BEC
Binomial Option Price Model
(expected values of options x chance of occurring) / 1 + discount rate
price elasticity of demand
percentage change in quantity demanded divided by the percentage change in price.
Ordinary Annuity (amt and when received) and what is also called
-equal amts -received at end of each period -also called annuity in arrears
The effect of the multiplier can be estimated using the following formula:
$ Multiplier Effect = $ Initial Change in Spending × [1/(1− MPC)].
In selecting short-term investments for "excess" cash, a firm would be concerned with
(1) safety of principal, (2) price stability of the investment instrument, and (3) ability to readily convert the investment to cash without undue cost.
two perspectives in TQM:
1) Failure to execute the product design as specified. 2) Failure to design the product appropriately; quality of design is defined as meeting or exceeding the needs and wants of customers.
The value of a stock option generally increases due to these 3 characteristics
1) longer the time to expiration 2) the higher the risk-free interest rate, and 3) the higher the volatility of the stock
data warehouse v. data mart
A data mart is more specialized than a data warehouse. The data mart is often constructed to support specific needs of subunits of an organization.
Accounting Rate of Return (ARR) Formula
ARR = (Average Annual Incremental Revenue - Average Annual Incremental Expenses) / (Initial or Average Investment) **uses accrual values, not cash flows
Effect of Product Costing Model on Operating Income
Absorption costing and direct costing assign different costs to inventory. Since direct costing does not include fixed manufacturing costs as part of product cost, the inventory valuation under absorption costing will always be greater than the inventory valuation under direct costing. From an external reporting point of view, direct costing understates assets on the balance sheet.
Monetary v. Fiscal Policies
Both fiscal and monetary policy provide means for the government to influence aggregate spending (demand). Fiscal policy is implemented through changes in government spending and/or taxes. Monetary policy is implemented primarily through control of the money supply.
Compliance (COSO)
Compliance objectives concern complying with external laws and regulations (as opposed to the operations objectives, which include compliance with the entity's internal policies and procedures). For example, the entity must identify any laws or regulations that must be adhered to, such as human resources, taxation, and environmental compliance, or laws that apply to operations in a foreign country.
The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives. This relates to Control Activities Control Environment Monitoring Info and Communication
Control Environment
Credit Risk (hedging)
Credit risk is the risk of loss that results from the counterparty (the other party) to the derivative contract not performing as specified in the contract.
What are three types of accounts used by the U.S. to account for transactions and balances with other nations (i.e., those not in the U.S. balance of payments statement)?
Current account, capital account, financial account
Default Risk (Hedging)
Default risk is the risk of loss that results from the counterparty (the other party) to the derivative contract not performing as specified in the contract.
two most popular valued based management metrics
EVA CFROI
Risk appetite must be quantified. T/F
False, can be quantified or stated in words
Standards are based solely on historical performance T/F
False, standards are not only based on historical performance as this may incorporate past periods' inefficiencies
Break Even in Sales Dollars
Fixed Costs/Contribution Marin Ratio
Break Even Point (units)
Fixed costs / contribution margin
BigWig Costume Rentals recently implemented an initiative to attract and retain web programmers and systems analysts as a part of its expanded web development to support online sales. This initiative most likely occurs as a part of which component in the ERM framework? Governance and Culture Performance Strategy and Objective-Setting Information, Communication, and Reporting
Governance is the allocation of roles, authorities, and responsibilities among stakeholders including attracting, retaining, and developing capable individuals. The listed activities are part of COSO ERM Principle 5, which relates to attracting, retaining, and developing capable individuals.
IaaS
Infrastructure as a service (IaaS)—Use of the cloud to access a virtual data center of resources, including a network, computers, and storage. Example: Amazon Web Services and Carbonite.
in applying COSO to cyber risks, managing cyber risks should begin with
Managing cyber risks begins with identifying system value and protecting systems according to their value.
In DRP, top priority is given to which activities
Mission-critical tasks are given first priority in DRP.
Entity-Relationship (E-R) Diagrams
Model relationships between entities and data in accounting systems.
ROI (Return on Investment)
Net Income (before interest expense)/ Total Assets
GDP deflator
Nominal GDP/Real GDP × 100.
Organizations will generally set risk capacity higher, equal, or lower than risk appetite
Organizations will generally set risk capacity higher than risk appetite except in unusual, high-risk cases (e.g., under threat of bankruptcy).
Preferred Stock Theoretical Value (PSV) Calculation v. Preferred Stock Expected Rate of Return (PSER) Calculation
PSV = Annual Dividend/Required Rate of Return PSER = Annual dividend/Market price
Which methods do not consider the time value of money
Payback period approach and ARR
PaaS
Platform as a service (PaaS)—A development environment for creating cloud-based software and programs using cloud-based services. Example: Salesforce.com's Force.com.
ROI
ROI = (income / sales) * asset turnover
CAPM Basic Formula and what each component means
RR = RFR + beta(ERR-RFR) -RR = required rate of return -RFR = risk free rate of return -beta = measure of volatility of asset being measured -ERR = expected rate of return, benchmark rate for class of asset being valued
Storage Area Networks (SANs)
Replicate data from and to multiple networked sites; data stored on a SAN is immediately available without the need to recover it; this enables a more effective restoration but at a relatively high cost.
Duties of the file librarian
Responsible for controlling IT‐related files, checking them in and out only as necessary to support scheduled jobs. Should not have access to live operating equipment or data.
Demanding higher performance usually requires accepting more _________. Tolerance Vision Risk Performance severity
Risk
According to COSO, which of the following components addresses the need to respond in an organized manner to significant changes resulting from international exposure, acquisitions, or executive transitions? Control activities Risk assessment Monitoring activities Information and communication
Risk assessment is the process of identifying, analyzing, and managing the risks involved in achieving the organization's objectives. Changes related to international exposure, acquisitions, or executive transitions create risks, which must be assessed, prioritized, and responded to.
Contribution margin for break-even
Sales price per unit - variable costs per unit = contribution margin
SaaS
Software as a service (SaaS)—Remote access to software. Office 365, a suite of office productivity programs, is an example of SaaS.
Information and Communication (COSO)
The information and communication systems that enable an organization's people to identify, process, and exchange the information needed to manage and control operations.
Electronic Tendering Systems
These tendering or bidding systems allow companies to seek bids for products or services that the organizations wish to purchase
Margin of Safety
This indicates the difference between the current sales level and the break-even point. That is, the margin of safety indicates how much revenue can decrease before operating income becomes negative.
A manufacturing company discovers that its rollback and retention procedures do not include data from a key system related to production quality. Which of the following IT policies should address this violation?
This problem relates to disaster recovery preparation, which is a subcategory of IT security policies.
remain the most popular means of managing EDI communications.
VANs (value added networks)
An organization's total cost of quality is the...
the sum of its prevention, appraisal, internal failure, and external failure costs
The annual interest rate of forgoing the cash discount is calculated as
[Discount %/(1.00 - Discount %)] × [360/(net - term)]
The interest rate associated with discount terms is computed as:
[Discount Rate/Principal] × [1/(Length of discount period/365)]; where: Principal = Amount after discount Length of discount period = Difference between discount date and net date
Factoring involves the sale of
accounts receivable
Risk appetite
amount of risk an organization accepts in pursuit of a strategy and value.
data control language is composed of
commands used to control a database, including controlling which users have various privileges (e.g., who is able to read from and write to various portions of the database).
Who should have access to live data
computer operators and limited access to system administrators
What are the three generic strategies Porter identified
cost leadership, differentiation, and focus.
How are bitcoins created?
created by "mining," which is basically solving mathematical puzzles requiring dedicated, very fast computers
Reorder point formula
delivery time stock + safety stock
joint application development (JAD)
during the analysis phase, systems analysts work with end users to understand the business process and document the requirements of the system; the collaboration of IT personnel and end users to define the system
What does online analytical processing system (OLAP) do?
incorporates data warehouse and data mining capabilities within the ERP. -provides an integrated view of transactions in all parts of the system
Individuals paying taxes to the federal government is not considered in
microeconomics (which considers only the relationship between individuals and businesses), but it is considered in macroeconomics, which includes the government sector (as well as the financial sector and imports/exports).
Comparative advantage exists when...
one country has the ability to produce a good or service at a lower opportunity cost than the opportunity cost of the good or service for another country.
The first step in creating a balanced scorecard is to...
to identify the organization's strategic objectives in each of the four areas.
What tools does Six Sigma commonly use to achieve quality control?
tools common to TQM (e.g. control charts, run charts, pareto histograms, and Isikawa (fish-bone) diagrams)
In the accounting cycle, closing journal entries:
transfers balances in temporary accounts to R/E
Operating Cycle =
= # of days supply in inventory + # of days sales in A/R
Cash Conversion Cycle =
= Inventory Conversion Cycle + A/R Conversion - A/P Conversion
A checkpoint is used mostly in _____ systems.
Checkpoints are mostly used in batch systems. The use of checkpoint and restart is an important backup procedure.
Organizational "dark data"
Data collected from business activities that may be reused in analytics, business relationships, or directly monetized (sold). Part of the reason "dark data" may be unused is because it lacks "meta data," i.e. "data about data" which explains what the "dark data" is.
Security tokens
Include devices that provide "one-time" passwords that must be input by the user as well as "smart cards" that contain additional user identification information and must be read by an input device
Market Risk (hedging)
Market risk is the risk of loss from adverse changes in market factors that affect the hedged item.
Nominal Gross Domestic Product (Nominal GDP)
Measures the total output of final goods and services produced for exchange in the domestic market during a period (usually a year).
What is the foundation component of the COSO ERM Model?
Monitoring
Payback period approach. Discounted payback period approach. Accounting rate of return approach.
The accounting rate of return measures the expected annual incremental accounting income from a project as a percent of the initial (or average) investment in the project. Since it uses accounting income, it takes into account depreciation expense in computing the annual incremental income.
accounting rate of return
The accounting rate of return measures the expected annual incremental accounting income from a project as a percent of the initial (or average) investment in the project. Since it uses accounting income, it takes into account depreciation expense in computing the annual incremental income.
At what phase in the systems development process is a report generated that describes the content, processing flows, resource requirements, and procedures of a preliminary system design?
The case describes this as a "preliminary" system design. This is a part of conceptual systems design.
A brokerage firm has changed a program so as to permit higher transaction volumes. After proper testing of the change, the revised programs were authorized and copied to the production library. This practice is an example of
The practice of authorizing changes, approving tests results, and copying developmental programs to a production library is program change control.
Defense-in-Depth
The strategy of implementing multiple layers of controls to avoid having a single point of failure. Computer security involves using a combination of firewalls, passwords, and other preventive procedures to restrict access. Redundancy also applies to detective and corrective controls.
The following transfer pricing rule helps to ensure goal congruence among department and divisional managers:
Transfer Price per Unit = Additional Outlay Cost per Unit + Opportunity Cost per Unit where opportunity cost = Selling Price per Unit - Additional Outlay Cost per Unit **opp cost = zero if not at full capacity
There are more input than processing and output controls. T/F
True! This is due in part to the importance of correct input data: if data is incorrectly input, then subsequent uses of the data are compromised (i.e., GIGO: garbage in, garbage out).
SEC requires management to evaluate their internal controls based on a recognized control framework T/F
True!!
Purpose of the Systems Development Life Cycle (SDLC) Method—The systems development life cycle provides a structured approach to the systems development process by:
a) Identifying the key roles in the development process and defining their responsibilities b) Establishing a set of critical activities to measure progress toward the desired result c) Requiring project review and approval at critical points throughout the development process. Before moving forward to each stage of the SDLC, formal approval for the previous stage should occur and be documented.
Common Levels of Logical Access Control
a) Read or copy b) Write, create, update or delete c) Execute (run) commands or procedures d) A combination of the above privileges
"Key" Elements of Encryption
a) The encryption algorithm is the function or formula that encrypts and decrypts (by reversal) the data. b) The encryption key is the parameter or input into the encryption algorithm that makes the encryption unique. The reader must have the key to decrypt the ciphertext. c) Key length is a determinant of strength. Longer keys are harder to decrypt.
Effective cloud solutions require considering and integrating:
a) The relevant business processes—For example, sales, product development, manufacturing, distribution, procurement, payroll, financing b) The deployment model—For example, public, hybrid, private c) The service delivery model—SAAS, PAAS, IAAS (see the introductory lesson on cloud computing for term definitions)
for weighted-average after-tax cost of capital, tax savings applies to ____, not _____ or _____
for wacc after tax, tax savings only applies to bonds, not preferred or common stock
Bad, Bad, Leroy Brown Corp., a BBQ food chain based in Kansas City, MO is building a new customer relationship management (CRM) system. In transitioning between phases in the SDLC, the company must obtain and document:
formal approval, formal approval is necessary before moving into the next phase
A business impact analysis (BIA) will identify the...
maximum tolerable interruption periods by function and organizational activity
beta
measure of volatility of an asset when compared to a benchmark for the whole class of that asset, i.e. measures the volatility of a stock relative to the market
primary purpose of boundary protection is to
prevent the mixing of data on a magnetic memory disc and a core storage unit.
defense-in-depth strategy combines...
preventive (i.e., training), detective (i.e., managerial reports), and corrective controls (i.e., patch management).
Difference in WACC for stocks v. bonds
for WACC tax rate effects bonds cost of capital but not common stock
IT facility controls are
IT facility controls are general controls. That is, they are controls over the IT department as a whole. For example, restricting access to the IT department prevents unauthorized individuals from gaining physical access to the system. NOT JUST PREVENTATIVE
Multiplier Effect (ME)
Initial Change in Spending × [1/(1−MPC)]
WACC
Liabilities = (weight instrument)x(cost of capital)x(1-tax rate) Equity = (weight instrument)x(cost of capital) add together to get WACC
RAID
RAID (redundant array of independent disks) -stores the same data in different places (thus, redundantly) on multiple hard disks. By placing data on multiple disks, I/O (input/output) operations can overlap in a balanced way, improving performance. Since the use of multiple disks lessens the likelihood of failures, storing data redundantly reduces the risk of system failure.
Transmissions Media
The communication link between nodes on the network; the link may be one of several types of wired or wireless media. Local area networks (LANs) use dedicated communications lines (i.e., used only by the network); wide area networks (WANs) use public or shared communications lines (i.e., telephone lines, television cables, etc.)
This fundamental component of internal control is the core or foundation of any system of internal control. Control activities. Control environment. Information and communication. Risk assessment.
The control environment is, "...the core or foundation of any system of internal control."
Big Data
The creation, analysis, storage, and dissemination of extremely large data sets. Such data sets have recently become feasible due to advances in computer storage technologies (e.g., the cloud), advanced data analytics, and massive computing power.
The objective of the International Monetary Fund is to
maintain order in the international monetary system by providing funds to countries in financial crisis.
Scalability
as our organization grows or contracts it is very easy w/ cloud based services to grow/contract with it
What is RI designed to do?
avoid the diluted hurdle rate problem associated w/ ROI
The primary controls over logical access involve (2 things)
user identification (authentication) and user authorization
SOX requires that every audit committee of a public company have...
SOX requires that every audit committee of a public company have at least one "financial expert" with (a) an understanding of GAAP and financial statements; (b) experience in preparing or auditing financial statements; (c) experience with internal auditing controls; and (d) an understanding of audit committee functions.
Profitability Index (PI) Formula and How it is Measured
=NPV of Project Inflows/PV of Project Cost -higher the % the higher the ranking
____ is a legal contract that defines responsibility for goods that are in transit.
A bill of lading is the authorization for, and terms of, a shipping agreement. It is a legal contract between a seller and a shipper.
Acceptable joint cost allocation methods include...
Acceptable joint cost allocation methods include sales value at split-off, physical measures, and constant gross margin.
Lott's Pot, Pots, and Pottery, located in Colorado, hosts parties where customers sample high-end cannabis products (by smoking, eating candy, or in aerial diffusers) while making pots and pottery (clever idea, right?). In assessing the company's business strategy, which of the following risks would be least important? Does our business strategy align with our mission? Does our business strategy align with our core values? Do we understand the risks of our strategy? Will we achieve the goals that we have set?
According to COSO, assessing whether the organization will achieve its goals is the least important risk, of those listed, in the assessment of strategy.
_____ concerns whether confidential information is protected consistent with the organization's commitments and agreements.
According to the AICPA ASEC principles, this is the definition of confidentiality.
______ addresses whether the collection, use, retention, disclosure, and disposal of personal information is consistent with the entity's commitments and with GAPP.
According to the AICPA ASEC principles, this is the definition of privacy.
The cost of debt most frequently is measured as
Actual interest rate minus tax savings
What connects Internet computers of dissimilar networks
Gateways
GDP does not include:
Goods or services that require additional processing before being sold for final use (i.e., raw materials or intermediate goods); Goods produced in a prior period, but sold in the current period (those goods are included in GDP of the prior period); Resale of used goods (which does not create new goods); Activities for which there is no market exchange (e.g., do-it-yourself productive activities); Goods or services produced in foreign countries by U.S.-owned entities (only domestically produced goods/services are included); Illegal activities; Transfer payments (e.g., welfare payments, social security, etc.; any effect on GDP occurs when the payments are spent on goods/services); Financial transactions that simply transfer claims to existing assets (e.g., stock transactions, incurring/paying debt, etc., which in themselves do not produce a good/service); or Adjustments for changing prices of goods and services over time.
high-availability clusters (HACs)
HACs are computer clusters designed to improve the availability of services; HACs are common in e-commerce environments where services must be continuously available.
Biometric controls
A physical or behavioral characteristic permits access.
record v. file v. database
- record, a group of related fields (or attributes),describe an example of an entity (a specific invoice, a particular customer, an individual product) -file is bigger, a collection of related records for multiple entities (an invoice file, a customer file, a product file) -database: a set of logically related files
Acid test ratio (quick ratio)
(cash + receivables + marketable securities) / current liabilities
Absorption Costing Income Statement v. Direct Costing Income Statement
--Absorption Costing Income Statement—The absorption costing income statement lists its product costs, including the fixed manufacturing costs, "above the line" and subtracts the product costs from Sales to calculate Gross Margin. (i.e. all manufacturing costs, whether variable or fixed, are above gross margin and all selling/admin costs (variable or fixed) are below it) --Direct Costing Income Statement The direct costing income statement lists costs by behavior (variable or fixed). All variable costs are listed together and are subtracted from Sales to calculate Contribution Margin. All fixed costs are then listed together and are subtracted from Contribution Margin to get Operating Income.
Absorption v. Direct Costing
--Absorption Costing: Assigns all three factors of production (direct material, direct labor, and both fixed and variable manufacturing overhead) to inventory. ***Absorption costing is required for external reporting purposes. This is currently true for both external financial reporting and reporting to the IRS. --Direct Costing (also known as variable costing): Assigns only variable manufacturing costs (direct material, direct labor, but only variable manufacturing overhead) to inventory. ***Direct costing is frequently used for internal decision-making but cannot be used for external reporting.
types of backup facilities
--Cold site ("empty shell")—An off-site location that has all the electrical connections and other physical requirements for data processing, but does not have the actual equipment or files. Cold sites often require one to three days to be made operational. A cold site is the least expensive type of alternative processing facility available to the organization. If on a mobile unit (e.g., a truck bed), it is called a mobile cold site. --Warm site—A location where the business can relocate to after the disaster that is already stocked with computer hardware similar to that of the original site, but does not contain backed-up copies of data and information. If on a mobile unit, it is called a mobile warm site. --Hot site An off-site location completely equipped to quickly resume data processing. All equipment plus backup copies of essential data files and programs are often at the site. Enables resumed operations with minimal disruption, typically within a few hours. More expensive than warm and cold sites. --Mirrored site—Fully redundant, fully staffed, and fully equipped site with real-time data replication of mission-critical systems. Such sites are expensive and used for mission-critical systems (e.g., credit card processing at VISA and MasterCard). --Reciprocal agreement—An agreement between two or more organizations (with compatible computer facilities) to aid each other with data processing needs in the event of a disaster. Also called a "mutual aid pact." May be cold, warm, or hot. --Internal site—Large organizations (e.g., Walmart) with multiple data processing centers often rely upon their own sites for backup in the event of a disaster.
Data Flow Diagrams (DFDs) v. Flowcharts
--DFDs Portray business processes, stores of data, and flows of data among those elements Often used in developing new systems Use simple, user-friendly symbols (unlike flowcharts) For example, a DFD for the delivery of goods to a customer would include a symbol for the warehouse from which the goods are shipped and a symbol representing the customer. It would not show details, such as computer processing and paper output. --Flowcharts For example, system flowcharts, present a comprehensive picture of the management, operations, information systems, and process controls embodied in business processes. Often used to evaluate controls in a system Too complicated and technical for some users. DFDs are easier to understand.
Data diddling v. data leakages
--Data diddling—Changing data in an unauthorized manner (forgery) either before or during input into the computer system (e.g., changing credit ratings or fixing salaries). --Data leakage—Uncontrolled or unauthorized transmission of classified information from a data center or computer system to outside parties (e.g., remote employees increase the risk of data leakage if networks are unsecure).
Digital Signature v. Digital Certificate
--Digital Signatures An electronic means of identifying a person or entity Use public/private key pair technology to provide authentication of the sender and verification of the content of the message. The authentication process is based on the private key. Vulnerable to man-in-the-middle attacks in which the sender's private and public key are faked. --Digital Certificates For transactions requiring a high degree of assurance, a digital certificate provides legally recognized electronic identification of the sender, and, verifies the integrity of the message content. Based on a public key infrastructure (PKI) which specifies protocols for managing and distributing cryptographic keys In this system, a user requests a certificate from the certificate authority. The certificate author then completes a background check to verify identity before issuing the certificate. More secure than digital signatures
What does a balanced scorecard (BSC) do and what does it not do
--Does: translate an organization's mission and strategy into a comprehensive set of performance metrics. Highlights both non-financial and financial metrics that an organization can use to measure strategic progress --does not focus solely on financial metrics.
Core Activities of the Production Cycle
--Forecast Sales/Plan Production/Product Design/Authorize Production Manufacturing resource planning (MRP) and just-in-time (JIT) manufacturing systems help forecast materials needs and plan production The master production schedule (MPS) specifies how much of each product to produce and when to produce it. A production order authorizes manufacturing. --Move Raw Materials into Production Materials requisition authorizes moving materials from storeroom to production. --Production Process Receive raw materials into production. Production processes vary greatly by product and level of technology: Computer-integrated manufacturing (CIM)—The use of IT to fully or partially automate the production process can dramatically change the production process. Many production processes are now partially or fully integrated with robotics (i.e., the use of robots to execute production tasks). Manage cost accounting processes. See the "Manufacturing Costs" lesson to review cost accounting for manufacturing costs --Complete Production Process and Deliver Goods
Key Verification v. Closed loop verification
--Key verification—The rekeying (i.e., retyping) of critical data in the transaction, followed by a comparison of the two keyings. For example, in a batch environment, one operator keys in all of the data for the transactions while a second operator rekeys all of the account codes and amounts. --Closed loop verification—Helps ensure that a valid and correct account code has been entered; after the code is entered, this system looks up and displays additional information about the selected code. Available only in online real-time systems.
Network v. Application v. Personal Firewalls
--Network Filters data packets based on header information (source and destination IP addresses and communication port), perform relatively low-level filtering capabilities Blocks noncompliant transmissions based on rules in an access control list Very fast (examines headers only) Forwards approved packets to application firewall --Application Inspects data packet contents Can perform deep packet inspection (detailed packet examination), application firewalls have the ability to do much more sophisticated checks and provide much better control Controls file and data availability to specific applications In addition to monitoring data packets, control the execution of programs and examine the handling of data by specific applications --Personal—Enables end users to block unwanted network traffic
RPO v. RTO
--Recovery point objective (RPO) defines the acceptable amount of data lost in an incident. Typically, it is stated in hours, and defines the regularity of backups. For example, one organization might set an RPO of one minute, meaning that backups would occur every minute, and up to one minute of data might need to be re-entered into the system. Another organization, or the same organization in relation to a less mission-critical system, might set an RPO of six hours. --Recovery time objective (RTO) defines the acceptable downtime for a system, or, less commonly, of an organization. It specifies the longest acceptable time for a system to be inoperable
Core Activities of the Expenditure Cycle
--Request and Authorize Purchase Request goods and services. Authorize purchase. --Acquire Goods Purchase goods/services. --Take Custody and Pay for Goods Receive goods and services. Disburse cash. --Return Needed? If so, return it and document the return.
Sensitive data sent via the Internet is usually secured by one of two encryption protocols:
--Secure Sockets Layer (SSL) uses a combination of encryption schemes based on a PKI; --Secure Hypertext Transfer Protocol (S-HTTP) directs messages to secure ports using SSL-like cryptography.
Symmetric Encryption v. Asymmetric Encryption
--Systematic Encryption Fast, simple, easy and less secure than asymmetric encryption More often used in data stores (i.e., data at rest) since only one party then needs the single algorithm and key Also called single-key encryption (or private key), symmetric encryption uses a single algorithm to encrypt and decrypt. --Asymmetric Encryption Safer but more complicated than symmetric encryption More often used with data-in-motion Also called public/private-key encryption Uses two paired encryption algorithms to encrypt and decrypt If the public key is used to encrypt, the private key must be used to decrypt; conversely, if the private key is used to encrypt, the public key must be used to decrypt. (receiver generally have the private key)
company's risk profile
-... -includes considering the risk types, severity, and interdependence
Direct Exchange Rate v. Indirect Exchange Rate
-A direct exchange rate expresses the domestic price of one unit of foreign currency. Ex: 1 euro = $1.20 -An indirect exchange rate expresses the foreign price of one unit of the domestic currency. Ex: .833 euro = $1.00
Parity Check (Parity Bit)
-A zero or 1 included in a byte of information that makes the sum of bits either odd or even; for example, using odd parity, the parity check bit for this byte of data: -A parity check is designed to detect errors in data transmission.
Audit Data Analytics (ADA) v. Key Performance Indicators (KPIs)
-ADA: the process of "discovering and analyzing patterns, identifying anomalies, and extracting useful information in data ... for the purpose of planning or performing the audit -KPIs: critical measures from an organization's strategy.
American style v. European style options
-American style: option permits exercise any time before expiration -European style: option permits exercise only at maturity date
Annual Percentage Rate v. Effective Annual Percentage Rate
-Annual percentage rate (APR): is the annualized effective interest rate without compounding on loans that are for a fraction of a year. It is computed as the effective interest rate for the fraction of a year multiplied by the number of time fractions in a year --effectively effective interest rate X periods in a year -Effective annual percentage rate:, also called the annual percentage yield, is the annual percentage rate with compounding on loans that are for a fraction of a year.
In business information systems, the term "stakeholder" refers to which of the following parties?
-Anyone in the organization who has a role in creating or using the documents and data stored on the computers or networks. -The "stakeholders" in an IT environment include both the IT personnel responsible for developing and maintaining the system as well as the personnel from all areas of the organization, who are the end users of the systems. In extranet environments, these end users may also include customers and suppliers who access data relevant to their activities with the organization online.
Future contracts v. forward contracts (and what they have in common)
-Both: Contracts to deliver or receive a commodity, foreign currency, or other asset in the future at a price set now. -Futures: Futures contracts are executed through a clearinghouse (futures exchange), they are standardized in that the underlying commodity and the commodity's quality, quantity, and delivery are prespecified in the contract. Because futures contracts are traded on an exchange, margin requirements, marking to market, and margin calls apply, and settlement occurs daily. -Forward: Forward contracts are executed directly between the contracting parties, not through a clearinghouse/ exchange like futures contracts. Because they are negotiated contracts, forward contracts can be customized to any commodity, amount, and delivery date. Forward contracts are settled only at the end of the contract.
Activities in IT Processes (COBIT)
-Business Processes -Plan & Organize: How can IT best contribute to business objectives? Establish a strategic vision for IT. Develop tactics to plan, communicate, and realize the strategic vision. -Acquire & Implement: How can we acquire, implement, or develop IT solutions that address business objectives and integrate with critical business process? -Delivery & Support: How can we best deliver required IT services including operations, security, and training? -Monitor & Evaluate: How can we best periodically assess IT quality and compliance with control requirements?
Business Analytics v. Business Intelligence
-Business analytics is "the science and art of discovering and analyzing patterns, identifying anomalies, and extracting other useful information in data" for application to a business issue or problem. Business analytics relies on advanced statistical and mathematical tools and models including visualization, regression, cluster analysis, network analysis, and machine learning techniques. -Business Intelligence (BI): includes the applications, infrastructure and tools, and best practices, that enable access to and analysis of information to improve and optimize decisions and performance
What are the 3 control objectives in the COSO framework?
-Compliance -Financial reporting -Operations
Two Measures of Return on Bonds and How to Calculate
-Current Yield: ratio of annual interest payments to current price of the bonds in the market, CY = annual coupon interest/current market price -Yield to maturity: determines the discount rate that equates the present value of future cash flows from the bonds w/ the current price of the bonds, is the rate of return required by investors as implied by the current price of bonds in the market
When does a bond sell for a discount v. premium?
-Discount: sells at less than par if coupon rate is less than the market rate -Premium: sells at more than par if coupon rate is more than the market rate
Which methods do and dont take depreciation into consideration
-Do: ARR, NPV (tax effect) -Don't: IRR, Payback period
Financial Structure v. Capital Structure
-Financial structure: the mix of ALL elements of liabilities and owner's equity -Capital Structure: less inclusive, only includes the long-term sours of financing, that is, long-term debt and owner's equity, i.e. no short term debt
Types of Inventory Secured Loans + Their Definition
-Floating lien agreement—The borrower gives a lien against all of its inventory to the lender, but retains control of its inventory, which it continuously sells and replaces. -Chattel mortgage agreement—The borrower gives a lien against specifically identified inventory and retains control of the inventory, but cannot sell it without the lender's approval. -Field warehouse agreement—The inventory used as collateral remains at the firm's warehouse, placed under the control of an independent third-party and held as security. -Terminal warehouse agreement—The inventory used as collateral is moved to a public warehouse where it is held as security.
What do if difference in estimated OH applied to production and the actual OH costs to be equal
-Immaterial differences between the two amounts are usually allocated to COGS. -If the difference is material, it should be prorated to WIP, finished goods, and COGS based on their respective ending balances.
Line of Credit v. Revolving Credit v. Letter of Credit
-Line of Credit: An informal agreement between a borrower and a financial institution whereby the financial institution agrees to a maximum amount of credit that it will extend to the borrower at any one time. -Revolving Credit Agreement: Like a line of credit, but it is in the context of a legal agreement between the borrower and the financial institution. -Letter of Credit: A conditional commitment by a bank to pay a third party in accordance with specified terms and commitments.
What will create the lowest/highest interest rate risk?
-Lowest: shortest maturity and highest stated interest rate -Highest: longest maturity and lowest stated interest rate
Categories of AI
-Machine learning (analysis)—Systems that use big data to learn rules and categories to enable prediction and classification. For example: neural networks. A common accounting application —classifying journal entries -Robotics (activity)—For example: machine-directed welding, controlling production, manufacturing, and distribution processes -Intelligent agents (engagement)—Computer "agents" that perform tasks—e.g., data harvesting and cleaning. Can also analyze market trends—e.g., in finding and purchasing airline tickets. Such systems interact with humans (e.g., Siri® on the Apple® iPhone®) and have natural language processing ability. -Expert systems (analysis and activity)—Build and apply expertise in a domain. May include machine learning or intelligent agent subsystems.
3 Valuation Approaches and Definition
-Market Approach: Uses prices and other relevant information generated by market transactions involving assets or liabilities that are identical or comparable to those being valued. -Income Approach: Uses valuation techniques to convert future amounts of economic benefits or sacrifices of economic benefits to determine what those future amounts are worth as of the valuation date. Typically converts future cash flows or earnings amounts using models, including: Discounted cash flows Option pricing models Earnings capitalization models This approach is based on the premise that a market participant is willing to pay the present value of the future economic benefits to acquire an item. -Cost Approach: Uses valuation techniques to determine the amount required to acquire or construct a substitute item (replacement cost or reproduction cost). Use of this approach is more limited than the market approach or the income approach. Use would be especially appropriate for valuing specialized types of assets.
What are the 5 components of internal control in COSO framework?
-Monitoring -Information and Control -Control Activities -Control Environment -Risk Assessment
Nominal Interest Rate v. Real Interest Rate
-Nominal: refers to the rate of interest received before taking into account the effects of inflation -Real: refers to the rate of interest after taking into account the effects of inflation on the value of funds received. The calculation of the real interest rate (RIR) is: RIR =Nominal Interest Rate − Inflation Rate
Online transaction processing (OLTP) system v. Online analytical processing (OLAP) system
-OLTP: The modules comprising the core business functions: sales, production, purchasing, payroll, financial reporting, etc. These functions collect the operational data for the organization and provide the fundamental motivation for the purchase of an ERP -OLAP: Incorporates data warehouse and data mining capabilities within the ERP.
Operations (COSO)
-Objectives related to the fundamental mission and vision of the entity. -Include improving financial performance, productivity, quality, environmental practices, innovation, and customer and employee satisfaction, as well as safeguarding assets (protecting and preserving assets)
Pledging Accounts Receivable v. Factoring Accounts Receivable
-Pledging Accounts Receivable: Financing through pledging accounts receivable uses a current asset—trade accounts receivable—as security for short-term borrowings. Specifically, the firm pledges some or all of its accounts receivable as collateral for a short-term loan from a commercial bank or finance company. -Factoring accounts receivable is the sale of accounts receivable to a commercial bank or other financial institution (called a "factor"). Actual payment to the firm for its accounts receivable may occur at various times between the date of sale and collection of the receivables
Portfolio v. profile view of risk
-Portfolio: portfolio view of risk reports outlines the severity of risks at the entity level. These reports highlight the greatest risks to the entity, interdependencies between specific risks, and opportunities. These reports typically are found in management and board reporting. -Profile: profile view of risk is narrower and more focused than the portfolio view. Like the portfolio view, the profile view outlines risk severity but focuses on levels within the entity.
Ram v. Rom and what are they both types of
-RAM (Random Access Memory): stores data temporarily -ROM (Read-Only Memory): permanently stores data needed by the computer -both primary storage (main memory): stores programs and data when in use
In ERM, ______ focuses on the development of strategy and goals while _____ focuses on the implementation of strategy and variation from plans.
-Risk appetite; tolerance -Risk appetite is the amount of risk an organization accepts in pursuit of a strategy and value. Risk appetite is focused on strategy and goals. Tolerance sets the boundaries of acceptable performance; it is related to strategy implementation and variation from plans.
Common Stock Valuation for Short Period v. Multi-Period
-Short Period: PV of dividends expected + PV of expected market price at end of one year (or less) -Multi-Period: 1st Year Dividend/(Required Rate of Growth - Growth Rate)
Simple v. Compound Interest
-Simple interest: is interest computed on the original principal only; there is no compounding in the interest computation, I=PRT -Compound interest: provides that interest be paid not only on the principal, but also on any amount of accumulated unpaid interest. Compound interest pays interest on interest; simple interest does not.
bit v. byte
-a bit is the smallest piece of info that computers recognize, i.e. just 0 or 1 -a byte is a logical grouping of bits
field (attribute)
-a logical group of bytes -identify a characteristic or attribute of an entity (e.g. name, address, customer number) -in databases, fields are also known as attributes
Bitcoin
-an intangible asset that can be bought, sold, and traded, gains/losses are capital b/c treated as an asset -also "electronic cash" (but remember, bitcoin is taxed by the IRS as property not as a currency). However, unlike most cash, no central government or authority manages bitcoin. It is a peer-to-peer (i.e., decentralized) currency that relies on a database system (called blockchain) to authenticate and validate the audit trail and existence of bitcoins. -Bitcoin is a decentralized currency that is not under the control of a government, centralized authority, or financial institution. Bitcoin is the first and most popular "crypto-currency" (i.e., a currency that relies on encryption technology for validation and control). (But remember, bitcoin is taxed as property not as currency.) -Bitcoin is also a network, payment, and accounting system. To buy or sell bitcoins, to use them as payments, or to receive them as income, one must have a wallet (much like a bank account) and a connection to a bitcoin exchange
What activities fall under strategy & objective-setting under the ERM model?
-analyze business context -defines risk appetite -evaluate alternative strategies -formulates business objectives
Annuity Due v. Ordinary Annuity
-annuity due: payments at beginning of the period -ordinary annuity: payments due at the end of the period
What activities fall under review & revision under the ERM model?
-assesses substantial change -reviews risk and performance -pursues improvement in enterprise risk management
COBIT Framework
-continuous circle of arrows -business requirements, IT resources, IT process -purpose: to provide the information that the organization needs to achieve its objectives, IT resources need to be managed by a set of naturally grouped processes
Distributed database systems, advantages + disadvantages
-database is distributed across the locations according to organizational and user needs. --Advantages Better communications among the remote locations because they must all be connected to each other in order to distribute the database More current and complete information Reduction or elimination of the need to maintain a large, expensive central processing center It enables processing of a large volume of transactions and fast access to data. --Disadvantages Cost of establishing communications among remote locations Conflicts among the locations when accessing and updating shared data ---multi-location system structure that is sometimes called the "Goldilocks" solution because it seeks to balance design tradeoffs
IT Resources (COBIT)
-date -application systems -technology -facilities -people
What are the 3 major components of the COBIT model?
-domains and processes -information criteria -IT resources
What activities fall under governance and culture under the ERM model?
-exercises board risk oversight -establishes operating structures -defines desired culture -demonstrates commitment to core values -attracts, develops, and retains capable individuals
What activities fall under performance under the ERM model?
-identifies risk -assesses severity of risk -prioritize risks -implements risk responses -develops portfolio view
Inherent risks of production cycle
-inventory manipulations -inventory mark-downs
Black Scholes Models and why different
-it is a technique used for valuing options on securities -different b/c uses probabilities and uses discounting
What activities fall under information, communication, and reporting under the ERM model?
-leverages info and technology -communicates risk information -reports on risk, culture, and performance
A heat map used as a part of assessing risks plots the___________________ on the vertical axis against the___________________ on the horizontal axis.
-likelihood rating; impact ratings -A heat map that is used in assessing the severity of risk plots the likelihood of the risk occurring on the vertical axis against the impact of the risk, should it occur, on the horizontal axis.
Times interest earned (TIE)
-measures the number of times current earnings cover interest payments for the period = (NI + interest expense + income tax expense) / interest expense
Economic Order Quantity (EOQ) and Formula
-model determined the order size that minimizes total inventory administrative costs (total order costs + total carrying costs) -Square root of (2TO)/C -T = total units for the period -O = per order cost -C = per unit carrying cost
Steps in Monitoring & Evaluating (COBIT)
-monitor the process -assess internal control adequacy -obtain independent assurance -provide for independent audit
Primary v. Secondary Storage
-primary storage (main memory): stores programs and data when in use -secondary storage: permanent storage for programs and data
Encryption and How it Works
-process of converting a plaintext message into a secure-coded form (ciphertext). -uses a mathematical algorithm to translate cleartext (plaintext)—text that can be read and understood—into ciphertext (text that has been mathematically scrambled so that its meaning cannot be determined without decryption).
What two things do the DuPont Formula measure
-profitability as a percentage of sales -efficiency with which assets were utilized to generate those sales
Goals of ERP systems:
-think lord of the rings, get it all in one ring -Integration—The integration of all data maintained by the organization into a single database; once the data is in a single database—which binds the whole organization together. Once it is integrated into a single database, the data are available to anyone with appropriate authorization. -Cost reductions—Long-run systems maintenance costs are reduced by eliminating the costs associated with maintaining multiple systems. -Employee empowerment—Global visibility of information improves lower-level communication and decision making by making all relevant data available to the employee; this empowers the employee and, in turn, makes the organization more agile and competitive in a volatile business environment. -"Best practices"—ERP systems processes are based on analysis of the most successful businesses in their industry; by adopting the ERP system, the organization automatically benefits from the implementation of these "best practices."
Where the net proceeds from the sale of by-products are used to reduce joint costs, how much profit is recognized on the sale of by-products
00000000
three steps to allocation of overhead and they take place at different times during the year.
1) At the beginning of the year, we calculate the predetermined overhead allocation rate (POR). For example, estimated overhead is divided by estimated direct labor hours. 2) During the year, we periodically allocate overhead by multiplying the overhead allocation rate (POR) by the actual units of the allocation base. 3) At the end of the year we dispose of over/underapplied overhead by taking the difference between actual overhead and applied overhead to Cost of Goods Sold.
Cyber Security: Categories v. subcategories v. references
1) Categories are high-level cybersecurity outcomes that link to organizational needs and activities. Examples of categories are: asset management, access control, physical security, and incident detection processes. 2) Subcategories divide categories into specific outcomes of technical and/or management activities. In accounting and auditing terms, these are high-level control goals. Examples include: Identify and catalog external information systems; Protect data at rest; and Investigate notifications from detection systems. 3) (Informative) References are specific standards, guidelines, and practices that provide benchmarks and methods for achieving the control goals (i.e., outcomes) found in the subcategories.
Steps in BCM
1) Create a BCM Policy + Program 2) Understand and Evaluate Organizational Risks 3) Determine Business Continuity Strategies 4) Develop and Implement a BCM Response 5) Exercise, Maintain, and Review the Plan 6) Embed the BCM in the Organization's Culture
3 DBMS and Database Languages
1) Data definition language (DLL): user can define tables and fields and relations among the tables, uses meta-data to define the database elements, ex: Create, drop, alter 2) Data manipulation language (DML): uses can add delete or update records, ex: insert, delete, etc. 3) Data query language (DQL): user can extract information, most relational databases use structured query language to extra data
Five Steps of Six Sigma
1) Define the business—Business goals, objectives, processes, team responsibilities, resources, scope of operations, and quality definitions 2) Measure the processes—Defects per unit, defects per million opportunities, and production yield. Note that all defects are counted (not just the number of defective units) 3) Analyze the process—Analysis is done to determine the root cause of defects. Tools commonly used with total quality management (TQM) such as Pareto diagrams (histograms) and/or Ishikawa (fishbone) diagrams are used to identify potential causes of defects. 4) Improve the process—This involves (1) design experiments and (2) change management to allow statistical exploration of relationships to reveal how to improve quality levels. Once determined, training, policy, and procedures are adjusted to achieve the desired change. 5) Control—TQM-type quality tools (e.g., control charts, run charts) are used to achieve sustained improvement in operational quality.
Four Categories of Business Analytics
1) Descriptive Analytics: what is happening? answer by examining past data 2) Diagnostic analytics: why did it happen? 3) Predictive Analytics: what is likely to happen? also called data mining, relies on advanced statistical methods, such as regression, cluster analysis, and pattern matching 4) Prescriptive Analytics: how should we act? applies advanced statistical methods to determine responses to business problems. Methods used in prescriptive analytics include machine learning and neural network analyses.
Variance analysis divides the difference between actual costs and standard costs into two parts:
1) Differences due to the cost of the resource (price per pound, labor rate per hour, etc.)--called price/rate variances 2) Differences due to the quantity used (gallons, pounds, feet, labor hours, etc.)--called usage/efficiency variances
Steps of Data Preparation and Cleaning (ETL Process) + What They Involve
1) Extract—get the data from a source. This could be simple, such as opening an Excel file, or complicated, such as writing Python code to "scrape" (pull) data from a website. 2) Transform—apply rules, functions (e.g., sort) and cleansing operations to a data set. For example, this might include removing duplicate records and fixing errors in names and addresses in a pension system database. Excellent software exists for such tasks (e.g., Alteryx). 3) Load—move the data to the target system. This can be as simple as uploading a flat file or as complicated as writing code to upload an exabyte (i.e., extremely large) data set to Hadoop (a software platform for extremely large data and analyses).
3 Cloud Service Delivery Models
1) Infrastructure as a service (IaaS)—Use of the cloud to access a virtual data center of resources, including a network, computers, and storage. Example: Amazon Web Services and Carbonite. 2) Platform as a service (PaaS)—A development environment for creating cloud-based software and programs using cloud-based services. Example: Salesforce.com's Force.com. 3) Software as a service (SaaS)—Remote access to software. Office 365, a suite of office productivity programs, is an example of SaaS.
3 Categories of Application Controls
1) Input and origination controls—Control over data entry and data origination process 2) Processing and file controls—Controls over processing and files, including the master file update process 3) Output controls—Control over the production of reports --Exam Tip When answering questions about application controls, the processing method (batch or OLRT) is an important determinant of the correct answer.
4 Types of Files
1) Master files are updated by postings to transaction files. 2) Standing data is a subcategory of master file that consists of infrequently changing master files (e.g., fixed assets, supplier names and addresses) 3) Transaction files are the basis for updating master files. 4) System control parameter files determine the workings, including error characteristics and bounds, of system runs.
3 Parts of a Master Budget
1) Operating Budget—The operating budget forecasts the results of operations: sales, production expenses, and selling and administrative expenses. The principal budgets found within the operating budget are: Sales budget Production budget Production cost budgets (direct materials, labor, and overhead budgets) Selling and administrative expense budget 2) Financial Budget—The financial budget forecasts cash flows and projects the financial statements that will result from operations. The financial budget consists of the: Cash budget Budgeted (or pro-forma) income statement Budgeted (or pro-forma) balance sheet 3) Capital Expenditures Budget—The capital expenditures budget projects expenditures related to the acquisition or construction of capital (fixed) assets. Since acquisition of capital assets often requires an extended planning horizon, the capital expenditures budget often spans multiple fiscal periods.
Stages in SDLC Method
1) Planning and Feasibility Study 2) Analysis 3) Design 4) Development 5) Testing 6) Implementation 7) Maintenance
Four Types of Cost of Quality
1) Prevention cost—The cost of prevention is the cost of any quality activity designed to help do the job right the first time. ex: quality engineering, quality circles, etc. 2) Appraisal cost—The cost of quality control including testing and inspection. It involves any activity designed to appraise, test, or check for defective products. 3) Internal failure cost—The costs incurred when substandard products are produced but discovered before shipment to the customer. ex: scrap, spoilage, rework etc. 4) External failure cost. The cost incurred for products that do not meet requirements of the customer and have reached the customer. Ex: product recalls, warranty repairs and replacements, etc.
Four Core Activities of the Revenue Cycle
1) Sales Receive customer orders Approve customer credit/sales authorization. 2) Physical (or Virtual) Custody of Products or Services Fill the order and prepare for shipping (if a physical merchandise). Ship or deliver the product. 3) Accounts Receivables Bill (if needed). Manage receivables (e.g., returns and allowances, determine collectability of accounts). 4) Cash Collection and receipt of payments. Reconciliations.
Within each of the four classifications of BSC, the organization identifies its
1) Strategic goals 2) Critical success factors 3) Tactics 4) Performance measures
Four Levels of Documentation
1) Systems Documentation—Overviews the program and data files, processing logic and interactions with each other's programs and systems; often includes narrative descriptions, flowcharts, and data flow diagrams; used primarily by systems developers; can be useful to auditors. 2) Program Documentation—A detailed analysis of the input data, the program logic, and the data output; consists of program flowcharts, source code listings, record layouts, etc.; used primarily by programmers; program documentation is an important resource if the original programmer is unavailable. 3) Operator Documentation (Also Called the "Run Manual")—In large computer systems, operator documentation provides information necessary to execute the program such as the required equipment, data files and computer supplies, execution commands, error messages, verification procedures, and expected output; used exclusively by the computer operators. 4) User Documentation—Describes the system from the point of view of the end user; provides instructions on how and when to submit data and request reports, procedures for verifying the accuracy of the data and correcting errors. --Note All of the preceding controls are general and preventive.
Cyber Risk Framework Structure
1) The Core: include cybersecurity activities, outcomes, and references 2) The Implementation Tiers: provide a mechanism for viewing and understanding the approaches to managing cybersecurity risk 3) The Profile: held align organizational cybersecurity activities w/ business requirements, risk tolerances, and resources
A relevant range is a range of production volumes where:
1) The range of activity for which the assumptions of cost behavior reasonably hold true; and 2) The range of activity over which the company plans to operate. 3) If (1) is true but (2) is not, then the analysis will not be relevant to the company. If (2) is true but (1) is not, then the assumptions of the model are not satisfied making the analysis invalid.
Important IT Policies
1) Values and Service Culture—What is expected of IT function personnel in their interactions with clients and others 2) Contractors, Employees, and Sourcing—Why, when, and how an entity selects IT human resources from among employees or outside contractors (i.e., an IT sourcing and outsourcing policy) 3) Electronic Communications Use—Policy related to employee use of the Internet, intranet, email, blogs, chat rooms, and telephones 4) Use and Connection Policy—Policy that states the entity's position on the use of personal devices and applications in the workplace and connection to the entity's systems. May also specify (here or in a separate policy) allowable devices and uses of these devices on the entity's systems. 5) Procurement—Policy on the procurement processes for obtaining IT services 6) Quality—Statement of IT performance standards 7) Regulatory Compliance—Statement of regulatory requirements of IT systems (e.g., in banking or investment systems) or related to data privacy 8) Security—Policy related to guarding against physical or electronic threats to IT. May include disaster recovery preparation policies 9) Service Management and Operational Service Problem Solving—Policies for ensuring the quality of live IT services
Three important functions to segregate in an IT department structure and what they do
1) applications development: , develop/test new software, safeguard assets (applications in development), partner with end users to define problems and solutions 2) systems administration and programming: grant authorization (access), maintain computer software and computing infrastructure, grant access to systems resources, typically system administrators 3) computer operations: execute events, safeguard archived IP, mostly being automated now
Risk Management Principles in Order
1) establish a fraud risk management policy as part of organizational governance 2) perform a comprehensive fraud risk assessment 3) select, develop, and deploy preventative and detective fraud control activities 4) establish a fraud reporting process and coordinated approach to investigation and corrective action 5) monitor the fraud risk management process, report results and improve the process
Four perspectives that the BSC is viewed from
1) financial - Specific measures of financial performance 2) customer -Performance related to targeted customer and market segments 3) internal business processes - Performance of the internal operations that create value (i.e., new product development, production, distribution, and after-the-sale customer service) 4) learning, innovation, and growth - Performance characteristics of the company's personnel and abilities to adapt and respond to change (e.g., employee skills, employee training and certification, employee morale, and employee empowerment)
EBIT 1) what is measures 2) how to calculate
1) measures the results of a firm's operating activities, except for its debt financing 2) EBIT = earnings before interest and taxes
Derivatives are contracts w/ all 3 of the following elements:
1) one of more underlyings and one or more notional amounts 2) requires no initial net investment or one that is smaller than would be required for other types of similar contracts 3) terms require or permit a net cash settlement
two ways of calculating variances
1) price/rate variance = difference in rates x actual quantity 2) usage/efficiency variance = difference in quantities x standard rate
Five Trust Services Principles:
1) security 2) availability 3) processing integrity 4) confidentiality 5) privacy
A firm is limited to raising a maximum of ___ during a 12-month period through crowdfunding.
1,000,000
times preferred dividends earned =
= NI / annual preferred dividend obligation
Residual Income (RI) =
= Operating Income - (Required Rate of Return x Invested Capital)
Dupont Approach to ROI (Formula)
= Return on Sales (ROS) × Asset Turnover Where: ROS = Net Income/Sales (i.e. profit margin) Asset Turnover = Sales/Total Assets so same as ROI just separated out
Common Stock Expected Rate of Return (CSER)
=(1st yr dividend/market price) + growth rate -also referred to as market's required rate of return on a prospective investment
A graph that plots beta would show the relationship between
A graph which plots beta would show the relationship between the return of an individual asset and the return of the entire class of that asset, as reflected in a benchmark return for the class.
A production cycle of long duration would be expected to have which one of the following effects on working capital?
A higher working capital requirement than a shorter production cycle. -As the term implies, the production cycle is the time needed to convert raw materials into finished goods. The longer the duration (time) of this cycle, the higher the level of working capital that would be expected to be devoted to the process. For example, more work-in-process inventory would be incurred in a long production cycle than would be involved in a short production cycle.
Monopolistic Competitive Market
A monopolistic competitive market is characterized by having many sellers that sell a distinctive product for which there are close substitutes and where it is easy to enter the market.
On November 1, Year 1, a company purchased a new machine that it does not have to pay for until November 1, Year 3. The total payment on November 1, Year 3 will include both principal and interest. Assuming interest at a 10% rate, the cost of the machine would be the total payment multiplied by what time value of money concept?
A present value of 1 factor is used because only one payment is to be made. Present value (which also is cost) = (present value of 1 factor) x (future payment). The future payment is being discounted to its present value.
Six Sigma
A statistical measure expressing how close a product comes to its quality goal. One-sigma means 68% of products are acceptable; three-sigma means 99.7% of products are acceptable. Six-sigma is 99.999997% perfect: 3.4 defects per million parts. --Six Sigma = minimize defects!!
Which derivative instrument is recommended for hedging interest rate risk
A swap agreement would be recommended to hedge interest rate risk on long-term floating-rate bonds. In an interest rate swap agreement one stream of future interest payments (e.g., floating-rate payments) is exchanged for another stream of future interest payments (e.g., fixed-rate payments) for a specified principal amount. In this case, an interest rate swap would hedge (mitigate) exposure to fluctuations in interest rates of the floating-rate bonds by exchanging those payments for a fixed-rate payment.
Electronic Funds Transfer (EFT) and some typical types
A technology for transferring money from one bank account directly to another without the use of paper money or checks; EFT substantially reduces the time and expense required to process checks and credit transactions. --Typical Types-- a) Retail payments—Such as credit cards, often initiated from POS terminals c) Direct deposit—Of payroll payments directly into the employee's bank account d) Automated teller machine (ATM) transactions e) Nonconsumer check collection—Through the Federal Reserve wire transfer system
A yield curve shows the relationship between
A yield curve shows the relationship between time to maturity and bond interest rates.
After changes to a source program have been made and verified, it moves to
After changes and verification to those changes, source programs move into production.
An audit trail is considered what type of control?
An audit trail is considered a processing control.
Which one of the following is least likely to be useful in deciding in which country an entity should operate? The economic system. The entity's strategy. An industry analysis. The economic market structure.
An entity's strategy is least likely to be useful in deciding in which country an entity should operate. It is more likely that an entity's strategy will have to be adapted to the country in which it decides to operate. That decision would be based on the economic system of alternative country locations and an analysis of the macro-environmental and industry characteristics of these alternative locations.
An investment's beta measures the investment's ...
An investment's beta measures the investment's systematic risk; it shows how the value of an investment changes with changes in the entire class of similar investments. Systematic risk is the uncertainty inherent in the entire market; it cannot be avoided through diversification.
Nodes and Types of Nodes
Any device connected to the network is a node ---Types of Nodes-- a) Client—A node, usually a microcomputer, used by end users; a client uses network resources but does not usually supply resources to the network. May be "fat" or "thin" (see the lesson on "Information Systems Hardware"). b) Server—A node dedicated to providing services or resources to the rest of the network (e.g., a file server maintains centralized application and data files, a print server provides access to high-quality printers, etc.); servers are indirectly, not directly, used by end users.
Basis risk (hedging)
Basis risk is the risk that relates to the possibility that a derivative might not be effective at hedging a particular. Basis risk is a measure of the ineffectiveness of a hedge.
Business transformation through blockchain is likely to occur __________________ and requires ___________ adoption
Blockchain requires widespread user adoption; business transformation cannot occur until there is sufficient adoption among users. Therefore, blockchain transformation will likely not occur quickly.
BCM consists of...
Business continuity planning consists of identifying events that may threaten an organization's ability to deliver products and services, and creating a structure that ensures smooth and continuous operations in the event the identified risks occur
Commercial Paper
Commercial Paper: Short-term unsecured promissory notes sold by large, highly creditworthy firms as a form of short-term financing -ONLY AVAILABLE TO THE MOST CREDITWORTHY FIRMS
A lock-box system improves control over cash received because the lock-box is accessed directly by which one of the following?
Company's bank -In a lock-box system, customer payments are made to a post office box that is accessed directly by the company's bank.
Processing Controls
Controls designed to ensure that master file updates are completed accurately and completely. Controls also serve to detect unauthorized transactions entered into the system and maintain processing integrity.
Which one of the following is the annual rate of interest applicable when not taking trade credit terms of "2/10, net 30?"
Credit terms of "2/10, net 30" mean that the debtor may take a 2% discount from the amount owed if payment is made within 10 days of the bill, otherwise the full amount is due within 30 days. The 2% discount is the interest rate for the period between the 10th day and the 30th day; it is not the effective annual rate of interest. The computation of the annual rate of interest using $1.00 would be: Interest 1 APR = _______ x ________________ Principal Time fraction of year .02 1 APR = ___ x ______ = .0204 x (360/20) = .98 20/360 APR = .0204 x 18 = 36.73%
What is the role of the systems analyst in an IT environment?
Designing systems, prepares specifications for programmers, and serves as intermediary between users and programmers.
The calculation of depreciation is used in the determination of the net present value of an investment for which of the following reasons?
Determining the net present value of an investment is done by comparing the present value of the expected cash inflows (revenues or savings) of the project with the initial cash investment in the project (outflows). Since the amount of depreciation expense taken reduces taxes due, it reduces cash outflow by the amount of taxes saved. The present value of that saving enters into the determination of present values for net present value assessment purposes.
Electronic Data Interchange (EDI)
EDI is computer-to-computer exchange of business data (e.g., purchase orders, confirmations, invoices, etc.) in structured formats allowing direct processing of the data by the receiving system; EDI reduces handling costs and speeds transaction processing compared to traditional paper-based processing. --EDI requires that all transactions be submitted in a specified format; translation software is required to convert transaction data from the internal company data format to the EDI format and vice versa. --EDI can be implemented using direct links between the trading partners, through communication intermediaries (called "service bureaus"), through value-added networks (VANs), or over the Internet, the vast majority of EDI transactions are still processed through value-added networks. (the well-established audit trails, controls, and security provided for EDI transactions by VAN are the principal reasons for their continued popularity)
Enterprise-Wide or Enterprise Resource Planning (ERP) Systems
ERPs provide transaction processing, management support, and decision-making support in a single, integrated, organization-wide package. By integrating all data and processes of an organization into a unified system, ERPs attempt to manage and eliminate the organizational problem of consolidating information across departments, regions, or divisions.
Output Controls
Ensure that computer reports are accurate and are distributed only as authorized.
What is the primary objective of data security controls?
Ensuring that accessing, changing, or destroying storage media is subject to authorization is, in fact, a primary objective of data security controls.
Expenditures Approach v. Income Approach for GDP
Expenditure approach—This measures GDP using the value of final sales and is derived as the sum of the spending of: Individuals—In the form of consumption expenditures (C) for durable and non-durable goods and for services. Businesses—In the form of investments (I) in residential and nonresidential (e.g., plant and equipment) construction and new inventory. Governmental entities—In the form of goods and services purchased by governments (G). Foreign buyers Income approach—This measures GDP as the value of income and resource costs and is derived as the sum of: -compensation to employees, rental income, propietor's income, corporate profits, net interest, taxes on production and inputs, depreciation, business transfer payments
Which of the following technologies is specifically designed to exchange financial information over the World Wide Web?
Extensible business reporting language, XBRL is specifically designed to exchange financial information over the World Wide Web.
In a traditional job order cost system, the issue of indirect materials to a production department increases
Factory overhead control --The issuance (use in production) of indirect materials results in a debit (increase) to factory overhead control. This account accumulates actual overhead cost incurrence. Actual overhead is not debited to work in process. Rather, work in process is debited to factory overhead applied.
What types of bonds is most likely to maintain a constant market value?
Floating-rate bonds are most likely to maintain a constant market value. The rate of interest paid on floating-rate bonds (also called variable-rate bonds/debt) varies with the changes in some underlying benchmark, usually a market interest rate benchmark (e.g., LIBOR or the Fed Funds Rate). Because the interest rate changes with changes in the market rate of interest, they maintain a relatively stable (constant) market value.
the most elementary form of international business is...
Importing (or exporting)
In a common-size income statement, each item is measures as a....
In a common-size income statement, each item is measures as a percentage of total revenues
Net Lease v. Net-Net Lease
In a net lease, the lessee assumes the cost associated with ownership during the period of the lease. Normally, these costs are referred to in accounting as executory costs and include maintenance, taxes, and insurance. In a net-net lease, the lessee is responsible for not only the executory costs, but also a pre-established residual value.
Peer-to-Peer Network v. Client-Serve Network
In a peer-to-peer network, any node can communicate with any other node. This is different from a client-server network in which all client computers communicate only with the server. A peer-to-peer network is decentralized, which is essential to bitcoin's goal of independence of centralized authority, governments, and financial institutions.
Oligopoly
In an oligopoly, there are few sellers and the actions of each firm are known by and affect the other firms in the industry. Therefore, if one firm lowers its price in an effort to increase market share, other firms are likely to lower their prices. This could create a "chain reaction," whereby the few firms are continuously lowering their prices, constituting a "price war."
In general, compared to traditional, volume-based costing, activity- based costing tends to shift costs...
In general, compared to traditional, volume-based costing, activity- based costing tends to shift costs away from high volume, simple products to lower volume, complex products.
Division Residual Income
Income - (rate x investment)
Level 2 Input Characteristics
Inputs in this level are observable for assets or liabilities, either directly or indirectly, other than quoted prices described in level 1, above, and include: Quoted prices for similar assets or liabilities in active markets Quoted prices for identical or similar assets or liabilities in markets that are not active markets and in which there are few relevant transactions, prices are not current or vary substantially, or for which little information is publicly available Inputs, other than quoted prices, that are observable for the assets or liabilities being valued, including, for example, interest rates, yield curves, credit risks, and default rates Inputs derived principally from, or corroborated by, observable market data by correlations or other means Depending on the circumstances specific to the asset or liability being valued, these inputs when applied may need to be adjusted for factors such as condition, location, and the level of activity in the relevant market.
Winthrop P. Snigledorf calls about his outrageous cable bill and is greeted by the "voice" of an AI program. This system is probably best described as an example of
Intelligent agents interact with humans (e.g., Siri® on the Apple® iPhone®) and have natural language processing ability.
Intranets and extranets
Intranets and extranets are private (e.g., limited access) networks built using Internet protocols. Therefore, users can access network resources through their web browser rather than a proprietary interface. This substantially reduces training time for users and system development time for programmers. Thus, intranets and extranets are rapidly replacing traditional proprietary LANs and WANs:
Relationship Between Market Price of Bonds and Changes in the Market Rate of Interest
Inverse relationship, i.e. if market rate of interest goes up, market price of bonds go down b/c could get better interest elsewhere
Mirroring
Maintaining an exact copy of a data set to provide multiple sources of the same information Mirrored sites are most frequently used in e-commerce for load balancing—distributing excess demand from the primary site to the mirrored. A high-cost, high-reliability approach that is common in e-commerce.
Lean Manufacturing
Making small batches of a high variety of unique products usually with automated or otherwise sophisticated machinery and highly skilled labor (usually cross-trained). Thus, lean production blends the features of craft and mass production processes.
Control Environment (COSO)
Management's philosophy toward controls, organizational structure, system of authority and responsibility, personnel practices, policies, and procedures. This component is the core or foundation of any system of internal control.
Most likely to employ public relations and lobbying as part of firm strategy
Monopoly. Because a monopoly exists when a single firm provides the total output for an industry, there is no competition and, therefore, there are no normal market forces on the setting of price. As a consequence, government generally imposes regulations that restrict the setting of price by a monopoly firm. Monopolies employ public relations and lobbying as part of a strategy to sway government regulations that would be detrimental to those firms.
Because of the way activity-based costing identifies and allocates costs, organizations that adopt activity-based costing tend to have:
More precise measures of cost More cost pools More allocation bases (e.g., multiple causes for costs to occur)
EVA (formula)
NOPAT - WACC x (Total Assets - Current Liabilities) NOPAT = net operating profits after tax
To get joint cost allocated to product M, assuming that LM Enterprises uses the estimated net realizable value method to allocate costs, how it NRV calculated
NRV for joint cost is units produced x selling price per unit - separable costs
What to with normal spoilage v. abnormal spoilage
Normal spoilage is a manufacturing cost because it is an expected and inherent part of production. Thus, it is included in the cost of finished goods. Abnormal spoilage is the amount of spoilage in excess of normal spoilage, and it is treated as a period cost.
Reporting (COSO)
Objectives related to the preparation of (financial or nonfinancial) reports for use by shareholders and the organization. Reporting objectives may be for internal or external objectives.
Market in which firm demand curve is most likely to be kinked
Oligopoly In an oligopoly market, there are few firms, each of which knows and responds to the actions of other firms. Thus, if one firm lowers it price, rival firms are likely to lower their price to keep from losing market share. However, if one firm raises its price, rival firms are not likely to raise their price and lose market share. Therefore, the demand curve will kink at the established current price. That demand curve reflects the fact that prices will be more elastic above the kink (if a firm raises its price, it loses a disproportionate number of customers) and more inelastic below the kink (if a firm lowers its price, others will too, so it won't gain a disproportionate number of customers).
This system is sometimes also called a TPS.
Operational systems are sometimes called TPS (transaction processing systems).
Market in which firms have perfectly elastic demand curve
Perfect competition In perfect competition, the price at which a firm can sell its goods/services is set by the market; individual firms must sell at that market price. Therefore, the demand curve for the individual firm is a horizontal line at the market price. That horizontal line reflects that the demand for the individual firm is perfectly elastic; any quantity can be sold at the same price.
Least likely to invest in brand development
Perfect competition. In perfect competition, all firms sell a homogenous good/service; there is no product differentiation. Since all firms sell an identical good/service, there is no value in attempting to establish brand recognition. Therefore, firms focus on innovation in production, distribution, and sales processes, rather than on the good/service sold, in order to become the lowest cost producer.
In which of the following implementation approaches are users divided into smaller groups and trained on the new system, one group at a time?
Pilot, Users are divided into groups and are trained on the new system one group at a time.
Prime Costs v. Conversion Costs
Prime costs are direct labor and direct materials, while conversion costs are direct labor and manufacturing overhead. You can think of prime costs as being the "primary" costs (i.e., direct materials and direct labor) of the product. You can think of conversion costs as the "costs of converting" direct materials into a product by using direct labor and overhead.
Process Costing
Process costing is used to accumulate costs for mass-produced, continuous, homogeneous items, which are often small and inexpensive. Since costs are not accumulated for individual items, the accounting problem becomes one of tracking the number of units moving through the work-in-process (WIP) into finished goods (FG) and allocating the costs incurred to these units on a rational basis.
Product Cost
Product cost is the cost assigned to goods that were either purchased or manufactured for resale. Product cost also is often referred to as "inventoriable cost."
Denial of service (DoS) attack
Rather than attempting to gain unauthorized access to IT resources, some attackers threaten the system by preventing legitimate users from accessing the system. Perpetrators instigate these attacks, using one or many computers, to flood a server with access requests that cannot be completed. --The object of the attack is to prevent access to the system: the attacker does not actually gain access to information on the system. These include ransom and blackmail DoS attacks in which the criminal threatens to deny service unless the user pays a ransom or engages in a specific act (e.g., grants access to their system).
What document is useful in determining which employee should be assigned a new job duty?
Skills inventory report
What are standards? What are the types of standards?
Standards are predetermined or targeted costs. Standards are similar to budgeted amounts stated on a per unit basis, but standards differ from budgets in that they actually appear in general ledger accounts, while budgeted amounts do not. Standards are developed for each factor of production (materials, labor, and overhead) and usually fit into one of two broad categories: 1) Ideal/theoretical standards—Ideal standards presume perfect efficiency and 100% capacity. ***Not useful for control purposes as they are not practically attainable 2) Currently attainable standards—Currently attainable standards are based on higher than average levels of efficiency, but are clearly achievable Typically used for employee motivation, product costing, and budgeting
Token-based payment systems
Such as electronic cash, smart cards (cash cards), and online payment systems (e.g., PayPal) behave similarly to EFT, but are governed by a different set of rules. Token-based payment systems can offer anonymity since the cards do not have to be directly connected to a named user.
The data control protocol used to control transmissions on the Internet is
TCP/IP
Capital Account and what it reports
The "capital account" is used in the balance of payments accounting. This account reports the dollar value of: -The net of U.S. purchases of foreign capital (or real) assets and foreign purchases of U.S. capital (or real) assets. -The net of U.S. purchases of foreign investment and other financial assets and foreign purchases of U.S. investments and other financial assets. The sum of these is the capital account balance in the balance of payments accounting
Current Account and what it reports
The "current account" is used in the balance of payments accounting. This account reports the dollar value of: -The net of imports and exports of goods and services. -The net income from U.S. investments in foreign securities and real estate and foreign investments in U.S. securities and real estate. -The net of other transfers out of and into the U.S., including government grants and charitable transfers. The sum of these items is the current account balance in the balance of payments statement.
Financial Account and what it reports
The "financial account" is used in the balance of payments accounting. This account reports the dollar value of: -U.S.-owned assets abroad, and -Foreign-owned assets in the U.S. The sum of these is the financial account balance in the balance of payments account.
Which of the following components of a database is responsible for maintaining the referential integrity of the data in the system?
The database management system (DBMS) controls the storage and retrieval of the information maintained in a database and is responsible for maintaining the referential integrity of the data.
When a demand schedule is plotted on a graph, the resulting demand curve for a market will be
The demand schedule of an individual or of the market shows that more units of a commodity are demanded as the price decreases. Therefore, the demand curve would be negatively sloped; the quantity demanded would be lower at higher prices and would increase as price decreases. The quantity demanded varies inversely with price along a given demand curve:
Sales Volume Variance
The difference between a flexible-budget amount and the corresponding static-budget amount.
Effective Interest
The effective interest rate is the annual interest rate implicit in the relationship between the net proceeds from a loan and the dollar cost of the loan. -Formula: (B/P)/yrs
Does IRR take depreciation expense into consideration?
The internal rate of return is determined as the rate of interest that equates the present value of future new cash inflows (or savings) with the cost of the project. Because depreciation expense does not affect cash flows (it is a non-cash expense on the income statement), the internal rate of return method excludes the use of depreciation expense in the calculation (when income tax considerations are ignored).
Internal Rate of Return
The internal rate of return metric equates the present value of a project's expected cash inflows to the present value of the project's expected costs. It does so by determining the discount (interest) rate that equates the present value of the project's future cash inflows with the present value of the project's cash outflows. The rate so determined is the rate of return earned on the project.
The Resource Development Company mines for rare earth minerals in developing countries. The company is currently assessing aspects of risk to determine which risks are most and least important. This analysis most likely occurs as a part of which component in the ERM framework? Governance and Culture Performance Strategy and Objective-Setting Information, Communication, and Reporting
The listed activity concerns risk prioritization, which occurs in the performance component of ERM, not in the governance and culture component. This component is concerned with risk identification and assessment, which helps an organization achieve its strategy and business objectives.
The maximum period for which commercial paper may be used for financing purposes is
The maximum period for which commercial paper (short-term, unsecured promissory notes) may be used is 270 days. Notes exceeding 270 days in maturity require SEC registration and would not be considered commercial paper.
World Bank
The objective of the World Bank is to promote general economic development, especially in developing countries, primarily by leading for infrastructure, agricultural, education, and similar needs.
Control Activities
The policies and procedures that ensure that actions are taken to address the risks related to the achievement of management's objectives.
The P/E ratio for a share of common stock is computed as
The price/earnings (P/E) ratio is computed as the market price of the stock divided by the earnings per share (EPS). Note that both values are on a per share basis and the resulting calculation shows the relationship between the price of a share of stock in the market and the earnings for each share of stock.
The principal difference between the absorption model and the direct costing model rests on which costs are assigned to products:
The principal difference between the absorption model and the direct costing model rests on which costs are assigned to products: --The absorption model assigns all manufacturing costs to products. --The direct model assigns only variable manufacturing costs to products.
Risk Assessment (COSO)
The process of identifying, analyzing, and managing the risks involved in achieving the organization's objectives.
Firewalls
The purpose of a firewall is to allow legitimate users to use, and to block hackers and others from accessing, system resources. It consists of hardware, or software, or both, that helps detect security problems and enforce security policies on a networked system
When making short-term investments, which one of the following is the risk associated with the ability to sell an investment in a short period of time without having to make significant price concessions?
The risk associated with the ability to sell an investment in a short period of time without having to make significant price concessions is liquidity risk. Two possible elements are implied in the risk: (1) the inability to sell for cash in the short term, and (2) the inability to receive fair value in cash in the short term.
This interest is required by lenders, not to cover risks, but to compensate the lender for deferring use of the funds by making an investment.
The risk-free rate of interest, as the term implies, is the interest that would be charged on a borrowing that carried no risks (e.g., of default, inflation, etc.). This interest is required by lenders, not to cover risks, but to compensate the lender for deferring use of the funds by making an investment.
Theory of Constraints
The theory of constraints identifies strategies to maximize income when the organization is faced with bottleneck operations. A bottleneck operation occurs when the work to be performed exceeds the capacity of the production facilities. Over the short run, revenue is maximized by maximizing the contribution margin of the constrained resource.
The ultimate purpose of competitor analysis is to
The ultimate purpose of competitor analysis is to understand and predict the behavior of a major competitor.
The following statement is adapted from the annual report of a large corporation: "Overall responsibility for overseeing the management of risks, compliance with our risk management framework and risk appetite lies with _______."
The ultimate responsibility for these ERM components rests with the board of directors.
The best reason corporations issue Eurobonds rather than domestic bonds is that
These bonds are normally a less expensive form of financing because of the absence of government regulation. Eurobonds are issued in a currency other than the currency of the country in which they are issued. For example, U.S dollar-denominated bonds issued in an EEU country would be Eurobonds. Because they are not issued in the country of the currency in which they are denominated, these bonds are not subject to the government regulations of the country of the currency and, thus, avoid expense and disclosure requirements of that country.
Cyber Security Implementation Tiers
Tier 1: Partial Risk Management—Organizational cybersecurity risk management practices are informal. Risk is managed as ad hoc and reactive. Prioritization of cybersecurity activities may not be directly informed by organizational risk objectives, the threat environment, or business requirements. Integrated Risk Management Program—Limited awareness of cybersecurity risks with no organization-wide approach to managing cybersecurity risk. Cybersecurity risk management occurs irregularly on a case-by-case basis. Organizational sharing of cybersecurity information is limited. External Participation—Organization has weak or nonexistent processes to coordinate and collaborate with other entities. Tier 2: Risk Informed Risk Management—Management approves risk management practices when needed but not as a part of an organizational-wide policy. Prioritization of cybersecurity activities is informed by organizational risk objectives, the threat environment, or business requirements. Integrated Risk Management Program— While there is some awareness of organizational cybersecurity risk, there is no established, organization-wide approach to managing cybersecurity risk. Risk-informed, management-approved processes and procedures are defined and implemented, and staff have adequate resources for cybersecurity duties. Organizational cybersecurity information sharing is informal and as needed. External Participation—The organization assesses and understands its cybersecurity roles and risks but has not formalized its capabilities to share information externally. Tier 3: Repeatable Risk Management Process—The organization's risk management practices are formally approved as policy. Organizational cybersecurity practices are regularly updated based on the application of risk management processes to changes in business requirements and changing threats and evolving technologies. Integrated Risk Management Program—Organization-wide management of cybersecurity risk exists. Management has risk-informed policies, processes, and procedures that are defined, implemented, and regularly reviewed. Consistent, effective methods respond to changes in risk. Personnel possess the knowledge and skills to perform their appointed roles and responsibilities. External Participation—The organization understands its dependencies and communicates with cyber security partners to enable collaboration and risk-based management in response to incidents. Tier 4: Adaptive Risk Management Process—The organization adapts its cybersecurity practices based on experience and predictive indicators derived from cybersecurity activities. Continuous improvement processes include advanced cybersecurity technologies and practices. The organization actively adapts to a changing cybersecurity landscape and responds to evolving and sophisticated threats in a timely manner. Integrated Risk Management Program—An organization-wide approach to managing cybersecurity risk uses risk-informed policies, processes, and procedures to address cybersecurity events. Cybersecurity risk management is part of the organizational culture and evolves from an awareness of previous activities, information shared by other sources, and continuous awareness of activities on their systems and networks. External Participation—The organization manages risk and actively shares information with partners to ensure that accurate, current information is shared to improve collective cybersecurity before a cybersecurity event occurs.
Monitoring (COSO)
To ensure the ongoing reliability of information, it is necessary to monitor and test the system and its data.
Tolerance
Tolerance is the acceptance range of variation in performance.
IT policies need not relate specifically to physical or electronic threats to IT. T/F
True
Risk Appetite v. Tolerance
While risk appetite is broad, tolerance is tactical (operational) and focused. Specifically, tolerance should be measurable and measured. In contrast, risk appetite may be stated in numbers (quantitatively) or in words (qualitatively, e.g., "low" or "high"). The example in the next figure illustrates tolerance statements. Notice that the "Minimize missed calls" example that is discussed in the figure illustrates asymmetric tolerance.
Blockchain
a decentralized, distributed ledger. "Decentralized" and "distributed" mean that anyone in the peer-to-peer "network" (i.e., the people and machines that are allowed access to the ledger) can always log, view, and confirm its validity and accuracy. Simply stated, blockchain is an independent, secure, non-modifiable audit trail of transactions, collected into an open ledger database. It is also an encryption-secured, distributed database of transactions. -Because blockchain relies on decentralized users confirming one another's ledgers, it requires adoption by many users to be useful. Hence, blockchain is unlikely to transform business in the short term. EXAMPLE OF COSO'S CONTINUOUS MONITORING
In a common-size balance sheet, each item is measured as a...
a percentage of total assets (or total liabilities plus equity)
materials requirement planning approach to manufacturing and inventory management focuses on...
a set of procedures to determine inventory levels for demand-dependent inventory types such as work-in-process and raw materials. Under this approach, inventories are maintained at every level in the process (as raw materials, work-in-process and finished goods) as buffer against unexpected increases in demand. The alternative approach, just-in-time inventory, seeks to eliminate excess raw material, work-in-process and finished goods inventories.
A well-formed, precise risk statement should include (2 things)
a statement of the risk and a statement of the impact of the risk
Benchmarking
a technique of organizational self-assessment via internal and external comparison to sources of excellence in performance. In other words, you try to find someone who is doing it better than you and attempt to emulate their performance!
Absorption costing v. variable costing
a) Absorption costing allocates both variable and fixed manufacturing costs to inventory. b) Variable costing assigns only variable manufacturing cost to inventory and expenses fixed manufacturing overhead as a period cost.
Documentation of the Accounting System is Required b/c
a) By law, for example in the Foreign Corrupt Practices Act, and SOX b) To build and evaluate complex systems c) For training d) For creating sustainable/survivable systems e) For auditing (internal and external) f) For process (re)engineering
Centralized v. Decentralized Systems
a) Centralized systems Maintain all data and perform all data processing at a central location; remote users may access the centralized data files via a telecommunications channel, but all of the processing is still performed at the central location. b) Decentralized systems Allow each location to maintain its own processing system and data files. In decentralized systems, most of the transaction processing is accomplished at the regional office, and summarized data is sent to the central office.
Types of Computer Crimes
a) Computer or System as Target—A perpetrator may use a computer to deny others the use or services of a computer system or network. Examples include denial of service (DoS) attacks and hacking. b) Computer as Subject—A perpetrator may unlawfully gain access to many computers on a network and use these computers to perpetrate attacks on other computers. Examples include a distributed denial of service attack (just described) or the use of malware (i.e., programs that exploit system and user vulnerabilities) to gain access to computers and networks. c) Computer as Tool—A perpetrator unlawfully uses a computer or network to gain access to data or resources (other than the computer itself). Examples include fraud, unauthorized access breaches, phishing, and installing key loggers. d) Computer as Symbol/User as Target—A variation on the computer-as-tool crime. Here, a perpetrator deceives a user to obtain access to confidential information. Examples—social engineering methods including phishing, fake website, and spam mail.
CRM and its primary objective
a) Customer Relationship Management (CRM)—Technologies used to manage relationships with clients; biographic and transaction information about existing and potential customers is collected and stored in a database; the CRM provides tools to analyze the information and develop personalized marketing plans for individual customers. b) Primary objective of a CRM system—To retain current customers and gain new customers
E-business v. e-commerce
a) E-business: The generic name given to any business process that relies on electronic dissemination of information or on automated transaction processing. E-business can be conducted within the organization as well as between the organization and its trading partners. Most e-business is conducted via the Internet using web-based technologies, but other processing modes are also included. b) E-commerce: This term is narrower than e-business and is used to refer to transactions between the organization and its trading partners.
Elastic v. inelastic
a) Elastic = price elasticity of demand is > 1 b) Inelastic = the elasticity of demand is < than 1
Gross Margin v. Contribution Margin
a) Gross Margin = Revenue − Cost of Goods Sold—This is a conventional metric that reflects profitability prior to the recognition of period expenses (i.e., selling and general/administrative expenses). b) Contribution Margin = Revenue − Variable Expenses—This is a metric primarily related to internal decision making. Contribution margin (as opposed to gross margin) focuses on cost behavior so that management can evaluate the consequences on profitability and the break-even point of alternative decision scenarios.
Intranet v. extranet
a) Intranets—Available only to members of the organization (business, school, association); intranets are often used to connect geographically separate LANs within a company. b) Extranets—Intranets that are opened up to permit associates (company suppliers, customers, business partners, etc.) to access data that is relevant to them.
Types of Networks
a) Local Area Networks (LANs)—Local area networks were so named because they were originally confined to very limited geographic areas (a floor of a building, a building, or possibly several buildings in very close proximity to each other). With the advent of relatively inexpensive fiber optic cable, local area networks can extend for many miles. For example, many urban school districts have local area networks connecting all of the schools in the district. b) Wide Area Networks (WANs)—Although WANs can vary dramatically in geographic area, most are national or international in scope. c) Storage Area Networks (SANs)—A type of, or variation of, LANs that connect storage devices to servers d) Personal Area Networks (PANs)—A PAN is a short-range network (approximately 30 feet of 10 meters) that often connects a single device (e.g., headphones) to a network. The most common use of PANs is to connect devices using "Bluetooth" technology (which is a communications protocol). Walk through any airport and you'll see lots of people using PANs (via Bluetooth).
Missing Data Check v. Field Check (data type/data format check)
a) Missing data check—The simplest type of test available: checks only to see that something has been entered into the field. b) Field check (data type/data format check)—Verifies that the data entered is of an acceptable type—alphabetic, numeric, a certain number of characters, etc.
When standard costs are used to value inventories, the variance must be written off: (non-significant v. significant)
a) Non-significant variances—Write off to CGS. b) Significant variances—Allocate to ending work-in-process, finished goods, and cost of goods sold.
Operating Profit Margin v. Profit Margin/Return on Sales
a) Operating Profit Margin = Operating Income / Sales—This is a useful metric for determining comparable performance without considering potential confounding interest and tax effects that usually have little to do with operations. b) Profit Margin or Return on Sales = Net Income / Net Sales—This metric expresses the ability of revenue to generate profits and is an important external financial evaluation metric. As presented by the DuPont formula, profit margin or return on sales multiplied by capital or asset turnover is equal to return on investment.
Types of Implementation
a) Parallel implementation—The new system and the old system are run concurrently until it is clear that the new system is working properly. b) Direct cutover, "cold turkey," "plunge," or "big bang" implementation—The old system is dropped and the new system put in place all at once. This is risky but fast (except when it fails —in which case it is slower). c) Phased implementation—Instead of implementing the complete system across the entire organization, the system is divided into modules that are brought on line one or two at a time. d) Pilot implementation—Similar to phased implementation except, rather than dividing the system into modules, the users are divided into smaller groups and are trained on the new system one group at a time:
Market Ratios
a) Price Earnings (PE) Ratio—Market Price per Share / Earnings per Share b) Market-to-Book Ratio—Market Value per Share / Book Value per Share
Types of Processing Controls
a) Run-to-Run Controls—Use comparisons to monitor the batch as it moves from one programmed procedure (run) to another; totals of processed transactions are reconciled to batch totals—any difference indicates an error. Also called "control totals." b) Internal Labels ("Header" and "Trailer" Records)—Used primarily in batch processing, electronic file identification allows the update program to determine that the correct file is being used for the update process. c) Audit Trail Controls—Each transaction is written to a transaction log as the transaction is processed; the transaction logs become an electronic audit trail allowing the transaction to be traced through each stage of processing; electronic transaction logs constitute the principal audit trail for online, real-time systems.
Common features of CRM software include:
a) Sales force automation—Tracking contacts and follow-ups with customers or potential customers automatically to eliminate duplicate efforts. b) Marketing automation—Triggering marketing efforts when, for example, new contacts or prospects are entered into the database, such as sending promotional material via email. Also facilitates targeted marketing campaigns to specific customer interests (e.g., Kroger promoting grocery products only to interested customers). c) Customer service automation—Handling common customer interactions in an automated manner. For example, Internet service providers often have automated, prerecorded troubleshooting for common internet or modem issues. d) In addition to automated features, a CRM system provides additional value with the rich data that can be assessed, such as sales history and projections, marketing campaign success, trends, and performance indicators.
Step-Variable Costs v. Mixed Costs
a) Step-Variable Costs—Remain constant in total over a small range of production levels, but vary with larger changes in production volume. Supervisory salaries, utility costs, and shipping costs often behave in this fashion. b) Mixed Costs (Also Known as Semi-Variable Costs)—Have a fixed component and a variable component. The variable component causes them to vary in total with changes in volume. The fixed component, however, prevents them from varying in direct proportion to the change in volume.
When an application proposal is submitted for consideration, the proposal is evaluated in terms of three aspects:
a) Technical feasibility—Is it possible to implement a successful solution given the limits currently faced by the IT department? Alternatively, can we hire someone, given our budget, to build the system? b) Economic feasibility—Even if the application can be developed, should it be developed? Are the potential benefits greater than the anticipated cost? c) Operational feasibility—Given the status of other systems and people within the organization, how well will the proposed system work? d) After establishing feasibility, a project plan is developed; the project plan establishes: Critical success factors—The things that the project must complete in order to succeed. Project scope—A high-level view of what the project will accomplish. Project milestones and responsibilities—The major steps in the process, the timing of those steps, and identification of the individuals responsible for each step.
Valid Code v. Check Digit
a) Valid code test (validity test)—Checks to make sure that each account code entered into the system is a valid (existing) code; this control does not ensure that the code is correct, merely that it exists. b) Check digit—Designed to ensure that each account code entered into the system is both valid and correct.
correlation coefficient (R) v. coefficient of determination (R-squared)
a) correlation coefficient (R) measures the strength of the relationship between the dependent and independent variables. The correlation coefficient can have values from −1 to 1 b) coefficient of determination, identified as R2 (R-squared), indicates the degree to which the behavior of the independent variable predicts the dependent variable. The coefficient of determination is calculated by squaring the correlation coefficient. R2 can take on values from 0 to 1. The closer R2 is to 1, the better the independent variable predicts the behavior of the dependent variable.
materials requisition v. bill of materials v. move ticket
a) material requisition also called a "materials transfer ticket," authorizes employees to move inventory from raw materials to production. b) bill of materials specifies which parts are used in making a product c) A move ticket identifies the parts to be transferred, their destination, and the time of transfer. Move ticket itself is increasingly likely to be an electronic, not a physical, "document," likely to be linked to a bar-coding or RFID system that scans parts
data warehouse
an approach to online analytical processing that combines data into a subject-oriented, integrated collection of data used to support management decision-making processes.
CAPM
an economic model that determines a measure of relationship between risk and expected return
effective cost of the loan (i.e., the effective interest rate on the loan) is determined as the...
annual dollar cost of the loan divided by the net useable proceeds of the loan
the market price of a bond issued at a premium is equal to the present value of its principal amount and the present value of all future interest payments, at a) the stated interest rate b) the market rate
b) the marker (effective) rate of interest
Public company external audit firms must audit their clients':
both their financial statements and their internal controls.
Fixed Overhead Volume Variance
budgeted fixed overhead - (standard overhead rate x std. qty allowed for actual production)
reward/risk ratio.
calculated as the mean return on the instrument divided by the standard deviation, which is a measure of the risk associated with the investment instrument. Using the Sharpe ratio, the higher the ratio, the greater the reward per unit of risk. The risk/reward ratio for U.S. Treasury bills is 1.333
Internal environment is influenced by...
capital, people, process, technology
Spontaneous financing occurs when....
credit is provided in the course of day-to-day operations; In general, the level of financing goes up concurrent with the purchase of goods or services or the carrying out of other day-to-day activities.
Salami fraud
describes the illegal taking of a small amount of money from many accounts using various rounding methods.
Profitability Index
determines project rankings by taking into account both the NPV and the cost of the project
Inventory percentage =
ending inventory balance/total assets
in TQM, the concept of quality has to do with...
how well the item meets its design specifications. That is, does it perform as it is expected to perform? --This concept of quality is known as "quality of conformance."
In a macroeconomic free-market flow model, leakages result when
income is used for purposes other than domestic consumption. Both savings and taxes (as well as payments for imports) are uses of income for purposes other than domestic consumption.
the term given to a bond contract.
indenture
Balance of payment accounts are used in...
international economics to account for transactions with foreign nations; they are not used in financial management.
Foreign direct investment (FDI)
investment by an entity directly in facilities to manufacture and/or market goods/services in a foreign country
The Source Program Library Management System (SPLMS) Manages...
manages the migration from the application development test environment to the active production library when new programs are developed or old programs modified -ensures that only valid changes are made to the system by checking for all necessary authorizations and, for program modifications, by comparing the new source code to the old source code. Only after verification does the program migrate to the SPL.
In perfect competition, price =
marginal revenue
profit is maximized when
marginal revenue equals marginal cost. If a firm produces where marginal revenue is greater than marginal cost, it will make a profit on additional units it produces (up to MR = MC) because it is earning more revenue on those units than the cost of those units. By decreasing its price and selling more units to the point at which marginal revenue is equal to marginal cost, Oneco will maximize its profit in the short run.
In a computer-based system, the equivalent of a subsidiary ledger is a
master file
Defensive Interval Ratio
measures the number of times highly liquid assets cover average daily use of cash =(cash+receivables+marketable securities) / average daily cash payments
Fault tolerant systems
operate despite component failure (include redundancy and corrections for component failure)
External environment is influenced by...
political, economic, social, technological, legal, and environmental
what does online transaction processing system (OLTP) do?
records the day-to-day operational transactions and enhances the visibility of these transactions throughout the system. -primary concerned with collecting data (and not analyzing it) across the organization.
Job order costing is used to accumulate costs related to....
related to the production of large, relatively expensive, heterogeneous (custom-ordered) items
market rate of interest on a one-year U.S. Treasury bill is
risk-free rate plus the inflation premium (for the expected rate of inflation during the life of the security
SoD Software
software identifies roles and creates matrix (i.e. rows by columns) of needed segregations
Standard Qty/Hrs (SQA)
standard inputs per unit multiplied by the actual finished good units produced
A direct efficiency variance is the difference between
the actual quantity and the standard quantity allowed multiplied by the standard price. The variance is unfavorable because the actual quantity is greater than expected based on the standard.
A picking ticket identifies...
the items to be pulled for a sales order.
company's risk capability
the maximum amount of risk that the entity can absorb
maximum transfer price
the maximum transfer price (ceiling) is equal to the market price
minimum transfer price =
the minimum transfer price (floor) is equal to the avoidable outlay costs
Relevant costs for special-order decisions
the only relevant costs are the costs directly attributable to the special order and, if the company is operating at capacity, the opportunity costs associated with production that must be canceled in order to complete the special order
should cost based-pricing in transfers be based on standard or actual costs?
transfer price should always be based on standard costs rather than actual costs: using actual costs to set the transfer price allows manufacturing inefficiencies to be passed on to the purchasing division and provides no incentive to the selling division to control costs.
for price variance, you should use actual amt sold t/f
true, ignore estimated sales, focus only on price differences
demand flow approach, or demand flow technology (DFT)
uses mathematical methods to link materials, time, and resources based on continuous flow planning. The objective is to link process flows and manage those flows based on customer demand.
Times Interest Earned
—Operating Income / Interest Expense. This approach measures the enterprise's ability to service its debt obligations by measuring the ability to make regular interest payments based on earnings. This reflects risk on the income statement