- What is segregation of duties and why is it a commonly used control? Give an example of two (e.g. IT) roles that should be segregated?
- Security in an ERP system (e.g. SAP) is complex. What is the most fuzzy, difficult to understand component? Explain
- What key (1-2) competencies does the person responsible in a company for security (e.g. for a given process) need to have to be successful? Why?
- All companies are dynamic entities with employees and others using systems coming and going all the time. What best practices have you experienced or would you recommend for managing system users and their related security access?
Week 9 Questions
- Do you believe businesses rely too much on administrators to configure the security protocols in programs like SAP, rather than look for security in the entire network? Explain
- What is the relevance of only being able to have one posting period open at a time for real time financial postings? What does this prevent from happening?
- Consider the list of financial and accounting controls discussed in class. Rank them. Which to you believe is the most important, the least. Why?
- You’ve used various computer systems in your lifetime, career. System security is complex and often maligned as cumbersome, difficult, bureaucratic, etc. Have you seen these problems in your experience? Explain
- As we’ve seen in the P2P and OTC Processes many different often non-financial business functions are involved with ERP system transactions that post to accounting records. If you are responsible for Finance / Accounting controls for your company how would you manage the risks coming from these non-Financial function jobs?
- As we continue to learn about business processes and ERP systems we often discuss financial or account related terms and concepts. How much finance and accounting knowledge should IT personnel supporting business applications know and learn? Explain
- Controls are important to financial and accounting processes. What would be different in the controls of a purely domestic US company vs. an international company? Give 1 – 2 specific examples.
- How important is it for people responsible for general I/T controls (e.g. Network, workstation, Server and data base security) to know about how the ERP system works? What is one (1) specific thing they should know?
- Assume you’re an outside organization with goal to cause negative things to happen to an organization’s Order to Cash (OTC) process. Where would you attack it? Explain Why and How
- Who in an organization should care more about the collections process – Finance or Sales? Explain
- Controls are important in all the OTC processes including invoicing and collections. What would be different in the controls of a purely domestic US company vs. an international company? Give 1 – 2 specific examples.
- You’ve now seen the entire Order to Cash (OTC) Process. If you were responsible for the controls of this process – what would keep you up at night (e.g. be your area of most concern)? Explain
- Using the Fraud Triangle analyze the ‘One Piece at a Time’ video scenario and explain how the environment was favorable to Fraud.
- Assume the ‘One Piece at a Time’ video scenario could happen. If you are the operations manager responsible for the assembly line, what 1-2 key controls would you implement? Explain how the control addresses the risk.
- Controls are important in all the OTC processes including shipping. What would be different in the controls of a purely domestic company vs. an international company? Give 1 – 2 specific examples.
- As consumers we encounter (knowingly and unknowingly) inventory controls all the time (e.g. locked jewelry cases). What are 1-2 less obvious inventory control measures used. Are these measures effective?
- As customers we experience various company’s order to cash process (OTC) whenever we buy something. Which company do you believe has a ‘great’ OTC process? Why?
- Which portion of the Order to Cash (OTC) process do they see as the most vulnerable to theft, fraud or failure of some kind? Explain.
- Who in a company should be responsible for the controls of that company’s Order to Cash (OTC) Process? Why?
- What key (1-2) competencies does the person responsible in a company for the Order to Cash (OTC) need to have? Why?
- The concept of ‘Assertions’ is important to accountants. Who else is it important to? Why?
- In class we discussed several dimensions of Management Assertions. Which do you believe is the most important? Why?
- Have you ever:
– Been victim of Fraud?
– Had evidence of, suspicions of fraud occurring?
– Been pressured (e.g. by an employer) to commit an act that was morally or legally questionable?
- Which portion / step of the Procure to Pay process do they see as the most vulnerable to theft, fraud or failure of some kind? Explain
- Corporate Shared Services
- 4 Divisions:
- North America [including: Canada], South America
- Eastern/Western Europe
- Role of:
- Board of Directors
- Audit Committee
- Internal Audit
- External Audit [Arthur Anderson]
- C-Level Suite [i.e. CEO, CFO, CIO, COO, etc.]
- Big 4 [EY, PwC, KPMG, D&T] Services Rendered:
- Audit Assurance
- Actuarial Services
- Information Security
- Due to Enron / WorldCom Big 4 cannot cross-sell
- Corporate Fiduciary Responsibility
- Role of Compliance / Operational Risk
- Role of Audit
- Role of General Counsel [Legal]
- Todays Role of C-Level Suite
- Post Sarbanes-Oxley, CIO signs off on Annual Report
- Describe a business process you have experienced (either as an external or internal participant) and what your role was.
- The Sabanes-Oxley Act in the US and many similar laws in other countries were enacted as result of high profile control failures. Are these laws a sufficient reaction to the failures or are they an overreaction? Explain.
- In your own words, how would you define a control environment?
- Describe a real life example of a company’s profitability-driven controls. What are the differences between a compliance-driven vs. a profitability driven control?
Attacheddocument contains feedback from prior classes on these questions:
Why Should I Take this Course? (What Key Things will I Learn?)
What Should I do to Assure Getting a Good Grade in this Course?
Note: Items I heard more often are bolded and made larger (larger means more commonly shared).