BEC - Gleim 2

Section 302 Reporting

-10-k and 10-q filing -CEO and CFO Certification of review, free of material misstatements, system of internal control, informed auditors of significant control deficiencies/fraud, and significant changes to internal control

Object-Oriented Databases

-A response to the need to store graphics and multimedia applications -Stored along with the executable code that directs the behavior of the object

Data Center Contingencies

-Backup electrical generators -Viruses and denial-of-service require the system to be brought down gracefully to halt the spread

Build or Buy (Systems)

-Bought: contract management personnel, future end-users, IT personal are involved -Built: planning/managing process is an important function of IT; extensive time and resource are devoted -Both the end-users who specified the new system's functionality and IT management who are overseeing the development process must approve progress toward the completion of the system at the end

CAPM

-Capital Asset Pricing Model -measures how a particular security contributes to the risk and return of a diversified portfolio -quantifies the required return on an equity security by relating the security's level of risk to the average return available in the market

Electronic Communication (Networks)

-Computer-based systems have been woven into almost every facet of the modern organization -Has enabled the growth of the truly global organization (new markets and support) -Use social media to disseminate information and gather customer feedback -Rich site summary: allows the content of a website that changes often to be downloaded and stored automatically to a user's computer -Cloud computing: organizations are relieved of the need to manage the storage of both applications and data

Materials Requirements Planning (MRP and MRP II)

-Computerized systems or moving materials through a production process according to a predetermined schedule. -push system that is driven by forecasted demand and outages -components: master production schedule, bill of materials, and perpetual inventory records -commonly contained in ERP systems -II: extends the scope by being a closed-loop system that adds a feedback loop

Business Resiliency

-Contingency planning done by IT to secure available data -Consists of disaster recovery, business continuity, and business continuity management -Plans must be made for when the data center is physically available and when it's not

Segregation of Duties -- IT Function

-Controls should ensure the efficiency and effectiveness of IT operations The responsibilities of systems analysts, programmers, operators, file librarians, the control group, and others should be assigned to different individuals, and proper supervision should be provided -ARC may not be feasible -Compensating controls may be necessary, such as library controls, effective supervision, and rotation of personnel -Makes concealment of unauthorized changes in production programs more difficult

IT Strategy Levels

-Corporate: concerned with market definition -Business: applies to organizations that have independent business units -Functional: specific division of the org

Responsibilities of IT personnel

-Database administrators (DBAs): responsible for developing and maintaining the organization's databases and for establishing controls to protect their integrity; only the DBA should be able to update data dictionaries -Data administrators (DAs): responsible for maintaining the data within the databases -Network administrators: manages data and network communication, which includes, but is not limited to, managing LANs, MANs, WANs, internet systems, etc; responsibilities include installing/maintaining/upgrading/resolving network systems -Network technicians: maintain devices that interconnect the organization's computers; responsible for mining connection to networks (internet) -Webmaster: responsible for the content of the organization's website. -Computer operators: responsible for the day-to-day functioning of the data center; should not be assigned programming duties or system design duties or authority to make changes -Librarians: control/accountability for documentation, programs, and data storage -Systems programmers: maintain operation systems on org computer; may be able to modify -Applications programmers: responsible for programs designed for an end-user -System Analyst: determine how application should be designed -Help desk: log/resolve problems -Information security officers: develop/monitor policies -End users: changed production at a by not programs

Corporate Governance Structure

-Depends on the nature of activities -may be centralized or decentralized -degree of centralization affects entity's ethical climate

Application Software

-Designed to help people perform an activity that can manipulate text, numbers, graphics, or a combination of these elements. -word processors, spreadsheets, graphics and databases -dedicated server examples: payroll, HR, purchasing, AP, GL, treasury, etc

Organizational Needs Assessment

-Detailed process of study and evaluation of how information systems can be deployed to help an organization meet its goals -Steps: analyze current systems, determine outstanding needs, determine capacity, propose goal path within budget -Horizontal scalability: increases capacity by adding the the number of computers -Vertical scalability: increases power to increase computing capacity

Economic Order Quantity Model

-Determines the order quantity that minimizes the sum of ordering costs and carrying costs -√2OD/C -O: po Ordering costs; D: unit Demand; C: unit Carrying costs -assumptions: demand is uniform, order/carrying costs are constant, and no quantity discounts -change in any variable changes the EOQ.

Blockchain

-Digital database/ledger that provides proof of who owns what at any moment in time as each transaction has been added to the ledger -Ledger: encrypted/public/distributed widely for anyone to view -primarily used to verify financial transactions within digital currencies -enables cryptocurrency owner to transfer currency directly to another party on the network without financial institution for mediation -miners authenticate transactions -ledger edits are immediately obvious due to public review of tampering -transaction history = chain; ownership change = block

End-User vs. Centralized Computing

-EUC involves user-created/acquired systems maintained outside of traditional IS controls; environmental control risks more likely, unauthorized access, may not have adequate backup, decentralization of control, data-locating difficulties, and more steps for auditor (existence, risk assessment, and review controls), SOD eliminated, diminished audit trail, and limited security.

Audit Committees

-Each member (at least 3) shall be an independent member of the board of directors (not affiliated or compensated from the issuer) -Best practice (not required) to have at least one member qualify as financial expert; existence and reasons of nonexistence of expert must be disclose; expert must have GAAP understanding, experience in financial statement preparation, internal control experience, and experience with committee functions. -Directly responsible for independent auditor -Must establish complaints and whistleblowing procedures for entity accounting practices

Quantifying Risk

-Equity prices -Exchange rate (the price of a type of currency versus another type of currency -Interest Rates (the price to borrow money

Public Company Accounting Oversight Board (PCAOB)

-Established to oversee audits of public companies -Issues auditing and related standards for public companies -Inspects and Investigates accounting firms -Enforces compliance with its rules, professional standards, SOX, and relevant securities laws

Management judgement

-Experience and knowledge covering events (past and current). -Assumptions about expected conditions, events, etc., and changes therein. -Based on both subjective and objective factors -normally concentrates on key factors and assumptions that are (1) significant to the accounting estimate, (2) sensitive to variations, (3) deviations from historical patterns, and (4) subjective and susceptible to misstatement and bias.

Processing Restoration Technologies

-Fault-torent computer systems used for mission citrical applications that cannot afford to suffer downtime -High-availability computing is used for less critical applications (short recovery time)

Investment Securities

-Financial instruments: used to raise capital/invest; Equity (common stock, convertible preferred stock, preferred stock); Debt (subordinated debentures, second/first mortgage bonds, US treasury bonds) -Equity is riskier than debt because return is not legally guaranteed -Debt secures returns are guaranteed -Precious metals (commodities) have highly volatile prices and are safe during periods of high inflation.

Machine Learning

-Form of AI that enables computers to learn/grow/change/develop when exposed to new data -Adapt to new data by learning from previous computations and identifying trends -Examples: FB friends suggestions, Hulu movie suggestions; Amazon purchasing suggestions

High-Low Method

-Generates a regression line using only the highest and lowest of a series of observations -Points may be abnormalities not representative of normal events

Relational Databases

-Group of tables built following the principles of relational data structures -Most commonly used today -files are stored in tables -Uses SQL -Each data element stored as few times a necessary -Normalization: reduction in data redundancy -Cardinality: How close data element is to being unique -Referential Integrity: Record must exist in another table in order to be entered in a given table -Mandatory field: required to be completed -Advantage: searching for records is greatly facilitated -Uses keys to reference records- Primary: uniquely identify records; Foreign: reference a primary key in another table -Relationships of keys- 1:1: one foreign: one primary; 1:many: one foreign: many primary; many:many: many foreign: many primary

IT Definitions

-Hardware: any physical item that comprises a computer system -Software: combination of computer programs that manipulate data and instruct the hardware on what to do -Network: collection of hardware devices that are interconnected so they can communicate among themselves -Data: information, not instructions, that are stored in hardware -People: anyone who uses hardware

IT Governance

-IS and IT are vital to ensure the successful implementation of an organization's strategy -IT strategy should be driven by the business needs and not by the functions of available technology when formulating a plan to achieve goals. -BOD, Officers, and IT steering committee play a role in determine and supporting an entity's overall vision and strategy.

Risk Assessment Steps

-Identify and prioritize the organizations critical applications -Determine the minimum recovery time frames and minimum hardware requirements -Develop a recovery plan

Public Accounting Firms

-Independent auditors must register with the PCAOB -prohibited from performing certain non audit services for an audit client (bookkeeping, FIS design and implementation, appraisal services, actuarial services, internal audit outsourcing, management, hr, investment services, legal services, or other expert services) -may perform permitted services preapproved by audit committee (tax services and statutory audits)

Types of Loading

-Initial Load: processing data from the source database for the first time; may require extensive time depending on volume -Incremental Load: loading data from the source subsequent to the initial load (new/revised data) -Full refresh: complete wipes out data of one or multiple sections of the database and loads new data into the database

SDLC Phases

-Initiation: recognizing need -Analysis: Formal proposal/feasibility study -Design: Mapping the flow -Development: actual code/hardware assembled -Testing: Error Identification (static, dynamic, white-box, gray-box, black-box, and sandbox) (unit, integration, system, and acceptance) -Implementation: Desired functionality (parallel, direct, pilot, or phase) -Maintenance: monitored for ongoing performance and continuous improvement

Database Management System

-Integrated set of software tools superimposed on the data files that helps maintain the integrity of the underlying database -Make the maintenance of vast relational databases practical. -Allows programmers/designers to work independently of the physical and logical structure of the database -Different users may define their own views of the data (subschemas) -users can query data with a database view -administrator responsible for maintaining and supporting the system

Short-Term Financing Equations

-Interest expense: loan x stated rate x time -Effective interest: interest paid/net proceeds -loan amount: usable funds/(1-stated rate) -Effective rate: stated rate/(1-stated rate) -CompBal effective rate: stated rate/(1-CompBal %)

Inventory Ratios

-Inventory Turnover: Number of times a year the total. balance of inventory is converted to cash or receivables; affected by purchasing and sales; can be indication of how well apartments are interoperating; COGS/Avg Inventory; higher sales = higher TO; -Days' sales in inventory (days in inventory): average number of days between inventory acquisition and its sale; how many days the firm's current inventory will last before stockout; signifies the age of the firm's inventory (liquidity); Ending inventory/(COGS/days in a year); Days in a year/Inventory turnover ratio

Code of Ethics (SOX)

-Issuers are required to disclose whether or not they have adopted this for senior financial officers. -If they have not adopted this for senior financial officers, then they must also disclose the reason(s) why

Penalties

-Knowingly misrepresenting records to impede US investigation could result in a fine, imprisonment of up to 20 years, or both -Informant retaliation could result in a fine, imprisonment of up to 10 years or both -Unknowingly certifying noncomplying filings can result in fines up to $1,000,000 or up to 10 years imprisonment -Knowingly certifying noncomplying filings can result in fines up to $5,000,000 or up to 20 years imprisonment -If an issuer is required to prepare an accounting restatement because of misconduct, the issuer's CEO and CFO must forfeit incentive-based compensation and sale of stock profits during the previous 12 months -For certain violations, the SEC has the authority to prohibit persons from serving as a director or officer of any issuer

Inventory Replenishment

-Lead time: time between placing order and receipt of goods -Safety stock: held as a hedge against costly stockouts -Reorder point: inventory amount indicating reorder (average daily demand * lead time in days) + safety stock

Simple Regression

-Linear equation describing the relationship between two variables -Uses one independent variable -y = a + bx -y (dependent variable); a (y intercept); b (slope); x (independent variable) -valuable for quantifying risk, budgeting, cost accounting, and mixed cost estimation (fixed and variable components)

Accounting Estimates and risk

-Management is responsible for process: identify circumstances, understand factors, accumulate data, predict most likely circumstances/factors, determine estimate based on these prediction, and present estimate per correct accounting principles with adequate disclosure. -May be individually reasonable but collectively indicate possible bias

BCM Elements

-Management support, risk assessment & mitigation, business impact analysis, business recover & continuity strategy (alternative resources), and awareness, exercises & maintenance

Section 404 Reporting

-Management's Assessment of Internal Controls -Management has taken responsibility for internal controls over financial reporting -Name of the internal control model (ie: COSO) -Assessment of IC effectiveness -statement that independent accounting firm registered with PCAOB has assessed IC system

Non-Relational Databases

-Mechanism for storage and retrieval of data other than the tabular relations used in relational databases -data structures used by NoSQL -capture all kinds of data allowing for a reliable database -provide better horizontal scaling when users increase -results in less code to write, debug, and maintain

Backup and Rotation (Resiliency)

-Most basic part of disaster recovery and business continuity plan -Organizations data more valuable than hardware because it is unique -Types of backup: mirror (full copy of primary computer), full (duplicates all data), incremental (only changed data), differential (changed since full backup) -Offsite location must be temperature/humidity controlled, guarded against physical intrusion, and far away from main ops.

User Auditor Objectives

-Obtain an understanding of the nature and significance of the services provided by the service organization and their effect on the user entity's internal control relevant to the audit. -Design and perform audit procedures responsive to risks of material misstatement identified in understanding IC. -understanding can be supported by the System and Organization Controls report (SOC 1 report) prepared by the auditor of the service organization (service auditor) and is intended to be used by the auditor of the user organization (user auditor).

Loading Data into the Final Target Databases

-Operational data store repositories: store real-time data to perform simple data analytics; generally characterized by low volume data (low/no history) -Data warehouses: store structured, scrutinized data in one data repository for the purpose of performing complex data analytics; high-volume (detailed history) -Data lakes: store all structured, semi-structured, and unstructured data regardless of format or source into one data repository; raw/unprocessed.

Binary Storage

-Pattern of zeros and ones -Bit: 0 or 1; can be strung together -Byte: group of bits; commonly 8 bits; used to signify a character -Field: Data item; group of bytes; unit of data about some entity (name) -record: Group of fields (list of names) -file: group of records (names, locations, dates, etc)

Systems Software

-Performs the fundamental tasks needed to manage computer resources -Operating: "Traffic Cop"; negotiates the conversation between hardware, application, and data; Linux, macOS, and Windows -Utility programs: perform basic functions no particular to a certain application; anti-virus, file management, and network utilities -Device driver programs: operate or control a particular type of device that is attached to the computer; printer requires a printer driver

Disaster Recovery Plan (DRP)

-Process of regaining access to data, communications, work areas, and other business processes -Must be developed in connection with the business continuity plan -Should describe IT recovery strategies, including details about procedures, vendors, and systems -Should be based on business impact analysis, assess critical server recovery, IT component recovery, and service provider recovery information -Strategies for components may be developed independently. -Security and compliance standards must be considered

Rapid Application Development

-Prototyping: Alternative approach to application development; creates working model of request system -Computer-aided software engineering (CASE): provides capacity to maintain documentation, develop executable screens, and generate code; facilities creation/organization/maintenance of documentation and permits some automation of the coding process

Probability

-Provides a method for mathematically expressing the likelihood of possible outcomes -Distribution: set of all possible outcomes of a decision, with a probability assigned to each outcome.

Program Change Control

-Relevant to managing proposed system changes -once change approved, production program copy saved in sandbox (changes not made directly to system) -programmer makes changes -programmer creates executable changed program -programmer tests executable changed program -programmer demonstrates program to requestor -once acceptable, programmer moves program to holding area -programmer supervisor approves and moves change into production

Business Continuity Management

-Restore critical processes and minimize financial and other effects of a disaster or business disruption -Third component of an emergency management program

Rate of Return

-Return is the amount received by an investor as compensation for accepting the risk of the investment (return = amount received - amount invested) -Rate of return is a percentage of the amount invested ( return/amount invested)

Risk and Return Relationship

-Risk-adverse: gain utility < loss disutility; must have high expected returns; in financial and economic model, all investors are assumed to be risk averse -Risk-neutral: gain utility = loss disutility; expected value approach -Risk-seeking: gain utility > loss disutility; optimistic risk attitude -risk premium: expected RR > RFR -risk-free rate: interest rate on safest investment (US treasury bills) -required rate of return: all investment risks that relate to a specific security (inflation, liquidity, default, maturity, etc.)

Other SOC Reports

-SOC 2 reports and SOC 3 reports are the same as SOC 1 reports except for they relate to the controls at the service organization over security, availability, processing integrity, confidentiality, or privacy -SOC 2: intended to be used by the parties stated in the report -SOC 3: intended to be used by anyone

SOX

-Sarbanes-Oxley Act of 2002 -Applies to public companies who report to the SEC. -Not legally applicable to private companies, but private companies may enact similar guidelines to follow.

DBMS aspects

-Schema: particular database's design consisting of layouts of the tables and constraints on entering new records -DDL: data definition language allows user to specify how tables will look and elements they will hold -DML: data manipulation language allows the DBMS to retrieve, add, delete, or modify records and data elements -Data dictionary: physical and logical characteristics of every data element in a database -Distributed database: stored in two or more physical sites -Replication (snapshot) technique: DBMS duplicates the entire database and sends it to multiple locations -Fragmentation (partitioning) method: specific records are stored where they are most needed -Concurrent update control: Prevents simultaneous accessing or altering of data by multiple users

No Data Center Contingencies

-Seek alternate processing facilities maintained by the organization for providing processing facilities for customers in case of disaster -hot site (fully operational), warm sites (available but needs configuration), and cold sites (shell facility)

Approaches to quantifying risk

-Sensitivity Analysis: trial-and-error of changing variables/assumptions; facilitated by computer software -Simulation: sophisticated refinement of probability theory and sensitivity analysis.; frequently expensive. -Monte Carlo Simulation: generates individual values for a random variable; performance under uncertainty; produces distribution when done many times -Delphi Approach: opinions from a group of experts until an optimal solution converges -Time Series Analysis: projecting future trends based on past experience -Expected Value Analysis: provides a rational means for selecting the best alternative in decisions involving risk -Probability Analysis: used to examine the array of possible outcomes given alternative parameters (extension of sensitivity analysis) -Risk Assessment Tools: potential decline in market value at given confidence level of specific time (VAR); potential decline in earnings (EAR): potential decline in CF (CFAR)

External Service Organization

-Some of an entity's business processes or functions, e.g., IT, human resources, payroll, or internal audit, may be performed by them

Business Process Design Participants

-Stakeholders affected by everyday functioning a business process -End-users generally drive new/redesigned processes -IT steering committee must study each request for new process and approve or deny it -Project team assembled after approval -Process design is supported by resources provided by management -If process crosses organization boundaries, external stakeholders are included

Correlation

-Strength of the linear relationship between two variables -Coefficient of correlation (r): mathematical expression of the relationship between two variables; graphically depicted in the form of a scatter diagram; quantifies risk; ranges from 1 (perfect direct) to -1 (perfect inverse); percentage of variation in the dependent variable explained by the variation in the independent variables.

Basic Investment Categories

-Systematic (market; undiversifiable; changes in the economy as a whole; unavoidable) -Unsystematic (idiosyncratic; company; diversifiable; inherent in a particular investment; specific to a firm)

Cash Conversion Cycle

-The time between payment of cash for inventory and the collection of cash from its sale. -Describes the efficacy of the firm's investment in operations -Lower = Better -DSR + DSI - Average payables -APTO: COGS/Avg AP -Avg Payables Period: Ending AP/(COGS/DIaY) or DIaY/APTO

Operating Cycle

-The time between the acquisition of inventory and the collection of cash for its sale -Dictates cash flow -Longer = greater need for liquidity -Days' sales in receivable + day's sales in inventory -DSR: EAR/(NCS/DIaY)

Short-Term Financing Options

-Trade credit -formal term loans or LOC -Simple Interest ST loans -Discounted loans -Loans with compensating balances -LOC with commitment fees

Hierarchical Databases

-Tree database model -Form branches and leaves from a root as opposed to one after the other -fields are stored only once -parent record have multiple child records -Each child record can have only one parent record

SOC 1 Reports

-Type 1: expresses an opinion on the fair presentation of management's description of the service organization's system and whether the controls are suitably designed at the specified date. (controls can attain the control objectives if they operate effectively) -Type 2: expresses not only the type 1 opinions but also an opinion on whether the controls were operating effectively (relate to design and effectiveness throughout the period rather than at a specific date)

Service Organization Definitions

-User entity: uses a service organization -user auditor: audits/reports on the fs of user entity -service organization: provides services rousers that are relevant to IC -service auditor: reports on controls at service organization -subservice organization: used by another service organization to perform services relevant to IC -Complementary user entity controls: service org builds into IC structure to achieve objectives of org and user. -Test of controls: evaluate operative effectiveness of objectives of service organizations system

Regression Analysis

-X and Y linear relationship only valid across relevant range (highest to smallest measures) -Assumes past relationships are valid basis for projections -Does not determine causality

Information Technology

-an all-encompassing term that refers to the electronic storage, retrieval, and manipulation of data -the study, design, development, application, implementation, support or management of computer-based information systems -synonym for computers, computer networks‚ and the use of computer programs

Business Information Systems (BIS)

-any combination of hardware, software, data, people, and procedures employed to pursue an organizational objective (serve the needs of all internal/external org users) -3 roles: support business processes, decision making, and future panning -4 tasks: input, processing, output, and storage -Stakeholders: affected by output of IS

CAPM Formula

-based on the idea that the investor must be compensated for an investment in two ways: time value of money and risk -Required rate of return = RF + β(RM - RF) -RF: Risk-Free Rate (time-value component, provided by the safest investments); RM= Market Return; β=Measure of volatility (weighs the risk premium) -RM-RF: Market Risk Premium -β(RM - RF): Security Risk Premium -SML: Security market line; graphical relationship between RF and RM

Officers

-day-to-day operations of the entity -CEO -CFO, COO, and CIO chosen by CEO -agents of the corporation and may enter contracts

Standard Deviation and Variance

-expected rate of return (R): average of the possible outcomes weighted according to their probabilities; ∑(Possible rate of return × Probability) -standard deviation (variance's square root) (σ): measure of the probability that the actual return on an investment will differ from the expected return; √∑ [(Ri - R)2 × Probability] =√Variance; measures the tightness of the distribution and the riskiness of the investment -coefficient of variation (CV): measures the risk per unit of return; useful when the rates of return and standard deviations of two investments differ; lower the ratio, the better the risk-return tradeoff; CV = (σ) ÷ R; Standard deviation / Expected rate of return

Articles of Incorporation

-filed with the secretary of state of the relevant state -must contain the name of the corporation, the number of authorized shares, the address of the initial registered office of the corporation, the name of its first registered agent at that address, and the names and addresses of the incorporators -may also include names and addresses of the initial directors, purpose and duration of the corporation, and any provision that may be set forth in the bylaws -provision for issuance of voting stock is an implicit requirement

Business Process Design

-flow of actions performed on goods/information to accomplish a discrete objective -some are contained entirely within a single functional area (others cross boundaries) -Integrated systems are the norm -Automation of a process presents the organization with an opportunity for business process reengineering -BPR: complete rethinking of and changes to business functions (radical) -Process automation: automation of business processes (incremental)

Diversification

-hold a group of securities that provides a reasonable rate of return without the risks associated with one security; Expected portfolio return and portfolio risk -Idiosyncratic risk: associated with one investment security (specific risk); by combining imperfectly correlated securities into a portfolio, the risk of the group as a whole is less than the average of their standard deviations -Market risk: risk of the stock market as a whole -Coefficient of correlation: can be used to determine how (a) a security performs against its benchmarks or (b) securities behave against other securities within a portfolio; deal portfolio consists of securities with a wide enough variety of coefficients of correlation that only market risk remains; risk of a portfolio can be lowered by adding negatively correlated securities

Internal Auditors

-independent, objective assurance and consulting activity designed to add value and improve an organization's operations -should assess and make appropriate recommendations to improve processes of decision making, risk management, ethics/values, performance management, and internal/external communication

BOD

-makes/approved all major corporate decisions -oversight role -selects/removes officers, capital structure decisions, bylaw adjustments, initiate fundamental changes, dividend decisions, determines management compensation, coordinate audit activities, and manage risk -may establish committees (ie: audit committee)

Standard Error

-measures how well the linear equation represents the data -vertical distance between the data points in a scatter diagram and the regression line -lower when data points are closer to regression line

Just-in-Time Inventory

-moving handing and storage of inventory are treated as non value-adding activities -All inventories and their carrying costs are reduced or eliminated entirely by using binding agreements with suppliers -pull systems that is demand driven -minimize inventory control/maintenance costs -No need to present detailed (RM,WIP, FG) view of inventory

Fiduciary Duties

-officers must act in best interest, be loyal, use due diligence, be informed, and disclose conflicts of interest. (divided into duty of care and duty of loyalty) -officers must discharge their duties in good faith, in the best interest of the entity, reasonably appropriate, reliance on others, and with informed advice (duty of care) -steps officers must take when face with a conflict of interest are to make full disclosure, must be fair, approved, not voidable, no sanctions, and no usurping (duty of loyalty)

Flat Files

-oldest file structure -all records are store sequentially -to find a record, all previous records have to be bypassed -user searching is extremely limited

Code of Ethics

-promote ethical culture -senior management sets the example -communicate values internally and externally, establish standards, and provide guidance -periodically acknowledged and disciplined

Financial Reporting

-public: must contain audited financial statements -BOD responsible for independent auditor or audit committee (address accounting complains, receive reports on caritas policies, material treatments of financial info, effects of alternative disclosures, and external auditor treatments) -management responsible for preparation and fair presentation, design/implementation/maintenance of IC -independent auditor responsible for expressing option on fair presentation and effectiveness of IC if public company

Software

-refers to the programs (i.e., sets of computer instructions) that are executed by the hardware -Systems vs application -programming language written in -systems, application, machine learning, blockchain

Systems Development Life Cycle (SDLC)

-traditional methodology applied to the development of large, highly structured application systems. -enhanced management/control is a major advantage -Stages: systems strategy (understanding needs), project initiation (proposal assessment), in-house development (for unique needs), commercial packages (common needs), and maintenance & support (changing needs) -Steps: Need, requirement analysis, design, development, testing, implementation, and maintenance (restarts)

Corporate Governance

1. Governance - Ensure activities meet objectives of stakeholders 2. Stakeholders - Affected by activities of the entity 3. Internal governance - bylaws, BOD, ethics code, internal audit 4. External governance - SEC acts (1933 and 1934)

Accounting cycles and controls

1. Sales to customers on credit 2. Cash collection 3. Purchases on credit 4. Cash disbursement 5. Employee payment

Loans to Directors and Executive Officers

Although certain exceptions apply (e.g., home improvement loans and consumer credit), issuers are generally prohibited from extending personal loans to any director or executive officer

Investment Risk Types

Credit default-borrower won't repay, liquidity-security can't be sold on short notice, maturity/interest rate-value fluctuation from time, inflation-decline in purchasing power, political-regulation causes loss, exchange rate-value of foreign currency, business (operational)-demand or price or leverage, country-foreign country investment, and principal (default)-losing the principal.

Payroll Responsibilities

HR, payroll, timekeeping, production, cost accounting, accounts payable, cash disbursements, and general ledger

Service Organization Qualifications

Have an effect on: -significant classes of transactions in the user entity's operations -systems, both IT and manual, that initiate, authorize, record, process, correct, and report the user entity's transactions -How the user entity's information system captures significant events and conditions, other than transactions -process used to prepare statements, including significant estimates and disclosures

Purchases-Payables-Cash Disbursements Responsibilities

Inventory control, purchasing, receiving, inventory warehouse, accounts payable, cash disbursements, general ledger

Inventory Costs

Purchase+carrying+ordering+stockout -Purchase: Supplier invoices -Carrying: Holding inventory (storage, insurance, security, depreciation, interest, obsolescence, spoilage, and opportunity) (minimizing causes higher ordering) -ordering: vendor fixed costs or internal setup costs (minimizing causes higher carrying) -stockout: opportunity cost of not filling customer orders and expediting (minimizing causes higher carrying)

Sales-Receivables-Cash Receipts Responsibilities

Sales, credit, inventory warehouse, inventory control, shipping, billing, accounts receivable, mail room, cash receipts, general ledger, receiving

Load verification

involves examining the data before and after loading to the target database to determine whether the data completely loaded and whether any discrepancies exist

Management and FV Estimates

must adopt financial reporting processes that include (1) adequate internal control, (2) selecting appropriate accounting policies, (3) prescribing estimation processes (e.g., valuation methods, including models), (4) determining data and assumptions, (5) reviewing the circumstances requiring estimation, and (6) making necessary reestimates