Business Processes Flashcards
What is business process management?
the process that reviews and oversees the organization’s approach to business process design and implementation
What is business process analysis?
a methodology that looks at an organization’s business processes to improve its effectiveness and efficiency
What is business process automation?
it looks to identify and automate business processes by converting processes that are manual, repetitive, and recurring into systematic and automatic processes using automation technology
What is business process modeling tools?
it is an effort to graphically depict an organization’s business processes usually achieved through data flow diagrams, flowcharts, and system interface diagrams
business processes make up how an organization operates on a daily basis in addition to how it achieves its strategic goals
the key business processes at an organization usually fall into the categories of: revenue, expenditure, human resources, payroll, manufacturing, financing, and reporting processes
What are the 4 steps of the revenue process?
sales order receipt and entry, delivery of services or goods, customer billing, and payment collections
this process involves managing customer accounts and relationships and exchanging information through invoices and payments
What are the 4 steps of the expenditure process?
placing an order for goods and/or services, goods are delivered and/or services were rendered, receipt and approval of billing by performing a 3-way match (purchase order, receiving report, and vendor invoice), and bill payment
this process complements the revenue process as it is the customer’s side of the transaction; it involves placing orders, receiving, paying for goods and services, and maintaining supplier records
T/F: the human resources process activities cover an employee’s entire time at an organization
True; these processes include the life cycle of an employee at an organization (hire, onboard/train, terminate (voluntary or involuntary)
T/F: the payroll process activities cover how an employee’s pay is determined and disbursed
True; the activities include: establishing compensation plans, assigning and updating compensation, activity reports, third-party withholdings and rates, and payroll disbursement
What are the 5 steps of the manufacturing process?
product design and engineering, product development, manufacturing forecasting and scheduling, manufacturing operations, and manufacturing and fixed asset accounting and reporting
the key activities within this process assist in determining whether the raw materials can be effectively and efficiently transformed into finished goods; this process is directly linked to both the revenue and expenditure processes
What are the 3 steps of the finance and reporting process?
treasury function will manage the cash flow and financial activities of an organization, general ledger updates, and financial statement managerial report generation
In general, policies and procedures should establish that the following activities should be segregated from one another:
custody of assets - includes possession, receipt, or creation of assets at an organization
record keeping - includes data entry, recording transactions, preparing reconciliations, maintaining databases, and managing and modifying accounting records and reports
authorization - approving and/or authorizing business process activities, transactions, and decisions
What are input edit checks (aka constraints)?
preventive controls that assist in protecting the integrity of information and only allowing complete transactions to be submitted for processing; some common ones include:
consistent forms - so info gathered for each specific event is uniform
completeness check - verify that all required data has been input
reasonableness test - validates the logic of input values where fields are dependent or relevant to each other
field check - designates the character types that are allowed
size check - limits the amount of characters that are allowed in a field
limit or range check - limit checks establish either upper or lower limits for input data and range checks establish both upper and lower limits
sign check - designates if a numeric value can be positive or negative
referential integrity (validity) check - creates a framework so values in data entered into a foreign key field must first be entered in a corresponding table with the primary key
closed-loop verification - retrieves and displays info related to the input to verify accuracy
What are processing controls?
they help protect an organization against processed data from being incomplete or inaccurate; some common preventative controls include:
data matching - matching multiple items (purchase orders, receiving reports, and vendor invoices) before processes are executed
input validation - if transactions/activities are processed in batches, it is important to determine if all items were processed and input correctly through use of validation techniques such as utilizing record counts and reconciling input totals to batch totals
sequence check - the process of having prenumbered documents and verifying that no documents or transactions are missing
cross-footing - testing the sum of a column of row totals to the sum of a row of column totals to verify identical results provides some assurances as to accuracy
What are standing data controls?
term for master files or general data files that contain long-term data that does not change often; although not often modified, may be referenced for vital activities and as such, needs to be controlled; some common preventative controls include:
access and authorization control - should be stored in a safe location with access to authorized individuals who provide verification
read-only rights - this should apply to the majority of users; insert, update, and deletion rights should be designated to key personnel whose activities are segregated from users of the data
change control - when changes are made to standing data, they should be reviewed and approved by appropriate personnel prior to implementation
regular backups - standing data should be backed up on a periodic basis to make sure no data is lost
some common detective controls include:
periodic reconciliation of changes to the data - helps to verify that any changes made to the data follow the established policies and procedures, including appropriate review and approval
review of employee access, authorization, and rights - employees may need to have their access, authorization, and rights modified if their roles and responsibilities change (these would need to be removed if they no longer work for the company)
What are some types of spreadsheet controls?
some common preventative controls include:
access and authorization control - should be available only to those who need to utilize them; should be stored in safe locations with limited and monitored access
locked cells - cells that contain complex or required formulas should be locked so only the spreadsheet designer can modify them
data validation - establish validation requirements on input cells to allow certain types of input, or where possible, utilize drop-down options
change control - whenever changes are made, they should be tracked, reviewed, and approved by appropriate personnel prior to implementation
regular backups - spreadsheets and their contents should have regular backup procedures
some common detective controls include:
periodic reconciliation of changes to the spreadsheet structure
review of employee access, authorization, and rights
What are some types of supervisory and monitoring controls?
some common preventative controls include:
organizational charts - describes the reporting structure of employees to management to establish a clear chain of command
hiring guidelines - only competent and capable employees are hired
supervision - the business processes are conducted according to established policies and procedures
formal approval controls - major business processes should require proper authorization by management before execution, which will require management to review the underlying documentation to verify that approval should occur
some common detective controls include:
process responsibility reviews - policies and procedures over reviewing various business process activities
review of key performance indicators - measures process performance and should be reviewed periodically though dashboards and other reporting functions
budgets and forecasts - assists in detecting anomalies in business processes
performance reviews - determines whether employees are performing their overall job functions as prescribed by policies and procedures and are appropriately compensated
mandatory job rotation and/or vacations - protects against employees having the ability to commit and conceal fraud
audits - done by internal and external auditors provides assurance over process design and execution
business resiliency controls - define key requirements on business continuity, disaster recovery, and data backup requirements
What are reconciliations?
detective controls that review changes in account balances due to business process activities or the difference in ledger accounts and value provided by third parties such as banks
What are verification controls?
acts as preventative controls that utilize some methodology to verify the identity of authorized users
What are the types of process documentation techniques?
the type of technique employed is driven by the desired use of the document
process narratives - written documents that tell the story of the process in detailed steps and what personnel are involved; good for new hires; when identifying risks and controls, it is best utilized with other documentation techniques
data flow diagrams - shows the logical flow of data through a process; utilizes a minimal amount of documentation symbols and focuses on where the data comes from, how it is transformed, and its final destination
flowcharts - this is best when identifying risks and potential control deficiencies; it is a visual representation of how documents and info flow through a process; it not only focuses on the logical flow of data through a process but also provides insight into the form the info takes and the types of processes that are performed on the data; uses set of consistent symbols that represent various documents and processes throughout a workflow
system interface diagrams - demonstrates how users and functions, both internal and external to an organization, interface with the organization’s systems; shows how all parties logically interact with one another
