ACG3401 Exam 1
Record structure
Account number is primary in AR file, but secondary in SO file For files to link, these keys must relate, must have primary and secondary Every record must have a unique identifier which allows us to join files in the database Every one must have primary key. When two things are linked, it may be primary in one but in the other, it becomes secondary
what are universal objectives of internal controls?
Accurate financial reporting Safeguarding your assets
Centralized data processing
All data processing performed by large, monstrous computers in a common data center that serves users throughout the organization Lends itself to intra-organization communication and data sharing have gatekeepers
Master file backup is a standard procedure to maintain file integrity in the event that
An update program error corrupts the master file being updated Undetected transaction errors result in corrupted balance A disaster physically destroys current master file
Operational efficiency
Batch processing of noncritical accounts eliminates unnecessary activities at critical points in the process
Resources
Batch system: generally fewer required Real-time system: require dedicated processing capacity
May disclose in code in several ways
By including the code as an exhibit to its annual report By posting the code to the company website By agreeing to provide copies of the code upon request
centralized processing system
Centralized but can still maintain control with roles and privileges Part of ERP: enterprise resource planning (monster system)
some examples of input controls
Check digit: control digit that is added to the data code when originally assigned. Allows integrity to be establishing during processing and helps prevent common errors Missing data check identified blank or incomplete input fields Numeric-alphabetic check identifies data in the wrong form Limit checks identify fields that exceed authorized limits, customer must already be in system, cannot add anyone Range checks verify that all amounts fall within acceptable range Reasonableness checks verify that amounts that have based limit and range checks are reasonable Validity check compare actual fields against acceptable values
This means no system is perfect due to restraints. Why?
Collusion: two or more people working together, hard to find controls to prevent this. Internal control system is designed for individuals to do normal day to day activities Management override: you could have best procedures in whole world, but management can mess this up Human error: you can never fully prevent, who is performing controls, could approve the wrong thing, could misunderstand Cost benefit: financial reporting, one of limitations, if cost and effort of control exceeds benefits, then we would not fool with it
why would small business needs accounting system?
Compliance with regulations, like sales tax Measure of performance If we ever want to attract capital (investor, line of credit from bank)
what are non-universal objectives of internal controls?
Compliances with applicable laws and regulations (not as universal) Efficiency of operations (not as universal)
Advantages of data coding in AIS:
Concisely represents large amounts of complex information that would otherwise be unmanageable Provides accountability over transaction completeness Identifies unique transactions and accounts within a file Supports the audit function by providing an effective audit trail
company code of ethics should include
Conflicts of interest Full and fair disclosures Legal compliance Internal reporting of code violations (encourage and protect whistle-blowers) Accountability
section 406 should address :
Conflicts of interest Full and fair disclosures Legal compliance Internal reporting of code violations (encourage and protect whistle-blowers) Accountability
transaction processing
Cycle approach
404
Documentation / Reporting of Controls
5 conditions of fraud
False representation: false statement or disclosure Material fact: fact must be substantial in inducing someone to act, something that actually matters Intent: must exist or knowledge it is false, you are trying to gain upper hand on someone Justifiable reliance: misrepresentation must have been relied on (people do not often know), if claim is so ridiculous that no one believes it, it is not fraud Injury or loss: must have been sustained by the victim
How do people decide how to distribute capital?
Financial statements.
COSO
Framework for internal controls
some things SOX did
Had wide effects on stock market, accounting, auditing Significantly altered landscape Established PCAOB Attempted to break relationship between auditors and their companies and consultants Responsibility of BOD committees Disclose off-balance sheet items Easier to prosecute white collar criminals
Updating master files from transactions
Involves changing the value of one or more variable fields to reflect the effects of a transaction (batch and real-time)
Manual process model
No one does this in 2024, but still a good learning tool
control-based approach
No way we could look at every single transaction, so we look at the process (controls),we do tests of controls: tests that establish whether internal controls are functioning properly (IT auditing)
Excel Notes
Only first and last items in excel get dollar sign One underline is result of some math Double underline means that column is over Data > sort
Issues of concern include
Privacy and ownership in the personal information industry Misuse: Copying proprietary software, using a company's computer for personal benefit, and snooping through other people's files Security involving accuracy and confidentiality (shared databases) Ownership Environmental issues like printing and disposal Equity of access issues related to economic status, culture, and safety AI unemployment
Real-time systems
Process as it happens Transactions are not independent of each other, so must be processed separately,
what do auditors do?
Provide opinion on financial statements prepared by management Looks at controls over price list (influences revenue) Gather evidence (about numbers in financial statements), and put together an opinion on it (like a murder investigation)
sequential files
Records arranged one after another in a particular order (e.g: alphabetically)
Controls are
Responsibility of management Subsystems interrelated Properly designed documents are a control Authorization Separation of duties Independent checks on performance/verification
Information Objectives
To support the firm's day-to-day operations To support management decision making To support the stewardship function of management
trial balance as part of transaction processing
Typically done as part of a worksheet 10-Column Worksheet
Distributed data processing
Users possess transactions locally with each user segment possessing IT needs to support their operations Users function independently and tend not to share data and information (basically each user has their own system, which are not integrated)
data coding scheme
Using simple numbers and letters to mean something more complex, involves creating simple codes to facilitate efficient data processing
trade-off between efficiency and effectiveness, when to use batch versus real-time
When immediate access to current information is critical to the user's needs, real-time processing is the logical choice. When time lags in information have no detrimental effects on the user's performance, and operational efficiencies can be achieved by processing data in batches, batch processing may be the best choice.
Network
a collection of computers and communication devices that allow users to communicate, access data and applications, and share information and resources
Supervision
a compensating control in organizations too small for sufficient segregation of duties (cameras)
File
a complete set of records of an identical class
Transaction file
a temporary file of individual transaction records used to update data in a master file (ex: sales orders, inventory receipts, etc)
Audit trail
accounting records that trace account balances contained in the financial statements back to the source documents and events that created them (important in financial audit)
Corrective controls
actions taken to reverse the effects of errors detected, really tricky, there could be many things that could have gone wrong (human error, inventory system mess up, etc), and it's not always obvious how it went wrong
Summarization
aggregated for the user's needs
Completeness
all essential information is present
what did SOX require
all public companies document all controls as part of audit
when does posting happen?
almost simultaneous to journal, to General Ledger
Mnemonic codes
alphabetic character acronyms and other combinations that convey meaning (example: course catalog, ACG is accounting)
Check tampering
altering legitimate checks, anything messing with checks (from company or to company)
External audit
an independent attest function and opinion (audit report) regarding financial statement presentation
Flat-file system
another name for distributed data processing, Also known as legacy system, Not good
Assurance service
any type of engagement that improves the quality of information for users
fraud triangle now includes
arrogance and competency (pentagon)
Batch systems
assemble transactions in groups, resulting in a time lag, (example: payroll is friday for everyone) Batch transactions must be independent of each other Can use sequential files, stack things on top of one another as we file, use less efficiency (mostly accounting)
Attest service
assurance service where we provide written report about some type of statement, attestation, audit is one type
Management, ____________, capital providers. who is middle man?
auditors
Commercial software
available for general accounting and industry specific applications, also called turnkey systems because can be implemented with little modification (typically appeal to large community of users, which keeps unit cost down to customers, thoroughly tested, free from error, and current with professional standards), can now buy add-ons to help customize
IT controls
built into system, include general and application controls. accountants deal with application
accounting
capture transactions and put them in user-friendly format (how management communicates what's going on)
lapping
cash receipts clerk first steal and cashes a check from customer A, then using check from customer B (common)
Database mode
centralizes organization's data into common database that is shared with other users, access to data resource is controlled by a database management system
data updating as redundancy problem
changes or additions must be performed multiple times which added significantly to the task and cost of data management
Independent verification procedures
checks to identify errors and misrepresentations
Record
complete set of attributes for a single occurrence within a entity class (us ourselves are records comprising all our little attributes)
Internal control system
comprises policies, practices, and procedures employed by the organization to achieve these objectives: Safeguard assets of the firm Ensure the accuracy and reliability of accounting records and information Promite efficiency in the firm's operations Measure compliance with management's prescribed policies and procedures
Accounting records
consist of source documents, journals, and ledgers which capture economic essence and provide an audit trail (design)
General ledgers
contain account information in highly summarized control accounts
Subsidiary ledgers
contain details for each of the individual accounts that constitute a particular control account, when you have specific details about account, not optional (example: AR and AP because getting paid at diff times, payroll, NP, PPE)
Master file
contains account data, updated by transactions (ex: general ledger)
Archive file
contains records of past transactions retained for future reference, from important part of the audit trail
Relevance
content must serve a purpose, capable of making a difference, differs amongst alternatives
Based on what 5 components
control environment, risk assessment, monitoring, information and communication, control activities
advantages to DDP
cost savings, user satisfaction (each individual has control over their own set up), backup at multiple sites (one department mistake won't mess up entire org)
when and what: trial balance
could happen at any time, checking for equality
Before SOX, auditors...
could only audit, were not money-makers
data versus information
data are facts, whereas information are facts that cause user to take action they would have not taken without seeing information (can be internal or external)
expenses
decrease in assets, or increase in liability due to major course of business
Flat-file model/legacy systems
describes an environment where individual data files are not related to other files, Leads to data redundancy problems: when multiple users need the same or similar data for different purposes
Detective controls
designed to identify undesirable events that elude preventive controls, not fix
Segregation of duties controls
designed to minimize incompatible functions including separating: transaction authorization and processing and asset custody and record-keeping
accountants as domain experts
determines nature of information required, its sources, its destination, and the accounting rules that need to be applied
Custom software
developed through a formal process called the system development cycle, which requires an inhouse team of qualified individuals (costly, mostly for large orgs with unique needs)
Entity relationship diagram (ER)
diagrams system data, a technique used to represent the relationship between business entities (1:1, 1:M, M:M)
Access controls
ensure that only authorized personnel have access to firm assets (locking things up)
The expenditure cycle
every company behind with the acquisition of materials, property, and labor in exchange for cash every transaction has physical and financial part
Corruption
executive, manager, or employee of the organization collusion with an outsider
Reliability internal and external documents
external are seen as more reliable because third party has probably seen and checked
Fraud
false representation of a material fact made by one party to another party with the intent to deceive and induce the other party to justifiably rely on the fact to their detriment, must be INTENTIONAL misstatement Behavioral aspects of who and why and then physical of how (which reveals exposures in our system)
Shell company
false vendor set up and false purchase orders
Data sources
financial transactions that enter the information system from either internal or external sources (most commonly external financial transactions)
AIS versus MIS
financial transactions versus non financial transactions
Data collection
first operational stage in info system, with objective to ensure that event data entering the system are valid, complete, and free from material errors, relevance and efficiency important here
Narrative
for small systems, only one or two steps, a little story to explain something
Feedback
form of output sent back to the system as a source of data
Accuracy
free from material errors
liability
future use of resources that cannot be avoided and is due to some past transaction
Employee fraud
generally designed to convert cash or other assets to the employee's personal benefit
Process Models
how you actually process transactions
currency of information
if updated information is not properly disseminated, changes will not be reflected in some users' data, resulting in decisions based on outdated information
examples of external end users
include creditors, stockholders, potential investors, regulatory agencies, tax authorities, suppliers, and customers
revenue
increase in assets, or decrease in liabilities due to major course of business
Attest function
independent auditor's responsibility to opine as to the fair presentation of a client firm's financial statement
Pass through fraud
involves both a legitimate and false vendor purchase, done by purchasing agents, charge company more than what is really is and take extra
Pay-and-return
involves double payment with the clerk intercepting the vendor reimbursement check, reimbursement for things that weren't really supposed to be reimbursed
The production system of the conversion cycle
involves planning, scheduling, and control of the physical product through the manufacturing process (includes determining raw material requirements, authorizing work, directing process of WIP)
The revenue cycle
involves processing cash sales, credit sales, and the receipt of cash following a credit sale has physical and financial component
Thefts of cash schemes
involves the direct theft of cash on hand
user approach to financial accounting
just need to know stuff to make decisions
Destructive update
leaves no backup copy and requires special recovery program if data is destroyed or corrupted, think of excel, once you have passed the point of the undo button, you've changed something and previous thing isn't there anymore
Cloud computing
location-independent computing, where shared data centers deliver hosted IT services over the internet
top management
long-term goals and setting org objectives
examples of internal end users
management and operations personnel
Data flow diagram
model systems processes, no one actually uses, insufficient because we still do not know: who is performing these tasks? when are they doing it? what documents and records are involved here?
timelines of documents
more important for external
Attribute
most elemental piece of potentially useful data in database, a logical and relevant characteristic of an entity about which the firm captures data, every single useful nugget
fraud triangle
motives, opportunity, ethics
Questionnaire
mountains of pages, yes/no questions, satisfies audit standards
Preparer approach to financial accounting
nitty gritty GAAP approach, background info
Management fraud
no direct theft, usually manipulation of financial data Perpetrated at levels of management above internal control structures Frequently involves exaggerated financial statement results Misappropriation of assets often shrouded in complex transactions involving related third parties
Timeliness
no older than time frame of supported action
Transposition errors
occur when digits are reversed
what happens after adjusted trial balance
once set, you're basically just making it look pretty
real world income summary
only close out debit, credit of temporary account to income summary, then income summary to retained earnings
Data storage as redundancy problem
organizations must incur the costs of multiple collection and storage procedures
Preventive controls
passive techniques designed to reduce undesirable events by forcing compliance with prescribes or desired actions Vast majority of controls Preventing errors and fraud is most cost-effective than detecting and correcting them
Input control
perform tests on transactions to ensure they are free from errors (make sure no misinformation enters system)
what accounts make up balance sheet?
permanent
Billing schemes (fraudulent disbursements)
perpetrated by employees who cause their employe to issue a payment to a false supplier by submitting involves for fictitious goods or services, lots of ways it occurs, trick company into paying something they think is legit, expenditure goes through same procedures as legit ones
Interdependency
pieces of system depend on each other in order to work, emphasizes the importance of controls; one boo boo can mess up whole thing
what are internal controls?
policies and procedures in place to help a company achieve their objectives
Control activities
policies and procedures to ensure appropriate actions are taken to deal with identified risks, specific actions (example: person in shipping counting it out, person approving it, person counting receiving)
Risk assessment
proactively identity threats and deal with them
Output controls
procedures to ensure output is not lost, misdirected, or corrupted and that privacy is not violated (can cause disruption, financial loss, and litigation) example: Printed something out and printer is in hallway, and someone grabs it on the way out OR put written checks in envelope and on secretary desk, goes nowhere and someone could grab them
General ledger/financial reporting system (GL/FRS)
produces the traditional financial statements, such a income statements
Turnaround documents
product documents of one system that becomes source documents for another End for one person, but beginning for next person Example: remittance advice: bills at the bottom that you send back (beginning for you but end for billing company)
Advisory
professional services offered by public accounting firms to improve their client organizations' operational efficiency and effectiveness (accounting: internal control assessments), consulting
Processing controls
programmed procedures to ensure an application's logic is functioning properly, runs itself basically
Management reporting system
provides internal management with special-purpose financial reports and information needed for decision making such as budgets, variance reports, and responsibility reports
Program flowchart
provides operational details for every program represented in a system flowchart Sometimes used by accountants to verify the correctness of program logic, a lot of diamonds
PCAOB
public company accounting oversight board, Make auditing standards Kind of like FASB makes GAAP rules Established by SOX
Data processing
putting it where it needs to go, simple to complex
Responsibility of BOD, management, and other personnel to provide _______ ASSURANCE to objectives
reasonable
account
record of increases and decreases in a specific resource
Physical controls
relate to human activities: can touch
information must be
relevant, timely, accurate, complete, summarized
Section 404
requires management to assess internal control effectiveness, includes annual report addressing: it is management's responsibility to have good internal controls must be effective external auditors must have reviewed written conclusion of effectiveness identify the framework used
Section 406
requires public companies to disclose to the SEC whether they have adopted a code of ethics that applies to the organization's CEO, CFO, controller, or person performing similar actions.
retained earning is a ---- account
residual
equity
residual claims by the owners, leftover interest which belongs to owners
Operations management
responsible for day-to-day
Network administration
responsible for effective functioning of hardware and software (configuring, implementing, and maintaining network equipment), used to ensure network is being used in accordance with company policies and secure from hackers
Record layout diagrams
reveal the internal structure of digital records in database table, usually shows the name, data type and length of each attribute in the record, each data attribute and key field is shown in terms of its name and relative location in the record
during closing process...
revenues and expenses (temp accounts) are flushed out into equity
gatekeepers
roles and privileges that allow people to see only certain things (Example: UF)
Ledger
running total of money in each account, organized by account
Cash larceny
schemes in which cash receipts are stolen from an organization after they have been recorded in the books and records (cash imbalance in books unless you cover your tracks)
flat file model limits data integration
separate files are difficult to integrate across multiple users
Ethics
set of moral principles or values, come from personal beliefs and societal norms, pertains to principles of conduct used in making choice and guiding behavior in situations involving the concept of right and wrong, not universally agreed upon
Control environment
sets the tone for the organization and influences control awareness (tone at the top, attitudes and behavior of management trickles down to lower) Strong mean management is strong in controls, weak means management does not care about controls
middle management
short-term planning
database management system
software system that permits users to access authorized data only (gatekeeper)
accounting information systems
specialized subset of information systems that processes financial transactions
Skimming
stealing cash from an organization before it is recorded on the books (off the book scheme), worrisome because money never even entered the accounting system
Reference file
stores data that are use as standards for processing transactions, things you need to reference to do transactions (ex: price lists for preparing customer invoices)
control account
sum of all sub ledgers (example: total AR)
Transaction processing systems (TPS)
supports daily operations with numerous reports, documents, and messages for users throughout the organization, individual transaction basis converts economic events into financial transactions, records financial transactions in the accounting records (journals and ledgers), and distributes essential financial information to operations personnel to support their daily operations.
Enterprise resource planning (ERP)
systems assembled of prefabricated software components, flexible
Why is there an issue with financial statements prepared by management.
tendency for bias
Substantive tests
tests that determine whether databases contents fairly reflect the org's transactions, required to do some of these, but mostly test of controls (90%)
Exposure
the absence or weakness of a control, area where system is vulnerable
Computer ethics
the analysis of nature and social impact of computer technology and the corresponding formulation and justification of policies for the ethical use of such technology
Payroll fraud
the distribution of fraudulent paychecks, messing with hours or pay rate, ghost employee is on payroll
Transaction Cycles
the expenditure cycle, conversion cycle, and revenue cycle
System flowchart
the graphical representation of the physical relationship among key elements of a system, elements include: departments, manual activities, computer programs, hard-copy and digital accounting records
Monitoring
the process by which the quality of internal control design and operations can be assessed, you could have best control system ever, but you still have to make sure its operating as intended
Information generation
the process of compiling, arranging, formatting, and presenting information to users
Product documents
the result of transaction processing End of transaction Example: paycheck
information system
the set of formal procedures by which data are collected, stored, and processed into information, and distributed to users
Transaction authorization
to ensure all material transactions processed are valid
Auditors are required
to understand systems and document them, companies responsible for having good documents
physical controls include:
transaction authorization, segregation of duties, independent verification, access controls, supervision, accounting records (audit trail)
accounting cycle
transaction, journal entries, posting to general ledger, trial balance, adjustments, adjusted trial balance, financial statements, closing entries, post-closing trial balance, reverse entries
asset
under control of org and has future benefit
Alphabetic codes
used for many of the same purposes as numeric codes
Source documents
used to capture and formalize transaction data (economic events) needed for transaction processing Beginning of transaction Example: Customer order form initiates buying something, approve credit and further processing transaction
Numeric group codes
used to represent complex items or events involving two or more pieces of related data
database administration
used within centrally organized companies with shared data to ensure security and integrity
Task-data dependency
user's information set is constrained by the data user possesses and controls. This leads to the inability to obtain additional information as needs change
disadvatanges to DDP
wasted resources/redundancy, incompatible systems, poor segregation of duties, difficult to find experts
cycle approach
we group together similar transactions for efficiency (expenditure, conversion, revenue)
fraud
what should the process have been and what are the shortcomings where the process went wrong, what should the process be
Accrual-based
when expenses are incurred Better measure of performance Tells you something about future cash flows
Transcription errors
when extra digits are added to code, digit is omitted from code, or digit is recorded incorrectly
Software as a service (Saas)
A software distribution model in which service providers host applications for client organizations over a private network or the Internet. (pay as you go)