Professional Documents
Culture Documents
1|Page
2. Accounting / Business Cycles
A cycle is a way of organization financial transactions according to their purpose. There are 7
primary cycles including:
❖ Revenue Cycle
❖ Expenditure Cycle
❖ Production Cycle
❖ Human Resource and Payroll Cycle
❖ Financing Cycle
❖ Fixed Assets (PPE) Cycle
❖ General Ledger
1) Revenue Cycle
The revenue cycle OR sales cycle is devoted to processing company sales. The process is as
follows.
2|Page
2) Expenditure
The expenditure cycle is devoted to purchasing items (mostly inventory) for the operations of the
business, whether purchasing at retail prices OR wholesale prices.
3|Page
3) Production Cycle (Operations)
The production (operations) cycle varies from one business to the other, however, there is a
pattern for accounting data inputs, processes, and outputs that can be used when considering the
production cycle.
There are 4 major activities in a production cycle:
➢ Product Design
➢ Planning and Scheduling
➢ Production Operations
➢ Cost Management
4|Page
4) Human Resources and Payroll Cycle
The primary role of the human resource cycle s to make sure the business has the people with the
right skills carry out the mission.
The primary steps in the human resource cycle process are hiring, training, transferring, and
firing employees.
The primary function of the payroll process is to compensate employees for the work done. The
five main steps in the process include:
5) Financing Cycle
5|Page
3. Separate Financial and Non-
Financial Systems
The main problem with having separate financial and
non-financial systems is the data maintenance and
ensuring that the data is linked accurately. Financial
and non-financial systems measure the same thing,
but with different tools
6|Page
5. Data, Databases, and Database Management Systems (DBMS)
Database- is an organized collection of data in a computer system. The data in the database are
integrated to eliminate redundancy of data item. The integrated data allows for improved
accessibility. If the organization’s data are not integrated, the may contain data that are not
updated and different.
Database Management System (DBMS)- is the interface OR program between the database
and the application programs that access the database.
The DBMS manages and controls the data and the interface between the database and the
application programs. It also provides a centralized view, so that data can be access by many
users from different locations.
The DBMS facilitates creating, retrieving, updating, managing data, and protecting data.
The DBMS controls 2 primary components:
1) Data
2) Database program that allows data to be accessed, retrieved, modified, and locked
7|Page
The database scheme OR blueprint defines the database logical structure OR the way humans
view the data. It is the connection between logical and physical structures of the database.
The DBMS allows programmers and designers to work independently of the technical structure
of the database. DBMS provides a common language for referring to database, easing the design,
and coding of programs.
Ex- DB2 (IBM), Oracle (Oracle Corp.), SQL Server (Microsoft), and Access (Microsoft).
A database administrator (DBA) is an individual who has the overall responsibility for
developing, maintaining the database, and establishing controls to protect its integrity.
The DBA has the ultimate responsibility to update data dictionaries. The DBA is also responsible
for creating, maintaining, securing, restricting access, redefining, and restructuring the database.
Data Dictionary- is a file that describes both physical and logical characteristics of every data
element in a database. The dictionary includes names of data elements, amount of disk space,
etc.
Database Mapping Facility- is a software that is used to evaluate and document the structure of
the database.
An object-oriented database is a response to the need to store not only numbers and characters,
but also graphics and multimedia applications.
❖ The stored files can be used to re-construct the database in the event of data loss OR
corruption
8|Page
7. Relational Database Structure
A relational structure organizes data in a conceptual arrangement (groups of tables). Data is
stored according to the data hierarchy and the structure of the data in each level.
➢ Field / Attribute / Column is the first level in the data hierarchy. It is information that
describes one attribute of an item OR entity in the database. (Ex- person OR object).
➢ Record is the second level of data. A record contains all information about one item OR
entity in the database. Each item of the information is kept in a separate field within a
record (Ex- employees ID/ address/ name is within the field, but all these details are
within the employee’s record). The data field contained in each record is a part of the
record structure.
➢ File / Table is the third level in the data hierarchy. A table is a set of common records.
(Ex- records of all employees)
➢ Database is the highest level. It is made up of several files OR tables. (Ex- an AIS
contains a collection of tables)
In a relational structure, each data element is stored several times, which is done by
normalization. Normalization prevents inconsistent deletion, insertion, and updating of data
items.
3) Projecting- results in the requested subset of columns from the table. This operation
creates new tables containing only the required information.
9|Page
There are 2 features that make the relational data structure standout:
1) Cardinality- refers to how close a given data element is to being unique.
✓ A data element can only exist once a table has high cardinality.
✓ If the data element is not unique, but has a restricted range of information, it has a
normal cardinality.
✓ A data element that has a very small range of values has low cardinality. (Ex-
male OR female / true OR false)
2) Referential Integrity- in order for a record to be entered in a table, there must already be
record in some other tables.
The main advantage of relational data structure is that search for records is greatly facilitated.
Data from a relational database can be displayed in graphs and reports, changes, and controlled
using a program called Query Management Facility (QMF).
2) Partitioning (Fragmentation)- stores specific records when they are most needed.
8. Data Warehouse
Data Warehouse- is a set of large databases consisting of detailed and summarized data that is
used primarily foe analysis rather than processing transactions. It is a storage location for all a
company’s data from programs, sources, and database. The data is usually cleaned and organized
before stored so that it can be searched.
Data warehouse contain current operating data and historical information from the organization.
So, the data is integrated, consolidated, and standardized in the organization.
10 | P a g e
9. Data Cleaning
Data Cleansing- cleans up data in the database that is incorrect, incomplete, or duplicated before
loading it into the database. It improves the quality of data and the need of data cleaning
increasing when multiple data sources are integrated.
11 | P a g e
15.2 Data Governance and Risk
1. Data Governance
Data Governance is the overall management of data within an organization. The organization
must have a well designed and functioning data governance to prevent data corruption,
devaluation, unusuality, lost, and stolen.
Data Governance includes:
❖ Data availability- is the process of making data available to users and applications when
needed.
❖ Data usability- includes accessibility, quality, and accuracy to users of the data.
❖ Data security- the protection of data, preventing unauthorized access and protection
from corruption and other loss.
❖ Data privacy- determining who is authorized to access data and which item of data can
be accessed.
❖ Data integration- combining data from different source (internal and external) and
providing users with a unified view of all the data.
❖ System availability- is maximizing the profitability that the system will function as
required and when required.
12 | P a g e
2. Control Objectives for Information and relating Technologies
(COBIT)
COBIT is focused on effective internal control as it relates to IT. COBIT 2019 has 6 key
principles for a governance system:
1) Provide value to stakeholder by achieving the required strategy
NOTE
Governance system components can be:
➢ Generic- components applied in principle to any circumstances
✓ Data Entry- new data value can be created within the organization.
✓ Signal Reception- the organization acquires data that has already been created by
control system within the organization; data received by transmission (Ex- data
from sensors)
13 | P a g e
❖ Data Maintenance- is the second stage of the life cycle, after the data has been captured,
it is defined as supplying data to the points which data syntheses and data usage occurs.
Data maintenance involves processing the data without deriving any value for the
business. It is often involving cleansing and enrichment of data.
❖ Data Synthesis- involves using statistical methods that combine data from many sources
to obtain a better overall estimate. Data synthesis involves creating values by using
inductive logic, by using other data as inputs.
❖ Data Usage- is how the data is used to support the mission of the business such as
strategic planning, processing invoices, etc. Data usage can also be defined as the
application of data to tasks based on the entity’s needs to run and manage itself.
❖ Data Analytics- is the science of examining raw data with the purpose of creating new
information and generating business insights. Data analytics uses modeling such as risk
modeling, actuarial modeling, and modeling for investment decisions.
❖ Data Publication- is the process of sending data to a location outside the organization.
(Ex- sending monthly statements to customers)
❖ Data Archival- is the process of removing the data from active use to be stored for
potential future use. Therefore, there will be no regular maintenance and probably little
usage.
❖ Data Purging- this occurs at the end of the data life cycle; every copy is removed from
the business; this is usually done from the archives. Disposing all copies is usually a data
governance challenge, as it is difficult to prove a full purge actually occurred.
14 | P a g e
4. Record Retention Policy
it is important for every organization to have a formal record retention policy (record
management policy), which provides the basis for retention and periodic destruction of
documents and other records.
Keeping and maintaining too many records OR storing them longer than needed can create
unneeded costs for the organization.
For some types of documents, there is a minimum retention periods imposes by law, such as
taxes and employees related documents. (Ex- tax records must be kept for at least 7 years, unless
there is a suspected fraud and, in this case, there is no minimum).
If the records needed for a particular legal case that has been destroyed based on a well-
established record retention policy, then the court may assume the organization was complying
with its duty.
❖ Dumpster Diving- is the act of sifting (examining) through the company’s trash for
information that can be used to break into computers or assist in social engineering.
➢ Firewalls- help to detect and prevent cyberattacks. They use the concept of defense in
dept so that if one security layer is breached the other can stop an attack.
➢ Biometric Identification- each user must authenticate themselves to the system. The
benefit is that biometric identifiers (fingerprint) are very difficult to lose or steal, and
therefore more restricted.
15 | P a g e
15.3 COSO Framework- Internal Control for Data
Governance
Effective corporate governance relies mainly on effective systems of internal control and
enterprise risk management. COSO has established a widely accepted framework for each
system.
There are 3 objectives of the COSO Model:
1) Operations
2) Reporting
3) Compliance
16 | P a g e
1. Requirement of Effective Internal Control
A system of internal control is effective if it provides reasonable assurance of achieving the
entity’s objectives (operating, reporting, and compliance). This system can reduce the risks of
not achieving those objectives to an acceptable level.
An effective system of internal control requires that each of the 5 components of internal control
to be:
❖ Present refers to whether the components and principles exist in design and
implementation of internal control
❖ Functioning refers to whether the components and principles continue to exist in the
operation of the system of the internal control.
The use of judgment is required in designing, implementation, and conducting internal control
and assessing effectiveness.
The use of outsourced service providers for certain business processes does not relieve the
organization of its responsibility for the system of internal control.
Despite the fact that technology innovations create opportunities and risks, the principles of
COSO do not change.
17 | P a g e
2. Roles and Responsibilities Regarding Internal Control
There are 2 parties responsible for the internal control:
✓ Internal Party
✓ External Party
Internal Parties
1) Board of Directors
The BOD has the responsibility for overseeing the internal control system. They define the
expectations about integrity, ethical values, transparency, and accountability through
selection and termination of the CEO.
BOD committees include:
✓ Audit Committee
✓ Compensation Committee
✓ Nomination / Governance Committee
✓ Risk Committee
✓ Finance Committee
2) Senior Management
The senior management sets the tone at the top and has the primary responsibility for
establishing a proper ethical culture. They set the objectives and have the overall
responsibility for designing, implementing, and operating an effective internal control.
The senior management also:
❖ Maintains oversight and control of the risks of the entity
❖ Guides the development and performance of control activities at the entity level
❖ Assigns the responsibility to establish more specific internal controls at different levels of
the entity
❖ Communicates expectations
❖ Evaluates control deficiencies
3) Operational Management
The operational managers provide the first line of defense for effective management of risk and
control. They also develop and implement control and risk management process.
18 | P a g e
4) Business-Enabled Functions
Business enabled functions provide the second line of defense for effective management of risk
and control. These functions support the entity through specialized skills and include various
risk management and compliance functions.
Furthermore, they are mainly responsible for the ongoing monitoring of control and risk.
5) Internal Auditors
The internal auditors provide the third line of defines for effective management of risk and
control. They evaluate the adequacy and effectiveness of controls in responding risks in the
entity’s oversight, operations, and information systems. To remain independent the internal
auditor can not be responsible for selecting and executing controls.
6) Other Personnel
Everyone in the organization is expected to competently performs their appropriate control
activities and inform those higher in the firm about any ineffective controls.
External Parties
1) External Auditors
19 | P a g e
3. Limitations of Internal Controls
Internal controls only provide reasonable assurance of achieving objectives. It cannot provide
absolute assurance because any system of internal control has inherent limitations.
Inherent limitations include:
1) Established objectives must be suitable for internal control. (Ex- if an entity has
unrealistic objectives, the internal controls will be ineffective)
2) Human judgment is faulty, and control may fail because of errors OR mistakes.
20 | P a g e