UGA ACCT 5310 Midterm

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

COBIT audience

-Management: to help them balance risk and control investment in an IT environment -Auditors: to provide a framework to assist them to come to an opinion on the level of assurance on the particular subject matter being audited

Online/real-time processing

-as it occurs -data is more timely -provides competitive advantages

batch processing

-periodic updates -cheaper and efficient -lack of timely/updated data -typically used for processes not needing timely data (ex: payroll)

data is captured about

-the event/activity that occurred -the resources affected by the event/activity -the people who participated

important SOX aspects

1) PCAOB 2) Rules for auditors 3) Roles for audit committees 4) Rules for management 5) Internal control requirements

Two fundamentals of Security

1) Security is a management issue, not just an IT issue 2) Defense in depth: Employing multiple layers of controls in order to avoid having a single point of failure

Input controls

1) data entry controls 2) batch processing data entry controls 3) online data entry controls

3 principles of information and communications systems

1) obtain or generate relevant, high quality information to support internal control 2) internally communicate information, such as objectives and responsibilities, to support other components of internal control 3) communicate internal control matters externally

Internal Controls Primary Functions

1) preventive controls 2) detective controls 2) corrective controls

COSO Control Activities

1) proper authorization of transactions and activities 2) segregation of duties 3) design and use of documents and records 4) safeguarding of assets, records, and data 5) independent check on performance 6) project development and acquisition controls 7) change management controls

expenditure cycle journals

1) purchase journal 2) cash disbursements journal

revenue cycle journals

1) sales journal 2) cash receipts journal

4 general guidelines for adequate segregation of duties

1) separate custody of assets from accounting 2) separate authorization from custody of related assets 3) separate operational responsibilities from record-keeping 4) separate IT duties from user departments

6 components of an AIS

1) the people who use the system 2) the procedures and instructions used to collect, process, and store data 3) the data about the organization and its business activities 4) the software used to process the data 5) the information technology infrastructure, including the computers, peripheral devices, and network communications devices used in the AIS 6) the internal controls and security measures that safeguard AIS data

HRM (HCM)/Payroll Cycle

1) update payroll master database 2) validate time and attendance 3) prepare payroll 4) disburse payroll 5) disburse payroll taxes and deductions

internal control objectives

1. Safeguard assets 2. Ensure accuracy and reliability of accounting records (data) and information 3. Promote efficiency in the firm's operations 4. Measure compliance with management's prescribed policies and procedures and/or laws and regulations

Online Data Entry Controls

1. prompting 2. closed-loop verification 3. transaction log

revenue Cycle

1.Sales Order Entry 2.Shipping 3.Billing 4.Cash Collection 5.Sales Return (if applicable)

COBIT 5

1describes best practices for effective governance and management of IT. Main point is to separate governance from management.

primary key

A field (or group of fields) that uniquely identifies a given entity in a table

Database

A set of interrelated, centrally coordinated data files (stored without redundancy

file

A set of logically related records, such as the sales orders of all customers

accounting information system

A system that collects, records, stores, and processes data to produce information for decision makers.

record

All the fields containing data about one occurrence within the entity (e.g., one student)

rules for audit management

CEO and CFO certifications on financial statements and system of internal controls

data processing

CRUD -creating new data records (ex: new employee is hired) -reading, retrieving or viewing existing data (reviewing month end balances) -updating previously stored data (updating credit limits for a customer) -deleting data (purging vendor records from the vendor master file - no activity for X time period)

data input (collection)

Capturing transaction data, usually triggered by a business activity

Blanket Purchase Order

Commitment to purchase specified items at designated prices from a particular supplier for a set time period, e.g. one year.

COSO

Committee of Sponsoring Organizations

turnaround document

Company data sent to an external party and then returned to the system as input

CIRT

Computer Incident Response Team. A group of experts that respond to security incidents. Also known as CERT, SIRT, or IRT.

COBIT

Control Objectives for Information and Related Technology•IT auditors and managers have embraced COBIT as a framework for designing and implementing control over their IT. •COBIT is increasingly adopted as a control framework for compliance purposes for three reasons: •Suggests comprehensive set of risks and controls for IT processes •Control objectives have been mapped to COSO •Has been mapped to popular ERP systems such as SAP, Oracle, and PeopleSoft

ETL Process

Extract, Transform, Load

Redundancy Issues

For example: if customer pays 5 times on 1 bill, customer information must be re-entered 5 times. This increases file maintenance.

Change management controls

Formal process used to ensure that changes to hardware, software or processes do not reduce systems reliability.

fields

Information about the attributes of an entity (e.g., 810 number and birth date)

Proper authorization of transactions & activities

Only Certain people are authorized (or allowed) to do activities.

Vendor Managed Inventory (VMI)

Outsources much of the inventory control and purchasing function to suppliers who have access to sales and inventory data in order to replenish inventory.

Segregation of duties

Segregating duties reduces the opportunity for someone to commit and conceal fraud (or errors)

Independent checks on performance

Someone who did not perform the initial transaction should review to ensure it was processed accurately.

production cycle

Transforming raw materials and labor into finished products

the 5 V's of big data

Volume, Velocity, Variety, Veracity, Value

Design & use of documents and records, and data entry screens.

Well-designed forms and records help ensure transaction data is recorded completely and accurately. •Should include space for authorization •When appropriate, documents should be sequentially pre-numbered, or the system should generate the numbering.

narrative

Written, step-by-step explanation of system components and how they interact

big data

a collection of data sets that are so large or complex that it is impossible to analyze them with traditional databases and tools.

Data Flow Diagram (DFD)

a graphical description of the flow of data within an organization, including data sources/destinations, data flows, transformation processes, and data storage

trial balance

a listing of the name and balance of each account in the general ledger. it is an internal report of which accounts have debit and credit balances and proves the totals are equal

analytics

a means of extracting value from data

business process

a set of related, coordinated, and structured activities and tasks that are performed by a person, a computer, or a machine, and that help accomplish a specific organizational goal

System

a set of two or more interrelated components or subsystems that interact to achieve a goal or common purpose

audit trail

a traceable path of a transaction through a data processing system from point of origin to final output, or backward from final output to point of origin

foreign key

an attribute in a table that is also a primary key in another table

Event

an incident of occurrence due to an internal or external force which impacts achievement of objectives

control

any action taken to mitigate or manage risk and increase the probability that the business/process will achieve its goals and objectives NOT A POLICY STATE OR A PROCESS

update anomaly

any change must be made to every record containing customer information (or else there will be inconsistency). For example, what if the customer address changes.

threat

any potential adverse occurrence or unwanted event that could injure the AIS or the organization

entity

anything about which the organization wishes to store data.

each column in a database

attribute •Contains information about the entity attributes, ex: name, address, customer number, etc.

how does the amount in a journal affect the balances on the trial balance?

balance in the beginning trial balance +/- total from corresponding journal = individual account balance on trial balance

why are there gaps between account numbers?

because over time organizations might need to add account numbers and this allows for future growth

block codes

blocks of numbers reserved for purpose ex: product code

changes in subsystems

cannot be made without considering impact on other subsystems or the main system

information and communication systems

capture and exchange information needed to conduct, manage, and control operations

internal control requirements

companies must issue a report stating that management is responsible for establishing and maintaining an adequate internal control system

sequence codes

consecutive numbering ex: PO#s

general ledger

contains summary-level data for every type of account: asset, liability, equity, revenue, and expense

subsidiary ledger

contains the details related to a given general ledger account

application controls

controls that prevent, detect, and correct transaction errors and fraud in application programs

internal environment

culture of an organization ex: management's philosophy

Insert anomaly

customer information cannot be entered unless there is a related purchase. We may have a new customer we want to enter, but they have not yet made a purchase.

information

data that has been organized and processed to be useful

COSO Internal Control Internal Framework (IC)

defines internal controls and provides guidance for evaluating and enhancing internal control systems -controls based model; very focused on internal controls

subsystems

designed to achieve their own, lower-order goal

general controls

designed to make sure an organization's information system and control environment is stable and well managed ex: IT security, IT infrastructure, software acquisition, maintenance and development

preventive controls

deter problems before they arise

variety

different forms of data

detective controls

discover problems that haven't been prevented

Data Entry Controls

every time data is entered a process is done •Field Check •Sign Check •Limit Check •Range Check •Size Check •Completeness Check •Validity Check •Reasonableness Test •Check Digits and Check Digit Verification

data

facts about the transaction ex: activities that take place, resources affected by the activities, people who participate in the activity

Physical view of database

for every value that is in there, it is very specific about what it should look like

velocity

frequency of incoming data

revenue cycle

goods and services are sold for cash or a future promise to receive cash

inherent risk

gross risk; absent any actions/controls by management

lower goals

help the organization achieve the higher-level goals

human resources / payroll cycle

hiring, training, and paying employees

The logical view of a database:

how users conceptionally organize and understand the relationships between the entries in a database

Corrective Controls

identify and correct problems as well as correct and recover from the resulting errors

document flowchart

illustrates the flow of documents and data among areas of responsibility within an organization

two elements of risk

impact and likelihood

loading data

includes knowing which tool the data should be loaded into for the most efficient and effective analysis

roles for audit committees

independence from the company, financial expertise

Enterprise Resource Planning (ERP) Systems

integrate all aspects of a company's operations with a traditional AIS

data transformation (cleansing)

involves converting data from one format to another to load it into an analytics tool. •This includes making certain that only the data needed is extracted and that this data is complete and accurate. •Data cleansing needs to be performed bothbefore and after the data loading process.

mnemonic codes

letters and numbers ex: item#D300W05

journal

lists a set of transactions that arise from similar business events (i.e. in the same transaction cycle) following a chronological order

residual risk

net risk; remaining risk after management's risk response

financing cycle

obtaining funds from investors and repaying them

Expenditure Cycle

ordering, reviving, approve supplier invoices, cash disbursement

Enterprise Risk Management (ERM)

organizations need a methodology to assess and measure risk so they can address it and implement controls to reduce the risk

PCAOB

oversight board for the auditing profession. sets auditing standards.

service organizations

perform outsourced services for a User Entity (customer), that the User Entity would otherwise need to perform themselves, ranging from performing a specific task under the direction of an entity to replacing an entity's entire business unit or function

Control Activities

policies, procedures, and rules that provide reasonable assurance that control objectives are met and risks are reduced to an appropriate level

Batch Processing Data Entry Controls

processes a large amount of entries periodically •Sequence Check •Batch Totals •Financial Check •Hash Total •Record Count

general journal

records infrequent or non-routine transactions ex: bad debt, prepaid insurance

specialized journal

records large numbers of repetitive transactions ex: sales, cash receipts, cash disbursements

rules for auditors

report specific information to audit committees, prevents auditors from performing certain services, rules about ex-auditors working and company and audit firm doing the work

volume

scale of data

Customer relationship management systems (CRM

software that organizes information about customers in a manner that facilitates efficient and personalized service

data is collected from

source documents

COSO ERM Framework

speaks to the process that a BOD or management uses to set strategy, identify threats and risks, manage those risks, and provide reasonable assurance that a company meets goals -risk based moel

data storage / management

storing, retrieving, deleting data

Delete anomaly

the deletion of a record results in the loss of all the customer information. If a customer only had one sale with us, if we delete that record, we eliminate all information about the customer.

impact

the exposure or dollar loss should a threat become a reality

monitoring

the internal control system is continuously monitored, evaluated and modified

data processing cycle

the operations performed on data to generate meaningful and relevant information

likelihood

the probability that a threat will come to pass

internal controls

the processes and procedures implemented to provide reasonable assurance that control objectives are met

coding

the systematic assignment of numbers or letter to classify and organize items/data

third normal form (3NF)

the tables are free of the update, insert and deleteanomalies. 1.Eliminate repeating groups •Any related attributes that might be repeated in several rows should be put in a separate table. 2.Eliminate redundant data 3.Eliminate columns not dependent of primary key

risk

the threat that an event, action or non-action could adversely affect an organization's ability to achieve its business objectives and execute its strategies successfully

each row in a database

tuple •Represents a unique entity or record, ex: a customer record

veracity

uncertainty of data

group codes

using two or more subgroups to define a digit position ex: position 3 = color

When the invoice is received, the AP reconciles: the

•(1) Invoice •(2) The P.O. •(3) The receiving report (Voucher Package) •These 3 documents make the Voucher Package •This is a 3 - way match

Database advantages

•Data Integration - one central data "pool" that many applications can access •Data Sharing - with authorized users •Minimize data redundancy and data inconsistency - "one version of the truth" •Data Independence - keeping data separate from application programs •Cross-functional Analysis - define and use relationships for management and decision-making. For example: analysis of revenues and selling costs associated with a promotional campaign.

Processing Controls

•Data matching •File labels •Recalculation of batch totals •Cross footing and zero balance tests •Write-protection mechanisms •Concurrent update controls

Safeguarding of assets, records and data.

•Establish and enforce policies & procedures •Maintain accurate records of assets •Restrict physical access to assets and systems •Protect records and documents, including restricting access to what information an individual can electronically access

Project Development and Acquisition Controls

•Executive Sponsorship •Steering Committee •Project Development Planning •Project Schedule •System Performance Measurements •Post-implementation review

Two-way match or Evaluated Receipt Settlement (ERS)

•Invoice less approach •Match PO and receiving report •Based on this information, system calculates the amount owed (quantity received on receiving report x purchase prices from PO) •Pay the supplier

information output (generation)

•Monitors/Devices (soft copy) •Documents (hard copy): e.g. checks, invoices, purchase order •Reports: internal/external users (e.g. monthly sales report, financial statements). These could be hard copy of soft copy. •Query: specific requests, rapid action/decision making (e.g. highest selling item of the year in the southeast) •One-time •Repetitive (report?...)

Output Controls

•User Review •Reconciliation Procedures •External data reconciliation •Data Transmission •Checksums •Parity bits

extraction of data

•What data to ask for •How to ask for data •What format the data needs to be in


Set pelajaran terkait

Epidermis layers and Skin (Thick & Thin)

View Set

Finance 318 Chapter 8, Chapter 8

View Set

Unit 3, Day 2: Nucleic acid structure

View Set

Anthropology 1003 Midterm: Auburn University

View Set