ACC 361 Exam 1

Why does a business organization exist

to transfer goods/services
to make a profit

risk

- exposure to the chance of injury or loss
- inherent in each transaction and event and is mitigated through internal controls
- anything that can go wrong and hurt a business

how does a business meet its goals and objectives

through series of transactions and events in business processes

types of transactions

financial
non financial

financial transactions

economic events that affect the assets, liabilities, and/or equity of the org
some event that leads to a journal entry

non financial transactions

all other events processed by the org's information system
technically not referred to as a transaction
no journal entry necessary but still an important event

how are transactions grouped

in cycles
expenditure, conversation, revenue

expenditure cycle

acquiring items and making payments
buying and paying for initial materials or inventory or fixed assets
payments can be one time or a stream
paying for labor
subsystems: purchasing/accounts payable, cash disbursements, payroll, fixed assets

conversion cycle

taking acquired resources and turning them into goods/services
tracking costs
subsystems: production planning and control, cost accounting

revenue cycle

selling goods/services and collecting cash
subsystems: sales order processing, cash receipts

business process

series of activities that accomplishes a business objective
broken into 3 different ways:
- acquisition/payment process
- conversion process
- sales/collection process

acquisition/payment process

acquiring, maintaining, and paying for resources the org needs to provide goods/services
(equivalent to expenditure cycle)

conversion process

converting the acquired resources into goods and services
typical activities: manufacturing, providing, distributing, growing, harvesting
(equivalent to conversion cycle)

sales/collection process

selling goods and services to customers and collecting payment
different ways to sell: in person, online, online order with instore pickup
(equivalent to revenue cycle)

types of risk

financial reporting risk
financial performance risk
operation risk
compliance risk

operational risk

includes cyber security, risk of tech breach of data

compliance risk

not following rules and regulations of industry

where can risk arise from

business environment
business strategy
transactions and events in business cycles/processes

how can businesses mitigate risk

establish internal controls
look for what can go wrong and then create a control

preventative controls

focus on
preventing
an error or irregularity
- upfront, make sure things don't happen

detective controls

focus on
identifying
when an error or irregularity has occurred
- find out as soon as possible to correct it and try to create preventative ones for the next time

corrective controls

focus on
recovering
from, repairing the damage from, or minimizing the cost of an error or irregularity

Sarbanes-Oxley Act of 2002 Section 404

- must prepare an annual internal control report
- must state it is responsible for designing and maintaining internal control procedures over financial reporting system
- must access these controls, ensure they're working as they're supposed to
- externa

examples of internal control activities

approvals/authorizations
separation of responsibilities
renumbered documents
security of assets
independent check on performance
reconciliations

AIS (Accounting Information Systems)

organizational component that accumulates, classifies, analyzes, and communicates relevant financial and non financial decision-making info to a company's internal and external parties

Purpose of AIS

collect and store data
transform data into info
provide assurance that
- org's data is accurate and reliable
- org's assets are safeguarded
- org is operating as managers intend

Luca Pacioli

- father of accounting
- painting by Jacopo de Barbari
- fransican monk
- tutored in homes of rich italian merchants, wrote books about math and religion
- wrote "Summa de Arithmetica, Geometria, Proportioni et Proportionality

Summa de Arithmetica, Geometria, Proportioni et Proporzionalit�

everything about arithmetic, geometry, and proportion
book that contains chapters describing the double-entry accounting and accounting cycle

flowcharts in AIS

used in system development to document a system that already exists
- help SOX Section 404 compliance
- for internal use

flowchart types

document flowchart
system flowchart
internal control flowchart
program flowchart

document flowchart

shows elements of a
manual
system; includes documents, accounting records, areas of responsibility, and tasks

system flowchart

shows elements of a
computerized
system; may have
some manual
elements; shows relationship between input, processing, and output

internal control flowchart

shows manual and computerized elements of a system;
include internal controls

program flowchart

shows sequence of logical
operations performed by a computer
in executing a program

document

rectangle with squiggle bottom

document with multiple copies

multiple rectangles with squiggly bottoms
each one has own number, track path of each one individually

manual processing

upside-down trapezoid
anything done by hand, put an explanation of what is being done

computer processing

rectangle
anything done by computer, wont be used in our project

accounting records

parallelogram

terminal

long oval
also called entrance/exit symbol
gets you in or out of certain parts of a flowchart

decision

diamond
most have a yes/no response

storage of document

upside down triangle
either permanent or temporary
need to articulate how the documents are filed (using letters: A, N, C)

data flow

solid line
physical documents moving

information flow

dotted line
nothing physical is being transported

guidelines for flowcharting

- it is an art, not a science
- flow proceeds from left to right, top to bottom
- use standard set of symbols
- clearly label all symbols
- show where documents originate and terminate
- number all document copies
- observe the sandwich rule
- use clarifi

sandwich rule

top bread is input
middle is process
bottom bread is output

clarification comments

(annotations)
important short sentences
can provide info about controls

internal controls

ex: ensuring all transactions are approved, do you have a process to show they're approved

areas of responsibility

who does what, usually a department or position within a department

shield connector

contains connectors to other pages

circle connector

connector within the same page

business ethics

principles of conduct used in decision making that involve the concepts of right and wrong
- need to balance conflicting responsibilities to stakeholders

fraud

intentional deception, misappropriation of assets or manipulation of financial data to benefit the perpetrator

fraud triangle

pressure
ethics (rationalization)
opportunity

opportunity

be in the right place at the right time
necessitates good internal controls

pressure

outside factors that influence an individual to take action
ex: pressure from bosses (quotas), personal financial pressures

rationalization

justifying behavior for a certain reason
how an individual convinces themselves that what they're doing is ok

fraud diamond

includes rationalization, incentive (pressure), capability, opportunity

capability

personality traits that result in individual seeking and taking advantage of opportunities to commit fraud

The typical organization reported losses _____ of its annual revenues to fraud.

5%

What is the most common form of fraud?

asset misappropriation

skimming

takes cash before documentation that the cash has come through the door

What is the most costly form (median loss) of fraud?

financial statement fraud

Employees in which of the following departments were responsible for the most fraud?

Accounting

Which of the following positions is associated with the highest median loss frauds in U. S.?

Owner/Executive

What is the median time a fraud lasted before detection?

1.5 years

Which of the following resulted in the highest percentage of initial detections of fraud?

Tips

Which of the following is the most common behavioral red flag of fraud?

living beyond means

True/False: Smaller business (less than 100 employees) have a higher incidence of fraud than larger businesses.

True

What percent of the cases investigated were referred to law enforcement?

~60%

What percent of cases referred to law enforcement resulted in a finding of guilt?

76%

Foreign Corrupt Practices Act 1977

- made it illegal for U.S. companies to engage in bribery in foreign countries
- required companies to have internal controls

Sarbanes-Oxley Act of 2002: Section 302

requires management of
publicly-traded
companies to:
- certify financial info in quarterly/annual reports
- certify internal controls over financial reporting on quarterly/annual basis
- disclose material changes in internal controls
Necessitates independ

Sarbanes-Oxley Act of 2002: Code of Ethics (Section 406)

requires
publicly traded
companies to
- disclose to SEC whether they have a code of ethics for CEO, CFO, controller, etc
- must provide explanation if they don't

Sarbanes-Oxley: Relationship between Accounting firm and Audit Clients

- auditors report to and are overseen by audit committee NOT management
- audit committee must pre-approve all services provided by auditor
- auditors prohibited from offering certain non-audit services to audit clients
listed out specific services that c

audit committee

members must be independent of management - cannot necessarily consist of board of directors
meets 1-2 times per month - gained more responsibility
must have new types of liability insurance

Sarbanes-Oxley Act of 2002: Assessing Effectiveness of Controls (Section 404)

requires corporate management to assess effectiveness of company's internal controls over financial reporting

ways corporate managers check to make sure controls are working

- create statement of management's responsibility to establish and maintain controls
- assess its effectiveness
- create statement that external auditors have issued an attestation report on effectiveness of controls
- conclusion on effectiveness
-
identi

Sarbanes-Oxley Act of 2002: Creation of PCAOB

Public company accounting oversight board
- 5 members
- establish standards for public accounting firms to follow when prepping and issuing audit reports
- inspect accounting firms conducting audits

how often are firms audited by PCAOB

large firms = once a year
small firms = every three years

Frameworks used in assessment

PCAOB and SEC endorse
COCO Framework
COBIT is also used

COBIT Framework

international framework issued by IT governance institute
used to evaluate IT controls

CISA

certified information systems auditor

COSO Framework

Committee of Sponsoring Organizations of the Treadway Commission
- formed because of concern about fraud

COSO Report of 1992

Internal Control Integrated Framework
- designed to help companies access/design internal controls

Updated COSO Framework 2013

maintained same definition of internal control and same 5 components of internal control system
adds 17 principles associated with components

reasons for COSO update

- changes in expectations about governance oversight
- globalization
- changes and more complexity in business
- demands and complexity in laws, rules, regulations
- use and reliance on evolving tech
- expectations about preventing and detecting fraud

internal control

process designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance

Three categories of objectives of internal controls

- effectiveness and efficiency of operations
- reliability of internal and external financial and non-financial reporting
- compliance with applicable laws and regulations

5 components of internal controls

- control environment
- risk assessment
- control activities
- information and communications
- monitoring

control environment

sets tone of organization, influencing control consciousness of people
"tone at the top"
(consider that high level employees are more likely to commit financial statement fraud)

Areas included in the control environment

- integrity and ethical values
- commitment to competence
- board of directors and audit committee participation
- management philosophy and operating style
- organization structure (who makes decisions)
- assignment of authority and responsibility
- huma

risk assessment

identifying and analyzing the relevant risks associated with the org achieving its objectives

materiality risk relationship

the higher the likelihood of loss, the larger the potential impact

control activities

policies and procedures org uses to ensure that necessary actions are taken to minimize risks associated with achieving objectives

3 major types of control activities

- preventative controls
- detective controls
- corrective controls

purpose of control activities

separation of duties

responsibilities that should be assigned to different employees

- approvals/authorizations
- prenumbered documents
- security of assets
- independent check on performance
- performance reviews
- reconciliations

types of IT controls

general
application

general controls

affect entire organization
- physical controls (gates, fences)
- access controls (passwords)
- systems development
- software acquisition and maintenance controls
- back-up and recovery controls

application controls

ensure integrity of specific systems
- embedded in software
- designed to ensure transactions are valid, authorized, completely and accurately processed

Information and communication

- identify and record all events on timely basis
- describe each event in detail
- measure proper monetary value of events
- determine time period when events occurred
- present properly events and related disclosures in financial statements

monitoring

assessing quality of internal control performance over time
assessing controls on timely basis and taking corrective actions as needed

three most common transaction cycles

sales and cash receipts
purchases and cash disbursements
payroll

documents to prepare

- payroll time card, customer purchase order, sales invoice, monthly bank statement
internal v. external

types of journals used

general journal and special journals (sales, cash receipts, purchases, cash disbursements, payroll)

use of general journal

error corrections, adjusting entries, closing entries, etc (anything not in a special journal)

general ledger

summarizes transaction in journals by account balances
detail is kept in subsidiary ledgers

subsidiary ledger

records detail of some general ledger accounts
accounts receivable, accounts payable, payroll expense

adjusting entries

accrual basis
recorded in general journal then amount in entry posted individually to appropriate general ledger account

6 categories of adjusting entries

prepaid expense
accrued expense
accrued revenue
unearned revenue
estimated items
inventory adjustment

transaction for inventory adjustment

debt - ending inventory, cost of goods sold, purchases returns and allowances, discounts
credit - beginning inventory, purchases, freight-in

steps of the accounting cycle

1. transactions occur
2. prepare documents
3. record in journals
4. post to ledgers
5. prepare unadjusted general ledger trial balance
6. prepare and post adjusting entries
7. prepare adjusted trial balance
8. prepare financial statements
9. prepare closi

payroll time card

time report that includes hours worked and authorization for payment
used to determine gross pay owed to employee

customer purchase order

- includes quantity ordered and agreed-upon price
- used to determine quantities to ship to customer and amount to bill
- document processed before transaction occurs

purchase order

issue order to buy goods or services
prepared before transaction occurs

sales invoice

total amount of sale
- provides info to customer and for recording sales transaction
- prepped after transaction occurs

vendor's invoice

receive bill for goods or services purchased, prepped after transaction

monthly bank statement

provides info to determine whether the company or bank has errors or omissions in recording cash receipts and disbursements

receiving report

receive goods or services
document prepared at same time as transaction

bill of lading/shipping document

deliver goods
document prepared at time of transaction

Source documents in sales/collection and acquisition/payment processes

payroll time card
customer purchase order
purchase order
sales invoice
vendor's invoice
monthly bank statement
receiving report
bill of lading/shipping document

Why does a business organization exist

to transfer goods/services
to make a profit

risk

#NAME?

how does a business meet its goals and objectives

through series of transactions and events in business processes

types of transactions

financial
non financial

financial transactions

economic events that affect the assets, liabilities, and/or equity of the org
some event that leads to a journal entry

non financial transactions

all other events processed by the org's information system
technically not referred to as a transaction
no journal entry necessary but still an important event

how are transactions grouped

in cycles
expenditure, conversation, revenue

expenditure cycle

acquiring items and making payments
buying and paying for initial materials or inventory or fixed assets
payments can be one time or a stream
paying for labor
subsystems: purchasing/accounts payable, cash disbursements, payroll, fixed assets

conversion cycle

taking acquired resources and turning them into goods/services
tracking costs
subsystems: production planning and control, cost accounting

revenue cycle

selling goods/services and collecting cash
subsystems: sales order processing, cash receipts

business process

series of activities that accomplishes a business objective
broken into 3 different ways:
- acquisition/payment process
- conversion process
- sales/collection process

acquisition/payment process

acquiring, maintaining, and paying for resources the org needs to provide goods/services
(equivalent to expenditure cycle)

conversion process

converting the acquired resources into goods and services
typical activities: manufacturing, providing, distributing, growing, harvesting
(equivalent to conversion cycle)

sales/collection process

selling goods and services to customers and collecting payment
different ways to sell: in person, online, online order with instore pickup
(equivalent to revenue cycle)

types of risk

financial reporting risk
financial performance risk
operation risk
compliance risk

operational risk

includes cyber security, risk of tech breach of data

compliance risk

not following rules and regulations of industry

where can risk arise from

business environment
business strategy
transactions and events in business cycles/processes

how can businesses mitigate risk

establish internal controls
look for what can go wrong and then create a control

preventative controls

focus on
preventing
an error or irregularity
- upfront, make sure things don't happen

detective controls

focus on
identifying
when an error or irregularity has occurred
- find out as soon as possible to correct it and try to create preventative ones for the next time

corrective controls

focus on
recovering
from, repairing the damage from, or minimizing the cost of an error or irregularity

Sarbanes-Oxley Act of 2002 Section 404

- must prepare an annual internal control report
- must state it is responsible for designing and maintaining internal control procedures over financial reporting system
- must access these controls, ensure they're working as they're supposed to
- externa

examples of internal control activities

approvals/authorizations
separation of responsibilities
renumbered documents
security of assets
independent check on performance
reconciliations

AIS (Accounting Information Systems)

organizational component that accumulates, classifies, analyzes, and communicates relevant financial and non financial decision-making info to a company's internal and external parties

Purpose of AIS

collect and store data
transform data into info
provide assurance that
- org's data is accurate and reliable
- org's assets are safeguarded
- org is operating as managers intend

Luca Pacioli

- father of accounting
- painting by Jacopo de Barbari
- fransican monk
- tutored in homes of rich italian merchants, wrote books about math and religion
- wrote "Summa de Arithmetica, Geometria, Proportioni et Proportionality

Summa de Arithmetica, Geometria, Proportioni et Proporzionalit�

everything about arithmetic, geometry, and proportion
book that contains chapters describing the double-entry accounting and accounting cycle

flowcharts in AIS

used in system development to document a system that already exists
- help SOX Section 404 compliance
- for internal use

flowchart types

document flowchart
system flowchart
internal control flowchart
program flowchart

document flowchart

shows elements of a
manual
system; includes documents, accounting records, areas of responsibility, and tasks

system flowchart

shows elements of a
computerized
system; may have
some manual
elements; shows relationship between input, processing, and output

internal control flowchart

shows manual and computerized elements of a system;
include internal controls

program flowchart

shows sequence of logical
operations performed by a computer
in executing a program

document

rectangle with squiggle bottom

document with multiple copies

multiple rectangles with squiggly bottoms
each one has own number, track path of each one individually

manual processing

upside-down trapezoid
anything done by hand, put an explanation of what is being done

computer processing

rectangle
anything done by computer, wont be used in our project

accounting records

parallelogram

terminal

long oval
also called entrance/exit symbol
gets you in or out of certain parts of a flowchart

decision

diamond
most have a yes/no response

storage of document

upside down triangle
either permanent or temporary
need to articulate how the documents are filed (using letters: A, N, C)

data flow

solid line
physical documents moving

information flow

dotted line
nothing physical is being transported

guidelines for flowcharting

#NAME?

sandwich rule

top bread is input
middle is process
bottom bread is output

clarification comments

(annotations)
important short sentences
can provide info about controls

internal controls

ex: ensuring all transactions are approved, do you have a process to show they're approved

areas of responsibility

who does what, usually a department or position within a department

shield connector

contains connectors to other pages

circle connector

connector within the same page

business ethics

principles of conduct used in decision making that involve the concepts of right and wrong
- need to balance conflicting responsibilities to stakeholders

fraud

intentional deception, misappropriation of assets or manipulation of financial data to benefit the perpetrator

fraud triangle

pressure
ethics (rationalization)
opportunity

opportunity

be in the right place at the right time
necessitates good internal controls

pressure

outside factors that influence an individual to take action
ex: pressure from bosses (quotas), personal financial pressures

rationalization

justifying behavior for a certain reason
how an individual convinces themselves that what they're doing is ok

fraud diamond

includes rationalization, incentive (pressure), capability, opportunity

capability

personality traits that result in individual seeking and taking advantage of opportunities to commit fraud

The typical organization reported losses _____ of its annual revenues to fraud.

5%

What is the most common form of fraud?

asset misappropriation

skimming

takes cash before documentation that the cash has come through the door

What is the most costly form (median loss) of fraud?

financial statement fraud

Employees in which of the following departments were responsible for the most fraud?

Accounting

Which of the following positions is associated with the highest median loss frauds in U. S.?

Owner/Executive

What is the median time a fraud lasted before detection?

1.5 years

Which of the following resulted in the highest percentage of initial detections of fraud?

Tips

Which of the following is the most common behavioral red flag of fraud?

living beyond means

True/False: Smaller business (less than 100 employees) have a higher incidence of fraud than larger businesses.

TRUE

What percent of the cases investigated were referred to law enforcement?

~60%

What percent of cases referred to law enforcement resulted in a finding of guilt?

76%

Foreign Corrupt Practices Act 1977

#NAME?

Sarbanes-Oxley Act of 2002: Section 302

requires management of
publicly-traded
companies to:
- certify financial info in quarterly/annual reports
- certify internal controls over financial reporting on quarterly/annual basis
- disclose material changes in internal controls
Necessitates independ

Sarbanes-Oxley Act of 2002: Code of Ethics (Section 406)

requires
publicly traded
companies to
- disclose to SEC whether they have a code of ethics for CEO, CFO, controller, etc
- must provide explanation if they don't

Sarbanes-Oxley: Relationship between Accounting firm and Audit Clients

- auditors report to and are overseen by audit committee NOT management
- audit committee must pre-approve all services provided by auditor
- auditors prohibited from offering certain non-audit services to audit clients
listed out specific services that c

audit committee

members must be independent of management - cannot necessarily consist of board of directors
meets 1-2 times per month - gained more responsibility
must have new types of liability insurance

Sarbanes-Oxley Act of 2002: Assessing Effectiveness of Controls (Section 404)

requires corporate management to assess effectiveness of company's internal controls over financial reporting

ways corporate managers check to make sure controls are working

- create statement of management's responsibility to establish and maintain controls
- assess its effectiveness
- create statement that external auditors have issued an attestation report on effectiveness of controls
- conclusion on effectiveness
-
identi

Sarbanes-Oxley Act of 2002: Creation of PCAOB

Public company accounting oversight board
- 5 members
- establish standards for public accounting firms to follow when prepping and issuing audit reports
- inspect accounting firms conducting audits

how often are firms audited by PCAOB

large firms = once a year
small firms = every three years

Frameworks used in assessment

PCAOB and SEC endorse
COCO Framework
COBIT is also used

COBIT Framework

international framework issued by IT governance institute
used to evaluate IT controls

CISA

certified information systems auditor

COSO Framework

Committee of Sponsoring Organizations of the Treadway Commission
- formed because of concern about fraud

COSO Report of 1992

Internal Control Integrated Framework
- designed to help companies access/design internal controls

Updated COSO Framework 2013

maintained same definition of internal control and same 5 components of internal control system
adds 17 principles associated with components

reasons for COSO update

#NAME?

internal control

process designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance

Three categories of objectives of internal controls

#NAME?

5 components of internal controls

#NAME?

control environment

sets tone of organization, influencing control consciousness of people
"tone at the top"
(consider that high level employees are more likely to commit financial statement fraud)

Areas included in the control environment

#NAME?

risk assessment

identifying and analyzing the relevant risks associated with the org achieving its objectives

materiality risk relationship

the higher the likelihood of loss, the larger the potential impact

control activities

policies and procedures org uses to ensure that necessary actions are taken to minimize risks associated with achieving objectives

3 major types of control activities

#NAME?

purpose of control activities

separation of duties

responsibilities that should be assigned to different employees

#NAME?

types of IT controls

general
application

general controls

affect entire organization
- physical controls (gates, fences)
- access controls (passwords)
- systems development
- software acquisition and maintenance controls
- back-up and recovery controls

application controls

ensure integrity of specific systems
- embedded in software
- designed to ensure transactions are valid, authorized, completely and accurately processed

Information and communication

#NAME?

monitoring

assessing quality of internal control performance over time
assessing controls on timely basis and taking corrective actions as needed

three most common transaction cycles

sales and cash receipts
purchases and cash disbursements
payroll

documents to prepare

#NAME?

types of journals used

general journal and special journals (sales, cash receipts, purchases, cash disbursements, payroll)

use of general journal

error corrections, adjusting entries, closing entries, etc (anything not in a special journal)

general ledger

summarizes transaction in journals by account balances
detail is kept in subsidiary ledgers

subsidiary ledger

records detail of some general ledger accounts
accounts receivable, accounts payable, payroll expense

adjusting entries

accrual basis
recorded in general journal then amount in entry posted individually to appropriate general ledger account

6 categories of adjusting entries

prepaid expense
accrued expense
accrued revenue
unearned revenue
estimated items
inventory adjustment

transaction for inventory adjustment

debt - ending inventory, cost of goods sold, purchases returns and allowances, discounts
credit - beginning inventory, purchases, freight-in

steps of the accounting cycle

1. transactions occur
2. prepare documents
3. record in journals
4. post to ledgers
5. prepare unadjusted general ledger trial balance
6. prepare and post adjusting entries
7. prepare adjusted trial balance
8. prepare financial statements
9. prepare closi

payroll time card

time report that includes hours worked and authorization for payment
used to determine gross pay owed to employee

customer purchase order

#NAME?

purchase order

issue order to buy goods or services
prepared before transaction occurs

sales invoice

total amount of sale
- provides info to customer and for recording sales transaction
- prepped after transaction occurs

vendor's invoice

receive bill for goods or services purchased, prepped after transaction

monthly bank statement

provides info to determine whether the company or bank has errors or omissions in recording cash receipts and disbursements

receiving report

receive goods or services
document prepared at same time as transaction

bill of lading/shipping document

deliver goods
document prepared at time of transaction

Source documents in sales/collection and acquisition/payment processes

payroll time card
customer purchase order
purchase order
sales invoice
vendor's invoice
monthly bank statement
receiving report
bill of lading/shipping document