ACCT 4540 - AIS Final Exam

¡Supera tus tareas y exámenes ahora con Quizwiz!

Control Activities (5 Components - COSO 2013):

- A firm must establish control policies, procedures, and practices that ensure the firm's objectives are achieved, and risk mitigation strategies are carried out.

Characteristics of Blockchain

- Decentralized system with distributed ledger - No middleman - All nodes in sync when new transaction - Info cannot be changed/added/deleted without knowledge of the entire network

Key Components of Blockchain

- Distributed and Decentralized - Consensus - Immutability

COBIT - Key Requirements for Information

- Effectiveness - Efficiency - Confidentiality - Integrity - Availability - Compliance - Reliability

When to Use Blockchain

- Enable multiple parties who don't trust each-other to collaborate - Accelerate transaction settlement and verification - Cut costs and resources that would be spent on manual verification

Bitcoin

- First cryptocurrency - Anonymous peer-to-peer transactions - Public blockchain - One block added to blockchain about every 10 minutes.

Risk Assessment (5 Components - COSO 2013):

- Identifying and Analyzing a firm's risks from external and internal environments. - Understand the extent to which potential events might affect corporate objectives.

Examples of Cognitive Technologies

- Machine Learning - Neural Networks - Robotic Process Automation (RPA) - Bots - Natural Language Processing

Control Environment (5 Components - COSO 2013):

- Management's philosophy, operating style - Internal control oversight by Board of Directors - Commitment to integrity, ethical values, and competence

How Does Blockchain Work?

- Proof of Work - Proof of Authority - Proof of Stake

Benefits of ADS

- Reduce time/effort involved in accessing data - Works well with XBRL GL Standards - Facilitates testing of the full population of transactions, rather than just a small sample. - Allow software vendors to produce data extraction programs for given enterprise systems to help facilitate fraud detection/prevention.

Information and Communication (5 Components - COSO 2013):

- Supports all other control components by communicating effectively. - Ensure proper information flow within firm.

Monitoring Activities (5 Components - COSO 2013):

- The design and effectiveness of internal controls should be monitored by management on an ongoing basis. - Findings should be evaluated and deficiencies must be communicated in a timely manner.

AI Tasks

- Thinking logically - Acting rationally - Visual perception - Speech recognition - Language translation

Advantages of Blockchain

- Transactions done without middleman - Much faster transaction time (minutes vs days) - Lower service fee.

AMPS Model

1. Ask the Question 2. Master the Data 3. Perform the Analysis 4. Share the Story

5 Components of Internal Control (COSO 2013):

1. Control Environment 2. Risk Assessment 3. Control Activities 4. Information and Communication 5. Monitoring Activities

Computerized Environment Controls

1. General Controls 2. Application Controls

Preparing the Visualization Steps

1. Get Data 2. Set Relationships Among Tables 3. Select Attributes for the Visualization 4. Select and Modify the Visualization

An effective Internal Control should consist of 3 Objectives (COSO 2013):

1. Operations: effectiveness and efficiency of a firm's operations 2. Reporting: reliability of reporting 3. Compliance: adherence to applicable laws/regulations

3 Main Functions of Internal Control

1. Preventative Controls 2. Detective Controls 3. Corrective Controls

COSO ERM - Integrated Framework - 4 Objectives:

1. Strategic: high-level goals, aligned with and supporting the firm's mission and vision. 2. Operations: effectiveness and efficiency of operations. 3. Reporting: reliability of internal and external reporting. 4. Compliance: compliance with applicable laws/regulations.

Data Visualization Process

1. Understand the Data 2. Select the Data Visualization Tool (excel, tableau, power BI, etc.) 3. Develop and Present the Visualization

Extract, Transform, and Load (ETL)

A common strategy for drawing information from multiple sources by extracting data from its home database, transforming and cleansing it to adhere to common data definitions, and then loading it into the data warehouse.

Corporate Governance

A set of processes and policies in managing an organization with sound ethics, internal and external control mechanisms to safeguard the interests of its stakeholders. Promote accountability, fairness, and transparency.

AI vs Machine Learning vs Deep Learning

AI -> ML -> DL - Machine Learning is a type of AI. - Deep Learning is a type of Machine Learning.

Consensus (Key Component of Blockchain)

All parties will be aware of transactions that take place on the network and agree to the transactions being written to the blockchain.

Information Security Management (AICPA)

An integrated, systematic approach that coordinates people, policies, standards, processes, and controls used to safeguard critical systems and information from internal and external security threats.

Descriptive Analysis

Analysis performed that characterizes, summarizes and organizes past performance.

Diagnostic Analysis

Analysis performed to investigate the underlying cause of a phenomenon.

Predictive Analysis

Analysis performed to provide foresight by identifying patterns in historical data.

Prescriptive Analysis

Analysis performed which identifies the best possible options given constraints or changing conditions.

AMPS: Ask the Question

Ask questions that can be addressed with data and that lead to better decision making.

Share Risks (COSO ERM - Risk Response)

Buy insurance, outsource, or hedge

Botnet (Bot) (Information Security Risk)

Collection of software robots that overruns computers to act automatically in response to the bot-herder's control through internet.

ITIL

Control framework for IT service management. Information Technology Infrastructure Library

COSO Internal Control Framework

Control framework for evaluating, reporting, and improving internal controls — widely accepted.

COBIT

Control framework for the governance and management of enterprise IT. Control Objective for Information & Related Technology

ISO

Control framework that addresses information security issues. International Organization for Standardization 27000 Series

COSO ERM Framework

Control framework that expands on the COSO Internal Control Framework taking a risk-based approach to internal control.

Application Controls

Controls that are specific to a subsystem or an application to ensure the validity, completeness, and accuracy of transactions.

Corrective Controls

Controls that correct and recover from the problems that have been identified (backup files to recover corrupted data)

Preventative Controls

Controls that deter problems from occurring (authorization)

Detective Controls

Controls that discover problems that are not prevented (bank recons and monthly trial balances)

General Controls

Controls that pertain to enterprise-wide issues (controls over accessing the network, developing and maintaining applications, etc.)

Risk Assessment (COSO ERM)

Cost and benefit analysis is important in determining whether to implement an internal control.

AMPS: Master the Data

Data Accessibility: can we get the needed data to answer the question posed? Data Reliability: is the data clean? Data Integrity: is the data accurate, valid and consistent over time? Data Type: is the data structured? is the data internal? are there privacy concerns with the data?

Velocity (Four Vs)

Data comes in at quick speeds or in real time, such as streaming and news feeds.

Big Data

Datasets that are too large/complex for existing business systems to handle using their traditional capabilities to capture, store, manage, and analyze these data sets.

Avoid Risks (COSO ERM - Risk Response)

Do not engage in the activity

Accept Risks (COSO ERM - Risk Response)

Do nothing, accept likelihood and impact of risk

Cognitive Technologies

Employ self-learning algorithms that allow computers to examine connections and notice patterns without human intervention.

Artificial Neural Networks

Engines of machine learning.

Inherent Risk (COSO ERM - Risk Assessment)

Exists already before plans are made to address it

Event Identification (COSO ERM)

Identifying incidents both external and internal to the organization that could affect the achievement of the organizations objectives. Opportunities channeled back to strategy or objective-setting process, identified risks should be forwarded to next stage.

Reduce Risks (COSO ERM - Risk Response)

Implement effective internal control

Availability (AICPA - Info Security Management)

Information and systems are accessible on demand.

Integrity (AICPA - Info Security Management)

Information is accurate and complete.

Confidentiality (AICPA - Info Security Management)

Information is not accessible to unauthorized individuals or processes.

Artificial Intelligence (AI)

Intelligence exhibited by machines rather than humans. Also called Cognitive Technologies.

Machine Learning

Involved the computer's ability to learn from experience rather than from specific instructions.

Physical Controls (COSO ERM - Control Activities)

Mainly manual but could involve the physical use of computing technology.

Risk Response (COSO ERM)

Management selects risk responses and develops a set of actions to align risks with the entity's risk tolerances, its risk appetite, and cost versus benefit of potential risk responses.

Social Engineering (Information Security Risk)

Manipulating people to take certain action such as revealing confidential information, or granting access to physical assets, networks, or information.

Storage (Limiting Factor)

Many companies choose to use a cloud platform to lower the cost of data storage.

Volume (Four Vs)

Massive amount of data involved.

Neural Network

Mathematical models that convert inputs into outputs/predictions, can be nested together.

Types of Learning

Most machine learning applications are designed to perform either: classification or regression

Feed-Forward Neural Netorks

Neural network where information moves in one direction.

Recurrent Neural Networks

Neural network where the connections between neurons include loops.

Trojan Horse (Information Security Risk)

Non-self replicating program that has a useful purpose in appearance, but in fact has a different, malicious purpose.

Objective Setting (COSO ERM)

Objectives are set at the strategic level, establishing a basis for operations, reporting, and compliance.

Immutability (Key Component of Blockchain)

Once transactions are confirmed on the blockchain, they are tamperproof and cannot be altered.

Denial-of-Service (Dos) (Information Security Risk)

Prevention of authorized access to resources or delaying of time-critical operations.

Data Visualization

Process of presenting information graphically (one way of sharing the story and turning data into information)

Processing Power (Limiting Factor)

Processing power required to obtain information valuable to the company could be enormous or even impossible.

IT Controls (COSO ERM - Control Activities)

Provide assurance for information and help to mitigate risks associated with the use of technology.

Proportional Data

Purpose: Comparison of parts to a whole Charts: Pie charts, doughnut charts, treemaps

Time Trends Data

Purpose: Comparisons over time Charts: Line Charts

Univariate Data

Purpose: Frequencies, range of values, most likely values. Charts: Histograms

Multivariate Relationships Data

Purpose: Relationships, correlations Charts: Scatter Plots

Categorical Data

Purpose: comparisons of performance metrics Charts: Vertical bar, horizontal bar, treemaps, bubble charts.

Veracity (Four Vs)

Quality of data including extent of cleanliness (without errors/integrity issues), reliability, and faithfully represented.

Sarbanes-Oxley Act of 2002 (SOX)

Requires public companies registered with the SEC and their auditors to annually assess and report on the design and effectiveness of internal control over financial reporting. Established the PCAOB.

Data Analytics

Science of examining raw data, removing excess noise, and organizing the data with the purpose of drawing conclusions for decision making.

Classification (ML)

Seeks to assign labels, dividing the input into output groups such as: - Yes or No - Spam or Not Spam

Regression (ML)

Seeks to predict real numbers such as - The price of a house - The revenue in next quarter

Virus (Information Security Risk)

Self-replicating program that runs and spreads by modifying other programs/files.

Worm (Information Security Risk)

Self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself.

Spoofing (Information Security Risk)

Sending a network packet that appears to come from a source other than its actual source.

Spam (Information Security Risk)

Sending unsolicited bulk information.

Audit Data Standards (ADS)

Set of standards for data files and fields typically needed to support an external audit in a given financial business process area.

Spyware (Information Security Risk)

Software secretly installed into an info system to gather info on individuals or organizations without their knowledge.

2 Limiting Factors in Business Systems

Storage and Processing Power

Distributed and Decentralized (Key Component of Blockchain)

The data that are distributed and synchronized among all the participants in the network.

Four Vs

The defining features of big data. Volume, Velocity, Variety, Veracity

Residual Risk (COSO ERM - Risk Assessment)

The product of inherent risk and control risk (risks that are left over after controlling it).

Control Risk (COSO ERM - Risk Assessment)

The threat that errors or irregularities in the underlying transactions will not be prevented, detected, and corrected by the internal control system.

Variety (Four Vs)

Unstructured and unprocessed data, such as comments in social media, emails, GPS measurements, etc.

AMPS: Perform the Analysis

What happened? - Descriptive Analysis Why did it happen? - Diagnostic Analysis Will it happen in the future? - Predictive Analysis What should we do, based on what we expect to happen? - Prescriptive Analysis


Conjuntos de estudio relacionados

Internet Questions (History, Transportation, etc.)

View Set

Cumulative Exam Geometry TEST 90%

View Set

Ihmisen lihaksia lihas,- ja luustokokeeseen

View Set

Module 10: Physiological Health Problems

View Set

Health Ch 1 Prep U Analyzing data to make accurate clinical judgments

View Set

Psychology Module #15: Infancy and Childhood

View Set