Exam 1

Home
Need Assignment Help?

SOM purchasing computers (sales process ex.)

Quote --> Sales order --> Check availability (ATP?) --> pick list --> pack list (different addresses) --> shipment --> invoice --> payment

ATP

available to promise

Business Process and Accounting Transactions chart

1. Pre-sales activities (quotes)
2. Sales order entry
3. Check availability
4. Pick Materials
5. Pack Materials
6. Post Goods Issue
COGS XX
Inventory XX
7. Invoice Customer
A/R XX
Sales XX
8. Receipt of Customer Payment
Bank XX
A/R XX

Chart of Accounts is...

not standardized
depends on the accounts of the specific business

3 business processes

Sales / Revenue
Purchase / Expense
Manufacturing / Conversion

Business process flow can be monitored

at a granular level (finely detailed)

Financial impact transactions..

create unique numbered electronic documents
Post Goods Issue
Invoice Customer
Receipt of Customer payment

Can you delete documents from SAP database?

no

Audit Trail

contains critical and necessary information
- person responsible
- date and time of transaction
- Commercial content
provides a solid and important framework for a strong internal control system (required by SOX)

What is a business process?

a collection of related, structured activities or tasks that produce a specific service or product
begins with mission objective
ends with achievement of the business objective
outcome of a well designed business process:
increased effectiveness
increased

BPM

business process management

Business Process Management

a management approach that seeks to coordinate the functions of an organization toward an ultimate goal of continuous improvement in customer satisfaction

5 categories of activities in BPM

DMEMO
Design: identify existing processes and DESIGN how processes should function once they have been improved
Modeling: introduce variables to the conceptual design for "what-if" analysis
Execution: Design changes implemented and key indicators of succe

General technique or approach to process mangement..

DMAIC
Define: define original process as baseline
Measure: identify indicators that will show a change to the process
Analyze: run simulations/models to determine the targeted improvement
Improve: select the improvement and implement
Control: use dashboar

Six Sigma

continuous quality-improvement program that uses rigorous metrics in the evaluation of goal achievement

Process Management is also referred to as

PDCA
Plan: design the planned process improvement
Do: implement the process improvement
Check: monitor the improvement
Act: continuously commit and reassess

Benefits of Process mangement

Efficiency: resources are used to accomplish objectives
Effectiveness: objectives are accomplished with greater predictability
Agility: quicker responses to changes

DFDs model

systems processes

ER diagrams model

systems data

DFD

data flow diagram
uses symbols to represent
entities
processes
data flows
data stores
represents logical elements of the system, but does not depict the physical system

ER diagram

Entity relationship diagram
technique used to represent the relationship between business entities
cardinality (degree of relationship)
1:1
1:M
M:M
blueprint for the physical database

Systems flowchart (process flowchart)

graphical representation of the physical relationships among key elements of a system
shows the processing of a SINGLE transaction only
describes physical computer media being used
departments, manual activities, computer programs, hard-copy and digital r

Program flowchart

provides operational details for every program represented in a system flow cahrt

CIA

Confidentiality
Integrity
Availability

Input controls

source data controls regulate the integrity of input, which is crucial to accurate output (GIGO)

GIGO

garbage in garbage out

data validation (input controls)

at the field level
meaningful error messages
edit checks
input masks - string expression that governs what a user is allowed to enter in as input in a text box
pre-numbered forms
source data preparation procedures

Processing Controls

Data Matching
File Labels
Recalculation of batch totals
Cross-footing and zero balance tests
White-protection mechanisms
Database processing integrity procedures

Data matching

matching 2 or more items of data before taking an action improves transaction processing
ex: 3 way matching of purchase order, goods received note, and invoice

File labels

use file labels to ensure the correct and most current files are updated

real-time vs. batch

timing
real-time ex - internet purchase, immediate gratification
batch ex - BU brain grades, payroll

Recalculation of batch totals

comparison of amounts input to amounts output ensures volume is correct
hash totals (sums) can be used to confirm that the correct source documents are included

Cross-footing and zero balance tests

testing the sum of a column of row totals to the sum of a row of column totals to verify results

white-protection mechanisms

protections guard against accidental writing over or erasing data files stored on magnetic media

Database processing integrity procedures

database administrators establish and enforce procedures for accessing and updating the database
data dictionaries ensure that the data items are defined and used consistently
concurrent update control processing integrity (lock out one user until the sys

Software/hardware flow

BIOS ---> Hardware ---> operating system ---> database ---> application

Output controls

user review of output
reconciliation procedures
external data reconciliation
output encryption

reconciliation procedures

check and reconcile individual transactions and other updates to control reports

external data reconciliation

reconciliation of database totals with data maintained outside the system

output encryption

authenticity and integrity of data outputs must be protected during transmission
encryption reduces chance for data interception
data transmission error - receiving unit requests the sending unit to retransmit the data
parity checking - parity bits are us

correctly functioning controls

CIA (CAI) for controls
Completeness
Accuracy
Integrity

COSO (Treadway Commission)

Committee of Sponsoring Organization
established to study the factors that can lead to fraudulent reporting

COSO (internal Control - Integrated Framework) 2 broad groups of IT control

General controls and application controls

General controls

designed to ensure that an organization's control environment is stable and well managed
- systems development standard (following SDLC)
- security management controls (PODS username)
- change management procedures
- software acquisition, development, ope

SDLC

Systems development life cycle

SDLC at PWC

Unit testing
System integration testing
user acceptance testing

Application Controls

prevent, detect, and correct transaction error and fraud and are application specific, providing reasonable assurance as to system
- accuracy
- completeness
- validity

Information Technology (IT) controls

should be established for acquisition of hardware and software, operating costs, and for usage
segregation of duties
limit to asset access

Diagnostic Controls

designed to achieve efficiency in operations of the firm to get the most from resources used

Control effectiveness

principles of control to systems development and maintenance
strategic master plan
data processing schedule
steering committee
System performance measurements (% utilization, response time)

strategic master plan

align IS with its business strategies with a multi-year strategic plan

steering committee

guide and oversee systems development and acquisition

Logical controls

use software and data to monitor and control access to information and computing systems
- user access
- managing passwords

firewalls

network security systems that monitor and control incoming and outgoing network traffic based on predetermined security rules

firewall - default-allow policy

list network services that are not allowed, and everything else is okay

firewall - default-deny policy

lists allowed services only and everything else is denied

Digital certificates

a form of data security where electronic documents are created and signed by a trusted party that certify the identity of the owners of a particular public key

PKI

public key infrastructure - the system and processes used to issue and manage asymmetric keys and digital certificates

certificate authority

issues keys and records the public key in digital certificates

access control lists

specify which users or system processes are granted access to objects

network intrusion detection systems

comprises of devices and/or software programs that monitor the network or system activities for malicious activities or policy violations producing reports for management

Physical controls

monitor and control the environment of the workplace and computing facilities
segregation of duties
monitoring and control of access to and from facilities (smart cards)
backup files
uninterrupted power supply
program modification controls
malware detecti

program modification controls

controls to changes in programs being used in production

Manual controls

controls performed by a person without making direct use of automated systems

automated controls

control performed by an automated system without interference of a person

value of automated controls

TEAS
timeliness
efficiency
accuracy
security

Preventive controls

security awareness training
firewalls
intruder detection systems

detective controls

blend of technical controls like intruder detection systems, network monitoring, incident alerting to help track how and when system intrusions are being attempted

corrective controls

applying patches, restoring backup data, vulnerability mitigation to make sure that systems are configured correctly

SOM purchasing computers (sales process ex.)

Quote --> Sales order --> Check availability (ATP?) --> pick list --> pack list (different addresses) --> shipment --> invoice --> payment

ATP

available to promise

Business Process and Accounting Transactions chart

1. Pre-sales activities (quotes)
2. Sales order entry
3. Check availability
4. Pick Materials
5. Pack Materials
6. Post Goods Issue
COGS XX
Inventory XX
7. Invoice Customer
A/R XX
Sales XX
8. Receipt of Customer Payment
Bank XX
A/R XX

Chart of Accounts is...

not standardized
depends on the accounts of the specific business

3 business processes

Sales / Revenue
Purchase / Expense
Manufacturing / Conversion

Business process flow can be monitored

at a granular level (finely detailed)

Financial impact transactions..

create unique numbered electronic documents
Post Goods Issue
Invoice Customer
Receipt of Customer payment

Can you delete documents from SAP database?

no

Audit Trail

contains critical and necessary information
- person responsible
- date and time of transaction
- Commercial content
provides a solid and important framework for a strong internal control system (required by SOX)

What is a business process?

a collection of related, structured activities or tasks that produce a specific service or product
begins with mission objective
ends with achievement of the business objective
outcome of a well designed business process:
increased effectiveness
increased

BPM

business process management

Business Process Management

a management approach that seeks to coordinate the functions of an organization toward an ultimate goal of continuous improvement in customer satisfaction

5 categories of activities in BPM

DMEMO
Design: identify existing processes and DESIGN how processes should function once they have been improved
Modeling: introduce variables to the conceptual design for "what-if" analysis
Execution: Design changes implemented and key indicators of succe

General technique or approach to process mangement..

DMAIC
Define: define original process as baseline
Measure: identify indicators that will show a change to the process
Analyze: run simulations/models to determine the targeted improvement
Improve: select the improvement and implement
Control: use dashboar

Six Sigma

continuous quality-improvement program that uses rigorous metrics in the evaluation of goal achievement

Process Management is also referred to as

PDCA
Plan: design the planned process improvement
Do: implement the process improvement
Check: monitor the improvement
Act: continuously commit and reassess

Benefits of Process mangement

Efficiency: resources are used to accomplish objectives
Effectiveness: objectives are accomplished with greater predictability
Agility: quicker responses to changes

DFDs model

systems processes

ER diagrams model

systems data

DFD

data flow diagram
uses symbols to represent
entities
processes
data flows
data stores
represents logical elements of the system, but does not depict the physical system

ER diagram

Entity relationship diagram
technique used to represent the relationship between business entities
cardinality (degree of relationship)
1:1
1:M
M:M
blueprint for the physical database

Systems flowchart (process flowchart)

graphical representation of the physical relationships among key elements of a system
shows the processing of a SINGLE transaction only
describes physical computer media being used
departments, manual activities, computer programs, hard-copy and digital r

Program flowchart

provides operational details for every program represented in a system flow cahrt

CIA

Confidentiality
Integrity
Availability

Input controls

source data controls regulate the integrity of input, which is crucial to accurate output (GIGO)

GIGO

garbage in garbage out

data validation (input controls)

at the field level
meaningful error messages
edit checks
input masks - string expression that governs what a user is allowed to enter in as input in a text box
pre-numbered forms
source data preparation procedures

Processing Controls

Data Matching
File Labels
Recalculation of batch totals
Cross-footing and zero balance tests
White-protection mechanisms
Database processing integrity procedures

Data matching

matching 2 or more items of data before taking an action improves transaction processing
ex: 3 way matching of purchase order, goods received note, and invoice

File labels

use file labels to ensure the correct and most current files are updated

real-time vs. batch

timing
real-time ex - internet purchase, immediate gratification
batch ex - BU brain grades, payroll

Recalculation of batch totals

comparison of amounts input to amounts output ensures volume is correct
hash totals (sums) can be used to confirm that the correct source documents are included

Cross-footing and zero balance tests

testing the sum of a column of row totals to the sum of a row of column totals to verify results

white-protection mechanisms

protections guard against accidental writing over or erasing data files stored on magnetic media

Database processing integrity procedures

database administrators establish and enforce procedures for accessing and updating the database
data dictionaries ensure that the data items are defined and used consistently
concurrent update control processing integrity (lock out one user until the sys

Software/hardware flow

BIOS ---> Hardware ---> operating system ---> database ---> application

Output controls

user review of output
reconciliation procedures
external data reconciliation
output encryption

reconciliation procedures

check and reconcile individual transactions and other updates to control reports

external data reconciliation

reconciliation of database totals with data maintained outside the system

output encryption

authenticity and integrity of data outputs must be protected during transmission
encryption reduces chance for data interception
data transmission error - receiving unit requests the sending unit to retransmit the data
parity checking - parity bits are us

correctly functioning controls

CIA (CAI) for controls
Completeness
Accuracy
Integrity

COSO (Treadway Commission)

Committee of Sponsoring Organization
established to study the factors that can lead to fraudulent reporting

COSO (internal Control - Integrated Framework) 2 broad groups of IT control

General controls and application controls

General controls

designed to ensure that an organization's control environment is stable and well managed
- systems development standard (following SDLC)
- security management controls (PODS username)
- change management procedures
- software acquisition, development, ope

SDLC

Systems development life cycle

SDLC at PWC

Unit testing
System integration testing
user acceptance testing

Application Controls

prevent, detect, and correct transaction error and fraud and are application specific, providing reasonable assurance as to system
- accuracy
- completeness
- validity

Information Technology (IT) controls

should be established for acquisition of hardware and software, operating costs, and for usage
segregation of duties
limit to asset access

Diagnostic Controls

designed to achieve efficiency in operations of the firm to get the most from resources used

Control effectiveness

principles of control to systems development and maintenance
strategic master plan
data processing schedule
steering committee
System performance measurements (% utilization, response time)

strategic master plan

align IS with its business strategies with a multi-year strategic plan

steering committee

guide and oversee systems development and acquisition

Logical controls

use software and data to monitor and control access to information and computing systems
- user access
- managing passwords

firewalls

network security systems that monitor and control incoming and outgoing network traffic based on predetermined security rules

firewall - default-allow policy

list network services that are not allowed, and everything else is okay

firewall - default-deny policy

lists allowed services only and everything else is denied

Digital certificates

a form of data security where electronic documents are created and signed by a trusted party that certify the identity of the owners of a particular public key

PKI

public key infrastructure - the system and processes used to issue and manage asymmetric keys and digital certificates

certificate authority

issues keys and records the public key in digital certificates

access control lists

specify which users or system processes are granted access to objects

network intrusion detection systems

comprises of devices and/or software programs that monitor the network or system activities for malicious activities or policy violations producing reports for management

Physical controls

monitor and control the environment of the workplace and computing facilities
segregation of duties
monitoring and control of access to and from facilities (smart cards)
backup files
uninterrupted power supply
program modification controls
malware detecti

program modification controls

controls to changes in programs being used in production

Manual controls

controls performed by a person without making direct use of automated systems

automated controls

control performed by an automated system without interference of a person

value of automated controls

TEAS
timeliness
efficiency
accuracy
security

Preventive controls

security awareness training
firewalls
intruder detection systems

detective controls

blend of technical controls like intruder detection systems, network monitoring, incident alerting to help track how and when system intrusions are being attempted

corrective controls

applying patches, restoring backup data, vulnerability mitigation to make sure that systems are configured correctly