Академический Документы
Профессиональный Документы
Культура Документы
(b)System Flowchart
• A System Flowchart represents the overall view of the data flow and operations of a
system, with a diagram drawn logically, and illustrates the correct flow of data or
documents.
• It represents flow of documents, the operations or activities performed, the persons
or workstations. It also reflects the relationship between Inputs, Processing and
Outputs.
• In a Manual System, a System Flowchart may comprise several Flowcharts, prepared
separately, such as Documents Flowchart, Activity Flowchart, etc.
• In a Computer System, the System Flowchart mainly consists of – (i) sources from
which input data is prepared and the medium or devices used, (ii) the processing steps
or sequence of operations involved, and (iii) the intermediary and final outputs
prepared and the medium and devices used for their storage.
(d)Program Flowchart
• Program Flowcharts are diagrammatic representation of the data processing steps to
be performed within a computer program.
• They are used to translate the elementary steps of a procedure into a program of
coded instructions for the Computer to operate effectively.
• They are used to depict the scientific, arithmetic and logical operations or steps which
must be accomplished to solve the computer application problem.
Flow Lines: The Symbols are linked by Flow Lines. A given Flow Line might represent
– (i) a Data Flow, (ii) a Control Flow, or (ii) a Hardware Interface.
Direction: By convention, the direction of flow is from the top left to the bottom right,
and
Arrowheads must be compulsorily used when that convention is not followed. However,
Arrowheads are recommended even when the convention is followed because they help
to clarify the documentation.
Symbols used in System Flowcharts are given below –
Text
Ite Description
m
(a) Events Events require no action from the Business as such, e.g. Customer Order,
Application for Credit Limit increase, etc.
(b) Activities These are the Entity’s Responses to the Events / Inputs, e.g. checking
of credit limit, checking of stock availability at Warehouse, etc. A
Processing Step or Activity is denoted by a Rectangular Box.
(c)Decision These are Decision Steps that have two types of responses – “Yes” or
Gateways “No”, and the further path of the process is decided based on such
response. These are denoted by Diamond Shapes.
(d) Arrows The Events, Activities and Decision Gateways are linked and inter–
connected by – (a) Solid Arrows (for Activity Flows), and (b) Dashed
Arrows (for Message / Information Flows).
8. Identify the Business Unit /Department/Person, that is responsible for each Step, for
creating various “Swimlanes”.
9. Draw the Flowchart based on the above linkages and processes, and obtain Final
Approval from the Entity.
18) What are the various types of Risk Management Strategies that may be
adopted by an Entity?
When risks are identified and analyzed, it is not always appropriate to implement
controls to counter them. Some risks may be minor, and it may not be cost effective to
implement expensive control processes for them. Risk management strategy is
explained below:
• Tolerate/Accept the risk: One of the primary functions of management is
managing risk. Some risks may be considered minor because their impact
and probability of occurrence is low. In this case, consciously accepting the
risk as a cost of doing business is appropriate, as well as periodically reviewing
the risk to ensure its impact remains low.
• Terminate/Eliminate the risk: It is possible for a risk to be associated with
the use of a technology, supplier, or vendor. The risk can be eliminated by
replacing the technology with more robust products and by seeking more
capable suppliers and vendors.
• Transfer/Share the risk: Risk mitigation approaches can be shared with
trading partners and suppliers. A good example is outsourcing infrastructure
management. In such a case, the supplier mitigates the risks associated
with managing the IT infrastructure by being more capable and having access
to more highly skilled staff than the primary organization. Risk also may be
mitigated by transferring the cost of realized risk to an insurance provider.
• Treat/mitigate the risk: Where other options have been eliminated,
suitable controls must be devised and implemented to prevent the risk from
manifesting itself or to minimize its effects.
• Turn back: Where the probability or impact of the risk is very low, then
management may decide to ignore the risk.
19) What legal and regulatory compliances are called for in case of Business
Process Automation?
Legal, Regulatory and Compliance Requirements in relation to BPA and Risk Management
include the following –
• Directors’ Responsibility Statement in relation to Maintenance of Accounting
Records, Internal Financial Controls, [Sec.134 of Companies Act, 2013],
• Reporting Requirements of Auditors in relation to Maintenance of Accounting
Records, Internal Financial Controls, [Sec.143 of Companies Act, 2013],
• Corporate Governance Requirements under Companies Act, 2013, Compliance
with the requirements of the Information Technology Act, 2000.
(b) Transmission: Risk that all the Files and Data transmitted may not be
processed accurately and completely, due to Network error or system failure.
(c) Processing: Risk that valid input data may not be processed properly due to
program errors or other reasons.
(d) Output: Risk that output is not complete and accurate, or risk that output is
distributed to Unauthorized Personnel.
Manual Both (a) and (b) are done by Both (a) and (b) are done by
manual processes. manual processes.
Automated Both (a) and (b) are done by Both (a) and (b) are done by
System Verification. System Verification.
(e) helps in ensuring the accuracy and completeness of the accounting records,
(h) helps the reliability of internal and external Financial Reporting on timely basis.
Ø The masters are set up first time during installation and these are changed
whenever the business process rules or parameters are changed. Examples are
Vendor Master, Customer Master, Material Master, Accounts Master, Employee
Master etc.
Ø Any changes to these data have to be authorized by appropriate personnel and
these are logged and captured in exception reports.
example: The Customer Master will have the credit limit of the customer. When
an invoice is raised, the system will check against the approved credit limit and if
the amount invoiced is within the credit limit, the invoice will be created if not the
invoice will be put on “credit hold” till proper approvals are obtained.
Transactions
Ø Transactions refer to the actual transactions entered through menus and functions
in the application software, through which all transactions for specific modules are
25) Write short notes on review of BPA from Risk and Control Perspectives?
Implementation or review of specific business process can be done from risk or control
perspective
(a) Risk Perspective
1. Each key sub–process or activity performed in a Business Process should be examined,
to look at existing and related control objectives and existing controls and the
residual risks after application of controls.
2. The Residual Risk should be knowingly accepted by the Management
26) Explain a few Risks and Control Objectives in O2C Process at Masters
Level?
Risks and Controls related to the Order to Cash (O2C) business process are as
follows:
Master Level
Risks Controls
The customer master file is not maintained The customer master file is maintained
properly and the information is not properly and the information is accurate.
accurate.
Invalid changes are made to the customer Only valid changes are made to the
master file. customer master file.
All valid changes to the customer master All valid changes to the customer master
file are not input and processed. file are input and processed.
Changes to the customer master file are Changes to the customer master file are
not accurate. accurate.
Changes to the customer master file are Changes to the customer master file are
not processed in a timely manner. processed in a timely manner.
Customer master file data is not up-to- Customer master file data is up to date
date and relevant. and relevant.
Risk Control
Orders are processed exceeding Orders are processed only within
customer credit limits without approvals. approved customer credit limits.
Orders and cancellations of orders are Orders and cancellations of orders are
not input accurately. input accurately.
Order entry data are not transferred Order entry data are transferred
completely and accurately to the completely and accurately to the
shipping and invoicing activities. shipping and invoicing activities.
All orders received from customers are All orders received from customers are
not input and processed. input and processed.
Invalid and unauthorized orders are Only valid and authorized orders are
input and processed. input and processed.
28) Explain a few Risks and Control Objectives in P2P Process at Masters Level?
Risks and Controls related to the Order to Cash (P2P) business process are as follows:
Master Level
Risk Control
Unauthorized changes to supplier master Only valid changes are made to the
file. supplier master file.
All valid changes to the supplier master All valid changes to the supplier master
file are not input and processed. file are input and processed.
Changes to the supplier master file are not Changes to the supplier master file are
correct. accurate.
Changes to the supplier master file are Changes to the supplier master file are
delayed and not processed in a timely processed in a timely manner.
manner.
Supplier master file data is not up to date. Supplier master file data remain up to
date.
System access to maintain vendor System access to maintain vendor
masters has not been restricted to the masters has been restricted to the
authorized users. authorized users.
29) Explain a few Risks and Control Objectives in P2P Process at Transactions
Level?
Risk Control
Unauthorized purchase requisitions are Purchase orders are placed only for
ordered. approved requisitions.
Purchase orders are not entered Purchase orders are accurately entered.
correctly in the system.
Purchase orders issued are not input and All purchase orders issued are input and
processed. processed.
Amounts for goods or services received All amounts for goods or services
are not input and processed in accounts received are input and processed to
payable. accounts payable.
30) Explain a few Risks and Control Objectives in Inventory Process at Masters
Level?
Risks and Controls related to the Inventory process are as follows:
Master Level
Risk Control
Invalid changes are made to the Only valid changes are made to the
inventory management master file. inventory management master file.
Inventory management master file data Inventory management master file data
is not up to date. remain up to date.
Risk Control
Adjustments to inventory prices or Adjustments to inventory prices or
quantities are not recorded accurately. quantities are recorded accurately.
Raw materials are received and accepted Raw materials are received and accepted
without valid purchase orders. only if they have valid purchase orders.
Raw materials received are not recorded Raw materials received are recorded
accurately. accurately.
Raw materials received are not recorded All raw materials received are recorded.
in system.
Receipts of raw materials are not recorded Receipts of raw materials are recorded
promptly and not in the appropriate promptly and in the appropriate period.
period.
Defective raw materials are not returned Defective raw materials are returned
promptly to suppliers. promptly to suppliers.
The Human Resources (HR) Life Cycle refers to human resources management and
covers all the stages of an employee’s time within a specific enterprise and the
role the human resources department plays at each stage. Typical stage of HR
cycle includes the following:
(b) Recruiting and On-boarding: Recruiting is the process of hiring a new
employee. The role of the human resources department in this stage is to
assist in hiring. This might include placing the job ads, selecting candidates
whose resumes look promising, conducting employment interviews and
administering assessments such as personality profiles to choose the best
applicant for the position. On boarding is the process of getting the
successful applicant set up in the system as a new employee.
(c) Orientation and Career Planning: Orientation is the process by which
the employee becomes a member of the company’s work force through
learning her new job duties, establishing relationships with co-workers and
supervisors and developing a niche. Career planning is the stage at which
the employee and her supervisors work out her long-term career goals with
the company. The human resources department may make additional use of
personality profile testing at this stage to help the employee determine her
best career options with the company.
(d) Career Development: Career development opportunities are essential to
keep an employee engaged with the company over time. After an employee,
has established himself at the company and determined his long-term career
objectives, the human resources department should try to help him meet his
goals, if they’re realistic. This can include professional growth and training to
prepare the employee for more responsible positions with the company. The
company also assesses the employee’s work history and performance at this
34) Explain a few Risks and Control Objectives in HR Process at Masters Level?
Risks and Control Objectives for Human Resource Process at Master Levels are as
follows:
Risk Control Objective
Additions to the payroll master files do not Additions to the payroll master files
represent valid employees. represent valid employees.
New employees are not added to the All new employees are added to the
payroll master files. payroll master files.
Deletions from the payroll master files do Deletions from the payroll master files
not represent valid terminations. represent valid terminations.
Invalid changes are made to the payroll Only valid changes are made to the
master files. payroll master files.
36) Explain a few Risks and Control Objectives in Fixed Assets Process at Masters
Level?
Risks and Control Objectives for Fixed Asset Management Process at Master Levels are
as follows:
Risk Control Objective
Invalid changes are made to the fixed Only valid changes are made to the
asset register and/or master file. fixed asset register and/or master
file.
Valid changes to the fixed asset register All valid changes to the fixed asset
and/or master file are not input and register and/or master file are input
processed. and processed.
Changes to the fixed asset register Changes to the fixed asset register
and/or master file are not accurate. and/or master file are accurate.
Fixed asset register and/or master file Fixed asset register and/or master
data are not kept up to date. file data remain up to date.
System access to fixed asset master file System access to fixed asset master
/ system configuration is not restricted to file / system configuration is
the authorized users. restricted to the authorized users.
37) Explain a few Risks and Control Objectives in Fixed Assets Process at
Transactions Level?
Risks and Control Objectives for Fixed Asset Management Process at Transaction Levels
are as follows:
Risk Control Objective
Fixed asset acquisitions are not Fixed asset acquisitions are
accurately recorded. accurately recorded.
Fixed asset acquisitions are not recorded Fixed asset acquisitions are recorded
in the appropriate period. in the appropriate period.
Fixed asset acquisitions are not All fixed asset acquisitions are
recorded. recorded.
Depreciation charges are not recorded in All depreciation charges are recorded
the appropriate period. in the appropriate period.
Fixed asset disposals/transfers are not All fixed asset disposals/transfers are
recorded. recorded.
39) Explain a few Risks and Control Objectives in General Ledger Process
at Configuration Level?
Risks and Control Objectives for General Ledger at Configuration Levels are as follows:
40) Explain a few Risks and Control Objectives in General Ledger Process at
Masters Level?
Risks and Control Objectives for General Ledger at Master Levels are as follows:
41) Explain a few Risks and Control Objectives in General Ledger Process at
transactions Level?
Risks and Control Objectives for General Ledger at Transaction Levels are as follows:
(3) What are the types of Accounting Vouchers? Explain from a Software
Perspective?
A Voucher Number or a Document Number is a unique identity of any
voucher/document. A voucher may be identified or searched using its unique voucher
number. Let us understand some peculiarities about voucher numbering.
• Voucher number must be unique.
• Every voucher type shall have a separate numbering series
• A voucher number may have prefix or suffix or both, e.g.
ICPL/2034/17-18. In this case “ICPL” is the prefix, “17-18” is the suffix
and “2034” is the actual number of the voucher.
• All vouchers must be numbered serially, i.e. 1,2,3,4,5,6 and so on.
• All vouchers are recorded in chronological order and hence voucher
recorded earlier must have an earlier number, i.e. if voucher number
for a payment voucher having date as 15thApril 2017 is 112, voucher
number for all the vouchers recorded after this date shall be more than