Sources of management information and management reports
1. Sources of management accounting information: Internal sources of information include the financial
accounting records and other systems closely tied to the accounting system.
Capturing data/information
from inside the organisation involves the following.
(a) A system for collecting or measuring transactions
data – eg sales, purchases, inventory and revenue – which sets out
procedures for what data is collected, how frequently, by whom
and by what methods, and how it is processed and filed or
communicated
(b) Informal communication of information
between managers and staff (eg, by word of mouth or at meetings)
(c) Communication
between managers
1.1 Sources of monetary and non-monetary information
1.1.1 The financial accounting records: You are by now
very familiar with the idea of a system of sales ledgers and purchase ledgers,
general ledgers, cash books, and so on. These records provide a history of
an organisation's monetary transactions.
Some of this information is of great value outside the accounts
department – most obviously, for example, sales information for the marketing
function. Other information, like cheque numbers, is of purely administrative
value within the accounts department.
You will also be aware that, to maintain the integrity of
its financial accounting records, an organisation of any size will have systems
for and controls over transactions. These also give rise to valuable
information.
An inventory control system is the classic example: besides
actually recording the monetary value of purchases and inventory in hand for
external financial reporting purposes, the system will include purchase orders,
goods received notes, goods returned notes, and so on, which can be analysed to
provide management information about speed of delivery, say, or the quality
of supplies.
1.1.2 Other internal sources: Much information that
is not strictly part of the financial accounting records nevertheless is
closely tied to the accounting system.
(a) Information about personnel will be linked to the payroll
system. Additional information may be obtained from this source if, say, a
project is being costed and it is necessary to ascertain the availability and
rate of pay of different levels of staff.
(b) Much information will be produced by a production
department about machine capacity, movement of materials and work in progress,
set up times, maintenance requirements, and so on.
(c) Many service businesses – notably accountants and
solicitors – need to keep detailed records of the time spent on various
activities, both to justify fees to clients and to assess the efficiency of
operations.
Staff themselves are one of the primary sources of
internal information. Information may be obtained either informally in
the course of day-to-day business or formally through meetings, interviews
or questionnaires.
1.2 External sources of information: External information
tends to be more relevant to strategic and tactical decisions than to
operational decisions. (Benchmarking is an exception.)
Capturing information from outside the organisation might be
carried out formally and entrusted to particular individuals, or might be
'informal'.
1.3. Formal collection of data from outside sources: There
are many sources of external information.
(a) A company's tax
specialists will be expected to gather information about changes in tax law
and how this will affect the company.
(b) Obtaining information about any new legislation on
health and safety at work, or employment regulations, must be the
responsibility of a particular person – for example the company's legal
expert or company secretary – who must then pass on the information
to other managers affected by it.
(c) Research and development work often relies on
information about other R&D work being done by another company or by
government institutions. An R&D
official might be made responsible for finding out about R&D work
outside the company.
(d) Marketing
managers need to know about the opinions and buying attitudes of potential
customers. To obtain this information, they might carry out market research
exercises.
Informal gathering of information from the
environment goes on all the time, consciously or unconsciously, because
the employees of an organisation learn what is going on in the world around them
– perhaps from the media, meetings with business associates or the trade press.
Organisations hold external information, such as invoices
and advertisements, from customers and
suppliers. However, there are many occasions when an active search outside
the organisation is necessary.
1.4 Specific external sources: Secondary data, such
as government statistics or data provided by online databases, is not collected
by or for the user. Primary data – more expensive than secondary data –
is more tailored to the user's exact needs. Market research is an example.
1.4.1 Directories: Examples (of business directories)
include the following (although there are many others).
(a) Kompass Register (Kompass)
(b) Who owns Whom (Dun & Bradstreet)
(c) Key British Enterprises (Dun & Bradstreet)
1.4.2 Associations: There are associations in almost
every field of business and leisure activity, and ACCA itself is an
organisation. Associations collect and publish data for their members that can
be of great interest to other users. For example, although the services of the
Road Haulage Association (RHA) are geared towards transport businesses, their
analysis of fuel prices rises could be useful to all motorists.
1.4.3 Government agencies: The Government is a major
source of economic information and information about industry and population
trends. Examples of UK Government publications are as follows. Most of these
are available online and can be downloaded for free.
(a) National
Statistics, divided into 12 separate themes such as economy, health and
labour
(b) The Digest
of UK Energy Statistics (published annually)
(c) Housing
and Construction Statistics (published quarterly)
(d) Financial
Statistics (monthly)
(e) Economic
Trends now published with Labour
Market Trends in the Economic Labour
Market Review
(f) Public
Sector Employment Trends (annual) gives details of employment in the public
sector in the UK
(g) A variety
of publications on the Department for Business, Innovation and Skills website give
data on industrial and commercial trends at home and overseas
(h) Social
Trends (annual)
Official statistics are also published by other government
bodies, such as the European Union, the United Nations and local authorities.
1.4.4 Other published sources: This group includes
all other publications, including some digests
and pocket books and periodicals (often available in public libraries).
1.4.5 Syndicated services: The sources of secondary
data we have looked at so far have generally been free because they are in the
public domain. Inexpensiveness is an advantage that can be offset by the
fact that the information is unspecific and
needs considerable analysis before
being useable. A middle step between adapting secondary data and commissioning
primary research is the purchase of data
collected by market research companies. The data tend to be expensive but
less costly than primary research.
1.4.6 Consumer panels: A form of continuous research
which result in secondary data often bought in by marketers is that generated
by consumer panels. These constitute
a representative sample of individuals and households whose buying activity in
a defined area is monitored either continuously (every day, with results
aggregated) or at regular intervals, over
a period of time. There are panels set up to monitor purchases of
groceries, consumer durables, cars, baby products and many others.
1.5 Information from customers: Customers can provide
useful information.
(a) Firms send out satisfaction questionnaires and market
research.
(b) Customer comments and complaints sent voluntarily can
suggest improvements.
1.6 Information from suppliers: Supplier information
comes in several categories.
|
Information
|
Comment
|
|
'Bid' information
|
A supplier pitching for a product will detail products, services and prices. This
is before a deal is
done.
|
|
Operational information
|
If a firm
has placed a particular job
or contract with
a supplier, the supplier may provide details of the
stages in the
manufacturing process, eg the delivery time.
|
|
Pricing information
|
Component prices
vary from industry to industry; some
are volatile.
|
|
Technology
|
Technological developments in the supplier's industry can affect
the type of input
components, their cost
and their availability.
|
1.7 The internet: The internet increases the richness of external data and reduces the
cost of searching for it. The internet is
a global network connecting millions of computers. The internet offers
efficient, fast and cost-effective email,
and massive information search and
retrieval facilities. There is a great deal of financial information
available and users can also access
publications and news releases issued by the Treasury and other government
departments.
Businesses are also using it to provide information (cheaply) about their own products and services and
to conduct research into their
competitors' activities.
The internet offers a speedy
and impersonal way of getting to
know the basics (or even the details) of the services that a company provides.
The internet is commonly used to access information about suppliers.
(a) A firm can visit a supplier's website for details of
products and services.
(b) The user can search a number of websites through a
browser. Note that the internet may not contain every supplier; arguably it
should not be relied on as the sole source.
(c) A number of business to business sites have been opened.
Participating members offer their services, and can offer quotes. A lot of the
communication search problem is avoided.
1.8 Database information: A management information system or database should provide managers with a useful flow of relevant
information which is easy to use and
easy to access. Information is an
important corporate resource.
Managed and used effectively, it can provide considerable
competitive advantage and so it is a worthwhile investment.
It is now possible to access large volumes of generally
available information through databases held by public bodies and businesses.
(a) Some companies, such as LexisNexis, charge users a
subscription fee to access their electronic database. LexisNexis' clients come
primarily from within the legal and accountancy profession, who use the service
to access legal and public records related information.
(b) Public databases are
also available for inspection.
Dun & Bradstreet provides
general business information. AC Nielsen
operates online information regarding products and market share.
Developments in information technology allow businesses to
have access to the databases of external
organisations. Reuters, for example, provides an online information system
about money market interest rates and foreign exchange rates to firms involved
in money market and foreign exchange dealings, and to the treasury departments
of a large number of companies. The growing adoption of technology at point of sale provides a potentially
invaluable source of data to both retailer and manufacturer.
1.8.1 Online databases: Most external databases are
online databases, which are very large computer files of information supplied
by database providers and managed by
'host' companies whose business
revenue is generated through charges made to users. Access to such databases is open to anyone prepared to pay
and who is equipped with a PC plus internet access and communication software.
These days there are an increasing number of companies offering free internet
access. Most databases can be accessed around the clock.
1.9 Data warehouses: A data warehouse contains data
from a range of internal (for instance sales order processing system,
nominal ledger) and external sources.
One reason for including individual transaction data in a data warehouse is
that the user can drill down to access transaction-level detail if necessary.
Data is increasingly obtained from newer channels, such as customer care
systems, outside agencies or websites.
The warehouse provides a coherent set of information to be used
across the organisation for management analysis
and decision-making. The
reporting and query tools available within the warehouse should facilitate
management reporting and analysis. This analysis can be enhanced through using data mining software to identify trends
and patterns in the data.
2. Information for control purposes: Much control is
achieved through the feedback of
internal information.
Control is
dependent on the receipt and processing
of information, both to plan in the first place and to compare actual
results against the plan, so as to judge what control measures are needed.
Plans will be
based on an awareness of the environment
(from externally sourced information) and on the current performance of the organisation (based on internal
information such as, for example, sales volumes and costs).
Control is achieved through feedback –
information about actual results produced from within the organisation (that
is, internal information) such as variance control reports for the purpose of
helping management with control decisions.
The sources of
information outlined earlier in the chapter are used to supply management with data for control.
For instance, payroll
records give information on the total cost of staff and a breakdown into
cost by function, role, bonuses, taxes, and so on which can show management how
different cost areas are performing. As payroll is often a large cost and to
some extent discretionary or variable, it is important to monitor and control.
Equally, information on wage
payments will also be relevant to an organisation's cash flow planning. As
far as possible, organisations like to keep their cash balances within certain
limits. So, by knowing the amount and timing of wages and salary payments, the
organisation can make any adjustments to ensure cash balances remain within the
desired limits.
Information about inventory
levels can also be instructive. For example, some lines of inventory may be
slow moving, but management will need to establish why this is. Has a
competitor introduced a rival product, or reduced its prices? Have there been
any quality issues with the product which have damaged its reputation in the
marketplace? Is the product in a long-term decline and should production of it
be discontinued? In this respect, information about quantities of a product
sold compared with quantities produced could also be very useful. For example,
if a product is selling very well, production may need to be increased so that
demand can be satisfied and any stock-outs avoided.
Customer data is
vital in any business that strives to focus on customers. Thus data on buying
habits, where customers shop, what they buy and who the main customers are all
give feedback for control purposes.
Equally, data from customer sales accounts can provide
useful information on how customer debts are aged. A report on the ageing of
debt can provide management with information on how successful its receivables
control policy is. Management's response will be different if half the customer
debt has been outstanding for more than say, 60 days, compared with only 5% of
the debt being outstanding for more than 60 days.
External data is
useful for benchmarking provided the correct or appropriate benchmarks are
selected.
3. Costs of information: Be aware of the cost of inefficient use of information.
The costs to an organisation of the collection, processing
and production of internal information can be divided into three types. These
are direct data capture costs, process costs, and indirect costs of producing
internal information.
|
Cost
|
Examples
|
|
Direct data capture
|
·
Use of bar
coding and scanners (eg in retailing and manufacturing)
·
Employee time spent
filling in timesheets
·
Secretary time spent
taking minutes at a meeting
|
|
Processing
|
·
Payroll department time spent processing and analysing personnel costs
·
Time for personnel to input data
(eg in relation to production) on
to the MIS
|
|
Inefficient use of information
|
·
Information
collected but not
needed
·
Information
stored long after
it is needed
·
Information
disseminated more widely
than necessary
·
Collection
of the same
information by more
than one method
·
Duplication
of information
|
4. Costs, benefits and limitations of external
information: There are specific costs
not only in obtaining data but also in maintaining the infrastructure
supporting data collection and distribution.
4.1 Costs: Identifying the costs of obtaining
external data is not difficult. Effectively there are five types of cost.
|
Cost
|
Examples
|
|
Direct search costs
|
·
Cost of a marketing research survey (this can
be considerable)
·
Subscriptions
to online databases
·
Subscriptions
to magazines, services
·
Download fees
|
|
Indirect access costs
|
·
Management
and employee time spent finding useful information
·
Wasted management and employee time
on unsuccessful searches for information
·
Spurious accuracy / redundancy
·
Wasted management and
employee time on excessive searching
·
Wasted time on
trying to find
spurious accuracy
|
|
Management
costs
|
·
Recording, processing and
dissemination of external information
·
Wasted time due to information overload
·
Wasted time on excessive processing
|
|
Infrastructure
costs
|
·
Installation and
maintenance of computer networks, servers, landlines, etc to facilitate internet searching and internal electronic communication
|
|
Time theft
|
·
Wasted time caused
by abuse of
internet and email
access facilities
·
Lost time
·
Cost of monitoring and disciplinary procedures
·
Information
overload
|
As can be seen from the earlier case example, the internet
can significantly reduce search time and cost. More information can be had for
less money.
a.2
Benefits and limitations of external data: The
benefits can be quantified in the following terms.
(a) The quality of decisions
that the data has influenced
(b) Risk/uncertainties
avoided by having the data
(c) The organisation's ability to respond appropriately to the
environment or to improve its
performance
One of the principal limitations
of external data is that its quality
cannot be guaranteed. Its quality will
depend on the following characteristics.
(a) The producers of
the data (they may have an axe to grind; trade associations may not include
data which runs counter to the interests of its members)
(b) The reason for
the data being collected in the first place
(c) The collection
method (random samples with a poor response rate are particularly
questionable)
(d) The age of
the data (government statistics and information based on them are often
relatively dated, though information technology has speeded up the process)
(e) How parameters
were defined (for instance, the definition of family used by some
researchers could well be very different to that used by others)
Using poor quality external data can have disastrous
consequences: projects may proceed on the basis of overstated demand levels;
opportunities may not be grasped because data is out of date and does not show
the true state of the market.
4.2.1 Advantages arising from the use of secondary (as
opposed to primary) data
(a) The data may solve the problem without the need for any
primary research: time and money is
thereby saved.
(b) Cost savings can
be substantial because secondary data sources are a great deal cheaper than those for primary
research.
(c) Secondary data,
while not necessarily fulfilling all the needs of the business, can be of great
use:
(i) Setting the
parameters, defining a hypothesis, highlighting variables; in other words,
helping to focus on the central problem
(ii) Providing
guidance, by showing past methods of research and so on, for primary data
collection
(iii) Helping to
assimilate the primary research with past research, highlighting trends and
the like
(iv) Defining
sampling parameters (target populations, variables, and so on)
a.2.2
Disadvantages to the use of secondary
data
(a) Relevance.
The data may not be relevant to the research objectives in terms of the data
content itself, classifications used or units of measurement.
(b) Cost.
Although secondary data is usually cheaper than primary data, some specialist
reports can cost large amounts of money. A cost-benefit analysis will determine
whether such secondary data should be used or whether primary research would be
more economical.
(c) Availability.
Secondary data may not exist in the specific product or market area.
(d) Bias.
The secondary data may be biased, depending on who originally carried it out
and for what purpose. Attempts should be made to obtain the most original
source of the data, to assess it for such bias.
(e) Accuracy.
The accuracy of the data should be questioned.
The golden rule when using secondary data is use only meaningful data. It is
obviously sensible to begin with internal sources and a firm with a good
management information system should be able to provide a great deal of data.
External information should be consulted in order of ease and speed of access.
5. Controls over generating and distributing internal
information
Controls need to
be in place over the generation of internal information in routine and ad-hoc
reports.
5.1
Controls over generating internal
information in routine reports
(a) Carry out a cost-benefit
analysis. How easy is the report
to prepare compared with the usefulness of the decisions that can be
taken as a result of its production? The cost of preparing the report will in
part be determined by who is
preparing it. The cost can be reduced if its preparation can be delegated by a director to a junior
member of staff.
(b) A trial preparation
process should be carried out and a prototype
prepared. Users should be asked to confirm that their requirements will be
met.
(c) A consistent
format and consistent definitions should be used to ensure that reporting
is accurate and the chance of
misinterpretation is minimised. Standard house
styles will ensure that time is not wasted by managers, staff and report
writers on designing alternative layouts.
(d) The originator
of the report should be clearly identified so that users' queries can be
dealt with quickly.
(e) The report should clearly set out limits to the action that users can take as a result of the information
in the report. This will ensure that the organisation's system of
responsibilities is maintained.
(f) The usefulness
of the report should be assessed on
a periodic basis to ensure that its production is necessary.
5.2
Controls over generating internal
information in ad hoc reports
(a) Carry out a cost-benefit
analysis as above.
(b) Ensure that the required information does not already exist in another
format.
(c) Brief the report writer so that only the relevant information is
provided.
(d) Ensure that the originator is clearly identified.
(e) Ensure that report writers have access to the most up-to-date information.
5.3 Controls over distributing internal information: A
procedures manual sets out controls
over distributing internal information.
(a) Procedures manual
(for standard reports)
(i) Indicates what standard reports should be issued
and when (eg budgetary control report for department X on a monthly basis)
(ii) Sets out the format of standard reports
(iii) Makes clear who should receive particular
standard reports
(iv) Indicates whether reports should be shredded (if
confidential) or just binned
(v) Makes clear what information should be regarded
as highly confidential
(b) Other
controls
(i) Payroll
and personnel information should be kept in a locked cabinet or be protected by password access on a computer system.
(ii) All employees should be contractually required not to divulge confidential information.
(iii) The internal mail system should make use of 'private and confidential' stamps.
(iv) An appropriate email policy should be set up.
1. Email is best suited to short messages rather than
detailed operational problems.
2. Email provides a relatively permanent means of
communication, which may be undesirable for confidential/'off-the-record'
exchanges.
3. Staff may suffer from information overload.
4. It is uncomfortable to read more than a full
screen of information. Longer messages will either not be read properly or will
be printed out (in which case they may just as well have been circulated in
hard-copy form).
(v) Physical computer security
Internal security.
Management can regulate which staff members have access to different types of
data. For instance, access to HR records may be restricted to members of the HR
team by keeping these records on a separate server or database. In this way,
only certain terminals may access servers with sensitive or confidential data
stored on them.
External security.
The organisation can also protect its data from external access by using firewalls.
A firewall is designed to
restrict access to a network by selectively allowing or blocking inbound
traffic to parts of an organisation's system. It examines messages entering and
exiting the system and blocks any that do not conform to specified criteria. In
this way, firewalls can be used to protect data and databases from being
accessed by unauthorised people or terminals. For example, access to key
servers could be restricted to a small number of terminals only.
5.3
If information is held on a server
(a) Controls over viruses and hacking
(b) Clearly understood policy on the use of emails and
corporate IT
(c) Password system to restrict access to particular
files
6. Security and confidential information: Disaffected
employees have potential to do deliberate damage to valuable corporate data
or systems, especially if the information system is networked, because they may
have access to parts of the system that they are not really authorised to use.
If the organisation is linked to an external network, people outside the company (hackers)
may also be able to get into the company's internal network, either to steal
data or to damage the system.
Various procedures are therefore necessary to ensure
the security of highly confidential information that is not for external
consumption.
6.1 Passwords: Passwords are a set of characters
allocated to a person, terminal or facility which have to be keyed into the
system before further access is permitted.
In order to access a system the user first needs to enter a
string of characters. If what is entered matches a password issued to an
authorised user or valid for that particular terminal, the system permits
access. Otherwise the system shuts down and may record the attempted
unauthorised access.
Keeping track of these attempts can alert managers to
repeated efforts to break into the system; in these cases the culprits might be
caught, particularly if there is an apparent pattern to their efforts.
The restriction of access to a system with passwords is
effective and widely used but the widespread and growing use of PCs and
networks is making physical isolation virtually impossible. The wider use of
information systems requires that access to the system becomes equally
widespread and easy.
Requirements for system security must be balanced by the
operational requirements for access: rigidly enforced isolation of the system
may significantly reduce the value of the system.
6.2 Logical access systems: While physical access
control (doors, locks, and so on) is concerned with the prevention of
unauthorised persons gaining access to the hardware, logical access control
is concerned with preventing those who already have access to a terminal or
a computer from gaining access to data or software.
In a logical access system, data and software or individual
computer systems will be classified according to the sensitivity and
confidentiality of data.
(a) Payroll data or details of the draft corporate budget
for the coming year may thus be perceived as highly sensitive and made
available to identified individuals only.
(b) Other financial information may be made available to
certain groups of staff only, for example members of the finance function or a
certain grade of management.
(c) Other data may be unrestricted.
A logical access system performs three operations when
access is requested.
(a) Identification of the user
(b) Authentication of user identity
(c) Check on user authority
6.3 Database controls: Databases present a particular
problem for computer security. In theory, the database can be accessed by large numbers of people,
and so the possibility of alteration,
unauthorised disclosure or fraud is so much greater than with
application-specific files.
It is possible to construct complicated password systems, and the system can be programmed to give a limited view of
its contents to particular users or restrict the disclosure of certain types of
information to particular times of day. It is possible to build a set of privileges into the system, allowing
authorised users with a particular password to access more information.
There are problems ensuring that individuals do not
circumvent the database by means of inference,
however. If you ask enough questions, you should be able to infer from the
replies the information you are really seeking.
For example, the database forbids you to ask if John is
employee Category A. However, if you know there are only three employee
categories, A, B, and C, and there is no prohibition on asking about categories
B and C, you can work out the members of category A by process of elimination
(ie neither B, nor C, therefore A).
These so-called inference
controls exist to make this difficult by limiting the number of queries, or by controlling the overlap between
questions.
6.4 Firewalls: Systems can have firewalls to prevent unauthorised access into company
systems. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are
frequently used to prevent unauthorised
internet users from accessing private networks connected to the internet,
especially intranets. All messages entering or leaving the intranet pass
through the firewall, which examines each message and blocks those that do not
meet specified security criteria.
As well as preventing unauthorised access onto company
systems, firewalls can also be used to help protect a company's data from
corruption by viruses.
6.5 Encryption: Information transmitted from one part
of an organisation to another may be intercepted. Data can be encrypted (scrambled) in an attempt to make it unintelligible to eavesdroppers.
6.6 Other safety measures: Authentication is a technique for making sure that a message has
come from an authorised sender.
Dial back security operates
by requiring the person wanting access to the network to dial into it and
identify themselves first. The system then dials the person back on their
authorised number before allowing them access.
All attempted violations of security should be automatically
logged and the log checked
regularly. In a multi-user system, the terminal attempting the violation may be
automatically disconnected.
6.7 Personal data: In recent years there has been a growing
popular fear that information about
individuals which is stored on computer files and processed by computer can
be misused.
In particular, it is felt that an individual could easily be
harmed by the existence of
computerised data about themselves which was inaccurate or misleading and
which could be transferred to
unauthorised third parties at high speed and little cost.
As a result, most countries have introduced legislation designed to protect the
individual. In the UK, the current legislation is the Data Protection Act 1998.
6.8 Personnel security planning: Certain employees
will always be placed in a position of trust; for example, senior systems
analysts, the database administrator and the computer security officer. With
the growth of networks, almost all employees may be in a position to do damage
to a computer system. A recent report claims that 80% of hacking is done by
employees.
Although most employees are honest and well intentioned, it
may be relatively easy for individuals to compromise
the security of an organisation if they wish to do so. The following types
of measure are therefore necessary.
(a) Careful recruitment
(b) Job rotation
(c) Supervision and observation by a superior
(d) Review of computer usage (eg via systems logs)
(e) Enforced vacations
The key is that security
should depend on the minimum possible number of personnel. Although this is
a weakness, it is also a strength.
6.9 Anti-virus and anti-spyware software: The growth
of the internet has led to increased exposure to security risks. Two particular
risks derive from exposure to computer
viruses and to spyware.
Computer viruses typically
arrive by email and are triggered when the user opens the email and an
attachment. The virus is a
self-replicating computer program that infiltrates
and then damages a computer system.
Spyware is a type
of program that watches what users
do with their computer and then sends
that information over the internet to a third party. Customers of online
bank accounts have experienced particular problems with spyware when their
personal financial data has been captured by keylogging software.
Software has been developed to counteract these risks. Anti-virus software works to achieve
this by:
(a) Scanning files to
look for known viruses
(b) Identifying
suspicious behaviour from any computer program that might indicate
infection
Anti-spyware software
combats spyware in two ways.
(a) Real-time protection which prevents the installation of
spyware by blocking software and
activities known to represent spyware
(b) Detection and
removal of spyware by scanning
software and removing files and entries that match known spyware
No comments:
Post a Comment