371 Final

ETL stands for

Extract, tranform and load

How has SOX affected the audit profession and corporate governance of public firms?

SOX 404 requires public companies registered with the SEC and their auditors to annually assess and report on the design and effectiveness of internal controls over financial reporting. SOX also established the Public Company Accounting Oversight Board (PCAOB) to provide independent oversight of public accounting firms.

which of the following is not a component in the COSO 2013 internal control framework? a. effective operations b. control activities c. risk assessment d. control environment e. monitoring

a. effective operations

a subset of a data warehouse is called: a. small data warehouse b. data mart c. data martian d. business intelligence

b. data mart

Based on SOX, which of the following sections is about internal controls? a. 302 b. 401 c. 404 d. 906

c. 404

XBRL instance documents

contain the actual dollar amounts of the details of each of the elements within the firms database a collection of data in a computer readable format

if we wanted to know what grade we needed to get on the final in this class based on our expected performance before the final, we would call that ___ analysis. a. description analysis b. diagnostic analysis c. predictive analysis d. prescriptive analysis

d. Prescriptive analysis

detective controls

discover problems that are not prevented bank reconciliations and monthly trial balances

input controls

ensure authorization, entry, and verification of data entering the system -field checks -size checks -range checks

diagnostic analysis

why did it happen? analysis performed to investigate the underlying cause of a phenomenon questions like: why did advertising expense increase but sales fell? why did we experience an unfavorable labor rate variance last year? why did the overall tax increase even though NI didn't?

Disaster Recovery Plan (DRP)

a process that identifies significant events that may threaten a firm's operations and outlines the procedures to ensure that the firm will resume operations if such events occur must include a clearly defined and documented plan that covers key personnel, resources, IT infrastructure and applications, and actions required to be carried out in order to continue or resume the systems for critical business functions within the planned levels of disruption should be reviewed and tested to analyze weakness and explore possible ways to improve the plan

corporate governance

a set of processes and policies in managing an organization with sound ethics, internal and external control mechanisms to safeguard the interests of its stakeholders promotes accountability, fairness, and transparency in the firm's relationship with its stakeholders concerned with holding the balance between economic and social goals and between individual and communal goals

which of the following is not a basic activity for data visualization? a. documenting the business processes that generate the data b. understanding the data c. selecting the data visualization tool d. developing the visualization e. none of the above

a. documenting the business processes that generate the data

which type of question does descriptive analysis address? a. what happened? b. what should we do based on what we expect will happen? c. why did it happen? d. will it happen again in the future?

a. what happened?

unstructed data

data without internal organization or structure; ie: blogs or social media

processing controls

ensure that data and transactions are processed accurately -prenumbered docs sequence checks cross footing balance tests to ensure accurate processing

XBRL allows disaggregated data to be presented to interested external parties. Financial analysts often forecast earnings many years ahead and then suggest whether an investor should buy or sell or hold a stock. Which type of disaggregated data do you think financial analysts would be most interested in receiving when predicting one year ahead earnings: detailed sales data, detailed expense data, detailed asset data, and/or detailed liability data? Support your answer. In your opinion, which disaggregated XBRL data would be most useful information in predicting whether an investor should buy, sell, or hold a stock?

to come up with a forecast of earnings, the detailed sales and expense and cash flows data would be the most relevant as they would most directly lead to predictions of the year-ahead data. Of course, depending on the nature of the underlying company and the balance sheet implications of the company, the detailed asset and liability may also be of importance.

which of the 4 V's: unstructured semi-structured structured

variety

which of the 4 V's: speed of generation rate of analysis

velocity

which of the 4 V's: untrusted uncleaned

veracity

which of the 4 V's: click stream active/passive sensor log event printed corpus speech social media traditional

volume

descriptive analysis

what happened? analysis performed that characterizes, summarizes, and organizes past performance questions like: did we make a profit last year? how much we pay in federal taxes next year? how long the existing AR been past due?

The 4 V's defining Big Data

1. Volume 2. Velocity 3. Variety 4. Veracity

COSO 2013 components

1. control environment 2. risk assessment 3. control activities 4. information and communications 5. monitoring activities

AMPS stands for

Ask the question Master the data Perform the analysis Share the story

COSO

Committee of Sponsoring Organizations voluntary initiative to improve corporate governance and performance through effective internal controls, ERM, and fraud deference

Master the data (AMPS) Questions

Data accessibility - can we get the needed data to answer the questions posed? data reliability - is the data clean? data integrity - is the data accurate, valid, and consistent over time? data type - is the data structured, internal and are there privacy concerns?

Using Figure 9.2 as a guide, name three internal and three external databases that you think should be included in a data warehouse for Bank of America. Support your Answer

Internal Databases: - general ledger -loan portfolio -vendor database -potential customer database -current customer database External Databases: - general economy information - GDP, interest rates -focal customer demographics -banking/finance industry information data warehouses are made for different purposes. the databases proposed above presume an interest in selling new loan products to existing and potential customers. we get profitability information of the various loan products from the internal databases. we also get information on potential customers, economic and industry trends from external databases. in sum, these databases can spot trends and opportunities for a bank.

Using figures 9.1 and 9.2 as guides, name 4 internal and 4 external databases that you think should be included in a data warehouse for the marketing function of Procter and Gamble. P&G has products like Gillete razors, Charmin tissue, etc. Why are these 8 databases you recommended critical to the effective functioning of the marketing department to sell more products?

Internal databases: - general ledger - to help determine the basic profitability of various products - customer database and related demographics - to learn more about who buys - point of sale Sales data - who purchases, where and what price -inventory data - what products are available for sale, which have new innovations external databases: - general economy information - GDP, inflation rates - focal customer demographics - what are important product characteristics for the consumer - competitor information - retail / consumer packaged goods industry information

data analytics

The science of examining raw data with the purpose of drawing conclusions about that information

prescriptive analysis

What should we do based on what we expect will happen? analysis performed which identifies the best possible options given constraints or changing conditions questions like: what is the level of sales needed to break even? how can revenues be maximized if there is a trade war with china? should the firm lease or buy its headquarters office? should the company make its own products or outsource production to another company?

predictive analysis

Will it happen in the future? analysis performed to provide foresight by identifying patterns in historical data questions like: what is the chance the company will go bankrupt? what is our expected sales and income next year? can we predict if the financial statements will be misstated? will the borrower pay us back the loan?

Who will rely on XBRL data for decision making? Why is assurance needed on XBRL data?

XBRL might be used by investors, financial analysts, regulators, and creditors. As these various XBRL users rely on the information to make important decisions, it is important that the XBRL data be accurate. Thus, assurance is needed for XBRL data in addition to the financial statements underlying that XBRL data.

XBRL tags

a big chart of accounts that companies use to tag all of their accounts

Data warehouse

a collection of information gathered from an assortment if external and operational (internal) databases to facilitate reporting for decision making and business analysis

IT application controls

activities specific to a subsystem's or an application's input, processing, and output grouped into 3 categories: 1. input 2. processing 3. output

application controls

are specific to a subsystem or an application to ensure the validity, completeness, and accuracy of transactions

analytics mindset

ask the right questions extract, transform and load (ETL) relevant data into a data analysis tool apply the appropriate data analytics techniques interpret and share the results with stakeholders

which organization created the "reporting on an entity's cybersecurity risk management program and controls: attestation guide" in 2017? a. SEC b. AICPA c. US Congress Department of Homeland Security

b. AICPA

controls that are designed to prevent, detect, or correct errors in transactions as they are processed through a specific subsystem are referred to as: a. general controls b. application controls c. physical controls d. two of the above are correct e. none of the above

b. application controls

a data warehouse may include: a. an XBRL style sheet b. competitor information c. a digital dashboard d. an iPad

b. competitor information

which term is used to describe the science of examining raw data, removing excess noise from the dataset, and organizing the data with the purpose of drawing conclusions for decision making? a. big data b. data analytics c. audit analytics d. extract, transform and load

b. data analytics

what type of analysis addresses questions of "why did it happen?" a. description analysis b. diagnostic analysis c. predictive analysis d. prescriptive analysis

b. diagnostic analysis

Big data is described by the 4 V's: a. volume, velocity, veracity, and variability b. volume, velocity, veracity, and variety c. volume, volatility, veracity, and variability d. volume, volatility, veracity, and variety

b. volume, velocity, veracity, and variety

which type of question does prescriptive analysis address? a. what happened? b. what should we do based on what we expect will happen? c. why did it happen? d. will it happen again in the future?

b. what should we do based on what we expect will happen?

ETL process

before the data can be analyzed and be useful, it must be scrubbed from extraneous data and noise reformatting, cleansing, and consolidating large volumes of data from multiple sources and platforms

which body mandated that operating firms in its jurisdiction submit their financial reports using XBRL? a. FASB b. GASB c. SEC d. NYSE

c. SEC

which tool is used to analyze data for business intelligence purposes? a. decision support systems b. data marts c. data mining d. big data

c. data mining

the acronym ETL, in the process if readying data for use in data analysis refers to: a. extrapolate, transform, and learn b. extrapolate, transpose, and load c. extract, transform, and load d. extract, transform, and learn

c. extract, transform and load

XBRL facilitates business reporting of: a. business processes b. the XML language c. financial and non financial information d. only financial information

c. financial and non financial information

which of the following charts is used to show trends over time? a. symbol maps b. scatter plots c. line charts d. pie charts e. treemaps

c. line charts

what type of analysis addresses questions of whether a customer will ultimately pay if credit is granted? a. descriptive analysis b. diagnostic analysis c. predictive analysis d. prescriptive analysis

c. predictive analysis

The stated advantages of XBRL GL do not include: a. reporting independence b. flexibility c. scalability d. system independence

c. scalability

XBRL assurance might include all but which of the following: a. the reports generated using XBRL are complete and received on a timely basis b. the most current, standardized XBRL taxonomy is used c. the XBRL tagging is useful to investors d. The XBRL tagging is accurate and complete

c. the XBRL tagging is useful to investors

business intelligence

computer based technique for accumulating and analyzing data from databases and data warehouses to support management decision making aka competitive intelligence

corrective controls

correct and recover from the problems that have been identified backup files to recover corrupted data

"Reporting on an entity's cybersecurity risk management program and controls: attestation guide"

created by the AICPA in 2017 consists of 2 criteria: 1. description criteria in the following areas: cybersecurity objectives, factors affecting the inherent cybersecurity risks, cybersecurity risk governance structure, risk assessment process, communications and quality of Information, monitoring of the risk management program, and control processes 2. Evaluation of the company's cybersecurity controls; provides trust services criteria and principles for security, availability, processing integrity, confidentiality, and privacy

which of the following best describes a data visualization? a. part of the information value chain b. a tool for preparing the data c. a tool for recording data transactions d. a graphical representation that presents information to decision makers e. none of the above

d. a graphical representation that presents information to decision makers

an information technology director collected the names and locations of key vendors, current hardware configuration, names of team members, and an alternative processing location. what is the director most likely preparing? a. internal control policy b. system hardware policy c. system security policy d. disaster recovery plan e. supply chain management policy

d. disaster recovery plan

which of the following vulnerabilities would create the most serious risk to a firm? a. using open source software (downloaded for free) on the firm's network b. employees recording passwords in excel files c. employees writing instant messages with friends during office hours d. unauthorized access to the firm's network

d. unauthorized access to the firm's network

Big Data

datasets that are too large and complex for businesses' existing systems to handle using their traditional capabilities to capture, store, manage, and analyze these datasets

XBRL Taxonomy

defines and describes each key data element

Perform the Analysis (AMPS) types of analysis

descriptive analysis diagnostic analysis predictive analysis prescriptive analysis

preventative controls

deter problems from occurring (authorization) require compliance with preferred procedures

which of the following is an important consideration in designing a data visualization? a. choosing the right chart b. using explanatory titles c. using the color or size to draw attention to key insights d. defining chart elements clearly e. all of the above

e. all of the above

PCAOB Auditing Standard No. 5 (AS 5)

encourages auditors to use a risk based, top down approach to identify key controls analyzing control at a financial statement level and focus on entity level controls (internal control environment, risk assessment and management. management override, centralized processing and monitoring)

why a code of ethics?

ethical behavior prompted by a code of ethics can be considered a form of INTERNAL CONTROL employees with diverse backgrounds are likely to have different values, experiences and viewpoints (must appreciate)

XBRL

extensive business reporting language available for various uses, including reporting on the firm's website, filing to regulators, and providing information to other interested parties such as financial analysts, loan officers, and investors

structured data

highly organized data that fits nicely in a table or a database B/S and I/S are examples

IT controls

involve processes that provide assurance for information and help mitigate risks associated w/ the use of tech

physical controls

mainly manual but could involve the physical use of Computer technology ie: - authorization to ensure transactions are valid -segregation of duties -supervision -accounting documents and records - access control to ensure only authorized personnel have access -independent verification to double check for errors

COSO Internal Control Framework (COSO 2013)

one of the most widely accepted authorities on internal control providing a baseline for evaluating, reporting, and improving internal control an effective control should consist of three objectives: - operations - effectiveness and efficiency of a firm's operations -reporting - reliability of reporting -compliance - adherence to applicable laws and regulations

general controls

pertain to enterprise wide issues (controls over assessing the network, developing and maintaining applications)

three main functions of internal control

preventative controls detective controls corrective controls

output controls

provide output to authorized people and ensure the output is used properly only the required number of copies is printed sensitive electronic material should be encrypted

veracity

quality of the data including the extent of cleanliness (without errors or data integrity issues), reliability, and representationally faithful

variety

refers to unstructured and unprocessed data, such as comments in social media, emails, GPS

IT general controls (ITGC)

relate to enterprise level controls over IT - IT control environment -access controls -change management controls - project development and acquisition controls -computer operations controls

SOX 404

requires public companies registered with the SEC and their auditors to annually assess and report on the design and effectiveness of internal control over financial reporting established the Public Company Accounting Oversight Board (PCAOB) to provide independent oversight of public accounting firms

XBRL Style Sheets

take the instance documents and add presentation elements to make them readable by people data may be presented in different formats - excel, pdf

Datamart

takes a subset of the information from the data warehouse to serve a specific purpose a subset of a data warehouse may include competitor information

velocity

the data comes in at quick speeds or in real time, such as streaming videos and news feeds

Volume

the massive amounts of data involved

XBRL assurance requirements

the most current, standardized XBRL taxonomy is used the underlying financial and non financial data that are used in XBRL tagging are reliable XBRL tagging is accurate and complete the reports generated using XBRL are complete and received on a timely basis

change management controls

the process of making sure that changes to programs and applications are authorized and documented changes should be tested prior to implementation

Data Visualization

the process of presenting information graphically that consists of three business activities: - understanding the data - finding relevant sources, selecting data, preparing it for use -selecting data visualization tools - Tableau, Excel -develop and present the visualization - choose the right chart, color, size, explanatory titles, axis labels and numbers

data mining

the process of using sophisticated statistical techniques to extract and analyze data from large databases to discern patterns and trends that were not previously known used for business intelligence