AIS Exam #3

The tool that defines and describes each key data element (e.g. total assets, accounts payable, etc.) in XBRL is called:

XBRL taxonomy

XBRL

eXtensible Business Reporting Language is a variant of XML (eXtensible Markup Language) specifically designed to electronically communicate business information and is used to facilitate business reporting of financial and non-financial data *Standard for Internet communication among businesses

Defining features of Big Data

*Volume Massive amount of data involved *Velocity Data come in at quick speeds or in real time (streaming videos) *Variety Unstructured and unprocessed data (comments on social media)

One of the benefits of using Tableau is its ability to connect to a wide variety of data sources. Once connected to those sources, users can do which of the following?

-Build relationships between data sources -Create data visualizations -Create calculated fields

Costs of ETL

-Cost to acquire -Data has to be scrubbed to become useful -Explicit cost of scientist salaries *Make sure benefits outweigh costs

Personally Identifiable Information (PII)

-First name or initial and last name -Address -Phone number In combo with -Social security number -ID number (license) -Financial account numbers

Operational (Internal) Databases

-General ledger -Inventory -Sales from point-of-sales -Human Resources

External Databases

-Industry information -Competitor information -General economy info -Focal Customer Demographics and purchasing tendencies

Data analytics applications to accounting

-Monitor competitors and customers to better understand opportunities and threats around them -Probability of goodwill write-down, warranty claims, or collectability of bad debts -Help determine its optimal response to the situation and appropriate adjustment to its financial reporting

Why is is important to have software vendors use the audit data standards?

-Option to output info in conformance with ADS -Relatively effortless exercise to export or import data from an external party -Can make easier for their customers and be a high value-added option to the software the vendors provide

Physical IT Environment

-Physical intrusion -Natural disasters -Excessive heat or humidity -Water seepage -Electrical disruption or blackouts

Excel Overview

-Provides a number of tools to support data analytics and visualization -Tables allow direct analysis using totals and filters -Pivot tables provide a robust reporting and charting tool -Excel add-ins such as Power Pivot deliver database management tools in Excel and allow users to combine tables from various sources

Potential benefits of ADS

-Reduces the time and effort involved in accessing data -Works well with standard audit and risk analytic tests often run against datasets in specific accounts or group of accounts -Allows software vendors to produce data extraction programs for given enterprise systems to help facilitate fraud detection and prevention and risk management -Facilitates testing of the full population of transactions, rather than a small sample -Corrects/interacts well with the XBRL GL standards

Within IT operations

-Social engineering -Unintentional disclosure of sensitive info by an employee -Intentional destruction of info -Inappropriate end-user computing

Within an IS

-System intrusion (spyware, malware, etc.) -Logical access control failure -Interruption of a system

Types of Vulnerabilities

-Within a physical IT environment -Within an information system -Within the processes of IT operations

Common computer frauds:

1. Altering computer-readable records and files 2. Altering the logic of computer software 3. Illegal use of computer-readable info 4. Illegal copying or intentional destruction of computer software 5. Misappropriation of computer hardware

Two prerequisites for vulnerability management

1. Determine the main objectives of vulnerability management 2. Assign roles and responsibilities for vulnerability management

Main components of Vulnerability Assessment

1. Identification -IT asset inventory -Threat ID -Vulnerability ID 2. Risk assessment -Vulnerability management -Vulnerability prioritization

XBRL Assurance

1. Most current, standardized XBRL taxonomy is used 2. The underlying financial and non-financial data that are used in XBRL tagging are reliable 3. The XBRL tagging is accurate and complete 4. The reports generated using XBRL are complete and retrieved on a timely basis

Main components of Vulnerability Management

1. Remediation -Risk response plan -Policy and requirements -Control implementation 2. Maintenance -Monitoring -Ongoing assessment -Continuous improvement

Advantages of XBRL GL

1. Reporting independent -Collects general ledger and after-the-fact receivables, payables, and other non-financial facts and then permits the representation of that info using traditional summaries and through flexible links 2. System independent -Any developer can create import and export routines to convert info to XBRL GL format. Developers need only to consider one design for their XML import/export file formats 3. Consolidation -Help transfer the general ledger from one system to another, be used to combines the operations of multiple organizations, or bring data into tools that will do the consolidation 4. Flexibility -Overcoming the limitations of other approaches such as electronic data interchange

Information Security Risks and Attacks

1. Trojan Horse -A non self-replicating program that seems to have a useful purpose but actually has a malicious purpose 2. Social engineering -Manipulating someone to take certain action that may not be that person's best interest 3. Spyware -Secretly installed into an information system to gather info without knowledge; type of malicious code

Components in Business Continuity Management Life Cycle

1. Understand the firm and identify risks 2. Analyze business impact of the risks 3. Determine BCM strategy and develop plans for BCM 4. Test, maintain, and improve BCM practices

Data Warehouse

A collection of data from a variety of sources used to support decision-making applications and generate business analysis -Data warehouses serve as the main repository of the firm's historical data -Made up of many data marts

Decision Support System (DSS)

A computer-based information system that facilitates business decision-making activities

Business Intelligence

A computer-based technique for accumulating and analyzing data from databases and data warehouses to support managerial decision making 1. Gather info from a variety of sources 2. Analyze (or discern) patterns and trends from that information to gain understanding and meaning 3. Make decisions based on the info gained

Uninterruptible Power Supply (UPS)

A device using battery power to enable a system to operate long enough to back up critical data and shut down properly during the loss of power

Digital Certificate

A digital document issued and digitally signed by the private key of a Certificate Authority that binds the name of a subscriber to a public key *Certificate indicates that the subscriber identified in the certificate has sole control and access to the private key

Digital Dashboard

A display to track the firm's process or performance indicators or metrics to monitor critical performance -Month-to-date orders -Days of receivables outstanding -Budget variances *May monitor high-level processes, but lower-level data can be quickly accessed by clicking through the links

Which of the following statements is incorrect?

A fraud prevention program should include an evaluation on the efficiency of business processes.

Digital Signature

A message digest of a document (or data file) that is encrypted using the document creator's private key. -Ensure data integrity -Document creator must use their own private key to encrypt the MD, so the digital signature also authenticates the document creator

Encryption

A preventative control in providing confidentiality and privacy for data transmission and storage -Encode plaintext into nonreadable cyphertext -Receiver uses a "key" to decrypt messages back to plaintext form *Using a strong encryption algorithm and establishing a strong policy on key management are essential for information security

Authentication

A process that establishes the origin of information or determines the identity of a user, process, or device -Critical in e-business because it can prevent repudiation -Can be achieved using asymmetric-key encryption -Process would have to e repeated in reverse to authenticate both parties involved in the transaction

Disaster Recovery Planning (DRP)

A process that identifies significant events that may threaten a firm's operations and outlines the procedures to ensure that the firm will resume operations when the events occur. -Should be reviewed and tested periodically to analyze weaknesses and explore possible ways to improve the plan -Most critical corrective controls -Key component of BCM

Public Key Infrastructure (PKI)

A set of policies, processes, server platforms, software, and workstations used for the purpose of administering certificates and public-/private-key pairs, including the ability to issue, maintain, and revoke public-key certificates *An arrangement that issues digital certificates to users and servers, manages the key issuance, and verifies and revokes certificate by means of a CA

Which of the following best describes the AICPA's Audit Data Standards (ADS)

A set of standards for data files and fields designed to support external audits

Message Digest (MD)

A short code, such as one 256 bits long, resulting from hashing a plaintext message using an algorithm.

Certificate Authority (CA)

A trusted entity that issues and revokes digital certificates *Because authentication and nonrepudiation are accomplished by using public keys in decryption, the CA plays the most significant role in assuring the effectiveness of asymmetric-key encryption

DATA provides:

A universal definition of personally identifying info and requires organizations to implement and maintain formal security programs to prevent unauthorized access to personally identifying information

Which of the following would LEAST likely show up on a digital dashboard?

Accumulated depreciation for the previous year

Which of the following best describes the skill sets used in data analytics?

Acquiring/cleansing data; Creating data structures/models; Mining/analyzing data

Information Security Management

An integrated, systematic approach that coordinates people, policies, standards, processes, and controls used to safeguard critical systems and information from internal and external security threats (according to the AICPA)

Fraud

Any intended illegal act characterized by deceit, concealment, or violation of trust as defined by the International Professional Practices Framework

Which of the following is NOT a good example of how accountants might use data analytics to help evaluate estimates used to value financial statement accounts?

Automate the order entry process for online customers

Which of the following controls would most likely assure that a company can reconstruct its financial records?

Backup data are tested and stored safely

Symmetric Key Encryption

Both the sender and the receiver use the same key to encrypt and decrypt messages -Fast and suitable for encrypting large data sets or messages -Key distribution and management are problematic because both sender and receiver use the same key -Always distributing keys in a secure way can be difficult with different geographical locations -Exponential growth of number of keys is not cost-effective

Benefits of DATA (Data Accountability and Trust Act of 2009)

Businesses are required to notify affected people when breaches occur This promises to reduce the incidences of identity compromise and create incentives to improve overall security

How does data analytics play a vital role in today's business world?

By examining data to generate models for predictions of patterns and trends

To prevent invalid data input, a bank added an extra number at the end of each account number and subjected the new number to an algorithm. This technique is known as

Check digit verification

Real value of data analytics

Companies are empowered by using data analytics to discover various patterns, investigate anomalies, forecast future behavior Ex: Directed market campaigns based on patterns observed in data = competitive advantage Enables businesses to ID future opportunities and risks Affects internal processes, improving productivity, utilization, and growth

Which of the following describes the primary goals of CIA approach to information security management?

Confidentiality, integrity, availability

XBRL Instance Documents

Contain the actual dollar amounts or the details of each of the elements within the firm's XBRL database -Computer-readable format

Data analytics and auditing

Data analytics is expected to be the next innovation in the evolution of the audit and professional accounting industry -Now audit professionals will be collecting and analyzing the company's data similar to how an internal cost accountant or business analyst would in order to help management make better decisions -External auditors will stay engaged with clients beyond the audit -More automated process which will allow audit professionals to focus more on the logic and rationale behind data queries and less on the gathering of data -Result = not only yield important findings from a financial perspective, but also info that can help companies refine processes, improve efficiency, and anticipate future problems

Which of the following is the best definition of the term big data?

Datasets that are too large and complex for businesses' existing systems utilizing traditional capabilities

Which of the following would NOT by itself be considered personally identifying?

Date of birth

XBRL Taxonomy

Defines and describes each key data element (e.g., total assets, accounts payable, net income, etc.) -Each country may have its own taxonomy for financial reporting -Continue to be developed to enable filings to regulators (banks), tax authorities (IRS), and other governmental entities *Data elements

Which of the following does NOT represent a viable data backup method?

Disaster recovery plan

Which of the following is the most likely application of data analytics for accountants to develop expertise in?

Domain knowledge of business functional areas

Data Analysis can be desegregated into two parts: ETL and Analysis. Classify each of these processes as either ETL or Analysis

ETL: -Removal of extraneous data and noise -Finding the necessary data from the financial reporting system to give to the external auditor for analysis -Consolidating large volumes of data from multiple sources and platforms Analysis: -Looking for trends in the data that might predict new sales opportunities -Performance of a test of internal controls by the external auditor -Considering Champaign, IL weather patterns to predict corn production in the immediate area

The stated advantages of XBRL GL include:

Flexibility

Demand of data analytics

Increasing amount of investments in data analytics Increasing demand for data analytics-related tasks Relevant across industries

Data Mining Caveat

Making sure the results are reasonable (or even plausible) -May find a statistical correlation or relationship between two data items, it may or may not have a plausible relationship in the real world

Specialized Dashboards

May track overall corporate processes and performance or be specialized by function or department

Which of the following statements about asymmetric-key encryption is correct?

Most companies would like to use a Certificate Authority to manage the public keys of their employees

XSLT (Extensible Stylesheet Language Transformations)

Official XSL specificiation Not governed by XBRL, but it is standard means for taking data from XBRL or XML and presenting computer readable data in a way that's readable for humans SEC may be interested in a standardized style sheet to retrieve a standardized report. However, a financial analyst may be interested n developing their own to facilitate analysis

XBRL Specification

Outlines the technical framework for XBRL. Provides the underlying technical details of what XBRL is and how it works

XBRL Benefits

Preparation, analysis, and communication of business information -Gives each financial statement item (both text and numbers) its own unique tag that is computer readable and searchable *A/R and A/P have their own respective tags

Objective of ADS

Produce data in a standard structure that can then be used consistently across financial audits of most organizations

Goal of Information Security

Protect the CIA of a firm's information 1. Confidentiality -Info is not accessible to unauthorized individuals or processes 2. Integrity -Information is accurate and complete 3. Availability -Information and systems are accessible on demand

Fault Tolerance

Redundant units providing a system with the ability to continue functioning when part of the system fails *Many firms implement a redundant array of independent drives (RAID) so that if one disk drive fails, important data can still be accessed from another disk

In February 2009, ____ passed the rule requiring large domestic publicly traded firms to begin formatting their financial statements using XBRL

SEC

Interactive Data to Improve Financial Reporting

SEC in 2009 All large domestic and foreign accelerated filers to begin formatting their financial statements using XBRL Same public companies to format their financial statements using XBRL on their corporate websites

XBRL Global Ledger Taxonomy (XBRL GL)

Serves as means to facilitate efficient communication within a firm

Tableau Desktop

Software application that supports data analytics and visualizations. It integrates data from multiple data sources. It provides easy-to-use and powerful summary reporting and charting capabilities. It allows users to build dashboards and create stories from their data.

Data Mining uses which of the following approaches to analyze data and find new patterns and trends?

Sophisticated statistical techniques

Computer Fraud Prevention and Detection

Starts a fraud risk assessment across the entire firm, taking into consideration the firm's critical business divisions, etc. and is performed by management -Audit committee typically has oversight

Vulnerability Management

Subtle difference from risk management even though they have the same goal: VM is a tactical and short-term effort that may take a few weeks or a few months and is frequently conducted using an IT asset-based approach

XBRL Style Sheets

Take the instance documents and add presentation elements to make them readable by people -May be presented in a number formats such as HTML, PDF, Microsoft Word, Excel -Made in conformance with Extensible Stylesheet Language

Data Mart

Takes a subset of the information from the data warehouse to serve a specific purpose, such as a marketing data mart, an inventory data mart, or a business intelligence data mart *Specific purpose or function

The Data Acountability and Trust Act of 2009 (DATA) requires data owners to notify which of the following when a data breach has been discovered?

The Federal Trade Commission (FTC)

Business Continuity Management (BCM)

The activities required to keep a firm running during a period of displacement or interruption of normal operations -Most critical corrective controls -Broader than DRP and is concerned with the entire business processes rather than particular assets

Vulnerability

The characteristics of IT resources that can be exploited by a threat to cause harm which may lead to a business risk, compliance risk, or security risk

Extract, Transform, Load (ETL)

The process of cleaning and scrubbing the data before data analysis can take place -Spend between 50 and 0% of their time cleaning data for analysis

Data Analytics

The science of examining raw data (Big Data), removing excess noise from the dataset, and organizing the data with the purpose of drawing conclusions for decision making -Useful for examining patterns and trends in large datasets -Aims at transforming raw data into valuable information -Generates models for predictions of patterns and trends -ID unknown patterns or relationships

Which of the following best describes what is meant by a breach of security?

The unauthorized access to or acquisition of data in an electronic format that contains personal information

Fraud Triangle

Three conditions exist for a fraud to be perpetrated: incentive, opportunity, and rationalization 1.Incentive -Pressure that provides a reason to commit fraud 2. Opportunity -Ex: absence of controls, ability of management to override controls 3. Rationalization -Individuals committing the fraud possess an attitude that enables them to rationalize the fraud

Asymmetric Key Encryption

To transmit confidential information, the sender uses the receiver's public key to encrypt the message; the receiver uses his or her own private key for decryption upon receiving the message. Also known as public-key encryption or two-key encryption. -Slow and not appropriate for large data sets -Two keys are created as one pair (one to encrypt and one to decrypt) -Widely distributed and available to authorized users *The private key is kept secret and known only to the owner of the key

When client's accounts payable computer system was relocated, the administrator provided support through a network connection to server. Subsequently, the administrator left the company. No changes were made to the accounts payable system at that time. Which of the following situations represents the greatest security risk?

User accounts are not removed upon termination of employees

Cloud computing

Using redundant servers in multiple locations to host virtual machines -Good alternative to back up data and applications -Could be cost-effective -Provided by third-party -Charges on a per-user basis -Cloud provider bears the responsibility for managing and maintaining the resources

Virtualization

Using various techniques and methods to create a virtual (rather than actual) version of a hardware platform, storage device, or network resources. -Good alternative to back up data and applications -Could be cost-effective

Data analytics can help in accurately identifying organizational risks. All of the following are examples of such risk EXCEPT

What-if business forecasting

Select a correct statement regarding encryption methods?

When conducting e-business, most companies use both symmetric-key and asymmetric-key encryption methods.

What differentiates Big Data from other types of data?

Whether these data push the limit of capabilities of information systems that work with these data *Limiting factors -Storage -Processing