CMA Part 1 Section F

Examples of how accounting information system interacts with value chain

- JIT manufacturing and raw materials account management

- Sales information can be used to optimize inventory levels

- Online merchant can use sales data to send promotional emails based on items they purchase

- Reduces cost of interacting with customers and increase customer satisfaction

- Variance report can display variances and reasoning behind variance

-

Elements of automated accounting information systems

- Journal entries - record accounting transactions

- Ledgers - store accounting transactions, general ledger is the foundation of the accounting system

- Chart of accounts

- Master files - store information such as account info, customer info, and customer historical data

- Transaction files - Detailed information on things such as sales transactions or purchase of inventory

- Block codes - the way the general ledger account numbers are coded to assets, liabilities, equity, income, and expenses

- Modules - Specific application within the computerized system where journals are processed (EX: VIM in SAP)

- Transaction code - A specific code that identifies transactions as what they are (ex sales transactions, inventory transactions)

- Sequence codes - Codes assigned by the accounting system to identify customer sales invoices created in order entry module

Input devices to an automated accounting information system

- Keyboards and mice

- Barcode scanners

- Point-of-sale systems

- Tablet computers, microphones, web cameras

- Source documents that should be maintained as backup for all transactions recorded in the accounting system

Output of an automated accounting system

- Audio output devices like headphones and speakers

- Video output devices like monitors and projectors

- Physical reproductions of data like paper copies

Different transaction cycles

- Revenue to cash

- Purchase and expenditures

- Production

- HR and Payroll

- Financing

- Fixed asset

- General Ledger and Reporting

Revenue to cash

Involves activity and transactions related to sale of goods and services and collecting cash from customers

- Tracking sales to customers

- Recording fulfilling of customers needs

- Maintaining customer records

- Billing for goods and services

- Recording payments collected for goods provided

- Forecasting sales and cash collected using the outputs

Activities and inputs to the revenue to cash cycle

- Receipt of customer orders resulting in creation of sales orders

- Inventory is checked to see if we have the goods

- Order confirmation may go to the customer

- If the order is a credit order, the customer's credit is checked

- Input is created in the AIS for the order and the packing slip

- Notice is sent to warehouse to print packing slip, pick the order, and prepare it for shipping

- Shipping information is processed, package is shipped or service is provided, if sale is a credit sale, the credit card charge is released

- AR module, Inventory module, General ledger are updated

- If a return is necessary, should make sure item is received physically, deliver it back to the warehouse and add to inventory, credit the customer's account and correct GL

- When payment is received from a credit sale, should update the AIS on AR module to recognize the payment and increase cash

Outputs of the revenue to cash cycle

- Internal management reports such as sales and inventory

- Customer statements summarizing invoices by customer, payments, and balance

- Customer AR aging reports

- Collection reports for overdue balances

- Information from above reports is used as input for a forecast of cash collections

Purchase and Expenditures cycle

Involves obtaining purchases in a timely manner for the lowest cost possible. Purchasing department is responsible for locating and approving vendors who offer good products at affordable prices, maintaining relationships with suppliers and other partners in the supply chain.

Purchases and Expenditures AIS uses

- Tracking purchases of goods or services

- Tracking amounts owed and making timely payments

- Maintaining vendor records and list of vendors

- Managing inventory

- Forecasting purchasing needs and cash flows

Activities and inputs to purchase and expenditures cycle

- Initial purchase requisition is made

- Request is transmitted to the purchasing department

- Purchasing department selects the vendor, creates the purchase order, sends purchase order to vendor, also transmits the order to the receiving department

- When items are received, receiving departments creates a report showing the items received. Receiving department should not be able to see quantity ordered. Receiving department records receipt of goods in AIS module

- Invoice received from vendor is compared to PO and receiving report. If there any differences we need to correct those

- Invoice information is put into AP module, invoice should be matched the goods receipt from the receiving team.

- If the item was a service, approval should be received from a manager before payment

- If everything was received on the PO correctly, the payment can be made via paper check or EFT

- AP module and GL are updated

- Should have controls along limiting potential for duplicate invoices

Outputs to the purchase and expenditure cycle

- Paper check or payment remittance

- Forecast of cash requirements

- Discrepancy report that notes any difference in quantity shipped, prices between the PO and receiving report

Production cycle

Involves converting raw materials into finished goods. AIS system is used for:

- Tracking purchases of raw materials

- Monitoring and controlling manufacturing costs

- Managing inventories

- Controlling the production process

- Providing input for budgets

- Collecting cost accounting data for decision making

- Variance analysis for job costing, process costing, or ABC systems

Activities and inputs of production cycle

- Production managers issue materials requisition

- Physical inventory count is compared to inventory records periodically

- If the level of raw materials falls below a certain level, a purchase requisition is issued to purchasing department

- Bill of materials for each product is created to show components and quantities needed to produce FG

- Master production schedule shows quantity of goods needed to be made to meet anticipated demand

- Labor time is tracked for costing purposes

- ERP systems are used at larger companies to collect, store, manage, and interpret data across an organization.

Data entry is accomplished with technology such as barcode scanners, RFID, GPS technologies

Outputs of production cycle

- Materials price lists

- Usage reports of raw materials by various production departments

- Inventory reconciliations comparing actual with records

- Inventory status reports for purchasing managers

- Production costs reports, used to calculate variances

- Manufacturing status reports for certain jobs

- These reports are used to develop financial statements

HR and Payroll Cycle

Involves hiring, training, paying, and terminating employees. AIS system is used for:

- Recording hiring and training of employees

- Processes associated with employee terminations

- Maintaining employee earnings records

- Complying with regulatory requirements

- Reporting on payroll benefit deductions such as healthcare

- Making timely and accurate payroll payments to employees, payment for benefits, and tax payments to authorities

Inputs to HR and Payroll Cycle

- Personnel forms documenting hiring of employees and changes

- Timesheets showing hours worked

- Payroll deduction authorization forms

- Tax withholding forms

Outputs of HR and Payroll cycle

- Information about employees

- Payroll payment registers used to make entries to the GL

- Preparing paychecks for direct deposit

- Deduction reports for employee deductions

- Payroll summaries used by managers to analyze payroll expense

- Tax reports used for remitting payroll taxes to taxing authorities

- Reporting to employees the information on their income and taxes paid

Financing cycle

Activities associated with raising money for operations. Financial planning models are used to determine the best strategies of obtaining capital. AIS is used for:

- Provide information on customer payments and show trends in cash collection

- Can be used to make payments via EFT

- Estimates of interest and dividend payments are used to develop cash flow forecasts

Activities and inputs of financing cycle

- Cash flows from customer payments

- Deposit receipts issued from the bank

- Bank statements are used to reconcile actual cash balance with cash balance on books in GL

- Economic and market data, interest rate data and forecasts

Outputs of the financing cycle

- Interest revenue and expense

- Dividend revenue and dividends paid

- Summaries of cash collections and disbursements

- Balances in debt and equity investment accounts

- Cash budget showing projected cash flows

Reports produced by AIS for financing cycle include changes in investment, dividends paid, interest earned, net new debt and retired debt, significant ratios such as ROI for the organization and individual departments

Fixed Asset Cycle

Manages the purchase, valuation, maintenance, and disposal of PP&E. AIS is used for:

- Recording purchased assets in fixed asset module and GL

- Maintaining and recording depreciation to calculate book value

- Maintaining deferred tax records

- Maintaining records of physical locations of fixed assets

- Tracking repair costs and distinguishing between repair costs that are expensed and capitalized

- Recording impairment of fixed assets

- Tracking disposal and calculating amount of gain or loss

Activities and inputs to fixed asset cycle

- Request for fixed asset purchase. Usually requires approval by one or more higher level managers

- Purchasing department will submit a PO to the vendor for the asset

- If the company builds the asset rather than buying it, a work order is used that details costs of construction

- Repair and maintenance records need to be maintained

- When an asset is moved, should be a fixed asset change form completed

- This change form should be used to record the sale, trade, or retirement of fixed assets

Outputs of fixed asset management system

- List of all fixed assets acquired during a period

- Fixed asset register listing the assigned ID numbers of each asset and the location of the asset

- Depreciation register showing depreciation expense and accumulated depreciation for each asset

- Repair and maintenance reports showing current period's cost and historical information

- Report on retired assets showing sale of any assets during current period

General ledger and reporting system

Contains accounts for all assets, liabilities, equity, revenues, expenses, gains, and losses. Most day to day transactions are initially recorded in individual modules such as AR or AP modules. This automatically creates transactions to the general ledger.

Financial reporting systems

Primary purpose is to produce external financial statements for stakeholders and analysts. Reports include balance sheet, income statement, cash flow statement, comprehensive income statement, and changes in equity statement. Reports used internally include

- Trial balance which shows account balances at a specific time. Used to check preliminary balances before adjusting entries are made

- General ledger report shows all or individual GL account balances and transactions within them. Used to analyze specific transactions posted to an account

Management reporting systems

- Cost accounting systems collect labor, material, and overhead costs used in calculation of inventory costs of manufactured goods. This is used to determine value of inventory and report variances

- Profitability and responsibility reporting systems involve comparisons between actual and planned amounts and variances. This is used to look at and explain variances.

Relational Database

Collection of data organized with different tables with predefined relationships. The data in the tables can be linked to one another based on common data. You can pull the data using a single query

Data hierarchy

the structure and organization of data, which involves fields, records, and files. Data is scheduled in levels.

- First level is a data field - Describes one attribute of the data such as an employee's last name

- Second level is a record - Contains all information about one item of data such as employees first name, last name, address, DOB, etc

- Third level is a file or table - Set of common records such as records for all employees

- Highest level is a database - This is made up of several related files or tables.

Primary and foreign keys

Primary key - Every record has a primary key, something that distinguishes the record from the others in a table

Foreign keys - These connect information in a record between other records in other files or tables

Entity-relationship modeling

The process of designing a database by organizing data entities to be used and identifying the relationships among them

Entity relationships

One to one, one to many, and many to many. Show the nature of relationship between entities in different files or tables within the database. EX: relationship between 1 employee and their many paychecks would be a one to many relationship

Database management system

Creates, reads, updates, and deletes data in a database while controlling access and security. Perform 4 primary functions

- Database development - Develop databases and create records

- Database maintenance - record deletion, changes, and reorganization

- Database interrogation - Querying data from database

- Application development - Creating custom applications for users to query data and make reports

Database development

The work around structuring data records and fields within a database. For example, we want to record certain data in certain columns like column A is the employee's first name column B is last name. Includes database's schema, subschema, and record structure. We would use a data definition language to achieve this

Database schema

a "map" of data tables and their relationships to one another

Database subschema

Also called a "view" this is a way to limit access to a certain part of information contained in the database. For example, we can provide read only access to people who shouldnt be updating the data

Database record structure

How the individual fields are layed out for each record. Also defines the format of the input Can use an input mask so users know how to enter the data into a table. For example, date field may use __/__/____

Database interrogation

Can use a query language like SQL to pull data from a database. Business programs usually provide graphical user interface that creates SQL commands without the user having to know specific format of commands

ERP System components

Production planning, inbound and outbound logistics, accounting and finance, HR, sales, distribution, and order management

Integration of ERP software

ERP integrates accounting, customer relations, business services, HR, and supply chain management so the data needed by other areas of the organization will be available in one centralized location

Centralized database component of ERP

All data from all areas of organization flows into one system rather than multiple systems in different locations. All users have access to the same data

ERP usually requires...

Usually requires business process reengineering. Customization is either impossible or prohibitively expensive, also takes a while to set up.

Extended ERP Systems

Sometimes called ERP II and ERP III bring in customers, suppliers and other business partners into one interface. ERP II systems interface with suppliers and vendors to supply information on inventory levels and sales orders. ERP III can interface companies with their customers.

Advantages of ERP System

- Integrated systems

- Centralized computer resources reduces IT costs and staff

- Centralization of data

- Day to day operations are facilitated so business can adapt more easily

- Business processes can be monitored in different ways

- Communication across departments is improved

- Data duplication is reduced

- Expenses can be better managed and controlled

- Inventory management is facilitated

- Trends can be more easily identified

- Efficiency of financial reporting can be increased

- Resource planning as part of strategic planning is easier

Disadvantages of ERP System

- Business reengineering

- Converting data can be time-consuming and costly

- Have to train employees on new system

- Unsuccessful ERP rollouts can cause disruption in production, inventory management, and sales

- Ongoing costs after implementation

Data warehouse

One place for a copy of all historical data. Separate from ERP system as data warehouse is not used for everyday transaction processing. Managers can use business intelligence tools (power bi) to extract information from the data warehouse.

Data in a data warehouse should

- Be free of errors

- Be uniformly defined

- Cover a longer time span than the company's transaction systems

- Allow users to write queries to pull information

Process of making data available in data warehouse

- Periodically, data is uploaded from various data sources

- Datasets are transformed to be compatible with one another. This transformation is called schema-on-write as schema is applied before data is loaded into data warehouse

- We can now use the data in the data warehouse to look at trends, query, run analysis

Data mart

contains a subset of data warehouse information

3 different types of data marts

- Dependent - draws on existing data warehouse, constructed using top down approach

- Independent - created without the use of a data warehouse, constructed using a bottom up approach, this is usually not optimal

- Hybrid - combines data from dependent and independent data marts. Only a hybrid data mart allows analysis of data from a data warehouse with data from other sources

Data lake

a storage repository that holds a vast amount of raw data in its original format until the business needs it. Data lake uses NoSQL language to analyze and query data

Enterprise performance management

Software to monitor and manage the performance of an organization in reaching its performance goals. Aids in the process of linking strategies to plans and execution. It is designed to gather data from multiple sources and consolidate it to support performance measurement

Examples of EPM capabilities

- Reports comparing actual performance to goals

- Reports on attainment of KPIs

- Balanced scorecards, strategy maps

- Creating and revising forecasts

- Generating dashboard for business needs at the time

Data governance

Refers to the overall management of the availability, usability, integrity, and security of company data

Data management

Part of data governance. Involves creating data, collecting, storing, maintaining, securing, archiving, destroying, and using it to add value to a business.

Main components of data management

- Data availability

- Data usability

- Data integrity

- Data security

- Data privacy

- Data integration

- System availability

- Compliance with regulations

- Determination of roles and responsibilities

Benefits of IT Frameworks

- Identify specific roles and responsibilities

- Provide a benchmark for assessing risks and controls

- Following a framework provides a higher likelihood of implementing effective governance and controls

- Frameworks break down objectives and activities into groups

- regulatory compliance may be easier to achieve

Committee of Sponsoring Organizations

Consists of 5 professional organizations that created one of the first internal control frameworks in 1992.

Principles of Control Environment for COSO for data governance

- Standards for integrity, ethical behavior, competence, and accountability for the organization including data governance

- Oversight of data governance may be carried out by an IT committee of the board of directors

- Governance over data would include establishment of access privileges to data appropriate to individuals' need for information

Principles of Risk Assessment for COSO for risk governance

- Risks to data should be identified and analyzed, because data breaches, loss of data, and corruption of data can bring down an entire organization

- Fraud related to data should be investigated including fraudulent changes made to data and preventive controls are needed

Control activities related to data governance

Policies, procedures, and rules that provide reasonable assurance that control objectives are met and risk responses are carried out. This is applied to data governance as management should establish appropriate controls over technology infrastructure to help ensure the completeness and accuracy of the data.

Information and communication and data governance

Data should be captured internally as well as from external sources and information should be able to be transformed by the IT systems. Information should be protected and retained

Monitoring activities and data governance

- Internal controls over data need to be evaluated on an ongoing basis

- Any deficiencies need to be evaluated and communicated in a timely manner for corrective action.

Data life cycle

The sequence of stages that data experiences, which include plan, capture, manage, analyze, archive, and destroy

What are the phases of the data life cycle related to data capture?

Data capture includes acquisition, data entry, and signal reception.

What is involved in the data qualifying phase of the data life cycle?

Data qualifying includes assessing captured data for quality and completeness.

What is the focus of the data maintenance phase in the data life cycle?

Data maintenance involves processing data before deriving value from it, with a governance issue related to data supply.

What does the data transformation phase of the data life cycle entail?

Data transformation involves creating new data values using other data as input, with governance concerns about data ownership and citation.

What is the purpose of the data usage phase in the data life cycle?

Data usage involves applying data to tasks, with a governance challenge related to legal use of data.

What does the data analytics phase of the data life cycle focus on?

Data analytics involves analyzing data internally to produce meaningful results, with governance challenges related to data accuracy and reporting.

What is meant by data publication or reporting in the data life cycle?

Data publication or reporting refers to sending data outside the organization, with a governance issue of irreversibility once data is sent out.

What is the purpose of data archival in the data life cycle?

Data archival involves removing data from active environments, with data governance defining archiving procedures.

What is the significance of data purging in the data life cycle?

Data purging occurs at the end of the data's life cycle, with data governance establishing purging schedules.

Records management

Establishes how records are to be maintained, identified, retrieved, preserved, and when and how they will be destroyed

Factors to be considered in developing records management policy

- Federal, state, and local document retention requirements

- Requirements of Sarbanes-Oxley Act of 2002

- Statute of limitations information

- Accessibility

- Record of records

Benefits of a documented records management policy

- Locating documents is easier

- In the event of a lawsuit, having a records management system that is consistently followed demonstrates a reasonable purpose for destroying records

- Having a good policy increases chances of organization's compliance

- Records will be adequately protected

- Records that are no longer needed will be destroyed

Sources of cyberattacks

- Hackers - Looking to cause harm or have fun, not necessarily financially motivated

- Hacktivists - Have a specific motivation that may not be money

- Cybercriminals - Usually seeking some sort of payoff from company they are targeting

- Employees - Could be disgruntled employees

- Competitors - Would fall under corporate espionage

- Foreign states - rarely happens

Denial of Service attack

a cyber attack in which an attacker sends a flood of data packets to the target computer, with the aim of overloading its resources. Hackers gain access of internet of things devices and use malware tools to create a botnet

Buffer overflow attacks

Designed to send lots of data to a computer causing the system to crash, permitting the attacker to run malicious code

Man-in-the-middle attack

Is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.

Password attacks

Password attacks are attempts to gain unauthorized access to a system by guessing or cracking passwords

Malware

Broadly refers to malicious software. Some examples include:

- Spyware - can secretly gather data off your PC

- Other types can turn a PC into a "bot" or "zombie" giving hackers full access

- Rootkits - Allow for remote access to a computer

Ransomware

Software that encrypts programs and data until a ransom is paid to remove it. there is usually a key to unlock this data only the attacker knows

Zero-day exploit

A vulnerability that is exploited before the software creator/vendor is even aware of its existence.

pay per click abuse

Fraudulent clicks on paid online search ads. Usually run by one company against another

Logic bomb

A computer program or part of a program that lies dormant until it is triggered by a specific logical event. Once triggered they execute a malicious task

Tampering

Making unauthorized changes to a system, usually illegally

Copyright infringement

Theft and replication of copyrighted material

Phishing

a technique to gain personal information for the purpose of identity theft, usually by means of fraudulent e-mail

Defenses against cyberattacks

- Encyrption

- Ethical hackers

- Advanced firewalls

- Access controls

- 2FA

- Physical access controls

Encryption

Encrypts data so if hacker gains access to data it is unreadable. Encryption protects both stored data and data that could be intercepted during transmission

Ethical hackers

Users who attempt to break into a computer system or network with the owner's permission. Ethical hacking methods include:

- Vulnerability testing: Scanning networks, systems, and applications to find vulnerabilities

- Penetration testing: If an ethical hacker finds a vulnerability, it will attempt to exploit those weaknesses

Advanced firewalls

Called Next Generation Firewalls. Can filter packets based on applications and distinguish between safe and unsafe applications. This means they can block malware from entering network

Access controls

Logical access controls - focus on who can use which computer equipment and who can access data. To restrict data only to authorized users, one or more of the following strategies can be used:

- Something you know

- Something you are

- Something you have

Physical access controls - Focus on physical security

- Walls and fences

- Locked gates and doors

- Manned security posts, security cameras

- Guard dogs, alarm systems

Something you know strategy

- Most common is user id and passwords.

Something you are strategy

- Biometrics is the most common form. Can recognize physical characteristics such as eyes, fingerprints, faces, voices.

Something you have

Requires the presence of a physical object to verify a user's identity

2FA examples

- Security questions

- Passwords linked to biometrics

- Verification codes

- Biometric scan combined with a code from a dob

User access considerations to prevent fraud

- Automatic locking or logoff policies

- Logs of all login attempts

- Accounts that automatically expire

System development life cycle

Formal set of activities used to develop and implement a new or modified information system