Accounting Information Systems (AIS) are crucial tools that gather, process, and analyze financial data to aid management in decision-making, planning, and operational control. Management accountants utilize these systems to provide accurate, timely, and relevant information, enabling strategic decisions, cost control, and performance evaluation to enhance organizational effectiveness.
AIS and Decision Making
· Enhanced Decision-Making: AIS provides accurate financial data that allows managers to make informed decisions regarding budgeting, pricing, investing, and expansion.
· Improved Efficiency: By integrating core business activities, AIS eliminates redundant data and improves the speed of decision-making.
· Operational Control: AIS provides reports that help managers monitor performance and identify inefficiencies or bottlenecks in real-time.
· Risk Management: AIS assists in predicting the timing and uncertainty of future cash flows, allowing managers to better understand the risks associated with projects.
Role of the Management Accountant
· Data Analysis & Interpretation: Management accountants convert raw financial data from the AIS into actionable insights for, planning, and control.
· Strategic Planning: They provide insights into the profitability of products, services, and business units, aiding in long-term strategic decisions.
· Internal Controls: They ensure the integrity of the data, safeguarding it from unauthorized access and maintaining the reliability of financial reports.
· Performance Measurement: They design metrics and reports to assess organizational performance against set goals.
AIS and Management Accountant Interaction
An effective AIS, maintained by skilled accountants, bridges the gap between data collection and strategic action. The quality of accounting information (reliability, relevance, and timeliness) is heavily dependent on the competence of the accountants managing the system. Through systems like Enterprise Resource Planning (ERP), management accountants can produce tailored reports that directly address specific managerial needs
ACCOUNTING INFORMATION SYSTEM (AIS)
๐น Meaning
An Accounting Information System (AIS) is a system that collects, records, stores, and processes financial and accounting data to produce information for decision-making.
๐น Objectives
- Record transactions accurately
- Safeguard assets
- Provide reliable financial information
- Support decision-making
- Ensure compliance with laws & policies
๐น Components of AIS
- People – accountants, auditors, managers
- Procedures & Instructions – steps for data processing
- Data – financial transactions
- Software – ERP (SAP, Oracle)
- IT Infrastructure – hardware, networks
- Internal Controls – safeguards & checks
๐น Functions of AIS
- Data collection
- Transaction processing
- Data storage
- Information generation (reports)
- Internal control enforcement
๐น Types of AIS
- Manual AIS
- Computerized AIS
- Cloud-based AIS
๐น Internal Controls in AIS
- Segregation of duties
- Authorization controls
- Access controls
- Documentation
- Independent checks
๐ 2. REVENUE CYCLE (Sales Cycle)
๐น Meaning
The Revenue Cycle involves activities related to selling goods/services and collecting cash.
๐น Main Steps
- Sales Order Processing
- Credit Approval
- Goods Dispatch
- Billing (Invoice generation)
- Cash Collection
๐น Key Documents
- Sales Order
- Delivery Challan
- Sales Invoice
- Remittance Advice
- Cash Receipt
๐น Risks in Revenue Cycle
- Recording fictitious sales
- Theft of cash
- Incorrect billing
- Unauthorized credit
๐น Internal Controls
- Credit approval system
- Pre-numbered invoices
- Separation of sales & cash handling
- Bank reconciliation
- Matching (Order–Delivery–Invoice)
๐น Accounting Entries
Accounts Receivable Dr
To Sales Revenue
Cash/Bank Dr
To Accounts Receivable
๐ 3. EXPENDITURE CYCLE (Purchase Cycle)
๐น Meaning
The Expenditure Cycle includes activities for purchasing goods/services and making payments.
๐น Main Steps
- Purchase Requisition
- Vendor Selection
- Purchase Order (PO)
- Goods Receipt
- Invoice Verification
- Payment
๐น Key Documents
- Purchase Requisition
- Purchase Order
- Goods Received Note (GRN)
- Supplier Invoice
- Payment Voucher
๐น Risks
- Unauthorized purchases
- Paying fake suppliers
- Duplicate payments
- Overpayment
๐น Internal Controls
- Approved vendor list
- 3-way matching (PO–GRN–Invoice)
- Segregation of duties
- Authorization for payments
- Audit trails
๐น Accounting Entries
Inventory/Expense Dr
To Accounts Payable
Accounts Payable Dr
To Cash/Bank
๐ 4. PAYROLL CYCLE
๐น Meaning
The Payroll Cycle manages employee compensation (salary, wages, bonuses).
๐น Main Steps
- Employee Hiring
- Time & Attendance Recording
- Payroll Calculation
- Salary Payment
- Payroll Reporting
๐น Key Documents
- Employee Records
- Attendance Sheet
- Payroll Register
- Pay Slip
- Bank Transfer Statement
๐น Risks
- Ghost employees
- Incorrect salary calculation
- Unauthorized payments
- Payroll fraud
๐น Internal Controls
- HR approval for hiring
- Biometric attendance
- Segregation (HR vs Payroll vs Payment)
- Independent payroll review
- Direct bank transfer
๐น Accounting Entries
Salary Expense Dr
To Salary Payable
Salary Payable Dr
To Bank
๐ COMPARISON OF CYCLES
Aspect | Revenue Cycle | Expenditure Cycle | Payroll Cycle |
Purpose | Sales & Cash Collection | Purchases & Payments | Employee Compensation |
Key Account | Accounts Receivable | Accounts Payable | Salary Payable |
Risk Focus | Revenue fraud | Procurement fraud | Payroll fraud |
Key Control | Credit approval | 3-way matching | Employee validation |
๐ EXAM TIPS (CIA / CMA)
- Always remember flow + documents + risks + controls
- Focus on segregation of duties
- Understand 3-way matching
- Learn journal entries
- Practice case-based questions
Accounting Information System (AIS) and internal control weaknesses are flaws in processes, systems, or policies that increase the risk of financial misstatement, fraud, or non-compliance. Key weaknesses include poor segregation of duties, unauthorized system access, inadequate documentation, and lack of management oversight. These vulnerabilities are often caused by human error, lack of training, or outdated IT security, requiring regular audits and risk assessments to rectify.
Common Internal Control Weaknesses in AIS
· Segregation of Duties (SoD) Issues: A single individual handles multiple steps of a transaction (e.g., creating a vendor and authorizing payment), creating opportunities for fraud.
· Inadequate Access Controls: Insufficient restrictions on system access allow users to view or modify sensitive data not required for their roles.
· Lack of Independent Reviews: A failure to review reports, reconciliations, and transactions, particularly by management, leading to unauthorized changes.
· Poor IT Controls: Lack of data security, weak passwords, or no audit logs tracking changes to financial data.
· Poorly Maintained Documentation: Lack of formal procedures or incomplete records, hindering the ability to track transactions.
Consequences of Weaknesses
· Material Misstatement: High probability of errors in financial reporting that are not detected on time.
· Fraud Risk: Increased likelihood of asset misappropriation (e.g., employee theft).
· Compliance Failure: Violation of legal or regulatory requirements (e.g., SOX compliance exceptions).
· Operational Inefficiency: Ineffective processes leading to inaccurate decision-making.
Identifying and Fixing Weaknesses
· Regular Audits: Conducting internal and external audits to test control efficiency.
· Risk Assessment: Proactively identifying high-risk areas.
· Employee Training: Training staff on proper procedures and identifying control breakdowns.
· Automation: Utilizing automated controls to reduce human error and improve monitoring.
Key Indicators of Material Weakness
· Fraud committed by senior management, regardless of amount.
· Restatement of previously issued financial statements.
· Ineffective oversight by the audit committee or board of directors.
Accounting Information Systems (AIS) are computer-based methods (or manual systems) for collecting, storing, and processing financial data to aid decision-making and ensure internal control. Key areas include transaction processing cycles (revenue, expenditure, production, payroll), internal controls, and data analytics for predictive forecasting, optimizing efficiency and preventing fraud.
Case 1: Internal Control and Fraud Detection
Scenario: A company finds that employees are creating fake vendors to steal money, and the company’s current manual inventory system makes it hard to detect stolen items.
· Question 1: What AIS control can prevent this?
o Answer: Implement a computerized system with segregation of duties, where the person approving a vendor cannot be the same person authorizing payment.
· Question 2: Which cycle needs to be updated?
o Answer: The Expenditure Cycle, which manages vendor setup and payments.
· Question 3: What detective control can be added?
o Answer: Implement automated anomaly detection that alerts management to unusual transactions, such as payments just below approval thresholds.
Case 2: AIS for Strategic Decision Making
Scenario: A retail company is struggling to manage inventory levels, leading to stockouts of popular items and overstocking of unpopular items. They still use a manual spreadsheet system.
· Question 1: How can an integrated AIS improve this?
o Answer: An integrated AIS (like SAP or Oracle) can provide real-time data integration across sales and inventory, automatically updating stock levels when sales occur.
· Question 2: How does AIS support decision-making here?
o Answer: The system can generate predictive reports using historical sales trends (predictive analysis) to predict future demand and adjust purchasing, avoiding both stockouts and overstocks.
Case 3: System Selection and Security
Scenario: A small startup is growing rapidly and its Excel-based accounting system is crashing. They need a scalable system but have a limited budget.
· Question 1: What type of system should they adopt?
o Answer: A cloud-based accounting system (e.g., QuickBooks Online, Xero) would be ideal because it is scalable and cost-effective.
· Question 2: What is the most important control in this scenario?
o Answer: Data security and backup procedures are crucial to prevent the loss of financial records if the system fails, a common risk in fast-growing firms.
Key AIS Concepts for Cases
· Revenue Cycle: Sales to cash collections.
· Expenditure Cycle: Purchasing to cash disbursements.
· Production Cycle: Raw materials to finished goods.
· Goal Conflict: When a subsystem's goal harms the overall organization.
· Components of AIS: People, procedures, data, software, IT infrastructure, and internal controls
Case-based questions on AIS transaction cycles (Revenue, Payroll, Procurement) focus on identifying internal control weaknesses, process inefficiencies, and risks, such as revenue fraud, payroll errors, or supplier issues. Key solutions involve segregating duties, automating approvals, and implementing data validation to improve efficiency and reduce audit risks.
1. Revenue Cycle Case Analysis
Scenario: A company finds that sales staff are giving unauthorized discounts to friends, and shipping clerks are stealing inventory.
· Question: What internal controls should be implemented?
· Answer/Controls:
o Segregation of Duties: Separate the shipping clerk from inventory recording and customer account access.
o Authorization: Implement automated, system-level approval for any price overrides or discounts over a set limit.
o Data Integrity: Use a "blind" picking ticket, forcing the shipping department to count goods rather than just checking a form, preventing theft.
2. Payroll Cycle Case Analysis
Scenario: A company is paying salaries to employees who have already left the company.
· Question: What weaknesses exist in the payroll system, and how can they be corrected?
· Answer/Controls:
o Weakness: The personnel department (HR) manages both hiring/termination and employee data changes, while also reporting to the supervisor.
o Improvement: Segregate HR duties; the person who authorizes termination must not be the same person updating the payroll master file.
o Audit Trail: Use an AIS to generate a "changes to payroll master file" report, which is reviewed by an independent manager.
3. Procurement (Expenditure) Cycle Case Analysis
Scenario: A purchasing agent is receiving kickbacks from a supplier, resulting in overpaid invoices for inferior goods.
· Question: How can the AIS prevent this type of vendor fraud?
· Answer/Controls:
o Approved Vendor List: Restrict the ability to add vendors to the master file only to authorized personnel, preventing purchases from fictitious or unethical suppliers.
o Competitive Bidding: Require competitive bids for all purchases exceeding a certain amount, with the bidding process logged in the system.
o Three-Way Match: Ensure the AIS requires a match between the purchase order (P.O.), receiving report, and supplier invoice before authorizing payment.
4. Key Takeaways for AIS Cycle Analysis
· Segregation of Duties: Authorization (management), Recording (accounting), and Custody (warehouse) must be separate.
· Detective vs. Preventive Controls: Automated flagging of unusual transactions is detective, while limiting system access is preventive.
· Audit Trail: All system overrides and changes to vendor/employee master data must be logged
Comprehensive exam-oriented question bank on AIS Transaction Cycles (Revenue, Expenditure/Procurement, Payroll) with focus on internal control weaknesses, risks, and improvements:
SECTION A: ASSERTION–REASON QUESTIONS
Q1
Assertion (A): A company allows the same employee to approve credit and record sales.
Reason (R): Segregation of duties reduces fraud risk.
a) Both A & R are true, R explains A
b) Both A & R are true, R does not explain A
c) A is true, R is false
d) A is false, R is true
Answer: d
๐ A is a weakness; R is correct principl
Q2 A: Payroll prepared by HR department only.
R: Payroll should be independent of HR to avoid ghost employees.
a) Both true & R explains A
b) Both true but no explanation
c) A true, R false
d) A false, R true
ANSWER D
Q3 A: Company does not perform 3-way matching before payment.
R: 3-way matching ensures invoice, PO, and GRN agree.
a) Both true & R explains A
b) Both true but no explanation
c) A true, R false
d) A false, R true
ANSWER D
SECTION B: CASE-BASED MCQs
Case 1: Revenue Cycle Fraud
ABC Ltd records high sales at month-end, but many customers later deny purchases.
Q1. What is the likely issue?
a) Revenue understatement
b) Fictitious sales
c) Cash theft
d) Payroll fraud
ANSWER B
Q2. Control weakness?
a) Lack of credit approval
b) No segregation of duties
c) No sales return policy
d) Poor HR control
ANSWER B
Q3. Best control?
a) Increase sales targets
b) Independent verification of sales
c) Reduce staff
d) Delay invoicing
ANSWER B
Case 2: Procurement Fraud
XYZ Ltd paid suppliers without verifying goods received.
Q4. Main risk?
a) Payroll fraud
b) Duplicate payments
c) Paying for non-received goods
d) Revenue leakage
ANSWER C
Q5. Missing control?
a) Bank reconciliation
b) 3-way matching
c) Credit check
d) Payroll audit
ANSWER B
Case 3: Payroll Errors
Company discovered payments to employees who left months ago.
Q6. Issue identified?
a) Revenue fraud
b) Ghost employees
c) Inventory loss
d) Supplier fraud
ANSWER B
Q7. Control weakness?
a) Poor vendor selection
b) Lack of HR-payroll coordination
c) Weak sales system
d) No credit approval
ANSWER B
Q8. Best solution?
a) Manual payroll
b) Automated HR-payroll integration
c) Increase salaries
d) Remove controls
ANSWER B
๐ SECTION C: FILL IN THE BLANKS
- ________ matching ensures PO, GRN, and invoice agree.
✅ Answer: 3-way - Lack of segregation of duties increases risk of ________.
✅ Answer: fraud - Fake employees in payroll are called ________.
✅ Answer ghost employees - Revenue cycle starts with ________ and ends with ________.
✅ Answer: sales order, cash collection - Payments to suppliers should be supported by ________ documents.
✅ Answer valid / authorized
๐ SECTION D: TRUE / FALSE
- Segregation of duties reduces fraud risk.
✅ True - Payroll should be handled only by HR.
✅ False - 3-way matching is used in revenue cycle.
✅ False - Automation reduces human error.
✅ TRUE
๐ SECTION E: IDENTIFY THE CONTROL WEAKNESS
Q1
Employee handles ordering, receiving, and payment.
๐ Answer: No segregation of duties
Q2
Invoices processed without purchase order.
๐ Answer: Unauthorized purchases
Q3
Payroll based on manual attendance sheets without verification.
๐ Answer: Risk of manipulation / payroll fraud
Q4
Sales recorded without delivery proof.
๐ Answer: Fictitious revenue
๐ SECTION F: MATCH THE FOLLOWING
A | B |
1. Revenue cycle | a. Employee salary |
2. Payroll cycle | b. Cash collection |
3. Expenditure cycle | c. Supplier payment |
✅ Answers:
1–b
2–a
3–c
๐ SECTION G: SHORT CASE ANALYSIS
Case:
A company allows:
- Same person to approve vendors
- No invoice verification
- Manual payment system
Q1. Identify risks:
✅ Fake vendors, duplicate payments
Q2. Control weaknesses:
✅ No segregation, no validation
Q3. Recommendations:
✅ Approved vendor list
✅ 3-way matching
✅ Automated payment system
๐ KEY EXAM INSIGHTS
- Revenue Cycle Risks: Fictitious sales, revenue inflation
- Procurement Risks: Fake vendors, duplicate payments
- Payroll Risks: Ghost employees, wrong calculations
๐ HIGH-SCORING POINTS
Always mention:
- Segregation of duties
- Authorization controls
- Automation (ERP systems)
- Audit trails
- Data validation
๐ CASE STUDY 1: REVENUE CYCLE FRAUD (AIS FAILURE)
๐น Case Scenario
ABC Ltd., a manufacturing company, implemented a computerized Accounting Information System (AIS) to handle its sales process. The system allows sales executives to:
- Enter customer orders
- Approve credit limits
- Generate invoices
Recently, internal auditors noticed:
- Significant increase in year-end sales
- Many customers denying purchases
- High level of sales returns in the next period
- Same employee handling order entry, credit approval, and invoicing
- No linkage between delivery records and invoicing
๐น Questions & Answers
Q1. Identify the key risks in this case.
✅ Answer:
- Fictitious or premature revenue recognition
- Revenue inflation to meet targets
- Manipulation of financial statements
- Increased sales returns indicating fake transactions
Q2. What are the internal control weaknesses?
✅ Answer:
- Lack of segregation of duties (order entry + approval + invoicing)
- No independent credit approval process
- Absence of delivery verification before invoicing
- Weak system validation controls
- No audit trail for sales transactions
Q3. Which AIS control failures contributed to the issue?
✅ Answer:
- No automated link between dispatch and billing
- Lack of input validation checks
- Poor authorization controls
- Inadequate exception reporting system
Q4. Recommend internal control improvements.
✅ Answer:
- Separate roles: sales entry, credit approval, invoicing
- Implement system-based credit limits
- Enforce dispatch confirmation before invoice generation
- Introduce audit logs and monitoring
- Use data analytics to detect unusual sales spikes
Q5. Auditor’s conclusion
✅ Answer:
The issue indicates intentional revenue manipulation due to weak AIS controls, requiring immediate strengthening of internal controls and possible fraud investigation.
๐ CASE STUDY 2: PROCUREMENT (EXPENDITURE) FRAUD
๐น Case Scenario
XYZ Ltd. uses an AIS for procurement. The process includes:
- Purchase requisition raised by department
- Purchase orders generated by procurement team
- Goods received recorded manually
- Payments processed by accounts department
Audit findings:
- Payments made to new suppliers without verification
- Duplicate payments detected
- No 3-way matching (PO–GRN–Invoice)
- Same employee responsible for vendor creation and payment processing
- Frequent urgent purchase orders bypassing approval
๐น Questions & Answers
Q1. Identify major risks.
✅ Answer:
- Payments to fake or unauthorized vendors
- Duplicate payments
- Fraudulent procurement transactions
- Financial losses due to overpayments
Q2. Internal control weaknesses?
✅ Answer:
- No vendor approval system
- Lack of segregation of duties
- Absence of 3-way matching
- Manual and unverified goods receipt process
- Bypassing approval controls
Q3. AIS-related issues?
✅ Answer:
- No automated validation for duplicate invoices
- No vendor master control
- Lack of workflow-based approvals
- Weak audit trail system
Q4. Recommended controls
✅ Answer:
- Maintain approved vendor master file
- Implement 3-way matching system
- Separate vendor creation and payment roles
- Introduce automated duplicate invoice detection
- Enforce purchase approval hierarchy in AIS
Q5. Auditor’s conclusion
✅ Answer:
The system is highly vulnerable to procurement fraud due to poor AIS controls, requiring automation, validation, and segregation improvements.
๐ CASE STUDY 3: PAYROLL FRAUD & ERRORS
๐น Case Scenario
PQR Ltd. uses an AIS for payroll but relies on:
- Manual attendance input
- HR department maintaining employee records
- Payroll processed by same HR staff
- Salaries transferred through bank
Audit observations:
- Payments made to employees who resigned months ago
- Overtime payments unusually high
- No reconciliation between HR records and payroll
- No independent review of payroll
- Employee master data can be edited without approval
๐น Questions & Answers
Q1. Identify risks.
✅ Answer:
- Ghost employees
- Unauthorized salary payments
- Inflated overtime claims
- Payroll fraud and errors
Q2. Internal control weaknesses?
✅ Answer:
- No segregation between HR and payroll
- Lack of employee master data controls
- No independent payroll verification
- Manual attendance system prone to manipulation
- No periodic reconciliation
Q3. AIS weaknesses?
✅ Answer:
- No access controls for employee data
- No validation checks for terminated employees
- Lack of integration between HR and payroll system
- No exception reporting
Q4. Recommended improvements
✅ Answer:
- Integrate HR and payroll systems
- Implement biometric attendance system
- Restrict access to employee master data
- Conduct independent payroll audits
- Automate validation for inactive employees
Q5. Auditor’s conclusion
✅ Answer:
The payroll system shows serious control deficiencies leading to fraud risk, requiring automation, segregation, and monitoring enhancements.
๐ FINAL SUMMARY (EXAM REVISION)
Cycle | Key Risk | Weakness | Control Solution |
Revenue | Fake sales | No segregation | Credit approval + dispatch link |
Procurement | Fake vendors | No 3-way match | Vendor control + validation |
Payroll | Ghost employees | No HR-payroll segregation | System integration + audit |
๐ HOW TO WRITE IN EXAM (IMPORTANT)
Always structure answer as:
- Identify Risks
- Control Weaknesses
- AIS Deficiencies
- Recommendations
- Conclusion
www.gmsisuccess.in
๐ท CASE STUDY 1: REVENUE CYCLE FRAUD
๐ Case:
ABC Ltd. sells goods on credit. The sales manager approves customers, creates invoices, and records sales in the system. Recently, bad debts increased, and some invoices were found to be issued to fake customers.
❓ Questions:
- Identify internal control weaknesses
- What risks arise?
- Suggest improvements
✅ Answer:
1. Weaknesses:
- No segregation of duties (authorization + recording)
- No independent credit approval
- Lack of customer verification controls
2. Risks:
- Fake sales → revenue overstatement
- Bad debts → financial loss
- Fraud by sales manager
3. Recommendations:
- Separate credit approval from sales recording
- Implement automated credit checks
- Use customer master validation controls
- Periodic audit of receivables
๐ท CASE STUDY 2: PURCHASE / EXPENDITURE CYCLE
๐ Case:
XYZ Ltd. allows the purchase manager to create vendors, approve purchase orders, and process payments. Duplicate payments to vendors were discovered.
❓ Questions:
- What control weaknesses exist?
- What type of fraud is possible?
- Recommend controls
✅ Answer:
1. Weaknesses:
- Same person handles vendor creation + payment
- No 3-way matching (PO, GRN, Invoice)
- No duplicate invoice detection
2. Risks/Fraud:
- Creation of fake vendors
- Duplicate payments
- Kickbacks/collusion
3. Controls:
- Vendor master approval by independent authority
- Mandatory 3-way matching system
- Automated duplicate invoice detection
- Periodic vendor audit
๐ท CASE STUDY 3: PAYROLL CYCLE
๐ Case:
DEF Ltd. payroll is processed by HR. Ghost employees were detected, and salaries were being paid to inactive employees.
❓ Questions:
- Identify weaknesses
- Risks involved
- Controls to prevent fraud
✅ Answer:
1. Weaknesses:
- HR manages employee records + payroll
- No employee verification
- No periodic reconciliation
2. Risks:
- Ghost employees
- Overpayment of salaries
- Fraudulent bank transfers
3. Controls:
- Segregation of HR and payroll processing
- Biometric attendance system
- Payroll reconciliation with HR records
- Independent audit
๐ท CASE STUDY 4: DATA WAREHOUSE & DATA MART
๐ Case:
A retail company implemented a data warehouse, but departments created separate data marts. Reports from finance and marketing differ significantly.
❓ Questions:
- What is the issue?
- Difference between data warehouse & data mart
- Solution
✅ Answer:
1. Issue:
- Data inconsistency due to isolated data marts
- Lack of centralized governance
2. Difference:
Basis | Data Warehouse | Data Mart |
Scope | Organization-wide | Department-specific |
Data | Integrated | Subset |
Control | Centralized | Decentralized |
3. Solution:
- Implement centralized data governance
- Ensure data marts derive from warehouse
- Standardize data definitions
๐ท CASE STUDY 5: BIG DATA & DATA MINING
๐ Case:
An e-commerce company collects huge customer data but fails to identify buying patterns, leading to poor marketing decisions.
❓ Questions:
- What is missing?
- Role of data mining
- Benefits
✅ Answer:
1. Missing:
- Data mining tools and analytics models
2. Data Mining Role:
- Identifies patterns and trends
- Predicts customer behavior
- Detects fraud
3. Benefits:
- Better decision-making
- Targeted marketing
- Increased sales
๐ท CASE STUDY 6: DATA INTEGRITY FAILURE
๐ Case:
A bank’s system showed inconsistent account balances due to unauthorized data changes.
❓ Questions:
- What is data integrity?
- Causes of failure
- Controls
✅ Answer:
1. Data Integrity:
- Accuracy, completeness, and reliability of data
2. Causes:
- Unauthorized access
- Lack of validation controls
- Weak audit trails
3. Controls:
- Access controls (RBAC)
- Input validation checks
- Audit logs
- Encryption
๐ท CASE STUDY 7: SYSTEM DEVELOPMENT LIFE CYCLE (SDLC)
๐ Case:
A company implemented a new ERP system without proper testing. The system failed, causing operational disruption.
❓ Questions:
- Which SDLC phase was ignored?
- Consequences
- Best practices
✅ Answer:
The System Development Life Cycle (SDLC) is a structured, seven-phase framework—planning, analysis, design, coding, testing, deployment, and maintenance—used to develop high-quality software efficiently. It provides a roadmap for teams to mitigate risks, manage costs, and ensure the final product meets stakeholder requirements.
1. Ignored Phase:
2. Consequences:
- System failure
- Data loss
- Business disruption
3. Best Practices:
- Proper testing (UAT, system testing)
- User training
- Phased implementation
User Acceptance Testing (UAT) is the final phase of software testing, performed by end-users or clients in a real-world scenario to ensure the system meets business requirements before going live. It verifies that the software works as intended, focusing on usability, functional correctness, and operational readiness, acting as the final checkpoint against critical bugs.
๐ท CASE STUDY 8: DATA GOVERNANCE & POLICIES
๐ Case:
An organization has no formal data policies. Sensitive data was leaked due to employee negligence.
❓ Questions:
- What is data governance?
- Weaknesses
- Recommendations
✅ Answer:
1. Data Governance:
- Framework for managing data availability, usability, security
2. Weaknesses:
- No policies
- No accountability
- Lack of training
3. Recommendations:
- Define data ownership
- Implement data access policies
- Conduct employee training
- Regular audits
๐ท CASE STUDY 9: AIS CONTROL FAILURE
๐ Case:
In an AIS system, manual overrides are allowed without approval, leading to financial misstatements.
❓ Questions:
- Identify control issue
- Risks
- Controls
✅ Answer:
1. Issue:
- Lack of authorization controls
2. Risks:
- Financial misstatement
- Fraud
3. Controls:
- Restrict override access
- Approval workflow
- Audit trail logging
๐ท CASE STUDY 10: INTEGRATED CASE (FULL AIS)
๐ Case:
A manufacturing company faces:
- Revenue fraud
- Duplicate vendor payments
- Ghost employees
- Data inconsistencies
❓ Questions:
- Identify root causes
- Suggest integrated solution
✅ Answer:
1. Root Causes:
- Lack of segregation of duties
- Weak internal controls
- Poor data governance
- No system integration
2. Integrated Solution:
- ERP system implementation
- Strong internal controls framework
- Data governance policy
- Automation of processes
- Continuous auditing
๐ฅ EXAM TIP (VERY IMPORTANT)
In case-based AIS questions, always structure answer as:
๐ Weakness → Risk → Control (WRC format)
SECTION A: MCQs (1–25)
1. Which cycle involves customer billing?
A. Payroll
B. Revenue
C. Expenditure
D. Production
Answer b
2. 3-way matching includes:
A. PO, Invoice, Payment
B. PO, GRN, Invoice
C. GRN, Invoice, Payment
D. PO, Payment, Receipt
Answer b
3. Ghost employees relate to:
A. Revenue
B. Payroll
C. Purchase
D. Production
Answer b
4. Data warehouse is:
A. Raw data storage
B. Integrated data repository
C. Temporary file
D. Backup system
Answer b
5. Which ensures accuracy of data?
A. Data mining
B. Data integrity
C. Data mart
D. Big data
Answer b
6. SDLC starts with:
A. Testing
B. Implementation
C. Planning
D. Maintenance
Answer c
7. Which is fraud in revenue cycle?
A. Duplicate payment
B. Fake sales
C. Ghost employee
D. Overpayment
Answer b
8. Data mart is:
A. Enterprise-wide
B. Department-specific
C. External system
D. Backup system
Answer b
9. Payroll control includes:
A. Credit approval
B. Vendor creation
C. Attendance system
D. Invoice matching
Answer c
10. Big data is characterized by:
A. Small size
B. Structured only
C. Volume, Variety, Velocity
D. Manual processing
Answer c
Big data is characterized by the "V's"—primarily Volume, Variety, Velocity, and Veracity—which define datasets too large or complex for traditional systems. These dimensions represent the massive scale, diverse formats, high-speed generation, and trustworthiness of data, requiring specialized technologies for effective storage and analysis.
· Volume: Refers to the sheer amount of data generated from sources like social media, IoT devices, and transactions.
· Variety: Represents the different types of data, including structured (databases), semi-structured (XML), and unstructured (videos, text, audio) formats.
· Velocity: The high speed at which data is created, processed, and analyzed, often in real-time or near-real-time.
· Veracity: Indicates the data's quality, trustworthiness, and credibility, often dealing with noise, biases, and incompleteness.
11. AIS stands for:
A. Accounting Info System
B. Automated Info Software
C. Audit Info System
D. None
Answer a
12. Which is preventive control?
A. Audit
B. Segregation of duties
C. Reconciliation
D. Investigation
Answer b
13. Duplicate payment occurs in:
A. Revenue
B. Payroll
C. Expenditure
D. Production
Answer c
14. SDLC testing ensures:
A. Profit
B. Accuracy
C. Fraud
D. Loss
14. SDLC testing ensures:
A. Profit
B. Accuracy
C. Fraud
D. Loss
Answer b
15. Data mining helps in:
A. Storage
B. Pattern detection
C. Backup
D. Coding
Answer b
16. GRN means:
A. Goods Return Note
B. Goods Received Note
C. General Record Note
D. None
Answer b
17. Which cycle handles suppliers?
A. Revenue
B. Payroll
C. Expenditure
D. HR
Answer c
18. Access control ensures:
A. Speed
B. Security
C. Volume
D. Storage
Answer b
19. Data governance deals with:
A. Coding
B. Data management policies
C. Hardware
D. Software
Answer b
20. ERP integrates:
A. One department
B. All functions
C. Only finance
D. Only HR
Answer b
21. Revenue cycle begins with:
A. Cash receipt
B. Customer order
C. Invoice
D. Payment
Answer b
22. Payroll fraud example:
A. Fake vendor
B. Ghost employee
C. Fake invoice
D. Duplicate PO
Answer b
23. Data integrity requires:
A. Accuracy
B. Completeness
C. Reliability
D. All
Answer d
24. SDLC ends with:
A. Design
B. Maintenance
C. Testing
D. Coding
Answer b
25. Big data includes:
A. Only structured
B. Only text
C. Structured + unstructured
D. None
Answer c
๐ท SECTION B: ASSERTION–REASON (26–40)
26. A: Segregation of duties reduces fraud
R: One person should control all functions
✅ Ans: A true, R false
27. A: Data warehouse stores integrated data
R: It is department-specific
✅ Ans: A true, R false
28. A: Payroll cycle includes employee payment
R: It involves vendor payments
✅ Ans: A true, R false
29. A: Data mining identifies patterns
R: It increases data storage
✅ Ans: A true, R false
30. A: SDLC testing prevents system failure
R: Testing is optional
✅ Ans: A true, R false
31. A: Revenue cycle involves billing
R: It includes supplier selection
✅ Ans: A true, R false
32. A: Data governance ensures data security
R: No policies required
✅ Ans: A true, R false
33. A: Duplicate payments occur in expenditure cycle
R: Same invoice processed twice
✅ Ans: Both true, R explains A
34. A: Big data has high volume
R: It processes small data only
✅ Ans: A true, R false
35. A: ERP integrates business functions
R: It isolates departments
✅ Ans: A true, R false
36. A: Ghost employees increase payroll cost
R: Fake records exist
✅ Ans: Both true, R explains A
37. A: Data integrity ensures accuracy
R: Data can be modified freely
✅ Ans: A true, R false
38. A: Purchase cycle involves vendors
R: Customers are involved
✅ Ans: A true, R false
39. A: Audit trail helps detect fraud
R: No record is maintained
✅ Ans: A true, R false
40. A: SDLC includes maintenance
R: Systems never need updates
✅ Ans: A true, R false
SECTION C: FILL IN THE BLANKS (41–55)
- AIS stands for ________
✅ Accounting Information System
3-way matching includes PO, GRN, ______
✅ Invoice
Payroll fraud includes ______ employees
✅ Ghost
Data warehouse stores ______ data
✅ Integrated
Big data is defined by 3 V’s: Volume, Velocity, ______
✅ Variety
๐ท SECTION D: ODD ONE OUT (56–65)
56. PO, GRN, Invoice, Salary
✅ Salary
57. Data warehouse, Data mart, Big data, Payroll
✅ Payroll
58. Recruitment, Attendance, Salary, Vendor
✅ Vendor
59. Planning, Design, Testing, Marketing
✅ Marketing
60. Invoice, Customer, Supplier, Payment
✅ Customer
61. Fraud, Error, Control, Risk
✅ Control
62. Hadoop, Spark, Data mining, Ledger
✅ Ledger
๐ท SECTION E: LOGICAL CONCLUSION (66–80)
66. If same person approves & records →
✅ High fraud risk
67. No audit trail →✅ Difficult fraud detection
68. Weak password controls →✅ Unauthorized access
69. No 3-way matching →✅ Duplicate payment risk
70. No testing in SDLC →✅ System failure
71. Data inconsistency →✅ Poor decision making
72. Ghost employees →✅ Payroll fraud
73. Centralized data →
✅ Better reporting
74. No segregation →
✅ Increased fraud
75. Automated system →
✅ Increased efficiency
76. No data governance →
✅ Data misuse
77. Poor controls →
✅ Financial misstatement
78. Big data analytics →
✅ Better insights
79. ERP implementation →
✅ Integrated processes
80. Manual system →
✅ Higher error rate
๐ท SECTION F: MISSING DATA (81–90)
81. PO → GRN → ______
✅ Invoice
82. Employee → Attendance → ______
✅ Salary
83. Customer → Order → ______
✅ Invoice
84. Planning → Design → ______
✅ Testing
85. Data → Information → ______
✅ Decision
86. Vendor → PO → ______
✅ Payment
87. Input → Process → ______
✅ Output
88. Fraud → Risk → ______
✅ Control
89. Data mart → Department → ______
✅ Specific
90. Warehouse → Central → ______
✅ Integrated
๐ท SECTION G: NEGATIVE (EXCEPT) QUESTIONS (91–100)
91. All are revenue cycle EXCEPT:
A. Billing
B. Cash receipt
C. Vendor payment
D. Sales
✅ Ans: C
92. Payroll includes all EXCEPT:
A. Salary
B. Attendance
C. Vendor
D. Employee
✅ Ans: C
93. Data integrity includes all EXCEPT:
A. Accuracy
B. Completeness
C. Fraud
D. Reliability
✅ Ans: C
94. SDLC includes all EXCEPT:
A. Planning
B. Testing
C. Cooking
D. Design
✅ Ans: C
95. Big data features EXCEPT:
A. Volume
B. Variety
C. Velocity
D. Cooking
✅ Ans: D
96. Controls include all EXCEPT:
A. Authorization
B. Segregation
C. Fraud
D. Audit
✅ Ans: C
97. Revenue fraud includes all EXCEPT:
A. Fake sales
B. Wrong invoice
C. Ghost employee
D. Overbilling
✅ Ans: C
98. Expenditure cycle includes all EXCEPT:
A. PO
B. GRN
C. Invoice
D. Salary
✅ Ans: D
99. Data governance includes all EXCEPT:
A. Policies
B. Security
C. Data usage
D. Random access
✅ Ans: D
100. AIS includes all EXCEPT:
A. Data
B. Process
C. Output
D. Cooking
✅ Ans: D
๐ฅ FINAL EXAM TIP
๐ Focus on:
- Segregation of Duties (MOST ASKED)
- 3-way matching
- Ghost employees / Fake vendors
- Data integrity & governance
- SDLC phases
