Documente Academic
Documente Profesional
Documente Cultură
Business Cycles
A properly designed AIS will create, record, report, and summarize all finan-
LOS
§1.F.1.b cial data or transactions according to their relevant cycle. A cycle is simply a way
of organizing financial transactions according to their purpose. There are seven
primary cycles:
1. Revenue
2. Expenditure
3. Production
4. Human resources and payroll
483
5. Financing
6. Fixed assets (property, plant and equipment)
7. General ledger
Every company divides its transactions across cycles, but not all companies use
every cycle. For example, a manufacturing company would likely employ all of the
cycles; an advertising agency would not likely use the production cycle, since that
cycle is used to track the costs of manufacturing a product. Although most trans-
actions are now typically done entirely online, a manual system is presented below
so that the reader may more easily envision the process.
Revenue Cycle
The revenue cycle or sales cycle is devoted to processing company sales. As shown
in Figure 1F-1, the typical revenue or sales process starts when a company receives
a purchase order from a customer. For purchase orders that request to pay on credit,
the customer’s credit is checked and approved or disapproved by the company’s
credit manager. Next, inventory control determines whether the requested item(s)
is in stock and in sufficient quantity to fill the order. Then a sales order is pre-
pared to internally document the sale. The inventory control department prepares
a picking ticket so that personnel in the warehouse may collect, or pick, the items
the customer ordered. After the items are picked, shipping documents, such as the
Send Invoice to
Receive Customer
Pack and Ship Order Customer, Record Sale
Payment (Cash Receipt)
& Accounts Receivable
packing list and bill of lading, are prepared to be sent with the items. The items
are then packed and shipped to the customer. At the time of shipment, an invoice
is sent to the customer, and the customer’s account is updated in accounts receiv-
able to record the expected amount that should come from the customer. After a
period of time, the customer will send payment for the items listed on the invoice.
The payment or cash received is recorded, and the customer account in accounts
receivable is updated to reflect the payment.
Expenditure Cycle
The expenditure cycle is devoted to purchasing items (mostly inventory) for the
operations of the business, whether to simply purchase at wholesale prices and
resell at retail prices or to use in the manufacture of a product. Other expenditures
include normal business operating activities, such as temporary labor, consulting
fees, cloud services, travel costs, and the like. As presented in Figure 1F-2, the typi-
cal expenditure process starts with inventory control identifying a need (insuffi-
cient inventory) and preparing a purchase requisition to fill that need. The purchase
requisition is sent to the purchasing department, and a purchase order is prepared
Purchasing Creates a
Inventory Control Purchase Order (PO)
Vendor Ships Items to
Creates a Purchase from the Purchase
Company
Requisition Requisition and Sends
to Vendor
Accounts Payable
Receiving Counts, Items transferred to
Receives Purchase
Inspects, Accepts Inventory; Inventory
Order, Receiving Report,
Shipment, and Prepares Control Records
and Invoice from
Receiving Report Receipt.
Vendor
A Purchase Order,
Receiving Report and Cash Disbursements
Accounts Payable is
Vendor Invoice Prepares Payment
Updated
Constitutes a Voucher (check) for the Invoice
Package
Check is Signed by
Accounts Payable is
Authorized Signer and
Updated
Sends Check to Vendor
based on the information from the purchase requisition. The purchase order is sent
to the vendor, who fills the order and ships the items to the company. An invoice
from the vendor typically follows shortly after the shipment. The shipment from the
vendor is received at the receiving department, where items are counted, inspected,
and accepted. The receiving department prepares a receiving report to document
the receipt of the items. The items are then delivered to the warehouse for stor-
age. Inventory control updates the inventory records with the arrival of the items.
During this process, accounts payable collects these three documents:
1. Purchase order from purchasing
2. Receiving report from receiving
3. Invoice from vendor
The combination of these three documents constitutes a voucher package. The
voucher package provides three essential documents necessary before payment
should be made to the vendor: proof of order (purchase order), proof of receipt
(receiving report), and proof of billing (invoice). Accounts payable is updated with
the purchase and directs cash disbursements to prepare and send payment to the ven-
dor. The payment is typically a check (paper or electronic) that is signed by an autho-
rized signer. After the check is sent, accounts payable is updated with the payment.
Cost Accounting
Reports and Bill of Materials
Design Product
Other Operations List
Relevant Data
Production Operations
Cost Accounting
Activity 4: Cost accounting includes the output documents from Activity 3. The
process uses the data from those documents to determine product costs using either
the job order costing or processing costing methods, depending on the nature of
the items produced. The final output is the cost of goods manufactured statement
and any other relevant and necessary reports that are used in financial reporting
and management decision making.
Payroll Process
Disburse Taxes
Update Prepare Disburse &
Record Time
Master Data Payroll Payroll Other
Deductions
Maintain &
Acquire Disposal
Depreciate
from the company controller’s office are posted to the general ledger. The company’s
financial statements are prepared from the data maintained in the general ledger.
Managerial reports, such as budgets and financial performance reports, are also
prepared with data from the general ledger.
Non-Financial
Sales File
Sales Data
ERP
Purchase to Pay
Order to Cash
(Expenditure Production
(Revenue Cycle)
Cycle)
Customer
Project
Relationship Systems Tools
Management
Management
Inventory
Sales Cash Receipts Billing Shipping
Control
Application Application Application Application
Application
Database Management
System
Database
Topic Questions:
Information Systems
Directions: Answer each question in the space provided. Correct answers and
explanations appear after the topic questions.
1. An Accounting Information System (AIS) provides value by:
◻ a. Improving efficiency.
◻ b. Reducing system restore times.
◻ c. Reducing the time it would take to find an item.
◻ d. Improving the delineation of information along the value chain in
order to reduce data integrity problems along the way.
2. Which answer best describes a data warehouse?
◻ a. A location where document hard copies can be aggregated and
analyzed
◻ b. A term to associate multiple sites used for disaster recovery
◻ c. A storage of large amounts of information from various databases
used for specialized analysis
◻ d. A storage commonly used for critical data such as system relation-
ships, data types, formats and sources
3. Which of the following is the primary advantage of automating enterprise
resource planning (ERP) functions?
◻ a. More time to do departmental tasks
◻ b. More time to do strategic tasks
◻ c. More time to do operational tasks
◻ d. More time to do tactical tasks
Automation of ERP functions can take less time to complete the departmental,
operational, and tactical tasks and can leave more time to do strategic tasks.
Efficiencies are gained across the organization’s business functions through the
automation of ERP functions.
T his chapter addresses the topic of data governance from the stand-
point of its definition, frameworks, life cycle, retention policy, and protection.
497
The best controls in the world can be compromised if one employee accidentally
(or on purpose) leaves the data exposed. Of course, there is no way completely safe-
guard data from hackers, no matter how much money is spend on safeguards. That
is where data risk management comes into play.
Control Environment
The Control Environment component recognizes that people run businesses and
people create a culture or environment for their business. The control environ-
ment addresses such factors as the tone at the top (i.e., top management’s attitude
toward effective internal controls, the integrity and competence of management and
employees, and management style). For example, assessing the level of commitment
by the organization to data governance.
Risk Assessment
The Risk Assessment component addresses the fact that every entity faces risk from
external and internal sources. In order to address risk, first risk must be identified
and evaluated as to how it affects business objectives. Then how to manage risk in
order to achieve business objectives must be determined. For example, it is impor-
tant to identify different ways that data can be comprised, likely consequences for
each way, and the estimated probability of occurrence. These steps will help priori-
tize data management improvement initiatives.
Control Activities
The Control Activities component encompasses the policies and procedures
employed to achieve business objectives and properly manage risk. For example,
how often are employees required to change their passwords? What is the policy
regarding sensitive information on employees’ laptops?
Monitoring
The Monitoring component involves checking to make sure the processes are work-
ing properly, to identify deficiencies, and to report those deficiencies so that they
may be corrected, and the entire system improved. One method to identify defi-
ciencies in data management processes and security is hiring a consulting firm to
perform penetration testing (discussed more later).
Control Environment
1. The organization demonstrates a commitment to integrity and ethical values.
It does so, for example, by establishing a code of conduct or creating a process
whereby violations of a code of conduct are reported.
2. The board of directors demonstrates independence from management and exer-
cises oversight of the development and performance of internal control by doing
such things as creating director roles and responsibilities, policies and practices
for director meetings, reviewing management’s judgments, etc.
3. Management establishes—with board oversight—structures, reporting lines,
and appropriate authorities and responsibilities in the pursuit of objectives by
defining roles and reporting lines and levels of authority for different manage-
ment functions.
4. The organization demonstrates a commitment to attract, develop, and retain
competent individuals in alignment with objectives. For example, it creates
required levels of skill and expertise, evaluates competence, and selects appro-
priate service providers.
5. The organization holds individuals accountable for their internal control
responsibilities in the pursuit of objectives by clearly defining responsibilities
and performance measures and by linking compensation to performance.
Risk Assessment
6. The organization specifies objectives with sufficient clarity to enable the iden-
tification and assessment of risks relating to objectives by clearly identifying
financial statement accounts, disclosures, assertions, and materiality.
7. The organization identifies risks to the achievement of its objectives across the
entity and analyzes risks as a basis for determining how the risks should be
managed. Such activities include creating a formal risk identification process,
meeting with personnel, assessing the likelihood of risk, and evaluating their
risk responses.
8. The organization considers the potential for fraud in assessing risks to the
achievement of objectives. For example, the organization could conduct for-
mal fraud risk assessments and consider ways controls could be circumvented
or overrode.
9. The organization identifies and assesses changes that could significantly impact
the system of internal control. For example, the organization may assess any
changes in its external environment or changes in the senior executive team.
Control Activities
10. The organization selects and develops control activities that contribute to the
mitigation of risks to the achievement of objectives to acceptable levels. One
approach would be to map control activities to identified risks or to implement
more careful monitoring of outsourced functions.
11. The organization selects and develops general control activities over technol-
ogy to support the achievement of objectives. For example, evaluate end-user
computing, administer security and access controls, or set up IT infrastructure
to support various levels of access to IT depending on functional roles.
12. The organization deploys control activities through policies that establish what
is expected and procedures that put policies into action by developing and
documenting policies and procedures and conducting regular assessments of
control activities.
Monitoring Activities
16. The organization selects, develops, and performs ongoing and/or separate eval-
uations to ascertain whether the components of internal control are present
and functioning. For example, the organization may establish an appropriate
baseline, identify and use monitoring metrics, or employ internal auditors to
monitor the operations of the organization.
17. The organization evaluates and communicates internal control deficiencies
in a timely manner to those parties responsible for taking corrective action,
including senior management and the board of directors, as appropriate. For
example, assess and report deficiencies and monitor corrective actions.
major parts: Plan and Organize, Acquire and Implement, Deliver and Support,
and Monitor and Evaluate. These four major parts are then broken down into 32
IT management control processes.
Data Capture
In order to be analyzed, data must first be recorded or captured. Data can be cap-
tured by entering by hand, scanned by computers, or acquired by sensors. The data
captured may come from outside or inside the company. Today’s Internet of Things
generates huge amounts of data that can potentially be captured.
Data Maintenance
In order to be useful, data must be converted to a usable form. The process of cre-
ating usable data may include cleansing, scrubbing, and processing through an
extract–transform–load (ETL) methodology. Companies use enterprise resource
planning (ERP) systems and other less sophisticated systems for their information
needs. ERP and other information systems utilize database technology to orga-
nize and query their data. In order for data to be loaded into a database, it must
be cleansed and scrubbed of superfluous characters and symbols. Also, it must be
checked to ensure that date data fills date fields, numeric data fill numeric fields,
and character data fills character fields. In essence, data cleansing and scrubbing
transforms unstructured data into structured data that can be used in an organi-
zation’s information system.
Data Synthesis
Data synthesis involves the use of statistical methods that combine data from many
sources or tests in order to obtain a better overall estimate or answer to the ques-
tions being asked of data. Some term this data modeling or using inductive reason-
ing to transform data. Others view data synthesis as a subset of data maintenance.
Data Usage
Data usage is simply how data is used to support the mission of the business, such as
strategic planning, customer relationship management (CRM), processing invoices,
sending purchase orders to vendors, etc.
Data Analytics
Data analytics is the science of examining raw data with the purpose of creating
new information and generating business insight. It encompasses the skills, tech-
nologies, and practices for iterative exploration and investigation of past business
performance to gain insight and drive business planning for the future. At its most
basic level, it means using data analysis methodologies to answer questions. Some
view data analytics as subset of data usage.
Data Publication
Data publication is the act of sending data outside the organization. Although the
data can be published for wide consumption, typically data is sent to business part-
ners, such as sending a statement to a customer.
Data Archival
Data archival is the process of removing data from active use to be stored for poten-
tial future use.
Data Purging
Data purging involves deleting data that is no longer useful or needed. Management
should create a data retention policy to enforce proper data purging practice. For
example, this policy should include governmental and regulatory time frames
for data retention, such as the Internal Revenue Service tax return data retention
parameters in case of an audit. For internal data, data that has not been accessed
for a period of 10 years is purged, for example.
Data
Data Capture Data Synthesis Data Usage
Maintenance
Record Retention
A competent record retention policy is necessary for every organization. Records
LOS
§1.F.2.d must be kept and maintained for internal use as long as they are needed by users
to research, analyze and document past events and decisions. In addition, records
must be preserved to meet legal and regulatory requirements. For example, the IRS
instructs tax payers to retain tax return data for between 2 and 7 years depending
on the date of filing or payment and types of deductions the organization claimed.
Topic Questions:
Data Governance
Directions: Answer each question in the space provided. Correct answers and
explanations appear after the topic questions.
1. Media sanitization work is performed during which of the following stages
of the data life cycle?
◻ a. Data archival
◻ b. Data purging
◻ c. Data publication
◻ d. Data analytics
Data purging is the orderly review of storage and removal of inactive or obsolete
data files. It is the removal of obsolete data by erasure, by overwriting of storage,
by resetting registers, or by sanitizing the data. It renders stored applications,
files, and other information on a system unrecoverable even by laboratory attack
methods. Media sanitization is a process to remove information from media such
that information recovery is not possible. It includes removing all labels, mark-
ings, and activity logs. It changes the content information in order to meet the
requirements of the sensitivity level of the network to which the information is
being sent. It uses automatic techniques such as processing, filtering, and data
blocking during the sanitization process. For example, pulverization is a physi-
cally destructive method of sanitizing media; it involves grinding the media to a
powder or dust. Data purging is done as the last step at the end of a data life cycle.
2. Biometrics and smartcards are forms of what type of control?
◻ a. Detective
b. Preventive
◻ c. Compensating
◻ d. Corrective
Risk Assessment is part of COSO’s Internal Control framework. The five com-
ponents of COSO’s Internal Control framework are Control Environment, Risk
Assessment, Control Activities, Information & Communication, and Monitoring
Activities.
Entire
chapter is Technology-Enabled
new. Finance Transformation
507
Systems Analysis
Operations &
Conceptual Design
Maintenance
Implementation &
Physical Design
Conversion
done with little thought for long-term consequences. Many times, the easiest way or
the path of least resistance is not the best way to accomplish the task. Unfortunately,
after a business process is in place, inertia takes over, and it is difficult to change,
which can retard growth. A haphazardly designed system is normally ill-prepared
to handle business growth and may in turn actually impede business growth.
Business process analysis is a systematic method to study all of a company’s
business processes to determine how they can be improved. There are four basic
steps:
1. Clearly identify the process, who is involved, and what is currently being done
with a clearly defined starting and ending point. It is best to start with the pro-
cesses that are most critical to the business. These processes should be directly
connected to the company’s main product, revenues, or expenses.
2. Do a walk-through of the process to document it clearly and fully. As part of
this step, interview key employees to learn what they have to say about the
process. Look for gaps in the process where information is lost or misdirected.
For example, walking through a production process would allow the analysts
to directly observe the process. Direct communication with personnel would
help the analyst to fully document the system since the analyst may ask ques-
tions of the employees during the walk-through.
3. Examine the current process to identify strong areas and areas that can be
improved, such as bottlenecks, friction points, and weaknesses. Look for ways
to add value to the process. If a step in the process is not adding value to the
company, remove it. As mentioned, direct observation can illuminate areas for
improvement. In addition, those working directly in the process have intimate
knowledge of its problems and bottlenecks and most likely are in the best posi-
tion offer solutions to these problems.
4. Based on the analysis, propose a plan for improvement.
user actions, such as logging into programs, copying and pasting data, moving
files, and filling in forms. The term “robot” invokes images of walking and talking
machines like the droids depicted in science fiction/fantasy movies. However, in this
case robots are really just a set of automated instructions designed to manipulate
machines or data sources to achieve a specified task. Because using RPA requires
minimal knowledge of computer programming, most professionals can be trained
to use RPA software to automate desired tasks. For example, suppose an employee
is required to copy and paste specific fields of data from a PDF form from a govern-
mental agency’s website each week into an Excel spreadsheet so that the data can be
analyzed. Instead of manually copying and pasting the data fields, an RPA robot can
be programmed to go to the governmental agency’s website, retrieve and open the
pdf form, open Excel, and move the data from the agency’s pdf form to the compa-
ny’s Excel spreadsheet. Current RPA software utilizes drag-and-drop programming
objects in a flowchart-type interface, making the task relatively simple to learn and
implement since users are not required to learn a formal programming language.
RPA has five primary benefits:
1. Quicker completion of monotonous tasks at a lower error rate than humans
can perform the tasks.
2. Leaves an audit trail of all of actions and changes to data.
3. 100% consistent in that it performs the programmed functions the same way
every time (barring code or data corruption).
4. Frees humans from doing boring and repetitive tasks so that they may focus
on more value-added tasks that lead to increased employee morale and
productivity.
5. Can work 24 hours a day, 7 days a week without interruption.
not repeat those mistakes. Intelligent systems can be programmed to identify and
interact with customers and vendors; capture, code, and process routine transac-
tions such as invoices and purchase orders; track payment deadlines; and ensure
the proper approvals are recorded in a timely manner. There are currently few
commercially available products. Companies often create their own softare, but
AI can be expensive to implement due to software development costs and lack of
experienced programmers.
Cloud Computing
Computer hardware and software is expensive, requires maintenance, and has a
LOS
1.F.3.e fairly short useful life that requires a relatively frequent capital investment. Thus,
many companies have elected to outsource their computing operations. Cloud com-
puting is simply outsourcing computer operations to an outside provider. The term
LOS “cloud computing” comes from a network mapping technique that portrayed a
1.F.3.f
cloud between two networks. The “cloud” consists of a number of providers who
offer hardware and software for rent. Companies pay the providers to manage their
computer processes and store their data. Thus, companies effectively outsource their
hardware capital expenditures and their computing obsolescence risk to these pro-
viders. They also can derive the tax benefit of directly expensing these costs instead
of capitalizing, maintaining, and depreciating the cost of hardware and software
over the useful life of the asset.
However, cloud computing comes with some notable risks, such as the risk that
the cloud provider will not provide sufficient security for data and it may be lost,
stolen, or corrupted. Another risk is that the cloud provider may not provide the
level of service required to support the operations of the company.
Software as a Service (SaaS) is a common example of cloud computing.
Companies can purchase software from a provider and have it delivered through
the Internet. Software used to be distributed on tapes, floppy disks, and CDs.
Companies had to purchase multiple copies of the software and then purchase
upgrades and new editions on these magnetic media. SaaS created a new way to
distribute software by allowing customers access to software hosted on the pro-
viders’ servers. Companies like this arrangement because it relieves them of the
cost of installing and maintaining the software and data on their own computers.
SaaS also provides a pay-as-you-go service so companies can pay for the software
on a monthly basis. In addition, SaaS allows for easy scaling; customers purchase
only what they need and can then add features and users as needed. The software
is automatically updated and accessible anytime from anywhere a user can con-
nect to the Internet.
On the risk side, using SaaS makes a company dependent on an SaaS provider
for use of the software. SaaS providers may experience service disruptions, impose
service changes or alterations to the software that the company does not want, or
experience a data breach causing exposure of critical customer data.
Blockchain
A contract consists of a verbal or written agreement between parties. Contracts exist
LOS
1.F.3.g to provide legally binding agreements between two or more entities. In the digital
world, however, contracts can be difficult to enforce because data can be changed
so quickly and conveniently. In the instance of cryptocurrency, who actually owns
the currency can be problematic since the currency has no physical manifestation.
A person could send cryptocurrency to one party and then immediately send the
same cryptocurrency to another party. In essence, the person could pay for goods
and services with the same currency, much like a counterfeiter. Thus, in order for
contracts to have any force on the engaged parties, parties must be able to lock
in their agreement without fear of the contract being altered after the fact. Such
a safeguard is known as nonrepudiation. Nonrepudiation essentially prevents a
party from negating an agreement through denying the authenticity of a signature.
However, a nefarious party may attempt to change or invalidate a contract because
there are few legitimate copies. However, what if 1,000 legitimate and authentic cop-
ies of a contract were separately stored in 1,000 different locations; could a nefarious
party change all 1,000 copies? Probably not. How can an authentic copy be stored
in 1,000 different locations? Through the use of blockchain technology.
Blockchain technology, or distributed ledger technology in general, is the
underlying technology of cryptocurrency such as Bitcoin. Blockchain is one type
of distributed ledger. A distributed ledger is a database that is housed in several loca-
tions or among several participants; all data and transactions are not processed and
validated in one central location. The data is typically not stored until consensus is
reached by all parties involved. The files are then timestamped and given a unique
and cryptographic signature. Thus, distributed ledger technology provides a verifi-
able and auditable history of the information stored in that database.
Blockchain is a special kind of database or distributed ledger with individual
records or blocks that are linked together in a sequential list called a chain of blocks.
These records or blocks are validated by multiple nodes or parties in a peer-to-
peer network. The blocks are linked to other blocks, making them immutable or
unchangeable. Since the contracts are recorded in these blocks and then linked to
other blocks, the possibility of secretly altering a contract is virtually eliminated
because the blocks are incorporated into multiple nodes in peer-to-peer networks.
The blocks are essentially immutable because an altered block will not be identi-
cal to all of the other blocks stored across all of the other nodes in the peer-to-peer
network. In other words, if a block is altered, everyone on the network will know
that the altered block does not match their copy of the block on their node.
Smart contracts are agreements between parties created by software and embed-
ded in a Blockchain protocol; as such, they take written contracts to another level.
Smart contracts are automatically executable software programs that represent an
agreement between parties through software code instead of paper. The software
code is run and embedded in a blockchain protocol or platform without the need
for any type of intermediary, such as a broker or dealer to control the execution
of the agreement. The software code represents the terms of the agreement and is
immutable since it is incorporated into a block that is part of a chain.
The application of blockchain technology beyond digital currencies can reduce
or eliminate intermediary costs, increase transaction transparency, and provide a
framework for trustworthy decentralization. The framework also has the poten-
tial to detect tax evasion, reduce corruption, track unlawful payments and money
laundering, and detect the misappropriation of assets.
As an example, one application of blockchain technology is in the supply chain.
The ability of blockchain technology to exchange data seamlessly through decen-
tralized peer-to-peer networks with all transactions immutably stored and available
for audit could make the supply chain system much more transparent and reliable.
Blockchain technology and smart contracts could reduce or eliminate the numer-
ous documents that accompany the international shipment of goods and the time
lag required to process international financial transactions.
Topic Questions:
Technology-Enabled Finance Transformation
Directions: Answer each question in the space provided. Correct answers and
explanations appear after the topic questions.
1. During which phase of the systems development life cycle would scanning
occur to identify vulnerabilities in the respective system?
◻ a. Planning
◻ b. Development
◻ c. Maintenance
◻ d. Testing
2. Which of the cloud operating models is best described as a service that does
not require the customer to maintain servers, operating systems, or applica-
tions? The customer is responsible for the data that is uploaded and access
to that respective information.
◻ a. Infrastructure as a Service (IaaS)
◻ b. Platform as a Service (PaaS)
◻ c. Software as a Service (SaaS)
◻ d. Function as a Service (FaaS)
1. During which phase of the systems development life cycle would scanning
occur to identify vulnerabilities in the respective system?
◻ a. Planning
◻ b. Development
◻ c. Maintenance
d. Testing
The system will be tested for vulnerabilities and defects during the testing phase.
2. Which of the cloud operating models is best described as a service that does
not require the customer to maintain servers, operating systems, or applica-
tions? The customer is responsible for the data that is uploaded and access
to that respective information.
◻ a. Infrastructure as a Service (IaaS)
◻ b. Platform as a Service (PaaS)
c. Software as a Service (SaaS)
◻ d. Function as a Service (FaaS)
Software as a Service (SaaS) best describes this cloud operating model. SaaS solu-
tions provide customers the ability to utilize a software solution where the back-
end infrastructure (operating system, networking components) is fully managed
by the cloud service provider.
3. Why would an organization adopt a Robotic Process Automation (RPA) solu-
tion for financial accounting processing?
◻ a. To validate the integrity of the financial information being manu-
ally inputted
◻ b. To provide an external audit firm with assurance that processes are
being followed
c. Because accounts payable approval activity is streamlined in the
solution by rules-based, auto-approved workflow criteria that limits
human involvement to specific approval situations
◻ d. To give the organization’s customers analytical insight into the
organization’s financial transactions
Adopting RPA to streamline accounts payable approval activity correctly describes
how the organization would benefit from reduced human interaction for previ-
ously manual processes.
Business Intelligence
Big data is one of those terms that everyone claims to understand, but nobody can
LOS
1.F.4.a provide a definitive definition. Some contend that big data is a data set that will not
fit on an Excel spreadsheet. Others say that to be considered big, a data set has to
be larger than an exabyte (1 with 18 zeros behind it). Big data is possible because
of significant strides made in the ability of hardware and software to handle very
large data sets beyond what normal data processing systems can handle. Big data
is commonly analyzed to find patterns or trends in very large data sets. Regardless
of your relative view of size, big data presents significant opportunities and chal-
lenges. For example, the auditor of a Fortune 100 company could download all of
a client’s transactions and audit the entire population.
The terms “volume,” “variety,” “velocity,” and “veracity” are typically used to
describe big data. Volume, of course, refers to the quantity of data. Variety deals
with the types of data, such as numerical, textual, images, audio, and video. Velocity
refers to how quickly data can be generated and processed; frequently, big data is
available in real time. Veracity is concerned with the quality of the data. The oppor-
tunities for the use of big data are substantial. Big data can glean data from many
sources so that a business can target advertising directly to potential customers who
have shown interest in their product by internet searches, social media posts, and
demographics. Hospitals can capture data on patients to screen for harmful drug
interactions or drug allergies of an incapacitated patient brought into an emergency
room. Big data also presents challenges in terms of personal privacy. There is con-
cern about all this data being available to marketers in real time—to say nothing
of the cost of data breaches to customers and companies or the risk of the infringe-
ment of civil rights in the case of governmental use of big data. Companies also face
the challenge of keeping a human touch on interactions with potential customers,
who may not appreciate being mere sets of bytes to a company.
Structured data and unstructured data are on opposites of the spectrum of data.
LOS Structured data is data that is organized in such a way that computers can easily
1.F.4.b
work with it. In contrast, unstructured data is not organized in such a way that
computers can easily work with the data. Semi-structured data lands somewhere in
517
between. A common example of structured data is data that has been placed into
a relational database. A relational database is comprised of rows and columns, and
data is placed in a cell at the intersection of these rows and columns. In a structured
database, the data can be queried using structured query language (SQL) for any
information that may be contained therein. For example, a database may contain
two tables: the first one for recorded sales that is linked to a customer table (which
means we would have a list of all sales made by the company, and the customers
who are associated with these sales). The second table could be for cash receipts;
which could also be linked to the customers who have delivered cash payments for
purchases. The data is structured so that these data elements could be combined
conveniently. If the sales table were combined with the customer table and the
cash receipts table, we could easily see which customers have paid and which ones
have not. The resulting query of the customers who have not paid comprises the
company’s uncollected sales—in other words, the company’s accounts receivable.
Unstructured data is data that is not organized so it can be queried. Unstructured
data can be text, images, numeric, or audio. Email is a good example of unstruc-
tured data. Semi-structured data is comprised of varying levels of structured data
and unstructured data. It is estimated that 95% of big data is comprised of unstruc-
tured data. Companies that seek to use structured, semi-structured, and unstruc-
tured data increase their operational performance to make more personalized
product recommendations to customers, find the root cause of problems, identify
bottlenecks and defects in their products and processes, and gain a greater under-
standing of customer habits.
Figure 1F-13 Data Transformation
make connections or see patterns that are not readily apparent. Insight can also be
thought of as judgment. The true value of data, information, knowledge, and insight
is to make informed and rational decisions or to take action.
The primary focus of business intelligence and artificial intelligence in particular
is to create computer programs that can mimic human insight—to take a database of
facts and find the connections and the patterns in the data. The challenge is to capture
something as subjective as human insight and decision making and convert it to some-
thing so discrete and objective as computer code; lines of detailed instructions that can
be programmed into software. In essence, this process creates the thousands of rules
necessary to reproduce human decision making. The great opportunity of this work
is to capture and preserve expert knowledge, insight, and decision-making skills so
that they are not lost to future professionals. In addition and given proper information
technology controls, computer programs do not get tired, call in sick, or take vacations.
Computer programs can work 24 hours a day, 7 days a week. Programs can acquire
and process data faster and in greater volume and detail than a human decision maker.
A company’s data is considered one of its most valuable assets. The ability to
tap into that asset and make better decisions represents the strategic value of a
company’s data and its ability to analyze that data. Companies seek to capitalize
on the unique insights gleaned from analyzing the data that has been collected over
the years. These insights are used to help with customer acquisition and retention,
to identify and correct processes that cost more than they benefit the company,
to reduce costs through identifying inefficiencies in the company’s production or
operational processes, and others. Indeed, business intelligence is the use of appli-
cation, tools, and best practices to transform data into actionable information to
capitalize on the strategic and operational value of a company’s data.
Data Mining
Data mining consists of using analytic tools on large data sets. In essence, data
mining involves querying a lot of data. The idea is to find patterns, relationships,
LOS LOS
1.F.4.g 1.F.4.h and insights in data that an organization routinely collects but does not use in
most operational settings. Data from outside the organization is also typically used.
Companies seek to find useful information and identify trends that can lead to
LOS LOS increased sales, lower costs, and more effective customer service. A classic and pos-
1.F.4.i 1.F.4.j
sibly apocryphal example of the use of data mining is finding a significant correla-
tion between the purchase of beer and diapers. Through data mining techniques, a
large retailer found that on Friday afternoons, young fathers who purchase diapers
LOS
also purchase beer. Thus, the retailer started placing diapers and beer in closer prox-
1.F.4.k imity in order to exploit this newly found correlation and increase the sales of both
diapers and beer. Another example is credit card fraud. If you have ever received a
notice from your credit card company alerting you to suspicious activity on your
account, the credit card company has used data mining techniques to identify pur-
chases or purchase location patterns outside of your normal purchasing habits.
Data mining is not an exact science and can be viewed as both an art and a skill.
Consider the concept of statistical power or the ability to find relationships among
data. One of the major contributing factors of statistical power is that of sample
size. In general, the larger the sample size, the greater the chance that a statistically
significant relationship can be found among the data in the sample. Just because a
statistically significant relationship can be found, however, does not mean that the
relation is of any practical significance. For example, some weight-loss programs
find a statistically significant difference in the before and after weights of people
trying a new diet as opposed to those who do not. However, the difference can be
as little as two pounds over three months. Most people would not consider losing
two pounds in three months significant. Thus, data mining is a challenging field
that should be employed with knowledge, experience, and wisdom. In many cases,
data mining is an iterative process. Large data sets are often whittled down as the
user refines and adjusts queries to more clearly focus results to provide actionable
findings.
Structured Query Language (SQL) is an established tool used to mine large data
sets. There are three basic commands in SQL:
SELECT
FROM
WHERE
SELECT means to select the data fields that are of interest to the user. In other
words, what does the user want to see as a result of the query? FROM identifies the
tables where the data is located. WHERE restricts the data so that it meets certain
criteria, such as Where Date < December 31. Other commands—such as math-
ematical functions, sorting data, joining tables, and so on—are also used in SQL.
Analytic Tools
Due to advances in technology, accountants now have access to powerful data ana-
LOS LOS lytic or statistical tools. These tools allow accountants to analyze datasets that before
1.F.4.l 1.F.4.aa
would have required the services of a statistician. However, there is a crucial differ-
ence between access to tools and knowing how to effectively use them. These tools
are quite adept at fitting a data analytic model to a data set. The problem is that
every model is constructed based on a set of criteria which involve certain under-
lying statistical assumptions. If data analytic models are arbitrarily applied to any
given data set, important underlying assumptions may be blindly violated, which
may result in flawed analysis, results, and conclusions. For example, many data
analytic models rely on the basic assumption that the data set is random and nor-
mally distributed (think of a standard bell curve). If the data is not random and
normally distributed but is evaluated using a model that depends on the data
being normally distributed, the resulting analysis, results, and conclusion will be
unreliable.
Linear Regression
Linear regression is a tool that help us see the relationship between two variables.
LOS LOS
1.F.4.o 1.F.4.p The two variables are the dependent variable (or response variable) and the indepen-
dent variable (or explanatory variable). Basically, we want to see how the indepen-
dent variable impacts the dependent variable. You may think of it like a machine:
LOS LOS
1.F.4.s 1.F.4.t
The independent variable goes in one side of the machine and the dependent vari-
able comes out the other side of the machine. The standard regression equation is
y = mx + b + e, where y represents the dependent variable, m represents the slope of
the regression line, x represents the independent variable, b represents the y inter-
LOS LOS
1.F.4.w 1.F.4.y cept, and e represents error term.
However, the machine does have some limitations. One limitation is that the
dependent variable output does not come out perfectly, causing some variability in
the dependent variable (result) called the error term. In addition, there is a term that
indicates where the regression line crosses the y axis, better known as the y inter-
cept. In cost-volume-profit analyses, the y intercept equates to fixed costs and the
slope of the regression line equates to variable cost per unit. In essence, the regres-
sion equation is used to fit a model or line to the data points so that it minimizes
the distance between each data point and the regression line.
Multiple regression is exactly the same except it includes more than one inde-
pendent variable. Regression analysis provides information based on the relation-
ship among various variables based on a sample of data that may not hold for the
full population. Such limitations are addressed by various sampling metrics, such
the confidence interval, standard error of the estimate, and the goodness of fit. A
confidence interval is a measure of the likelihood that the population parameter
value will be found within a specified range.
When a sample is selected, typically a point estimate is selected, such as the
mean number of defects for a production run for a particular set or sample of prod-
ucts. This point estimate represents the best guess of the average number of prod-
uct defects for all products (the population) in the production run. A confidence
interval is calculated from the sample data to give a range of the number of defects
where we will have some confidence that the true number of defects of the entire
population will be found. Obviously, the higher the level of confidence, the wider
the range in the confidence interval.
To get a better picture of the number of product defects in a production run,
it would be best to collect more than one sample. The more samples the better, but
it is necessary to stay within budget since sampling does cost time, money, and
resources. Say we collect 10 samples. It is probable that the point estimate of each
sample will be different; the question is, how different are they? If they are all rela-
tively close, users can feel confident about the point estimate; users will feel less
confident if the 10 points estimates are widely different.
To measure the difference in the point estimates, we calculate the standard
error of the estimate, which is the standard deviation of the sampling distribution
of the estimate. This measures how much the point estimates of the 10 samples vary
from each other.
Another measure to help us understand the quality of a regression equation is
the goodness of fit. There are many accepted models for measuring the goodness of
fit based on the distribution of the data, but essentially the goodness of fit measures
how closely the model matches or fits the observations or data points in the sample.
Sensitivity analysis is another tool used to determine the reliability of the results
of statistical analysis. Statistical models depend on certain assumptions and can
change according to variations in the underlying data. Thus, it is useful to deter-
mine how sensitive the results are to changes in assumptions and the data. Changes
are made to the assumptions and data to see if the primary results still hold. If so,
the results are deemed to be robust to changes in the tools and data; the resulting
findings should be pretty strong.
For example, an investment model to purchase a product line from another
company is presented. The model includes the use of interest rates and labor
rates. Once the data is analyzed, the model recommends pursuing the project
and purchasing the product line. Sensitivity analysis would be used to input
other interest and labor rates to determine whether the model is too heavily
influenced by the standard interest and labor rates or if the model is robust
to changes in those rates. As in all data analytic models, sensitivity analysis
is subject to the same constraints of the underlying statistical assumptions of
samples, distributions, and random selection and thus must never be blindly
accepted as the final word.
Simulations
If the parameters of a situation are known—for example, the costs and constraints
LOS LOS
1.F.4.x 1.F.4.z of producing a product—a standard linear regression will forecast the total costs
for production runs greater than normal capacity. However, most real-world situa-
tions require the use of many variables that are not conveniently available. Thus, to
LOS simulate a real-world situation, random input variables are used rather than making
1.F.4.aa
constraining assumptions about certain variables. Although it is convenient to think
of the simulation inputs as random variables, they are actually based on a range of
possible values of the variable of interest and the probability of that value based on
a particular probability distribution. The advantage of a simulation model is that
the whole range of possible values can be included in running the model instead
of a single assumed best-case value. Needless to say, simulations require computer
software to switch the full distribution of possible values into and out of the model.
Probably the most commonly known simulation is the Monte Carlo simula-
tion (or probability simulation), which models the probability of possible outcomes
given a range of random inputs from a distribution of possible values. The random
inputs are designed to imitate the probability of actual occurrences.
For example, suppose your company is considering purchasing a subsidiary
from a large multinational corporation because that subsidiary produces a product
that complements your primary product. However, your company should consider
many variables and unknowns before making an offer for the subsidiary. These
unknowns include: can the subsidiary’s product be produced cost effectively at your
facility, what percentage of the subsidiary’s workforce will come with the deal, is
there unseen competition for the combination products, what effects may future
economic conditions have on the new product, what are interest rate effects on the
deal, among others.
A Monte Carlo simulation can take a random value from a range of possible
inputs to all of the variables and unknown parameters to calculate a probable out-
put. The result of the simulation is recorded and the process is repeated. A Monte
Carlo simulation runs a solution on the model hundreds or even thousands of
times using different randomly selected values from the probability distribution.
This is also known as what-if or goal-seeking analysis. As in all data analytic mod-
els, simulations are only as good as the quality of their inputs. As the old computer
science adage goes, garbage in = garbage out. Thus, the results of simulation tests
must never be blindly accepted as the best possible result. The results should be only
some of the inputs into an overall decision-making process.
Data Visualization
LOS
Data visualization is one method to convey information to a reader. Data visu-
LOS
1.F.4.bb 1.F.4.ee alization leverages the common adage that a picture is worth a thousand words.
Indeed, a well-conceived and constructed image can convey a significant amount
of information more quickly and completely than reading text that conveys the
LOS same information. The key is the proper design and execution of images that pro-
1.F.4.ff vide information to the viewer. Care must be taken in choosing the most effective
data visualization technique to communicate results. With today’s technology, any-
one can create pretty pictures and call them visualizations. However, in order to
clearly convey the message that is contained in the data, the creators of the visuals
must use knowledge of basic statistical principles and assumptions plus judgment
in selecting the proper visualization. A poorly designed visual can distort the real
story you are trying to tell.
Data tables are the first level of providing information to readers. Tables effi-
ciently use space, are scalable, and can be simple. Due to the prevalence of spread-
sheets, most users are familiar with and comfortable making tables and graphs.
Software programs can make data tables readily accessible and make it relatively
easy to find and manipulate data. Six best practices that can and should be applied
to tables and graphs are listed next.
1. Planning. Before the first cell receives data, the purpose and content of the table
and graph should be planned. Know the audience for the table/graph and plan
accordingly.
2. Focus. The focus of the table/graph should be the most prominent part of the
design so that readers will instantly recognize it.
3. Alignment. For tables, text must be aligned or justified on the left of the cell and
numerical data must be aligned on the right side of the cell. Column headings
must be appropriately placed according to the content.
4. Size. Character (text and numeric) size matters. If the text is too small, then it
is difficult to read and probably will not be read. In addition, the use of com-
mon fonts is recommended; uncommon fonts may focus attention on the font
and not the information the designer is seeking to convey.
5. Clutter. Clutter is an enemy to every table and graph. Always leave sufficient
white space to help the reader focus on the message.
6. Color. Color can be a powerful tool in providing depth, focus, and contrast.
However, too much or poorly planned color can distract from the message of
the table/graph.
A data visualization toolbox contains many tools. Just like a wrench and a screw-
LOS LOS
1.F.4.cc 1.F.4.dd driver are useful and have specific purposes, data visualization tools or methods
each have their specific purpose. The more common data visualization tools and
their purposes are described next. These tools have common uses. Some are bet-
ter at providing comparisons, others, distributions, still others at relationships and
trends. They can also be categorized according to their intended use.
Comparisons
Bar charts are used to compare categories of data or data across time. For example,
we could compare the annual gross revenue of 10 different action movies with each
bar representing a movie. We could also represent the gross receipts for each month
after the release of one movie.
50
40
30
20
10
Pie charts can be used to compare the proportion of categories of data. However,
most data science experts tend to frown on the use of pie charts unless the propor-
tions are significantly different. Trying to decipher the difference between a 10%
pie slice and a 12% pie slice is problematic. Thus, it is best to use only a few slices
on your pie chart.
30-39: 133
18-29: 148
65+: 41
40-49: 116
50-65: 164
Distributions
Histograms show how many data points fall into a certain range so that the distri-
bution of the data points can be viewed. Histograms can look like bar charts. The
main difference is that the histogram displays the distribution (frequency) of one
variable where the bar chart displays a comparison based on two variables (i.e., one
variable is tracked on the y-axis and the other variable is tracked on the x-axis).
However, histograms are only used with numerical values, and the data points are
displayed in an interval rather than the actual values.
Frequency
10
7.5
2.5
0
Height (feet)
60 65 70 75 80 85 90
A dot plot is similar to a histogram except it uses vertical dots to represent a data
distribution rather than a bar. Dot plots are useful for relatively small data sets.
5 10 15 20 25 30 35 40 45 50
A box plot or box-and-whisker plot displays the distribution of a data set using
five standard measurements: the minimum data point, the lower quarter of the data
points (first quartile), the median or middle point of the data, the third quartile of
the data points, and the maximum data point. Box plots do not show individual
values and can be skewed, but they are also one of the few techniques that display
outliers. They are also useful in showing a comparison among distributions.
340
320
300
280
260
Number of Records
240
220
200
180
160
140
120
100
Location
Maps and filled maps display geospatial data so that data points can be viewed in
relation to their geographical locations. When data relates to geographic locations,
such as countries, states, cities, and zip codes, maps and filled maps are powerful
tools to visualize data.
Relationships
A scatterplot displays data points as they are plotted according to their relative
position to the x- and y-axis. This technique provides a view of how the data is
related or positioned as well as its distribution. However, scatterplots do not show
the relation between more than two variables.
90
85
80
75
70
65
60
55
Quantity
50
45
40
35
30
25
20
15
10
5
0
0K 1K 2K 3K 4K 5K 6K 7K 8K 9K 10K 11K 12K
Sales
The bubble chart is a version of the scatterplot. Here the dots on a scatterplot
are consolidated into bubbles, which vary in size to represent the number of data
points. Similar to pie charts, bubble charts are best used when the bubble sizes dis-
play substantial variation.
France
United Kingdom
Norway Italy
Spain
A heat map displays a relationship among variables through changes in the inten-
sity of color. Heat maps provide a visual way to see numerical values. In fact, heat maps
can show a substantial amount of data without overwhelming readers. Heat maps
also facilitate identifying outliers by displaying squares with a color intensity signifi-
cantly different from the surrounding squares. However, heat maps are less precise
than other techniques since distinguishing among various color hues can be difficult.
France
Provence-Alpes-Côte d'Azur France
Centre
France France France
Brittany Lower Normandy Limousin
France
France
Poitou-Charentes
Trend
A line chart displays information as series of data points. Line charts are easy to
read and interpret. They are also helpful in making comparisons between data sets
and for showing changes or trends over time. One limitation is that line charts only
show data over time.
375 350
300
250 250
200
125
50
X
0
Point 1 Point 2 Point 3 Point 4 Point 5 Point 6
Topic Questions:
Data Analytics
Directions: Answer each question in the space provided. Correct answers and
explanations appear after the topic questions.
1. All of the following are benefits of using a Monte Carlo simulation except:
◻ a. Provides a sensitivity analysis
◻ b. Provides a correlation of inputs
◻ c. Provides analysis with limited data
◻ d. Provides scenario analysis
2. What type of analysis can be conducted where the data collected is always
of a fixed and known period?
◻ a. Cyclical analysis
◻ b. Trend analysis
◻ c. Seasonal analysis
◻ d. Irregular patterns
1. All of the following are benefits of using a Monte Carlo simulation, except:
◻ a. Provides a sensitivity analysis
◻ b. Provides a correlation of inputs
c. Provides analysis with limited data.
◻ d. Provides scenario analysis
When data are lacking, the analyst may be forced to use subjective judgment to
establish some of the probability distributions. When there is lack of knowledge
on correlations, many analysts assume no correlation, i.e., that all variables are
independent.
2. What type of analysis can be conducted where the data collected is always
of a fixed and known period?
◻ a. Cyclical analysis
◻ b. Trend analysis
c. Seasonal analysis
◻ d. Irregular patterns
Practice Questions:
Technology and Analytics
Question tb.er.plan.sys.011_1905
Topic: Information Systems
Structured query language (SQL) and query by example (QBE) are heavily used
as query tools in which of the following database models?
◻ a. Network data model
◻ b. Relational data model
◻ c. Object data model
◻ d. Hierarchical data model
Question tb.er.plan.sys.017_1905
Topic: Information Systems
Which of the following cases most closely fits the characteristics of a data ware-
house solution?
◻ a. A large, centralized, international online retailer that wants real-
time analysis of customer interaction for its suggestion engine
◻ b. A nonprofit organization with three distinct business units, each
with its own IT system and infrastructure, and a need to perform
periodic analysis of performance across all business units
◻ c. An association of independently owned convenience stores and
gas stations that want to provide members with in-depth statistical
analysis of customer trends across the association
536
Question tb.sec.brch.011_1905
Topic: Data Governance
Which of the following statements is true about a firewall and an intrusion detec-
tion system (IDS)?
◻ a. Firewalls are a substitute for an IDS.
◻ b. Firewalls are an alternative to an IDS.
◻ c. Firewalls are a complement to an IDS.
◻ d. Firewalls are a replacement for an IDS.
Question tb.sec.brch.022_1905
Topic: Data Governance
Regarding cyberattacks, identity thieves can get personal information through
which of the following means?
I. Dumpster diving
II. Skimming
III. Phishing
IV. Pretexting
◻ a. I only
◻ b. III only
◻ c. I and III
◻ d. I, II, III, and IV
◻ a. Maintenance
◻ b. Design
◻ c. Implementation
◻ d. Analysis
Question tb.ana.too.002_1905
Topic: Data Analytics
The makers of home appliances and automobiles are most impacted by which
of the following components of the time-series data?
◻ a. Trend component
◻ b. Cyclical component
◻ c. Seasonal component
◻ d. Irregular component