Presentation is loading. Please wait.

Presentation is loading. Please wait.

8/2/2006Prelimary – do not quote1 Transaction Objects, Control Objects, Control tags and Tags Dynamics Miklos A. Vasarhelyi Rutgers University.

Published byHarry Oxendine Modified over 9 years ago

Similar presentations

Presentation on theme: "8/2/2006Prelimary – do not quote1 Transaction Objects, Control Objects, Control tags and Tags Dynamics Miklos A. Vasarhelyi Rutgers University."— Presentation transcript:

1 8/2/2006Prelimary – do not quote1 Transaction Objects, Control Objects, Control tags and Tags Dynamics Miklos A. Vasarhelyi Rutgers University

2 2 Outline Introduction Transaction Objects Control Objects Control tags Tags Dynamics Conclusions

3 8/2/2006Prelimary – do not quote3 Introduction

4 4 The evolving environment WEB services create a set of anonymous cooperating processes Transactions are complex virtual entities that can assume many forms and can be modified by sequential processes Transactions can be routed along processes and modified by these processes Data structures are being progressively balkanized Transactions, databases, and processes can cooperate in forms that are bizarre under traditional systems designs

5 5 Introduction The emergence of digital business measurement and document processing has changed fundamentally business processes Control measurement has been interpreted as control documentation XBRL/FR deals with the reporting tail end of the process XBRL/GL allow for a more granular data structure There are major conceptual needs in this world

6 6 Conceptual needs Transactions must be defined with unique characteristics relative to type (objects) Controls must be describable, measurable, monitorable, and combinable Transaction x control clusters must be definable and measurable Transactions must have some form of accuracy (quality) parameter and this parameter must be related to its entailing processes Transactions must have security mechanisms to ensure their integrity

7 7 Basic Elements Business process Transaction Control Database Events Procedures and Flows

8 8/2/2006Prelimary – do not quote8 Transaction Objects

9 9 What is a transaction? Is a unique record transmitted among processes? Is a record that is modified in a sequence of processes? Is a single record of a database? Is a basic atom of certain XML derivative languages? Is a matching unit of an XBRL/GL taxonomy?

10 10 Customer database Product database Sales person database Client Items Sold Client Management Process Client database Sales person A process generates a transaction that has 97% reliability The best estimator is that the transaction is 97% reliable What does that mean? Automatic confirmation Data entry edit - lookup Management Control Bad database item Bad data entry Correct form, entry but fallacious transaction due to other process fault Not delivered Client cannot pay Product defective Broken in transit Client changed mind Product bad

11 11 Transaction objects Must be defined when a process is conceived Have object characteristics, attributes, defined behaviors, and inheritance algorithms Have to have defined their interaction with other processes Are affected by controls and processes and events

12 8/2/2006Prelimary – do not quote12 Control Objects

13 13 Control Objects There are many types They have unique attributes such as transactions They modify business processes and transactions The control object can be part of a transaction, part of a BP, encompass several business processes May be linear, layered, amorphous, sequential, parallel, etc…

14 14 Types of Controls – Summary I. AUTHORIZATIONS II. VALIDITY III. POPULATION AND TRANSFER CONTROLS IV. PROCESS CONTROLS V. COVERAGE Va. SEGREGATION V.b SUPERVISION V.c RULES AND PROCEDURES V.d INSURANCE VI. ACCESS VII. AUDIT (ex-post analysis) VIII. COMPLIANCE WITH GAAP

15 15 Types of Errors I. PROCEDURAL ERRORS II. COMPUTATION ERRORS III. ACCOUNTING ERROR IV. INTEGRITY ERROR V. TIMING ERROR VI. GAAP ERROR VII. IRREGULARITIES VIII. LEGAL ERRORS IX.MISCELLANEOUS MANAGEMENT ERRORS

16 16 COSO and continuous monitoring

17 17 "An internal control procedure (ICP) is a single control measure such as the checking of a control total." (Cushing [1], p.25) [1] Controls are seldom used in isolation and may entail anything from one procedure with many functions (such as supervision) to a precise numerical check. It is necessary, therefore to define and relate internal controls, and groups of controls. "An Internal Control Cluster (ICC) consists of one or more internal control procedures related to one or more types of error or activity, while an internal control system (ICS) is a set of ICCs that constitute a particular cycle of the business organization." (Vasarhelyi, op. cit., p. 43)

18

19

20 8/2/2006Prelimary – do not quote20 Control tags

21 21 Definition XML derivative tagging with a new type of tag, the control tags that incorporate specific control information on items of information.

22 22 Types of Control Tags 1) reliability related tags that specify the reliability of the item being measured at its most basic it entails the reliability of the control process that has generated the transaction 2) control aid tags tags that serve to leave behind tracer information on the datum processing (cookie crumbs), tags that record processes that the transaction was submitted, tags that contain other control information, and a mixture of the above.

23 23 Reliability control tags An ongoing assessment of the reliability of the control processes that generate a transaction is made. This measurement is carried with the transaction If it is subject to other processes, this reliability assessment is changed

24 24 Control tags, cookie crumbs and digital IDs Consolidation Financial statements Subsidiary 2 Financial statements Subsidiary 3 Financial statements Subsidiary 1 Financial statements Assurance station DID1 DID6 DID5DID4 DID2 DID3 Financial Intermediary Financial statements analysis DID7 DID8 DID9 Dynamic control spots with cookie crumb collection

25 25 Tracer related control tags (cookie crumbs) Tags carry a unique identifier of the transaction that is encrypted This identifier is deposited in tracer receptacles across the transaction path Public x private encrypting schema are used to verify transaction paths

26 26 Path recording control tags Transactions record its path by collecting process DIDs and carrying them encrypted Alternatively these may be deposited in a third party safe Web site and a pointer carried Information about the crypt decoding key / method is carried by the transaction as a tag

27 27 Information Control Tags Contain other control related information that could entail Organizational placement and hierarchies Reliability change related information Name of the DLA assuror, e.g. KPMG Outsource related agreements

28 8/2/2006Prelimary – do not quote28 Tags Dynamics

29 29 Followups Client database orders database Price- product database transaction database Process 1 Pre-sales Processes l Complementary products Salespeople- entities leads Sales Processes Provisioning processes Cash Collections Receivables client

30 8/2/2006Prelimary – do not quote30 Conclusions

31 31 Conclusions The balkanization financial information distribution creates serious integrity concerns One must create a new conceptualization to understand and represent the elements of business processes Control tags associated to XML derivative transactions can deal with many of these problems Substantial investments on the standards, their implementation into software, and their conceptualization must be made

32 32 Conclusions 2 Transactions and controls are object types with unique characteristics related to their types They have to be unique in type and measurable They are denominated in clusters and procedures They are modified across the life-cycle of the busines process elements

Download ppt "8/2/2006Prelimary – do not quote1 Transaction Objects, Control Objects, Control tags and Tags Dynamics Miklos A. Vasarhelyi Rutgers University."

Similar presentations

Audit Evidence Week 11.

Audit Evidence Week 11.
Configuration management

Configuration management
Understanding Audit Reports

Understanding Audit Reports
Presented to the Tallahassee ISACA Chapter

Presented to the Tallahassee ISACA Chapter
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Chapter 16 General Ledger and Reporting System Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 16-1.

Chapter 16 General Ledger and Reporting System Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 16-1.
WILL BIG DATA CHANGE EVERYTHING IN ACCOUNTING AND AUDITING? Miklos A. Vasarhelyi Rutgers University.

WILL BIG DATA CHANGE EVERYTHING IN ACCOUNTING AND AUDITING? Miklos A. Vasarhelyi Rutgers University.
Sustainable Energy Systems Overview of contractual obligations, procedures and practical matters KICK-OFF MEETING.

Sustainable Energy Systems Overview of contractual obligations, procedures and practical matters KICK-OFF MEETING.
Theoretical Structure of Financial Accounting

Theoretical Structure of Financial Accounting
Implementing Continuous Auditing in a Global Real Time Economy Miklos A. Vasarhelyi KPMG Professor of AIS Rutgers University Technology Consultant AT&T.

Implementing Continuous Auditing in a Global Real Time Economy Miklos A. Vasarhelyi KPMG Professor of AIS Rutgers University Technology Consultant AT&T.
Accounting Information Systems Chapter Outlines

Accounting Information Systems Chapter Outlines
Principles of Information Systems, Seventh Edition2 An organization’s TPS must support the routine, day-to- day activities that occur in the normal course.

Principles of Information Systems, Seventh Edition2 An organization’s TPS must support the routine, day-to- day activities that occur in the normal course.
Lecture Nine Database Planning, Design, and Administration

Lecture Nine Database Planning, Design, and Administration
General Ledger and Reporting System

General Ledger and Reporting System
Configuration Management

Configuration Management
1 An Evidential Reasoning Approach to Sarbanes-Oxley Mandated Internal Control Assessment Lili Sun, Rutgers University Rajendra Srivastava, The University.

1 An Evidential Reasoning Approach to Sarbanes-Oxley Mandated Internal Control Assessment Lili Sun, Rutgers University Rajendra Srivastava, The University.
Handouts Software Testing and Quality Assurance Theory and Practice Chapter 11 System Test Design ------------------------------------------------------------------

Handouts Software Testing and Quality Assurance Theory and Practice Chapter 11 System Test Design
Information Systems Controls for System Reliability -Information Security-

Information Systems Controls for System Reliability -Information Security-
Chapter 4 Internal Controls McGraw-Hill/Irwin

Chapter 4 Internal Controls McGraw-Hill/Irwin
CHAPTER 6 ELECTRONIC DATA PROCESSING SYSTEMS

CHAPTER 6 ELECTRONIC DATA PROCESSING SYSTEMS

Similar presentations

Ads by Google