Independent billing authorization: Comparison of sales order entered by a sales rep, with shipping notices entered by shipping, verifies

each shipment is supported by valid sales order; helps to ensure the validity of packing slips. Packing slip: AKA delivery lists or bills of parcel, packing slips are documents that accompany goods when they are delivered. A packing slip is designed to aid recipients of the shipment in confirming that all items that were supposed to be included in the shipment have actually arrived. Review shipped not billed sales order (tickler file): Monitor the sales orders that have been shipped but not yet billed ensure all shipping notices are billed in a timely manner. One-for-one checking of deposit slip and checks and invoice: Provides for input accuracy of the dollar amount of deposited checks; Sales orders are compared to packing slips and the goods to determine that what was ordered is what is about to be shipped. Programmed edits of shipping notification: Provides a preventive control to help ensure the accuracy of items shipped. Manual agreement of batch totals: Ensures input accuracy and completeness of remittance advice inputs (cash receipts) Immediately endorse incoming checks: Endorses asap after receipt in the billing organization to protect them from being fraudulently appropriated. Helps to ensure the security of resources. Document design: A control plan in which a source document is designed to make it easier to prepare the document initially and later to input data from the document into a computer or other input device. Precludes a field salesman from omitting the sales terms from the sales order, thereby causing the order to be rejected by the computer data entry personnel. Pre-numbered documents: Prevents duplicate document numbers from entering the system, helps to ensure input validity. Turnaround document: Records of company data sent to an external party and then returned to the system as input (output becomes an input source in a subsequent event). Meets the operations system control goal of efficiency of resources by reducing the number of data elements to be entered from source documents. Digital signatures: Used to determine that a message has not been altered and has actually been sent by the person claiming to have sent the message. Confirm input acceptance: In systems where accountable documents are not used, this control plan helps ensure input completeness by informing the data entry person that data have been accepted for processing by the computer system. SOX: Fact: Came about because of Enron and WorldCom scandals Penalties - CEOs and CFOs threatened with civil and criminal penalties Main requirements: Financial statements and disclosures fairly present operations and financial condition Internal control structure and procedures for financial reporting Impact: Emergence of Corporate Performance Management (CPM) as a technology to assist in compliance Huge amount of work for auditors Big expense for companies to comply Response by the US government was the Sarbanes-Oxley Act of 2002 To mandate improved organizational governance Section 302CEOs and CFOs must certify quarterly and annual financial statements. Section 404Mandates the annual report filed with the SEC include an internal control report. Canada - Canadian equivalent (National Instrument 52-109) from CSA has less teeth, came in after SOX and allows external auditors to do review and does not require testing

Subsidiaries need to comply Private corporations may want to tighten up controls too Disclosure to the public on a rapid & current basis of material changes in an organizations financial condition application of legal, financial & technical expertise to ensure AIS are able to produce financial data in a timely and accurate manner.

Definition, advantages and disadvantages of Application Service Providers (ASP): Service bureaus Maintenance of hardware, operating systems and databases Management of Accounting or ERP system Benefits: Renting vs buying Dont need to invest in infrastructure and resources to support application Thin client Less maintenance Remote access Potential problems: Lack of applications available Concern with security Concern with reliability Cost, technical expertise necessary for implementation and the current health IT system Advantages: o Cost savings: reduced demands on IT personnel in not having to deploy the software upon individual computers; not having to mind the maintenance and patching associated that desktop software demands; not having to upgrade computers and operating systems for solving key HR activities. o Software company revises and upgrades the software o Choose among modules for powerful HR processing abilities without the expensive enterprise level cost of traditional desktop or network based software. o lower initial start-up costs Disadvantage: o Data is stored off-site (instead of on-site). If companys network or Internet service is down, its employees lose access to the ASP. Difference between an accounting and Enterprise Resource Planning (ERP) system: ERP programs are software used by companies to manage information in every area of the business. ERP helps manage company-wide business processes using a common database and shared management reporting tools. ERP supports the efficient operation of business processes by integrating activities throughout a business ERP is considered back office Remove silos No difference between an ERP and an accounting system as long as business processes across all departments are included Accounting package handles only individual business functions of accounts whereas ERP package handles the entire range of business functions of an organization. ERP system is a fully integrated business management system covering functional areas of an enterprise like Finance, Human Resources, Production, Sales and Logistics etc.

ERP organizes and integrates operation processes and information flows to make optimum use of resources such as men, material, money and machine. ERP enhances a manufacturer ability to accurately schedule production, fully utilize capacity, reduce inventory, and meet promised shipping dates.

ERP Advantages: Integration Infrastructure/platform consistency User interface consistency Scalable One number to call no finger pointing Best of Breed Advantages Focus on a single business process or industry Cost Point solution is usually less complex to implement and maintain Focus on one industry with knowledgeable resources and best practices for industry Define Customer Relationship Management system (CRM) and identify typical CRM functionality: One repository for all customer information CRM helps a company streamline interactions with customers and make them consistent Includes sales force automation, marketing automation, customer service/call centre, field service management and a help desk Difference between CRM and ERP system: Increase sales: customers and sales can be managed via a CRA; Reduce costs: Employees and productivity can be managed via an ERP. CRM (esp for start-up company): Combines Marketing, Sales, Contact Management and Customer Support. Keeps a high-level view on the progress of marketing activities and locate areas for improvement. Forecasts revenue by tracking the progress of pipeline. Some provide marketing and sales automaton functions, such as automated email. ERP (company achieved critical mass when it starts looking into an ERP): Cut waste becomes a more effective revenue-generation method than increasing sales. Standardizes business processes, ensures information remains structured and useful. Employees across the organization can find, store and share information from a centralized repository ensures more efficient processes and workflow with fewer errors, while eliminating the need to transfer, reenter or duplicate data. Gives clear insight into the state of the organization, assist in locating opportunities for efficiency and productivity improvements. Although ERP in the traditional sense has usually been thought of in the context of internal operational processes, modern systems have also crossed over into other areas such as those traditionally covered by CRM system. Some ERP components are even designed to integrate with external entities such as suppliers and banks. In a certain company, the quotation process is a paper-based process. Sales quotes are written up on a 3-part form with the original to the customer; first copy is faxed, and then mailed, to the sales office; and the salesperson keeps the second copy for personal records. List problems with this quotation system: Salesperson may make an arithmetic error or offer incorrect discounts Customer may order before copy of quote is faxed

Faxed copy may not be legible

Business Intelligence (BI): Transforming data into information useful to make decisions Data rich and information poor Spectrum of BI tools from simple management report to On-line Analytical Processing (OLAP) Slice and dice across multiple dimensions Data warehouse - data extracted from multiple sources, cleansed and placed into data warehouse Build cubes which are used by OLAP tool It has become important because: ERP creates is data rich and information poor Sarbanes Oxley Integration of statistical & analytical tools with decision support technologies to facilitate complex analyses of data warehouses by mangers & decision makers. Uses state-of-the-art information technologies for storing and analyzing data to help managers make the best possible decisions for their companies. Sometimes installed into existing ERP as an additional module Increases the available control a company can exert over spreadsheet use increase compliance with SOX Act

Compare and contrast the description and use of physical data flow diagrams (Physical DFD) and logical data flow diagrams (Logical DFD): Physical DFD: Graphical representation of a system showing the systems internal and external entities, and the flows of data into and out of these entities. Specify where, how, and by whom a systems processes are accomplished Does not tell us what activities are being accomplished. Logical DFD: Graphical representation of a system showing the systems processes, data stores, and the flows of data into and out of the processes and data stores. Used to document information systems because they represent the logical nature of a systemwhat activities the system is performingwithout having to specify how, where, or by whom the activities are accomplished. The advantage (versus a physical DFD) is that we can concentrate on the functions that a system performs. Strategic planning process: Critical Success Factors are those things that an organization must do well in order to be successful. Performance indicators indicate the extent to which the organization is achieving its critical success factors. Act as a motivator.

Information System: Manmade system that generally consists of an integrated set of computer-based and manual components established to collect, store, and manage data and to provide output information to users.

Update the Information System Model below with labels for each symbol and show the flow of the Information System Model by using arrows between the symbols:

What is web services and explain its (potential) impact on business: Self-contained (Independent) business functions that operate over the internet Web services is to data what HTML is to user interface Allow applications to share data regardless of software or computer users have Allows for B2B e-Commerce without customization or re-keying Huge potential for businesses to share data electronically over the internet. In creating a Relational Database, there are different types of keys. Define the following: Primary Key The key that uniquely identifies a record in a table (Cant be null it must have a value) Secondary Key An attribute within a table that the user/designer wishes to access frequently or quickly. Foreign key A copy of the primary key from another table used in a table in order to join the two tables in a relational database. Candidate key An attribute or group of attributes that uniquely identify a record in a table and could be

used as a primary key. Describe the elements or parts of a Relational Database Management System and what language is used for managing data within a database (5 marks) Ch 5 Tables - place to store data Queries - retrieve data Forms - on-screen presentations of data collected by queries Reports - printed lists and data summaries collected by queries SQL (Structured Query Language) Controls can be categorized as preventive, corrective or detective. Assume you are the controller for a large retailer and you are concerned about the privacy of customer credit card information. Describe two preventive, two corrective and two detective controls to ensure the privacy of this information: Preventative Controls: Installation of firewall Segregation of duties Encryption of credit card number Passwords Physical security (i.e. locks) on data storage area Do not print the entire credit card number on receipt, only print last 4 digits Employee background checks before hiring Restrict access to a particular area or department Employee training and awareness of the penalties regarding unauthorized use of client information Corrective Controls: Automatically suspense credit card when find out information has been leaked Fire employees for who breached confidentiality or policies set in place Change password when unauthorized access is suspected Notify affected customer immediately when system found to be compromised Investigate breach and implement measure to fix/prevent future incident Insurance policies Detective Controls: Install security camera in file storage location Look for unusual volume/spending pattern on a credit card and confirm with customer Review log in trails Perform periodic checks Analyze audit trail Information processing update (of master data): The process of modifying the master data so that it reflects the results of new events. Data maintenance update (of master data): The process of modifying a master datas standing data Preventive Controls: A control designed to keep problems from occurring. Input validity: A control goal of the information process that is directed at ensuring that fictitious or bogus events are not recorded. Operations process effectiveness goal: A goal of an operations process that signifies the very reason for which that process exists. Control environment: The highest level in the control hierarchy; a control category that evidences managements commitment to the importance of control in the organization. Application controls: An automated control that is exercised within a business process as that process events are processed.

Pervasive control: A control that addresses a multitude of goals across many business processes. What are the advantages and disadvantages of Sarbanes Oxley. (5 marks) Ch 7 Advantages Restore confidence in financial reports of public companies Reduce risks of scandals like Enron Improve processes and internal controls Reduce audit fees Disadvantages High costs for compliance Avoiding going public or listing on foreign exchanges Focus on compliance rather than innovation What is meant by segregation of duties what duties should segregated and why. As well, are there situations when this is not recommended? (5 marks) Ch 8 Authorization or approval Execution Recording Safeguarding or reconciling To protect against fraud Small organizations dont have enough people for this Describe B2B and B2C, as well as their benefits and limitations. (5 marks) Ch 3 Business-to-business: Two (or more) businesses make transactions electronically Major benefits include: reduced cost, reduced cycle time, increased customer base and sales, and improved customer service Limitations: Lack of standards Back end integration Lack of web services/XML (Extensible Markup Language) Complexity/Cost of EDI (Electronic Data Interchange) Business-to-consumer: Companies sell directly to consumers over the Internet Major benefits include increased revenues, the creation of new sources of revenues, and the elimination of costly intermediaries No limitations that I can think of What is SAP and why has it been so successful? (5 marks) Ch 2 An ERP system: Systems Applications and Products in Data Processing SAPs goal was to develop a standard business software product that could be configured to meet the needs of a company Users to work on a computer screen, not with paper Used client/server technology Data to be available in real time First ERP system Works across multiple databases and operating system Cardinality: Class 3 Slide 46 Degree to which each entity participates in the relationship, e.g., 1:N (pronounced one-to-many). The most common constraint specified in E-R diagrams Participation:

The participation constraint specifies the degree of minimum participation of one entity in the relationship with the other entity.

Advantage of 3-tier system: It separates application into: Screen user interface business logic Database Allows for better remote processing only send UI commands through network Less maintenance as only need browser What is fraud & how to prevent: Fraud: deliberate act or untruth intended to obtain unfair or unlawful gain. Management charged with responsibility to prevent and/or disclose fraud Control systems enable management to do this job Primary responsibility to detect fraud lies with the company Auditor designs audit with reasonable assurance to detect fraud, but the purpose of an audit is not to detect fraud unless its a special fraud engagement. Purpose of audit is to determine whether company followed GAAP (Generally Accepted Accounting Principles) or IFRS (International Financial Reporting Standards) in the preparation of F/S. Restricting Access to Computing Resources Layers of Protection

Control objectives for information technology (COBIT): Developed in 1996 by ISACA to provide guidance to managers, users, and auditors on the best practices for the management of information technology Unlike other internal control models, COBIT, integrates internal control with information and information technology COBIT defines IT activities in a generic process model within four domains (Four IT control process domain): - Plan and organize - Acquire and implement - Deliver and support - Monitor and evaluate What is the difference between the Canadian and US definitions of internal control? From CICA 5142.042 includes risk management as part of the definition It follows that internal control is designed and implemented to address identified business risks that threaten the achievement of any of these objectives. What is the COSO definition of Internal Control? A process effected by an entitys board of directors, management, and other personnel designed to provide reasonable assurance regarding the achievement of objectives in the following categories (up to 2 marks): Effectiveness & efficiency of operations Reliability of financial reporting Compliance with applicable laws & regulations. (up to 3 marks) Describe the Accountants role in the strategic decision making process Designerapplication of accounting principles, auditing, information systems, and systems development Userparticipate in design Auditorprovide audit and assurance services

In order for information to be useful for primary decision making, it must have two specific qualities. What are they? Name and define some of the ingredients of these specific primary qualities. Qualities: (2 marks) Relevance Reliability Ingredients of Relevance: (up to 2 marks) Predictive or feedback value Timeliness Ingredients of Reliability: (up to 4 marks) Validity Completeness Accuracy Neutrality Verifiability What is the difference between data and information? Data facts and figures in raw form Information data transformed into information that is useful to make decisions.