Focus Final

Download as pdf or txt
Download as pdf or txt
You are on page 1of 13

Chapter – 9 ( 2 Questions)

Question - 1
XBRL (extensible Business Reporting Language) and is based on the XML language (Extensible
Markup Language), is specifically designed to electronically communicate business information
and is used to facilitate business reporting of financial and nonfinancial data.

Explain how XBRL works and how it makes business reporting more efficient

Solution

• XBRL stands for eXtensible Business Reporting Language and is based on the XML
language, a standard for Internet communication between businesses.
• The XBRL database is available for various uses, including reporting on the firm’s web
site, filing to regulators (SEC, IRS, etc.) and providing information to other interested
parties such as financial analysts, loan officers and investors.
• Each interested XBRL user can either access standard reports (i.e. 10-K going to the SEC
or the corporate tax return going to the IRS) or specialized reports (i.e. accessing only
specific data for a financial analyst, etc.).

• Extensible business reporting language will be reflecting of a standard which is developed


in order to improve the way in which the data is communicated in the overall financial
business and it is used for compilation and sharing of the data so it is a freely available
Global framework of accounting standard which is used for extending the business
information and it is based on the XML coding and it is standardized and way of
transferring financial record along the world.
• It makes business reporting more efficient because it is is trying to convert the data from
various websites and they are converting it to the spreadsheet program so standardisation
of the identification tag and language itself the financial data from one country which asset
accounting standard can be easily compiled into the accepted Accounting industry of other
countries.
• It will be using tags to identify each piece of financial data and it will allow it to be program
programmed by the extensible business reporting language for easy transmission of data
between business.
Question 2
It is expected that investors and other financial statement users will ultimately demand some
assurance from an auditor or external party on a firm’s use of XBRL
✓ Discuss that statement showing the XBRL possible assurance objectives

Solution
XBRL stands for eXtensible Business Reporting Language and is based on the XML language, a
standard for Internet communication between businesses.The XBRL database is available for
various uses, including reporting on the firm’s web site, filing to regulators (SEC, IRS, etc.) and
providing information to other interested parties such as financial analysts, loan officers and
investors. Each interested XBRL user can either access standard reports or specialized reports
(i.e. accessing only specific data for a financial analyst, etc.)
Investors usually request assurance from an auditor or external party on a firm’s use of XBRL.
Auditors or external party always ensure the following assurance in XBRL
1. The most current, standardized XBRL taxonomy is used. The XBRL
taxonomy defines and describes each key data element (e.g., total assets,
accounts, payable, net income, etc.).
2. The underlying financial and nonfinancial data that is used in XBRL
tagging is reliable. Tagging is the process of applying the entity’s
unique financial data to an element within the taxonomy. The tagging process
is performed during the creation of an instance document.
3. The XBRL tagging is accurate and complete
4. The reports generated using XBRL are complete and received on a timely
basis.
Some important terminology in XBRL
• The XBRL taxonomy defines and describes each key data element (e.g., total assets,
accounts, payable, net income, etc.).
• XBRL instance documents contain the actual dollar amounts or the details of each of the
elements within the firm’s XBRL database.
• XBRL style sheets take the instance documents and add presentation elements to make
them readable by humans.
Chapter – 15 (2 questions)
Question 1
Although the concept of continuous auditing was introduced more than 20 years ago, it was
not widely implemented by firms before the proliferation of information technologies in
recent years.
Discuss the above statement showing:
✓ Continuous audit concept.
✓ Continuous Audit Benefits
✓ Implementation of Continuous Audit
✓ The most significant Non-technical Barriers / technical challenges
Solution
Continuous audit concept.
• A continuous audit is performing audit-related activities on a continuous basis.
• Testing in continuous audits often consists of continuous controls monitoring and
continuous data assurance.
• Technology plays a key role in analyzing trends and patterns of transactions, identifying
exceptions and anomalies, and testing controls.

Continuous Audit Benefits


• Most firms
– can reduce errors and frauds
– increase operational effectiveness
– better comply with laws and regulations
– increase management confidence in control effectiveness and financial information
• Allows internal and external auditors to
– monitor transaction data in a timely manner
– better understand critical control points, rules, and exceptions
– perform control and risk assessments in real time or near real time
– notify management of control deficiencies in a timely manner
– reduce efforts on routine testing while focus on more valuable investigation
activities
Implementation of Continuous Audit
• Extensible Markup Language (XML)
• Extensible Business Reporting Language (XBRL)
• Database management systems
• Transaction logging and query tools
• Data warehouses
• Data mining or computer-assisted audit techniques (CAATs)
The most significant Non-technical Barriers / technical challenges
• Non-technical Barriers
o Perceived negative impact of continuous auditing on the firm.
o Priority of implementation in determined key areas.
o Readiness of the internal audit group to develop and adopt continuous auditing
o Unrealistic expectations of the benefits of continuous auditing
• Technical Challenges
o Access to all relevant data in a timely manner
o Accumulating and quantifying the risks and the exposures that have been identified
o Defining the appropriate analytic that will effectively identify exceptions to
controls
o Developing a suitable scoring/weighting mechanism to prioritize exceptions
o Balancing the costs and efforts of reviewing large volumes of exceptions against
the exposures of the exceptions themselves
• A general template that a steering team or the internal audit function can use:
1. Evaluate the overall benefit and cost
2. Develop a strategy
3. Plan and design
4. Implement continuous auditing
5. Performance monitoring

Question-2

What is Computer-Assisted Audit Techniques and what are the major two approach used?
Solution
Computer-Assisted Audit Techniques (CAATs) is an imperative tools for auditors to conduct
an audit in accordance with heightened auditing standards.
Generally Accepted Auditing Standards (GAAS) are broad guidelines regarding an auditor’s
professional responsibilities.Information Systems Auditing Standards (ISASs) provides
guidelines for conducting an IS/IT audit (issued by ISACA).
According to the Institute of Internal Auditors’ (IIA) professional practice standard section
1220.A2, internal auditors must consider the use of computer-assisted, technology-based audit
tools and other data analysis techniques when conducting internal audits.

➢ Use CAATs in Auditing Systems


➢ Two approaches:
• Auditing around the Computer (the Black-Box Approach)
o The advantage of this approach is that the systems will not be interrupted for
auditing purposes. The black-box approach could be adequate when automated
systems applications are relatively simple.
• Auditing through the Computer (the White-Box Approach)
o The white-box approach requires auditors to understand the internal logic of the
system/application being tested.
o The auditing through the computer approach embraces a variety of techniques:
▪ The test data technique uses a set of input data to validate system
integrity.
▪ Parallel simulation attempts to simulate the firm’s key features or
processes.
▪ The integrated test facility (ITF) approach is an automated technique
that enables test data to be continually evaluated during the normal
operation of a system
▪ Embedded audit module is a programmed audit module that is added to
the system under review
➢ Generalized Audit Software (GAS)
o Frequently used to perform substantive tests and is used for testing of controls
through transactional-data analysis.
Chapter – 16 (1 question)
The Balanced Scorecard is a strategic planning and management system that is used extensively
in business and industry. It aligns business activities to the vision and strategy of the organization,
improves internal and external communications, and monitors organization performance against
strategic goals.

1- Explain the Balanced scorecard ant its four perspectives


2- Explain the above statement showing the steps necessary to plan, implement, and monitor
performance
3- Describe how an AIS system/ IT contributes to a Balanced Scorecard management process

Solution
Part -1
The Balanced Scorecard is a strategic planning and management system.Used extensively in
business and industry, government, and nonprofit organizations worldwide. Aligns business
activities to the vision and strategy of the organization. Improves internal and external
communications and Monitors organization performance against strategic goals
➢ Four Perspectives
• Learning and Growth Perspective: Describes the firm’s objectives for improvements in
tangible and intangible infrastructure.
o Human Capital – investment in people.
o Information Capital – investment in information.
o Organization Capital – investment in creating a unique corporate identity and
culture.
• Process Perspective
o Operations management processes, such as supply, production, distribution, and
risk management.
o Customer management processes, such as those involved with the selection,
acquisition, and retention of customers, and growth of the firm’s market.
o Innovation processes, such as identifying opportunities, research and
development, product design and development, and product launch.
o Regulatory and social processes, such as financial reporting, accounting, and
those that manage environmental, safety and health, employment, and community
issues.
• Customer Prospective
o The value proposition differentiates from the competition.
o Product attributes.
▪ Price.
▪ Quality.
▪ Availability.
▪ Function.
o Service attributes.
o Brand image.
o Creates customer satisfaction, retention, and new customer acquisition
• Financial Prospective
o Confirms the success of the firm’s investments and its ability to deliver value to
customers.
• Overall objective is shareholder value (for-profit companies).
• Other objectives usually related to:
o Long-term growth.
o Productivity.

Part 2- The steps necessary to plan, implement, and monitor


performance:
1. Formulate. The company examines its competitive
environment and identifies ways in which it can best compete
consistent with its mission, vision, and values.
2. Translate. The company establishes specific objectives,
measures, targets and initiatives, and develops capital,
initiative, and other long-term budgets to guide resource
allocation and action according to its strategy.
3. Link to operations. The company prepares operating budgets,
prioritizes business process improvements, and key
performance indicators. At this point it establishes necessary
IT systems to support strategic business processes as well as
management reporting and review capabilities.
4. Monitor. The company monitors performance to ensure
processes are meeting objectives and provides feedback to
operating managers to continuous improvement.
5. Adapt. The company evaluates the effectiveness of its
strategy, conducts profitability analytics, tests the cause-and-
effect assumptions of the strategy, and identifies potential
alternatives.
Part 3- Describe how an AIS system/ IT contributes to a Balanced Scorecard
management process

• IT has an important role in implementing and managing the balanced scorecard


management process
• Provides information to support strategy formulation
• Provides processing to develop and distribute budgets for strategy execution
• Collects data and converts to information to assess performance against strategic
objectives and allow ongoing management
Example of AIS used
• Executive dashboards
• Business intelligence systems
• Business analytics
• Enterprise IT for transaction processing
• Budgeting systems
• Communication and collaboration system
Chapter – 17 (one question)
IT projects require large amounts of capital and selecting one project often means foregoing
others. Furthermore, IT projects often involve changes in business processes that will affect
substantial portions of the organization
1. Explain potential benefits of IT initiatives and how to evaluate them
2. Describe potential risks of IT initiatives and corresponding risk mitigation
techniques
Solution
Explain potential benefits of IT initiatives and how to evaluate them
Once the opportunities for improvement are identified and alternative soutions are proposed,the
project team next assesses the potential benefits of each alternatives and benefits should be
mesuarable in financial term:
1. Revenue enhancement—creating all new sales opportunities, such as e-commerce
capabilities to extend the firm’s market
2. Revenue protection—protecting existing revenue streams. For example, a data
encryption system protects the loss of customers data and encourage customers to share
data
3. Cost savings—opportunities to modify business processes to reduce low value-added or
manually intensive activities, to improve capabilities to manage assets to increase
efficiencies, or to reduce errors. For example, improving inventory management
information allows reduced inventory investments
4. Cost avoidance—opportunities to modify business processes to avoid cost increases in
the future such as installing current sofware that will accommodate changes to
international financial reporting standards when requied.
Note that the benefits should be mesured in comparison to the revenues and costs that will occure
if IT initiative is not implemented. These revenues and costs can be different that current levels
of revenues and costs.The project team must estimate the amount and timimg of future benefits
for a number of reasonable alternative situtaion without complete information.There are
severals approach that can be used to quantify expected benefits:
➢ Simulation using simulation software to test the impact of a change in a key performance
indicator on the firm’s financial statements under a variety of assumptions to establish the
likely benefits
➢ Expert Opinion: consulting with experts to establish the likely benefits or the probability
of achieving a particular level of benefits.
➢ Real Option theory: using sophisticated financial technique that compare the probability
of achieving benefits with an investment against the benefits of not making that
investment
➢ External benchmarks: using the actual experience of the other firms that made
investments in similar context to estimate the likely benefits

Describe potential risks of IT initiatives and corresponding risk mitigation techniques

➢ Alignment risk—the solution is not aligned with the strategy of the firm.
➢ Solution risk—the solution will not generate projected benefits.
➢ Financial risk—the solution will not deliver expected financial performance.
➢ Project risk—the project will not be completed on time within budget.
➢ Change risk—the firm or part of the firm will not be able to change.
➢ Technological risk—the technology will not deliver expected benefits

IT Initiative Risks Risk Mitigation Examples


Alignment Risk Use the Balanced Scorecard Framework to assess
the link to strategy
Solution Risk Use sensitivity analysis to consider likely alternative
benefit levels
Financial Risk Interview other users of similar IT; follow a
structured Balanced Scorecard Management Process
Project Risk Assure active top management support for the
project
Change Risk Conduct training and create employee incentives for
successful use of the new IT
Technological Require hardware and software vendors to
Risk demonstrate that their systems can meet
requirements
Information Security determines as the process of protecting information and information assets,
to preserving confidentiality, integrity, and availability of information (ISO17799, 2004). It is a
major issue for businesses, their clients and the public. From 1997 to 2001, U.S. organizations
spent over $2.5 trillion on information technology, nearly double the amount than the previous
five years.
Write a report on Information security to be raised to your manager, in no more than 1000
words, you should cover the following issues:
1- What is Information security.
2- The goal of information security management
3- Describe the risks and attacks related to information security and systems integrity.
4- Distinguish between the concepts of encryption and authentication.
5- Common computer frauds.

Information Security: What Is It?

Information security describes the steps required to safeguard the privacy, accuracy, and accessibility of
data and information. Data security encompasses safeguarding it from unauthorized access, theft, loss,
or damage in addition to maintaining its accuracy and accessibility. Network security, data encryption,
access management, and data backup and recovery are just a few of the many topics covered by
information security.

The goal of information security management


The goal of information security management is to ensure that an organization's information assets are
protected from unauthorized access, theft, loss, or damage. Information security management is a
continuous process that involves the development, implementation, and maintenance of security
policies, procedures, and practices. The objective is to minimize the risk of information security incidents
and to manage them effectively when they do occur. Information security management is crucial for
maintaining the confidentiality, integrity, and availability of sensitive information, as well as for ensuring
compliance with regulatory requirements and industry standards.

Risk and Attack

Information security and system integrity are subject to a variety of dangers and assaults. The following
are some of the most typical:

Malware is malicious software that aims to disrupt, harm, or infiltrate a network or computer system.

b. Phishing is the practice of pretending to be a reputable organization in order to fool people into giving
over important information, such as usernames, passwords, or credit card numbers.
c. Denial of Service (DoS) attacks entail flooding a network or server with traffic in an effort to prevent
users from accessing it.

Insider risks are dangers posed by those who work for an organization and have access to confidential
information and may use it improperly or disclose it.

e. Ransomware is a category of malware that encrypts data on a victim and demands money in return
for the key to unlock the data.

Distinguish between the concepts of encryption and authentication

Information security must include both encryption and authentication. Encryption is the process of
encrypting data so that anyone without the necessary decryption key cannot read it. Encryption is
frequently used to secure communications over the internet, including online banking and e-commerce,
and to protect sensitive data both in transit and at rest.

On the other hand, authentication is the process of confirming a user's or system's identification.
Typically, passwords, biometric data, or digital certificates are used to authenticate users. Making sure
that only authorized people or systems have access to sensitive information is the aim of authentication.

Common Computer Frauds

The term "computer fraud" describes the use of technology to carry out fraudulent acts. Typical forms of
computer fraud include:

a. Identity theft, which is when someone steals another person's personal data, including their social
security number, date of birth, or credit card information, in order to commit fraud.

b. Phishing is the practice of convincing people to provide sensitive information, such as usernames,
passwords, or credit card numbers, by pretending to be a reputable organization.

c. Malware: Using malicious software to break into a network or computer system.

d. Demanding payment in advance for a service that will never be provided is known as advance fee
fraud.

Fraudulently listing items or services in online auctions in order to get paid without providing the
advertised goods or services.

You might also like