Summary For CMA Part

Download as pdf or txt
Download as pdf or txt
You are on page 1of 95

Revision

Financial statements
Limitations of the Balance Sheet:

1- Fixed assets are valued at historical cost not equal to FV


2- BS show the company financial position at certain date and accounts may
vary significantly after or before of FS
3- BS based on management judgments
4- BS don’t not include some valuable items
Examples of off-balance- sheet financing include

1- Operating lease
2- Factoring account receivables with recourse
3- Joint venture
Special purpose entities. A firm may create another firm for the sole purpose of keeping the
liabilities associated with a specific project off the parent firm’s books

Joint venture accounted on equity basis and not reflected as debt of the members
of joint venture
Limitations of the Income Statement

1- Income statement does not show all item of income many items are reported
on OCI
2- Income statement an estimate number the reflect number of assumption
based on management Judgments.
3- Income statement number due to different account method used
4- Income statement is not sufficient for assessing liquidity
5- Income measurement require judgments such deprecation percentage and
useful life
The major items included in other comprehensive income:

1- Un realized gain or loss on available for sale securities


2- Gain or loss associated with pension or post retirement plans
3- Foreign currency translation adjustments
4- Effective portion on cash flow hedge
The accounting for stock dividends depends on the percentage of new shares to be issued

1- Issuance of shares less 20% to 25% of previously outstanding common shares


is reclassified as small stock dividend
2- Issuance of shares greater than 20% to 25% of previously outstanding shares
is reclassified a large stock dividend and is recognized a stock split in the form
of dividend
3- In accounting for a stock dividend, fair value of additional shares is
reclassified from RE to Common shares
Limitations of the Statement of Changes in Equity

1- The company use accrual basis in financial accounting so it may recognize


revenue and expenses before cash is received
So data is not sufficient to assessing amount of RE available to reinvestment
or pay debt
2- Statement of changes in equity is provided at certain date and equity may
vary significantly before or after publication of statement of changes in
equity
Limitations of the Statement of Cash Flows:
1- Statement of Cash Flows is not sufficient of assessing liquidity and profitability
2- Statement of Cash Flows must be used in conjunction with other financial statements
3- Statement of Cash Flows not represent true liquid position of an entity
4- Statement of Cash Flows can have manipulated by schedule vender payments after the
end of the year

Notes to the Financial Statements


Provide a through picture of the company financial position and the result from
operation so it’s used to explain the items presented in the main body of fs and
the methods used to determine the amount reported
Accounting Policies
The first note is the notes to financial statements is a summary of significant
accounting policies
- What method of deprecation to be used?
- How inventory is valued
- Cost flow assumption to be used
Disclosure of accounting policies is used to
Identify and describe principles of accounting followed by reporting entity to
determine the method for applying this accounting policy that materially affect the
determination of the company’s financial position, cash flows, or results of
operations.
Limitations of financial statements in general:
1- Measurement are using money basis so qualitative aspects are not included
2- Financial reporting involves judgment allocation estimation summarization
and classification
3- Financial statement reflects transactions that are many of them are historical
cost
4- Only transaction related to an entity being reported transactions related to
other entities not included
Accounts receivables
Notes
1- Current AR are recorded at NRV
2- Non-current AR recorded at NPV
3- Direct write off not acceptable under GAAP
4- Write of reduce Allowance and AR
5- Collection of previously written off receivable will increase the allowance
and debit to cash
6- When a right of return exists, an entity recognizes sales revenue when the
amount of future returns can be reliably estimated.

The reconciliation of the beginning and ending balances of gross accounts


receivable (accounts receivable before adjustment for allowance for
uncollectible accounts)
Equal= Beginning accounts receivable
Plus: Credit sales during the period
Minus: Cash collected on credit sales during the period
Minus: Accounts receivable written-off during the period Ending accounts
receivable
The reconciliation of the beginning and ending balances of the allowance for
uncollectible accounts:
Equal Allowance for un collectable amount
Plus, bad debt expense
- Amount Written off
+ collection of previously written off
= Ending allowance for uncollectible accounts
The main reasons for factoring transactions:
1- Speed up collection
2- Eliminate credit department and AR staff
3- Remove bad debt expense and Allowance for doubtful account
Types of factoring of AR
- With recourse (secured borrowing).
- Without recourse.
Inventory

An advantage of the perpetual inventory system:


Inventory account and COGS can be determined anytime
A disadvantage of the perpetual inventory system:
Bookkeeping is more complex and expensive to register every single transaction
when they occur
An advantage of the periodic inventory system:
Bookkeeping is simpler under this system.
A disadvantage of the periodic inventory system:
No continuous monitoring of inventory and cost of goods sold.
First-in, First-out (FIFO):
This method assumes that the first goods purchased are the first sold
ending inventory consists of the latest purchases.
Cost of goods sold includes the earliest goods purchased.
Under the FIFO method, year-end inventory and cost of goods sold for the period
are the same regardless of whether the perpetual or the periodic inventory
accounting system is used.
Its advantage that it approximates its ending inventory with current replacement
cost

Notes
1- In the rising costs conditions, changing from FIFO to weighted average will
result in higher income.
2- In the interim period under US GAAP, the inventory is reported at its
historical cost even though the NRV is lower because no write down in the
inventory in the interim period, however under IFRS, the inventory is written
down if NRV is lower in the in interim period.
3- Weighted average method >>> only Periodic
4- Moving average method>>> only perpetual
5- When calculating purchase for the COGS formula, take care that in case of
reduction of A/P to be reduced from purchase because reduction represents
payment of prior period purchase, that is to calculate net purchase for the
current year.
Revenue from contract with customer

1-five-steps model for recognizing revenue from contracts with customers.

a. Identify the contract with customer


b. Identify the separate performance obligation
c. Determine the transaction price
d. Allocate the transaction price to separate performance obligation
e. Recognize revenue from the contract

2- Revenue is recognized for a contract with a customer if all of the following criteria are met

a. The contract has commercial substance


b. Payment terms are identified
c. Right of parties has identified
d. Parts approved the contract
e. Amount of consideration expected to collect in the future

3- It is accounted for as a separate contract if the following conditions are met:

a. The scope of the contract increase by the addition of promised goods and
service
b. The transaction price increase by the addition of price of goods and service

3-factors should be considered in assessing whether a contract includes a significant financing


component:

a. Time between delivery of goods and service and payment


b. The difference between cash selling of goods and service and consideration to
be received

4-The transaction price should not be adjusted for the effect of the time value of money if:

a. The time between delivery of goods and service and payment is less than one
year
b. Substantial amount of consideration is variable and its amount or timing depend
on future events that not under the control of an entity or customer
c. The customer pays full amount in advance and transfer of goods that are under
the direction of customer

5 -the contract price may vary because of the following:

a. Refund due to right of return provided to customer


b. Credit
c. Performance bonus
d. Royalties
e. Prompt payment discount
f. Sales Incentives
g. Volume discounts

6- Variable consideration is estimated using one of the following methods:

a. most likely amount (the single most likely amount in range of consideration when
a company has two possible outcome)
b. expected value
 when a company has large number of contract with similar characters
 based on limited number of discrete outcomes and probabilities

7- The volume discount may be applied:

a. prospectively to additional purchased goods and service


b. retrospectively to all purchased up to date

8- If the standalone price is not directly observable, it must be estimated. The following are
suitable approaches:

a- residual value approach: total transaction price minus standalone selling price for
observable goods and service
b- adjusted market assessment: estimate the cost in the market that the customer
willing to pay
c- cost plus margin: expected cost to satisfy performance obligation plus margin

9- Control of an asset is transferred when the:

d- customer direct use the asset


e- company has right to payment for the asset
f- company transferred legal tittle and benefit of the asset
g- customer accepted the asset

10- Examples of output methods include:

a- units delivered
b- units produced
c- milestones reached
d- appraisal of results achieved
Investments
Transfer between categories

Transfer from trading to any category the amount recognized in net income not
reversed

Transfer from any category to trading the amount not recognized in net income should
be recognized

Transfer from Held to maturity to Available for sale the amount recognized in OCI

Transfer from Available for sale to held to maturity the amount recognized in OCI not
reversed but amortized

Acquisition-related costs:

such as –

finder’s fees - professional and consulting fees, - general administrative costs, all of
them are expensed as incurred

Issue costs for securities are accounted for as follows:

Equity issue costs (underwriting, legal, accounting, tax, registration, etc.) reduce
additional paid-in capital.

Debt issue costs are reported in the balance sheet as a direct deduction from the face
amount of the debt.

Notes
- Change in FV has no effect on an investment in securities accounted for under
equity method.
- In calculation of equity method, we have to take care of the date of the share
acquisition, means if the purchase took place on July (mid of the year), then the
recognized income should be proportionate.
- Commission and taxes paid to broker to sale the securities will be part of the loss
(loss on disposal) in case of loss
- from sale of security>> all will be recorded in the I/S as loss from disposal =
Commission paid + decline in the FV
- Under the measurement alternative for an investment in equity securities, the
investment is measured at Cost minus subsequent impairment, plus or minus
changes resulting from observable price changes for the identical or a similar
investment of the same issuer.
- A measurement alternative may be elected for an investment in equity securities
if the Fair value of the investment is not readily determinable and the investment
does not result in control or significant influence over the investee
Assets
Impairment under GAAP

Determination of an Impairment Loss


1. Events or changes in circumstances indicate a possible loss
2. Carrying amount of an asset > Sum of undiscounted cash flows
3. Impairment loss = Carrying amount – Fair value

Impairment under IFRS

Determination of an Impairment Loss


1. Reporting-date assessment indicates a possible loss
2. Impairment loss = Carrying amount – Recoverable amount

The recoverable amount is the greater of an asset’s (1) fair value minus cost to sell or
value in use. Value in use of the asset is the present value of its expected cash flows.

An impairment loss on an asset (besides goodwill) may be reversed in a subsequent


period if a change in the estimates used to measure the recoverable amount has
occurred. The reversal of an impairment loss is recognized immediately in profit or loss
as income from continued operations

Intangible assets valuation methods under IFRS and GAAP

 IFRS uses the cost model or the revaluation model


 GAAP uses the cost model only

impairment occurs when events or changes in circumstances indicate that the carrying
amount of the asset may not be recoverable

Under GAAP there is a Two-Step Impairment Test

1. Recoverability test. The carrying amount of a long-lived asset to be held and used is
not recoverable if it exceeds the sum of the undiscounted future cash flows

2. If the carrying amount is not recoverable, an impairment loss is recognized. It equals


the excess of the carrying amount of the asset over its fair value. A previously
recognized impairment loss must not be reversed

Under IFRS there is a one-step impairment test.

The carrying amount of an asset is compared with its recoverable amount.

An impairment loss on an asset may be reversed in a subsequent period

Development costs are capitalized if


the entity can demonstrate the

 technical feasibility of completion of the asset


 intent to complete
 ability to use or sell the asset
 way in which it will generate probable future economic benefits
 availability of resources to complete and use or sell the asset, and
 ability to measure reliably expenditures attributable to the asset

The amortizable amount: Historical cost - salvage value

Notes

 Test for impairment is performed whenever circumstances indicates that the CV


is not recoverable.
 In double declining depreciation method, don’t consider the salvage value in
calculating the depreciation expense/Accumulated Dep.
 Under GAAP, restoration of previously impaired assets is not permitted,
however, under IFRS, the restoration is possible provided that the restoration
value does not exceed the previously impairment loss.
 Under IFRS, the impairment test is the comparing the carrying amount with
recoverable amount. Recoverable amount is the greater of FV-cost to sell and
value in use (PV of future cash flows). Impairment loss = CV – Recoverable
amount
 Under GAAP, If the carrying value exceeds the undiscounted cash flow
two steps for impairment
 Impairment loss = CV – FV

Notes to revenue recognition


1- using units of completion method when cost cannot reasonably estimate so the
revenue recognized according to cost incurred
2- using time value when transaction include significant financing component
should be adjusted and the interest expense and revenue calculated using
effective interest rate and recognized in income statement separately for
revenue from contracts with customer
3- standalone selling is the price that an entity sells promised goods and service
separately to customer and the best evidence is observable price of goods and
service that sold separately in the same circumstances and similar customer
4- when outcome of the contract cannot reasonably have measured but the cost
incurred in satisfying performance obligation will be recovered so the revenue
recognized according to cost incurred based on zero profit margin
The company is required to provide information about revenue recognition:
1- Revenue recognized from contract with customers including disaggregation of
revenue into appropriate categories opening and closing balance in contract
assets and liabilities
2- Significant judgments made and change in judgments made in applying the
guidance
3- Any assets recognized from the cost to fulfill the contract and amortization
method and amortization amount

Reclassification of Short-term Debt


For a company to reclassify its short-term obligations as long-term obligations, it must both:

1- Positive intention and ability to refinance them


2- Be able to demonstrate the ability to refinance them by
 Completing the refinancing transaction
 Entering into a financing agreement

Purchase Commitment
a commitment to acquire goods in the future not recorded at the time of agreement
they recorded as inventory when received

Loss is recognized in non-cancelable purchase commitment when they occur when


market price less than purchase price and separately disclosed

D1r: loss on purchase commitment

Cr: Liability on purchase commitment

Warranty liabilities
Classification of Warranties:

a) If the warranty required by law or not sold separately should be accounted as


assurance type warranty
b) The longer coverage period accounted as a separate performance obligation
c) Specified tasks performed constitute as a spate performance obligation
d) If the warranty cannot reasonably account for them separately account, both
warranties as a separate performance obligation
Contingency: A set of circumstance involving uncertainty to possible gain or loss that
will be resolved when one or more future events occur or fail to occur

A contingency may be:

1. Probable
2. remote
3. Reasonably possible

warranty obligations are considered contingencies and losses are to be accrued if the
conditions are met:

a) it is probable an obligation has occurred due to a transaction occurred on or


before of the date of FS
b) amount of obligation can be reasonably estimated
c) if the amount is in a range amount record the minimum
d) if not accrued at least disclosed
e) contingency gain recorded when realized

the warranty liability on the balance sheet is calculated as:

total warranty expense recognized in the past

– all cost incurred on warranties

= warranty liability on the balance sheet

Taxes
A temporary difference exists:

1- reported amount of an asset or liability in financial income differ from taxable


income
2- when revenue or expenses recognized in financial income and taxable income in
different period
3- difference will cause taxable or deductible in future period when assets will have
recovered and liability will paid

Deferred tax liability: occurs when financial income greater than taxable income and
will result future taxable amount

Deferred tax Asset: occurs when financial income less than taxable income and will
result future deductible amount

The purpose of Inter period income tax allocation:


is designed to recognize tax asset or liability for the tax consequences of temporary
difference between financial income and taxable income

Leases
Lease definition: Agreement between lessor and lessee that conveys the right to
control the use of specific property for a period of time in consideration

Control means:

1- Direct use of the asset how the asset is going to be used


2- Obtain substantially all economic benefit from the use of the asset

two categories of leases:

1- Finance lease: purchase/ sale agreement


2- Operation lease: rental contract

A lease is said to be finance lease in ONE at least or more of the following


cases/criteria: (what differentiate finance lease from operating lease):

1- The lease provides for the transfer of ownership of the asset to the lessee at the
end of the lease term
2- The lease provides option to purchase the underlying asset at the end of lease
term and the lessee provides reasonably certain to exercise the option to
purchase the underlying asset
3- The lease term is for major part for the remaining economic life of the asset 75%
or more
4- PV of some of lease payments is equal or greater than 90% of FV of the asset
5- The asset is specialized by nature and have no alternative use at the end of lease
term to lessor

Integrated report
Integrated report: incorporates non-financial information along the financial
information provided in financial report and show how financial information is
influenced by non-financial over short medium and long term

A concise communication how an org strategy governance performance and prospect


in the context of ex environment lead to the creation of value over short medium and
long term

Integrated report prepared in accordance with integrated reporting framework


published by IIRC
Purpose of the Integrated Report:

Explain to providers of financial capital how an org strategy governance performance


and prospect in the context of ex environment lead to the creation of value over short
medium and long term

Integrated Reporting: a process founded in integrated thinking that result in a periodic


integrated report by an org about value creation over time and related communication
regarding value creation

IR requires an understanding of three major concepts:

1- Value creation
2- Integrated report
3- Integrated thinking

The objective and ultimate norm of IR to change corporate reporting system so that
the integrated reporting became the global norm

IR improve reporting decision making and integrated thinking

Integrated Thinking: Active consideration by an org of the relation between various


operation and functional units and the capitals that the org use or effect about value
creation

Integrated thinking cannot be done in a standalone department different department


must work together to measure and report value creation for itself and department

Integrated reporting, integrated thinking, and the integrated report:

Three distinct concepts and interconnected and the frame work of integrated report
was published by IIRC (Principle based)

An entity’s value-creation process is influenced by:

1- External environment affection the org


2- Resources and relation used or affected by an org
3- How and org interact with ex environment and with capitals to create value over
short medium and long term

Externalities: the effect on the capitals not owned by an org

six capitals:

1- Financial capital
2- Manufactured physical capital
3- Human capital
4- Intellectual capital
5- Social relationship
6- Natural capital

Notes:

a. Not all capitals are equally important for each org


b. Org may category capital differently
c. Not all capitals need to be presented in every integrated report
d. Some capitals may not be relevant for particular org
e. Capitals need not be identified in the same name in every integrated report
f. The way the org show fundamental concept in the integrated report is not fixed
g. Employees competence may not intellectual capital they transferred from one
org to another
h. Six capitals affected by and org regular course of business
i. Guiding principles not applied strictly the are only guidelines
j. Integrated report is a merely vehicle to show value creation process
k. All continent element defined in the integrated report should be addressed in the
integrated report
l. the most likely benefit of adopting integrated reporting is to lower long term cost
m. The most persuasive argument for adoption of integrated reporting (IR) is that
Investments in systems, data collection, and analysis will yield positive long-term
results

The ability to create value is affected by the following factors:

1) External environment: ex technological change, societal issues, economic change


environmental challenge create the context which the org operate
The back ground of the graphic
2) Governance: business direction and control
3) Mission and vision: what the company is intended to do the purpose and intention
of the company
4) Risks and opportunities: monitoring and analyzing of ex environment to identify
risks and opportunities
5) Strategic and resources allocation: org identify way to manage and mitigate risks
and strategic objective are implemented through resources allocation
6) Business model: org business model and other activities used to transfer inputs to
output and outcomes to achieve org strategic process and create value
org business activities and output lead to outcomes
the outcome became input to value creation process
7) Performance: information about performance is required for decision making
Information is measured through setting up measurement
8) Outlook: regular view of each component of value creation process and interaction
with other components and focus on outlook lead to revision and refinement to
make improvements going forward the future
Outcomes: are the result of org business activities and its output

Directly related to external environment not controlled by an org

Output: the result form org business activities may be products and services by
products or waste

Guiding Principles:

 Strategic focus and future ordination


 Connectivity of information
 Stakeholders relationship
 Materiality
 Conciseness
 Ratability and completeness
 Constancy and comparability

Content Elements:

Each integrated report contains nine content element

Content elements are interrelated

1- External environment
2- Governance
3- Strategy and resources allocation
4- Business model
5- Risk and opportunities
6- Performance
7- Outlook
8- Basis of presentation
9- General reporting and guidance

The benefits of IR include:

1- Discipline reports on nonfinancial information


2- Understanding the relation between financial information and non-financial
information better decision making
3- Lower reputational risk
4- Greater employee engagement
5- Customer who care about suitability are committed
6- Improve internal measurement and control system for improving timely and non-
financial information
7- Better communication about org performance mission vison and position
8- Communicate vision and how to address non-financial challenge
Challenges:
1- Require support from BOD and management
2- Reporting non-financial has no reporting standard
3- Assurance opinion necessary
4- Internal control over non-financial is effective as over financial
5- Its require collection and analyzing non-financial data which initials investment
in new information system
6- Understanding what is materiality is very challenging
7- Specialized with analytical skills need to be brought to make sense of data
8- Integrated reporting may cause disclosure of property information and
competitive information.
Cost

Costing Techniques
Product costing: involves accumulating, classifying and assigning DM, DL and FOH to
products, jobs and service

1- The cost accumulation method to use (job order or process order)


2- Allocation method to be used (VBC, ABC)
3- measurement method to use in allocating costs to units manufactured (standard,
normal, or actual costing)

All systems (accumulation, allocation or measurement are interrelated)

Cost Measurement Systems:

1) Actual Costing: is the recording of actual product cost based on actual cost of
material, labor and OH
Actual costing is practical only for job order costing for the same reasons that
normal costing is practical only for job order costing

2) Standard Costing: Standard, or planned, costs are assigned to units produced


(output)
The standard cost of producing one unit of output is based on the standard cost
for one unit of each of the inputs required to produce that output unit, with each
input multiplied by the number of units of that input allowed for one unit of
output.
Direct materials and direct labor are applied to production by multiplying the
standard price or rate per unit of direct materials or direct labor by the standard
amount of direct materials or direct labor allowed for the actual output
4- Normal Costing: direct materials and direct labor costs are applied at their actual
rates multiplied by the actual amount of the direct inputs used for production.
And overhead is predetermined annual manufacturing overhead rate, called a
normal or normalized rate multiplied by the actual amount of the allocation base
that was used in producing the product
Normal costing is not appropriate in a process costing environment because it is
too difficult to determine the actual costs of the specific direct materials and
direct labor used for a specific production run. Normal costing is used mainly in
job costing
ACTIVITY-BASED COSTING
ABC: is a mathematical process It requires identification of the costs to be allocated,
followed by some manner of allocating them to departments, processes, products, or
other cost objects

ABC can be applied to both manufacturing and nonmanufacturing overheads. It can


also be used in service businesses.

a methodology that measures the cost and performance of activities, resources,

and cost objects based on their use. ABC recognizes the causal relationships of cost

drivers to activities.”

ABC is a costing approach that assigns costs to cost objects, based on consumption of
resources caused by activities

resources are assigned to activities and activities are assigned to cost objects based on
the activities’ use

Steps in ABC:

1- Identification and classifying of activities involved in the production process


according to cost hierarchy
 Unit level activities
 Batch level activities
 Product sustaining activities: irrespective of the level of production
 Facility sustaining activates
2- Identification and accumulation of total costs of each activity;
Assign the costs of resources to the activities This is termed first-stage allocation
Once the resources have been identified, resource drivers are designated to
allocate resource costs to the activity cost pools
3- Identification of the most appropriate cost driver for each activity
The final step in enacting an ABC system is allocating the activity cost pools to
final cost objects. This is termed second-stage allocation.
4- Calculation of total units of the cost driver relevant to each activity;
5- Calculation of the activity rate i.e. the cost of each activity per unit of its
relevant cost driver
6- Application of the cost of each activity to products based on its activity usage by
the product.

Activity-Based Management: The linkage of product costing and continuous


improvement of processes is activity-based management (ABM). It encompasses driver
analysis, activity analysis, and performance measurement
Benefits of ABC:
1- More accurate product cost which lead to more accurate profitability
2- Better cost control which helps to improve product
3- Helps to reduce distortions caused by traditional cost allocations (productcost
cross-subsidization)

Limitations of ABC:
1. Sometimes finding a specific activity that causes the cost, might not be practical
2. General practice of ABC do not conform to GAAP,
3. Very expensive to develop and very time consuming
4. Generates vast amounts of information while too much information can mislead
managers

Steps in Traditional costing:


1- Direct labor and direct materials are traced to products or service units.
2- Accumulating costs in general ledger accounts (utilities, taxes, etc.) 3)
3- Using a single cost pool to combine the costs in all the related accounts
4- Selecting a single driver to use for the entire indirect cost pool
5- Allocating the indirect cost pool to final cost objects.

Limitations of traditional costing systems:


1- under costs low volume products and over costs high volume products
2- Distorted inventory measurement
3- Unrealistic pricing
4- Ineffective resource allocation
5- Incorrect product-line decisions

LIFE-CYCLE COSTING

Life-cycle: approach to budgeting estimates a product’s revenues and expenses over its
entire sales life cycle.
The product life cycle has five phases:
1- Research and development: this phase is characterized with no sales and high
cost
2- Introduction: this phase is characterized with few competitor and low profit
high cost and low sales
3- Growth: number of competitor increase but does nor peak, the opportunity for
cost reduction is high because of production volume increase
4- maturity: sales growth decline and competitor are most numerous
5- The number of competitors decreases in the decline stage.
Life-cycle costing takes a long-term view of the entire cost life cycle, also known as the
value chain.

Not GAAP as it includes nonmanufacturing costs in the product costing


Total cost for a product’s life cycle = manufacturing costs + nonmanufacturing costs =
value chain

Life cycle be used in cost planning and pricing decisions, provides a better measure
for evaluating the performance of product managers, combines all costs and revenues
for all periods to provide a better view of a product’s overall performance.

Whole-life cost: equals the life-cycle cost plus after-purchase costs

Life-cycle and whole-life cost concepts are associated with target costing and target
pricing

Target costing: is the practice of calculating the price for a product by adding the
desired unit profit margin to the total unit cost. It is an adjunct concept of target
pricing.

Value engineering: is a means of reaching targeted cost levels, systematic approach to


assessing all aspects of the value chain cost buildup for a product.

Cost allocation
Four criteria are used to allocate costs:

1- Cause and effect should be used if possible because its objective and acceptance
by operating management
2- Benefit received: most frequently used alternative when cause and effect cannot
be determined, its require an assumption about benefit of cost
3- Fairness is sometimes mentioned in government contracts but appears to be
more of a goal than an objective allocation base.
4- Ability to bear (based on profits) is usually unacceptable because of its
dysfunctional effect on managerial motivation

Shared services: are administrative services provided by a central department to the


company’s operating units.

For internal decision-making, the costs of shared service departments need to be


allocated to the operating departments that use their services in order to calculate the
full cost of operations or production.

Three approaches are used to allocate the costs of service departments to other
departments:

1- The direct method


- Simplest and most common but least accurate
- all service department costs are allocated directly to production
departments only
- ignoring service rendered among service departments
- Service department costs are allocated to production departments based on
an allocation base appropriate to each service department’s function

Total cost of production departments after allocation = cost of production departments


+ cost of service departments

2- Step down method:


- some of the costs of services rendered by service departments are allocated
to each other
- Highest percentage / greatest number / greatest dollar service department
cost will be allocated to service department below it + the production cost
as well
3- The reciprocal method:
- simultaneous solution method, cross allocation method, matrix allocation
method, or double distribution method,
- Most accurate but most complex

Dual Rate allocation:

Two separate rates for fixed costs and variable costs, which is vital for some certain
internal decisions.

The criteria for choosing the cost allocation method to the SBUs:

- Motivate managers
- Provide an incentive
- Provide fair evaluation
- use Dual Allocation

Joint products
Joint (common) costs: costs incurred up to the point where the products become
separately identifiable, called the split-off point.

Not separately identifiable, they must be allocated to the individual joint products

Separable costs: can be identified with a particular joint product and allocated to a

specific unit of output

Byproducts: the low-value products that occur naturally in the process of producing
higher value products, accidental results of production process

- Inventoried sales value deducted from joint cost


- Non Inventoried not deducted from joint cost
Joint cost allocation:

1- Physical measure based approach: employee physical measure such as volume,


weights or a physical measure
- All out put must have the same unit measurement
- "Average Cost method” - “Quantitative method”
- Allocation is done based on physical unit measure of out put
- Each product is allocated the same amount of joint cost per unit of measure
- The total joint cost is divided by the total number of units of all of the joint
products produced to calculate average cost per unit
- that average cost per unit is multiplied by the number of units of each product
produced

Advantages:

- Easy to use
- Objective creation of allocation

Disadvantage:

- Ignore revenue capability of each product


- Each product has its own unique physical measure

2- Market based approach:


 Sales value at split off:
- called gross market value or sales value method
- joint costs are allocated on the basis of the sales values of each product at
the split off point, relative to the total sales value of all the joint products.
- only if all of the joint products can be sold at the split off point
- These allocations are performed using the entire production run for an
- accounting period, not units sold.
Advantages:
- Easy to use
- costs are allocated according to the individuals’ product revenue
Disadvantage:
- Market prices may be changing constantly
- Sales price at split off point not available
 Net realizable value (NRV):
- can be used if one or more of the joint products must be processed
beyond the split off point in order to be sold.
- when selling prices for one or more products at split off do not exist
- All separable costs necessary to make the product salable are subtracted
before the allocation is made.
- Estimated NRV = final sales value – additional cost (separable cost)
Disadvantages
- more difficult to calculate
- based on an estimated value
 Constant Gross Profit (Gross Margin) Percentage method:
- Determine the overall gross-margin percentage.
- Subtract the appropriate gross margin from the final sales value of each
product to calculate total costs for that product.
- Subtract the separable costs to arrive at the joint cost amount.

Just in Time (JIT)

Lean system/demand pull system/comprehensive production & inventory system

A comprehensive production and inventory system that purchases or produces


materials and parts only as needed and just in time to be used at each stage of the
production process

Demand-pull manufacturing system in which each component in a production line is


produced as soon as and only when needed by the next step in the production line.

Just-In-Time Inventory management systems: are based on a manufacturing


philosophy that combines purchasing, production and Inventory control into one
function.

The five principles of lean manufacturing:

1- Value: identify feathers of the product or service that are valuable for the
customer.
2- Value stream requires (1) examining every process within the production of a
product, (2) identifying processes that add value, and (3) removing processes (if
possible) that do not add value
3- Flow and poll
4- Empowerment: provides each employee with the knowledge and authority to
make valuable and timely decisions
5- Perfection: focuses on making incremental improvement in each process with
perfection as the goal.

JIT Goals:
1. Meet customer demand in a timely manner
2. With high-quality products
3. At the lowest possible cost
Objectives:
1. The ultimate goal is increased competitiveness and higher profits.
2. Higher productivity & improved quality
3. reduced order costs as well as carrying costs
4. shorter manufacturing cycle times
5. faster and cheaper setups
6. better due date performance
7. more flexible processes are objectives of JIT methods.
JIT (demand/lean) system:

Demand-pull feature requires close coordination between workstations.

1- JIT is a pull system, i.e., items are pulled through production by current demand,
not pushed through by anticipated demand
2- inventory levels to be minimized Counting, handling, and storing inventory are
viewed as nonvalue-added, indeed, carrying inventory is regarded as a symptom
of correctable problems
3- Close relationships with a few carefully chosen suppliers who are extensively
involved in the buyer’s processes.

Implementing JIT: the factory is reorganized around what are called manufacturing
cells (Cells are sets of machines, often grouped in semicircles, that produce a given
product or product family)

Each worker in a cell must be able to operate all machines, workers might often be idle
if they are not multi-skilled

Characteristics of JIT:

1- workers must be multi skilled


2- coordinated work cells
3- Reduced setup times
4- Reduced manufacturing lead time
5- Reliable suppliers On time deliveries of high quality goods and frequent deliveries
of smaller amount of inventory that’s why it causes a reduction in number of
suppliers

Role of Kanban Developed by the Japanese Toyota Motor, visual workflow


management system

Kanban means ticket. Tickets (also described as cards or markers) control the flow of
production or parts so that they are produced or obtained in the needed amounts at
the needed times.

1- A withdrawal Kanban: states the quantity that a later process should withdraw
from its predecessor
2- Production Kanban: states the output of the preceding process
3- Vender Kanban: tells a vendor what, how much, where, and when to deliver

Advantages / benefits:
1- Reduced ordering cost as well as carrying cost
2- Reduce set up cost
3- Improving quality by eliminating causes of rework, scrap & waste
4- Lower investments in space
5- Utilized with Backflush which is less costly as a costing system
Disadvantages:
Increased risk of stock out cost, as it reduces or eliminate the inventory buffer
Not appropriate for high-mix manufacturing environments
JIT lot sizes based on immediate need while traditional (push) system lot sizes based
on formulas
Notes:

- traditional inventory planning views inventory as an asset.


- JIT views inventory as a liability and limits output to the demand of the
subsequent operation
- Reductions in inventory levels result in less money invested in idle assets;
reduction of storage space requirements; and lower inventory taxes,
pilferage, and obsolescence risks.
- High inventory levels often mask production problems because defective
parts can be overlooked when plenty of good parts are available.
- The focus of quality control under JIT shifts from the discovery of defective
parts to the prevention of quality problems, so zero machine breakdowns
and zero defects
- Higher quality and lower inventory go together
- Buyer-supplier relationships are facilitated by electronic data interchange
- lower inventory levels associated with a JIT (lean) system is elimination of
the need for certain internal controls
- JIT also may eliminate central receiving areas, hard copy receiving reports,
and storage areas.
- The quality of parts provided by suppliers is verified by use of statistical
controls rather than inspection of incoming goods
- Lean resource management techniques take a horizontal perspective of an
organization

ENTERPRISE RESOURCE PLANNING AND OUTSOURCING


ERP: is an approach to inventory management that uses computer software to help
manage a manufacturing process systems, determine what raw materials to order for
production, when to order them, and how much to order

MRP is a “Push- through” system that manufactures finished goods for inventory based
on demand forecasts.

Short-range (tactical or operational) plans must be converted into specific production


targets for finished goods

The raw materials going into the creation of these end products must be carefully
scheduled for delivery

Master Production Schedule (MPS): indicate the quantities and timing of each part to
be produced.
The three overriding goals of MRP: are the arrival of the right part, in the right
quantity, at the right time.

Bill of Materials (BOM): a record of which how many subassemblies go into the
finished product. The system then generates a complete list of every part and
component needed.

Lead time: is the amount of time between when a process starts and when it is
completed.

Premises underlying MRP include:


1- Demand forecasts
2- Detailed material order
3- Detailed production order
4- Master production schedule
Benefits:
1- Less required coordination between functional eras
2- Lowe setup costs
3- More efficient inventory control
4- Quick response to customer demand
5- Additional inventory
6- Lowe idle time
7- predictable raw material
8- increase flexibility to market change

Limitation:
1- Potential inventory accumulation Workstations may receive parts that they are
not ready to process

Manufacturing Resource Planning (MRP II)

Closed-loop manufacturing system that integrates all facets of a manufacturing


business, including production, sales, inventories, schedules, and cash flows
The same system is used for both the financial reporting and managing operations

Manufacturing and non-manufacturing

Including functions such as production, sales, inventories, schedules, and cash flows
Traditional Enterprise Resource Planning (ERP)
ERP is a software platform that is used to plan and keep records of resources
including:
1- Finance
2- Labor capabilities and capacity
3- Inventory
4- assets
What hiring decisions might need to be made or whether a company should invest in
new capital assets
ERP: system is one in which subsystems share data and coordinate their activities.

ERP is intended to integrate enterprise-wide info rmation systems across the


organization by creating one database linked to all of the entity’s applications.

The subsystems in a traditional ERP system are internal to the organization. Thus, they
often are called back-office functions. The information produced is principally (but not
exclusively) intended for internal use by the organization’s managers.

Because ERP software is costly and complex, it is usually installed only by the largest
enterprises. However, mid-size organizations are increasingly likely to buy ERP
software

Separate financial and nonfinancial systems have the increased potential to experience

1- Different reporting results


2- Inefficiencies
3- A lack of standardized purchasing among departments

The advantages of developing a traditional ERP system are similar to those derived
from business process reengineering:

1- Using ERP software that reflects the best practices forces the linked subunits in
the organization not only to redesign and improve their processes but also to
conform to one standard.
2- An organization may wish to undertake a reengineering project before choosing
ERP software. The project should indicate what best practices already exist in the
organization’s processes. This approach may be preferable for a unique
enterprise in a highly differentiated industry
3- The processes reflected in the ERP software may differ from the organization’s
4- Customizing the ERP software is expensive and difficult, and it may result in bugs
and awkwardness when adopting upgrades.

The disadvantages of traditional ERP


Its extent and complexity, which make customization of the software difficult and
costly

Current Generation of ERP


Front-office functions, which provide the capability for smooth interaction with the
business processes of external parties such as customers, suppliers, shareholders or
other owners, creditors, and strategic allies

ERP II system has the following interfaces with its back-office functions:
1- Supply-chain management applications for an organization focus on relationships
extending from its suppliers to its final customers.
2- one organization’s supply chain is part of a linked chain of multiple organizations
3- Supply chain management involves a two-way exchange of information
4- Customer relationship
5- Partner Relationship connect the organization not only with such partners as
customers and suppliers but also with owners, creditors, and strategic allies

Advantages of a Current ERP System:


1- Better management of liquid assets
2- Lower inventory cost
3- Reduced labor costs and greater productivity
4- Enhanced decision making
5- Eliminate data redundancy, centralization of data, and protection of data
integrity
6- More rapid and flexible responses to changed circumstances
7- More effective supply chain management
8- integration of global operations
9- Standardization and simplification of the decision-making process
10- Increased customer satisfaction

Disadvantages of a Current ERP System:

1- Losses from an unsuccessful implementation


2- Purchasing hardware, software, and services
3- Data conversion from legacy systems to the new integrated system
4- Training
5- Design of interfaces and customization
6- Software maintenance and upgrades
7- Salaries of employees working on the implementation

Implementation of ERP

1- The initial step is to do strategic planning


2- The second step is to choose ERP software and a consulting firm.
3- The third and longest step is implementation.

Implementation is not the final step. Follow-up is necessary to monitor the activities of
employees who have had to change their routines.

Training should be provided during implementation not only regarding technical


matters but also to help employees understand the reasons for process changes.
Outsourcing

Outsourcing: related to make or buy decision Purchasing goods and services from
outside vendors rather than producing these goods or providing these services

When a company outsources, an external company performs one or more of its


internal functions.

Benefits:

1- Focus on primary operation and strategic revenue generating activates


2- It may be cheaper and gaining capabilities without incurring OH costs
3- Improve efficacy
4- Avoiding obsolescence

Limitations:

1- Loss of in house expertise


2- Lead to less flexibility
3- Reduce process direct control
4- Giving knowledge away
5- Create privacy and confidently issues

Theory of constraints (TOC) & Throughput costing


Systems to improve human thinking about problems. It has been greatly extended to
include manufacturing operations

The basic premise of TOC as applied to business is that improving any process is best
done not by trying to maximize efficiency in every part of the process, but by focusing
on the slowest part of the process, called the constraint (limitation)

Increasing the efficiency of processes that are not constraints merely creates backup in
the system.

Constraint = bottleneck

Throughput: is the product produced and delivered

Throughput time: is the time that elapses between the receipt of the customer’s order
and the shipment of the order = manufacturing lead time = manufacturing cycle time

Throughput contribution = Revenue – DM (Super variable costing/totally variable) and


other extremely variable costs such as selling commissions.

All other manufacturing costs are ignored because they are considered fixed in the
short run. The main goal is trying to maximize the contribution through the constraint
Operating expenses: money spent to convert inventory into throughput

The steps in a TOC analysis are as follows:

1- Identify the constraint: The step that has the smallest capacity, were it is that
production slows down, where work-in-process backs up the most.
2- Determine the most profitable product mix given the constraint:
maximizing the contribution of the constraint called the throughput margin or
throughput contribution.
This short-term focus may be contrasted with the long-term focus of activity-
based costing. It considers all costs as a basis for strategic pricing and profit
planning.
TOC thus helps managers to recognize that the product they should produce the
most of is not necessarily the one with the highest contribution margin per unit of
product, but the one with the highest throughput margin per unit of time;
managers must make the most profitable use of the bottleneck operation
Only direct materials are considered to be an inventory cost
Operating costs: all other manufacturing costs other than DM (including DL costs)
are considered:
- Fixed costs & - Period costs
As it is difficult to change in the short-run
Therefore, throughput costing is the most less incentive to produce for inventory

3- Maximize the flow through the constraint or maximizing the throughput


contribution:
The short-term, we need to make certain that the constraint is always operating,
TOC encourages a manager to make the best use of the bottleneck operation.
Exploit the constraint by always producing the right product, which has the
highest contribution through that constraint Production flow through a constraint
is managed using the drum-buffer-rope (DBR) system.

Drum: is the constraint itself, it gives the beat that the entire operation needs to run
according to
Buffer: mini WIP before the constraint provide as protection against delays that would
delay the drum, maintained to ensure that it is always in operation.
Rope: the sequence of processes prior to and including the constraint

4- Increase Capacity at the Constraint:


In the short run, TOC encourages a manager to make the best use of the
bottleneck operation.
The medium-term step for improving the process is to increase the bottleneck
operation’s capacity.
5- Redesign the Manufacturing Process for Greater Flexibility and Speed:
The long-term solution is to reengineer the entire process.
The firm should take advantage of new technology, product lines requiring too
much effort should be dropped, and remaining products should be redesigned to
ease the manufacturing process.
Exploiting the constraint typically does not increase capital investments; elevating
the constraint does.

Capacity Planning

Capacity planning is an element of strategic planning that is closely related to capital


budgeting.

maximizing the value created within an organization starts with understanding the
nature and capabilities of all of the company’s resources.

Effective capacity cost management requires:

1- Investment analysis
2- Capacity assessment
3- Manufacturing Process Assessment

Capacity planning is part of the capital budgeting process: Estimating capacity levels for
future periods allows for the acquisition of more capacity when needed or disposal of
capacity that is not expected to be utilized.

Capacity level influences product costing, pricing decisions, and financial statements.

Excess capacity has a cost. Having excess capacity means that a company will either
have to charge higher prices for its products or report lower income on its financial
statements.

producing at full capacity can have a cost in the form of opportunity costs.

A company that could generate additional sales if it had more capacity needs to
address whether the acquisition of additional capacity is warranted .

Capacity Expansion

Capacity expansion is also referred to as market penetration because it involves


increasing the amount of an existing product in an existing market.

whether to expand capacity is a major strategic decision because: capital required, the
difficulty of forming accurate expectations, and the long timeframe of the lead times
and the commitment

Under capacity in a profitable industry tends to be a short-term issue. Profits ordinarily


lure additional investors.
Overcapacity tends to be a long-term problem because firms are more likely to
compete intensely rather than reverse their expansion.

The formal capital budgeting process entails predicting future cash flows related to the
expansion project, discounting them at an appropriate interest rate, and determining
whether the net present value is positive. This process permits comparison with other
uses of the firm’s resources.

Porter’s model of the decision process for capacity expansion has the following
interrelated steps:

1- The firm must identify the options in relation to their size, type, degree of vertical
integration (if any), and possible response by competitors.
2- The second step is to forecast demand, input costs, and technology
developments.
3- The next step is analysis of competitors to determine when each will expand.
4- the firm predicts total industry capacity and firms’ market shares.
5- testing for inconsistencies

VALUE-CHAIN ANALYSIS
Value chain: is a model for depicting the way in which every function in a company
adds value to the final product (a firm’s overall chain of value-creating processes)

Customer retention is an important objective of value-adding and profit-maximizing

processes because the customer base is a key intangible asset.

Customer relationship management optimizes customer equity by managing


information about individuals and their “touchpoints” for the purpose of maximizing
customer loyalty

Value-chain analysis: is a strategic analysis tool that allows a firm to focus on those
activities that are consistent with its overall strategy.

 The producer can affect the customers’ perception of value by differentiating the
product and lowering its price
 by keeping costs low, the producer has more flexibility in pricing
 A value-added activity increases the value of a product or service to the customer.
 A nonvalue-added activity does not increase the value of a product or service to the
 customer even if this activity is necessary
 Direct costs usually are classified as either value-added or nonvalue-added

Steps in value-chain analysis:


Identifying the activities that add value to the finished product
Identify the cost driver for each activity
Develop a competitive advantage by adding value to the customer or reducing the
costs of the activity

Primary Activates: Deal with the product directly


Support activities: lead to aid primary actives: HR, Information technology, Contract
management. Inventory management, Plant maintenance

Value-chain and supply-chain analysis should be used to meet customer requirements


such as:
1- Cost reduction
2- Efficiency
3- Constant innovation
4- Continuous improvement of quality to meet customer needs and wants
5- Minimization or elimination of defects
6- Faster product development and customer response time
Value engineering is a means of reaching targeted cost levels. It is a systematic
approach to assessing all aspects of the value chain cost buildup for a product. The
purpose is to minimize costs without sacrificing customer satisfaction.

Cost incurrence is the actual use of resources,

locked-in (designed-in) costs will result in use of resources in the future because of
past decisions.

Life-cycle costing: Life-cycle costing is sometimes used as a basis for cost planning and
product pricing.

Life-cycle costing estimates a product’s revenues and expenses over its expected life
cycle. Emphasis is on the need to price products to cover all costs, not just production
costs.

Process Analysis

Process analysis: is a means of linking internal process to a firm overall strategy


Types of Processes
1- continues
2- Hybrid
3- Batch
4- Make to order
5- Make to stock

Process analysis: incremental & constant changes to improve efficiency linkage of


quality, productivity and process improvement

Once a process has been analyzed, the information gained from the analysis can be
used to make operating decisions.
Tightness: The degree of interdependence among the stages in a process

1- Tight process: is one in which a breakdown in one stage brings the succeeding
stages to a halt
2- Loss process: is one in which subsequent stages can continue working after a
breakdown in a previous stage

Process value analysis: is a comprehensive understanding of how an organization


generates its output. It involves a determination of which activities that use resources
are value-adding or nonvalue-adding and how the latter may be reduced or eliminated.

This linkage of product costing and continuous improvement of processes is (ABM).


ABM redirects and improves the use of resources to increase the value created for
customers and other stakeholder

Strategic analysis: explores various ways a company can create and sustain a
competitive advantage in the marketplace.

Operations analysis seeks to identify, measure, and improve current performance of


key processes and operations within an entity

Profitability/pricing analysis: assists a company in analyzing the costs and benefits of


products and processes and prelaunch analysis and improvement of product
profitability.

Process improvement focuses on identifying the causes of variation, waste, and


inefficiency. Process improvement includes both incremental and quantum change
efforts that seek to increase the value created per resources consumed by an
organization.

Continuous improvement process (CIP) is an ongoing effort involving management and


workers to improve products, services, or processes.

Kaizen is the Japanese word for the continuous pursuit of improvement in every aspect
of organizational operations.

Key features of Kaizen include the following:

1- improvements are based on many small changes rather than the radical changes
that might arise from research and development.
2- ideas come from the workers themselves, so they are less likely to be radically
different and therefore are easier to implement.
3- Small improvements are less likely to require major capital investment than
major process changes.
4- All employees, including management, should continually seek ways to improve
their own performance
5- Workers are encouraged to take ownership of their work and can help reinforce
teamwork, thereby improving worker motivation.
An activity analysis determines what is done, by whom, at what cost in time and other
resources, and the value added by each activity.

Financial and nonfinancial measures of activity performance address efficiency, quality,


and time.

Business Process Reengineering (BPR): is a complete rethinking of how business


functions are performed to provide value to customers
Destroy all and build all new contrasted with process improvement
Dramatic improvement not incremental change
Radical innovation instead of mere improvement, and a disregard for current jobs,
hierarchies, and reporting relationships.

Reengineering is process innovation and core process redesign. Instead of improving


existing procedures, it finds new ways of doing things. Thus, reengineering should be
contrasted with process improvement, which consists of incremental but constant
changes that improve efficiency

BPR techniques eliminate many traditional controls, modern technology to improve


productivity and decrease the number of clerical workers

looking at possible alternatives and determining the cost of those possible alternatives
compared to the costs of maintaining the same processes

To do BPR, the management accountant must determine


a) The cost to reengineer the process, and
b) The expected saving
BPR developing controls that are:
1. Automated
2. Self-correcting
3. Minimal human intervention

Benchmarking: is a methodology that identifies an activity as the standard by which a


similar activity will be judged.
Evaluating the practices of best-in-class organizations and adapting company processes
to incorporate the best of these practices
an ongoing process that entails quantitative and qualitative measurement of the
difference between the company’s performance of an activity and the performance by
the best in the world.
The benchmark organization need not be a competitor.

Benchmarking process:
1- Select and prioritize benchmarking projects.
2- Organize benchmarking teams
3- The benchmarking team must thoroughly investigate and document internal
processes.
4- Researching and identifying best-in-class performance is often the most difficult
phase.
5- The data analysis phase entails identifying performance gaps, understanding the
reasons they exist, and prioritizing the key activities that will facilitate the
behavioral and process changes needed to implement the benchmarking study’s
recommendations
6- Leadership is most important in the implementation phase of the benchmarking
process because the team must be able to justify its recommendations.
7- Benchmarking is a way for a company to learn its strengths and weaknesses by
comparison to similar companies

Additional benefits of benchmarking include


1- Best practices are identified and defined.
2- Alternative solutions are evaluated.
3- The competitive position is strengthened.
4- The company goals are questioned.
5- More people are held responsible for their performance.

Costs of Quality: The costs of quality include not only the costs of producing quality
products, but they also include the costs of not producing quality products

Over the long term, not producing a quality product is more costly than producing a
quality product because lack of quality causes loss of customers.

Conformance costs: these are the costs making certain that the product is produced
properly in accordance with all production specifications

Financial measures of internal performance

Prevention: attempts to avoid defective output. These costs include preventive


maintenance, employee training, review of equipment design, and evaluation of
suppliers.
Appraisal encompasses such activities as statistical quality control programs,
inspection, and testing
Nonconformance costs: are the costs that incurred after a defective unit has been
produced
Internal failure (did we find the defect?) costs occur when defective products are
detected before shipment, examples are scrap, rework, tooling changes, downtime,
redesign of products or processes, lost output, and searching for and correcting
problems
External failure: (did the customer finds the defect after he delivered the product?) or
lost opportunity include lost profits from a decline in market share as dissatisfied
customers make no repeat purchases, return products for refunds, cancel orders, and
communicate their dissatisfaction to others, thus, external failure costs are incurred for
customer service complaints;
Environmental costs are also external failure costs, e.g., fines for no adherence to
environmental law and loss of customer goodwill.
Total Quality Management (TQM)

TQM’s goals are to both reduce costs and improve quality, and code is simple in

achieving these goals is by “Do it right the first time”

 Enhanced and consistent quality of the product or service


 Eliminate non value added cost
 Timely and consistent responses to customer needs
 Quick adaptation and flexibility in response to the shifting requirements of
customers

Efficient accounting processes:


Improving accounting processes can increase a company’s ability to minimize the costs
of these processes while also maximizing their usefulness
Used technique such as:
 Process walk-throughs
 Process training
 Identification of waste and over-capacity
 Identifying the root cause of errors
 Reducing the accounting close cycle
 Shared services
Internal Control
Corporate Governance
Corporate Governance: Business direction and control
- Rules, regulations, process, policies, procedures, institutions and law that
affect the way the business is administrated
- Governance apply to an org from top to down
- How the company behave to achieve goals and to make decisions
- Agency problem arise when shareholder of corporation assign manger that
are different people with different Goals, priorities and concern
- corporate governance specifies the distribution of rights and responsibilities
among the various parties with conflicting priorities and concerns in an effort
to mitigate the agency problem and bring about congruence between the
goals of the shareholders and the goals of the agents.
- Strategies of business rely on measuring risk & risk management and that
relies on internal controls. (all are interconnected)
Principles of Good Governance:
1- Board purpose: protect the interest of the corporation shareholders while
consider other interests
2- Board responsibility:
 Monitoring CEO, risk and internal control
 Overseeing strategies, process, plans and goals
3- effective interaction among the board, management, the external auditor,
the internal auditor, and legal counsel.
4- Independence – An “independent” director has no current or prior
professional or personal ties to the corporation or its management other
than service as a director.
5- Expertise and Integrity: the directors should reflect a mix of backgrounds and
perspectives and detailed orientation, Continuing education and integrity
6- Leadership: BOD and CEO should be separate
7- Committees – The audit, compensation and governance committees of the
board should have charters, authorized by the board, that outline how each
committee will be organized
8- Meetings and Information – The board and its committees should meet
frequently for extended
9- Internal Audit – All public companies should maintain an effective, full-time
internal audit function that reports directly to the audit committee
10- Compensation – The compensation committee and full board should
carefully consider the compensation amount and mix for executives and
directors.
11- Disclosure: activities and transactions in a transparent and timely manner
12- Proxy statement: long term shareholders
13- Monitoring: Regular evaluation procedures of BOD, CEO and its committees
Source of corporate Governance
Where all policies, procedures, regulations and laws come from
1- The corporate charter “Articles of Incorporation” or “Certificate of
Incorporation,” Details the following
 The name of the corporation
 The length of the corporation’s life, which is usually perpetual
(meaning forever).
 Its purpose and the nature of its business.
 The authorized number of shares
 Provision for amending the articles of incorporation.
 Whether or not existing shareholders have the first right to buy new
shares when shares are going to be issued.
 The names and addresses of the incorporators
 The names and addresses of the members of the initial board of
directors
 The name and address of the corporation’s registered agent
New corporation carried out
- Incorporators resign
- Elect BOD if they are not named in the article
- BOD meet to complete the organization structure
The org structure
Adopt laws
Elect officers
Select corporate bank
Any consideration for doing business in other states
Select corporate seal
Ratification of contracts
Accept or reject stock subscription
Form of certificate that will represent shares

2- Board of directors: No material relationship with the company


 ensure that the company is operated in the best interest of the
shareholders
 provide governance, guidance and oversight to the management of
the company
 Selecting and overseeing management
 determine the capital structure
 initiate fundamental changes
 declare dividends
 add, amend and repeal bylaws
 the board determines what it expects from management in terms of
integrity and ethics and it confirms its expectations in its oversight
activities.
 The board has authority in key decisions and plays a role in top-level
strategic objective-setting and strategic planning
 Board members should investigate any issues they consider
important
BOD duties:
I. governing duties: setting corporate policies
II. fiduciary duty: fiduciary in behalf of other stockholders
III. loyalty duty: A) disclosure of any deals with the corporate, and
B) not to usurp any corporate opportunity
3- Chief executive officer CEO:
 Independent of BOD
 Day to day governance function
 Should not serve as a chairman of BOD

4- Audit Committee
 a subcommittee of board of directors
Requirements:
1- The audit committee is to consist of at least three members.
2- All members of the audit committee must be independent
3- at least one member of the audit committee must be a financial expert.
4- All members of the audit committee must be financially literate
Responsibilities:
1) Selecting and nominating the external auditor, approving audit fees, supervising
the external auditor
2) being intermediary between management, the external auditor and the internal
auditor.
3) review the scope, plan and results of the external and internal audit.
4) review evaluations of internal controls.
5) review the work of the internal auditors.
6) review the interim and annual financial statements

Internal Control
COSO (Committee of sponsoring organization of Tredway commission)
Internal control: Process affected by the entity BOD, management and other
personal designed to provide reasonable assurance about achievement of entity
objective regarding operation, reporting and compliance.
internal control involves tradeoffs between cots and benefit, as benefit of control
system must exceed its cost
Objectives of internal control:
Reasonable assurance not absolute assurance
1- Reliability of financial Reporting
 Reliable, transparent and timely manner to SH
 Financial and non-financial
 Internal or external
2- Efficiency and effectiveness of operation: Improving
 Productivity, quality, innovation, safeguarding of assets and customer
satisfaction
3- Compliance with laws and regulation
Fundamental concepts of internal controls:
1- Purpose company achievement its objective
2- Provide reasonable assurance
3- Ongoing process
4- Affected by people
5- Internal control must be flexible to be adoptable to entity structure or
particular subsidiary and to be adoptable to any possible changes
Who is involved for Internal Control?
Everybody in the company has a duty connected to internal controls
COSO define the responsibility to maintain and assess internal controls as follows:
1- BOD: overseeing the internal control
providing governance and guidance making certain that good controls are in
place
2- CEO: responsibility of internal control system and the “tone at the top”
3- Senior management: delegate responsibility for establishment of specific
internal control policies and procedures to personnel responsible for each
unit’s functions.
4- Financial officers: exercise of control
5- Internal auditor: play a monitoring role, they evaluate the effectiveness of
the internal controls established by management.
6- all employees
Internal Control Components:
1- Control environment (foundation of internal control) is the basis on which
the other elements are built
Attitudes and actions of board of directors (BOD) and top management
regarding the significance of controls
Control environment principles:
a) Management philosophy: Integrity and ethical values
BOD demonstrates independence from management and exercises
oversight over internal controls.
b) organizational structure: management establishes the structures,
reporting lines, and authorities and responsibilities.
incompatible duties cannot be combined in the same job function
c) policies and procedures:
policies: general principles of the organization
procedures: represent the detailed steps in carrying out the policies
d) objectives and goals: Develop and retain competent individuals in
alignment with objectives
must be clear, realistic, well communicated and achievable
e) assignment of authority and responsibility:
Lines of reporting
Segregation of duties

2- Risk assessment: TR = IR X CR X DR
Identify and assess risk, control risk, mitigate risk
Risk can be mitigated not eliminated
Risk: Unforeseen obstacles to the pursuit of organization’s objectives
risks are internal or external also are quantitative or qualitative
Risk assessment: Process of identifying organization’s vulnerabilities
Risk analysis:
 Estimate the significance of risk
 Frequency of risk
 How the risk should be managed?
Risk management: process of designing and operating internal control
system that mitigate risks identified in the risk assessment

3- Control activities:
Policies that developed to control risk in the company and procedures to
ensure policies were be followed
Preventive controls: which try to prevent an error, mistake or problem
before entering the system, sure it is cheaper and easier highly visible Such
as fences, locked doors, security guards and segregation of duties
Detective controls: calls attention to an error that has already entered the
system but before a negative outcome
Such as petty cash count, fire alarm system
Corrective controls: correct negative outcome effect of unwanted events
Directive controls
1- Segregation of duties: reduce the risk of errors or inappropriate activities,
no single individual should have enough responsibility to be in a position
to both perpetrate and conceal irregularities.
Incompatible duties cannot be combined in the same job function
separation of 4 basic responsibilities:
a) Authorization to execute transactions
b) Recording of transactions, this person knows how much of that asset
we should have
c) Physical Custody of the recorded assets, this person knows how
much we actually have
d) Periodic reconciliation: reconciliation between what we should have
and what we actually have
2- Independent check and verifications Involves 2 conditions:
 No involvement of assets custody
 Unconnected to original transaction
3- Safeguarding controls: Includes limit access to assets only to the
authorized personnel, whether it is direct access or indirect access
4- Sequential pre-numbered forms
5- Specific document flow
6- Compensating controls: When not possible to apply previous control
activities, then we apply compensating controls instead
7- Fraud: must be intentional, involves collusion (when two or more
individuals get around controls) and
falsification
4- Information and communication: Information needs to be obtained from
and communicated to people to allow them to perform their duties, ongoing
basis right information to right people at right time
5- Monitoring: Reviewing the controls over a time to make sure that they are
still relevant and still functioning as they were intended, to be able to comply
to all changes that might happen to technology, business, transactions, even
people
limitations of internal controls that we must be aware off:
1- can’t provide absolute assurance, only a reasonable assurance.
2- human judgement in decision-making can be faulty/wrong.
3- breakdowns can occur because of human errors.
4- management may be able to override internal controls, which will be a
problem with the “ton on the top”, a problem with the control environment
5- collusion, as two or more individuals might be able to get around internal
controls, maybe someone inside and someone outside the company

Control procedures
An evaluation reward / discipline: should be implemented to encourage
compliance with control activates
Expenditure cycle (procurement cycle)
1- Inventory control: when inventory below predetermined amount issue
purchase requisition by employee in inventory department
2- Purchasing: approve requisition and select supplier and issue purchase order
and distributor it to vender, purchasing, receiving (blind copy), archive,
accounts payable
3- Receiving: prepare receiving report and distribute it to accounts payable,
inventory control and the last one to archive
4- Accounts payable: The accounts payable have invoice from vender and
match purchase order with purchase requisition, vender and receiving report
and issue payment voucher
5- Treasure: all documents with payment voucher are reviewed and cancel
payment voucher and prepare check and remittance letter
6- Accounting: have payment voucher and record increase to AP and inventory
When accounting receive remittance letter and check record decrease to
cash and decrease to accounts payable
Types of control procedures:
Primary controls
1- Preventive controls:
2- Detective controls
3- Corrective controls: correct negative outcome of unwanted events
4- Directive controls: encourage the occurrence of desirable event policy,
operating manuals and procedures
Secondary controls
1- Compensatory controls (Mitigating controls)
Reduce risk to acceptable level when primary activates not effective
2- Complementary controls: work with other controls to reduce risk to
acceptable level
Time Based Controls:
1- Feedback controls: Report information about completed activities they
permit improvement of future performance by learning from past
mistakes
2- Concurrent controls: adjust ongoing process monitor activities in present
to prevent them from deviating too far from standard
3- Feed forward controls (preventive controls)
Financial - operating controls
People based controls: dependent on the intervention of human for their proper
operation
System based controls: executed whenever by system without human
intervention
Segregation of duties: assigning different employees to perform functions
Reduce risk of error or in appropriate activities
No individuals perpetrate and conceal errors or fraud
1- Separation of basic responsibilities:
 Authorization
 Record keeping
 Asset custody
 Reconciliation
2- Independent checks and verification (Reconciliation)
 No involvement of asset custody
 Un connected to original transaction
3- Safeguarding controls(custody)
4- Sequential pre numbered form
5- Specific document flow
Tracing: following transaction from original source of document to accounting
record
Vouching: follow transaction from accounting record to document

Revenue cycle (Sales)


1- Sales department: customer issue sales order to sales department (customer
order) and the sales department approve customer order and issue sales
order and send it to credit department and if the sales on credit send sales
order to credit department
2- Credit department: Approve sales order and issue approve sales order and
send it to sales department, Accounting, shipping and account receivables
3- Treasure
4- Shipping department: pull inventory from warehouse and prepare Bill of
landing and send it to archive, accounts receivables and one to vender to sign
on it
5- Billing(A/R): match bill of landing with sales order and issue invoice and send
it with goods, accounting and archive
6- Accounting: match bill of landing with invoice with sales order and post to GL

Revenue cycle (write off)


Sales department: prepare aging schedule and send it to credit department
credit department: follow up old accounts and initiate write off transactions and
prepare write off and send it to treasure
treasure: review and approve write off and prepare app write of and send it to
accounts receivables, accounting and archive
Account receivables: update account receivables listing
Accounting: post to GL
Cash cycle
Mailroom (reception): receive customer check from customer or remittance
advice
And separate checks from remittance advice
Prepare listing of all checks and remittance
Endorse check and send it to treasure
Send remittance letter to AR (billing)
Prepare listing of all checks and send it to Treasurer, AR, Accounting and archive
Treasure: prepare deposits and send check to bank and check deposit slip to AR
Billing (AR): match documents and up data AR
Accounting: post to GL
Inventory cycle:
1- Warehouse keeper: only authorized person can handle inventory in and out
2- Inventory in and out based on numerically sequential documentation
3- Segregation of duties warehouse keeper, receiving, shipping and purchasing
4- Inventory counted on periodic basis and reconciled to records
5- Warehouse must be protected

Payroll personal cycle


1- Personal department (HR): is responsible for authorization of employee’s
transaction Hiring, training, firing and changes of employees rates and
deduction
2- Various department (Time keeping): monitor attendance of employees and
showing hours worked absence and the transaction approved by employee’s
supervisor
3- Payroll department: receive basic salaries from personal department
Receive transactions from various department and based on information
prepare pay slip and send it to treasurer and prepare payroll tax form
Payroll department rotated periodically
4- Treasurer: prepare paycheck and CFO sign off
And responsible for distribute pay check to employees or payroll to banks
And unclaimed checks maintained by treasury
5- Internal auditor: compare personal file with payroll file

Legal aspects of internal controls


Internal controls are important and so governments are trying to make certain
that the companies that publicly traded have these internal controls
2 laws
1- The foreign corrupt practices act FCPA:
 Anti-bribery provision:
apply to all companies whether publicity traded or not
illegal to offer or authorized corrupt payment to foreign official, foreign
party chief or official or a candidate for political official in a foreign
country
it is illegal to do these payments through another
intentional whether succeed or not
 Internal control provision:
Publicity traded companies SEC
Management must develop and implement system of internal control
and management is required to maintain records and books and
accounts that represent transactions properly
Responsibility of compliance with the act is given to the company as a whole not
specific to any person or position in the company
But everyone in the organization has a duty connected to internal control
 Code of ethics/ conduct
An explanation of FCPA and penalties
The code is monitored by internal control
Firm require written responsibilities from employees that they have
read and understand previous code
2- Sarbanes-Oxley act SOX
Title I public company accounting oversight board:
Oversee auditing of public companies that are subject to the securities law
This Board:
1- Contain 5 members appointed by SEC
2- Include only one-member financial literate and from the private sector
3- Two of board members are CPA
Responsibilities:
1- Guidance to the auditor and auditing of internal control and financial
statements
2- Registration public accounting firm that audit public companies
3- Establishing standard related to audit report, quality control, ethics and
interdependence
4- Conduction inspection to public accounting firm with SOX, rules of the board,
SEC and other processional standard
5- Conduction investigation and discordancy proceeding and imposing
appropriate sanctions for violations
6- Management of operation and staff of the board
Registration – standard – inspection – investigation – management
Title II: Auditor Independence
Section 201: services outside the scope and practice of auditor
Non audit service create fundamental conflict of interest
1- Book keeping service
2- Financial information system design and implementation
3- appraisal of valuation service ‫خبير متمم‬
4- internal audit outsourcing service
5- management functions
6- HR service
7- Broker/ service, investment advisor, investing banking service
8- Legal service
9- Expert service un related to the audit
Section203 – Audit Partner Rotation
Rotate of after Remaining off for
1- Lead audit partner 5 5
2- Other audit partner 7 2
3- Specialty partner (tax valuation specialist) No rotation
4- Technical resources partner :No rotation

Section204 – Audit report to audit committee


The auditor must report the following to audit committee in timely manner
1- All critical accounting policies and practices to be followed
2- Alternative treatment of financial information within GAAP that have been
discussed with issuer management
3- Other material written communication between management of the issuer
and public accounting firm
Section 302 - Corporate Responsibility for Financial Reports
Periodic financial report signed by Two officers
1- periodic executive officer
2- Principle financial officer
There are going to certification about financial reporting and internal control

Financial reporting certification


The signing officer certify that
1- Signing officer has reviewed the report
2- Signed report does not contain material misstatement or omit any material
fact
3- Signed report fairly represent actual financial position and result of operation
Internal Control certification
Signed officer certify that
1- Establishing and maintaining internal controls
2- Knowing all related significant information to the issuer and its subsidiaries
3- Evaluating the effectiveness of internal controls as of a date within 90
days prior to issuing the signed report
4- have reported on their findings about the effectiveness of their internal
controls
Signing officer has disclosed to audit committee and external auditor:
1- Significant deficiencies or material weaknesses in internal controls
2- Any fraud incidents whether or not material
3- Indicate significant changes in internal controls

Section 404: Management Assessment of Internal Controls:


The assessment of internal control for both management and the external auditor.
Requirements of management
Guidance for management assessment
Report of management on the company’s internal control over financial reporting
SOX requires the report to:
1- Statement of management’s responsibility for internal controls.
2- Management’s assessment / evaluation of the effectiveness of internal
Controls
3- standards used in evaluating the effectiveness of internal controls such as
report of COSO
4- Statement of significant changes in internal controls after evaluation

Requirements of external auditor:


PCAOB Auditing standard guidance for external auditor
To issue an attestation report on management’s evaluation of internal controls
integrated with the audit report of the financial statements So, external auditor is
to express two opinions:
One for the audit of the financial statements, regarding:
1. Compliance in accordance with GAAP
2. Accurate transactions
Another one must report on and attest to management’s assessment of the
effectiveness of the internal controls, regarding
Significant deficiency or material weaknesses in internal controls, assist would
result in a possible material misstatement in financial statement
Both evaluation and audit are in conjunction and not separate engagement
so management does assessment (yes, our controls are good) and then the auditor
report on that assessment (yes, we agree with management).

Top-down approach: used by both:


SEC NO33-8810 guidance for management assessment
PCAOB Auditing standard guidance for external auditor
Top-down begins with a risk assessment of the overall risks to the FS,
to be sure to identify the risks to the financial statements as a whole, once
identified, then those risks are the focus of the testing

SEC NO33-8810 guidance for management assessment


The guidance is organized around two broad principles:
1- management’s evaluation of evidence about the operation of its controls should
be based on its assessment of risk.
2- management should determine whether it has implemented controls that
adequately address the risk that a material misstatement of the financial
statements would not be prevented or detected in a timely manner.

Section 407: Disclosure of Audit Committee Financial Expert:


Each issuer must disclose whether or not the company’s audit committee consists
of at least on member who is a financial expert
Disclosure of the expert:
If, one expert, must disclose that person’s name and his independence
If more than one expert, may but does not need to, disclose their names.
Definition of expert:
Education and experience as public accountant, auditor or a principal accounting
or financial officer of an issuer of publicly-traded securities, has
1- an understanding of GAAP and financial statements and the ability to assess
the application of GAAP in connection with accounting for estimates,
accruals and reserves
2- experience in the preparation or auditing of financial statements of
comparable issuers
3- Experience and understating of internal accounting controls and procedures
for financial reporting
4- an understating of the audit committee functions

The external auditors and their report


Responsibilities of external auditor:
Major responsibility of external auditor is to express an opinion on the FS.
under the PCAOB, external auditor must issue a report on internal controls
(if the engagement is about a publicly traded company).
Focuses on internal control material weaknesses, as internal control deficiencies
can result in material misstatement in the financial statement
PCAOB Auditing Standard
Audit of internal control over financial reporting integrated with audit FS
The purpose of this opinion with regard the internal controls system, is that
material weaknesses in internal controls will be found before they result in
material misstatement in financial statements and at the same time eliminate
procedures that are unnecessary

Types of external auditor’s opinions:


1- Unqualified opinion: yes, means that the financial statements are correct
that means there are no qualifications clear opinion
2- Qualified opinion: almost financial statements are almost correct except for
some items that they believe are wrong and needs correction
3- Adverse opinion: not even close the financial statements are not even close
to correct so there are so many mistakes that the financial statements are
considered to be wrong
4- Disclaimer of an opinion: no idea auditor is not given an opinion because he
has no idea because for some reason or another they couldn’t do what they
supposed to do (regarding their tests, etc.)

Audit risk: Is the risk that the audit opinion is incorrect


Audit risk is made up of three types of risks:
Inherent risk: Natural risk in the function being audited, assuming that there are
no controls
Control risk:
The risk that an internal control will not prevent or detect a material misstatement
in a timely manner.
Detection risk: The risk that the external auditor will not detect a material
misstatement, it depends mainly of the auditor’s lists, tests, experience, efforts
and amount of work to be done to reduce that detection risk.
Audit approaches:
The substantive approach: “Vouching approach” “Direct verification approach”
Testing large volumes of transactions and balances without any particular focus
The balance sheet approach: Procedures are focused on the balance sheet
account with only limited procedures on the income statement accounts
The systems-based approach: Evaluating the effectiveness of internal control
system, and focus audit on areas where it is considered that system objectives will
not be met and reduce testing on other areas
The risk-based approach: “The business risk approach” Audit resources are
directed towards those areas that may contain misstatement whether by omission
or error

Information systems controls


Objectives of information system control are similar to the objectives of overall
organizational controls
1- Reliability of financial Reporting
2- effectiveness of operation: Improving
3- Compliance Efficiency and with laws and regulation
4- Safeguarding assets
Three major goals of information security:
Availability:
Confidentiality (Secrecy): assurance the secrecy of information that could be
adversely affect the org if released
Integrity: maintained by preventing un authorized person to access or accidental
modification of program or data
Specific threats to information system:
1- errors can occur in system design
2- errors can occur in transmission of data
3- data can be stolen over the internet
4- data and programs can be damaged
5- viruses, Trojan horses and worms can infect a system, that might crash the
6- system or lead to data stolen or damaged
7- physical facilities can be damaged as well
System controls guidelines based upon two documents:
1- The report of COSO Committee of sponsoring organizations – internal control
integrated framework
2- COBIT control objectives for information and related technology, published
by ISACF
Categories of systems controls:
General controls (relate to environment transactions)
1- Organization and operation of the computer facility (including, segregation of
duties)
 Separation of basic duties and responsibilities in order to minimize to
perpetrate and conceal errors or fraud,
 Information system (IS) personnel (design, programming and maintain
computer systems) should be separated from the users of the systems,
 Responsibilities within IS personal should be separated from one another
Basic responsibilities / functions / duties:
Authorization - Record keeping - Assets custody
2- general operating procedures
3- equipment and hardware controls
4- access controls (including both, physical access and password access data
and programs
Segregation of duties in IT department
1- Network and information security: protect and monitor the company
network and information
2- System analysts: provide design specification to programmers
3- Programmers: write, test, revise and document the system not have access
to computers, programs that are in actual use
4- Librarian: maintain documentation programs not have access to equipment
5- Data base administrators: control access to various data and making program
change
6- Computer operators: not able to modify program
Application controls
Are specific to individual applications.
They should be designed to prevent, detect and correct errors in transactions,
three main categories are:
1- input controls
2- processing controls
3- output controls
4- Storage controls
Input controls: Reasonable assurance data submitted for transaction are
authorized, complete, accurate
The stage of most human involvement and highest risk errors occurring
whether input is entered is online - batch mode
Online input controls
1- Preformatting: forcing data entry to all necessary fields
2- Edit checks: prevents (also detect and correct controls) certain types
of incorrect data (Dropdown menus)
3- Limit checks certain amounts can be restricted to appropriate ranges
4- Check digits’ algorithm, Ex. Customer codes
Batch input controls:
1- Management release: batch released upon management’s review and
approval
2- Record count: batch released when number of records in the batch matches
the number calculated by the user.
3- Financial total: batch released when dollar amount of individual items
matches the amount calculated by the user
4- Hash total: the sum of a numeric field, that has no meaning by itself, can
serve as a check
Processing controls: Provide reasonable assurance that:
1. All data submitted for processing are processed
2. Only approved data are processed

Controls are built into the application code by programmers:


Validation: identifiers are matched against master files to determine existence
Completeness: to reject any record with missing data
Sequence check: logical order

Output controls:
Assurance that input and processing has resulted in valid output that output
information is complete and accurate
1. Audit trail: report of all transactions details
2. Error listings: report all transactions rejected by the system
Storage controls:
Dual write routines: store data on two separate physical devices
Validity checks: data bits’ structure validity
Storage physical controls: store hard drives in physically secure rooms and storing
portable
3- System development controls

Steering committee (composed of managers from IT and end user departments)


to:
1. Approve development projects
2. Assign resources
3. Ensure that required system developments are aligned with organizational
strategic plan
Changes to existing systems should be initiated by an end user and authorized by
management or the steering committee
Steps of information system development:
1. Changes should be made to a working copy of the program
2. Should be tested before placed in production
3. Testing must involve the use of incorrect data
4. Changed program code should be stored in secure library during the testing
5. Unauthorized changes can be detected by code comparison
4- Physical controls
Physical access: limit access to computer center only to authorized personnel or
operators
Environmental controls: the computer center should be equipped with a cooling
and heating system to maintain a year-round constant level of temperature and
humidity
5- Logical controls, access control
Authentication:
ID and passwords
1- Unique identifier
2- Difficult to guess
3- Ideally password
4- System force password to changed periodically
Authorization
Users can only access programs and data necessary to their job duties
Authority to view data but not to change

Computerized audit techniques:


Three main ways to test the integrity of the system (testing the process of the
information):
1- Test data approach: Auditor creates data that is fed through the computer
system that include both true and false data, so we need to be sure that the
false does not make it to the real system
can only evaluate programs and their processing but not the integrity of
input and output
2- - Integrated test facility (ITF): Used to test large systems that processing real-
time, use test data and fictitious data of some real accounts all processed
alongside real data, such as creating fake customer and supplier accounts in
between all other real accounts.
3- parallel simulation: Auditor is using actual client data and running it on a
computer system that the auditor knows to be working correctly, the results
are then compared, its mainly used when the audit requires auditing all the
transactions.
Internet security
A minimum level of internet security includes:
1- User account management, accounts and passwords for only authorized
people to use the system
2- Fire wall Combination of hardware and software that separate (barrier) an
internal network from an external network, such as internet
3- Anti-virus protection
4- encryption: converts data into a code, protecting against data interception
that results from people stealing our data, so even if they stole it they not
able to read it, unauthorized users without encryption key will be unable to
decode the information
Threats to information systems:
Input manipulation: intrusion into a system by exploiting a vulnerability in a
legitimate electronic portal
Sabotage: Disruption of an organization system not for personal gain but for
revenge
Viruses: are computer programs that aim to destroy data, they propagate from
One computer to another without user’s knowledge,
Worm: Similar to a virus, but it replicates itself without the use of a host file and
usually cause harm to the network
Virus hoax: Can cause you to damage your own system by deleting critical system
files that it tells you incorrectly are virus files, by email for example to advise you
to delete some files because they are viruses but they are not really virus
Logic bombs: they also destroy data while they remain on one single computer,
and often dormant until triggered by some occurrence
Trojan horses: voluntarily installed on computer by the user because they are
masquerading as programs the user wants
Backdoors IT personnel often design backdoors, while hackers search to exploit
Backdoors for their own purpose
Ransomware: hold computer files hostage and demand ransom payment
Phishing: attempt to acquire sensitive information by pretending as a trustworthy
entity
Malware: short for malicious software
Theft: require proper physical protection of computing infrastructure assets
Data theft: copying critical data such as credit card numbers and social security
information from an origination data base
Direct file alteration deliberate changes to data in a database to the intruder’s
advantage
Program alteration deliberate changes to program applications
Inherent risk of the internet:
1- Password attacks:
a. Brute-force attack: uses password cracking software
b. Trojan horses: using false website to obtain information (packet sniffers)
2- A man-in-the-middle attack:
Access to the network during a rightful user’s active session to steal data
3- Denial of service attack (DOS):
Is an attempt to overload network with so many messages so that it cannot
function
4- Distributed Denial of service attack: attack come from multiple sources
Use of data encryption:
Encryption: converts data into a code
Unauthorized users without encryption key will be unable to decode the
information
Public key encryption: use two key one for coding and another one for decoding
(Asymmetric)
Foreign key encryption: one key for coding and one for decoding (symmetric)
Flowcharts: Pictorial symbols used in internal control and systems development
Routine backup and offsite location:
Organization’s data is more valuable than its hardware as hardware can be
replaced
Each organization’s data bundle is unique
Offsite location must be temperature and humidity controlled
Disaster recovery planning: contingency planning
Two major types of contingencies
1- The data center is physically available: Power failure, viruses and hacking
incidents
Power failures: generators
Attacks such as viruses: system must be brought down “gracefully”, to halt
the spread of the infection, IT must be trained to isolate damage and bring
system back
2- Data center is not available: more serious
Caused by disasters, such as floods, fires, hurricanes, earthquakes, etc. and
this type of contingency requires alternate processing facility
1- Hot site: fully operational processing facility that is immediately available
with all required equipment and communication tools
2- Warm site: limited hardware, such as communications and networking
equipment, still need to prepare for operation running, let’s say we
have the computers but we don’t have the data.
3- Cold site: lacking most infrastructure but readily available for the quick
installation of hardware
Technology and Analytics
Database Management System

Database: is a collection of related date files combined in one location to reduce


data redundancy that can be used by different application programs and accessed
by multiple users
The most commonly used type of databases is a relational database, which is a
group of related tables. The data must be organized into a logical structure so it
can be accessed and used
Basic Database Structure:
Data is stored according to a data hierarchy, and structured in levels.
1. A data field is the first level in the data hierarchy, describes one attribute of
an item or entity in the database, a field may also be called an “attribute,” or
a “column.
2. A database record is the second level of data. contains all the information
about one item, or entity, in the database
3. A file, also called a table, is the third level of the data hierarchy, a table is a
set of common records, such as records for all employees
4. A complete database is the highest level. Several related files or tables make
up a database
Primary Key: is a data field in the record that distinguish one record from another
in the table, every record in a database has a primary key, and each primary key is
unique.
Foreign keys: connect the information in a record to one or more records in other
tables.
Entity relationship modeling: Database administrators use it to plan and analyze
relational database files and records.
Entity relationship modeling: The three most important relationship types are:
1. one-to-one
2. one-to-many
3. many-to-many
A database management system: is a software package that serves as an interface
between users and the database
Set of interrelated, centrally coordinated data files by standardizing how it is
stored, manipulated and retrieved
Functions of Database management systems:
1. Database development: DBA use DBMS to develop databases and create
database records.
The database administrator uses a database management system and a Data
Definition Language (DDL) to create a description of the logical and physical
structure or organization of the database
The structure of the database includes the database’s schema, subschemas,
and record structures.
The schema is a map or plan of the entire database—its logical structure.
The limited access for an application or a user is called a subschema or a view
Schema - Design of DB
Subschema - Use of DB
Subschemas are important in the design of a database because they
determine what data each user has access to while protecting sensitive data
from unauthorized access
2. Database maintenance: record editing, deletion, alteration, and
reorganization
A data manipulation language (DML) is used to maintain a database and
consists of insert, delete and update statements
users do not need to know the specific format of the data manipulation
commands, such as Structured Query Language (SQL).
3. Database interrogation: retrieve data from a database using query language
Structured
Query Language (SQL) is a query language, and it is also a data definition
language and a data manipulation language
4. Application development: Database management systems usually include
one or more programming languages
Enterprise Resource Planning Systems
Enterprise Resource Planning (ERP): Can help to overcome the challenges of separate
systems because it integrates all aspects of an organization’s activities-operational
as well as financial—into a single system that utilizes a single database.
ERP systems consist of the following components:
1. Production planning, including determining what raw materials to order for
production, when to order them, and how much to order
2. Logistics, both inbound (materials management) and outbound (distribution)
3. Accounting and finance.
4. Human resources.
5. Sales, distribution, and order management.
Features of ERP systems include:
1- Integration
2- Centralization
3- Usually require business process reengineering
Extended enterprise resource planning: systems include customers, suppliers, and
other business partners.
The systems interface with customers and suppliers through supply chain
management applications
Advantages of ERP Systems:
1- Integrated back-office systems result in better customer service and
production and distribution efficiencies.
2- Centralization of data
3- Day-to-day operations are facilitated. All employees can easily gain access to
real time information they need to do their jobs, the business is able to adapt
more easily to change and quickly take advantage of new business
opportunities
4- improving their ability to make business decisions and control the factors of
production.
5- Communication and coordination are improved across departments, leading
to greater efficiencies in production, planning, and decision-making
6- Data duplication is reduced and labor required to create inputs and distribute
and use system outputs is reduced.
7- Expenses can be better managed and controlled.
Disadvantages of ERP Systems:
1- Business re-engineering is usually required to implement an ERP system and
it is time consuming and requires careful planning.
2- Converting data from existing systems into the new ERP system can be time
consuming and costly and, if done incorrectly, can result in an ERP system
that contains inaccurate information.
3- Training employees to use the new system disrupts existing workflows and
requires employees to learn new processes
4- An unsuccessful ERP transition can result in system-wide failures that disrupt
production, inventory management, and sales, leading to huge financial
losses.
5- Ongoing costs after implementation include hardware costs, system
maintenance costs, and upgrade costs.

Enterprise Performance Management


Enterprise Performance Management (EPM), also known as Corporate
Performance Management (CPM) or Business Performance Management (BPM)
a method of monitoring and managing the performance of an organization in
reaching its performance goals
It is the process of linking strategies to plans and execution.
It is designed to gather data from multiple sources and consolidate it to support
performance management by automating the collection and management of
the data needed to monitor the organization’s performance in relation to its
strategy
EPM process:
making certain that everybody knows what goals and objectives are, and to be
certain that they are communicated clearly to managers, so they can be
incorporated to their plans and budgets, then periodically to be reviewed
EPM’s capabilities:
Reports comparing actual performance to goals.
Reports on attainment of KPIs by department.
Balanced scorecards, strategy maps, and other management tools.
Creating and revising forecasts and performing modeling.
Generating dashboards presenting current information customized to the needs
of individual users.
EPM software can also automate budgeting and consolidations
1- Data Warehouse: A copy of all of the historical data for the entire
organization can be stored in a single location known as a data warehouse, or
an enterprise data warehouse. A data warehouse is separate from an ERP
system because a data warehouse is not used for everyday transaction
processing, and are not updated, information in a data warehouse is read-
only, meaning users cannot change the data in the warehouse.
To be useful, data stored in a data warehouse should:
1) Be free of errors.
2) Be uniformly defined
3) Cover a longer time span than the company’s transactions systems to enable
historical research.
4) Easy access, allow users to write queries that can draw information from
several different areas of the database
2- Data Mart: A data mart is a subsection of a data warehouse that provides
users with analytical capabilities for a restricted set of data.
A data mart can provide security for sensitive data because it isolates the
data certain people are authorized to use and prevents them from seeing
data that needs to be kept confidential
Data marts can be of three different types
 A dependent data mart draws on an existing data warehouse
 An independent data mart is created without the use of a data warehouse
 A hybrid data mart combines elements of both, dependent and independent
data marts, drawing some data from an existing data warehouse and some
data from transactional systems.

3- Data Lake: A data lake is used for unstructured data.


A data lake is a massive body of information fed by multiple sources for
which the content has not been processed
data marts, data lakes are not “user friendly.
usually only a data scientist is able to access it because of the analytical skills
needed to make sense of the raw information.

Data governance
Data governance: Set of principles and practices that ensure high quality of data
through complete life cycle of your data
Data governance is quality control of data, deal with the overall management of
the data assets and data flows within an organization.
Data governance is a process that helps the organization better manage and
control its data assets.
Benefits:
Data governance means better, organized, controlled, accurate, compliance,
cleaner data, which mean better analytics, better decision making, better business
results, better business positioning, reputation and better profit margin
Garbage in, Garbage out
Data Governance include:
1. Data Availability: available for whom it is needed, where it is needed
2. Data usability: accessibility to users and applications, accurate
3. Data integrity: completeness, consistency, reliability and accuracy of data
4. Data security: Confidentiality and data security from un authorized users and
corruption
5. Data privacy: level of authority
6. Data integration: Combining data from different sources (internal and external)
7. System availability: maximizing the probability that the system will function as
and when required
8. System maintenance: modification to update, correct, improve or improve to
changes required
9. Compliance with law and regulations: privacy protection according to privacy
standards
10. Determination rules and responsibility: authority level
11. Internal and external data flows within the organization.
IT Governance and Control Frameworks:
1- Identify roles and responsibilities that need to be met
2- Provide frame work for assessing risk and control
3- Following a framework provides higher likelihood of implementing effective
governance and controls.
4- Frameworks break down objectives and activities into groups.
5- Regulatory compliance may be easier to achieve by following effective
governance and control frameworks
COBIT® by ISACA is an I & T (Information and Technology) framework for the
governance and management of enterprise information and technology
Governance vs. Management:
Governance: is usually the responsibility of the board of directors under the
leadership of the chair of the board of directors
purpose:
1- Stakeholder needs are considered and conditions and options are evaluated
in order to determine objective
2- Prioritization and decision-making are used to set direction
3- Performance and compliance are monitored
Management:
the responsibility of the executive management under the chief executive
officer’s (CEO’s) leadership
The purpose of management is to plan, build, run, and monitor activities in
accordance with the direction
Components of corporate Governance:
1- Processes
2- Organization structure
3- Principles, policies, framework
4- Information
5- Culture, ethics, and behavior
6- People, skills, competences
7- Services, infrastructure, and applications.
Goals Cascade: governance would set goals and then management make certain
that they all happen, and there need to be a process to this
Who’s involved: Data governance involve the whole organization in a greater or
lesser degree as well as external stakeholders
Internal stakeholders:
BOD, executive management, business manager, it manger, assurance providers
and risk management
External stakeholders:
Regulators, IT vendors and business partner
Performance Management in COBIT:
includes the activities and methods used to express how well the governance and
management systems and the components of an enterprise work, if they are not
achieving the required level, how they can be improved Performance management
utilizes the concepts capability levels and maturity levels.

Capability levels: expression of how well the process is implemented and is


performing
Capability levels range from 0 (zero) to 5, as follows
Maturity levels: the CPM measure performance by using focus area maturity
levels
0- Incomplete
1- Initial
2- Management
3- Defined
4- Quantitative
5- Optimizing

Data Life Cycle and Records Management


Data Life Cycle: Encompasses the period from creation of data and its initial
storage through the time the data becomes out of date or no longer needed and is
purged
The Stages in data life cycle:
The stages do not describe sequential data flows, because data may pass through
various stages several times during its life cycle. Furthermore, data does not have
to pass through all of the stages. However, data governance challenges exist in all
of the stages and each stage has distinct governance needs
1. Data capture: Creating new data values that have not existed before within
the organization (collecting, acquiring, obtaining)
 External acquisition: buy or otherwise acquire date from an outside
entity
 Data entry: new data value can be created within org
 Single reception: Data that can be created by control system
2. Data maintenance: processing of data without deriving any value from it
3. Data synthesis: is the creation of new data values using other data as input,
combining data from different sources to create new data.
4. Data usage: application of data to tasks the enterprise needs, use it
internally or externally
5. Data analytics: analyze data to produce a meaningful information for
decision making
6. Data publication: sending data to a location outside the organization
customer statement
7. Data archival: is the removal of data from active environments and its
storage in case it is needed again
8. Data purging: end data life cycle – removing all data copies from different
locations
Records Management:
Every organization should have a documented policy about record management
that establishes how records are to be maintained, identified, retrieved,
preserved, and when and how they are to be destroyed.
The policy should apply to everything defined by the organization as a “record,”
which includes both paper documents and data records.
The records management policy should identify the information that is considered
records and the information that is not considered records but that nevertheless
should be subject to the guidance in the policy.
Factors to be considered in developing a records management policy include:
1- Federal, state, and local document retention requirements
2- Requirements of SOX
3- Statute of limitations information.
4- Accessibility.
5- Records of records.
Controls Against Security Breaches
Cyberattacks: are usually made to access, change, or destroy data, interrupt
normal business operations, or as with ransomware, they may involve extortion
Cybersecurity: is the process or methods of protecting Internet-connected
networks, devices, or data from attacks
cybersecurity risks:
1- Copyright infringement: is the theft and replication of copyrighted material,
whether intellectual property or entertainment property
2- Denial of Service (DOS): Access system, website or server so frequently to
make it difficult for normal user to use it
3- Buffer overflow attacks: are designed to send more data than expected to a
computer system, causing the system to crash
4- Password attacks: are attempts to break into a system by guessing
passwords.
Brute force attacks use programs that repeatedly attempt to log in with
common and/or random passwords
 Two-factor authentication can also prevent brute force attacks from being
Successful
 Systems should include sophisticated logging and intrusion-detection systems to
prevent password attacks
 password requirements should be in place to reject short or basic passwords
I. phishing: spam email, text message and phone call to get confidential
person information
II. Malware: malicious software, including viruses, worms, Trojan horses and
spyware
III. Ransomware: encrypts data on a system and then demands payment for
decryption.
1- “Pay-per-click” abuse: adds click and get company pay for it
2- Social Engineering: an individual may pose as a trustworthy coworker,
perhaps someone from the company’s IT support division, and politely ask
for passwords or other confidential information
3- Dumpster Diving: Going through a company trash for information that can
be used either to break into its computers directly or to assist in social
engineering.
Defenses Against Cyberattack:
1- Encryption protects both stored data and data that could be intercepted
during transmission.
2- Ethical hackers: Network and computer experts with hacking skills who
attempt to attack a secured system.
Ethical hacking is called intrusion testing, penetration testing, and
vulnerability testing.
3- Advanced firewalls: perform traditional firewall protection but have other
capabilities, as well. Traditional firewalls use packet filtering to control
network access by monitoring outgoing and incoming packets, distinguish
between safe applications and unwanted applications also called Next
Generation Firewalls (NGFW)

Access Controls:
1- logical access controls: focuses on who can use which computer equipment
and who can access data.
To restrict data access only to authorized users, one or more of the following
strategies can be adopted
 Something you know: User IDs and passwords
 Someone you are: Biometrics
Biometrics can recognize physical characteristics such as: Iris or retina
of the eyes, Fingerprints, Vein patterns, Faces recognition, Voices
recognition
 Something you have: Some very high-security systems require the
presence of a physical object to certify an authorized user’s identity.
Two-Factor Authentication: Requires two independent, simultaneous actions
before access to a system is granted such as entering a password and get
verification code that should receive by mail or text message
Or password and answering question
Other User Access Considerations:
 Automatic locking or logoff policies.
 Logs of all login attempt
 Accounts that automatically expire

2- physical access controls: Physical access controls are used to secure


equipment and premises, reduce or eliminate the risk of harm to employees
and of losing organizational asset
examples of general physical security controls include:
• Walls and fences
• Locked gates and doors
• Manned guard posts
• Monitored security cameras
• Guard dogs
• Alarm systems
• Smoke detectors and fire suppression systems
Controlling Physical Access: Physical access to servers and networking equipment
should be limited to authorized persons:
 Keys
 Card access
 Biometric

TECHNOLOGY-ENABLED FINANCE TRANSFORMATION


Using technology to help making finance processes getting better, more effective,
more efficient, allow users to make tasks and steps that add value to the
organization, and fewer the actions that are repetitive.
Systems Development Life Cycle (SDLC)
1- Statement of objectives: needs for the new system, the nature and scope of
the project and timing issues, a risk assessment is done to document security
threats, potential vulnerabilities
2- Investigation and feasibility study of alternative solutions: A cost benefit
analysis is done.
3- Systems analysis and planning: current system is analyzed to identify its
strong and weak points, and the information needs from the new system,
such as reports to be generated, database needs, and the characteristics of
its operation are determined.
4- Conceptual design: Create the design specifications and verify them against
user requirements.
5- Physical design: determining the workflow, what and where programs and
controls are needed, the needed hardware, backups, security measures, and
data communications.
6- Development and testing: The design is implemented into source code
7- System implementation and conversion.
8- Operations and maintenance: Continuous monitoring and evaluation take
place to determine what is working and what needs improvement, updated
needed, system maintained and upgrade soft ware
Business Process Analysis
When a business process needs to be reengineered or redesigned, information
systems will need to be adjusted, changed, modified or updated, or perhaps
redesigned completely
Business process analysis: is used to analyze a business process to determine the
specific way the process is presently being accomplished from beginning to end.

Provide information needed to monitor efficiency and productivity, locate process


weaknesses, pinpoint potential improvements, and determine whether the
potential improvements should be carried out.
Business process analysis involves the following steps:
1- Determine the process to be analyzed
2- Collect information about the process that will be needed to analyze it
3- Map the process: Business process mapping is visualizing the whole process
from start to finish to better understand the various roles and responsibilities
involved. Mapping makes it easier to see the big picture, what is working and
what is not working, and where the risks are.
4- Analyze the process
5- Determine potential improvements.
Robotics Process Automation (RPA)
Business process analysis lead to RPA
Part of AI program not a robot
Robotic process automation: software automates repetitive tasks by interacting
with other IT applications to execute business processes, that people are doing
already right now
RPA software cannot Replace an employee, but it can increase the employee’s
productivity, which should add more value to the organization
The RPA software is not part of the organization’s IT infrastructure. Instead, it
interacts with the IT infrastructure, so no change is needed to the existing IT
systems.
RPA allows the organization to automate what would otherwise be a manual
process without changing the existing systems
it can be all done more quickly with no error, so more efficient and more effective

RPA uses:
The software robots, also called “clients” or “agents,” can log into applications,
move files, copy and paste items, enter data, execute queries, do calculations,
maintain records and transactions, upload scanned documents, verify information
for automatic approvals or rejections, and perform many other tasks
1- Automate portions of transaction reporting and budgeting in the accounting
area, mainly all the routine areas.
2- Automate manual consolidations of financial statements
3- Financial institutions can use RPA to automate account openings and
closings.
4- Insurance companies can use it to automate claims processing
5- RPA can be used in supply chain management for procurement, automating
order processing and payments, monitoring inventory levels, and tracking
shipments.
Benefits of Robotic Process Automation (RPA):
1- RPA software does not require coding knowledge, RPA software usually has
“drag-and-drop”
2- It enables employees to be more productive because they can focus on more
advanced and engaging tasks
3- It can be used to ensure that business operations and processes comply with
regulations and standards.
4- The tasks performed can be monitored and recorded, creating valuable data
and an audit trail.
5- the process can be completed much more rapidly.
6- Robotic process automation can result in cost savings.
7- provide better customer service by automating customer service tasks.
8- Robots follow rules consistently, do not need to sleep, do not take vacations,
do not get sick, and do not make typographical errors
Limitations of Robotic Process Automation (RPA):
1- Robots are not infallible, if they are not programmed correctly
2- Robots cannot replicate human reasoning, does not recognize incorrect data
3- Robots have no “common sense wrong command
4- Because RPA can be used to automate processes in a “noninvasive” manner
management may be tempted to deploy RPA without relying on assistance
from the IT department

Artificial Intelligence (AI)


AI: it is a field in computer science dedicated to creating intelligent machines,
especially computers, that can simulate human intelligence processes.
AI uses algorithms, which are sets of step-by-step instructions that a computer can
execute to perform a task.
Some AI applications are able to learn from data and self-correct, according to the
instructions given
Artificial intelligence is categorized as either weak AI, also called narrow AI, or
strong AI, also called artificial general intelligence (AGI).
Weak AI: is an AI system that can simulate human cognitive functions but although
it appears to think, it is not actually conscious, designed to perform a specific task,
“trained” to act on the rules programmed into it, and it cannot go beyond those
rules.
Strong AI
is equal to human intelligence and exists only in theory, so it is not existing in
reality, create and build its own knowledge base, and program itself
Applications of AI
Applications of AI:
Artificial intelligence is increasingly being used in administrative procedures and
accounting:
1- Digital assistants
2- Machine vision: Includes cameras, image sensors, and image processing
software, it can automate industrial processes such as quality inspections by
enabling robots to “see” their surroundings. Machine vision is also used in non-
industrial settings such as surveillance and medical applications. It is increasingly
being used in administrative and accounting applications, as well.
Machine vision can be used to analyze satellite imagery for several purposes.
Machine vision can be used to automate document data extraction.
3- Machine learning
In machine learning, computers can learn by using algorithms to interpret
data in order to predict outcomes and learn from successes and failures
EX:
Checking expense reports
Analyzing payments received on invoices
Risk assessment.
Data analytics
Bank reconciliations
AI and impact on accounting and accountants:
AI-enabled robots will not replace accountants, but they will substantially
transform what accountants do.
Machines are able to do the repetitive work of calculating, reconciling, transaction
coding, and responding to inquiries
Accountants will need to embrace AI, keep their AI and analytical skills current,
and be adaptive and innovative in order to remain competitive
Considerations in Instituting Artificial Intelligence: to make certain that it is
adding value to an org
1- Processes should be re-imagined where possible, rather than just using the AI
to replicate existing processes not only replace but also update and improve
2- Activities to be performed by AI should be those that are standardized and
not often changed.
3- Processes that are automated should be fully documented, have full
documentation of how that needs to be done and what was done
4- Data quality, both input and output, must be reviewed

Cloud Computing
Cloud Computing: a method of essentially outsourcing the IT function. It is a way
to increase IT capacity or add capabilities without having to invest in new
infrastructure or license new software
Cloud service providers offer all three types of resources.
1- Software as a Service (SaaS):
The capability provided to the consumer is to use the provider’s applications
running on a cloud infrastructure applications are accessible from various
client devices through either a thin client interface, the consumer does not
manage or control the underlying cloud infrastructure, with the possible
exception of limited user-specific application configuration settings
2- Platform as a Service (PaaS):
3- Infrastructure as a Service (IaaS):
Benefits of Cloud Computing, SaaS, PaaS, and IaaS:
1- Users pay for only what they use, Cloud computing is scalable. A firm can
quickly increase or decrease the scale of its IT capability
2- a user organization may be able to decrease its investment in its own
hardware and software
3- The provider keeps the software updated, so the user organizations do not
need to invest in upgrades
4- can be accessed from anywhere, from any compatible device, work at home
or office (flexibility)
5- Responding to new and existing requirements for external compliance
reporting
6- free up accountants so they can handle higher-value activities and streamline
lower-value processes.
7- enable the CFO to move into a more strategic role instead of spending time
on transactional activities.
8- provide stronger infrastructure and better protection than an on-site IT
department
9- Can offer to companies of all sizes

Limitations, Costs, and Risks of Cloud Computing, SaaS, PaaS, and IaaS:
1- Reliability of the Internet is a concern. If the Internet goes down, operations
stop.
2- The quality of the service given by the provider needs to be monitored
3- Loss of control over data and processing introduces security concerns
4- Contracting with overseas providers may lead to language barrier problems
and time-zone problems
5- The ability to customize cloud solutions is limited,
6- timing of automatic backups may not be controllable by the user and may
not be convenient for the user.
7- The cloud cannot overcome weak internal controls
8- The company’s data governance must be structured to cover the cloud and
the risks inherent in it.
9- Expected cost savings may not materialize

Block chains
Block chain was initially envisioned as a peer-to-peer system for sending online
payments from one party to another party without using a financial institution
Some terminologies that related with block chain
Block chain is a public record of transactions in chronological order,
a way for one Internet user to transfer a unique piece of digital property to
another Internet user, such that the transfer is guaranteed to be safe and secure,
everyone knows that the transfer has taken place, and nobody can challenge the
legitimacy of the transfer”
a block chain is a system of digital interactions that does not need an intermediary
such as a financial institution to act as a third party to transactions
public block chain: is open to anyone, anyone can contribute data to the ledger,
and all participants possess an identical copy of the ledger, is also called a
permission less ledger

The public block chain has no owner or administrator, but it does have members
who secure the network, and they usually receive an economic incentive for their
efforts
Private block chain: also called a permissioned ledger, allows only invited
participants to join the network. Permissioned ledgers are controlled by one or
more network administrators. All of the members—but only the members—have
copies of the ledger. Private block chains can be used by a single entity
Hybrid block chain: is a mix of a public and private block chain, some processes are
kept private and others are public. Participants in public or private networks are
able to communicate with each other, enabling transactions between them across
networks. A hybrid block chain can be used by a supply chain group to control the
supply chain.
Node: a powerful computer running software that keeps the block chain running
by participating in the relay of information.
Nodes communicate with each other to spread information around the network
Miners: are nodes (computers) on the block chain that group outstanding
transactions into blocks and add them to the block chain.
Distributed ledger: is a database held by each node in a network, and each node
updates the database independently.
Hash: is taking an input string of any length and giving it an output of a fixed length
using a hashing algorithm.
Block – is a record in a block chain that contains and confirms many waiting
transactions. It is a group of cryptocurrency transactions that have been encrypted
and aggregated into the block by a miner
Nonce: is a random string of characters that is appended to the transaction
information in the block before the block is hashed and it is used to verify the
block, this is how to be able to confirm that the block is actually the block that it
says
Uses of Block chain
1- transfer virtual currency, or cryptocurrency.
A virtual currency is a digital representation of value that functions as a medium
of exchange
2- Private, permissioned block chains can be used by financial institutions for
trading, payments, clearings, settlements, and repurchase agreement
transactions
3- Intercompany transactions where different ERP systems are in use can be
streamlined using a block chain
4- Procurement and supply chain operations on block chain can be used to
optimize accounts payable or accounts receivable functions.
smart contract
A contract that has been digitized and uploaded to a block chain is called a smart
contract, set of promises, specified in digital form, including protocols within which
the parties perform on these promises
Executing a Smart Contract:
When a smart contract is uploaded to a block chain, the validity of the contract is
checked and the required steps are enabled
after that, it is automatically executed
immutable, distributed and self-executing automatically,
Some examples of the uses of smart contracts on block chains:
1- can be used to ensure the authenticity of a product
2- can be used to protect intellectual property
3- Block chain and smart contracts have an important place in supply chain
management, freight, and logistics, particularly in international transactions
4- On-demand manufacturing can be performed by machines that are
automated and running on a block chain network
5- An insurance contract can be in the form of a smart contract.
Governance for Smart Contracts:
1- Governance standards may assign responsibility for smart contract design
and operation and establish mechanisms for dispute resolution.
2- Standards may incorporate terms or conditions that smart contracts need to
have in order to be enforceable
3- Standards could create presumptions regarding the legal character of a smart
contract, depending on its attributes and manner of use
4- Good governance standards may help address the risks that smart contracts
Present
Benefits of Smart Contracts:
1- Smart contracts can authenticate counter-party identities, the ownership of
assets, and claims of right by using digital signatures, which are private
cryptographic keys held by each party.
2- Smart contracts can self-execute
3- Smart contracts can access outside information or data to trigger actions
4- The decentralized, distributed ledger on the block chain prevents
modifications of unauthorized or agreed to by the parties
5- Smart contracts can enhance market activity and efficiency by facilitating
trade execution.
6- Use of standardized code and execution may reduce costs of negotiations
7- Automation reduces transaction times and manual processes
8- Smart contracts can perform prompt regulatory reporting as necessary
whatever that reporting requirements are.
Limitations and Risks of Smart Contracts:
1- The operation of a smart contract is only as smart as the information it
receives and the computer code that directs it, so if it is poorly program, if it
is not setup properly, is not going to do what is it that it supposed to do
2- A smart contract may be subject to fraud and manipulation
3- Existing laws and regulations apply to all contracts equally regardless of what
form a contract takes, so contracts or parts of contracts that are written in
code are subject to otherwise applicable law and regulation.
4- A smart contract could introduce operational, technical, and cybersecurity
risk, it has to be protected.

Data Analytics
Data analytics: is the process of gathering and analyzing data in a way that
produces meaningful information that can be used to aid in decision making
Data is meaningless without a method of efficiently collecting, aggregating,
analyzing, and utilizing it for the benefit of the company
Data analytics can be classified into four types
1- Descriptive analytics report past performance“ What happened”?
2- Diagnostic analytics are used with descriptive analytics to answer the
question, “Why did it happen”? The historical data is mined to understand
the past performance and to look for the reasons behind success or failure.
3- Predictive analytics focus on the future using correlative analysis. Predictive
analytics answer the question, “What is likely to happen”?
4- Prescriptive analytics answer the question “What needs to happen?” by
charting the best course of action based on an objective interpretation of the
data, prescriptive analytics can help determine why it will happen

Business Intelligence
Business intelligence: Is the combination of architectures, analytical and other
tools, databases, applications, and methodologies that enable interactive access
sometimes in real time to data such as sales revenue, costs, income, and product
data. Business intelligence provides historical, current, and predicted values for
internal, structured data regarding products and segments
Data to Action
Data :facts and figures, but data by itself is not information
Information: is data that has been processed, analyzed, interpreted, organized,
and put into context such as in a report, in order to be meaningful and useful.
Knowledge: is the theoretical or practical understanding of something,
information becomes knowledge through experience, study, or both.
Insight is a deep and clear understanding of a complex situation, insight can be
gained through perception or intuition, but it can also be gained through use of
business intelligence
The insights gained from the use of business intelligence lead to recommendations
for the best action to take. Strategic decisions are made by choosing from among
the recommendations
The strategic decisions made are implemented and turned into action.
A Business Intelligence system has four main components:
1- Data warehouse (DW) containing the source data.
2- Business analytics
3- A business performance management component (BPM) to monitor and
analyze performance.
4- A user interface, usually in the form of a dashboard.
Big Data
Big Data: Big Data refers to vast datasets that are too large to be analyzed using
standard software tools and so require new processing technologies. Those new
processing technologies are data analytics
Big Data can be broken down into three categories:
Structured data: is in an organized format that enables it to be input into a
relational database management system and analyzed
Unstructured data: has no defined format or structure. It is typically free form and
text-heavy, making in-depth analysis difficult.
Semi-structured data has some format or structure but does not follow a defined
model
Big Data is characterized by four attributes, known as the four V’s:
Volume: refers to the amount of data that exists
Velocity: Velocity refers to the speed at which data is generated and changed also
called its flow rate.
Variety: refers to the diverse forms of data that organizations create and collect
Veracity: the accuracy of data, or the extent to which it can be trusted for decision
making.
Variability: Data flows can be inconsistent
Value: Value is the benefit that the organization receives from data. Without the
necessary data analytics processes and tools
Data Since: A field of study and analysis that uses algorithms and processes to
extract hidden knowledge and insights from data.
The objective of data science is to use both structured and unstructured data to
extract information that can be used to develop knowledge and insights for
forecasting and strategic decision making
The difference between data analytics and data science is in their goals:
The goal of data analytics is to provide information about issues that the analyst
or manager either knows or knows he or she does not know (that is, “known
unknowns”).
On the other hand, the goal of data science is to provide actionable insights into
issues where the analyst or manager does not know what he or she does not know
(that is, “unknown unknowns”).
Data and Data Science as Assets
Data and data science capabilities are strategic assets to an organization, but they
are complementary assets,
Data science is of little use without usable data.
Good data cannot be useful in decision-making without good data science talent.
Investing in Data and Data Since:
As with any strategic asset, it is necessary to make investments in data and data
science.
Challenges of Managing Data Analytics
Data capture, data curation, data storage, security and privacy protection, data
search, data sharing, data transfer, data analysis, and data visualization.
The growth of data and especially of unstructured data
The need to generate insights in a timely manner in order for the data to be useful
Getting and keeping right people, Recruiting and retaining Big Data talent.

Data Mining
Data mining is the use of statistical techniques to search large data sets to extract
and analyze data in order to discover previously unknown, useful patterns, trends,
and relationships within the data that go beyond simple analysis and that can be
used to make decisions
Data mining uses specialized computational methods derived from the fields of
statistics, machine learning, and artificial intelligence

Data mining is
1- iterative process: Iteration is the repetition of a process in order to generate
a sequence of outcomes
2- Data mining is a process with defined steps, and thus it is a science
3- Data mining is also an art, Decisions must be made regarding
what data to use, what tools to use, and what algorithms to use

Context and Generalization: two considerations in data mining


In data mining, the context of words and information must be considered
Data mining involves generalization of pattern from data set
Data mining is used in predictive analytics:
1- Classification: Data mining is used when the classification of the data is not
known (who is purchasing from website, age, gender and graphical)
2- Prediction: The goal is to predict the numerical value of a variable such as the
amount of a purchase
3- Association rules called affinity analysis, association rules are used to find
patterns of association between items in large databases, such as associations
among items purchased from a retail store, or “what goes with what
4- Online recommendation systems online recommendation systems use
collaborative filtering to deliver personalized recommendations to users
5- Data reduction process of consolidating a large number of records into a
smaller set by grouping the records into homogeneous groups.
6- Clustering: is discovering groups in data sets that have similar characteristics
without using known structures
7- Dimension reduction – Dimension reduction entails reducing the number of
variables in the data before using it for data mining
8- Data exploration: understand the data and detect unusual values
9- Data visualization: is another type of data exploration. Visualization, or visual
discovery, consists of creating graphics such as histograms and boxplots for
numerical data in order to visualize the distribution of the variables and to
detect outliers.

Supervised learning algorithms are used in classification and prediction. In order


to “train” the algorithm, it is necessary to have a dataset in which the value of the
outcome to be predicted is already known
The data in the dataset is called labeled data because it contains the outcome
value (called the label) for each record
Unsupervised learning algorithms are used when there is no outcome variable to
predict or classify.
Neural Networks in Data Mining:
Neural networks are systems that can recognize patterns in data and use the
patterns to make predictions using new data.
Neural networks are based on the human brain and mimic the way humans learn
The results of the neural network’s predictions—the output of the model becomes
the input to the next iteration of the mode
Challenges of Data Mining:
1- Poor data quality.
2- Information exists in multiple locations within the organization
3- Biases are amplified in evaluating data
4- Analyzed data often displays correlations. However, correlation does not
prove causation
5- Ethical issues
6- Data security
7- A growing volume of unstructured data.
Steps in Data Mining: A typical data mining project will include the following
steps.
1- Understand the purpose of the project
2- Select the dataset to be used
3- Explore, clean, and preprocess the data.
4- Reduce the data dimension if needed
5- Determine the data mining task
6- Partition the data.
7- Select the data mining techniques to use.
8- Use algorithms to perform the task
9- Interpret the results of the algorithm
10- Deploy the model.

Analytic Tools and Simple Regression Analysis


Use of Data:
This about using the past historical data to forecast what will happen in the future.
Time Series analysis:
when we are looking at trends overtime, a time series can be descriptive or
predictive
descriptive modeling: in which a time series is modeled to determine its
components, that is, whether it demonstrates a trend pattern, a seasonal pattern,
a cyclical pattern, or an irregular pattern, so we are going to take these series of
information overtime and we are going to model it to determine what type of
pattern and the components of these information are. The information gained
from time series analysis can be used for decision-making and policy
determination.
Predictive: It involves using the information from a time series to forecast future
values of that series.

Time series forecasting: A time series may have one or more of four patterns (also
called components) that
influence its behavior over time:
1) Trend
2) Cyclical
3) Seasonal
4) Irregular

Sensitivity Analysis
Sensitivity analysis can be used to determine how much the prediction of a model
will change if one in put to the model is changed.
It can be used to determine which input parameter is most important for achieving
accurate predictions
Sensitivity analysis is known as “what-if” analysis
Monte Carlo Simulation Analysis:
Monte Carlo simulation can be used to develop an expected value when the
situation is complex and the values cannot be expected to behave predictably
Monte Carlo simulation uses repeated random sampling and can develop
probabilities of various scenarios, changing to multiple variables at the same time
Benefits of Sensitivity Analysis and Simulation Models:
1- Sensitivity analysis can identify the most critical variables, that is, the
variables that are most likely to affect the end result if they are inaccurate
2- simulation is flexible and can be used for a wide variety of problems
3- Sensitivity analysis and simulation analysis can be used for “what-if”
situations, because they enable the study of the interactive effect of
variables.
4- Both sensitivity analysis and simulation analysis are easily understood.
5- Many simulation models can be implemented without special software
packages because most spreadsheet packages provide useable add-ins

Limitations of Sensitivity Analysis and Simulation Models:


1- The results of sensitivity analysis can be ambiguous when the inputs used are
themselves predictions
2- The variables used in a sensitivity analysis are likely to be interrelated
3- Simulation is not an optimization technique.
4- Although simulation can be effective for designing a system that will provide
good performance, there is no guarantee it will be the best performance.
5- The results will be only as accurate as the model that is used.
6- There is no way to test the accuracy of assumptions and relationships used in
the model until a certain amount of time has passed, till we get some actual
results.

Benefits of Data Analytics in General


1- The process of cleaning the data preparatory to processing it can detect
errors, duplicate information, and missing values
2- The results of data analytics done correctly can lead to improved sales
revenues and profits
3- It can help to reduce fraud losses by recognizing potentially fraudulent
transactions and flagging them for investigation
4- Some easy-to-use data analytics tools are available that average users with
little knowledge of data science are able to make use of to access data
5- Forecasting can be vastly improved through the use of data analytics

Limitations of Data Analytics in General:


1- Big Data is used in data analytics to find correlations between variables
however, correlation does not prove causation
2- Big Data can be used to find correlations and insights using an endless
number of questions, if the wrong questions are asked of the data, the
answer will be meaningless even though it may be the “right” answer
3- Failure to take into consideration all relevant variables can lead to inaccurate
Predictions
4- Data breaches are a risk of using Big Data.
5- Customer privacy issues and the risk of the misuse of data obtained from
data analytics are matters for concern.
6- addition to the cost of the data analytics tools themselves, training on the
use of the tools so they are used to their best advantage may entail costs
7- Selection of the right data analytics tools can be difficult

Data Visualization
Data visualization is making data more understandable and usable data and
predictions from data.
Tables Used in Visualization: A table can be in any form and include all of the data
available or only certain data.
Scatter Plot:
A scatter plot can be used to show all the values for a dataset, typically when there
are two variables. One variable may be independent and the other value
dependent, or both variables may be independent.
A scatter plot can reveal correlations between variables or alternatively, a lack of
correlation.

Dot Plot:
A dot plot provides information in the form of dots.
A dot plot can be used to visualize several data points for each category on the x
axis
are used to present summarized statistics such as means, maximum values, and
minimum values.
Line chart: to visualize several observations for each category using line for each
observation
A bar chart: is useful for comparing a statistic across groups. The height of the bar
or the length of it, if the bar is displayed horizontally, displays the value of the
statistic
A pie chart is in the form of a circle that portrays one value for each category,
marked as pieces of a pie
Bubble chart:
A bubble chart: replaces data points with bubbles that vary in size according to the
size of the values they depict
Histogram: shows the frequencies of a variable using a series of vertical bars. The
values of the variable may occur over a period of time, or they may be as of a
moment in time,
Boxplot: A boxplot is another type of chart that is used to display the full
distribution of a variable.

You might also like