ACC 340 Module 3

Describe the difference between authentication and authorization.

Authentication The process of verifying the identity of the person or device attempting to access the system The objective is to ensure that only legitimate users can access the system Authorization The process of restricting access of authenticated users to specific portions of the system and limiting what actions they are permitted to perform The objective is to structure an individual employee's rights and privileges in a manner that establishes and maintains adequate segregation of duties

List key criteria used to select vendors in managing a company's expenditure cycle.

ocus on minimizing the Total Cost of Purchase: Quality of goods Ability to deliver on time, delivery dependability Credit rating of the vendor/financial strength Vendor corporate structure/allows for timely response to changes/flexible to adapt to changes Prices of goods - the least important factor among these listed

List applicable controls in source documents associated with the expenditure process.

* Purchase requisition: Review and approve purchase requisition by supervisors; use of pre-numbered Purchase Requisition forms; restricted access to blank purchase orders; validity checks on item, clerk, and supervisor numbers; completeness checks; reasonableness test (i.e. quantity, comparing date needed to date requested) * Receiving report: Blind receiving or blind PO (quantities have been erased or blacked out to receiving clerk); RFID to enhance accuracy, ability to track movement/shipment; validity checks on vendor, item, and employee numbers; completeness check

Define the business process diagram (BPDs) and its purpose.

A business process diagram is a visual way to describe the different steps or activities in a business process. It depicts the major steps in a process sequentially, reading from left to right and top to bottom.

Define the imprest fund.

A cash account with 2 characteristics: It is set at a preset fixed amount, $100 Fill out vouchers for every reimbursement The cashier maintains the sum of cash + vouchers = the preset fund balance

Describe the disbursement voucher system. Highlight the advantages of using disbursement vouchers for processing vendor payments.

A document that identifies the supplier and lists the outstanding invoices Indicates the net amount to be paid after deducting any applicable purchase discount and/or allowance Reduce the number of checks to be written by combining several invoices on one voucher Disbursement vouchers may be pre-numbered which simplifies the tracking of all payables through the system The time of voucher approval and payment can be kept separate--facilitate SOD

Describe the purpose of access controls. Give two examples of access controls.

Access controls limit employees' ability to use the system's built-in query capabilities to access only those specific tables and fields relevant to performing their assigned duties Access controls are enabled through authorization To limit those who can view certain information

Describe types of adjustment entries regularly originated from the controller office.

Accruals Made at the end of the accounting period to reflect events that have occurred but are not in the financial statements Actions before cash flows Ex: Recording interest earned on an investment Deferrals Made at the end of accounting period to reflect exchange of cash prior to performance of related event Cash flows before actions Ex: recognize the deferred revenue earned Estimates Portion of expenses expected to occur over a number of accounting periods Ex: Depreciation expense and bad debt expense Revaluations Entries made to reflect differences between actual and recorded value of an asset or change in accounting principle Ex: a change in inventory method (LIFO to FIFO), goodwill write off Corrections Entries made to counteract effects of errors found in the general ledger

Give a cash discount on purchase 1/10, N/30, calculate the cost of financing inventory purchases when the company fails to capture purchase discount for prompt payment

Annual rate = cash discount rate * (360 / term of credit) Vendor financed purchase because they're giving a discount

Describe the best practices to implement changes in ERP systems.

Implement changes in ERP systems as three separate instances: Production phase: the phase used to process daily activity Testing and development phase Backup phase: to maintain an online backup to the production system to provide near real-time recovery

A sales clerk sold a $7,000 wide-screen TV to a friend and altered the price to $700.

Price and discount information maintained in the system must be secure - secure using segregation of duties and data processing integrity controls (preventive) Supervisor's approval (preventive) Log of system overrides (detective)

Describe major output from the general ledger and reporting system.

Budgets and performance reports Capital Expenditures Budget: the managerial report that shows planned cash inflows and outflows for major investments or acquisitions Operating Budget: depicts planned revenues and expenditures for each organizational unit Financial statements Real-time inquiries

Explain the components of an audit trail for verifying changes to accounts payable.

Compare: Compute the sum of all amounts owed to individual vendors Compare to the balance in the general ledger accounts payable control account Verify: Follow the audit trail to identify the voucher ID numbers, purchase order numbers, and receiving report numbers for all approved vendor invoices and use that list to select all source documents (3 way matching) ERS (2 way matching) Recalculation: Recalculate the total amount purchased and the total cash disbursed Recalculate all purchase discounts available and compare that to the amount taken To verify vendor balances by re-computing the effects of all purchases and payments on the beginning balance; this calculated figure should equal the new ending balance

Describe the different levels of data flow diagram (DFD).

Context Diagram: the highest-level or summary view DFD, which shows major inputs/outputs and a single process Level 0 DFD: shows inputs, major processes, and outputs - How many major data processing activities are involved? - What are the data inputs and outputs of each activity (ignoring all references to people, departments, and document destinations)? Level 1 DFD: shows the details within a major process Each process in the DFD can be "exploded" or shown in greater level of detail with the sub-processes and related data flows - DFDs are subdivided into successively lower levels to provide ever-increasing amounts of detail

Describe the controls embedded in the vendor master record. Account group code Reconciliation account

Control Using Account Group Code Using the account group you determine: The interval for the account numbers Whether the number is assigned internally by the system or externally by the user (type of number assignment) Whether it is a one-time account Which fields are ready for input or must be filled when creating and changing master records (field status) Which partner functions are valid Whether the business partner is a one-time customer or one-time vendor Reconciliation Account in SAP A prerequisite for creation of vendor master Reconciliation account is a G/L account assigned to the vendor master record to record all transactions in the sub ledger Control features: Posting to the sub ledgers are automatically posted to the assigned reconciliation account to keep the G/L up to date Using the reconciliation account to determine the screen layout for posting to the customer master The fields for entering hedging transactions for foreign currency will be suppressed if such transactions are not used Hardening process: if not regularly used, turn it off to prevent backdoor hacking or abuse of system

Define processing integrity controls.

Controls to mitigate the threat of inaccurate or invalid master data is to minimize the risk of data input errors.

An employee makes a credit sale to a customer who is already four months behind in making payments on his account.

Credit approval by credit manager (preventive), segregation of duties (preventive)

Define CRM.

Customer relationship management is the software that organizes information about customers in a manner that facilitates efficient and personalized service. Use CRM systems to improve customer services.

As manager of a local pizza parlor, you want to develop a balanced scorecard so you can more effectively monitor the restaurant's performance. a. Propose at least two goals for each dimension, and explain why those goals are important to the overall success of the pizza parlor. One goal should be purely performance-oriented and the other should be risk-related. b. Suggest specific measures for each goal developed in part a.

Customer: Improve customer satisfaction Customer satisfaction rating Attract new customers Percentage of sales to first time customers Fast services Average time to serve food Innovation and learning Develop new products Number of new products this year Improve employee skills Number of cooking classes attended this year Percentage of cooks who attended at least one cooking class this year Internal Operations Reduce waste Food waste (percentage of sales) Reduce mistakes Percentage of orders with mistakes Financial Increase sales Percentage change in sales Increase profitability Operating margin

Review Table 3-1 and identify the following items below.

Data Flows: The flow of the data into or out of a process is represented by curved or straight lines with arrows. Date Source: The people and organizations that send data to and receive data from the system are represented by square boxes. Processes: The processes that transform data from inputs to outputs are represented by circles. Data Destination: The people and organizations that send data to and receive data from the system are represented by square boxes. Data destinations are also referred to as data sinks.

Describe the difference between disaster recovery plan (DRP) and business continuity plan (BCP).

Disaster Recovery Plan Organizations use DRP to outline the procedures to restore an organization's IT function in the event that its data center is destroyed using cold site, hot site, real-time mirroring Business Continuity Plan Specifies how to resume not only IT operations, but all business processes, including relocating to new offices and hiring temporary replacements in the event of a major calamity

Outline the steps of preparing document flowchart.

Document flowcharts illustrate the flow of documents and data among areas of responsibility within an organization.They trace a document from its cradle to its grave, showing where each document originates, its distribution, its purpose, its disposition, and everything that happens as it flows through the system. 1. Identify the participants. 2. Identify the documents involved. 3. Indicate where the documents are created, processed, and used.

Identify the controls to prevent duplicate invoice postings using SAP.

Duplicate invoice postings happen when a single invoice received from a vendor is posted in the system more than once and consequently paid more than once Reasons for duplicate invoice posting: Vendors sending invoices more than once because of delay in payments or misplacement of invoices Invoices posted twice erroneously by accounting staff Duplicate invoices posted by staff with an intention to defraud the organization Controls to Prevent Duplicate Invoice Postings Restricting the access to create vendor masters to authorized people only and preferably staff from non-AP functions Creating a framework for identifying and blocking vendors that do not have any transactions in say, previous three months Making certain fields like bank account number, alternate payee, etc. in the vendor master file as sensitive fields, requiring approval by authorized persons, for making changes Adopting the process of posting and approving of invoices by different users, to record invoices Making requisite configuration settings to prevent the duplicate invoice postings Using data analytics for identifying duplicate payments which have passed through despite the best efforts Simulate: see if the postings are correct (automatic reconciliation)

Describe the IT enabled billing process.

EDI Sales Invoice Source document: sales invoice Open-invoice method - generates customer payments for each individual sales transaction One to one relationship Balance-forward method if using cycle billing One to many relationship Invoice + Remittance Advice / Turnaround document Digitally tracked Credit Memo A document authorizes the billing department to credit a customer's account Credit Memo must be approved by the credit manager (Segregation of Duties - separate authorization, record-keeping, and custody of assets) Updating accounts receivable Source document: credit memo and monthly statements

Define Evaluated Receipt Settlement (ERS)

ERS - to eliminate vendor invoice because it's a non-value-added activity ERS, which is invoiceless, is a means to replace the traditional three-matching process (vendor invoice, receiving report, and purchase order) with a TWO-WAY MATCH of the purchase order and receiving report

Explain what is meant by the expenditure cycle as a "mirror image" of the revenue cycle.

Each activity associated with each cycle correlates with an activity in the other cycle. Revenue: sales order entry - process orders from customers; Expenditure: ordering of materials, supplies and services - send orders to suppliers Revenue: Shipping - deliver merchandise or services to customers (outbound logistics); Expenditure: Receiving - receive merchandise or services from suppliers (inbound logistics) Revenue: Billing - send invoices to customers; Expenditure: Processing invoices - review and approve invoices from suppliers Revenue: Cash collections - process payments from customers; Expenditure: Cash disbursements - process payments to suppliers

Define EDI.

Electronic Data Interchange is the use of computerized communications and a standard coding scheme to submit business documents electronically in a format that can be automatically processed by the recipient's information system.

Describe the difference between EFT and FEDI.

Electronic funds transfer (EFT) is the transfer of funds through the use of online banking software. Exchange of documents and exchange of funds are separated. Financial electronic data interchange (FEDI) is the combination of EFT and EDI that enables both remittance data and funds transfer instructions to be included in one electronic package.

Describe the IT facilitated controls over uncollectible accounts.

Establish credit limits Automate general credit approval Highlight specific authorization to approve sales to new customers or sales that exceed a customer's credit limit Customer credit inquiry Aging of accounts receivable

Describe the types of internal controls for accounting information systems.

General Controls Make sure an organization's control environment is stable and well managed Examples: IT security; IT infrastructure; software acquisition, development, and maintenance controls Application Controls Prevent, detect, and correct transaction errors and fraud in application programs They are concerned with the accuracy, completeness, validity, and authorization of the data captured, entered, processed, stored, transmitted to other systems, and reported Based on the specific application program you are using Processing Integrity Controls Controls to mitigate the threat of inaccurate or invalid master data is to minimize the risk of data input errors Prevent the risks associated with input data that is: not valid, unauthorized, incomplete, inaccurate Examples: Field check, sign check, limit check, size check, completeness check, reasonableness check

Required: Outline the steps of preparing document flowchart.

Identify the participants. - Requesting Department - HR Department - Payroll Department Identify the documents involved. - Job Vacancy Form - from requesting department to HR - Position Hiring Form - manual process: input is job vacancy form and output is position hiring form (3 copies) Indicate where the documents are created, processed, and used. - PHF stored in numerical sequence (3rd copy) - PHF goes to payroll department (2nd copy) Key into system - PHF stored in payroll department - PHF goes back to Requesting Department (source) - Stored with Job Vacancy Form in alphabetical order in requesting department - Job Vacancy Form goes back to Requesting Department - Stored with PHF in requesting department

Describe the documentation control in SAP.

In SAP, user can be provided with limited authorization amount for posting Example: An accounting clerk has authority to post documents to a maximum amount $10,000 While feeding document, he finds that the document amount is $15,000 for which he does not have the authority System warning will say "You may only post documents up to USD 10,000.00" (limit control) A user may want to temporarily save the document to complete or correct the document at a later stage Under such situations, you can HOLD a document without posting the document amount in the G/L Accounts In such cases, SAP has provided the company for the document which allows the user to save the document but the amount is not posted in the G/L Accounts The document can be later reviewed by Authorized Personnel who has appropriate posting amount authorization Once approved, the document is posted in G/L Accounts

Use Figure 12-2 to identify the (1) input source(s), (2) Data process, and (3) Output destinations

Input Sources: Customers, Expenditure Cycle, Production Cycle, Bank Data Process: Revenue Cycle Output Destinations: Customers, Carrier, Expenditure Cycle, Production Cycle, Bank, General Ledger and Reporting System, HR Management/Payroll Cycle

Do you agree with the following statement: "Any one of the systems documentation procedures can be used to adequately document a given system"? Explain.

No - not all documentation tools can be used for each system. Each type of system will require a specific documentation procedure.

How can responsibility accounting and flexible budgets improve morale?

Responsibility accounting: Reporting results based upon managerial responsibilities in an organization Improves morale by holding managers accountable only for the activities over which they have control In this way, they are not unfairly punished for poor performance that they could not alter Budgets and performance reports should be developed on the basis of responsibility accounting Performance reports for cost centers should compare actual versus budget controllable costs Revenue performance reports designed for sales departments should compare actual versus budget Departments that provide services to other units and charge those units for services rendered should be evaluated as profit centers As responsibility reports are rolled up into reports for higher level executives, they become less detailed Flexible budget: Budget formula based upon level of activity Variances for variable costs will be misleading when the planned output differs from budgeted output Solution: use flexible budgeting Flexible budgeting enables more accurate interpretation of deviations from budget If activity levels are higher than planned, then costs should also increase Therefore, costs higher than the original budget may not be "bad" if they have risen at a rate less than or equal to the proportionate increase in activity

What does the Sarbanes-Oxley Act require that is relevant to documentation tools?

Sarbanes-Oxley requires an internal control report in public company annual reports that (1) states that management is responsible for establishing and maintaining an adequate internal control structure and (2) assesses the effectiveness of the company's internal controls. It also specifies that a company's auditor must evaluate management's assessment of the company's internal control structures and attest to its accuracy. This attestation should include a specific notation about significant defects or material noncompliance found during internal control tests. Auditors must be able to prepare, evaluate, and read documentation tools such as flowcharts and business process models.

Give two examples of processing integrity controls that you used during your MS Excel project and MS Access project.

Size check: Using an input mask in Access Reasonableness check: Using conditional formatting or data validation to flag values over a specific amount in Excel

Describe major input to the general ledger and reporting system.

Summary entries from the major subsystems using the Journal Voucher file A file that stores all journal entries used to update the GL When updating the general ledger, sales, purchases, and production are examples of accounting subsystem entries, and Adjusting entries from the Controller's area Financing and investing activities from the Treasurer Examples: issuance or retirement of debt and the purchase or sale of investment securities Budget plan from the Budget Director

Why is the audit trail an important control?

The audit trail is used to verify the accuracy and completeness of transaction processing As a supplementary detective control Tracing a set of source documents forward through the journal entries that updated the general ledger verifies that the transactions were actually recorded Tracing changes in general ledger accounts back to source documents provides a way to verify that the transactions did indeed occur and that they were recorded correctly

What is the value of using a context diagram when working with DFDs?

The context diagram provides a summary-level view of the system. It depicts: - A data processing system - The external entities that are sources of its input and destinations of its output - Helps to understand the amount of interaction between the system and outside entities It is a good way to depict the boundaries of the system (what is to be included or excluded from the system) Prevents audit scope creep

Describe change management controls. Give two examples of change controls.

The formal process used to ensure that modifications to hardware, software, or processes do not reduce systems reliability. Characteristics of well-designed change management process: Document all change requests Document approvals of all change requests Test all changes in a separate system first to minimize disrupting normal business Internal auditors review conversion controls to ensure that data is accurately and completely transferred from the old to the new system Updating of all documentation to reflect the newly implemented changes Develop "backout" plans to revert to previous configurations if the new change fails Monitor and review of user rights and privileges during the change process to ensure that proper segregation of duties is maintained.

What is the major cost driver in the purchasing function? Describe how information technology can be used to control this cost driver.

The major cost driver in the purchasing function is the number of purchase orders processed Reduce the Number of PO Use approved vendor list + approved price list Use EDI enabled vendor-managed inventory programs to reduce purchasing and inventory costs Use blanket purchase A blanket order is a commitment to buy specified items at specified prices from a particular supplier for a set time period Use procurement cards for small dollar and small quantity purchases or non-inventory items Improve Efficiency Electronic data interchange (EDI) for transmitting purchase orders to vendors Evaluated receipt settlement (ERS) to replace the traditional three-matching process (vendor invoice, receiving report, and purchase order) with a two-way match of the purchase order and receiving report

Describe the cost center accounting in SAP? Identify the purpose of using the cost center standard hierarchy.

Used for internal control purposes by making the costs more transparent in an organization Focus is on managing cost per plan Performance is managed by comparing planned and actual costs The structure of cost centers is heavily dependent on each organization Before creating a cost center, you should outline the standard hierarchy of the cost centers Standard hierarchy for cost center display allows you to visualize the organization from the controlling perspective The cost center standard hierarchy is used to structure the cost centers in an organization All cost centers must be entered in the standard hierarchy Accounting → Controlling → Cost Center Accounting → Master Data → Standard Hierarchy → Display

Which electronic files are either read or updated when goods are ordered from a vendor?

Vendor master file (updating with transactions to track performance), inventory master file (showing the expected shipment to arrive), open purchase orders (setting up as blind PO for the receiving department)

Describe the control issues associated with the imprest fund.

Violates SOD - the cashier has the custody of the cash and authorizes vouchers for cash disbursement and maintains a record of fund balance Replace imprest fund with procurement cards for specific items, non-inventory purchases

Describe the controls available for making journal entries in the General Ledger cycle.

alidity check to ensure that general ledger accounts exist for each account number referenced in a journal entry Field (format) checks to ensure that the amount field in the journal entry contains only numeric data Zero-balance check to verify that total debits equal total credits in a journal entry Completeness test to ensure that all pertinent data are entered, especially the source of the journal entry Closed-loop verification matching account numbers with account descriptions to ensure that the correct general ledger account is being accessed A sign check of the general ledger account balance, once updating is completed to verify that the balance is of the appropriate nature (credit or debit) Calculating run to run totals to verify the accuracy of journal voucher batch processing to identify any discrepancies that indicate a processing error to be investigated