BP Exam 3
Fixed assets
Long-term assets such as property, plant, and equipment - stuff that you yourself are using - if something is taken out of service and you are going to ditch it for some cash on creg's list thats not PPE
Purchase order
formalization of the purchase requisition - a written order by a buyer for merchandise from the purchase requisition - 1 PO for all 7 PRs - sent to vendor and then stuff shows up
Non-accomplice vendor schemes
fraudulent disbursement billing scheme that uses a legit vendor's invoice somehow but they're not in on it - "accidentally" pay for the bill twice and ask for a refund then intercept refund - remittance advice sent in envelope, someone goes home and makes an identical copy with a diff mailing address nobody will notice - prob won't get caught if not too greedy and account doesn't have a lot going on * controls aren't equipped to handle non-routine transactions *
Process of doing regression on a Text Editor File (thru Excel)
- Text editor file - move to excel - do some cleaning - put delimiters in - get rid of Nulls/clean it up - do analysis with regression tool (under data analysis) to see if theres a correlation - ex: SAT avg and completion rate
Things auditors should look out for
- budget to actual and year to year get out of wack when you have a scheme going on - turnaround time on invoice→ faster payment is likely a scam bc they want to get it in and out and not sitting around for a while - old school = follow the money - crappy looking documents - search for unrecorded liabilities (companies do this to make their income seem higher)
Purchase system
- inventory control department determines if we need something - prepare purchase requisition (one for each item) - formalize in one PO - valid vendor file as a control (sep of duties- people who add to file can't approve purchases) - receiving/inspection- physical supervision, receiving report - A/P (3 way match) - cash disbursements
Goals of the Expenditure Cycle
- pay for stuff ordered and showing up - get the best price on what we are buying - high quality goods - manage discounts and take advantage of 2/10 or net/30 discounts (then hold onto money until as late as you can)
Expenditure cycle
- physical phase: realize you need something (whether its human with clipboard, technology, or someone on computer), then go ahead and order it - financial phase cycle that includes buying the material and inventory; TIME LAGS create exposure areas to manage! - auditors always look for unrecorded liabilities
Visualization biases
- pointing the user to look at a certain thing - graphs must be an accurate representation- if it looks like its 3x bigger when the number diff isn't that big its misleading - use color properly (don't use red for a positive outcome)
Tasks computer performs automatically
- simultaneously updating the journals, ledgers, unadjusted trial balance, and subs - manage open order file - scan vouchers with upcoming due dates (VLookup) - print checks and have them manually signed
Visualization packages (2)
1. Tableau- easier to use, cheaper, diff packages, 80-85% 2. Microsoft BI (business intelligence)- trickier to use, costs more, able to do more, 10-20%
2 big questions when not wanting to get caught in schemes
1. are the books going to balance- don't want it to be noticed in a check reconciliation 2. is someone waiting for payment- if they don't get it they are going to call and ask for money
5 main controls
1. authorization 2. segregation of functions 3. supervision 4. access controls 5. verification
Levels of automation (4)
1. computer pops out tentative requisitions/PR (program identifies current level, pre-determined desired level, and anything that drops below it is popped out in a list & a person examines it) 2. computer generates PO automatically then someone reviews (no PR needed) 3. computer generated PO sent without manual review 4. EDI (electronic data interchange- computer to computer communication with no PO)
3 versions of Tableau
1. enterprise version (expensive for huge projects) 2. desktop version (for individuals, costs money but you get all the functions) 3. public version (little watered down, can't save locally- online repository)
Difference between fixed assets & expenditures
1. fixed assets are non-routine transactions (easier to get messed up bc not dealt with a lot) 2. wider group of users (adds riskiness bc departments that don't usually order things are involved) 3. more robust authorization (bc big ticket items) 4. unique bc judgements that need to be made about PPE (depreciation, useful life, expense, disposal)
Best schemes (least likely to be caught)
1. keep books in balance 2. don't mess with a check of someone waiting for their money
Expenditure cycle risks
1. unauthorized inventory purchase 2. receiving incorrect items, quantities or damaged goods 3. inaccurately recording transactions 4. misappropriation of cash and inventory 5. unauthorized access
Expenditure cycle risks & controls
1. unauthorized inventory purchases→ transaction authorization, automated purchase approval 2. receiving incorrect items, quantities or damaged goods→ independent verification, supervision, scanner tech 3. inaccurately recording transactions→ authorization, verification, input data edits, error messages, automated postings 4. misappropriation of cash/inv→ supervision, verification, sep of duties, automated 3 way match 5. unauthorized access→ access controls, seg of duties
When you buy something, you need to decide for GAAP:
1. whether you want to capitalize it or expense it 2. think about the periods it is going to benefit
2 differences that make the public version of tableau
1. you can't save locally- online repository 2. can only import from Excel and Access (hack: turn other programs like quickbooks into Excel then use)
Journal entry for selling goods (perpetual)
2 entries!! → debit Cash/A/R, credit sales rev (account for sale) → Debit COGS, credit inventory (adjust inventory bc continuous)
Dashboard
2 or more visualizations on the screen
Multi-copied PO order
4-6 copies of PO go to every place in a manual system - one copy is a blind copy that goes to receiving (leaves off quantity)
IMPACT Model
6 step framework that is how all problems in the book are addressed 1. identify questions 2. master the data 3. perform the test plan 4. address and refine results (first test does not normally answer question) 5. communicate insights to people who can make changes 6. track outcomes
Journal entry for buying goods (perpetual)
Debit inventory, credit A/P or cash
What is the role of the auditor in the capital markets?*
Give an opinion on the fair presentation of the financial statements for external users
inventory subsidiary ledger
ledger with inventory records updated from the stock release copy by the inventory control system
Forged maker scheme
a check tampering scheme where someone signs a check to make it legit even though they aren't the authorized check signer - one person makes the check and records but as checks print out theres not a signature on it bc waiting for authorized signature but → fraudster uses stamp or fraudulently makes signature
Purchase requisition
a document that communicates needs between the user and supply management - okay I think we kinda need this - one for each item (if we need 7 things, 7 PRs)
Perpetual inventory system
a system that maintains a continuous record of inventory so that it always shows the current amount of stock on hand - constant running totals - buy stuff→ debit inventory - sell stuff→ 2 journal entries: one for the sale (debit cash/AR, credit sales rev) and one to adjust inventory (debit COGS, credit inv)
Details of a convincing (fake) invoice
address, phone number, website, email, possibly social media sites - pre-numbering - services that can't be recreated are good- receiving report with something physical to evaluate is not good - consecutive invoice numbers from the same vendor looks fake - repeatedly being billed the same amount for diff items is weird (okay if repeated charge) - payroll does NOT have an invoice number
Search for unrecorded liabilities
auditor should always look at this because companies have an incentive to not record liabilities at the end of the period bc it makes income higher - "forgetting" to debit expense and credit A/P
Internal auditors
auditors employed by a company to audit for the company's board of directors and management - technically not independent but still objective (they cannot do any journal entries so have external audit come in)- they do monitoring - design and document actual processes within the company— if there is a problem, something not working, a bunch of errors, investigating fraud, it is them— internal consulting firm → know the processes, monitoring and doing COSO framework - ppl work here after the big 4 because steady office enviro, can move up in the ranks
Test data
based on the classes you have built, you put a few people into the classes, and test it out (input to test the program) - keep revising until its correct
External auditors
big 4, gather evidence and check for accuracy - best experience and training to start
Forged endorsement scheme
check tampering scheme that works with a check that is properly prepared in recording but is faking that you are the person it is made out to - not as hard as one would think - banks are lazy and don't id or accept a crappy one - use stencil to copy signature with light source and convert the check
Concealed check scheme
check tampering scheme where the person makes a check they shouldn't, sticks it in the middle of the batch of checks to be signed, and hopes the signer doesn't notice and just signs it - crude and old school yet it works so well - bring checks late on a Friday when person wants to go home so they rush
Altered payee scheme
check tampering scheme where you erase or "wash" the payee and put in whoever you want - or make shell company with same beginning name and a couple letters added on and just add them - cheap ink is harder to alter
Integrated system
computer network operation going on - lightening bolt= real-time connections - benefit= speeds up transaction- not waiting on someone to print of pieces of paper and walk them over there- happens automatically; get thing over there faster, can bill faster; speeds up cash flow cycle- get your money quicker
Supervision
control - physical supervision in open areas- cameras, monitoring - computers- electronic monitoring (analytics and management reports show patterns and what employees were in on it- how quickly something was paid, fast is sketch bc they don't want it seen)
Verification
control that checks things balance - 3 way match (order agrees with payment agrees with what was received) - physical verification is lost a little with automation but shifts to computer programs and reports
Access controls
control that restricts unauthorized individuals - passwords - physical access controls- don't have people walking around warehouse if its a small, expensive item
Segregation of functions
control- separates ARC (authorization, recording, custody) - sep A/P (recording) and cash disbursements (custody) - who can add vendors to valid vendor file - warehouse does not do official inventory document, its inventory control
Story
cool thing on Tableau where you can turn it into a powerpoint- looks just like a slideshow except you can embed your stuff into it
Pruning
cutting off a branch of a decision tree if it gets too big and outrageous
Training data
data you are picking out to manually put in groups to build the classes - used to train a predictive model
Repairing fixed assets
does NOT add any additional benefit so it is expensed because its a period cost - ex: delivery van gets an oil change, van doesn't do anything different
Expense reimbursement scheme
employee out on the road personally occurring business expenses- submit documentation for reimbursement - either made up or asking for things that aren't business (mischaracterized expenses) - sadly expected, tough to catch
Unsupervised approch
exploratory exercises looking for potential patterns- might not even be one there - may turn into supervised by finding the promising variables and then you run regression - clustering, co-occurence grouping, profiling, data reduction - ex: find things that influence performance in this class, exploring all kinds of variables (front or back, left or right side, shoes or flip flops, in or out of state)
Tableau
fast and easy way to create data visualizations and publish them to the web for free 1. makes visualizations and cool pictures 2. business intelligence software to drill down into data
Shell company scheme
fraudulent disbursement billing scheme where a fake company is created and bills a real company for goods or services it does not receive - sometimes done for tax purposes, to launder money - you only need a bank account to make a shell company - need invoices to look real - crappy looking documents will get you busted - subcategory= pass thru scheme
Personal purchase scheme
fraudulent disbursement billing scheme where personal items are paid for with company money * theft is in the purchasing, not the taking * 1. company buys things they think they need when they really don't 2. sticking a personal bill in the stack of things to be paid - avoid by not letting employees pick up orders & by authorizing purchases (look at receipts, what was bought- sit and reconcile account and approve purchases) - company cc is biggest offender→ unique card for each person, spending limit, authorize and check receipts
Check tampering
fraudulent disbursement scheme that has to do with messing with a check 1. from scratch- fraudulently prepare a check for your own benefit 2. intercept a legit check and alter it - not the most occurrences but highest median loss bc do it once for a large amount of money
Dependent variable
function of the independent variable
Decision tree
graph that documents the process that puts people into classes - are they old or young? then take young and say if they seem highschools, young broke and fab, or like the young working type? then go one further
Managing inventory in real life vs. on the books
how you manage inventory day-to-day does NOT dictate what you have to do for financial accounting - Walmart uses periodic for statements, but for day-to-day they use technology updating automatically (perpetual)
Capitalizing an asset
if a fixed asset is going to provide benefit and help generate revenue and current and future years, then you capitalize it - if useful life is added or increased productivity - exception: immaterial (irrelevant bc so cheap)
Expensing an asset
if an item is only going to provide benefit in the current period, it is expensed - also expensed if it is
3 way match
key control in A/P - compare PO, receiving report, and invoice to make sure they all agree before recording the liability → debit inventory control/purchases, credit A/P
Cash disbursements
last step in purchasing - A/P tells them to pay the bill with a voucher - controls before check is cut - sometimes its already pre-signed but an extra layer of control is printing an unsigned check and sending to someone else to verify and sign - record in cash disbursement journal and return paid voucher to A/P, mail check to supplier, and send voucher to GL - debit A/P, credit cash
Voucher
little half piece of paper like a post-it note from person who updated the A/R sub to tell the person in charge of control account to update that to make it agree - when theres a sep A/P and cash disbursement dept - heavy thinking done in A/P and then they just tell cash disbursements when to cut the check (pay the bill) - sometimes sent with 3 way match - obsolete with computerized system bc updates automatically
TXT editor
many data files are in this format - code writing also, can be turned into Excel→ use delimiters to separate into columns
Decision boundaries
marks the split between one class and another on a decision tree
Receiving report
multi-copied form we make used by the receiving personnel to indicate that materials have been received and inspected - receiving control - one copy goes to A/P, one filed locally, one goes with the goods to actual stores, and inventory controls logs the shipment with this
Creating a shell company
need a bank account (easy- get tax id number from IRS website and bank open account for you) - hardcore: the fraudster creates a real entity LLC so it shows as a registered company- all you need is to pay few hundred bucks and a physical address (UPS boxes so it doesn't tie back to you) - registered agent for the entity uses spouse name with maiden name or married name if its an ex - just need real looking documents and invoices
Inventory control
official record of the inventory kept by inventory control dept due to separation of duties - determines if we need something- beginning of purchasing system - warehouse keeps track of records separately bc they cannot keep official records because they have custody - uses receiving report to log the shipment
Underfitting
one crude, straight line that does not break up the plotted points well enough
Blind copy
one of the PO copies leaves off the quantity so the people in receiving aren't lazy and actually count the goods
Visualization
one stand alone picture
Authorization
permission control - authorization over purchasing department since we don't want purchasing agent to go crazy- agent does not have final selection of order and vendor selection bc it would lead to kickbacks and bribes - authorization before cash disbursement cuts the check - inputting a vendor that is on the valid vendor file is technically authorization (built into automation) - automating inventory in EDI and JIT
Endorser
person that signs the back of a check (also the payee) - schemes are much easier when you control who the payee is (accomplice or shell company) - the signature (called an endorsement) indicates that the payee has received the check
Converting a check
person who signs the back and actually makes the deposit
Most important control for expense reimbursement*
policy manual outlining exactly what is and what is not reimbursable and the exact documentation required to be reimbursed - original copies (numbers can't be changed) - detailed receipts (saying who got what at a dinner, Uber corporate account showing every detail of the ride) - turned in in a timely manner - authorization - don't accept credit card receipt bc it can be bought then returned - copy of check isn't good either bc you don't know if it was actually cashed by the payee
Valid vendor file
provides an important control by listing only approved vendors - person who adds vendors to this file only does this bc separation of duties!!! people who approve purchases cannot add people to this file bc then they can add their shell companies and it would be a problem - authorization control
Time lag
really big deal in the expenditure cycle!! - exposure area that must be managed - short time lag between ordering and item being delivered - large time lag before we pay stuff
Automation re-engineering
rethinking/restructuring the process to make it a little better
Support vector machine
statistical computer program that does the math and takes all the dots and plots the distance between the hypothetical lines to make the perfect line - fits the line
Pass through scheme
subcategory of a shell company scheme where you sell a good to another company for more & scrape off extra money - buy for 2, sell for 3, keep the 1 - competitive bidding prices and price comparisons are done to avoid these
Link prediction
supervised approach (uses a model to predict an outcome) - data analytic technique that is used to predict connections between data items, usually by suggesting a link and possibly estimating the strength of the link - ex: Facebook suggested friends, you have 7 mutual friends
Similarity matching
supervised approach (uses a model to predict an outcome) - data analytic technique that looks at previous patterns of behavior to compare to current ones and sees similar patterns to see if they are being scammed - ex: laptop guy
Regression
supervised approach (uses a model to predict an outcome) - independent variable → dependent variable, telling if line/model is good based off of correlation
Classification
supervised approach (uses a model to predict an outcome) - uses objective target marketing and tries to take a population/group and put them into smaller groups called classes - Macy's social media posts project- try to put people into groups and target diff items they think they would buy
Periodic inventory system
system that only updates the accounting records for merchandise transactions at the end of a period - one entry at end of the period - put stuff into purchases when you buy stuff (document in purchases journal) - at the end of the period: do a count on inventory on hand, close out purchases, and chop it into EI and COGS
Maker of a check
the person who signs a check
Fraudulent disbursements
tricking the company into paying something they think is legitimate; goes thru all normal procedures - number one scheme 1. billing schemes (shell company, non-accomplice vendor, personal purchase scheme) 2. check tampering 3. expense reimbursement scheme
Data reduction
unsupervised approach (looks for potential patterns) - chops down a large data set into a smaller one because it is more focused on what you need - think payments look weird, so you limit it down and only look at ones that have even dollar amounts- looking for pattern
Co-occurence grouping
unsupervised approach (looks for potential patterns) - if you like this, you might like this - exploring
Profiling
unsupervised approach (looks for potential patterns) - plot, identify outliers, many standard deviations away- something is out of wack - ex: profile of store sales doesn't match what it needs to be, job order costing- profile the materials that should be requisitioned, if there is someone taking more - benford's law
Clustering
unsupervised approach (looks for potential patterns) - similar to classification but uses math to organize groups/classes that may indicate a pattern - can turn into a supervised approach by predicting which current customers would fall into which class
Visualizations
used for steps 5-6 of IMPACT model - need to communicate insights to the people who can make changes (people who run analysis likely aren't ones making the change) & track outcomes - consider the audience for effective communication - stacked bar chart - tree maps and heat maps (look similar but not interchangeable) - word clouds (size words based on # times it appears)
Supervised approach
using a model to predict an outcome - regression, classification, similarity matching, link prediction
Target
variable you are looking at - ex: if you had the whole population of sales transactions and were looking at the ones that are possibly fraudulent, those are the target
Open order file
when a transaction has started but it's not done yet, copy of open documents go into this file - because of the time lag - Helps company keep track of in process transactions - open when you purchase, close when you actually pay for the thing
Depreciating an asset
when an asset is in service over multiple years, you depreciate it - depreciation has nothing to do with the condition or fair value of an asset, its to allocate the expense since it provides benefit over years
Controls under receiving
when the goods show up, after the purchase order → controls= physical supervision, blind copy so they have to count all the stuff that came in
Overfitting
when you go crazy drawing the line of the plotted points
Class
when you manually put things into groups
Payee
who the check is made out to
Validating the data
write down a check figure to make sure your data is still accurate after cleansing