Академический Документы
Профессиональный Документы
Культура Документы
1
Copyright © 2019 SuperfastCPA.com
Purpose of COSO
The purpose of COSO is to provide an integrated framework for
internal control and enterprise risk management that businesses
and organizations can apply to help achieve their operational,
reporting, and compliance objectives.
Objectives of COSO
There are three main objectives of COSO:
• Operations objectives: Objectives pertaining to effectiveness
and efficiency of the entity’s operations, including operational
and financial performance goals, and safeguarding assets
against loss
• Reporting objectives: Objectives pertaining to internal and
external financial and non-financial reporting which may
encompass reliability, timeliness, transparency, or other
terms set by regulators, standards, or entity’s policies
• Compliance objectives: Objectives pertaining to adherence
to laws and regulations applicable to the entity
Limitations of COSO
There are 6 main limitations of internal control identified by
COSO:
• Human judgement can be faulty and subject to bias
• Breakdowns and failures occur as long as humans are
involved, even from simple errors
• Management can override internal controls
• Management or other personnel can get around controls
through collusion
• There will always be external events that are simply beyond
management’s control
• Objectives for controls must be suitable as a precondition to
internal control (unrealistic or improbable objectives can be
set that internal controls can’t fully address)
2
Copyright © 2019 SuperfastCPA.com
Components of COSO
The components are again:
• Control environment
• Risk assessment
• Information and communication
• Monitoring
• Control activities
Principles of COSO
There are 17 principles of COSO within the 5 components.
3
Copyright © 2019 SuperfastCPA.com
Risk Assessment Principles
• The organization specifies objectives with sufficient clarity to
enable the identification and assessment of risk relating to
objectives
• The organization identifies risks to the achievement of its
objectives across the entity and analyzes risks as a basis for
determining how the risks should be managed
• The organization considers the potential for fraud in
assessing risks to the achievement of objectives
• The organization identifies and assesses changes that could
significantly impact the system of internal control
4
Copyright © 2019 SuperfastCPA.com
Monitoring Activities Principles
• The organization selects, develops, and performs ongoing
and/or separate evaluations to ascertain whether the
components of internal control are present and functioning
• The organization evaluates and communicates internal
control deficiencies in a timely manner to those parties
responsible for taking corrective action, including senior
management and the board of directors, as appropriate
5
Copyright © 2019 SuperfastCPA.com
Enterprise Risk Management Frameworks
Enterprise risk management as defined by COSO ERM is “a
process, effected by an entity’s board of directors, management
and other personnel, applied in strategy setting and across the
enterprise, designed to identify potential events that may affect
the entity, and manage risk to be within its risk appetite, to provide
reasonable assurance regarding the achievement of entity
objectives.
Objectives
The ERM model is geared to achieving 4 main categories of
objectives:
• Strategic: high-level goals that align with and support the
mission of the entity
• Operations: effective and efficient use of the entity’s
resources
• Reporting: reliable reporting
• Compliance: compliance with applicable laws and
regulations
6
Copyright © 2019 SuperfastCPA.com
Limitations of the Model
The limitations are similar to the inherent limitations of an internal
control system. These include:
• Human judgment and human error
• Cost vs benefits limitations
• Simple errors can lead to big mistakes
• Circumvention of controls or processes due to collusion
• Management override
7
Copyright © 2019 SuperfastCPA.com
• Evaluates alternative strategies: The organization evaluates
alternative strategies and potential impact on risk profile
• Formulates business objectives: The organization considers
risk while establishing the business objectives at various
levels that align and support strategy
Performance
• Identifies risk: The organization identifies risk that impacts
the performance of strategy and business objectives
• Assesses severity of risk: The organization assesses the
severity of risk
• Prioritizes risks: The organization prioritizes risks as a basis
for selecting responses to risk
• Implements risk responses: The organization identifies and
selects risk responses
• Develops portfolio view: The organization develops and
evaluates a portfolio view of risk
8
Copyright © 2019 SuperfastCPA.com
• Reports on risk, culture, and performance: The organization
reports on risk, culture, and performance at multiple levels
and across the entity
9
Copyright © 2019 SuperfastCPA.com
Other Regulatory Frameworks and Provisions
Because of large financial scandals, Sarbanes Oxley was passed
which implemented regulations, many regarding the
responsibilities of corporate management and external auditors.
Audit Committees
Public companies are required to have an audit committee, and
on the audit committee there must be a ‘financial expert’, which
means that this expert has:
• An understanding of GAAP and financial statements
• Experience in preparing or auditing financial statements
• Experience with internal auditing controls
• An understanding of audit committee functions
Officer Certifications
On all 10Qs and 10K reports, the CEO and CFO must certify:
• That they’ve reviewed the report
• That the report doesn’t have any material mistakes as far as
they know
• That the statements are presented fairly in all material
respects
10
Copyright © 2019 SuperfastCPA.com
• That they are responsible for and have evaluated internal
controls
• That they have disclosed any significant control deficiencies
or fraud to the external auditors and to the audit committee
PCAOB
The PCAOB was created as a result of SOX. The PCAOB sets
audit standards for public companies, and enforces compliance
with its rules, SOX, and applicable securities laws and
regulations.
11
Copyright © 2019 SuperfastCPA.com
Dodd-Frank Act
Some of the corporate governance rules from Dodd-Frank could
still be tested on the exam, such as whistleblower
penalties/rewards and executive compensation:
Executive Compensation
Public companies must have a clawback policy regarding
executive performance-based pay if there is a restatement of
financial statements.
12
Copyright © 2019 SuperfastCPA.com
Economic Concepts and Analysis
Economic activity
Nominal gross domestic product (GDP): this measures the total
output of final goods and services produced in the domestic
market during a period (usually one year).
Real gross domestic product (Real GDP): this measures the total
output of final goods and services produced in the domestic
market during the period using constant prices. In other words, it
is nominal GDP adjusted for changing prices.
Net gross domestic product (Net GDP): this measures GDP less
capital consumption during the period (GDP - depreciation).
13
Copyright © 2019 SuperfastCPA.com
The difference between Real GDP and Potential GDP is known
as the ‘GDP Gap’.
Gross National Product (GNP) is the total output of all goods and
services produced world-wide using U.S. Resources.
Net National Product (NNP) is the total output of all goods and
services world-wide using U.S. resources, but does NOT use a
depreciation value. It’s the same as GNP - depreciation.
Employment
When economists are calculating unemployment, only members
of the workforce ages 16 and up are counted. Individuals younger
than 16 that have a job such as a paper route are not considered
in the calculation.
14
Copyright © 2019 SuperfastCPA.com
Frictional unemployment is unemployment due to workers being
in transition between jobs or relocating.
15
Copyright © 2019 SuperfastCPA.com
Average propensity to save(APS) is the percent of disposable
income saved
APC + APS = an individual’s disposable income.
16
Copyright © 2019 SuperfastCPA.com
Globalization
Globalization is the movement toward a more integrated and
interdependent world economy.
18
Copyright © 2019 SuperfastCPA.com
Market Influences on Business
Microeconomics
In a free market economy, economic decisions are made by
individuals, there is an interdependent relationship between
consumers and businesses, and what get produced depends on
the preferences of the end-user.
Demand
A substitute commodity meets the same basic need or want as
another commodity. When the price of one commodity increases,
demand will decrease and shift to other substitute commodities.
19
Copyright © 2019 SuperfastCPA.com
Demand Curves
Demand curves are negatively sloped, with quantity on the X axis
and price on the Y axis. As demand goes up, the quantity
becomes less and less, and the price increases.
The demand curve for a product represents the impact that its
price has on the amount of the product that will be purchased.
20
Copyright © 2019 SuperfastCPA.com
Supply
The same difference in quantity supplied and ‘supply’ exists: A
change in quantity supplied is movement along a given supply
curve as a result in a change in price. A change in supply is an
actual shift of the entire supply curve.
21
Copyright © 2019 SuperfastCPA.com
Market Equilibrium
Market equilibrium is the point at which a demand curve meets a
supply curve.
22
Copyright © 2019 SuperfastCPA.com
A price ceiling causes a quantity shortage, and a price floor
causes a quantity surplus.
Elasticity
Elasticity measures the change in a market factor as a result of a
change in another market factor. The 4 measures of elasticity are:
• Elasticity of demand: the % change in quantity demanded as
a result of the % change in the price. If a 3% price increase
results in a 5% increase in quantity demanded, then the
demand is elastic. If the quantity demanded increased less
than 3%, then the demand would be inelastic
• Elasticity of supply: the degree to which quantity supplied
changes as a result of the % change in price
• Income elasticity of demand: measures the change in
quantity demanded of a good compared to the change in the
income of consumers of that good
• Cross elasticity of demand: measures the change in quantity
demanded compared to the change in price of another good
Utility
Utility is the satisfaction derived from the acquisition or use of a
commodity.
23
Copyright © 2019 SuperfastCPA.com
Important note: As an individual acquires more and more units of
a commodity, utility increases, but marginal utility decreases.
Market Structure
The 4 most common market structures are:
Example:
Ron buys a $1,000 bond that pays 5% interest each year, or $50
per year. 3 years later, interest rates on bonds have increased to
10%. This lowers the value of his 5% bond, so if he sells his bond
he’ll get less than $1,000 face value, which results in a loss.
Interest rate risk can be offset with forward and futures contracts,
interest rate swaps, or an option contract.
Example:
Ron buys his $1,000 bond that pays 5% interest each year. To
offset the risk of interest rates going up, Ron also acquires an
25
Copyright © 2019 SuperfastCPA.com
options contract that allows him to sell his bond for a specified
price at the time of making the contract.
There’s also the risks associated with running a business with low
liquidity, meaning having low working capital, or a current ratio or
quick ratio of 1 or below. There are differences by industry, but
having less current assets than current liabilities increases the
risks facing a business.
26
Copyright © 2019 SuperfastCPA.com
Expressed as a ratio, current assets over current liabilities is the
“current ratio”.
27
Copyright © 2019 SuperfastCPA.com
Credit Risk
The risk of default on debt from the borrower failing to make
payments. The creditor risks the repayment of principal and
interest, but also faces the extra costs of cash flow disruption and
the costs of trying to collect.
Inflation Risk
This is the risk that inflation decreases the purchasing power of a
fixed amount. The same $100 can buy less and less as inflation
increases. This results in the need for a business to adjust cash
flow planning and increase the required rate of return on potential
projects to compensate for inflation.
29
Copyright © 2019 SuperfastCPA.com
Financial Management
Capital Structure
Capital structure is a how a firm uses different sources of funds to
finance its operations and growth. This will be some combination
of debt and equity: certain industries utilize more debt than stock
and others use little debt and rely mostly on stock.
Cost of Capital
This refers to the opportunity cost of using capital in a project or
investment compared to another. If $10 million can either be
spent upgrading a company’s equipment vs purchasing bonds,
the company would evaluate the expected returns of each option.
If upgrading the equipment would produce a 10% return each
year for 5 years, and the bonds pay 6% interest, then the
equipment upgrade is a better use of the $10 million.
30
Copyright © 2019 SuperfastCPA.com
The weighted average cost of capital formula is:
Example:
Asset Structure
This refers to how a business uses assets to generate earnings.
The primary metric for measuring a firm’s ability to generate
earnings from assets is “return on assets”.
The second issue is how can the business maximize the returns
on the asset base?
31
Copyright © 2019 SuperfastCPA.com
The components of asset structure are the assets listed on the
balance sheet, while “capital structure” refers to long-term debt
and equity.
Loan Covenants
These are restrictions/requirement placed on a loan or line of
credit by the lender, and if the borrower is found to be “out of
covenant” by not meeting the requirements, the loan is due
immediately.
32
Copyright © 2019 SuperfastCPA.com
Some common examples of loan covenants are:
• Meeting certain ratios such as debt to equity or working
capital requirements
• Limits on taking on additional debt
• Requirements on collateral attached to the loan
Growth Rate
Growth rates can be used to evaluate an entire business, a
business’s earnings or sales, expenses, or even entire
economies.
Example:
ABC’s sales in year 1 were $100,000, and sales in year 2 were
$120,000.
The calculation is:
Profitability
This is the extent to which a business generates a profit. The
most common measures of profitability are profit margin, return on
assets, and return on equity.
33
Copyright © 2019 SuperfastCPA.com
There are different measures of profit margin, such as:
• Gross Margin: Revenue - COGS
• Contribution Margin: Revenue - Variable Expenses
• Operating Margin: Operating Income / Revenue
• Pretax Margin: Earnings Before Tax / Revenue
• Net Profit Margin: Net Income / Revenue
Leverage
Financial leverage is the amount of debt a business uses to buy
assets. So it’s really the ratio of debt to equity that a business
uses to acquire assets. Leverage can result in a business earning
a greater return on investment than by using existing assets.
Example:
ABC buys new equipment for $100,000 in cash and generates a
profit of $20,000 with the new equipment. ABC’s return on assets
is 20% and is not utilizing any leverage since they paid cash for
the equipment.
OR,
34
Copyright © 2019 SuperfastCPA.com
Another key point is that debt has tax advantages, as interest
expense is deductible, but as a firm increases their amount of
debt, lenders will charge higher interest rates on additional debt
and more strict covenants, thus increasing the risk of default.
Risk
Different types of financial risk were covered in the previous
section, “Financial Risk Management”
35
Copyright © 2019 SuperfastCPA.com
Working Capital
Working capital is the difference in a firm’s current assets and its
current liabilities. The objective of working capital is to meet the
operating needs of the company such as purchasing inventory
and having enough cash to meet obligations as they become due.
Liquidity ratios:
36
Copyright © 2019 SuperfastCPA.com
Average collection period is measuring how long it takes for the
business to receive payment owed from accounts receivable.
Operational Ratios:
37
Copyright © 2019 SuperfastCPA.com
This is measuring how many times receivables are earned and
collected in a period, which indicates the effectiveness of the
collection policies.
Inventory Management
The main objective of inventory management is to determine and
maintain the optimal amount of all inventories.
Cash Management
Cash management means trying to make sure a firm doesn’t have
too much cash or not enough cash. Too much cash is an
inefficient use of resources, while not having enough cash causes
obvious problems.
41
Copyright © 2019 SuperfastCPA.com
Financial Valuation Methods
Valuation is the process of assigning value to assets and
liabilities.
42
Copyright © 2019 SuperfastCPA.com
According to GAAP, valuation can only be based on exit price,
NOT entry price. An exit price is the amount that you would
receive to sell an asset or be paid to transfer a liability in an arm’s
length transaction.
Option pricing
The ‘Black Scholes’ model is a mathematical formula for valuing
stock options. There are advantages and disadvantages to the
Black Scholes model:
Limitations:
• It assumes the stock does not pay dividends
• It assumes the risk-free rate of return used for discounting
remains constant
• It assumes the option can be exercised only at the expiration
date
Advantages:
• It discounts the exercise price
• It uses the probability that the option will be exercised
• It uses the probability that the price of the stock will pay off
within the time to expiration
43
Copyright © 2019 SuperfastCPA.com
Capital Asset Pricing Model(CAPM)
CAPM is a model that evaluates the relationship between risk and
expected return for assets, but usually stocks.
The risk-free rate of return is the hypothetical rate for return for
“no risk”, and is based on the rate for a 3-month U.S. treasury bill.
44
Copyright © 2019 SuperfastCPA.com
Valuing Businesses
There are several common approaches to valuing a business:
• Market approach: The business is compared to other similar
businesses with similar characteristics in the same industry
or market.
• Income approach: A fair value is derived from the business’s
income streams. Net present value of cash flows, or
sometimes a discounted cash flow model is used.
• Asset approach: The fair values of the individual assets of
the business are added up and equal the value of the
business. This approach is commonly used when a business
is liquidated to pay its debts.
Comparing Investments
There are many approaches to comparing potential investments,
but the ones you should know are:
• Payback period approach
• Net-present value
• Economic value added
• Cash flow analysis
• Internal rate of return
45
Copyright © 2019 SuperfastCPA.com
Some disadvantages are that it ignores the time value of money,
it ignores cash flows received after the payback period, and it
doesn’t measure total project profitability.
Net-Present Value
The ‘net present value approach’ compares the present value of
expected cash flows of the project to the initial cash investment in
the project.
Using this model, if the net present value is zero or positive, then
the project is considered economically feasible.
46
Copyright © 2019 SuperfastCPA.com
Discounted Cash Flows (DCF)
DCF is a method of discounting future cash flows of a business to
present value on a per-share basis to compare to the current
share price to see if a potential investment is undervalued or
overvalued by the market.
In the equation, the discount rate is what you’re solving for. Also,
IRR can only be calculated using a specific function made for
calculating IRR or by using trial and error.
47
Copyright © 2019 SuperfastCPA.com
Information Technology
Organization
48
Copyright © 2019 SuperfastCPA.com
This model is widely used for IT governance best practices. There
are 4 main “domains” to the COBIT model:
• Planning and organization: This deals with how the IT
system helps accomplish business objectives. Also includes
developing tactics to accomplish the strategic vision.
• Acquisition and implementation: Deals with how the
business acquires and develops IT solutions and automated
solutions that address business objectives
• Delivery and support: Deals with how the company can best
deliver required IT services including operations, security,
continuous service, and training
• Monitoring: Deals with how the company can periodically
assess the IT processes for quality and control
There are also some additional risks with using the cloud:
• Risk of data loss
• Increased risk of data being breached by hackers
• Overall risk of relying on a service provider instead of
housing data internally
50
Copyright © 2019 SuperfastCPA.com
Examples of cloud-based services:
• Software as a service (SaaS): This is cloud based software
that is externally hosted and usually comes with an ongoing
fee instead buying software on a CD and installing it
• Platform as a service (PaaS): The use of cloud-based
services to create cloud-based software
• Infrastructure as a service (IaaS): Using the cloud to access
virtual storage or hardware
Risk Assessments
In an IT risk assessment, there are basically three main risk
management components:
• Evaluation and assessment, to identify assets and evaluate
their properties and characteristics.
• Risk assessment, to discover threats and vulnerabilities that
pose risk to assets.
• Risk mitigation, to address risk by transferring, eliminating or
accepting it.
51
Copyright © 2019 SuperfastCPA.com
Role of IT in Business
Emerging Technologies
Bitcoin/Blockchain
Bitcoin is an intangible currency that operates using “blockchain”
technology. Bitcoin is a peer to peer, decentralized currency that
uses the blockchain to validate and authenticate transactions
using encrypted user IDs and assigns encrypted markers to every
transaction.
52
Copyright © 2019 SuperfastCPA.com
Machine Learning and AI
Machine learning and artificial intelligence refers to software and
hardware that can analyze big data sets and “learn”, and then
perform functions with that data or even perform physical
functions such as robots performing physical tasks.
E-Commerce Definitions
E-Commerce refers to doing business online and the related
technologies. Here are some of the key definitions that could
show up in questions:
• EFT: Electronic funds transfer is moving money from one
bank account to another and removes the need for a
physical check. If you get paid by direct deposit into your
bank account, that is an EFT transaction
• EDI: Electronic data interchange is when business data is
exchanged between two computers, such as instant sending
and receiving of contracts or purchase orders
• CRM: Customer relationship management is a tool that is an
electronic rolodex of customers and their data, which is
analyzed to segment customers for specific promotions or
marketing campaigns
• TPS: Transaction processing system is a system used for
performing daily business transactions such as sales or
orders from customers
• MIS: Management information system is a system that
analyzes transactions from a TPS to provide management
with summarized reports
53
Copyright © 2019 SuperfastCPA.com
• DSS: Decision support system is a system that also
analyses company transactions but includes external data to
aid upper management in decision making
• Data warehouse: This is when a company stores
transactional data for years at a time, usually with the intent
to data-mine, which is to analyze the data for patterns
Transaction Processing
In an automated accounting system, transactions are processed
chronologically and then summarized in accounts. One key
difference between a manual (on paper) system and a
computerized system is that systemic errors (mistakes) are
greatly reduced, and financial statement preparation is much
more efficient.
System output: The master file balances are then used to ‘output’
reports.
54
Copyright © 2019 SuperfastCPA.com
Online, real-time processing (OLRT) is when immediate
transactions take place as they occur, such as an internet order.
OLRT transactions require network access since they are
immediate and real-time.
55
Copyright © 2019 SuperfastCPA.com
Information Security/Availability
Information Security Controls
When it comes to information security, there are 2 types of
controls: Logical controls and physical access controls.
Logical controls are the controls within computer systems that
prevent unauthorized access, such as user authentication, the
ability to read/write a document, or firewalls.
Continuity Planning
Part of an IT system is having a continuity plan which allows the
system to keep running and maintain data in the event of a
disaster such as the main office burning down or being flooded.
56
Copyright © 2019 SuperfastCPA.com
DRP Definitions:
DRP stands for disaster recovery plan which allows an
organization to make a plan for disasters and recover from them.
Cold site: An offsite location that has all the physical requirements
for data processing, but doesn’t have the actual equipment or
data.
Mirrored site: A fully redundant facility – this has the highest cost.
57
Copyright © 2019 SuperfastCPA.com
• ‘Extensible markup language’ (XML) is a protocol for
encoding documents in a machine readable form
• ‘Hypertext markup language’ (HTML) is a language for web
pages
• ‘Transmission control protocol/Internet protocol’ (TCP/IP) is
the transmission protocol of the internet
• ‘Extensible business reporting language’ (XBRL) is a
protocol for encoding and tagging business and accounting
specific information in electronic form
• ‘File transfer protocol’ (FTP) is a protocol used to transfer
files from a client to a server
• A remote backup service allows users to back up their
information in the cloud, such as Mozy or Carbonite
• A rollback and recovery method of backup is when
transactions are backed up as they occur, but there are also
“snapshots” backed up so that backup can be rolled back to
a certain time period
• ‘Mirroring’ is a method of backup that backs up an exact
copy to multiple sites
• ‘Biometric controls’ are things like fingerprint scanners that
are used instead of a password
• A ‘strong’ password would have at least 8 characters, uses
both upper and lower case letter
• ‘File attributes’ restricts read/write/edit capabilities of a
record
• A good location for an offsite computer operations facility
would be a location that is climate controlled and at a low
risk for natural disasters
• ‘Social engineering’ is a set of techniques used by a
fraudster to get sensitive information from employees. The
distinction is getting information from people instead of
actually hacking computer systems
• The 4 electrical systems risks are:
⁃ Failure or outage
⁃ Reduced voltage (brownout)
58
Copyright © 2019 SuperfastCPA.com
⁃ Spike and surges
⁃ Electromagnetic interference
• ‘Cleartext’ or ‘plaintext’ is text that can be written or
understood versus something like computer language
• ‘Symmetric encryption’ is using a single algorithm to encrypt
or decrypt
• A digital certificate works by providing electronic
identification and verification of a message
• Asymmetric encryption works by using two paired algorithms
to encrypt and decrypt text
• Secure internet transactions are made possible by 2 main
security protocols:
• SSL (secure sockets layer)
• S-HTTP (secure hypertext transport protocol)
• ‘Ciphertext’ is scrambled text that cannot be understood
without using an algorithm and key
• A ‘denial of service attack’ prevents legitimate users from
accessing the system by flooding the system with requests.
The attack is meant only to disable the system, not gain
access to it
• A ‘trojan horse’ is an application that appears legitimate but
performs some other illicit activity
• A ‘backdoor’ is a program that lets a hacker bypass the
regular security process such as a password
59
Copyright © 2019 SuperfastCPA.com
Processing Integrity
Application controls:
Application controls are the controls dealing with each specific
application to make sure that the data is complete, accurate, and
valid.
Input Controls
These are important because if the data is entered correctly, there
are less problems in the future because of decisions being made
based on bad data.
The 3 main goals of input controls are:
• Validity
• Completeness
• Accuracy
60
Copyright © 2019 SuperfastCPA.com
A few examples of input controls are:
• ‘Default values’ are pre-supplied values to help reduce
mistakes such as the date on an order page being auto-filled
with the current day’s date
• Automated data capture is something like a bar code and
bar code reader that allows fast data entry and reduces
mistakes
• A ‘reasonableness check’ is a process that compares two
fields such as hours worked with paycheck total to make
sure both values are reasonable
• ‘Closed loop verification’ reduces data entry errors by
retrieving other related information when an input such as a
phone number is entered. If the wrong customer comes up,
the user knows they typed the number wrong
• A ‘sequence check’ verifies all numbers in a sequence have
been accounted for, such as check numbers
• A ‘hash total’ provides a total for a field with no actual
meaning, but can be used to prevent errors. Such as adding
up the numbers of a customer account number which can be
used later to check for errors
Processing Controls
Processing controls ensure that updates and changes to the
master file are accurate and authorized.
61
Copyright © 2019 SuperfastCPA.com
Output Controls
Output controls help ensure that reports are accurate and
distributed to authorized users.
Encryption
This refers to the process of converting regular text into a code
that can only be deciphered by the intended recipient of the
information (ideally). And of course, usually some type of system
or software is converting the secure message automatically for
the recipient.
62
Copyright © 2019 SuperfastCPA.com
There is symmetric encryption, which is simple and easy to use
but is less secure – it uses a single algorithm.
IT Internal Controls
There are 3 main functions within IT:
• Application development
• Systems admin & programming
• Computer operations
Roles within IT
Applications development:
• Systems analyst: Designs and analyzes computer systems,
and they usually lead a team of programmers
• Application programmers: Work under the systems analyst
to actually write the programs
•
• Systems Admin & Programming
• System administrators: Grants access to system resources
and manages activities within the system
• System programmers: Maintain and update the operating
systems and hardware
63
Copyright © 2019 SuperfastCPA.com
Computer Operations:
• Data librarian: The person who maintains custody of the
entity’s data
• Data control: Controls the flow of documents in and out of
computer operations
• Data entry clerk: Keys in data to the system
• File librarian: Files and data that isn’t online is stored in a file
library, and the file librarian controls it
64
Copyright © 2019 SuperfastCPA.com
Categories of Controls
• Preventive controls: These are controls that prevent an error
before it occurs
• Detective controls: These are controls designed to detect an
error after it has occurred
• Corrective controls: Controls meant to reverse the effects of
an error
• Feedback controls: These are procedures where the results
of a process are evaluated and if the results are undesirable,
the process is adjusted to modify the results
• General controls: These are controls that apply to all parts of
information processing, and are “general” in nature such as
restricting access to data storage, and physical security of
assets and records
• Application controls: These are controls over specific parts of
data input and processing meant to ensure the accuracy,
completeness, and validity of transaction processing
65
Copyright © 2019 SuperfastCPA.com
Systems Development and Maintenance
The overall approach and process for developing systems is
called the ‘systems development life cycle’ (SDLC). This is the
same process for any type of computer systems development
Stage 2: Analysis
Requirements definition: This formally identifies what the system
must accomplish
Stage 3: Design
Systems model: The interactions among systems and users is
flowcharted
66
Copyright © 2019 SuperfastCPA.com
Stage 4: Development (self-explanatory)
Stage 6: Implementation
• Parallel implementation: The old system and new system are
run side by side until it’s clear the new system works
• Cold turkey: The old system is dropped and the new system
is implemented all at once
• Phased implementation: The new system is implemented in
phases
• Pilot implementation: Users are divided into small groups
and one group at a time implements the new system
Stage 7: Maintenance
User groups and help desks are used to monitor and assess
issues as time goes on
Documentation
Building the systems and software of an entire IT system requires
documentation in order to evaluate the system, train employees
on using the system, re-create or re-deploy the system after a
crisis, and for auditors to use during audits.
67
Copyright © 2019 SuperfastCPA.com
• User documentation is documentation that helps an
untrained user be able to understand and use the system
68
Copyright © 2019 SuperfastCPA.com
Operations Management
69
Copyright © 2019 SuperfastCPA.com
Contribution Margin
Understanding contribution margin can help you answer a lot of
types of questions:
• Sales – Variable Costs = Contribution Margin
• Price per unit – variable costs per unit = Contribution margin
per unit
So if widget A sells for $10 and each widget has variable costs of
$6, the contribution margin is $4 per widget.
If you have fixed costs of $400, using the example above you
would need to sell 100 units of widget A to breakeven (400 / $4
per unit = 100 units).
In other words, at the breakeven point, total fixed costs equal the
total contribution margin. Also, the most likely strategy to reduce
the breakeven point would be to reduce fixed costs and increase
the contribution margin. Under break-even analysis, the
assumption is that variable costs per unit remain the same over
the relevant range.
70
Copyright © 2019 SuperfastCPA.com
Using the example above, if we need to make $1,000 of net
income, the formula is ($400 fixed costs + 1,000 profit) / $4
contribution margin. So, $1,400 / $4 = 350 units.
71
Copyright © 2019 SuperfastCPA.com
SWOT Analysis
This analyzes a company’s strengths and weaknesses in the
context of the company’s external factors:
• Strengths
• Weaknesses
• Opportunities
• Threats
Macro-Environmental Analysis
A ‘PEST’ analysis is a macro assessment of the:
• Political: political stability, labor laws, tax policies
• Economic: growth rate, interest rates, inflation rates
• Social: population growth, age distribution, education
• and Technological elements of an environment: level of
research and development, tech infrastructure
Costs of quality: This is the idea that better quality and preventing
failures in the first place is cheaper than experiencing failures in
products or parts.
72
Copyright © 2019 SuperfastCPA.com
There are 4 categories of “costs of quality”:
• Prevention costs: engineering, training, supervision, audits of
the quality control system
• Appraisal costs: any costs dealing with the ongoing testing
or checking for defective products
• Internal failure costs: defects detected before shipment to
customer
• External failure costs: defects discovered by the customer
Balance Scorecard
This is a way of translating a company’s mission into performance
metrics.
Six Sigma
This is a quality improvement approach that focuses on reducing
defects and reducing costs.
Six sigma is closely related to TQM (total quality management)
and uses similar tools such as control charts, run charts, pareto
histograms, and fish bone diagrams.
74
Copyright © 2019 SuperfastCPA.com
Cost Accounting
Classifying Costs
Product costs are the costs directly associated with producing the
products that generate revenue (cost of goods sold), or in
purchasing goods held for resale.
Period costs can’t be matched with specific revenues, also called
selling and administrative costs. They are expensed in the period
which they are incurred.
Manufacturing Costs
Direct materials are the costs of raw materials used to create the
finished product.
Direct labor is the cost of labor that goes directly to creating the
finished product. Remember that direct labor only includes wages
of the employees working directly on manufacturing the product.
The wages of a foreman are NOT direct labor, that would be an
overhead cost.
75
Copyright © 2019 SuperfastCPA.com
Just remember that under absorption costing, all manufacturing
costs are being ‘absorbed’.
Some definitions/concepts:
Fixed costs: Costs that remain constant regardless the # of units
produced.
Variable costs: Cost that vary in direct proportion with the number
of units produced. Such as a special part that goes on every
product. If there’s 100 units produced you have to buy 100 of
these parts, if 1,000 units then 1,000 special parts.
Marginal costs: The additional cost or revenue from one more unit
of output.
76
Copyright © 2019 SuperfastCPA.com
Normal spoilage is unavoidable spoilage due to the manufacturing
process and is included as an inventoriable product cost, which
means the cost of the spoilage is added to the inventory account.
Hi/Low Method: This is used to identify the variable cost per unit,
which can then be used to find the fixed costs. When using the
Hi/Low method of cost estimation, it’s the same as using the slope
formula: you subtract the lowest cost from the highest cost and
divide it by the lowest number of units subtracted from the highest
number.
The assumption under ABC is that there are multiple cause and
effect relationships driving the costs of products.
77
Copyright © 2019 SuperfastCPA.com
Activities: the processes that create products. One activity could
be painting the products
Job costing
This is the process of accumulating and applying costs to the
production of large or unique items.
When a product is finished, the costs flow into finished goods and
when sold they costs flow into cost of goods sold.
Process costing
This type of costing is used to assign costs to mass-produced and
similar products.
79
Copyright © 2019 SuperfastCPA.com
Budgeting
The ‘master budget’, also called a static budget is a
comprehensive plan for all activities of a company and it is based
on budgeted costs based on budgeted output.
The budget process always starts with a sales forecast. Sales are
forecasted first, and then everything else is budgeted based on
the level of sales..
A lot of the budgeting questions you’ll see are where they’ll give
you amounts for COGs, accounts payable, gross profit, budgeted
amounts of inventory, and inventory amounts at the beginning
and end of year – or some combination of these – and then you’ll
need to use these amounts to solve for the amount the question is
asking for.
80
Copyright © 2019 SuperfastCPA.com
Review these formulas until you understand them:
Expected Value
The ‘expected value’ is calculated by calculating the weighted
average of the outcomes to determine the long-run average
outcome. In the example below you would just multiply each
variable by its probability, and then add the values in the right
column to arrive at the ‘expected value’.
Example:
Regression Analysis
The relationship between fixed, variable and total costs as a
regression equation is: y = A + Bx
• y = total costs (dependent variable)
• A = fixed costs (the y intercept)
• B = variable cost per unit (the slope)
• x = number of units (independent variable)
81
Copyright © 2019 SuperfastCPA.com
Just like in algebra, this formula can be moved around to solve for
different pieces of it, such as A = Bx - y
Relevant costs
Avoidable costs are costs that can be avoided by choosing one
alternative over the other.
Sunk costs are costs in the past and are irrelevant for decision
making going forward. Also ‘joint costs’ are another type of sunk
costs, so they are not relevant in a ‘sell or process further’
decision.
Relevant costs are costs that have different future costs and
benefits.
When a company has idle capacity, the only thing they should
consider as to whether to do a special order is the avoidable
82
Copyright © 2019 SuperfastCPA.com
costs. Fixed costs are the same no matter what, so the avoidable
costs such as direct materials, direct labor, and variable costs
should be calculated to see if the special order would make or
lose money.
Variance Analysis
This involves developing standards for production such as
materials, labor, and overhead, and then comparing actual results
to budgeted results which creates variances between standard
costs and actual costs.
83
Copyright © 2019 SuperfastCPA.com
If the variance is based on materials used, it is either a price
variance (how much the materials cost), or a usage variance (how
much of the material was used). If the variance is based on labor,
it is either a rate variance (how much was paid for the labor), or
an efficiency variance (how many hours went into each unit).
84
Copyright © 2019 SuperfastCPA.com
Process Management
This is covered in the “Financial and Non-Financial Measures of
Performance Section”.
85
Copyright © 2019 SuperfastCPA.com