Bec Notes 17

BEC
2019 SuperfastCPA Review Notes

Table of Contents
Corporate Governance 1
Internal Control Frameworks 1
Enterprise Risk Management Frameworks 6
Other Regulatory Frameworks and Provisions 10
Economic Concepts and Analysis 13
Economic and Business Cycles 13
Market Influences on Business 19
Financial Risk Management 25
Financial Management 30
Capital Structure 30
Working Capital 36
Financial Valuation Methods 42
Information Technology 48
Information Technology Governance 48
Role of IT in Business 52
Information Security/Availability 56
Processing Integrity 60
Systems Development and Maintenance 66
Operations Management 69
Financial and Non-Financial Measures of Performance 69
Cost Accounting 75
Process Management 85
Corporate Governance
Internal Control Frameworks

COSO
COSO is an integrated framework for internal control and
enterprise risk management.
Internal Control & COSO

COSO defines internal control as a process that is affected by all
members of an organization that is designed to provide
reasonable assurance regarding the achievement of objectives
related to operations, reporting, and compliance.
According to COSO there are 5 major components of an internal

control system:
• Control environment: “tone at the top”, and management’s
philosophy towards internal control and responsibility
• Risk assessment: The process of identifying and managing
risks
• Information and communication: The information and
communication systems that allow a company’s employees
to identify and exchange information regarding controls and
operations
• Monitoring: Monitoring the company’s data and its systems
• Control activities: The policies and procedures implemented
to ensure actions are taken towards completing the
company’s objectives
1
Copyright © 2019 SuperfastCPA.com
Purpose of COSO
The purpose of COSO is to provide an integrated framework for
internal control and enterprise risk management that businesses
and organizations can apply to help achieve their operational,
reporting, and compliance objectives.
Objectives of COSO
There are three main objectives of COSO:
• Operations objectives: Objectives pertaining to effectiveness
and efficiency of the entity’s operations, including operational
and financial performance goals, and safeguarding assets
against loss
• Reporting objectives: Objectives pertaining to internal and
external financial and non-financial reporting which may
encompass reliability, timeliness, transparency, or other
terms set by regulators, standards, or entity’s policies
• Compliance objectives: Objectives pertaining to adherence
to laws and regulations applicable to the entity
Limitations of COSO
There are 6 main limitations of internal control identified by
COSO:
• Human judgement can be faulty and subject to bias
• Breakdowns and failures occur as long as humans are
involved, even from simple errors
• Management can override internal controls
• Management or other personnel can get around controls
through collusion
• There will always be external events that are simply beyond
management’s control
• Objectives for controls must be suitable as a precondition to
internal control (unrealistic or improbable objectives can be
set that internal controls can’t fully address)
2
Components of COSO
The components are again:
• Control environment
• Risk assessment
• Information and communication
• Monitoring
• Control activities
Principles of COSO
There are 17 principles of COSO within the 5 components.
Control Environment Principles:

• The organization needs to demonstrate a commitment to
integrity and ethical values
• The board of directors demonstrates independence from
management and exercises oversight of the development
and performance of internal control
• Management establishes, with board oversight, structures,
reporting lines, and appropriate authorities and
responsibilities in pursuit of the objectives
• The organization demonstrates a commitment to attract,
develop, and retain competent individuals in alignment with
objectives
• The organization holds individuals accountable for their
internal control responsibilities in pursuit of objectives
3
Risk Assessment Principles
• The organization specifies objectives with sufficient clarity to
enable the identification and assessment of risk relating to
objectives
• The organization identifies risks to the achievement of its
objectives across the entity and analyzes risks as a basis for
determining how the risks should be managed
• The organization considers the potential for fraud in
assessing risks to the achievement of objectives
• The organization identifies and assesses changes that could
significantly impact the system of internal control
Control Activities Principles

• The organization selects and develops control activities that
contribute to the mitigation of risks to the achievement of
objectives to acceptable levels
• The organization selects and develops general control
activities over technology to support the achievement of
objectives
• The organization deploys control activities through policies
that establish what is expected and procedures that put
policies into action
Information and Communication Principles

• The organization obtains or generates and uses relevant,
quality information to support the functioning of internal
control
• The organization internally communicates information,
including objectives and responsibilities for internal control,
necessary to support the functioning of internal control
• The organization communicates with external parties
regarding matters affecting the functioning of internal control
4
Monitoring Activities Principles
• The organization selects, develops, and performs ongoing
and/or separate evaluations to ascertain whether the
components of internal control are present and functioning
• The organization evaluates and communicates internal
control deficiencies in a timely manner to those parties
responsible for taking corrective action, including senior
management and the board of directors, as appropriate
5
Enterprise Risk Management Frameworks
Enterprise risk management as defined by COSO ERM is “a
process, effected by an entity’s board of directors, management
and other personnel, applied in strategy setting and across the
enterprise, designed to identify potential events that may affect
the entity, and manage risk to be within its risk appetite, to provide
reasonable assurance regarding the achievement of entity
objectives.
The purpose of the COSO ERM model is to provide an all-

encompassing framework for managing risk throughout all
activities of an entity.
The COSO ERM model has 5 components:
The 5 components are:

• Governance and culture
• Strategy and objective-setting
• Performance
• Review and revision
• Information, communication, and reporting
Objectives
The ERM model is geared to achieving 4 main categories of
objectives:
• Strategic: high-level goals that align with and support the
mission of the entity
• Operations: effective and efficient use of the entity’s
resources
• Reporting: reliable reporting
• Compliance: compliance with applicable laws and
regulations
6
Limitations of the Model
The limitations are similar to the inherent limitations of an internal
control system. These include:
• Human judgment and human error
• Cost vs benefits limitations
• Simple errors can lead to big mistakes
• Circumvention of controls or processes due to collusion
• Management override
Principles of COSO ERM

There are 20 core principles within the 5 components:
Governance and Culture

• Exercises board risk oversight: The board provides oversight
of the strategy and carries out governance responsibilities to
support management in achieving strategy and business
objectives
• Establishes operating procedures: The organization
establishes operating structures in the pursuit of strategy
and business objectives
• Defines desired culture: The organization defines the desired
behaviors that characterize the entity’s desired culture
• Demonstrates commitment to core values: The organization
at all levels demonstrates a commitment to core values
• Attracts, develops, and retains capable individuals: The
organization is committed to building human capital in
alignment with the strategy and business objectives
Strategy and Objective-Setting

• Analyzes business context: The organization considers
potential effects of business context on risk profile
• Defines risk appetite: The organization defines risk appetite
in the context of creating, preserving, and realizing value
7
• Evaluates alternative strategies: The organization evaluates
alternative strategies and potential impact on risk profile
• Formulates business objectives: The organization considers
risk while establishing the business objectives at various
levels that align and support strategy
Performance
• Identifies risk: The organization identifies risk that impacts
the performance of strategy and business objectives
• Assesses severity of risk: The organization assesses the
severity of risk
• Prioritizes risks: The organization prioritizes risks as a basis
for selecting responses to risk
• Implements risk responses: The organization identifies and
selects risk responses
• Develops portfolio view: The organization develops and
evaluates a portfolio view of risk
Review and Revision

• Assesses substantial changes: The organization identifies
and assesses changes that may substantially affect strategy
and business objectives
• Reviews risk and performance: The organization reviews
entity performance and considers risk
• The organization pursues improvement in enterprise risk
management
Information, Communication, and Reporting

• Leverages information systems: The organization leverages
an entity’s information and technology of enterprise risk
management
• Communicates risk information: The organization uses
communication channels to support enterprise risk
management
8
• Reports on risk, culture, and performance: The organization
reports on risk, culture, and performance at multiple levels
and across the entity
Business Strategy in the Context of COSO ERM

The ERM framework is based on the fact that most strategic
business decisions don’t have a right or wrong answer: there are
pros and cons and subsequently levels of risk that go with any
strategic decision. By applying the ERM framework as an
organization makes and implements business strategies, the
organization is able to align its objectives with its risk appetite,
evaluate risk responses, and respond to opportunities.
Other ERM items:

When risk is being prioritized, the most helpful metric is ‘expected
value’, which calculates the likelihood of losses and the amount of
losses.
According to COSO, the most effective method of communicating

a message of ethical behavior throughout an organization is by
demonstrating the behavior by example.
A ‘compensating control’ is a control that accomplishes the same

objective as another control.
9
Other Regulatory Frameworks and Provisions
Because of large financial scandals, Sarbanes Oxley was passed
which implemented regulations, many regarding the
responsibilities of corporate management and external auditors.
Some of the main corporate governance provisions of SOX:
Audit Committees
Public companies are required to have an audit committee, and
on the audit committee there must be a ‘financial expert’, which
means that this expert has:
• An understanding of GAAP and financial statements
• Experience in preparing or auditing financial statements
• Experience with internal auditing controls
• An understanding of audit committee functions
If the company doesn’t have a “financial expert”, it needs to

disclose the reason.
The audit committee must have at least 3 members, and each

member must be an independent member of the board of
directors. Independent meaning they only receive compensation
for their service on the board, but no other financial ties to or
compensation from the company.
Officer Certifications
On all 10Qs and 10K reports, the CEO and CFO must certify:
• That they’ve reviewed the report
• That the report doesn’t have any material mistakes as far as
they know
• That the statements are presented fairly in all material
respects
10
• That they are responsible for and have evaluated internal
controls
• That they have disclosed any significant control deficiencies
or fraud to the external auditors and to the audit committee
Rules Regarding Auditors

External auditors are not allowed to provide certain kinds of non-
audit services to their auditing clients, such as the design and
implementation of financial information systems, bookkeeping
services, appraisal or valuation services, etc. The auditor can
provide tax services if approved by the audit committee.
Public companies have to disclose how much they spend on audit

and audit-related services.
The power to hire and fire an external auditor is completely up to

the audit committee, instead of management or the board of
directors.
PCAOB
The PCAOB was created as a result of SOX. The PCAOB sets
audit standards for public companies, and enforces compliance
with its rules, SOX, and applicable securities laws and
regulations.
11
Dodd-Frank Act
Some of the corporate governance rules from Dodd-Frank could
still be tested on the exam, such as whistleblower
penalties/rewards and executive compensation:
Penalties and Whistleblowers

Whistleblowers will be compensated, which is usually a reward of
10 to 30% of the sanctions imposed. So if you blew the whistle
and the SEC imposed penalties of $1 million on the perpetrator,
you would be awarded somewhere between $100k and $300k. If
the sanctions imposed are $1 million or more, a bounty (reward)
is mandatory.
There is also an anti-retaliation provision which protects

whistleblowers from losing their job. It is illegal to punish a
whistleblower that provides truthful information about any federal
offense. Retaliation can result in a fine or imprisonment, or both.
Executive Compensation
Public companies must have a clawback policy regarding
executive performance-based pay if there is a restatement of
financial statements.
Shareholders can vote on certain compensation issues with

corporate officers’ compensation every 3 years.
12
Economic Concepts and Analysis
Economic and Business Cycles

Macroeconomics is the study of economic activity for an entire
economy.
Individuals paying taxes to the government isn’t studied in

microeconomics, but it is in macroeconomics. Also, the foreign
sector is relevant in macroeconomics because of imports and
exports.
Economic activity
Nominal gross domestic product (GDP): this measures the total
output of final goods and services produced in the domestic
market during a period (usually one year).
A product that is finished and is sitting in finished goods at the

end of 2018 should be included in the 2018 GDP.
Real gross domestic product (Real GDP): this measures the total
output of final goods and services produced in the domestic
market during the period using constant prices. In other words, it
is nominal GDP adjusted for changing prices.
Net gross domestic product (Net GDP): this measures GDP less
capital consumption during the period (GDP - depreciation).
Potential GDP is the maximum output that can occur in the

domestic economy without creating upward pressure on the
general level of prices.
13
The difference between Real GDP and Potential GDP is known
as the ‘GDP Gap’.
Gross National Product (GNP) is the total output of all goods and
services produced world-wide using U.S. Resources.
Net National Product (NNP) is the total output of all goods and
services world-wide using U.S. resources, but does NOT use a
depreciation value. It’s the same as GNP - depreciation.
National Income (NI) is the total payments for economic

resources included in the production of all goods and services
which include payments for wages, rents, interest, and profits.
Personal Income (PI) measures the total payments for economic

resources received by individuals.
Personal disposable income (PDI) measures the amount

individuals have to spend calculated as personal income - income
taxes.
Employment
When economists are calculating unemployment, only members
of the workforce ages 16 and up are counted. Individuals younger
than 16 that have a job such as a paper route are not considered
in the calculation.
Cyclical unemployment is the loss of jobs due to a downturn in the

economy.
Structural unemployment consists of workers who have lost their

jobs due to the need for their job being greatly reduced or even
eliminated, which includes unemployment as a result of
technology.
14
Frictional unemployment is unemployment due to workers being
in transition between jobs or relocating.
Aggregate Supply and Demand

Aggregate demand is the total spending of individuals,
businesses, governments, and net foreign spending on goods and
services at different prices at the economy level.
An increase on spending on imports would most likely shift

aggregate demand to the left (lower it) because demand for
domestic goods is being replaced by imports.
An increase in tax rates and tax revenues would also decrease

aggregate demand because consumption dollars are being used
up to pay taxes.
Aggregate supply is the total output of goods and services at

different price levels at the economy level.
A large decrease in an economy’s labor force would most likely

shift the aggregate supply curve left (lower it), because labor is an
economic resource and would affect overall supply by lowering it.
In macroeconomics, “investing” is:

• Residential construction
• Nonresidential construction
• Business durable equipment
• Business inventory
An individual putting money in the stock market is NOT investing,

that is ‘saving’ in the context of macroeconomics.
Average propensity to consume(APC) is the percent of disposable

income spent on consumption goods.
15
Average propensity to save(APS) is the percent of disposable
income saved
APC + APS = an individual’s disposable income.
Inflation and Monetary Policy

Inflation is the general increase in prices and interest rates, and
deflation is the opposite.
The main purpose of the consumer price index is to compare

relative price changes over time. It is also what the federal
government uses to measure inflation.
Inflation distorts reported income because depreciation is not

reflective of current fixed-asset replacement costs.
If the Federal Reserve want to expand the economy, it will most

likely purchase federal securities and lower the discount rate.
The Federal Reserve cannot change tax rates, Congress changes

tax rates.
If the Federal Reserve wants to increase the money supply, they

will lower the discount rate. The discount rate is the rate the Fed
charges to banks for borrowing money from the Fed. If banks pay
lower interest, then banks are out opening more loans, which
increases the money supply.
‘Fiscal policy’ is established by Congress and deals with spending

and taxes. ‘Monetary policy’ is controlled by the Federal Reserve
and deals with achieving national objectives through control of the
money supply.
16
Globalization
Globalization is the movement toward a more integrated and
interdependent world economy.
The World Bank’s main objective is to promote general economic

development worldwide, and focusing on lending to developing
countries for infrastructure.
The International Monetary Fund’s (IMF) primary objective is to

maintain order in the international monetary system, mainly by
providing funds to economies in financial crisis.
‘Foreign direct investment’ is when a domestic entity invests in

foreign production facilities.
The General Agreement on Tariffs and trade (GATT) was setup to

encourage international trade by eliminating tariffs, subsidies,
import quotas, and other trade barriers.
International trade becomes a bigger and bigger part of the

worldwide economy every year, including becoming a larger and
larger part of U.S. economic activity.
Imports AND exports are included when calculating an economy’s

GDP. It is exports minus imports that enters into determining
GDP.
The U.S. exports more agricultural products and services than it

imports. The U.S. imports more manufactured goods and
industrial materials than it exports.
China is the largest exporter of goods and services, followed by

Germany and the United States.
The U.S. exports make up about 10% of worldwide exports.

17
Europe has experienced the largest decline in share of worldwide
output in the last 40 years.
When a firm outsources production of a good to a foreign

supplier, there are several risks:
• Quality risks
• Security risk
• Currency exchange risks
18
Market Influences on Business
Microeconomics
In a free market economy, economic decisions are made by
individuals, there is an interdependent relationship between
consumers and businesses, and what get produced depends on
the preferences of the end-user.
Labor, capital, and natural resources are all economic resources

and they are scarce, meaning there is a limited amount of each.
There is a flow of resources that consists of 4 main interrelated

flows:
• Individuals provide resources to businesses (people go to
work)
• Businesses pay these individuals for these resources
• Businesses provide goods and services to consumers
• Individuals provide payment to businesses for these goods
and services
In a free market economy, government regulation should be the

least important factor is determining resource allocation
Demand
A substitute commodity meets the same basic need or want as
another commodity. When the price of one commodity increases,
demand will decrease and shift to other substitute commodities.
A complementary commodity is one which is used together with

another commodity. When the price decreases for a
complementary commodity, demand increases for it and the
commodity for which it is complementary.
19
Demand Curves
Demand curves are negatively sloped, with quantity on the X axis
and price on the Y axis. As demand goes up, the quantity
becomes less and less, and the price increases.
The demand curve for a product represents the impact that its
price has on the amount of the product that will be purchased.
There’s an important difference in “demand” and “quantity

demanded”. A change in price changes the quantity demanded,
and causes movement along a demand curve. But a change in
demand shifts the entire curve either inward (less demand) or
outward (more demand).
If there is an increase in the income of market participants, this

will cause the demand curve to shift outward, which means more
total demand - and vice versa.
20
Supply
The same difference in quantity supplied and ‘supply’ exists: A
change in quantity supplied is movement along a given supply
curve as a result in a change in price. A change in supply is an
actual shift of the entire supply curve.
A normal supply curve has a positive slope.
21
Market Equilibrium
Market equilibrium is the point at which a demand curve meets a
supply curve.
If a price for a good is fixed below market equilibrium, that will

create excess demand because there is a price ceiling.
The same thing would happen with government imposed price

ceiling on rent: the quantity demanded would exceed the quantity
supplied.
22
A price ceiling causes a quantity shortage, and a price floor
causes a quantity surplus.
Elasticity
Elasticity measures the change in a market factor as a result of a
change in another market factor. The 4 measures of elasticity are:
• Elasticity of demand: the % change in quantity demanded as
a result of the % change in the price. If a 3% price increase
results in a 5% increase in quantity demanded, then the
demand is elastic. If the quantity demanded increased less
than 3%, then the demand would be inelastic
• Elasticity of supply: the degree to which quantity supplied
changes as a result of the % change in price
• Income elasticity of demand: measures the change in
quantity demanded of a good compared to the change in the
income of consumers of that good
• Cross elasticity of demand: measures the change in quantity
demanded compared to the change in price of another good
Utility
Utility is the satisfaction derived from the acquisition or use of a
commodity.
A ‘util’ is a hypothetical unit of measure to measure satisfaction

derived from a commodity.
Marginal utility is the satisfaction derived from each additional unit

of a commodity.
The law of diminishing marginal utility says that with each

additional unit of a commodity acquired, utility(satisfaction) goes
down. After 4 slices of pizza, slice 5 isn’t as good, and slice 6 is
even less good, and so on.
23
Important note: As an individual acquires more and more units of
a commodity, utility increases, but marginal utility decreases.
Market Structure
The 4 most common market structures are:
Perfect competition: In a perfectly competitive market, there is a

large number of buyers and sellers, and so no single trader could
have a significant impact on market prices. In this market, the
demand curve would be perfectly horizontal
Perfect monopoly: This would be a single seller where there is

no close substitute for the good(s) they sell. In other words, this
one single firm makes up the entire market. There are 2 main
reasons a monopoly would exist:
• A single company is able to produce at a lower cost than
multiple producers. This is “economies of scale”
• If the company has legal control or authority of the resources
required to produce the product(s)
Monopolistic competition: This is a market with many sellers

where the sellers sell differentiated products, and there are close
substitutes for the products. Firms can enter and exit the market
easily. According to economic theory, in monopolistic competition
long-term profits are not possible because if a firm is making
profits in the short-run, more firms will enter the market until all
firms are just breaking even.
Oligopoly: In this type of market there are a small number of

sellers, and these firms sell either similar or differentiated
products. Entry to the market is restricted. Each seller in an
oligopoly is large enough to influence market prices.
A ‘cartel’ is a group of firms that conspire together to fix prices.

24
Financial Risk Management
Market Risk
Market risk (systematic risk) is the large scale risk of markets and
natural disasters that all businesses face. It can’t be mitigated by
diversification, but it can be mitigated to a small degree by some
types of insurance.
Business-specific risk (unsystematic risk) is the collection of

specific risks facing a business based on its sector, regulations,
cost structure, nature of products, etc. These risks can be
mitigated through diversification.
Interest Rate Risk

This is the risk that changing interest rates will have on
investments and most commonly, long term debt or bonds. An
investment in long term debt is made at a certain interest rate,
and the investor then bears the risk that market interest rates will
go up, which lowers the value of the investment in debt at a set
interest rate.
Example:
Ron buys a $1,000 bond that pays 5% interest each year, or $50
per year. 3 years later, interest rates on bonds have increased to
10%. This lowers the value of his 5% bond, so if he sells his bond
he’ll get less than $1,000 face value, which results in a loss.
Interest rate risk can be offset with forward and futures contracts,
interest rate swaps, or an option contract.
Example:
Ron buys his $1,000 bond that pays 5% interest each year. To
offset the risk of interest rates going up, Ron also acquires an
25
options contract that allows him to sell his bond for a specified
price at the time of making the contract.
Currency Exchange Risks

This is the risk of the changes in value of different currencies that
a business does transactions or operates in.
For example, if a contract is made where the business will need to

pay a certain amount of a foreign transaction. If that foreign
currency increases in value relative to the dollar before the
settlement date, the transaction will cost the business more in
dollars even though the contracted price doesn’t change. Also,
when a business is actually operating in a country with a foreign
currency. As the currency fluctuates, so does the value of the
foreign portion of the business and its income.
Currency risks can be hedged against through derivatives such as

forward contracts, futures contracts, options, or swaps.
Liquidity Risks and Ratios

The risk that an asset can’t be sold (liquidated) for cash equal to
its fair value. This is another risk that can be mitigated to some
degree through diversification.
There’s also the risks associated with running a business with low
liquidity, meaning having low working capital, or a current ratio or
quick ratio of 1 or below. There are differences by industry, but
having less current assets than current liabilities increases the
risks facing a business.
Working capital is defined as current assets - current liabilities.
26
Expressed as a ratio, current assets over current liabilities is the
“current ratio”.
A better overall test of liquidity is to take inventory and prepaids

out of the equation, which is the “quick ratio” or “acid test”:
If a current ratio or quick ratio is around 1/2, meaning twice as

many current liabilities as current assets, the business can’t cover
its short-term liabilities and could possibly have to liquidate other
assets in order to meet them.
A current or quick ratio of 1 means the business can at least meet

its short term obligations.
A current or quick ratio of 2 or more usually signifies a healthier

business that has more than enough resources to meet its short
term obligations.
27
Credit Risk
The risk of default on debt from the borrower failing to make
payments. The creditor risks the repayment of principal and
interest, but also faces the extra costs of cash flow disruption and
the costs of trying to collect.
Credit risk is mitigated by one or more of the following:

• Charging higher interest rates to higher-risk borrowers
• Placing stipulations on loans that the borrowers need to
meet (debt covenants)
• Credit insurance
• Derivatives to hedge against high risk borrowers
• Diversification (lending to many borrowers)
Inflation Risk
This is the risk that inflation decreases the purchasing power of a
fixed amount. The same $100 can buy less and less as inflation
increases. This results in the need for a business to adjust cash
flow planning and increase the required rate of return on potential
projects to compensate for inflation.
Other Types of Risks in Business
Strategic risk is the long-term risk a business faces by having

competition. This risk is best controlled by strategic planning and
optimizing operations.
Operational risk is short-term risk that involves the risk of running

a business day to day. This risk is best controlled by focusing on
the execution of the company’s strategic plan.
Contingency planning is a method of dealing with risk with things

like disaster recovery planning.
28
Cost avoidance is avoiding costs, and is a faster way of
increasing profits than increasing revenue, because increasing
revenue usually involves increasing costs as well on marketing,
adding features, etc.
Hedging is a way of mitigating foreign currency exchange risk,

and involves acquiring an investment that would offset losses
caused by foreign currency fluctuations.
29
Financial Management
Capital Structure
Capital structure is a how a firm uses different sources of funds to
finance its operations and growth. This will be some combination
of debt and equity: certain industries utilize more debt than stock
and others use little debt and rely mostly on stock.
Cost of Capital
This refers to the opportunity cost of using capital in a project or
investment compared to another. If $10 million can either be
spent upgrading a company’s equipment vs purchasing bonds,
the company would evaluate the expected returns of each option.
If upgrading the equipment would produce a 10% return each
year for 5 years, and the bonds pay 6% interest, then the
equipment upgrade is a better use of the $10 million.
Calculating Cost of Capital

The average cost of capital is taking the relative weighted “costs”
of the different capital sources, meaning the rate of return
required by either investors or lenders, to arrive at the weighted
average cost of capital for a business. This is then used to
evaluate future project or investments, for example: once a
business knows their capital has a cost of 9%, any project or
investment needs to return more than 9% for the business to
consider it.
30
The weighted average cost of capital formula is:
Note: The “cost of equity” will be given to you in a problem, since

it’s not a defined amount like an interest rate on debt.
Example:
Asset Structure
This refers to how a business uses assets to generate earnings.
The primary metric for measuring a firm’s ability to generate
earnings from assets is “return on assets”.
The first thing management decides is how to acquire assets:

What blend of debt and equity financing should be used to
acquire capital and then acquire assets?
The second issue is how can the business maximize the returns
on the asset base?
31
The components of asset structure are the assets listed on the
balance sheet, while “capital structure” refers to long-term debt
and equity.
Current assets provide the company’s liquidity, while long-term

assets are geared towards generating earnings.
What type of long-term assets a business holds depends on the

business’s strategic goals and nature of its business, its industry,
the markets it operates in, economic conditions, and competition.
Here are some examples:
A technology company would most likely have a large portion of

long-term assets as intellectual property and other intangible
assets, large amounts of current assets, and relatively small
amounts of PPE.
An insurance company would hold a lot of financial assets, with

little PPE and little intangible assets.
A manufacturing company would have a large amount of PPE and

large amounts of current assets such as accounts receivable,
cash, and inventory.
Loan Covenants
These are restrictions/requirement placed on a loan or line of
credit by the lender, and if the borrower is found to be “out of
covenant” by not meeting the requirements, the loan is due
immediately.
32
Some common examples of loan covenants are:
• Meeting certain ratios such as debt to equity or working
capital requirements
• Limits on taking on additional debt
• Requirements on collateral attached to the loan
Growth Rate
Growth rates can be used to evaluate an entire business, a
business’s earnings or sales, expenses, or even entire
economies.
Example:
ABC’s sales in year 1 were $100,000, and sales in year 2 were
$120,000.
The calculation is:
It’s a very simple calculation to do in your head most of the time,

but if the numbers aren’t easy to deal with, you should know the
formula.
Profitability
This is the extent to which a business generates a profit. The
most common measures of profitability are profit margin, return on
assets, and return on equity.
33
There are different measures of profit margin, such as:
• Gross Margin: Revenue - COGS
• Contribution Margin: Revenue - Variable Expenses
• Operating Margin: Operating Income / Revenue
• Pretax Margin: Earnings Before Tax / Revenue
• Net Profit Margin: Net Income / Revenue
Leverage
Financial leverage is the amount of debt a business uses to buy
assets. So it’s really the ratio of debt to equity that a business
uses to acquire assets. Leverage can result in a business earning
a greater return on investment than by using existing assets.
Example:
ABC buys new equipment for $100,000 in cash and generates a
profit of $20,000 with the new equipment. ABC’s return on assets
is 20% and is not utilizing any leverage since they paid cash for
the equipment.
OR,
ABC buys new equipment for $10,000 down and a loan of

$90,000 and earns $20,000 with the new equipment. ABC’s ROA
in this case is 200% by utilizing leverage.
The more leverage a business uses, the more risk. As a business

takes on more and more debt, the chances increase that they
won’t be able to pay it all back. This can be especially risky for a
cyclical business, or a business where there are low barriers to
entry as competition can make sales fluctuate. A business that
has steady and predictable revenue is better suited to utilize a
large amount of leverage.
34
Another key point is that debt has tax advantages, as interest
expense is deductible, but as a firm increases their amount of
debt, lenders will charge higher interest rates on additional debt
and more strict covenants, thus increasing the risk of default.
Risk
Different types of financial risk were covered in the previous
section, “Financial Risk Management”
35
Working Capital
Working capital is the difference in a firm’s current assets and its
current liabilities. The objective of working capital is to meet the
operating needs of the company such as purchasing inventory
and having enough cash to meet obligations as they become due.
Working Capital Ratios

Ratios to analyze working capital can be divided into two
categories:
• Liquidity ratios
• Operational ratios
Liquidity ratios:
Times interest earned is measuring the ability of current earnings

to cover interest payments for a given period.
36
Average collection period is measuring how long it takes for the
business to receive payment owed from accounts receivable.
Operational Ratios:
The cash conversion cycle is measuring how long it takes cash

invested in inventory to return as cash received from customers.
• The “days inventory outstanding” is the number of days it
takes to sell a batch of inventory.
• The “days sales outstanding” is the number of days needed
to collect accounts receivable
• The “days payable outstanding” is the days before the
business needs to pay its own bills (The longer it can wait,
the longer it can hold & invest cash)
Inventory turnover measures how many times inventory is cycled

through in a period, and can help identify over or under stocking
inventory, or obsolete or slow moving inventory.
37
This is measuring how many times receivables are earned and
collected in a period, which indicates the effectiveness of the
collection policies.
Inventory Management
The main objective of inventory management is to determine and
maintain the optimal amount of all inventories.
The cost of carrying inventory is directly related to how much

inventory a company should keep on hand. If the cost of carrying
inventory rises, the company should carry less inventory, and vice
versa.
A ‘just in time’ inventory system is aimed at increasing efficiency

and eliminating unnecessary costs by reduces inventory on hand
but it requires more frequent deliveries from suppliers. Usually
vendors will guarantee that their products/supplies are free from
defects so that the purchaser doesn’t need to inspect them upon
delivery. A JIT system does increase the chances of running out
of inventory, but it also lowers inventory carrying costs.
The ‘economic order quantity formula’ is a method that aims to

determine the order size that will minimize the total inventory cost.
Both order cost and carrying cost are assumed to be constant.
Also, it is assumed that the periodic demand is known for
economic order quantity to be feasible.
Accounts Payable Management

The way that a business manages their accounts payable,
specifically to vendors, can have a big impact on profitability and
cash flow. The most important thing is that the business pays their
bills on time. This improves relationships with vendors &
suppliers, and will result in favorable discounts and credit terms.
Discounts and favorable credit terms can increase profitability for
the business. As the business grows and develops relationships
38
with more and more suppliers, it can lead to good relationships
and discounts with all suppliers, which can significantly boost
profitability for the business.
Cash flow becomes crucial as the business obviously needs

enough cash on hand to pay suppliers within the discount period
and keep taking advantage of discounts.
Lines of Credit and Debt Covenants

Lines of credit are different than a long-term note payable, in that
nothing is owed until the business makes charges agains the line
of credit; it works like a credit card.
Debt covenants are common when a business takes on long-term

debt or a large line of credit with a bank. Debt covenants typically
include stipulations on maintaining a certain level of working
capital or staying above a certain working capital ratio.
Cash Management
Cash management means trying to make sure a firm doesn’t have
too much cash or not enough cash. Too much cash is an
inefficient use of resources, while not having enough cash causes
obvious problems.
A lock box system improves control over cash because customer

payments are made directly to the bank where the lockbox is and
the bank employees are the only ones who deal with the cash.
A zero-balance account is a cash management tool that removes

any excess cash at the end of each day and moves it to another
account. Companies also use these types of accounts for specific
purposes such as an account exclusively for paying payroll
checks.
39
Accounts Receivable Management
The overall goal of accounts receivable management is to
maximize profits (not sales).
A policy that is too loose with granting credit to customers who

aren’t creditworthy and will result in bad debt, but a policy that is
too tight risks losing credit sales from customers who would pay.
The receivables turnover ratio and the average collection period

or “days sales outstanding” (see above) are ratios used to
measure the effectiveness of collection and credit policies.
With the receivables turnover ratio, a business wants to “turnover”

their receivables as many times as possible during the year.
The more times a business can turnover their receivables in a

year, it shows how efficient the business is at collecting cash on
credit sales, and that fewer credit sales are being written off. It
also helps with liquidity to be efficiently bringing in cash on sales
generated.
With the average collection period, a business obviously wants to

collect receivables in as short a time as possible, so a lower
number is better.
Some businesses will “factor” their receivables, which means they

sell their receivables to a third party at a discount to receive the
cash from the receivables sooner than waiting to collect from
customers.
Accepting credit cards is an example of factoring; businesses

accept credit cards and receive cash from Visa or American
Express and the business pays a fee to the credit card company.
40
The risk that the customer doesn’t pay is then Visa’s problem, not
that of the business.
41
Financial Valuation Methods
Valuation is the process of assigning value to assets and
liabilities.
Developing “Fair Value”

To determine fair value under GAAP, there are 3 levels of
evaluating fair value inputs:
• Level 1: This is the highest level or most reliable, and it
consists of having observable quoted market prices for
identical assets/liabilities in an active market, such as stock
prices listed on the stock exchanges. This is the best
evidence for fair value
• Level 2: This is the second highest level and consists of
observable quoted prices for similar assets/liabilities in an
active market
• Level 3: These inputs are unobservable and level 3 inputs
should only be used when there are no observable inputs
Valuation approaches: There are 3 main approaches to develop a

fair value:
• Market approach: this approach uses prices and other
relevant information generated by market transactions
involving assets or liabilities that are identical or comparable
to those being valued
• Income approach: This approach used valuation techniques
to convert future amounts of economic benefits or sacrifices
of economic benefits to determine what the future amounts
are worth
• Cost approach: Determines what it would cost to construct a
replacement item
42
According to GAAP, valuation can only be based on exit price,
NOT entry price. An exit price is the amount that you would
receive to sell an asset or be paid to transfer a liability in an arm’s
length transaction.
BOTH location and condition are taken into account when

determining price
Option pricing
The ‘Black Scholes’ model is a mathematical formula for valuing
stock options. There are advantages and disadvantages to the
Black Scholes model:
Limitations:
• It assumes the stock does not pay dividends
• It assumes the risk-free rate of return used for discounting
remains constant
• It assumes the option can be exercised only at the expiration
date
Advantages:
• It discounts the exercise price
• It uses the probability that the option will be exercised
• It uses the probability that the price of the stock will pay off
within the time to expiration
Binomial Option Pricing

A pricing method for options where a price tree and probable
values are calculated based on volatility, expiration dates, and
probabilities.
43
Capital Asset Pricing Model(CAPM)
CAPM is a model that evaluates the relationship between risk and
expected return for assets, but usually stocks.
CAPM uses 1) the risk-free rate of return and 2) Beta.
The risk-free rate of return is the hypothetical rate for return for
“no risk”, and is based on the rate for a 3-month U.S. treasury bill.
Beta (β) is a measure of how volatile an investment is compared

to the rest of the market, or comparable items. A beta of 1 means
it’s equal, a beta of 0.5 means it is half as volatile as comparable
items, and a beta of 1.5 means it is one half more volatile than
comparable items.
The formula for CAPM is:
Required Rate of Return = RFR + β(ERR - RFR)
RFR is the risk free rate (see above).
β is beta, a measure of volatility (see above).
ERR is the expected rate of return, usually based on asset class

or a similar investment.
Dividend Discount Model

This model used the predicted dividends of a company and
discounts them back to present value. If the present value of the
dividends on a per share basis are greater than the current share
price, then the stock is considered undervalued and is a good
investment, and vice versa.
44
Valuing Businesses
There are several common approaches to valuing a business:
• Market approach: The business is compared to other similar
businesses with similar characteristics in the same industry
or market.
• Income approach: A fair value is derived from the business’s
income streams. Net present value of cash flows, or
sometimes a discounted cash flow model is used.
• Asset approach: The fair values of the individual assets of
the business are added up and equal the value of the
business. This approach is commonly used when a business
is liquidated to pay its debts.
Comparing Investments
There are many approaches to comparing potential investments,
but the ones you should know are:
• Payback period approach
• Net-present value
• Economic value added
• Cash flow analysis
• Internal rate of return
Payback Period Approach

The ‘payback period approach’ determines how many years it will
take to recover the initial project investment cost.
The calculation is simple: you take the upfront project cost, and
you divide it by the expected annual cash flows. If the project cost
will be recovered in the specified time, you would accept the
project. If not, you would reject the project.
One advantage of the payback approach is that it is easy to use

and understand.
45
Some disadvantages are that it ignores the time value of money,
it ignores cash flows received after the payback period, and it
doesn’t measure total project profitability.
EXAMPLE: A new project costs $100,000. It will produce cash

flows of $25,000 per year. You need to recover the project cost in
3 years. You would reject this project because by year 3 you
would have only recovered $75,000.
Net-Present Value
The ‘net present value approach’ compares the present value of
expected cash flows of the project to the initial cash investment in
the project.
Using this model, if the net present value is zero or positive, then
the project is considered economically feasible.
Economic Value Added

This is a metric to measure economic profit, and is a form of
measuring residual income.
46
Discounted Cash Flows (DCF)
DCF is a method of discounting future cash flows of a business to
present value on a per-share basis to compare to the current
share price to see if a potential investment is undervalued or
overvalued by the market.
r = the discount rate which is usually weighted cost of capital
Internal Rate of Return

This method determines the discount rate that would make the
net present value of after-tax cash flows equal to zero. Then, any
potential investment or project that returns an IRR greater than
zero would have value.
In the equation, the discount rate is what you’re solving for. Also,
IRR can only be calculated using a specific function made for
calculating IRR or by using trial and error.
47
Information Technology
Information Technology Governance

Vision and Strategy
Information technology is used in business to help a business
entity achieve its objectives.
A company’s mission statement should provide practical steps to

attaining the company’s vision, and the use of IT should be
strategically implemented based on the mission statement
objectives.
Organization
The COBIT model

The COBIT model provides a framework for the implementation of
information technology into the control system of an organization,
and so that the organization can understand the risks involved in
doing so. It’s also to guide managers and users to adopt IT best
practices.
The basic COBIT framework is aimed at figuring out 3 main

things:
• What are the business requirements of an IT system for our
business?
• What IT resources would be necessary to implement such a
system?
• What IT processes do we need to figure out to implement
such a system?
In other words: Objectives, Resources, and Processes
48
This model is widely used for IT governance best practices. There
are 4 main “domains” to the COBIT model:
• Planning and organization: This deals with how the IT
system helps accomplish business objectives. Also includes
developing tactics to accomplish the strategic vision.
• Acquisition and implementation: Deals with how the
business acquires and develops IT solutions and automated
solutions that address business objectives
• Delivery and support: Deals with how the company can best
deliver required IT services including operations, security,
continuous service, and training
• Monitoring: Deals with how the company can periodically
assess the IT processes for quality and control
There are 7 attributes of “desired” information according to

COBIT:
1. Effective
2. Efficient
3. Confidential
4. Integrity
5. Available
6. Compliant
7. Reliable
Enterprise-wide resource planning system (ERPs)

This is a software system that processes transactions, supports
management, and aids decision making throughout the entire
organization in one single package. In other words, an ERP
integrates all of the data maintained by the organization into one
database. This improves flexibility and the decision-making
process by having all information in one place.
The obvious advantage of an ERP is increased efficiency in

evaluating data to make decisions.
49
The downside of an ERP is that they are very expensive to
purchase and integrate into an organization.
Part of an ERP system is an online analytical processing system

(OLAP). This provides data warehouse and data mining
capabilities of an ERP system. So company employees can go
into the system and run queries or generate reports from the
firm’s data.
The other component of an ERP is an online transaction

processing system (OLTP). This records the day-to-day
transactions of an organization such as sales, production, and
purchasing.
Remember, OLAP is referring to analyzing data, and OLTP is

referring to collecting data, not analyzing it.
Cloud based system

This is a data pool provided by 3rd party. Using the “cloud” has
several advantages:
• Enhanced access as long as someone has internet
• Lower maintenance costs
• Scalability
There are also some additional risks with using the cloud:
• Risk of data loss
• Increased risk of data being breached by hackers
• Overall risk of relying on a service provider instead of
housing data internally
50
Examples of cloud-based services:
• Software as a service (SaaS): This is cloud based software
that is externally hosted and usually comes with an ongoing
fee instead buying software on a CD and installing it
• Platform as a service (PaaS): The use of cloud-based
services to create cloud-based software
• Infrastructure as a service (IaaS): Using the cloud to access
virtual storage or hardware
Risk Assessments
In an IT risk assessment, there are basically three main risk
management components:
• Evaluation and assessment, to identify assets and evaluate
their properties and characteristics.
• Risk assessment, to discover threats and vulnerabilities that
pose risk to assets.
• Risk mitigation, to address risk by transferring, eliminating or
accepting it.
51
Role of IT in Business
Emerging Technologies
Big Data Analytics

This refers to businesses harnessing the analytical benefits of
extremely large amounts of data. There are a lot of benefits to
analyzing large amounts of data, and there are also big risks.
The main benefit of big data is to gain insights & advantages on

marketing, sales, operations, risk, etc.
The downsides are the responsibility and liability in dealing with

large amounts of possibly sensitive data such as customers’
credit card info and private details.
Bitcoin/Blockchain
Bitcoin is an intangible currency that operates using “blockchain”
technology. Bitcoin is a peer to peer, decentralized currency that
uses the blockchain to validate and authenticate transactions
using encrypted user IDs and assigns encrypted markers to every
transaction.
The “blockchain” is the underlying technology, which is a ledger

system that tracks and logs every bitcoin transaction as a way of
continuous validation and a record of all transactions. The peer-
to-peer network of blockchain simultaneously updates and logs
bitcoin transactions, and this is what allows it to be de-centralized
or constantly updating and storing itself in the cloud, in this case
the cloud being made up of the peer-to-peer network.
A very simplified way to think of the blockchain is a “spreadsheet

in the cloud” of all transactions, that anyone has access to.
52
Machine Learning and AI
Machine learning and artificial intelligence refers to software and
hardware that can analyze big data sets and “learn”, and then
perform functions with that data or even perform physical
functions such as robots performing physical tasks.
The most common functions currently being used with machine

learning are:
• Data harvest and data cleanup
• Analyzing data sets, including numbers, words, images,
sounds
• Monitoring and performing physical tasks
E-Commerce Definitions
E-Commerce refers to doing business online and the related
technologies. Here are some of the key definitions that could
show up in questions:
• EFT: Electronic funds transfer is moving money from one
bank account to another and removes the need for a
physical check. If you get paid by direct deposit into your
bank account, that is an EFT transaction
• EDI: Electronic data interchange is when business data is
exchanged between two computers, such as instant sending
and receiving of contracts or purchase orders
• CRM: Customer relationship management is a tool that is an
electronic rolodex of customers and their data, which is
analyzed to segment customers for specific promotions or
marketing campaigns
• TPS: Transaction processing system is a system used for
performing daily business transactions such as sales or
orders from customers
• MIS: Management information system is a system that
analyzes transactions from a TPS to provide management
with summarized reports
53
• DSS: Decision support system is a system that also
analyses company transactions but includes external data to
aid upper management in decision making
• Data warehouse: This is when a company stores
transactional data for years at a time, usually with the intent
to data-mine, which is to analyze the data for patterns
Transaction Processing
In an automated accounting system, transactions are processed
chronologically and then summarized in accounts. One key
difference between a manual (on paper) system and a
computerized system is that systemic errors (mistakes) are
greatly reduced, and financial statement preparation is much
more efficient.
Data Entry: When a transaction happens, it can be recorded on

paper and then entered into the system manually, or it can be
entered automatically.
Transaction file: A transaction creates a “transaction file” that

updates the “master file”.
Master file: These keep track of all transactions within an account.

So if rent revenue is received, that specific transaction file
updates total rent revenue in the master file. A master file is
computer equivalent of a “ledger” or a “sub ledger” in a paper
system.
System output: The master file balances are then used to ‘output’
reports.
Batch processing: When transactions are grouped by transaction

type and then processed in a batch.
54
Online, real-time processing (OLRT) is when immediate
transactions take place as they occur, such as an internet order.
OLRT transactions require network access since they are
immediate and real-time.
A point of sale system (POS) combines online and real-time

processing with automated data capture technology.
55
Information Security/Availability
Information Security Controls
When it comes to information security, there are 2 types of
controls: Logical controls and physical access controls.
Logical controls are the controls within computer systems that
prevent unauthorized access, such as user authentication, the
ability to read/write a document, or firewalls.
Physical controls are the physical measures taken to protect the

information of an organization. These are things like actual
building alarms, climate controlled server rooms, backup systems,
and automatic sprinklers to put out a fire.
Continuity Planning
Part of an IT system is having a continuity plan which allows the
system to keep running and maintain data in the event of a
disaster such as the main office burning down or being flooded.
The overall process of planning for disasters is referred to as

‘business continuity management’ or BCM.
This planning involves identifying and prioritizing the following

categories of functions:
• Mission critical: serving customers and manufacturing
products
• Business critical: the IT systems and processes necessary
for the business to run
• Task critical: services required to carry out individual tasks
56
DRP Definitions:
DRP stands for disaster recovery plan which allows an
organization to make a plan for disasters and recover from them.
In a DRP, the top priority is “mission critical” activities. The lowest

priority is given to “task critical” activities.
Cold site: An offsite location that has all the physical requirements
for data processing, but doesn’t have the actual equipment or
data.
Warm site: A place the business can relocate to after a disaster. It

contains the hardware but no copies of backed up data.
Hot site: An offsite location that is completely ready to take over

the company’s data processing.
Mirrored site: A fully redundant facility – this has the highest cost.
Other Definitions to Know:

• A ‘centralized system’ maintains all data and performs all
processing at a central location
• A ‘peer-to-peer’ network is which different nodes all share in
communications management- there is no central controlling
server
• A ‘local area network’(LAN) is confined to a small geographic
area such as one office or even just one floor
• A ‘node’ is a device connected to a computer network
• A ‘client’ in a computer system is a computer used by an
end-user that doesn’t supply network resources
• A ‘wide area network’ (WAN) are networks that cover large
geographic areas, such as a national network
57
• ‘Extensible markup language’ (XML) is a protocol for
encoding documents in a machine readable form
• ‘Hypertext markup language’ (HTML) is a language for web
pages
• ‘Transmission control protocol/Internet protocol’ (TCP/IP) is
the transmission protocol of the internet
• ‘Extensible business reporting language’ (XBRL) is a
protocol for encoding and tagging business and accounting
specific information in electronic form
• ‘File transfer protocol’ (FTP) is a protocol used to transfer
files from a client to a server
• A remote backup service allows users to back up their
information in the cloud, such as Mozy or Carbonite
• A rollback and recovery method of backup is when
transactions are backed up as they occur, but there are also
“snapshots” backed up so that backup can be rolled back to
a certain time period
• ‘Mirroring’ is a method of backup that backs up an exact
copy to multiple sites
• ‘Biometric controls’ are things like fingerprint scanners that
are used instead of a password
• A ‘strong’ password would have at least 8 characters, uses
both upper and lower case letter
• ‘File attributes’ restricts read/write/edit capabilities of a
record
• A good location for an offsite computer operations facility
would be a location that is climate controlled and at a low
risk for natural disasters
• ‘Social engineering’ is a set of techniques used by a
fraudster to get sensitive information from employees. The
distinction is getting information from people instead of
actually hacking computer systems
• The 4 electrical systems risks are:
⁃ Failure or outage
⁃ Reduced voltage (brownout)
58
⁃ Spike and surges
⁃ Electromagnetic interference
• ‘Cleartext’ or ‘plaintext’ is text that can be written or
understood versus something like computer language
• ‘Symmetric encryption’ is using a single algorithm to encrypt
or decrypt
• A digital certificate works by providing electronic
identification and verification of a message
• Asymmetric encryption works by using two paired algorithms
to encrypt and decrypt text
• Secure internet transactions are made possible by 2 main
security protocols:
• SSL (secure sockets layer)
• S-HTTP (secure hypertext transport protocol)
• ‘Ciphertext’ is scrambled text that cannot be understood
without using an algorithm and key
• A ‘denial of service attack’ prevents legitimate users from
accessing the system by flooding the system with requests.
The attack is meant only to disable the system, not gain
access to it
• A ‘trojan horse’ is an application that appears legitimate but
performs some other illicit activity
• A ‘backdoor’ is a program that lets a hacker bypass the
regular security process such as a password
59
Processing Integrity
Application controls:
Application controls are the controls dealing with each specific
application to make sure that the data is complete, accurate, and
valid.
There are 3 main types of application controls:
Input Controls
These are important because if the data is entered correctly, there
are less problems in the future because of decisions being made
based on bad data.
The 3 main goals of input controls are:
• Validity
• Completeness
• Accuracy
60
A few examples of input controls are:
• ‘Default values’ are pre-supplied values to help reduce
mistakes such as the date on an order page being auto-filled
with the current day’s date
• Automated data capture is something like a bar code and
bar code reader that allows fast data entry and reduces
mistakes
• A ‘reasonableness check’ is a process that compares two
fields such as hours worked with paycheck total to make
sure both values are reasonable
• ‘Closed loop verification’ reduces data entry errors by
retrieving other related information when an input such as a
phone number is entered. If the wrong customer comes up,
the user knows they typed the number wrong
• A ‘sequence check’ verifies all numbers in a sequence have
been accounted for, such as check numbers
• A ‘hash total’ provides a total for a field with no actual
meaning, but can be used to prevent errors. Such as adding
up the numbers of a customer account number which can be
used later to check for errors
Processing Controls
Processing controls ensure that updates and changes to the
master file are accurate and authorized.
Some types of processing controls:

• An ‘electronic audit trail’ is a list of transactions written to a
log as they are processed which provides a trail for
transactions
• ‘Run to run’ controls are counts that monitor the number of
units in a batch as they move from one procedure to another
‘Internal labels’ tells the program its using the correct files for the
update process
61
Output Controls
Output controls help ensure that reports are accurate and
distributed to authorized users.
Some types of output controls:

• Spooling controls: When jobs sent to the printer are held in a
printing queue, access to this queue is restricted
• Aborted print jobs: Since printed reports contain sensitive
data, there should be a control to dispose of partial printouts
or aborted print jobs
• Distribution logs: Who receives what reports should be
recorded and controls should be in place to make sure
people only receive reports they are authorized to receive
Information Security Controls

When it comes to information security, there are 2 types of
controls: Logical controls and physical access controls.
Logical controls are the controls within computer systems that

prevent unauthorized access, such as user authentication, the
ability to read/write a document, or firewalls.
Physical controls are the physical measures taken to protect the

information of an organization. These are things like actual
building alarms, climate controlled server rooms, backup systems,
and automatic sprinklers to put out a fire.
Encryption
This refers to the process of converting regular text into a code
that can only be deciphered by the intended recipient of the
information (ideally). And of course, usually some type of system
or software is converting the secure message automatically for
the recipient.
62
There is symmetric encryption, which is simple and easy to use
but is less secure – it uses a single algorithm.
The other type is asymmetric encryption, which uses two

algorithms to encrypt the message and is more complicated but
more secure than symmetric encryption.
IT Internal Controls
There are 3 main functions within IT:
• Application development
• Systems admin & programming
• Computer operations
Each of these 3 groups of functions need to be segregated,

meaning an employee within one function should never be
assigned or have authorization to perform tasks within the other
two functions
Roles within IT
Applications development:
• Systems analyst: Designs and analyzes computer systems,
and they usually lead a team of programmers
• Application programmers: Work under the systems analyst
to actually write the programs
•
• Systems Admin & Programming
• System administrators: Grants access to system resources
and manages activities within the system
• System programmers: Maintain and update the operating
systems and hardware
63
Computer Operations:
• Data librarian: The person who maintains custody of the
entity’s data
• Data control: Controls the flow of documents in and out of
computer operations
• Data entry clerk: Keys in data to the system
• File librarian: Files and data that isn’t online is stored in a file
library, and the file librarian controls it
IT “stakeholders”: As far as IT goes, the term ‘stakeholder’ refers

to anyone involved in designing or programming the system, as
well as end users of the system/software. Basically anyone who
touches anything to do with the IT system would be considered a
stakeholder.
IT “people” controls: Most IT controls over people are general and

preventive controls. Everything is dealing with authorization,
which is a preventive control because it ‘prevents’ unauthorized
access.
64
Categories of Controls
• Preventive controls: These are controls that prevent an error
before it occurs
• Detective controls: These are controls designed to detect an
error after it has occurred
• Corrective controls: Controls meant to reverse the effects of
an error
• Feedback controls: These are procedures where the results
of a process are evaluated and if the results are undesirable,
the process is adjusted to modify the results
• General controls: These are controls that apply to all parts of
information processing, and are “general” in nature such as
restricting access to data storage, and physical security of
assets and records
• Application controls: These are controls over specific parts of
data input and processing meant to ensure the accuracy,
completeness, and validity of transaction processing
65
Systems Development and Maintenance
The overall approach and process for developing systems is
called the ‘systems development life cycle’ (SDLC). This is the
same process for any type of computer systems development
The main roles in the SDLC are:

• IT steering committee: members are selected from different
areas across the organization and this committee oversees
the development of the system being built
• Lead systems analyst: This person is in charge of the
programming team and is responsible for the overall logic
and functionality of the system
• Application programmers: The programmers who write the
programs and work under the lead analyst
• End users: The employees who will use the system for their
day-to-day tasks. During the development of the system,
these end users identify problems and propose solutions to
any problems found in the system
Stages of the SDLC
Stage 1: Planning and feasibility

• Technical feasibility: Is this possible with our current IT
system?
• Economic feasibility: Do the benefits outweigh the costs?
• Operational feasibility: Will the system work?
Stage 2: Analysis
Requirements definition: This formally identifies what the system
must accomplish
Stage 3: Design
Systems model: The interactions among systems and users is
flowcharted
66
Stage 4: Development (self-explanatory)
Stage 5: Testing (self-explanatory)
Stage 6: Implementation
• Parallel implementation: The old system and new system are
run side by side until it’s clear the new system works
• Cold turkey: The old system is dropped and the new system
is implemented all at once
• Phased implementation: The new system is implemented in
phases
• Pilot implementation: Users are divided into small groups
and one group at a time implements the new system
Stage 7: Maintenance
User groups and help desks are used to monitor and assess
issues as time goes on
Documentation
Building the systems and software of an entire IT system requires
documentation in order to evaluate the system, train employees
on using the system, re-create or re-deploy the system after a
crisis, and for auditors to use during audits.
There are 4 levels of documentation:

• System documentation gives an overview of the programs
and data, and how the system programs work together
• Program documentation is a record of the programming
logic. This is mainly for use by programmers
• Operator documentation or the “run manual” is the
necessary information to run the program(s). This is used by
the computer operators
67
• User documentation is documentation that helps an
untrained user be able to understand and use the system
Documentation can be in many different forms, such as

questionnaires, a narrative description, flow charts, diagrams,
decision tables, etc.
68
Operations Management
Financial and Non-Financial Measures of Performance

Financial Measures to Analyze Performance
Metrics to Measure Overall Return:
69
Contribution Margin
Understanding contribution margin can help you answer a lot of
types of questions:
• Sales – Variable Costs = Contribution Margin
• Price per unit – variable costs per unit = Contribution margin
per unit
Contribution margin is calculated as: Sales Price - Variable Costs

= Contribution Margin
So if widget A sells for $10 and each widget has variable costs of
$6, the contribution margin is $4 per widget.
This makes the contribution margin ratio 40% (4 / 10 = 40%).
Breakeven formula: Fixed costs / contribution margin
If you have fixed costs of $400, using the example above you
would need to sell 100 units of widget A to breakeven (400 / $4
per unit = 100 units).
In other words, at the breakeven point, total fixed costs equal the
total contribution margin. Also, the most likely strategy to reduce
the breakeven point would be to reduce fixed costs and increase
the contribution margin. Under break-even analysis, the
assumption is that variable costs per unit remain the same over
the relevant range.
To calculate sales in # of units to achieve a certain level of
income, the formula is:
70
Using the example above, if we need to make $1,000 of net
income, the formula is ($400 fixed costs + 1,000 profit) / $4
contribution margin. So, $1,400 / $4 = 350 units.
Margin of safety is the difference between current sales and

breakeven sales. So if Company X has sales of $500,000 and a
margin of safety of $200,000, then we know that breakeven sales
are $300,000.
Non-Financial Measures to Analyze Performance or

Evaluate Opportunities
Porter’s 5 Forces: This is a model to evaluate the competitive

conditions of a market
• Bargaining power of customers: How many customers? How
many competitors/substitute products do they have to
choose from? Cost of switching to another product?
• Bargaining power of suppliers: How many suppliers
compared to number of firms? What’s the cost of switching
to another supplier?
• Threat of new entrants: How much capital is required to
enter the market? Is it difficult based on regulation? Patents?
Barriers to entry?
• Threat of substitute products: Amount of product
differentiation? Cost of switching products? Price of
substitute products?
• Intensity of competition: Growth of market? Barriers to exit?
Number of competitors?
71
SWOT Analysis
This analyzes a company’s strengths and weaknesses in the
context of the company’s external factors:
• Strengths
• Weaknesses
• Opportunities
• Threats
Macro-Environmental Analysis
A ‘PEST’ analysis is a macro assessment of the:
• Political: political stability, labor laws, tax policies
• Economic: growth rate, interest rates, inflation rates
• Social: population growth, age distribution, education
• and Technological elements of an environment: level of
research and development, tech infrastructure
A ‘PESTEL’ analysis is a variation of the ‘PEST’ analysis that

adds:
• Environmental factors
• Legal factors
Total Quality Management (TQM)

Non-financial measures about product quality include customer
returns and allowances, and number and types of customer
complaints. If a product has a high return rate, it’s a good sign of
low quality.
Meeting or exceeding the needs and wants of customers is the

definition of “quality of design”.
Costs of quality: This is the idea that better quality and preventing
failures in the first place is cheaper than experiencing failures in
products or parts.
72
There are 4 categories of “costs of quality”:
• Prevention costs: engineering, training, supervision, audits of
the quality control system
• Appraisal costs: any costs dealing with the ongoing testing
or checking for defective products
• Internal failure costs: defects detected before shipment to
customer
• External failure costs: defects discovered by the customer
It’s also important to know the difference between internal failure

costs and external failure costs. Internal failure costs are defects
that happen before shipment (such as rework), and external
failure costs are defects that happen once the customer has the
product (such as returns, warranty expense).
Balance Scorecard
This is a way of translating a company’s mission into performance
metrics.
The scorecard is viewed from 4 perspectives:

• Financial: certain financial performance measures
• Customer: This has to do with the company’s success in
targeted customer and market segments, NOT customer
service
• Internal business processes: improving operations
• Learning, innovation, and growth: employee training and
morale
Within each of the above 4 perspectives, the company identifies

its:
• Strategic goals
• Critical success factors
• Tactics
• Performance measures
73
Benchmarking is when management compares the company’s
financial information to outside information such as industry
standards or other companies.
Six Sigma
This is a quality improvement approach that focuses on reducing
defects and reducing costs.
Six sigma is closely related to TQM (total quality management)
and uses similar tools such as control charts, run charts, pareto
histograms, and fish bone diagrams.
The main theme is 6 standard deviations - which covers 99.99%

of products, hence the name, and the idea is that the goal is to
have greater than 99% of products meet quality guidelines and
have no defects.
74
Cost Accounting
Classifying Costs
Product costs are the costs directly associated with producing the
products that generate revenue (cost of goods sold), or in
purchasing goods held for resale.
Period costs can’t be matched with specific revenues, also called
selling and administrative costs. They are expensed in the period
which they are incurred.
This is an important distinction: Don’t confuse period costs with

indirect costs. Period costs are expenses and are expensed in the
period in which they occur, while indirect costs are part of the
manufacturing process and are still assigned to inventory… which
makes them a product cost, also known as an inventoriable cost
(assigned to inventory), or also a manufacturing cost.
Manufacturing Costs
Direct materials are the costs of raw materials used to create the
finished product.
Direct labor is the cost of labor that goes directly to creating the
finished product. Remember that direct labor only includes wages
of the employees working directly on manufacturing the product.
The wages of a foreman are NOT direct labor, that would be an
overhead cost.
Factory overhead (also called manufacturing overhead) is the

cost of indirect labor, indirect material, and other miscellaneous
costs.
Absorption costing assigns all 3 above factors to inventory.

Absorption costing is required for external reporting purposes.
75
Just remember that under absorption costing, all manufacturing
costs are being ‘absorbed’.
Under direct costing (also called variable costing), only variable

manufacturing costs are treated as product costs. Fixed overhead
costs are treated as period costs and are expensed.
Manufacturing costs can also be classified as “direct costs” and

“indirect costs”. Direct costs would be direct materials and direct
labor, while indirect costs are the same thing as manufacturing
overhead.
“Prime costs” and “conversion costs”

Another way of classifying manufacturing costs are prime costs
and conversion costs. Note that these 2 classifications overlap:
• Prime costs are direct labor and direct materials grouped
together
• Conversion costs are direct labor and factory overhead
Remember: direct labor is included in both prime costs AND

conversion costs
Some definitions/concepts:
Fixed costs: Costs that remain constant regardless the # of units
produced.
Variable costs: Cost that vary in direct proportion with the number
of units produced. Such as a special part that goes on every
product. If there’s 100 units produced you have to buy 100 of
these parts, if 1,000 units then 1,000 special parts.
Marginal costs: The additional cost or revenue from one more unit
of output.
76
Normal spoilage is unavoidable spoilage due to the manufacturing
process and is included as an inventoriable product cost, which
means the cost of the spoilage is added to the inventory account.
Abnormal spoilage is unplanned spoilage due to something like a

natural disaster or carelessness, and is deducted as a period
expense in the calculation of net income.
Hi/Low Method: This is used to identify the variable cost per unit,
which can then be used to find the fixed costs. When using the
Hi/Low method of cost estimation, it’s the same as using the slope
formula: you subtract the lowest cost from the highest cost and
divide it by the lowest number of units subtracted from the highest
number.
Example: (Highest cost - lowest cost) / (Most units - least units).

This gives you the cost per unit
Activity-based costing (ABC costing)

ABC costing is looking at multiple cost drivers to better
understand what drives the costs of the business.
For example: Product A is pretty simple and requires 20 total

hours from the engineering department, and only 200 sq feet of
floor space in the factory. Product B is more complex and requires
100 hours of engineering and 600 sq feet of floor space.
Engineering hours and factory floor space are cost drivers.
The assumption under ABC is that there are multiple cause and
effect relationships driving the costs of products.
Cost reduction in ABC costing is accomplished by identifying

activities that do not add value and eliminating them.
77
Activities: the processes that create products. One activity could
be painting the products
Cost drivers: how different activities drive costs. For example,

how many labor hours it takes to paint the products.
Cost center: a department that accumulates costs which are then

assigned to products.
Cost pools: A group of costs that are associated with a specific

cost center.
Value-added activities: processes that contribute to the products

value, meaning it makes the product more valuable to the
customer.
Non value-added activities: processes that do not contribute to a

product’s value.
Job costing
This is the process of accumulating and applying costs to the
production of large or unique items.
Costs are accumulated in product-specific WIP accounts.
Overhead is applied at a predetermined rate.
When a product is finished, the costs flow into finished goods and
when sold they costs flow into cost of goods sold.
When more overhead costs are applied to a product than are

actually incurred, factory overhead is over-applied. When this
happens, product costs have been OVERstated, and COGS will
be decreased to correct it.
78
When less overhead costs are applied to a product than actually
incurred, factory overhead is under-applied. When this happens,
product costs have been UNDERstated, and COGS will be
increased to correct it.
Process costing
This type of costing is used to assign costs to mass-produced and
similar products.
The main thing you do in these problems is to calculate the

equivalent units, which means the number of units that could have
been produced
You do this by taking the nominal units and multiplying by the “%
complete” to get ‘equivalent units’.
Then, determine the cost per equivalent unit.
Then, determine the cost of goods transferred out of WIP and

then ending WIP inventory.
Other Manufacturing Concepts/Facts Based on Past Questions:

• One of the biggest risks of moving operations off-shore are
cultural and language issues.
• Shared services are when one department in a business
provides a service that was previously performed in multiple
departments of the business. In other words, it is creating
efficiencies by consolidating the activity into one department
that provides it to the rest of the business
79
Budgeting
The ‘master budget’, also called a static budget is a
comprehensive plan for all activities of a company and it is based
on budgeted costs based on budgeted output.
On the other hand, a ‘flexible budget’ is a budget that is adjusted

during the year based on actual output.
The budget process always starts with a sales forecast. Sales are
forecasted first, and then everything else is budgeted based on
the level of sales..
An incremental budget is a rolling budget that adds the current

period and drops the oldest period, such as adding the next
month and dropping the oldest month that’s currently on the
budget.
A production budget outlines how many units need to be

produced to achieve sales goals, and the production budget is
done BEFORE the purchasing budget.
A ‘participative budget’ is when managers prepare their own

budgets and then these budgets are reviewed by their
supervisor’s.
Strategic budgeting is a top-down approach that starts with the

company’s goals and mission and allocates resources
accordingly.
A lot of the budgeting questions you’ll see are where they’ll give
you amounts for COGs, accounts payable, gross profit, budgeted
amounts of inventory, and inventory amounts at the beginning
and end of year – or some combination of these – and then you’ll
need to use these amounts to solve for the amount the question is
asking for.
80
Review these formulas until you understand them:
Expected Value
The ‘expected value’ is calculated by calculating the weighted
average of the outcomes to determine the long-run average
outcome. In the example below you would just multiply each
variable by its probability, and then add the values in the right
column to arrive at the ‘expected value’.
Example:
Regression Analysis
The relationship between fixed, variable and total costs as a
regression equation is: y = A + Bx
• y = total costs (dependent variable)
• A = fixed costs (the y intercept)
• B = variable cost per unit (the slope)
• x = number of units (independent variable)
81
Just like in algebra, this formula can be moved around to solve for
different pieces of it, such as A = Bx - y
The correlation coefficient (R) measures the strength of the

relationship between the dependent and the independent
variable. This value ranges from -1 (negative correlation) to 1
(high correlation). 0 would be no correlation.
The coefficient of determination (R2) is the degree to which the

independent variable can predict the dependent variable.
Relevant costs
Avoidable costs are costs that can be avoided by choosing one
alternative over the other.
Irrelevant costs are future costs which don’t change based on

different alternatives.
Sunk costs are costs in the past and are irrelevant for decision
making going forward. Also ‘joint costs’ are another type of sunk
costs, so they are not relevant in a ‘sell or process further’
decision.
Relevant costs are costs that have different future costs and
benefits.
Opportunity cost means the cost of choosing one opportunity over

the other, and is very relevant in making financial decisions
Incremental or differential cost is the total difference in costs
between two alternatives.
When a company has idle capacity, the only thing they should
consider as to whether to do a special order is the avoidable
82
costs. Fixed costs are the same no matter what, so the avoidable
costs such as direct materials, direct labor, and variable costs
should be calculated to see if the special order would make or
lose money.
Transfer pricing is when one department in a manufacturing

company sells materials to another department. The price
charged is the transfer price. For transfer pricing, you should
know that the minimum transfer price (or the floor) is equal to the
avoidable outlay costs, and the ceiling is equal to the market
price. Also, the most “fair” transfer price will usually be standard
variable cost + lost contribution margin.
Variance Analysis
This involves developing standards for production such as
materials, labor, and overhead, and then comparing actual results
to budgeted results which creates variances between standard
costs and actual costs.
Nonmaterial variances are written off to COGs.
Material variances are allocated to WIP, finished goods, and/or

COGS.
There are 4 different types of variances:

• Price variance
• Usage variance
• Rate variance
• Efficiency variance
83
If the variance is based on materials used, it is either a price
variance (how much the materials cost), or a usage variance (how
much of the material was used). If the variance is based on labor,
it is either a rate variance (how much was paid for the labor), or
an efficiency variance (how many hours went into each unit).
The general formula for calculating a variance is:

Standard amount - actual amount = difference or variance
A negative number indicates an unfavorable variance and a

positive number indicates a favorable variance
Then take this difference, and:
If it is a price or rate variance, multiply the difference by the actual

quantity. In this case you’d be finding the difference in prices or
rates and multiplying it by the actual quantity.
If it is a usage or efficiency variance, multiply the difference by the

standard rate. In this case you’d be finding the difference in labor
hours or quantities used and then multiplying the difference by the
standard rates.
84
Process Management
This is covered in the “Financial and Non-Financial Measures of
Performance Section”.
85

Bec Notes 17

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Bec Notes 17

Загружено:

Авторское право:

Доступные форматы

BEC

2019 SuperfastCPA Review Notes

Internal Control Frameworks

Internal Control & COSO

According to COSO there are 5 major components of an internal

Control Environment Principles:

Control Activities Principles

Information and Communication Principles

The purpose of the COSO ERM model is to provide an all-

The COSO ERM model has 5 components:

The 5 components are:

Principles of COSO ERM

Governance and Culture

Strategy and Objective-Setting

Review and Revision

Information, Communication, and Reporting

Business Strategy in the Context of COSO ERM

Other ERM items:

According to COSO, the most effective method of communicating

A ‘compensating control’ is a control that accomplishes the same

Some of the main corporate governance provisions of SOX:

If the company doesn’t have a “financial expert”, it needs to

The audit committee must have at least 3 members, and each

Rules Regarding Auditors

Public companies have to disclose how much they spend on audit

The power to hire and fire an external auditor is completely up to

Penalties and Whistleblowers

There is also an anti-retaliation provision which protects

Shareholders can vote on certain compensation issues with

Economic and Business Cycles

Individuals paying taxes to the government isn’t studied in

A product that is finished and is sitting in finished goods at the

Potential GDP is the maximum output that can occur in the

National Income (NI) is the total payments for economic

Personal Income (PI) measures the total payments for economic

Personal disposable income (PDI) measures the amount

Cyclical unemployment is the loss of jobs due to a downturn in the

Structural unemployment consists of workers who have lost their

Aggregate Supply and Demand

An increase on spending on imports would most likely shift

An increase in tax rates and tax revenues would also decrease

Aggregate supply is the total output of goods and services at

A large decrease in an economy’s labor force would most likely

In macroeconomics, “investing” is:

An individual putting money in the stock market is NOT investing,

Average propensity to consume(APC) is the percent of disposable

Inflation and Monetary Policy

The main purpose of the consumer price index is to compare

Inflation distorts reported income because depreciation is not

If the Federal Reserve want to expand the economy, it will most

The Federal Reserve cannot change tax rates, Congress changes

If the Federal Reserve wants to increase the money supply, they

‘Fiscal policy’ is established by Congress and deals with spending

The World Bank’s main objective is to promote general economic

The International Monetary Fund’s (IMF) primary objective is to

‘Foreign direct investment’ is when a domestic entity invests in

The General Agreement on Tariffs and trade (GATT) was setup to

International trade becomes a bigger and bigger part of the

Imports AND exports are included when calculating an economy’s

The U.S. exports more agricultural products and services than it

China is the largest exporter of goods and services, followed by

The U.S. exports make up about 10% of worldwide exports.

When a firm outsources production of a good to a foreign

Labor, capital, and natural resources are all economic resources