Accounting Information Systems: SOX, ERP, and Data Management

Posted on Nov 16, 2025 in Accounting and Finance

Chapter 1 — Accounting Information Systems and Sarbanes-Oxley Act

The Sarbanes-Oxley Act (SOX) significantly impacted information disclosure requirements.

SOX Requirements for Financial Reporting

  • Section 404: Mandates management to document and evaluate internal controls over financial reporting. External auditors must issue an opinion on management’s assessment.
  • Section 409: Requires “rapid and current” public disclosure of material changes in financial condition. This necessitates an Accounting Information System (AIS) capable of producing timely and accurate data.

The Chief Executive Officer (CEO) and Chief Financial Officer (CFO) are responsible for reporting quality. Auditors issue opinions (unqualified, qualified, adverse, or disclaimer) based on control effectiveness. For example, a cybersecurity breach compromising customer data might trigger a Section 409 disclosure; failure to produce timely updates afterward indicates an AIS compliance failure.

System Concepts

  • System: A collection of interdependent parts working together toward objectives (e.g., a university).
  • Subsystems: Smaller systems supporting the whole (e.g., a college within the university).
  • Information System (IS): A man-made system (computer-based or manual) that collects, processes, stores, and outputs information.

Objectives of IS

  1. Stewardship: Accountability, external and internal reporting.
  2. Decision Support: Analysis for managers.
  3. Operations Support: Accurate day-to-day transaction handling.

IS Components

  • Input: Sales orders, receipts.
  • Processing: Journalizing, posting, summarizing.
  • Storage: Files, databases.
  • Output: Financial statements, dashboards, exception reports.
  • Users: Operations staff, managers, external stakeholders.

Accounting Information System (AIS)

The AIS is a specialized subsystem of the IS, focusing on collecting, processing, and reporting financial transactions to support operations, control, and decision-making.

Example: When Nike receives an online order, the input is the purchase, processing validates the order and applies taxes, storage updates accounts receivable and inventory, output includes the invoice and management reports, and users include warehouse staff, clerks, and managers.

Business Processes and Information Qualities

  • Management Processes: Budgeting, planning, variance analysis.
  • Operations Processes: Making/selling products, shipping, paying employees.
  • Information Processes: Capturing and communicating data.

The logic model illustrates operations generating events, AIS recording them, management using reports for planning/control, and issuing new policies back to operations.

Qualities of Information

  • Relevance: Predictive value, feedback value, timeliness.
  • Reliability: Accuracy, completeness, verifiability, neutrality.
  • Comparability: Comparing across firms.
  • Consistency: Same methods used period-to-period within a firm.
  • Understandability: Clear to the user.
  • Materiality: Significant enough to affect a decision.

Example: Switching from LIFO to FIFO harms comparability, but sticking to one method ensures consistency.

Management Decision Pyramid

  • Top (Strategic Level): Unstructured, infrequent, future-oriented decisions; summarized info (e.g., 5-year capital plans).
  • Middle (Tactical Level): Semi-structured, mix of internal/external info; periodic reports (e.g., quarterly reviews).
  • Bottom (Operational Level): Structured, routine, detailed, frequent info (e.g., daily sales transactions).

Information Flows and Decision Types

  • Horizontal Flows: Detailed event data across departments (Sales → Shipping → Billing → Accounting).
  • Vertical Flows: Summarized upward or instructions downward (budgets, quotas).
  • Structured Decisions: Routine, clear rules exist (e.g., approving a transaction based on credit score).
  • Unstructured Decisions: Novel, require judgment (e.g., deciding on an acquisition).

Internal Controls and SOX

Internal controls safeguard assets, ensure reliable reporting, and promote compliance. Examples include segregation of duties (cash handling vs. record keeping), reconciliations, pre-numbered invoices, approval requirements, and audit trails. SOX Section 404 directly ties into this by requiring management attestation to internal control effectiveness.

Chapter 2 — Enterprise Systems and Enterprise Resource Planning

Enterprise Systems and ERP

  • Enterprise System: One integrated system using a central database across all functions (sales, HR, accounting, purchasing, inventory). Goal: eliminate silos and establish a single source of truth with real-time information. Analogy: “one giant brain.”
  • Enterprise Resource Planning (ERP): The software that runs the enterprise system (e.g., SAP, Oracle, Microsoft Dynamics).

Benefits of ERP

ERP eliminates redundancy, improves coordination, ensures data consistency, and provides real-time updates. Example: When Amazon processes an order, the ERP simultaneously decreases inventory, records revenue, creates a shipping request, and updates accounts receivable.

Core ERP Modules

  • Sales and Distribution: Orders, shipping, billing.
  • Materials Management: Purchasing, inventory tracking, goods receipt.
  • Financial Accounting: General ledger, A/R, A/P, financial reporting.
  • Controlling: Internal accounting (budgeting, activity-based costing).
  • Human Resources: Payroll, recruiting, benefits, training.

Third-Party ERP Modules

These extend core functionality:

  • Customer Relationship Management (CRM)
  • Customer Self-Service
  • Sales Force Automation
  • Supply Chain Management (SCM)
  • Supplier Relationship Management (SRM)
  • Product Lifecycle Management (PLM)

Business Cycles and Value Chain

Order-to-Cash Cycle Example: Customer order → credit/inventory check → shipping → ERP updates COGS/inventory → billing creates invoice → payment closes A/R.

Value Chain: Activities that transform inputs into customer-valued outputs.

  • Primary Activities: Inbound Logistics, Operations, Outbound Logistics, Marketing/Sales, Service.
  • Support Activities: Human Resources, Technology Development, Procurement, Firm Infrastructure.

Value System: Coordination across the value chains of multiple companies (supplier + manufacturer + distributor), facilitated by ERP.

Data Hierarchy and Financial Metrics

  • Data Hierarchy: Character → Field (attribute) → Record → Table (collection of records).

Return on Assets (ROA)

ROA = Net Income ÷ Total Assets. High ROA indicates efficient asset use. ROA is driven by:

  • Profit Margin: Net Income ÷ Sales.
  • Asset Turnover: Sales ÷ Assets.

Example: An ROA of 25% means $0.25 earned per $1 of assets. If margin is 20% and turnover is 1.25, assets are used effectively.

ERP Impact on Customer Service

Without ERP: A service representative must contact accounting (credit), warehouse (inventory), production (schedules), and marketing (pricing) sequentially — inefficient. With ERP: The representative views credit, stock, pricing, and delivery instantly on one screen, improving satisfaction.

Chapter 3 — Electronic Business Systems

E-Business Fundamentals

Electronic Business (E-Business): Using electronic networks (Internet, Intranet, Extranet) to run business processes.

  • Front Office: Customers, suppliers, sales portals.
  • Back Office: HR, accounting, IT, manufacturing, distribution.

Impacts include faster processes, lower costs, reduced middlemen, and improved accuracy. Example: An online purchase instantly updates back-office inventory and accounting records.

Data Types and Processing Models

  • Event Data: Temporary transactions (sales, payments).
  • Master Data: Relatively permanent information (customers, products). Standing data is part of master data that rarely changes (e.g., customer name).

Processing Models

  • Batch Processing: Collect data and process later (efficient for large volumes like payroll, but data can be stale).
  • Online Transaction Entry (OTE): Record data at the time/place of the event (e.g., scanning groceries).
  • Online Real-Time (OLRT): Instant updates to master files (e.g., Venmo transfer immediately updates balances). Periodic updates are only accurate right after processing.

Communication Networks and E-Business Methods

  • Local Area Network (LAN): Connects computers within an office.
  • Wide Area Network (WAN): Connects across cities.
  • Intranet: Internal network; Extranet: Shared with suppliers/partners.

Methods of E-Business

  • Email: Cheap and easy, but data is unstructured.
  • Electronic Document Management (EDM): Digital storage of contracts (e.g., DocuSign).
  • Electronic Data Interchange (EDI): Structured, computer-to-computer exchange of documents (POs, invoices).
  • Internet Commerce: Online sales (e.g., Shopify).

Electronic Data Interchange (EDI)

Benefits include speed, fewer errors, lower costs, and stronger relationships.

Common EDI Documents: 850 (Purchase Order), 810 (Invoice), 856 (Advance Shipping Notice), 997 (Acknowledgment), 940 (Warehouse Shipping Order).

EDI Process: Application software creates document → Translation software converts to EDI format → Communication network sends via Value-Added Network (VAN) → VAN forwards securely → Supplier receives and converts back → Supplier application processes order.

Example: Low Walmart inventory triggers an EDI purchase order to Procter & Gamble, leading to automatic shipping and invoicing.

Cloud Computing

Renting computing services instead of owning servers. Benefits include cost savings, scalability, accessibility, automatic updates, backups, and collaboration. Examples include Google Workspace and Dropbox. Assurance providers (like WebTrust or SSL certificates) confirm website reliability.

Chapter 4 — Documentation of Systems

Importance of System Documentation

Auditors and accountants use diagrams to understand transaction flows and identify control weaknesses. Example: A flowchart of cash receipts helps an auditor verify deposits.

Data Flow Diagrams (DFDs)

DFDs illustrate what happens, not who does it.

  • Context Diagram: One bubble representing the whole system, showing external entities and flows.
  • Physical DFD: Shows who/where performs tasks (clerks, departments).
  • Logical DFD: Shows what tasks occur (record, update, approve).
  • Balanced DFD: Inflows and outflows match across levels.

Example: Context: “Customer pays company”; Logical: “Record payment, update A/R, deposit to bank”; Physical: “Cashier records, accountant updates ledger.”

DFD Guidelines

  • Include only described activities/entities.
  • Group logically; keep 5–7 bubbles per diagram.
  • Nouns for physical bubbles; verbs for logical bubbles.
  • Data stores shown only if a delay occurs.
  • Ensure balance (inputs/outputs match).

System Flowcharts

System flowcharts detail how and where processes occur, including people, technology, and documents. They show both operations (manual tasks, equipment) and information processes (data entry, storage, reports).

Example: Amazon order: Customer → system checks inventory → warehouse picks/ships → accounting records sale.

Flowchart Guidelines

  • Use columns per department; flow left-to-right, top-to-bottom.
  • Only enter a database through a process box.
  • Show paper trails between departments.

Flowchart Symbols

  • Rectangle: Process
  • Diamond: Decision
  • Cylinder: Database
  • Parallelogram: Input/Output
  • Trapezoid: Manual Input

File-based vs. Enterprise Database

The old file-based approach used separate systems (A/R, A/P, Inventory), leading to redundancy. The new ERP approach uses one database that updates all related files simultaneously upon a sale.

Chapter 5 — Database Management Systems

Database Approaches

  • Flat-File Approach: Each application has its own files, causing redundancy, inconsistency, high costs, and weak integrity (e.g., customer address stored differently in sales vs. shipping files).
  • Centralized Database Approach: One shared database. Benefits include eliminating redundancy and ensuring integrity. Risks involve high cost, single point of failure, concurrency conflicts, and ownership disputes.

Database Management System (DBMS)

The software managing data access. It has three tiers: presentation (UI), application (logic), and data (database). Data independence means applications are not hard-wired to specific data structures. A schema is the full enterprise structure; a subschema is a user or department view.

Logical Database Models

  • Hierarchical (rigid tree structure).
  • Network (child can have multiple parents).
  • Relational (tables, rows, columns) – most common.
  • Object-oriented (for multimedia/complex objects).

Relational Database Essentials

  • Primary Key: Unique row identifier.
  • Composite Key: Two or more attributes forming a unique identifier.
  • Foreign Key: Attribute linking tables.

Relational algebra functions include restrict (filter rows), project (pick columns), and join (combine tables). Example: The Customer table links to the Orders table via the Cust_Code foreign key.

Normalization

Normalization eliminates anomalies and redundancy.

  1. First Normal Form (1NF): Eliminate repeating groups.
  2. Second Normal Form (2NF): Remove partial dependencies.
  3. Third Normal Form (3NF): Remove transitive dependencies.

Example: Sales Orders are split into separate tables for Sales Orders, Sales Lines, Customers, and Inventory Items.

Coding Methods

  • Sequential: 001, 002.
  • Block: Ranges (e.g., 1000–1999 for assets).
  • Significant Digit: Digits carry meaning (e.g., product type).
  • Hierarchical: Tree drilldown (e.g., ZIP codes).
  • Mnemonic: Codes with letters (e.g., ACG3401).
  • Check Digit: Used for validation (e.g., credit card last digit).

Entity-Relationship and REA Modeling

  • Entities: Rectangles; Relationships: Lines; Attributes: Characteristics.
  • Cardinality: One-to-one, one-to-many, many-to-many.
  • REA Framework: Resources (cash, inventory), Events (sales, payments), Agents (customers, employees, vendors).

Decision Support and Advanced Systems

  • Data Warehouse: Stores historical, integrated data for analysis.
  • Data Mining/AI: Identifies patterns, detects fraud, forecasts.
  • Decision Support Systems (DSS): Provide what-if analysis.
  • Executive Information Systems (EIS): Summarized dashboards for executives.
  • Group Support Systems (GSS): Aid group decision-making.
  • Expert Systems/Knowledge Management: Capture and apply organizational knowledge.

Dashboards display Key Performance Indicators (KPIs) such as days sales outstanding, turnover ratios, and margins.