Summary For CMA Part
Summary For CMA Part
Summary For CMA Part
Financial statements
Limitations of the Balance Sheet:
1- Operating lease
2- Factoring account receivables with recourse
3- Joint venture
Special purpose entities. A firm may create another firm for the sole purpose of keeping the
liabilities associated with a specific project off the parent firm’s books
Joint venture accounted on equity basis and not reflected as debt of the members
of joint venture
Limitations of the Income Statement
1- Income statement does not show all item of income many items are reported
on OCI
2- Income statement an estimate number the reflect number of assumption
based on management Judgments.
3- Income statement number due to different account method used
4- Income statement is not sufficient for assessing liquidity
5- Income measurement require judgments such deprecation percentage and
useful life
The major items included in other comprehensive income:
Notes
1- In the rising costs conditions, changing from FIFO to weighted average will
result in higher income.
2- In the interim period under US GAAP, the inventory is reported at its
historical cost even though the NRV is lower because no write down in the
inventory in the interim period, however under IFRS, the inventory is written
down if NRV is lower in the in interim period.
3- Weighted average method >>> only Periodic
4- Moving average method>>> only perpetual
5- When calculating purchase for the COGS formula, take care that in case of
reduction of A/P to be reduced from purchase because reduction represents
payment of prior period purchase, that is to calculate net purchase for the
current year.
Revenue from contract with customer
2- Revenue is recognized for a contract with a customer if all of the following criteria are met
a. The scope of the contract increase by the addition of promised goods and
service
b. The transaction price increase by the addition of price of goods and service
4-The transaction price should not be adjusted for the effect of the time value of money if:
a. The time between delivery of goods and service and payment is less than one
year
b. Substantial amount of consideration is variable and its amount or timing depend
on future events that not under the control of an entity or customer
c. The customer pays full amount in advance and transfer of goods that are under
the direction of customer
a. most likely amount (the single most likely amount in range of consideration when
a company has two possible outcome)
b. expected value
when a company has large number of contract with similar characters
based on limited number of discrete outcomes and probabilities
8- If the standalone price is not directly observable, it must be estimated. The following are
suitable approaches:
a- residual value approach: total transaction price minus standalone selling price for
observable goods and service
b- adjusted market assessment: estimate the cost in the market that the customer
willing to pay
c- cost plus margin: expected cost to satisfy performance obligation plus margin
a- units delivered
b- units produced
c- milestones reached
d- appraisal of results achieved
Investments
Transfer between categories
Transfer from trading to any category the amount recognized in net income not
reversed
Transfer from any category to trading the amount not recognized in net income should
be recognized
Transfer from Held to maturity to Available for sale the amount recognized in OCI
Transfer from Available for sale to held to maturity the amount recognized in OCI not
reversed but amortized
Acquisition-related costs:
such as –
finder’s fees - professional and consulting fees, - general administrative costs, all of
them are expensed as incurred
Equity issue costs (underwriting, legal, accounting, tax, registration, etc.) reduce
additional paid-in capital.
Debt issue costs are reported in the balance sheet as a direct deduction from the face
amount of the debt.
Notes
- Change in FV has no effect on an investment in securities accounted for under
equity method.
- In calculation of equity method, we have to take care of the date of the share
acquisition, means if the purchase took place on July (mid of the year), then the
recognized income should be proportionate.
- Commission and taxes paid to broker to sale the securities will be part of the loss
(loss on disposal) in case of loss
- from sale of security>> all will be recorded in the I/S as loss from disposal =
Commission paid + decline in the FV
- Under the measurement alternative for an investment in equity securities, the
investment is measured at Cost minus subsequent impairment, plus or minus
changes resulting from observable price changes for the identical or a similar
investment of the same issuer.
- A measurement alternative may be elected for an investment in equity securities
if the Fair value of the investment is not readily determinable and the investment
does not result in control or significant influence over the investee
Assets
Impairment under GAAP
The recoverable amount is the greater of an asset’s (1) fair value minus cost to sell or
value in use. Value in use of the asset is the present value of its expected cash flows.
impairment occurs when events or changes in circumstances indicate that the carrying
amount of the asset may not be recoverable
1. Recoverability test. The carrying amount of a long-lived asset to be held and used is
not recoverable if it exceeds the sum of the undiscounted future cash flows
Notes
Purchase Commitment
a commitment to acquire goods in the future not recorded at the time of agreement
they recorded as inventory when received
Warranty liabilities
Classification of Warranties:
1. Probable
2. remote
3. Reasonably possible
warranty obligations are considered contingencies and losses are to be accrued if the
conditions are met:
Taxes
A temporary difference exists:
Deferred tax liability: occurs when financial income greater than taxable income and
will result future taxable amount
Deferred tax Asset: occurs when financial income less than taxable income and will
result future deductible amount
Leases
Lease definition: Agreement between lessor and lessee that conveys the right to
control the use of specific property for a period of time in consideration
Control means:
1- The lease provides for the transfer of ownership of the asset to the lessee at the
end of the lease term
2- The lease provides option to purchase the underlying asset at the end of lease
term and the lessee provides reasonably certain to exercise the option to
purchase the underlying asset
3- The lease term is for major part for the remaining economic life of the asset 75%
or more
4- PV of some of lease payments is equal or greater than 90% of FV of the asset
5- The asset is specialized by nature and have no alternative use at the end of lease
term to lessor
Integrated report
Integrated report: incorporates non-financial information along the financial
information provided in financial report and show how financial information is
influenced by non-financial over short medium and long term
1- Value creation
2- Integrated report
3- Integrated thinking
The objective and ultimate norm of IR to change corporate reporting system so that
the integrated reporting became the global norm
Three distinct concepts and interconnected and the frame work of integrated report
was published by IIRC (Principle based)
six capitals:
1- Financial capital
2- Manufactured physical capital
3- Human capital
4- Intellectual capital
5- Social relationship
6- Natural capital
Notes:
Output: the result form org business activities may be products and services by
products or waste
Guiding Principles:
Content Elements:
1- External environment
2- Governance
3- Strategy and resources allocation
4- Business model
5- Risk and opportunities
6- Performance
7- Outlook
8- Basis of presentation
9- General reporting and guidance
Costing Techniques
Product costing: involves accumulating, classifying and assigning DM, DL and FOH to
products, jobs and service
1) Actual Costing: is the recording of actual product cost based on actual cost of
material, labor and OH
Actual costing is practical only for job order costing for the same reasons that
normal costing is practical only for job order costing
and cost objects based on their use. ABC recognizes the causal relationships of cost
drivers to activities.”
ABC is a costing approach that assigns costs to cost objects, based on consumption of
resources caused by activities
resources are assigned to activities and activities are assigned to cost objects based on
the activities’ use
Steps in ABC:
Limitations of ABC:
1. Sometimes finding a specific activity that causes the cost, might not be practical
2. General practice of ABC do not conform to GAAP,
3. Very expensive to develop and very time consuming
4. Generates vast amounts of information while too much information can mislead
managers
LIFE-CYCLE COSTING
Life-cycle: approach to budgeting estimates a product’s revenues and expenses over its
entire sales life cycle.
The product life cycle has five phases:
1- Research and development: this phase is characterized with no sales and high
cost
2- Introduction: this phase is characterized with few competitor and low profit
high cost and low sales
3- Growth: number of competitor increase but does nor peak, the opportunity for
cost reduction is high because of production volume increase
4- maturity: sales growth decline and competitor are most numerous
5- The number of competitors decreases in the decline stage.
Life-cycle costing takes a long-term view of the entire cost life cycle, also known as the
value chain.
Life cycle be used in cost planning and pricing decisions, provides a better measure
for evaluating the performance of product managers, combines all costs and revenues
for all periods to provide a better view of a product’s overall performance.
Life-cycle and whole-life cost concepts are associated with target costing and target
pricing
Target costing: is the practice of calculating the price for a product by adding the
desired unit profit margin to the total unit cost. It is an adjunct concept of target
pricing.
Cost allocation
Four criteria are used to allocate costs:
1- Cause and effect should be used if possible because its objective and acceptance
by operating management
2- Benefit received: most frequently used alternative when cause and effect cannot
be determined, its require an assumption about benefit of cost
3- Fairness is sometimes mentioned in government contracts but appears to be
more of a goal than an objective allocation base.
4- Ability to bear (based on profits) is usually unacceptable because of its
dysfunctional effect on managerial motivation
Three approaches are used to allocate the costs of service departments to other
departments:
Two separate rates for fixed costs and variable costs, which is vital for some certain
internal decisions.
The criteria for choosing the cost allocation method to the SBUs:
- Motivate managers
- Provide an incentive
- Provide fair evaluation
- use Dual Allocation
Joint products
Joint (common) costs: costs incurred up to the point where the products become
separately identifiable, called the split-off point.
Not separately identifiable, they must be allocated to the individual joint products
Separable costs: can be identified with a particular joint product and allocated to a
Byproducts: the low-value products that occur naturally in the process of producing
higher value products, accidental results of production process
Advantages:
- Easy to use
- Objective creation of allocation
Disadvantage:
1- Value: identify feathers of the product or service that are valuable for the
customer.
2- Value stream requires (1) examining every process within the production of a
product, (2) identifying processes that add value, and (3) removing processes (if
possible) that do not add value
3- Flow and poll
4- Empowerment: provides each employee with the knowledge and authority to
make valuable and timely decisions
5- Perfection: focuses on making incremental improvement in each process with
perfection as the goal.
JIT Goals:
1. Meet customer demand in a timely manner
2. With high-quality products
3. At the lowest possible cost
Objectives:
1. The ultimate goal is increased competitiveness and higher profits.
2. Higher productivity & improved quality
3. reduced order costs as well as carrying costs
4. shorter manufacturing cycle times
5. faster and cheaper setups
6. better due date performance
7. more flexible processes are objectives of JIT methods.
JIT (demand/lean) system:
1- JIT is a pull system, i.e., items are pulled through production by current demand,
not pushed through by anticipated demand
2- inventory levels to be minimized Counting, handling, and storing inventory are
viewed as nonvalue-added, indeed, carrying inventory is regarded as a symptom
of correctable problems
3- Close relationships with a few carefully chosen suppliers who are extensively
involved in the buyer’s processes.
Implementing JIT: the factory is reorganized around what are called manufacturing
cells (Cells are sets of machines, often grouped in semicircles, that produce a given
product or product family)
Each worker in a cell must be able to operate all machines, workers might often be idle
if they are not multi-skilled
Characteristics of JIT:
Kanban means ticket. Tickets (also described as cards or markers) control the flow of
production or parts so that they are produced or obtained in the needed amounts at
the needed times.
1- A withdrawal Kanban: states the quantity that a later process should withdraw
from its predecessor
2- Production Kanban: states the output of the preceding process
3- Vender Kanban: tells a vendor what, how much, where, and when to deliver
Advantages / benefits:
1- Reduced ordering cost as well as carrying cost
2- Reduce set up cost
3- Improving quality by eliminating causes of rework, scrap & waste
4- Lower investments in space
5- Utilized with Backflush which is less costly as a costing system
Disadvantages:
Increased risk of stock out cost, as it reduces or eliminate the inventory buffer
Not appropriate for high-mix manufacturing environments
JIT lot sizes based on immediate need while traditional (push) system lot sizes based
on formulas
Notes:
MRP is a “Push- through” system that manufactures finished goods for inventory based
on demand forecasts.
The raw materials going into the creation of these end products must be carefully
scheduled for delivery
Master Production Schedule (MPS): indicate the quantities and timing of each part to
be produced.
The three overriding goals of MRP: are the arrival of the right part, in the right
quantity, at the right time.
Bill of Materials (BOM): a record of which how many subassemblies go into the
finished product. The system then generates a complete list of every part and
component needed.
Lead time: is the amount of time between when a process starts and when it is
completed.
Limitation:
1- Potential inventory accumulation Workstations may receive parts that they are
not ready to process
Including functions such as production, sales, inventories, schedules, and cash flows
Traditional Enterprise Resource Planning (ERP)
ERP is a software platform that is used to plan and keep records of resources
including:
1- Finance
2- Labor capabilities and capacity
3- Inventory
4- assets
What hiring decisions might need to be made or whether a company should invest in
new capital assets
ERP: system is one in which subsystems share data and coordinate their activities.
The subsystems in a traditional ERP system are internal to the organization. Thus, they
often are called back-office functions. The information produced is principally (but not
exclusively) intended for internal use by the organization’s managers.
Because ERP software is costly and complex, it is usually installed only by the largest
enterprises. However, mid-size organizations are increasingly likely to buy ERP
software
Separate financial and nonfinancial systems have the increased potential to experience
The advantages of developing a traditional ERP system are similar to those derived
from business process reengineering:
1- Using ERP software that reflects the best practices forces the linked subunits in
the organization not only to redesign and improve their processes but also to
conform to one standard.
2- An organization may wish to undertake a reengineering project before choosing
ERP software. The project should indicate what best practices already exist in the
organization’s processes. This approach may be preferable for a unique
enterprise in a highly differentiated industry
3- The processes reflected in the ERP software may differ from the organization’s
4- Customizing the ERP software is expensive and difficult, and it may result in bugs
and awkwardness when adopting upgrades.
ERP II system has the following interfaces with its back-office functions:
1- Supply-chain management applications for an organization focus on relationships
extending from its suppliers to its final customers.
2- one organization’s supply chain is part of a linked chain of multiple organizations
3- Supply chain management involves a two-way exchange of information
4- Customer relationship
5- Partner Relationship connect the organization not only with such partners as
customers and suppliers but also with owners, creditors, and strategic allies
Implementation of ERP
Implementation is not the final step. Follow-up is necessary to monitor the activities of
employees who have had to change their routines.
Outsourcing: related to make or buy decision Purchasing goods and services from
outside vendors rather than producing these goods or providing these services
Benefits:
Limitations:
The basic premise of TOC as applied to business is that improving any process is best
done not by trying to maximize efficiency in every part of the process, but by focusing
on the slowest part of the process, called the constraint (limitation)
Increasing the efficiency of processes that are not constraints merely creates backup in
the system.
Constraint = bottleneck
Throughput time: is the time that elapses between the receipt of the customer’s order
and the shipment of the order = manufacturing lead time = manufacturing cycle time
All other manufacturing costs are ignored because they are considered fixed in the
short run. The main goal is trying to maximize the contribution through the constraint
Operating expenses: money spent to convert inventory into throughput
1- Identify the constraint: The step that has the smallest capacity, were it is that
production slows down, where work-in-process backs up the most.
2- Determine the most profitable product mix given the constraint:
maximizing the contribution of the constraint called the throughput margin or
throughput contribution.
This short-term focus may be contrasted with the long-term focus of activity-
based costing. It considers all costs as a basis for strategic pricing and profit
planning.
TOC thus helps managers to recognize that the product they should produce the
most of is not necessarily the one with the highest contribution margin per unit of
product, but the one with the highest throughput margin per unit of time;
managers must make the most profitable use of the bottleneck operation
Only direct materials are considered to be an inventory cost
Operating costs: all other manufacturing costs other than DM (including DL costs)
are considered:
- Fixed costs & - Period costs
As it is difficult to change in the short-run
Therefore, throughput costing is the most less incentive to produce for inventory
Drum: is the constraint itself, it gives the beat that the entire operation needs to run
according to
Buffer: mini WIP before the constraint provide as protection against delays that would
delay the drum, maintained to ensure that it is always in operation.
Rope: the sequence of processes prior to and including the constraint
Capacity Planning
maximizing the value created within an organization starts with understanding the
nature and capabilities of all of the company’s resources.
1- Investment analysis
2- Capacity assessment
3- Manufacturing Process Assessment
Capacity planning is part of the capital budgeting process: Estimating capacity levels for
future periods allows for the acquisition of more capacity when needed or disposal of
capacity that is not expected to be utilized.
Capacity level influences product costing, pricing decisions, and financial statements.
Excess capacity has a cost. Having excess capacity means that a company will either
have to charge higher prices for its products or report lower income on its financial
statements.
producing at full capacity can have a cost in the form of opportunity costs.
A company that could generate additional sales if it had more capacity needs to
address whether the acquisition of additional capacity is warranted .
Capacity Expansion
whether to expand capacity is a major strategic decision because: capital required, the
difficulty of forming accurate expectations, and the long timeframe of the lead times
and the commitment
The formal capital budgeting process entails predicting future cash flows related to the
expansion project, discounting them at an appropriate interest rate, and determining
whether the net present value is positive. This process permits comparison with other
uses of the firm’s resources.
Porter’s model of the decision process for capacity expansion has the following
interrelated steps:
1- The firm must identify the options in relation to their size, type, degree of vertical
integration (if any), and possible response by competitors.
2- The second step is to forecast demand, input costs, and technology
developments.
3- The next step is analysis of competitors to determine when each will expand.
4- the firm predicts total industry capacity and firms’ market shares.
5- testing for inconsistencies
VALUE-CHAIN ANALYSIS
Value chain: is a model for depicting the way in which every function in a company
adds value to the final product (a firm’s overall chain of value-creating processes)
Value-chain analysis: is a strategic analysis tool that allows a firm to focus on those
activities that are consistent with its overall strategy.
The producer can affect the customers’ perception of value by differentiating the
product and lowering its price
by keeping costs low, the producer has more flexibility in pricing
A value-added activity increases the value of a product or service to the customer.
A nonvalue-added activity does not increase the value of a product or service to the
customer even if this activity is necessary
Direct costs usually are classified as either value-added or nonvalue-added
locked-in (designed-in) costs will result in use of resources in the future because of
past decisions.
Life-cycle costing: Life-cycle costing is sometimes used as a basis for cost planning and
product pricing.
Life-cycle costing estimates a product’s revenues and expenses over its expected life
cycle. Emphasis is on the need to price products to cover all costs, not just production
costs.
Process Analysis
Once a process has been analyzed, the information gained from the analysis can be
used to make operating decisions.
Tightness: The degree of interdependence among the stages in a process
1- Tight process: is one in which a breakdown in one stage brings the succeeding
stages to a halt
2- Loss process: is one in which subsequent stages can continue working after a
breakdown in a previous stage
Strategic analysis: explores various ways a company can create and sustain a
competitive advantage in the marketplace.
Kaizen is the Japanese word for the continuous pursuit of improvement in every aspect
of organizational operations.
1- improvements are based on many small changes rather than the radical changes
that might arise from research and development.
2- ideas come from the workers themselves, so they are less likely to be radically
different and therefore are easier to implement.
3- Small improvements are less likely to require major capital investment than
major process changes.
4- All employees, including management, should continually seek ways to improve
their own performance
5- Workers are encouraged to take ownership of their work and can help reinforce
teamwork, thereby improving worker motivation.
An activity analysis determines what is done, by whom, at what cost in time and other
resources, and the value added by each activity.
looking at possible alternatives and determining the cost of those possible alternatives
compared to the costs of maintaining the same processes
Benchmarking process:
1- Select and prioritize benchmarking projects.
2- Organize benchmarking teams
3- The benchmarking team must thoroughly investigate and document internal
processes.
4- Researching and identifying best-in-class performance is often the most difficult
phase.
5- The data analysis phase entails identifying performance gaps, understanding the
reasons they exist, and prioritizing the key activities that will facilitate the
behavioral and process changes needed to implement the benchmarking study’s
recommendations
6- Leadership is most important in the implementation phase of the benchmarking
process because the team must be able to justify its recommendations.
7- Benchmarking is a way for a company to learn its strengths and weaknesses by
comparison to similar companies
Costs of Quality: The costs of quality include not only the costs of producing quality
products, but they also include the costs of not producing quality products
Over the long term, not producing a quality product is more costly than producing a
quality product because lack of quality causes loss of customers.
Conformance costs: these are the costs making certain that the product is produced
properly in accordance with all production specifications
TQM’s goals are to both reduce costs and improve quality, and code is simple in
4- Audit Committee
a subcommittee of board of directors
Requirements:
1- The audit committee is to consist of at least three members.
2- All members of the audit committee must be independent
3- at least one member of the audit committee must be a financial expert.
4- All members of the audit committee must be financially literate
Responsibilities:
1) Selecting and nominating the external auditor, approving audit fees, supervising
the external auditor
2) being intermediary between management, the external auditor and the internal
auditor.
3) review the scope, plan and results of the external and internal audit.
4) review evaluations of internal controls.
5) review the work of the internal auditors.
6) review the interim and annual financial statements
Internal Control
COSO (Committee of sponsoring organization of Tredway commission)
Internal control: Process affected by the entity BOD, management and other
personal designed to provide reasonable assurance about achievement of entity
objective regarding operation, reporting and compliance.
internal control involves tradeoffs between cots and benefit, as benefit of control
system must exceed its cost
Objectives of internal control:
Reasonable assurance not absolute assurance
1- Reliability of financial Reporting
Reliable, transparent and timely manner to SH
Financial and non-financial
Internal or external
2- Efficiency and effectiveness of operation: Improving
Productivity, quality, innovation, safeguarding of assets and customer
satisfaction
3- Compliance with laws and regulation
Fundamental concepts of internal controls:
1- Purpose company achievement its objective
2- Provide reasonable assurance
3- Ongoing process
4- Affected by people
5- Internal control must be flexible to be adoptable to entity structure or
particular subsidiary and to be adoptable to any possible changes
Who is involved for Internal Control?
Everybody in the company has a duty connected to internal controls
COSO define the responsibility to maintain and assess internal controls as follows:
1- BOD: overseeing the internal control
providing governance and guidance making certain that good controls are in
place
2- CEO: responsibility of internal control system and the “tone at the top”
3- Senior management: delegate responsibility for establishment of specific
internal control policies and procedures to personnel responsible for each
unit’s functions.
4- Financial officers: exercise of control
5- Internal auditor: play a monitoring role, they evaluate the effectiveness of
the internal controls established by management.
6- all employees
Internal Control Components:
1- Control environment (foundation of internal control) is the basis on which
the other elements are built
Attitudes and actions of board of directors (BOD) and top management
regarding the significance of controls
Control environment principles:
a) Management philosophy: Integrity and ethical values
BOD demonstrates independence from management and exercises
oversight over internal controls.
b) organizational structure: management establishes the structures,
reporting lines, and authorities and responsibilities.
incompatible duties cannot be combined in the same job function
c) policies and procedures:
policies: general principles of the organization
procedures: represent the detailed steps in carrying out the policies
d) objectives and goals: Develop and retain competent individuals in
alignment with objectives
must be clear, realistic, well communicated and achievable
e) assignment of authority and responsibility:
Lines of reporting
Segregation of duties
2- Risk assessment: TR = IR X CR X DR
Identify and assess risk, control risk, mitigate risk
Risk can be mitigated not eliminated
Risk: Unforeseen obstacles to the pursuit of organization’s objectives
risks are internal or external also are quantitative or qualitative
Risk assessment: Process of identifying organization’s vulnerabilities
Risk analysis:
Estimate the significance of risk
Frequency of risk
How the risk should be managed?
Risk management: process of designing and operating internal control
system that mitigate risks identified in the risk assessment
3- Control activities:
Policies that developed to control risk in the company and procedures to
ensure policies were be followed
Preventive controls: which try to prevent an error, mistake or problem
before entering the system, sure it is cheaper and easier highly visible Such
as fences, locked doors, security guards and segregation of duties
Detective controls: calls attention to an error that has already entered the
system but before a negative outcome
Such as petty cash count, fire alarm system
Corrective controls: correct negative outcome effect of unwanted events
Directive controls
1- Segregation of duties: reduce the risk of errors or inappropriate activities,
no single individual should have enough responsibility to be in a position
to both perpetrate and conceal irregularities.
Incompatible duties cannot be combined in the same job function
separation of 4 basic responsibilities:
a) Authorization to execute transactions
b) Recording of transactions, this person knows how much of that asset
we should have
c) Physical Custody of the recorded assets, this person knows how
much we actually have
d) Periodic reconciliation: reconciliation between what we should have
and what we actually have
2- Independent check and verifications Involves 2 conditions:
No involvement of assets custody
Unconnected to original transaction
3- Safeguarding controls: Includes limit access to assets only to the
authorized personnel, whether it is direct access or indirect access
4- Sequential pre-numbered forms
5- Specific document flow
6- Compensating controls: When not possible to apply previous control
activities, then we apply compensating controls instead
7- Fraud: must be intentional, involves collusion (when two or more
individuals get around controls) and
falsification
4- Information and communication: Information needs to be obtained from
and communicated to people to allow them to perform their duties, ongoing
basis right information to right people at right time
5- Monitoring: Reviewing the controls over a time to make sure that they are
still relevant and still functioning as they were intended, to be able to comply
to all changes that might happen to technology, business, transactions, even
people
limitations of internal controls that we must be aware off:
1- can’t provide absolute assurance, only a reasonable assurance.
2- human judgement in decision-making can be faulty/wrong.
3- breakdowns can occur because of human errors.
4- management may be able to override internal controls, which will be a
problem with the “ton on the top”, a problem with the control environment
5- collusion, as two or more individuals might be able to get around internal
controls, maybe someone inside and someone outside the company
Control procedures
An evaluation reward / discipline: should be implemented to encourage
compliance with control activates
Expenditure cycle (procurement cycle)
1- Inventory control: when inventory below predetermined amount issue
purchase requisition by employee in inventory department
2- Purchasing: approve requisition and select supplier and issue purchase order
and distributor it to vender, purchasing, receiving (blind copy), archive,
accounts payable
3- Receiving: prepare receiving report and distribute it to accounts payable,
inventory control and the last one to archive
4- Accounts payable: The accounts payable have invoice from vender and
match purchase order with purchase requisition, vender and receiving report
and issue payment voucher
5- Treasure: all documents with payment voucher are reviewed and cancel
payment voucher and prepare check and remittance letter
6- Accounting: have payment voucher and record increase to AP and inventory
When accounting receive remittance letter and check record decrease to
cash and decrease to accounts payable
Types of control procedures:
Primary controls
1- Preventive controls:
2- Detective controls
3- Corrective controls: correct negative outcome of unwanted events
4- Directive controls: encourage the occurrence of desirable event policy,
operating manuals and procedures
Secondary controls
1- Compensatory controls (Mitigating controls)
Reduce risk to acceptable level when primary activates not effective
2- Complementary controls: work with other controls to reduce risk to
acceptable level
Time Based Controls:
1- Feedback controls: Report information about completed activities they
permit improvement of future performance by learning from past
mistakes
2- Concurrent controls: adjust ongoing process monitor activities in present
to prevent them from deviating too far from standard
3- Feed forward controls (preventive controls)
Financial - operating controls
People based controls: dependent on the intervention of human for their proper
operation
System based controls: executed whenever by system without human
intervention
Segregation of duties: assigning different employees to perform functions
Reduce risk of error or in appropriate activities
No individuals perpetrate and conceal errors or fraud
1- Separation of basic responsibilities:
Authorization
Record keeping
Asset custody
Reconciliation
2- Independent checks and verification (Reconciliation)
No involvement of asset custody
Un connected to original transaction
3- Safeguarding controls(custody)
4- Sequential pre numbered form
5- Specific document flow
Tracing: following transaction from original source of document to accounting
record
Vouching: follow transaction from accounting record to document
Output controls:
Assurance that input and processing has resulted in valid output that output
information is complete and accurate
1. Audit trail: report of all transactions details
2. Error listings: report all transactions rejected by the system
Storage controls:
Dual write routines: store data on two separate physical devices
Validity checks: data bits’ structure validity
Storage physical controls: store hard drives in physically secure rooms and storing
portable
3- System development controls
Data governance
Data governance: Set of principles and practices that ensure high quality of data
through complete life cycle of your data
Data governance is quality control of data, deal with the overall management of
the data assets and data flows within an organization.
Data governance is a process that helps the organization better manage and
control its data assets.
Benefits:
Data governance means better, organized, controlled, accurate, compliance,
cleaner data, which mean better analytics, better decision making, better business
results, better business positioning, reputation and better profit margin
Garbage in, Garbage out
Data Governance include:
1. Data Availability: available for whom it is needed, where it is needed
2. Data usability: accessibility to users and applications, accurate
3. Data integrity: completeness, consistency, reliability and accuracy of data
4. Data security: Confidentiality and data security from un authorized users and
corruption
5. Data privacy: level of authority
6. Data integration: Combining data from different sources (internal and external)
7. System availability: maximizing the probability that the system will function as
and when required
8. System maintenance: modification to update, correct, improve or improve to
changes required
9. Compliance with law and regulations: privacy protection according to privacy
standards
10. Determination rules and responsibility: authority level
11. Internal and external data flows within the organization.
IT Governance and Control Frameworks:
1- Identify roles and responsibilities that need to be met
2- Provide frame work for assessing risk and control
3- Following a framework provides higher likelihood of implementing effective
governance and controls.
4- Frameworks break down objectives and activities into groups.
5- Regulatory compliance may be easier to achieve by following effective
governance and control frameworks
COBIT® by ISACA is an I & T (Information and Technology) framework for the
governance and management of enterprise information and technology
Governance vs. Management:
Governance: is usually the responsibility of the board of directors under the
leadership of the chair of the board of directors
purpose:
1- Stakeholder needs are considered and conditions and options are evaluated
in order to determine objective
2- Prioritization and decision-making are used to set direction
3- Performance and compliance are monitored
Management:
the responsibility of the executive management under the chief executive
officer’s (CEO’s) leadership
The purpose of management is to plan, build, run, and monitor activities in
accordance with the direction
Components of corporate Governance:
1- Processes
2- Organization structure
3- Principles, policies, framework
4- Information
5- Culture, ethics, and behavior
6- People, skills, competences
7- Services, infrastructure, and applications.
Goals Cascade: governance would set goals and then management make certain
that they all happen, and there need to be a process to this
Who’s involved: Data governance involve the whole organization in a greater or
lesser degree as well as external stakeholders
Internal stakeholders:
BOD, executive management, business manager, it manger, assurance providers
and risk management
External stakeholders:
Regulators, IT vendors and business partner
Performance Management in COBIT:
includes the activities and methods used to express how well the governance and
management systems and the components of an enterprise work, if they are not
achieving the required level, how they can be improved Performance management
utilizes the concepts capability levels and maturity levels.
Access Controls:
1- logical access controls: focuses on who can use which computer equipment
and who can access data.
To restrict data access only to authorized users, one or more of the following
strategies can be adopted
Something you know: User IDs and passwords
Someone you are: Biometrics
Biometrics can recognize physical characteristics such as: Iris or retina
of the eyes, Fingerprints, Vein patterns, Faces recognition, Voices
recognition
Something you have: Some very high-security systems require the
presence of a physical object to certify an authorized user’s identity.
Two-Factor Authentication: Requires two independent, simultaneous actions
before access to a system is granted such as entering a password and get
verification code that should receive by mail or text message
Or password and answering question
Other User Access Considerations:
Automatic locking or logoff policies.
Logs of all login attempt
Accounts that automatically expire
RPA uses:
The software robots, also called “clients” or “agents,” can log into applications,
move files, copy and paste items, enter data, execute queries, do calculations,
maintain records and transactions, upload scanned documents, verify information
for automatic approvals or rejections, and perform many other tasks
1- Automate portions of transaction reporting and budgeting in the accounting
area, mainly all the routine areas.
2- Automate manual consolidations of financial statements
3- Financial institutions can use RPA to automate account openings and
closings.
4- Insurance companies can use it to automate claims processing
5- RPA can be used in supply chain management for procurement, automating
order processing and payments, monitoring inventory levels, and tracking
shipments.
Benefits of Robotic Process Automation (RPA):
1- RPA software does not require coding knowledge, RPA software usually has
“drag-and-drop”
2- It enables employees to be more productive because they can focus on more
advanced and engaging tasks
3- It can be used to ensure that business operations and processes comply with
regulations and standards.
4- The tasks performed can be monitored and recorded, creating valuable data
and an audit trail.
5- the process can be completed much more rapidly.
6- Robotic process automation can result in cost savings.
7- provide better customer service by automating customer service tasks.
8- Robots follow rules consistently, do not need to sleep, do not take vacations,
do not get sick, and do not make typographical errors
Limitations of Robotic Process Automation (RPA):
1- Robots are not infallible, if they are not programmed correctly
2- Robots cannot replicate human reasoning, does not recognize incorrect data
3- Robots have no “common sense wrong command
4- Because RPA can be used to automate processes in a “noninvasive” manner
management may be tempted to deploy RPA without relying on assistance
from the IT department
Cloud Computing
Cloud Computing: a method of essentially outsourcing the IT function. It is a way
to increase IT capacity or add capabilities without having to invest in new
infrastructure or license new software
Cloud service providers offer all three types of resources.
1- Software as a Service (SaaS):
The capability provided to the consumer is to use the provider’s applications
running on a cloud infrastructure applications are accessible from various
client devices through either a thin client interface, the consumer does not
manage or control the underlying cloud infrastructure, with the possible
exception of limited user-specific application configuration settings
2- Platform as a Service (PaaS):
3- Infrastructure as a Service (IaaS):
Benefits of Cloud Computing, SaaS, PaaS, and IaaS:
1- Users pay for only what they use, Cloud computing is scalable. A firm can
quickly increase or decrease the scale of its IT capability
2- a user organization may be able to decrease its investment in its own
hardware and software
3- The provider keeps the software updated, so the user organizations do not
need to invest in upgrades
4- can be accessed from anywhere, from any compatible device, work at home
or office (flexibility)
5- Responding to new and existing requirements for external compliance
reporting
6- free up accountants so they can handle higher-value activities and streamline
lower-value processes.
7- enable the CFO to move into a more strategic role instead of spending time
on transactional activities.
8- provide stronger infrastructure and better protection than an on-site IT
department
9- Can offer to companies of all sizes
Limitations, Costs, and Risks of Cloud Computing, SaaS, PaaS, and IaaS:
1- Reliability of the Internet is a concern. If the Internet goes down, operations
stop.
2- The quality of the service given by the provider needs to be monitored
3- Loss of control over data and processing introduces security concerns
4- Contracting with overseas providers may lead to language barrier problems
and time-zone problems
5- The ability to customize cloud solutions is limited,
6- timing of automatic backups may not be controllable by the user and may
not be convenient for the user.
7- The cloud cannot overcome weak internal controls
8- The company’s data governance must be structured to cover the cloud and
the risks inherent in it.
9- Expected cost savings may not materialize
Block chains
Block chain was initially envisioned as a peer-to-peer system for sending online
payments from one party to another party without using a financial institution
Some terminologies that related with block chain
Block chain is a public record of transactions in chronological order,
a way for one Internet user to transfer a unique piece of digital property to
another Internet user, such that the transfer is guaranteed to be safe and secure,
everyone knows that the transfer has taken place, and nobody can challenge the
legitimacy of the transfer”
a block chain is a system of digital interactions that does not need an intermediary
such as a financial institution to act as a third party to transactions
public block chain: is open to anyone, anyone can contribute data to the ledger,
and all participants possess an identical copy of the ledger, is also called a
permission less ledger
The public block chain has no owner or administrator, but it does have members
who secure the network, and they usually receive an economic incentive for their
efforts
Private block chain: also called a permissioned ledger, allows only invited
participants to join the network. Permissioned ledgers are controlled by one or
more network administrators. All of the members—but only the members—have
copies of the ledger. Private block chains can be used by a single entity
Hybrid block chain: is a mix of a public and private block chain, some processes are
kept private and others are public. Participants in public or private networks are
able to communicate with each other, enabling transactions between them across
networks. A hybrid block chain can be used by a supply chain group to control the
supply chain.
Node: a powerful computer running software that keeps the block chain running
by participating in the relay of information.
Nodes communicate with each other to spread information around the network
Miners: are nodes (computers) on the block chain that group outstanding
transactions into blocks and add them to the block chain.
Distributed ledger: is a database held by each node in a network, and each node
updates the database independently.
Hash: is taking an input string of any length and giving it an output of a fixed length
using a hashing algorithm.
Block – is a record in a block chain that contains and confirms many waiting
transactions. It is a group of cryptocurrency transactions that have been encrypted
and aggregated into the block by a miner
Nonce: is a random string of characters that is appended to the transaction
information in the block before the block is hashed and it is used to verify the
block, this is how to be able to confirm that the block is actually the block that it
says
Uses of Block chain
1- transfer virtual currency, or cryptocurrency.
A virtual currency is a digital representation of value that functions as a medium
of exchange
2- Private, permissioned block chains can be used by financial institutions for
trading, payments, clearings, settlements, and repurchase agreement
transactions
3- Intercompany transactions where different ERP systems are in use can be
streamlined using a block chain
4- Procurement and supply chain operations on block chain can be used to
optimize accounts payable or accounts receivable functions.
smart contract
A contract that has been digitized and uploaded to a block chain is called a smart
contract, set of promises, specified in digital form, including protocols within which
the parties perform on these promises
Executing a Smart Contract:
When a smart contract is uploaded to a block chain, the validity of the contract is
checked and the required steps are enabled
after that, it is automatically executed
immutable, distributed and self-executing automatically,
Some examples of the uses of smart contracts on block chains:
1- can be used to ensure the authenticity of a product
2- can be used to protect intellectual property
3- Block chain and smart contracts have an important place in supply chain
management, freight, and logistics, particularly in international transactions
4- On-demand manufacturing can be performed by machines that are
automated and running on a block chain network
5- An insurance contract can be in the form of a smart contract.
Governance for Smart Contracts:
1- Governance standards may assign responsibility for smart contract design
and operation and establish mechanisms for dispute resolution.
2- Standards may incorporate terms or conditions that smart contracts need to
have in order to be enforceable
3- Standards could create presumptions regarding the legal character of a smart
contract, depending on its attributes and manner of use
4- Good governance standards may help address the risks that smart contracts
Present
Benefits of Smart Contracts:
1- Smart contracts can authenticate counter-party identities, the ownership of
assets, and claims of right by using digital signatures, which are private
cryptographic keys held by each party.
2- Smart contracts can self-execute
3- Smart contracts can access outside information or data to trigger actions
4- The decentralized, distributed ledger on the block chain prevents
modifications of unauthorized or agreed to by the parties
5- Smart contracts can enhance market activity and efficiency by facilitating
trade execution.
6- Use of standardized code and execution may reduce costs of negotiations
7- Automation reduces transaction times and manual processes
8- Smart contracts can perform prompt regulatory reporting as necessary
whatever that reporting requirements are.
Limitations and Risks of Smart Contracts:
1- The operation of a smart contract is only as smart as the information it
receives and the computer code that directs it, so if it is poorly program, if it
is not setup properly, is not going to do what is it that it supposed to do
2- A smart contract may be subject to fraud and manipulation
3- Existing laws and regulations apply to all contracts equally regardless of what
form a contract takes, so contracts or parts of contracts that are written in
code are subject to otherwise applicable law and regulation.
4- A smart contract could introduce operational, technical, and cybersecurity
risk, it has to be protected.
Data Analytics
Data analytics: is the process of gathering and analyzing data in a way that
produces meaningful information that can be used to aid in decision making
Data is meaningless without a method of efficiently collecting, aggregating,
analyzing, and utilizing it for the benefit of the company
Data analytics can be classified into four types
1- Descriptive analytics report past performance“ What happened”?
2- Diagnostic analytics are used with descriptive analytics to answer the
question, “Why did it happen”? The historical data is mined to understand
the past performance and to look for the reasons behind success or failure.
3- Predictive analytics focus on the future using correlative analysis. Predictive
analytics answer the question, “What is likely to happen”?
4- Prescriptive analytics answer the question “What needs to happen?” by
charting the best course of action based on an objective interpretation of the
data, prescriptive analytics can help determine why it will happen
Business Intelligence
Business intelligence: Is the combination of architectures, analytical and other
tools, databases, applications, and methodologies that enable interactive access
sometimes in real time to data such as sales revenue, costs, income, and product
data. Business intelligence provides historical, current, and predicted values for
internal, structured data regarding products and segments
Data to Action
Data :facts and figures, but data by itself is not information
Information: is data that has been processed, analyzed, interpreted, organized,
and put into context such as in a report, in order to be meaningful and useful.
Knowledge: is the theoretical or practical understanding of something,
information becomes knowledge through experience, study, or both.
Insight is a deep and clear understanding of a complex situation, insight can be
gained through perception or intuition, but it can also be gained through use of
business intelligence
The insights gained from the use of business intelligence lead to recommendations
for the best action to take. Strategic decisions are made by choosing from among
the recommendations
The strategic decisions made are implemented and turned into action.
A Business Intelligence system has four main components:
1- Data warehouse (DW) containing the source data.
2- Business analytics
3- A business performance management component (BPM) to monitor and
analyze performance.
4- A user interface, usually in the form of a dashboard.
Big Data
Big Data: Big Data refers to vast datasets that are too large to be analyzed using
standard software tools and so require new processing technologies. Those new
processing technologies are data analytics
Big Data can be broken down into three categories:
Structured data: is in an organized format that enables it to be input into a
relational database management system and analyzed
Unstructured data: has no defined format or structure. It is typically free form and
text-heavy, making in-depth analysis difficult.
Semi-structured data has some format or structure but does not follow a defined
model
Big Data is characterized by four attributes, known as the four V’s:
Volume: refers to the amount of data that exists
Velocity: Velocity refers to the speed at which data is generated and changed also
called its flow rate.
Variety: refers to the diverse forms of data that organizations create and collect
Veracity: the accuracy of data, or the extent to which it can be trusted for decision
making.
Variability: Data flows can be inconsistent
Value: Value is the benefit that the organization receives from data. Without the
necessary data analytics processes and tools
Data Since: A field of study and analysis that uses algorithms and processes to
extract hidden knowledge and insights from data.
The objective of data science is to use both structured and unstructured data to
extract information that can be used to develop knowledge and insights for
forecasting and strategic decision making
The difference between data analytics and data science is in their goals:
The goal of data analytics is to provide information about issues that the analyst
or manager either knows or knows he or she does not know (that is, “known
unknowns”).
On the other hand, the goal of data science is to provide actionable insights into
issues where the analyst or manager does not know what he or she does not know
(that is, “unknown unknowns”).
Data and Data Science as Assets
Data and data science capabilities are strategic assets to an organization, but they
are complementary assets,
Data science is of little use without usable data.
Good data cannot be useful in decision-making without good data science talent.
Investing in Data and Data Since:
As with any strategic asset, it is necessary to make investments in data and data
science.
Challenges of Managing Data Analytics
Data capture, data curation, data storage, security and privacy protection, data
search, data sharing, data transfer, data analysis, and data visualization.
The growth of data and especially of unstructured data
The need to generate insights in a timely manner in order for the data to be useful
Getting and keeping right people, Recruiting and retaining Big Data talent.
Data Mining
Data mining is the use of statistical techniques to search large data sets to extract
and analyze data in order to discover previously unknown, useful patterns, trends,
and relationships within the data that go beyond simple analysis and that can be
used to make decisions
Data mining uses specialized computational methods derived from the fields of
statistics, machine learning, and artificial intelligence
Data mining is
1- iterative process: Iteration is the repetition of a process in order to generate
a sequence of outcomes
2- Data mining is a process with defined steps, and thus it is a science
3- Data mining is also an art, Decisions must be made regarding
what data to use, what tools to use, and what algorithms to use
Time series forecasting: A time series may have one or more of four patterns (also
called components) that
influence its behavior over time:
1) Trend
2) Cyclical
3) Seasonal
4) Irregular
Sensitivity Analysis
Sensitivity analysis can be used to determine how much the prediction of a model
will change if one in put to the model is changed.
It can be used to determine which input parameter is most important for achieving
accurate predictions
Sensitivity analysis is known as “what-if” analysis
Monte Carlo Simulation Analysis:
Monte Carlo simulation can be used to develop an expected value when the
situation is complex and the values cannot be expected to behave predictably
Monte Carlo simulation uses repeated random sampling and can develop
probabilities of various scenarios, changing to multiple variables at the same time
Benefits of Sensitivity Analysis and Simulation Models:
1- Sensitivity analysis can identify the most critical variables, that is, the
variables that are most likely to affect the end result if they are inaccurate
2- simulation is flexible and can be used for a wide variety of problems
3- Sensitivity analysis and simulation analysis can be used for “what-if”
situations, because they enable the study of the interactive effect of
variables.
4- Both sensitivity analysis and simulation analysis are easily understood.
5- Many simulation models can be implemented without special software
packages because most spreadsheet packages provide useable add-ins
Data Visualization
Data visualization is making data more understandable and usable data and
predictions from data.
Tables Used in Visualization: A table can be in any form and include all of the data
available or only certain data.
Scatter Plot:
A scatter plot can be used to show all the values for a dataset, typically when there
are two variables. One variable may be independent and the other value
dependent, or both variables may be independent.
A scatter plot can reveal correlations between variables or alternatively, a lack of
correlation.
Dot Plot:
A dot plot provides information in the form of dots.
A dot plot can be used to visualize several data points for each category on the x
axis
are used to present summarized statistics such as means, maximum values, and
minimum values.
Line chart: to visualize several observations for each category using line for each
observation
A bar chart: is useful for comparing a statistic across groups. The height of the bar
or the length of it, if the bar is displayed horizontally, displays the value of the
statistic
A pie chart is in the form of a circle that portrays one value for each category,
marked as pieces of a pie
Bubble chart:
A bubble chart: replaces data points with bubbles that vary in size according to the
size of the values they depict
Histogram: shows the frequencies of a variable using a series of vertical bars. The
values of the variable may occur over a period of time, or they may be as of a
moment in time,
Boxplot: A boxplot is another type of chart that is used to display the full
distribution of a variable.