and performing complex analyses regarding the activities;
Attributes of a well-designed FMIS
The FMIS should:
Be modular, and capable of progressive upgrading to cater to future needs;
Offer a common platform and user interface to the stakeholders in different department
responsible for financial management, for adding to and accessing the information database (in
its absence each agency will have the incentive to develop “its own” FMIS to meet its currently
perceived needs);
Maintain a historical database of budget and expenditure plans; transaction data at the highest
level of detail; cash flows and bank account operations including cheques issued, cancelled, and
paid, cash balances and floats;
Have dedicated modules to handle monthly, rolling, short-term (one to three months) and
longer-term (three months to end of year) forward estimates of revenues, and expenditures
prepared by agencies, and corresponding estimates of the resulting cash flows;
Have built-in analytical tools to offer trend analysis of various elements of fiscal operations to
permit a forward look at the emerging events bearing on the fiscal stance;
Compile formal accounts from the database of authorizations and cash allocations, primary
revenue and expenditure transactions of the agencies; and treasury operations, avoiding the
need to duplicate data entry for accounting purposes;
Enable real-time reconciliation of parallel but related streams of transaction data – at the
agency level: cheques issued with those paid by the banks; at treasury: receipts from banks with
the cheques paid by taxpayers; cash balances reflected in the agency ledgers with the cash
balances in the banks;
Mechanize all possible routine tasks at the central and spending agencies – generating various
forms/authorizations, cheques, outputting hard copies of key registers and statements, etc.; and
Be flexible enough to provide user-defined management information, aggregated at the desired
level of detail, from the database.
BASIC COMPONENTS OF FMIS An IFMIS will generally consist of several distinct components or modules that use information to perform different functions.
1. General Ledger -At the core of the system is the General Ledger. The General Ledger constitutes
the central “books” of any IFMIS. Every transaction entered into the system posts to the General Ledger, starting with the allocation of budget funds through to the commitments to payment for goods and services
2. Cash Management – monitors and forecasts cash flows and financing requirements, and performs reconciliation between bank accounts and IFMIS records.
3. Commitment control – ensures that before a purchase is committed to, there is sufficient cash
allocated for the expense and the allocation matches the appropriated budget.
4. Accounts payable – Processes and generates payments, with built-in checks to ensure invoices match approved commitments.
5. Accounts receivable – produces bills and processes and records receipts, including all types of inflows received by government units, including nontax revenues and fees.
6. Budget preparation/planning
7. Procurement and contracts management
8. Payroll and human resources
9. Revenue administration (tax and customs)
10. Debt management
11. Assets management
FMIS architecture
Main Steps in Introducing an FMIS
Stage 1: Preparatory
- Preliminary concept design including an institutional and organizational assessment
- Analysis of the key problem areas and ongoing reform programs
- Feasibility study
- Design project and draft project proposal
- Formal approval of the project-securing government approval and donors’ funding
Stage 2: Design
- Develop functional specification
- Outline information technology (IT) strategy, including hardware and organizational issues
- Prepare tender documents
Stage 3: Procurement
- Issue tenders for hardware and software and associated requirements
- Evaluation of bids and award contract
Stage 4: Implementation
- Configuration analysis and specify any additional IT, infrastructure, and communication requirements
- Detailed business process and gap analysis mapping required functionality to package and identifying and specifying detailed parameterization, customization, procedural etc, changes
- Detailed action plan for phased implementation and the pilot-run of the system
- Agreed customization and configuration of the system
- Determine training needs and conduct training of personnel
- Pilot run—parallel run of the system, resolve initial problems and evaluate system performance for roll-out
- Roll-out system to other ministries and agencies
- Phased implementation of additional modules
- Strengthening of internal system support and phasing out consultant/contractor support
SYSTEMS ACQUISITION AND SOFTWARE DEVELOPMENT After a system is designed, either partially or fully, the next phase of the systems development starts which relates to the acquisition of hardware, software and services. In this section, we will explore how this process takes place. Procuring Computer Hardware
Selecting a computer is a major commitment for any organisation not only because of its high cost but also since a computer has a profound and long range effect on a company’s operations. The user depends upon the vendor for support services, systems design, education and training etc, and expansion of computer installation for almost an indefinite period. Hence, selection of a computer
may be made after careful appraisal of various factors. Following points may be born in mind at the time of selection of a computer system:
(i) All computer systems offered in the market today have good hardware, competent software and roughly similar facilities. Due to the rapid development of computer technology, the more recent the computer, the better its performance is and the lower its cost. Therefore, as far as possible the latest possible technology should be acquired.
(ii) ) Computer performance for commercial work is mainly determiend by the speeds and capabilities of input/output and storage peripherals. Scientific, engineering and operations problems require good computational facilities. Thus, the efficiency of a computer in handling such problems will depend on the main storage available and the instrution execution speed, and repertoire. A comparison along these lines can be made quickly and quite effectively.
(iii) The software supplied by the manufacturer may make a significant difference if it contains a package of special applicability to the jobs envisaged. Experts maintain that since hardware speed and facilities are uniformly good, today the selection of computer should be made on software considerations.
(iv) Modern computers are marketed as series of compatible machines with increasingly powerful central processors and interchangeable peripherals. Thus, the choice of a computer really becomes a choice of a model within a series, based on a long range plan of expansion.
(v) The selection of a computer does not end within the choice of a manufacturer and a model. It continues to the selection of a configuration and a plan for its gradual expansion.
(vi) Software acquisition: Make or Buy: At this stage, the system developers must determine whether the application software should be created in-house or acquired from a vendor. This decision is often called the make-or-buy decision. In the past several years, pre-packaged application software or application software packages have become increasingly popular for many business functions, including accounting (for example, payroll and personnel accounting), general ledger, manufacturing, financial planning and numerous other applications. Many of these packages consist of several programs and a complete set of documentation tools. Vendors providing these software packages even impart training about how to use the software to its full potential. Factors affecting the “make or buy” decision of application software are as follows:
Availability of skilled manpower: If sufficient number of programmers is not available, the organization may be forced to purchase packages that it otherwise would develop.
Cost of programming: In case the cost of developing the software is more than the price of pre-written software, the organization may decide to buy the software.
Backlog of program: The in-house software development takes long time. If there is lot of backlog of programs awaiting development, the organization may choose to buy the software.
Suitability of software: Sometimes the available software may not be suitable for specific needs of the organization. Hence, it may be better to develop software in such instances.
Time frame available for implementation: If the time available for implementation of the new computerized system is very short, the organization may decide to buy the software.
Availability of sophisticated software: In many instances, the programs available for purch Steps involved in Selection of A Computer System :
The selection of an appropriate computer system, both hardware and application software package demands a high level of expertise and many organisations use a consultant either to provide guidance to their personnel or to manage this activity. The steps involved in selection of a computer system are:
1. Prepare the design specifications.
2. Prepare and distribute an RFP (Request for proposal) to selected computer vendors.
3. On the basis of an analysis of proposals, eliminate vendors whose proposals are inferior.
4. Have vendors present their proposals.
5. Conduct further analysis of the proposals.
6. Contact present users of the proposed systems.
7. Conduct equipment benchmark tests.
8. Select the equipment.
Conversion and start-up from Manual to Computerised System: Conversion or changeover is the process of changing from the old system (manual system) to the new system. It requires careful planning to establish the basic approach to be used in the actual changeover. There are many conversion strategies available to the analyst who has to take into account several organisational variables in deciding which conversion strategy to use. The five strategies used for conversion from manual to computerised system are briefly discussed below: (i) Direct Changeover: Conversion by direct changeover means that on a specified date, the old system is dropped and the new system is put into use. Advantages: The users have no possibility of using the old system other than the new one. Adaptation is a necessity.
Disadvantages: Direct changeover can only be successful if extensive testing is done beforehand. Long delays might ensue if errors occur. Also, users may resent being forced into using an unfamiliar system without recourse.
Finally, there is no adequate way to compare new results with old ones.
(ii) Parallel Conversion: This refers to running the old systems and the new system at the same time, in parallel. This approach works best when a computerized system replaces a manual one. Both systems are run simultaneously for a specified period of time and the reliability of results is examined. When the same results are gained over time, the new system is put into use and the old one is scrapped. Advantages: There is a possibility of checking new data against old data in order to catch any errors in the processing of the new system. It also offers a feeling of security to users who are not forced to make an abrupt change to the new system.
Disadvantages: Cost of running two systems at the same time is high. The workload of employees during conversion is almost doubled. In case the system being replaced is a manual one, it is difficult to make comparisons between output of the new system and the old one.
(iii) Gradual Conversion: It attempts to combine the best features of the earlier two plans, without incurring the risks. In this plan, the volume of transactions is gradually increased as the system is phased in.
Advantages: It allows users to get involved with the system gradually. It also offers the possibility of detecting and recovering from the errors without a lot of downtime.
Disadvantages: It takes too long to get the new system in place. It is not appropriate for conversion of small, uncomplicated systems.
(iv) Modular Prototype Conversion: This approach of conversion uses the building of modular, operational prototypes to change from old system to new in a gradual manner. As each module is modified and accepted, it is put into use.
Advantages: Each module is thoroughly tested before being used. Users become familiar with each module as it becomes operational.
Disadvantages: Many times prototyping is not feasible and hence this conversion method cannot be used for such systems. Further, under this approach, special attention must be paid to interfaces so that the modules being built actually work as a system.
(v) Distributed Conversion: This refers to a situation in which many installations of the same system are contemplated, such as in banking. One entire conversion is done using any of the aforesaid four approaches at any one site. When that conversion is successfully completed, other conversions are done for other sites.
Advantages: Problems can be detected and contained at one site rather than inflicting them, in succession, on all sites.
Disadvantages: Even when one conversion is successful, each site will have its own peculiarities to work through and these must be handled.
What is financial information used for?
Users use financial information to make economic decisions, such as those to:
Decide when to buy, hold or sell shares on the basis of their risk and return Assess how effectively the business's management has looked after its affairs (its stewardship)
and decide whether to replace or reappoint them Assess a business's ability to provide benefits to its employees Assess security for amounts lent to the business
Who uses financial information?
Users Need financial information to: Present and potential investors (shareholders) Make investment decisions, therefore need information on:
– Risk and return of investment – Ability of company to pay dividends
Employees Assess their employer's stability and profitability Assess their employer's ability to provide remuneration, employment opportunities and retirement and other benefits
Customers Assess whether business will continue in existence – important where customers have a long-term involvement with, or are dependent on, the business, eg where they are supply chain partners
Suppliers and other business partners-Assess the likelihood of being paid when due Governments and its agencies -Assess allocation of resources and, therefore, activities of
o businesses o Assist in regulating activities o Assess taxation income o Provide a basis for national statistics o Help direct policy on, for instance, health and safety and equal opportunities issues
The public and community representatives - Assess trends and recent developments in the business's prosperity and its activities – important where the business makes a substantial contribution to a local economy, eg by providing employment and using local suppliers
Lenders - Assess whether loans will be repaid, and related interest willbe paid, when due
When is financial information useful? Financial information is useful to users when it:
Helps them to make economic decisions, and Shows the results of management's stewardship of the resources entrusted to them For
financial information to meet these two objectives it must be prepared on the basis of two underlying assumptions:
The accrual basis of accounting: the effects of transactions and other events are recognized when they occur (not as they are realized in cash), and they are recorded and reported in the financial statements of the periods to which they relate
The business is a going concern and will continue in operation for the foreseeable future
7.4 Information for making economic decisions and making managers accountable
When users make economic decisions they need financial information to evaluate: The ability of a business to generate cash so as to
– Pay employees and suppliers – Meet interest payments – Repay loans and – Pay dividends
The timing and certainty of cash flows In order to make the evaluation as to whether the business can generate sufficient cash on time
the user needs information on the business's:
Financial position (its balance sheet, which is now more formally known as the 'statement of financial position' following the revision of IAS 1 Presentation of Financial Statements in September 2007)
Financial performance (its income statement, or 'statement of comprehensive income' in IAS 1 (revised) terminology) andChanges in financial position (its cash flow statement, or 'statement
of cash flows' in IAS 1 (revised) terminology)
7.4.1 Information on the financial position
7.4.2 Information on financial performance
Information on the business's profitability, especially variability in profits over time, helps the user to predictor assess:
Potential changes in the economic resources the business is likely to control in the future The business's capacity to generate cash flows from its existing resource base How effectively the business might employ additional resources
7.4.3 Information on changes in financial position
Information on the business's past cash flows helps the user to predict or assess its investing, financing and operating activities during the reporting period. This helps the user to assess:
How able the business is at generating cash How well the business uses cash that it has generated
7.5 Qualitative characteristics of financial statements
Definition
Qualitative characteristics: The attributes that make information provided in financial statements usefulto users
Understandability Relevance Reliability, and Comparability
7.5.1 Understandability
Information should be readily understandable. Users are assumed to have a reasonable knowledge of economic and business affairs and to be willing to be reasonably diligent in the way they study financial information. Relevant information should not be excluded from financial statements merely because it is hard to understand.
7.5.2 Relevance
Information is relevant to users when it influences their economic decisions because they can thereby: Evaluate past, present or future events, or Correct or confirm past evaluations
Information need not be in the form of a forecast for it to help users make predictions, but it helps them if unusual, abnormal or infrequent items are separately disclosed.
Relevance is affected by:
The nature of certain items: some pieces of information are highly relevant whatever their monetary value, such as the acquisition of a new business with significantly increased risks
The materiality of certain items: a piece of information is material if its omission or misstatement could influence users' economic decisions. Materiality depends on the size of the item or error judged
in the particular circumstances of the omission or misstatement
7.5.3 Reliability
Information is reliable if it:
Is free from material error Is free from bias ie neutral Can be depended on to be a faithful presentation of what it purports to represent, or what it
couldreasonably be expected to represent Is presented in accordance with its commercial substance rather than its strict legal form
(substance over form) Is complete within the bounds of materiality and cost Is prepared with prudence, that is a degree of caution is exercised when including items for
which estimates are needed and conditions are uncertain
7.5.4 Comparability
Measurement and display of the financial effect of like transactions and other events must be carried out ina consistent way:
Throughout the business Over time, and Across different businesses
7.6 Constraints on relevance and reliability of information
There are two constraints on the relevance and reliability of information:
Timeliness: undue delay in reporting may reduce relevance, but to provide information on a timely basis it may have to be reported before all aspects of a transaction or other event are known, thus impairing reliability. In balancing the two characteristics, the overriding consideration is how best tosatisfy the economic decision-making needs of users.
Balance of benefit and cost: the benefits derived from information for all users should exceed the cost of providing it.
8. Limitations of financial information in meeting users' needs
8.1 Conventionalized representation
Financial information, particularly financial statements, are usually highly standardised in terms of their overall format and presentation although businesses are very diverse in their nature. This may limit the usefulness of the information.
Financial statements are highly aggregated in that information on a great many transactions and balances is combined into a few figures in the financial statements, which can often make it difficult for the reader to evaluate the components of the business.
8.2 Backward-looking
Financial statements cover a period that has already ended; they are inherently historical and backward looking, whereas most users of financial information base their decisions on expectations about the future. Financial statements contribute towards this by helping to identify trends and by confirming the accuracy of previous expectations, but they cannot realistically provide the complete information set required for all economic decisions by all users.
8.3 Omission of non-financial information
By their nature, financial statements contain information that is financial, not non-financial such as:
Narrative description of major operations Discussion of business risks and opportunities Narrative analysis of the business's performance and prospects Management policies and how the business is governed and controlled Instead these are normally covered in the Chairmans' Statement and the Directors' Report,
published alongside the financial statements.
8.4 Other sources of information
There are other sources of information available to at least some users of the basic financial statements.
In owner-managed businesses, the owners have access to internal management information because they are the management. This information is, potentially, available on a continuous real-time basis and will include:
– Future plans for the business
– Budgets or forecasts
– Management accounts, including, for example, divisional analysis
Banks will often gain additional access to business information under the terms of loan agreements
Potential investors, if they are planning to take a major stake or even a controlling interest, will negotiate additional access to information
Suppliers may be able to obtain reports on the business's credit standing via credit reference agencies such as Experian. These are also used by lenders
Some information, such as brochures and publicity material (eg press releases), is available to all
9 The effects of poor financial information
Financial information is poor if it does not:
Meet the needs of users Display the qualitative characteristics set out above
The effect of poor financial information is:
To undermine the integrity of financial markets To fail to serve the public interest
Financial Reporting
A. There are two types of reports used to facilitate the reconciliation process, delivered reports and prompted reports. Delivered reports are run monthly once the GL and sub-systems have closed. Prompted reports can be run at any time but are limited to only the current and prior period data.
B. Reports 1. Appropriations Summary – lists the fiscal activity for a budget-based departmental
budgetary cost center summarized at an account code level so departments understand the associated available spending authority and all related components that impact that calculation.
2. Cash Summary – lists the fiscal activity for a cash-based departmental budgetary cost center summarized at an account code level so departments understand the associated available spending authority and all related components that impact that calculation.
3. Transaction Detail – lists the monthly transaction details for budgetary it helps the department to understand the specific fiscal activity that impacted the departmental budgetary cost center’s available spending authority.
4. Open Encumbrance – lists the amount for each encumbrance for a departmental budgetary cost center subtotaled at an account code level so departments understand what funds are remaining for any open encumbrance.
5. Payroll Cost Distribution – lists individual employee payroll costs for a budgetary cost center with all applicable deductions for a given departmental budgetary cost center so departments understand the personnel expense attributed to their payroll costs paid.
6. Projected Payroll Cost Distribution – lists the projected payroll remaining in the fiscal year for each employee in a departmental budgetary cost center subtotaled at an account grouping level so departments understand the cost of each employee’s employer paid payroll earnings, benefits, and taxes.
7. KK to GL Summary Comparison – lists the monthly expenditure totals in the commitment control (KK) ledger and the general ledger in a departmental budgetary cost center subtotaled at an account grouping level so departments understand any expenditure variances between KK and GL.
H. Effectiveness and efficiency of operations, Reliability of financial reporting
internal Controls – Internal controls are a process designed to provide reasonable assurance regarding the achievement of objectives in the following categories: Effectiveness and efficiency of operations, Reliability of financial reporting, Compliance with applicable directives, laws and regulations. Fundamentally, controls help to ensure that the university’s assets are being protected. Through effective controls, a department can safeguard assets and also detect and correct errors and irregularities.
1. Basic Internal Controls a. There should be an audit trail for each financial transaction.
Documentation can be in either electronic or paper form. b. Accounting data must be checked to ensure that it is accurate and
reliable. c. All financial data must be checked against departmental source
documents. For financial data to be validated, it must be reconciled. d. During the reconciliation process, departments must ensure that only
expenses related to their budgetary cost center are recorded in that budgetary cost center. The department must follow up on all inaccurate charges. Reconciliation is a critical step in ensuring that the university properly manages its resources.
2. Segregation of Duties for Reconciliation a. Segregation of duties is critical. Segregation deters fraud and detects
errors. b. Appropriate authorizations must be in place. c. Authorization of expenditures and recording of expenditures should be
segregated duties. d. Reconciliation of financial transactions and the recording of those
transactions should be segregated duties. e. If a department is too small to have two or more employees who can
segregate duties, then the department administrator must frequently review departmental transactions.
3. Documentation
a. Millions of financial transactions are recorded annually into the University’s general ledger. Required documentation is not the same for all transactions. For example, an adjustment to an expense between account codes within a department is not as critical from the perspective of internal controls and risk as processing additional pay in the human resources system.
b. Documentation must be aligned with internal controls and level of risk, therefore, required documentation for transactions depends closely on the level of risk associated with the transaction. Documenting general ledger entries are based on the following considerations:
I. Minimal documentation is required when: i. There are system controls that minimize errors.
Examples are transactions that have workflow associated with them. These transactions are reviewed and approved by someone other than the initiator before it posts to the general ledger.
ii. The transactions can be fully documented in the system itself. Comments describing the transaction and its purpose as well as the operator ID of the person who initiated the transaction are available in the on-line system. The transaction can be audited from the system itself.
II. Increased documentation is required when the transaction: i. is for a large dollar amount.
ii. is part of a legally binding contract. iii. is created via the purchasing card. iv. in part of the procurement process. v. pertains to personnel actions.
I. Reconciliation 1. Ledger summaries and supporting detail ledgers are provided to departments
on a monthly basis and can be run more frequently through the FIT cube. These ledgers provide the department with information regarding their financial operations and conditions. They also are used by department fiscal staff to verify or check to ensure that the information they contain is accurate and reliable. This process is often referred to as “Reconciliation” and is an important overall University control process. This process must be performed at least monthly after the ledgers are received.
2. Since department size and complexity varies significantly, there is not one set of specific fiscal procedures that fits all departments. However, there are certain important fiscal requirements that all departments are required to meet. These requirements help ensure that management is properly informed of their fiscal operations and condition, but that proper controls are in place to ensure that revenues are maximized, prudently spent, that University funds are properly safeguarded, and that proper accountability is maintained.
Reconciliation to source documents is required to be performed for all transactions $100 and over.
For transactions under $100, reconciling consists of spot checking at least 25% of the budgetary cost center transactions to the source documents.
Security
Security (in information management): the protection of data from accidental or deliberate threats which might cause unauthorised modification, disclosure or destruction of data, and the protection of the information system from the degradation or non-availability of services (Lam: Security of computer based information systems). Ensuring the security of information Aspects of security include the following: � Prevention. It is in practice impossible to prevent all threats cost-effectively, but prevention is better than cure � Detection. Detection techniques are often combined with prevention techniques: a log can be maintained of unauthorised attempts to gain access to a computer system � Deterrence. As an example, computer misuse by personnel can be made grounds for disciplinary action � Recovery procedures. If the threat occurs, its consequences can be contained (for example, checkpoint programs) � Correction procedures. These ensure the vulnerability is dealt with (for example, by instituting stricter controls) � Threat avoidance. This might mean changing the design of the system
Physical access controls � Personnel, including receptionists and, outside working hours, security guards can help control human access � Door locks can be used where frequency of use is low. (This is not practicable if the door is in
frequent use.) � Locks can be combined with: – A keypad system, requiring a code to be entered – A card entry system, requiring a card to be 'swiped' � Intruder alarms � Laptop and other portable computers with access to the system should be kept secure � Staff should be allocated an individual personal identification number, or PIN, which identifies him or her to the building Security controls in the system These help to prevent: � Human error – Entering incorrect transactions – Failing to correct errors – Processing the wrong files � Technical error such as malfunctioning hardware or software � Deliberate actions such as fraud � Commercial espionage � Malicious damage Integrity controls in the system Data will maintain its integrity if it is complete and not corrupted. � The original input of the data must be controlled in such a way as to ensure that the results are complete and correct. Input controls should ensure the accuracy, completeness and validity of input – Data verification involves ensuring data entered matches source documents – Data validation involves ensuring that data entered is not incomplete or unreasonable. Various checks include: � Check digits. A digit calculated by the program and added to the code being checked to validate it � Control totals. For example, a batch total totalling the entries in the batch � Hash totals. A system generated total used to check processing has been performed as intended � Range checks. Used to check the value entered against a sensible range, eg ledger account number must be between 5,000 and 9,999 � Limit checks. Similar to a range check, but usually based on an upper limit, eg must be less than 999,999.99
Information Systems Control and Audit
1. NEED FOR CONTROL Everyone is aware of the need for information security in today's highly networked business environment. Information is arguably among an enterprise's most valuable assets, so its protection from predators from both within and outside has taken center stage as an IT priority. Hence, there is a need to institute strong control environment.
2. EFFECT OF COMPUTERS ON INTERNAL AUDIT Since the 1970s, around the world there has been a large increase in the number of organisations using computers to process transactions and prepare their
financial statements. The move towards more automated financial systems has had an impact in the way auditors carry out their work. The impact can be summarised under four main headings: (i) changes in the audit trail and audit evidence; (ii) change in the internal controls environments; (iii) new opportunities and mechanisms for fraud and error; (iv) new audit procedures.
(i) Changes in the audit trail and audit evidence: The existence of an audit trail is a key financial audit requirement, since without an audit trail, the financial auditor may have extreme difficulty in gathering sufficient, appropriate audit evidence to validate the figures in the client’s accounts. (a) Data retention and storage: A client’s storage capabilities may restrict the amount of historical data that can be retained “on-line” and readily accessible to the auditor. If the client has insufficient data retention capacities the auditor may not be able to review a whole reporting period’s transactions on the computer system. (b) Absence of input documents: Transaction data may be entered into the computer directly without the presence of supporting documentation, e.g. input of telephone orders into a telesales system. The increasing use of EDI will result in less paperwork being available for audit examination. (c) Lack of a visible audit trail: The audit trails in some computer systems may exist for only a short period of time. The absence of an audit trail will make the auditor’s job very difficult and may call for an audit approach which involves auditing around the computer system by seeking other sources of evidence to provide assurance that the computer input has been correctly processed and output. (d). Lack of visible output: The results of transaction processing may not produce a hard copy form of output, i.e. a printed record. In the absence of physical output it may be necessary for the auditor to directly access the electronic data retained on the client’s computer. This is normally achieved by having the client provide a computer terminal and being granted “read” access to the required data files. (See chapter 9 for an explanation of access permissions such as ‘read’). (e) Audit evidence. Certain transactions may be generated automatically by the computer system. For example, a fixed asset system may automatically calculate depreciation on assets at the end of each calendar month. The depreciation charge may be automatically transferred (journalised) from the fixed assets register to the depreciation account and hence to the client’s income and expenditure account. Where transactions are system generated, the process of formal transaction authorisation may not have been explicitly provided in the same way as in a manual environment, i.e. each transaction is not supported by the signature of a manager, supervisor or budget holder. This may alter the risk that transactions may be irregular or ultra vires. (f) Legal issues: The use of computers to carry out trading activities is also increasing. More organisations in both the public and private sector intend to make use of EDI and electronic trading over the Internet. This can create problems with contracts, e.g. when is the contract made, where is it made (legal jurisdiction), what are the terms of the contract and who are the parties to the contract.
(ii) Change in the type and nature of internal controls: The internal controls within a client’s financial systems,manual and computerised, can be divided into several categories. • Personnel : Whether or not staff are trustworthy, if they know what they are doing and, if they have the appropriate skills and training to carry out their jobs to a competent standard. Competent standard. • Segregation of duties: a key control in any financial system. Segregation basically means that the stages in the processing of a transaction are split between different people, such that one person cannot
process a transaction through from start to finish. The various stages in the transaction cycle are spread between two or more individuals. • Authorization procedures: to ensure that transactions are approved. In some on-line transaction systems written evidence of individual data entry authorization, e.g. a supervisor’s signature, may be replaced by computerized authorization controls such as automated controls written into the computer programs (e.g. programmed credit limit approvals). • Record keeping: the controls over the protection and storage of documents, transaction details, audit trails etc. • Access to assets and records: In the past manual systems could be protected from unauthorised access through the use of locked doors and filing cabinets. Computerised financial systems have not changed the need to protect the data. A client’s financial data and computer programs are vulnerable to unauthorised amendment at the computer or from remote locations. The use of wide area networks, including the Internet, has increased the risk of unauthorised access. The nature and types of control available have changed to address these new risks. • Management supervision and review: Management’s supervision and review helps to deter and detect both errors and fraud.
(iii) New causes and sources of error (a) System generated transactions: Financial systems may have the ability to initiate, approve and record financial transactions. This is likely to become increasingly common as more organisations begin to install expert systems and electronic data interchange (EDI) trading systems. Automated transaction processing systems can cause the auditor problems. For example when gaining assurance that a transaction was properly authorised or in accordance with delegated authorities. The auditor may need to look at the application’s programming to determine if the programmed levels of authority are appropriate. (b) Systematic Error : Computers are designed to carry out processing on a consistent basis. Given the same inputs and programming, they invariably produce the same output. This consistency can be viewed in both a positive and a negative manner. If the computer is doing the right thing, then with all other things being equal, it will continue to do the right thing every time. Similarly, if the computer is doing the wrong thing and processing a type of transaction incorrectly, it will continue to handle the same type of transactions incorrectly every time. Therefore, whenever an auditor finds an error in a computer processed transaction, s(he) should be thorough in determining the underlying reason for the error. If the error is due to a systematic problem, the computer may have processed hundreds or thousands of similar transactions incorrectly
(iv) New audit processes: Within a computerized environment the auditor may be required to adopt a different audit approach to gain sufficient audit evidence to provide an opinion on the financial statements. For example, new procedures to cope with different internal controls, new causes of errors or the different nature of audit trails.
INFORMATION SYSTEMS CONTROL TECHNIQUES
• Accounting controls, i.e. those controls which are intended to safeguard the client’s assets and ensure the reliability of the financial records; The
• Operational controls: These deal with the day to day operations, functions and activities to ensure that the operational activities are contributing to business objectives; • Administrative controls: These are concerned with ensuring efficiency and compliance with management policies, including the operational controls.
Auditor’s categorisation of controls
We put the controls into categories depending on when they act.
We categorise the controls into following four groups: (i). Preventive Controls: Preventive controls are those inputs, which are designed to prevent an error, omission or malicious act occurring. An example of a preventive control is the use of passwords to gain access to a financial system. The broad characteristics of preventive controls are: (i) A clear-cut understanding about the vulnerabilities of the asset (ii) Understanding probable threats (iii) Provision of necessary controls for probable threats from materializing
Examples of preventive controls • Employ qualified personnel • Segregation of duties • Access control • Vaccination against diseases • Documentation • Prescribing appropriate books for a course • Training and retraining of staff • Authorization of transaction • Validation, edit checks in the application • Firewalls • Anti-virus software (sometimes this acts like a corrective control also), etc • Passwords
(ii). Detective Control: These controls are designed to detect errors, omissions or malicious acts that occur and report the occurrence
The main characteristics of such controls are as follows: • Clear understanding of lawful activities so that anything which deviates from these is reported as unlawful, malicious, etc. • An established mechanism to refer the reported unlawful activities to the appropriate person or group • Interaction with the preventive control to prevent such acts from occurring • Surprise checks by supervisor Examples of detective controls include • Hash totals
• Check points in production jobs • Echo control in telecommunications • Error message over tape labels • Duplicate checking of calculations • Periodic performance reporting with variances • Past-due accounts report • The internal audit functions • Intrusion detection system • Cash counts and bank reconciliation • Monitoring expenditures against budgeted amount
(iii). Corrective Controls: Corrective controls are designed to reduce the impact or correct an error once it has been detected
The main characteristics of the corrective controls are: • Minimize the impact of the threat • Identify the cause of the problem • Remedy problems discovered by detective controls • Get feedback from preventive and detective controls • Correct error arising from a problem • Modify the processing systems to minimize future occurrences of the problem Examples of Corrective Controls • Contingency planning • Backup procedure • Rerun procedures • Treatment procedures for a disease • Change input value to an application system • Investigate budget variance and report violations.
(Iv). Compensatory Controls: Controls are basically designed to reduce the probability of threats, which can exploit the vulnerabilities of an asset and cause a loss to that asset
Audit Trails Audit trails are logs that can be designed to record activity at the system, application, and user level. When properly implemented, audit trails provide an important detective control to help accomplish security policy objectives.
(1) Detecting Unauthorized Access: Detecting unauthorized access can occur in real time or after
the fact. The primary objective of real-time detection is to protect the system from outsiders who are attempting to breach system controls. A real-time audit trail can also be used to report on changes in system performance that may indicate infestation by a virus or worm. When properly designed, they can be used to determine if unauthorized access was accomplished, or attempted and failed
(2) Reconstructing Events: Audit analysis can be used to reconstruct the steps that led to events such as system failures, security violations by individuals, or application processing errors. Knowledge of the conditions that existed at the time of a system failure can be used to assign responsibility and to avoid similar situations in the future. Audit trail analysis also plays an important role in accounting control.
(3)Personal Accountability: Audit trails can be used to monitor user activity at the lowest level of detail. This capability is a preventive control that can be used to influence behavior. Individual are likely to violate an organisation’s security policy if they know that their actions are recorded in an audit log.