ACG3401 Exam 1

Record structure

Account number is primary in AR file, but secondary in SO file For files to link, these keys must relate, must have primary and secondary Every record must have a unique identifier which allows us to join files in the database Every one must have primary key. When two things are linked, it may be primary in one but in the other, it becomes secondary

what are universal objectives of internal controls?

Accurate financial reporting Safeguarding your assets

Centralized data processing

All data processing performed by large, monstrous computers in a common data center that serves users throughout the organization Lends itself to intra-organization communication and data sharing have gatekeepers

Master file backup is a standard procedure to maintain file integrity in the event that

An update program error corrupts the master file being updated Undetected transaction errors result in corrupted balance A disaster physically destroys current master file

Operational efficiency

Batch processing of noncritical accounts eliminates unnecessary activities at critical points in the process

Resources

Batch system: generally fewer required Real-time system: require dedicated processing capacity

May disclose in code in several ways

By including the code as an exhibit to its annual report By posting the code to the company website By agreeing to provide copies of the code upon request

centralized processing system

Centralized but can still maintain control with roles and privileges Part of ERP: enterprise resource planning (monster system)

some examples of input controls

Check digit: control digit that is added to the data code when originally assigned. Allows integrity to be establishing during processing and helps prevent common errors Missing data check identified blank or incomplete input fields Numeric-alphabetic check identifies data in the wrong form Limit checks identify fields that exceed authorized limits, customer must already be in system, cannot add anyone Range checks verify that all amounts fall within acceptable range Reasonableness checks verify that amounts that have based limit and range checks are reasonable Validity check compare actual fields against acceptable values

This means no system is perfect due to restraints. Why?

Collusion: two or more people working together, hard to find controls to prevent this. Internal control system is designed for individuals to do normal day to day activities Management override: you could have best procedures in whole world, but management can mess this up Human error: you can never fully prevent, who is performing controls, could approve the wrong thing, could misunderstand Cost benefit: financial reporting, one of limitations, if cost and effort of control exceeds benefits, then we would not fool with it

why would small business needs accounting system?

Compliance with regulations, like sales tax Measure of performance If we ever want to attract capital (investor, line of credit from bank)

what are non-universal objectives of internal controls?

Compliances with applicable laws and regulations (not as universal) Efficiency of operations (not as universal)

Advantages of data coding in AIS:

Concisely represents large amounts of complex information that would otherwise be unmanageable Provides accountability over transaction completeness Identifies unique transactions and accounts within a file Supports the audit function by providing an effective audit trail

company code of ethics should include

Conflicts of interest Full and fair disclosures Legal compliance Internal reporting of code violations (encourage and protect whistle-blowers) Accountability

section 406 should address :

Conflicts of interest Full and fair disclosures Legal compliance Internal reporting of code violations (encourage and protect whistle-blowers) Accountability

transaction processing

Cycle approach

404

Documentation / Reporting of Controls

5 conditions of fraud

False representation: false statement or disclosure Material fact: fact must be substantial in inducing someone to act, something that actually matters Intent: must exist or knowledge it is false, you are trying to gain upper hand on someone Justifiable reliance: misrepresentation must have been relied on (people do not often know), if claim is so ridiculous that no one believes it, it is not fraud Injury or loss: must have been sustained by the victim

How do people decide how to distribute capital?

Financial statements.

COSO

Framework for internal controls

some things SOX did

Had wide effects on stock market, accounting, auditing Significantly altered landscape Established PCAOB Attempted to break relationship between auditors and their companies and consultants Responsibility of BOD committees Disclose off-balance sheet items Easier to prosecute white collar criminals

Updating master files from transactions

Involves changing the value of one or more variable fields to reflect the effects of a transaction (batch and real-time)

Manual process model

No one does this in 2024, but still a good learning tool

control-based approach

No way we could look at every single transaction, so we look at the process (controls),we do tests of controls: tests that establish whether internal controls are functioning properly (IT auditing)

Excel Notes

Only first and last items in excel get dollar sign One underline is result of some math Double underline means that column is over Data > sort

Issues of concern include

Privacy and ownership in the personal information industry Misuse: Copying proprietary software, using a company's computer for personal benefit, and snooping through other people's files Security involving accuracy and confidentiality (shared databases) Ownership Environmental issues like printing and disposal Equity of access issues related to economic status, culture, and safety AI unemployment

Real-time systems

Process as it happens Transactions are not independent of each other, so must be processed separately,

what do auditors do?

Provide opinion on financial statements prepared by management Looks at controls over price list (influences revenue) Gather evidence (about numbers in financial statements), and put together an opinion on it (like a murder investigation)

sequential files

Records arranged one after another in a particular order (e.g: alphabetically)

Controls are

Responsibility of management Subsystems interrelated Properly designed documents are a control Authorization Separation of duties Independent checks on performance/verification

Information Objectives

To support the firm's day-to-day operations To support management decision making To support the stewardship function of management

trial balance as part of transaction processing

Typically done as part of a worksheet 10-Column Worksheet

Distributed data processing

Users possess transactions locally with each user segment possessing IT needs to support their operations Users function independently and tend not to share data and information (basically each user has their own system, which are not integrated)

data coding scheme

Using simple numbers and letters to mean something more complex, involves creating simple codes to facilitate efficient data processing

trade-off between efficiency and effectiveness, when to use batch versus real-time

When immediate access to current information is critical to the user's needs, real-time processing is the logical choice. When time lags in information have no detrimental effects on the user's performance, and operational efficiencies can be achieved by processing data in batches, batch processing may be the best choice.

Network

a collection of computers and communication devices that allow users to communicate, access data and applications, and share information and resources

Supervision

a compensating control in organizations too small for sufficient segregation of duties (cameras)

File

a complete set of records of an identical class

Transaction file

a temporary file of individual transaction records used to update data in a master file (ex: sales orders, inventory receipts, etc)

Audit trail

accounting records that trace account balances contained in the financial statements back to the source documents and events that created them (important in financial audit)

Corrective controls

actions taken to reverse the effects of errors detected, really tricky, there could be many things that could have gone wrong (human error, inventory system mess up, etc), and it's not always obvious how it went wrong

Summarization

aggregated for the user's needs

Completeness

all essential information is present

what did SOX require

all public companies document all controls as part of audit

when does posting happen?

almost simultaneous to journal, to General Ledger

Mnemonic codes

alphabetic character acronyms and other combinations that convey meaning (example: course catalog, ACG is accounting)

Check tampering

altering legitimate checks, anything messing with checks (from company or to company)

External audit

an independent attest function and opinion (audit report) regarding financial statement presentation

Flat-file system

another name for distributed data processing, Also known as legacy system, Not good

Assurance service

any type of engagement that improves the quality of information for users

fraud triangle now includes

arrogance and competency (pentagon)

Batch systems

assemble transactions in groups, resulting in a time lag, (example: payroll is friday for everyone) Batch transactions must be independent of each other Can use sequential files, stack things on top of one another as we file, use less efficiency (mostly accounting)

Attest service

assurance service where we provide written report about some type of statement, attestation, audit is one type

Management, ____________, capital providers. who is middle man?

auditors

Commercial software

available for general accounting and industry specific applications, also called turnkey systems because can be implemented with little modification (typically appeal to large community of users, which keeps unit cost down to customers, thoroughly tested, free from error, and current with professional standards), can now buy add-ons to help customize

IT controls

built into system, include general and application controls. accountants deal with application

accounting

capture transactions and put them in user-friendly format (how management communicates what's going on)

lapping

cash receipts clerk first steal and cashes a check from customer A, then using check from customer B (common)

Database mode

centralizes organization's data into common database that is shared with other users, access to data resource is controlled by a database management system

data updating as redundancy problem

changes or additions must be performed multiple times which added significantly to the task and cost of data management

Independent verification procedures

checks to identify errors and misrepresentations

Record

complete set of attributes for a single occurrence within a entity class (us ourselves are records comprising all our little attributes)

Internal control system

comprises policies, practices, and procedures employed by the organization to achieve these objectives: Safeguard assets of the firm Ensure the accuracy and reliability of accounting records and information Promite efficiency in the firm's operations Measure compliance with management's prescribed policies and procedures

Accounting records

consist of source documents, journals, and ledgers which capture economic essence and provide an audit trail (design)

General ledgers

contain account information in highly summarized control accounts

Subsidiary ledgers

contain details for each of the individual accounts that constitute a particular control account, when you have specific details about account, not optional (example: AR and AP because getting paid at diff times, payroll, NP, PPE)

Master file

contains account data, updated by transactions (ex: general ledger)

Archive file

contains records of past transactions retained for future reference, from important part of the audit trail

Relevance

content must serve a purpose, capable of making a difference, differs amongst alternatives

Based on what 5 components

control environment, risk assessment, monitoring, information and communication, control activities

advantages to DDP

cost savings, user satisfaction (each individual has control over their own set up), backup at multiple sites (one department mistake won't mess up entire org)

when and what: trial balance

could happen at any time, checking for equality

Before SOX, auditors...

could only audit, were not money-makers

data versus information

data are facts, whereas information are facts that cause user to take action they would have not taken without seeing information (can be internal or external)

expenses

decrease in assets, or increase in liability due to major course of business

Flat-file model/legacy systems

describes an environment where individual data files are not related to other files, Leads to data redundancy problems: when multiple users need the same or similar data for different purposes

Detective controls

designed to identify undesirable events that elude preventive controls, not fix

Segregation of duties controls

designed to minimize incompatible functions including separating: transaction authorization and processing and asset custody and record-keeping

accountants as domain experts

determines nature of information required, its sources, its destination, and the accounting rules that need to be applied

Custom software

developed through a formal process called the system development cycle, which requires an inhouse team of qualified individuals (costly, mostly for large orgs with unique needs)

Entity relationship diagram (ER)

diagrams system data, a technique used to represent the relationship between business entities (1:1, 1:M, M:M)

Access controls

ensure that only authorized personnel have access to firm assets (locking things up)

The expenditure cycle

every company behind with the acquisition of materials, property, and labor in exchange for cash every transaction has physical and financial part

Corruption

executive, manager, or employee of the organization collusion with an outsider

Reliability internal and external documents

external are seen as more reliable because third party has probably seen and checked

Fraud

false representation of a material fact made by one party to another party with the intent to deceive and induce the other party to justifiably rely on the fact to their detriment, must be INTENTIONAL misstatement Behavioral aspects of who and why and then physical of how (which reveals exposures in our system)

Shell company

false vendor set up and false purchase orders

Data sources

financial transactions that enter the information system from either internal or external sources (most commonly external financial transactions)

AIS versus MIS

financial transactions versus non financial transactions

Data collection

first operational stage in info system, with objective to ensure that event data entering the system are valid, complete, and free from material errors, relevance and efficiency important here

Narrative

for small systems, only one or two steps, a little story to explain something

Feedback

form of output sent back to the system as a source of data

Accuracy

free from material errors

liability

future use of resources that cannot be avoided and is due to some past transaction

Employee fraud

generally designed to convert cash or other assets to the employee's personal benefit

Process Models

how you actually process transactions

currency of information

if updated information is not properly disseminated, changes will not be reflected in some users' data, resulting in decisions based on outdated information

examples of external end users

include creditors, stockholders, potential investors, regulatory agencies, tax authorities, suppliers, and customers

revenue

increase in assets, or decrease in liabilities due to major course of business

Attest function

independent auditor's responsibility to opine as to the fair presentation of a client firm's financial statement

Pass through fraud

involves both a legitimate and false vendor purchase, done by purchasing agents, charge company more than what is really is and take extra

Pay-and-return

involves double payment with the clerk intercepting the vendor reimbursement check, reimbursement for things that weren't really supposed to be reimbursed

The production system of the conversion cycle

involves planning, scheduling, and control of the physical product through the manufacturing process (includes determining raw material requirements, authorizing work, directing process of WIP)

The revenue cycle

involves processing cash sales, credit sales, and the receipt of cash following a credit sale has physical and financial component

Thefts of cash schemes

involves the direct theft of cash on hand

user approach to financial accounting

just need to know stuff to make decisions

Destructive update

leaves no backup copy and requires special recovery program if data is destroyed or corrupted, think of excel, once you have passed the point of the undo button, you've changed something and previous thing isn't there anymore

Cloud computing

location-independent computing, where shared data centers deliver hosted IT services over the internet

top management

long-term goals and setting org objectives

examples of internal end users

management and operations personnel

Data flow diagram

model systems processes, no one actually uses, insufficient because we still do not know: who is performing these tasks? when are they doing it? what documents and records are involved here?

timelines of documents

more important for external

Attribute

most elemental piece of potentially useful data in database, a logical and relevant characteristic of an entity about which the firm captures data, every single useful nugget

fraud triangle

motives, opportunity, ethics

Questionnaire

mountains of pages, yes/no questions, satisfies audit standards

Preparer approach to financial accounting

nitty gritty GAAP approach, background info

Management fraud

no direct theft, usually manipulation of financial data Perpetrated at levels of management above internal control structures Frequently involves exaggerated financial statement results Misappropriation of assets often shrouded in complex transactions involving related third parties

Timeliness

no older than time frame of supported action

Transposition errors

occur when digits are reversed

what happens after adjusted trial balance

once set, you're basically just making it look pretty

real world income summary

only close out debit, credit of temporary account to income summary, then income summary to retained earnings

Data storage as redundancy problem

organizations must incur the costs of multiple collection and storage procedures

Preventive controls

passive techniques designed to reduce undesirable events by forcing compliance with prescribes or desired actions Vast majority of controls Preventing errors and fraud is most cost-effective than detecting and correcting them

Input control

perform tests on transactions to ensure they are free from errors (make sure no misinformation enters system)

what accounts make up balance sheet?

permanent

Billing schemes (fraudulent disbursements)

perpetrated by employees who cause their employe to issue a payment to a false supplier by submitting involves for fictitious goods or services, lots of ways it occurs, trick company into paying something they think is legit, expenditure goes through same procedures as legit ones

Interdependency

pieces of system depend on each other in order to work, emphasizes the importance of controls; one boo boo can mess up whole thing

what are internal controls?

policies and procedures in place to help a company achieve their objectives

Control activities

policies and procedures to ensure appropriate actions are taken to deal with identified risks, specific actions (example: person in shipping counting it out, person approving it, person counting receiving)

Risk assessment

proactively identity threats and deal with them

Output controls

procedures to ensure output is not lost, misdirected, or corrupted and that privacy is not violated (can cause disruption, financial loss, and litigation) example: Printed something out and printer is in hallway, and someone grabs it on the way out OR put written checks in envelope and on secretary desk, goes nowhere and someone could grab them

General ledger/financial reporting system (GL/FRS)

produces the traditional financial statements, such a income statements

Turnaround documents

product documents of one system that becomes source documents for another End for one person, but beginning for next person Example: remittance advice: bills at the bottom that you send back (beginning for you but end for billing company)

Advisory

professional services offered by public accounting firms to improve their client organizations' operational efficiency and effectiveness (accounting: internal control assessments), consulting

Processing controls

programmed procedures to ensure an application's logic is functioning properly, runs itself basically

Management reporting system

provides internal management with special-purpose financial reports and information needed for decision making such as budgets, variance reports, and responsibility reports

Program flowchart

provides operational details for every program represented in a system flowchart Sometimes used by accountants to verify the correctness of program logic, a lot of diamonds

PCAOB

public company accounting oversight board, Make auditing standards Kind of like FASB makes GAAP rules Established by SOX

Data processing

putting it where it needs to go, simple to complex

Responsibility of BOD, management, and other personnel to provide _______ ASSURANCE to objectives

reasonable

account

record of increases and decreases in a specific resource

Physical controls

relate to human activities: can touch

information must be

relevant, timely, accurate, complete, summarized

Section 404

requires management to assess internal control effectiveness, includes annual report addressing: it is management's responsibility to have good internal controls must be effective external auditors must have reviewed written conclusion of effectiveness identify the framework used

Section 406

requires public companies to disclose to the SEC whether they have adopted a code of ethics that applies to the organization's CEO, CFO, controller, or person performing similar actions.

retained earning is a ---- account

residual

equity

residual claims by the owners, leftover interest which belongs to owners

Operations management

responsible for day-to-day

Network administration

responsible for effective functioning of hardware and software (configuring, implementing, and maintaining network equipment), used to ensure network is being used in accordance with company policies and secure from hackers

Record layout diagrams

reveal the internal structure of digital records in database table, usually shows the name, data type and length of each attribute in the record, each data attribute and key field is shown in terms of its name and relative location in the record

during closing process...

revenues and expenses (temp accounts) are flushed out into equity

gatekeepers

roles and privileges that allow people to see only certain things (Example: UF)

Ledger

running total of money in each account, organized by account

Cash larceny

schemes in which cash receipts are stolen from an organization after they have been recorded in the books and records (cash imbalance in books unless you cover your tracks)

flat file model limits data integration

separate files are difficult to integrate across multiple users

Ethics

set of moral principles or values, come from personal beliefs and societal norms, pertains to principles of conduct used in making choice and guiding behavior in situations involving the concept of right and wrong, not universally agreed upon

Control environment

sets the tone for the organization and influences control awareness (tone at the top, attitudes and behavior of management trickles down to lower) Strong mean management is strong in controls, weak means management does not care about controls

middle management

short-term planning

database management system

software system that permits users to access authorized data only (gatekeeper)

accounting information systems

specialized subset of information systems that processes financial transactions

Skimming

stealing cash from an organization before it is recorded on the books (off the book scheme), worrisome because money never even entered the accounting system

Reference file

stores data that are use as standards for processing transactions, things you need to reference to do transactions (ex: price lists for preparing customer invoices)

control account

sum of all sub ledgers (example: total AR)

Transaction processing systems (TPS)

supports daily operations with numerous reports, documents, and messages for users throughout the organization, individual transaction basis converts economic events into financial transactions, records financial transactions in the accounting records (journals and ledgers), and distributes essential financial information to operations personnel to support their daily operations.

Enterprise resource planning (ERP)

systems assembled of prefabricated software components, flexible

Why is there an issue with financial statements prepared by management.

tendency for bias

Substantive tests

tests that determine whether databases contents fairly reflect the org's transactions, required to do some of these, but mostly test of controls (90%)

Exposure

the absence or weakness of a control, area where system is vulnerable

Computer ethics

the analysis of nature and social impact of computer technology and the corresponding formulation and justification of policies for the ethical use of such technology

Payroll fraud

the distribution of fraudulent paychecks, messing with hours or pay rate, ghost employee is on payroll

Transaction Cycles

the expenditure cycle, conversion cycle, and revenue cycle

System flowchart

the graphical representation of the physical relationship among key elements of a system, elements include: departments, manual activities, computer programs, hard-copy and digital accounting records

Monitoring

the process by which the quality of internal control design and operations can be assessed, you could have best control system ever, but you still have to make sure its operating as intended

Information generation

the process of compiling, arranging, formatting, and presenting information to users

Product documents

the result of transaction processing End of transaction Example: paycheck

information system

the set of formal procedures by which data are collected, stored, and processed into information, and distributed to users

Transaction authorization

to ensure all material transactions processed are valid

Auditors are required

to understand systems and document them, companies responsible for having good documents

physical controls include:

transaction authorization, segregation of duties, independent verification, access controls, supervision, accounting records (audit trail)

accounting cycle

transaction, journal entries, posting to general ledger, trial balance, adjustments, adjusted trial balance, financial statements, closing entries, post-closing trial balance, reverse entries

asset

under control of org and has future benefit

Alphabetic codes

used for many of the same purposes as numeric codes

Source documents

used to capture and formalize transaction data (economic events) needed for transaction processing Beginning of transaction Example: Customer order form initiates buying something, approve credit and further processing transaction

Numeric group codes

used to represent complex items or events involving two or more pieces of related data

database administration

used within centrally organized companies with shared data to ensure security and integrity

Task-data dependency

user's information set is constrained by the data user possesses and controls. This leads to the inability to obtain additional information as needs change

disadvatanges to DDP

wasted resources/redundancy, incompatible systems, poor segregation of duties, difficult to find experts

cycle approach

we group together similar transactions for efficiency (expenditure, conversion, revenue)

fraud

what should the process have been and what are the shortcomings where the process went wrong, what should the process be

Accrual-based

when expenses are incurred Better measure of performance Tells you something about future cash flows

Transcription errors

when extra digits are added to code, digit is omitted from code, or digit is recorded incorrectly

Software as a service (Saas)

A software distribution model in which service providers host applications for client organizations over a private network or the Internet. (pay as you go)