AIS Exam 3

What are the three categories of inventory?

• raw materials

• work in process

• finished goods

bill of materials

a list of all raw materials needed for production

operations list

a list of required activities necessary to complete the production of the product

production order

authorization to product product in the manufacturing facility

production reports

reports that show the number of items manufactured on specific dates

quality control reports

a document that summarizes inspections, tests, and findings to ensure products or services meet quality standards

move ticket

follows product on the production floor

materials requisition

a formal, internal document used by employees or departments to request materials, tools, or inventory from a company’s storage area or purchasing department.

What is included in the cost of goods manufactured

beginning balance of work in process, raw materials, labor, overhead estimates

Predetermined Overhead Rate =

estimated overhead / total estimated labor hours

estimated overhead =

POR x Actual Work Hours

Overhead Costs

Costs that are related to manufacturing but unknown as to which product it pertains. i.e. indirect labor, property taxes, depreciation

Payroll Register

list of workers, each worker’s pay rate, tax withholding information, and benefits elections.

time cards

a card used to record an employee's starting and finishing times, usually stamped by a time clock.

employee earnings statement

a document detailing a workers gross pay, deductions, and net pay.

employee contribution summary

outlines the company’s share of payroll taxes, retirement plan contributions, and health insurance premiums, ensuring both employee and employer obligations are accurately recorded before issuing payments and updating the general ledger,

job time ticket

a document used to track the exact time an employee spends on a specific task

payroll services bureau

a company that manages all aspects of payroll processing for other businesses, including calculations, tax withholding, direct deposits, and compliance reporting

human resources management

the strategic approach to managing an organization’s employees to maximize productivity and achieve business goals

employee mastefile

a database containing information about each employee within an organization

soc report

service organization controls report

Attestation report over service company’s internal controls

soc 1 report

Focuses on a service organization's controls that are relevant to a client’s financial reporting. It is primarily used by auditors to ensure that financial data is being handled accurately and securely.

soc 2 report

Evaluates a company's systems based on five "Trust Services Criteria": security, availability, processing integrity, confidentiality, and privacy. It is a technical, deep-dive report often required for service providers who handle sensitive customer data.

soc 3 report

Provides a high-level, summarized version of the SOC 2 report without disclosing confidential or proprietary details. It is designed for public consumption and marketing, essentially acting as the "General Audience" version of a security audit.

document - a physical or digital document. ex. purchase order, email, report, or invoice

Database - data storage, data is input into the database and the data is retrieved for use in business processes.

data input - the manual input of data into a system, such as a user keying in invoice details from an invoice received in hardcopy from the vendor.

manual processing - when documents are prepared or used completely manually. ex. forklift driver writing a picking ticket.

computer processing - when a computer is used to process a business function

flowline - how shapes are connect to show the flow of transaction documents

decision - when a decision is made by either a human or the computer system performing an automatic process

connector - this shape is used to connect processes between swimming lanes or pages

terminal - shows an external party to the process ex. a vendor who is sending a document to the entity or a document is sent to the shipping group. also ends a flow chart.

hardcopy file - when a hardcopy is required. A = Alphabetical, D = Date, N = Numerical

COBIT

Control Objectives for Information Technology

COBIT Elements

1. access to applications and data

2. computer operations

3. program change control

4. program development

Waterfall Approach

get sign off on one step before we can move to the next step

AICPA Trust Services Framework

1. security

2. confidentiality - company info

3. security - external info

4. availability - disaster recovery

5. processing integrity

3 environments

1. production

2. test

3. development

Layers of IT

• process

• application

• database

• network

• operating system

• physical server

encyrption

Encryption is the process of converting data (plaintext) into an unreadable, scrambled format (ciphertext) using algorithms and keys to ensure confidentiality, restricting access only to authorized users with the decryption key

field check

checks to ensure that correct characters are in the correct field

sign check

verifies that data in a field has the correct numeric sign

limit check

tests a numerical approach against a fixed value

range check

checks to ensure that data falls within a predetermined upper and lower limit

size check

ensures certain fields can only be a certain size

completeness check

all order information is entered

validity check

there is similar data in the master file

reasonableness test

two related fields correspond

check digit

ID numbers can contain a check digit computed from other digits in a number

sequence check

an edit check that determines if a bath of input data is in the proper sequence

financial total

sums a field that contains monetary values

hash total

sums a non-financial numeric field

record count

the number of records in a batch

closed loop verification

checks the accuracy of input data by using that data to retrieve and display other related information

cross footing

footed for mathematical accuracy across and down

It Governance

The process that ensures effective and efficient use of IT so a company can achieve goals and provide value

Security

the overarching principle - access to the system and its data is controlled and restricted to legitimate users

confidentiality

sensitive organizational information is protected from unauthorized disclosures

privacy

personal information about customers, employees, suppliers, or business partners is collected, used, and disclosed and maintained only in compliance with internal policies and external regulatory requirements and is protected from unauthorized disclosure.

processing integrity

data are processed accurately, completely, and in a timely manner, with proper authorization

availability

business continuity (operations) and disaster recovery (technology)

the systems and its information are available to meet obligations

Time based model of security

P > D+R

penetration > detection and response

does it take longer for someone to penetrate the system than it does to detect and respond.

Firewall

Controls inbound and outbound communications. hardware or software running on a general purpose computer.

Patch Management

Process of regularly applying patches and updates to software

Hardening

The process of modifying the default configuration of endpoints to eliminate unnecessary settings and services.

vulnerability assessment vs penetration study

1. penetration study is having a company hired to try and hack into the system

2. vulnerability assessment - a company is hired to assess a system for vulnerability and identify it.

log analysis

the process of examining logs to identify evidence of possible attacks. i.e. which user ID’s try to do what.

intrusion detection systems

systems that create logs of all network traffic that was permitted to pass the firewall and then analyze those logs for signs of attempted or successful intrusions.

Processing Overarching Goals

1. Ensure data is entered completely, accurately, and in a timely manner

2. errored data is identified, corrected, and resubmitted in a timely manner

3. master data is updated in a timely manner

4. management reports identify unusual transactions