S2-m2 Flashcards
Enterprise Resource Planning Systems (ERP)
are cross functional systems that support different business functions and facilitate integration of information across departments such as accounting, customer management, finance, human resources, inventory management, manufacturing, marketing, and vendor management.
Accounting Information Systems (AIS)
Collects, records, and stores accounting information, then compiles that information using accounting rules to report both financial and nonfinancial information to decision makers in an enterprise.
Transaction Processing System (TPS)
AIS Subsystem
converts economic events into financial transactions and distributes the information to support daily operations. A TPS typically covers three main transaction cycles: sales, conversation, expenditure.
Financial Reporting System (FRS)
AIS Subsystem
Aggregates daily financial information fromm the TPS and other sources for infrequent events such as mergers, lawsuit settlements, or natural diasters to enable timely regulatory and financial reporting.
Management Reporting System (MRS)
AIS Subsystem
Provides internal financial information to solve day to day business problems, such as budgeting, variance analysis, or cost volume profit analysis.
What are the objectives of an AIS
Think assertions
1. Record valid transactions
2. Properly classify those transactions
3. Record the transactions at their correct value
4. Recorded the transactions in the correct accounting period
5. Properly present the transactions and related information in the financial statements of the organization
Sequence of Events of an AIS
- Transaction data from source documents is entered into the AIS by an end user. Alternatively, an order may be entered through the internet by a customer.
- Original source documents, if they exist are filed
- Transactions are recorded in the appropriate journal
- Transactions are posted to the general and subsidiary ledgers
- Trial balances are prepared
- Adjustments, accruals, and corrections are entered
- Financial reports are generated
AIS Audit Trail
A well designed AIS creates an audit trail for accounting transactions. The audit trail allows a user to:
-trace a transaction from source documents to the ledger
-vouch from the ledger back to source documents
Key AIS Functions of the revenue and cash collections cycle include:
-real time access to the inventory subsidiary ledger to check availability upon receiving a customer order
-automatically approves or denies credit based on the customers record
-concurrently records sales invoices in the database, digitally transmit inventory release orders to the warehouse, sends packing slips to the shipping department
-has a terminal for the shipping department to digitally input shipping notices upon shipment
-has terminal for the cash receipts clerk to access the cash receipt system and record remittance
-closes sales invoice, posts to the general ledger accounts, updates the customers payment record
Key AIS functions of the purchasing and disbursement cycle
-reads the requested purchase to verify that it is on the approved list
-digitally prepares the purchase order and delivers the PO to the vendor
-has a terminal for the receiving department to enter the PO number and input quantities received
-has a terminal for the accounts payable clerk to enter invoices from suppliers into the system
-automatically approves payment of invoices and sets the payment date according to terms
-prints and distributes the signed checks to the mail room for mailing
Key AIS functions of the HR and Payroll cycle
-integrated with HRMS to enable real-time changes of employment data
-in connection with operational systems, allows employees to enter timekeeping data in real-time
-allocates labor costs to job costs, accumulated direct and indirect labor expenses at the end of a work period
-creates digital journal entries, attaches the original documents to the entries, updates ledger
Key AIS functions of the production cycle
-receives a work order for a production run from the production planning department
-labor and materials are added to the production run, and documents reflecting these events, such as material requisitions and labor tickets
- tracks standard production costs for labor, materials, and manufacturing overhead
-closes the WIP account when it receives the final ticket marking the production move from WIP to finished goods inventory
-prepares journal entries as changes to the WIP account are recorded and automatically updates the general ledger
Key AIS functions of the fixed asset cycle
-terminal for fixed asset groups to create a record of the asset subsidiary ledger that includes each asset’s useful life, salvage value, depreciation method
-automatically updates the general ledger, prepares journal entries
-automatically calculates depreciation, accumulated depreciation, and book value
Key functions of the treasury cycle
-source documents such as deposit slips, checks, stock market data, and interest data are used to post journal entries affecting cash balances
-The accounting department performs bank reconciliations by using bank statements to reconcile the cash account balance
-journal entries are posted for each change in cash
Keys AIS functions of the general ledger
-updates the general ledger as various transactions occur and journal entries are posted
-at the end of an accounting period, AIS automatically produces a trial balance showing the dr and cr balances in each account
-The accounting department posts any necessary adjusting entries such as entries for depreciation, prepaid expenses
-produces final financial statements after adjusted entries are made and the debit and credit amounts in the trial balance are equal
-automatically closes temporary accounts
How can an organization improve the performance of its information systems?
By improving business processes that provide inputs to those systems. Improving consistency and reliability in processes results in better data. Better processes = fewer errors = more efficient accounting
Business process automation
term for the automation of business processes using computer programs designed to perform repetitive tasks.
Shared services
refers to seeking out redundant services, combining them, and sharing those services within a group or organization. they are shared within an organization or group of affiliates and almost always involve software that is designed to process large batches of data
Outsourcing
contracting of services to an external provider.
Quality Risk
an outsourced product or service might be defective
Quality of service
poorly designed service agreements may impede the quality of service
Productivity
Real productivity may be reduced even though service provider employees are paid less
Staff Turnover
experienced and valued staff whose functions have been outsourcing may leave the organizations
Language skills
Language barriers may reduce the quality of service
Security
security information with a third party might be compromised
Qualifications of Outsourcers
credentials may be flawed
Labor Insecurity
increases when jobs move to an external service provider
Robotic Process Automation (RPA)
refers to the use of programs to perform repetitive tasks that do not require skilled human labor
Natural language processing
involves technology developed and used to encode and interpret human languages
Neural Networks
an artificial neural network is a form of technology that is modeled after neurons that facilitate the function of human or animal memory. Input layer/hidden layer/output layer
Processing Integrity
refers to a system’s ability to initiate and complete transactions so that they are valid, accurate, completed timely, and authorized to meet a company objective
How are design control deficiencies in a SOC 2 engagement defined?
- necessary controls that are missing or
- existing controls that are not designed properly
How are design deficiencies related to processing integrity identified?
By applying the trust services criteria. Understand the risk assessment process, evaluate the link between controls in the system description and relevant services criteria, and determine whether the appropriate controls are in place.
Description Criteria for a Description of a Service Organization System in a SOC 2 Report
used to identify deficiencies by comparing organization system design documentation. A set of benchmarks
Principle service commitment and the Principle system requirements
Required to be disclosed by management to support the understanding of the system and the services provided, and the design of the controls
How are operation control deficiencies in a SOC 2 engagement defined?
- Does not operate as designed or
- is performed by a person who lacks authority or competence to perform the control effectively
What is the service auditor responsible for?
Designing and performing the tests of controls: inquiries, reperforming controls, observation
What are some considerations the service auditor should make?
Timing
Size and frequency of sampling
Control Activities category, principle 11
States that there should be general controls over technology in order to achieve organizational objectives. To establish these controls, the company must understand the dependency between general controls over technology and the use of technology in business processes.
Information and Communication category, principle 13
States that organizations should acquire, create, and use quality information in order to support internal controls. These include:
identifying the company’s information needs;
capturing both external and internal sources of data;
processing relevant data into useful information;
maintaining quality when processing that data
Principle 14
States that effective communication of information is necessary to support internal controls. This means communicating internal information to the proper stakeholders, including the board of directors
Blockchain
a control system originally designed to govern the creation and distribution of Bitcoin
What is cryptocurrency mining mean?
Mining involves a person or group of people performing cryptography which is solving of complex mathematical equations. Bitcoin must be mined in order to confirm transactions
What is the result of cryptography?
Blocks of a fixed number of transactions are confirmed at a time. The reward for solving (validating) the equation is both:
the receipt of bitcoin; and
the validation of a new block of transactions
Blockchain was developed to…
prevent Bitcoin from being replicated; and to limit its initial creation so that there is only a finite number of Bitcoins.
Also serves as a audit trail. An auditor can use the chain to verify transactions.
Not all data needed to validate transaction is on the blockchain.
Control Environment
- Demonstrates commitment to integrity and ethical values
- Exercises oversight responsibility
- Establishes structure, authority, and responsibility
- Demonstrates commitment to competence
- Enforces accountability
Risk Assessment
- Specifies suitable objectives
- identifies and analyzes risk
- Assesses fraud risk
- Identifies and analyzes significant change
Control Activities
- Selects and develops control activities
- Selects and develops general controls over tech
- Deploys control activities through policies
Information and Communication
- Uses relevant, quality information
- Communicates internally
- Communicates externally
Monitoring Activities
- Conducts ongoing and/separate evaluations
- Evaluates and communicated deficiencies
When implementing COSO controls to a blockchain setting, an organization should consider the following…
-focus on preventative controls due to volume and speed of transactions being processes
-Increase the frequency of detective controls, also due to the volume
-develop controls that use other analytic tech like AI tools
-develop a code of conduct
-create cross disciplinary teams
A reasonableness test…
will likely prompt an error message when the offset transaction total exceeds the original transaction
Check digit tests…
determines whether an ID number entered is a valid entry
A size check tests compares…
the transaction with predetermined threshold on a standalone basis.
Waterfall method (changes to business processes and managing system changes)
Teams work linearly, allows organizations to focus on system design, testing, deployment, change review, and maintenance.
Agile method (changes to business processes and managing system changes)
structures projects so that different teams work simultaneously
What is the goal of protecting cardholder data?
PCI DSS
Encryption of the transmission of cardholder data across open, public networks enhances the ability to acomplish th goal
