Update learningProgress.htm

Develop assurance objectives for risks of information systems

Consider PCAOB's Auditing Standard 5 (AS5), which superseded AS2

1. How do AS2 and AS5 differ?
2. What prompted the changes?

Represent business processes graphically and make inferences from graphical representations as a means to understand business situations sufficient to:

1. Develop assurance objectives for risks of information systems

Represent business processes graphically

1. Consider a business process diagram (BPD) for the Warranty Call Center case. Not all the process elements were explicitly stated.
   1. Where do they come from?
      1. The business situation, e.g., narratives or conversations
      2. Data definitions
      3. The data
      4. Other materials, if any
      5. Common knowledge about the situation or processes
      6. Inferences about processes supporting the above
   2. From the potential process elements identified above, which ones do you include? Include ones that:
      1. Pertain to the objectives of the audit or analysis that will be conducted through querying
      2. Support querying nuances
      3. If specified, categorize risks as "included" or "not included"
2. Consider the Wireless Billing case.
   1. What potential process elements emerge from each of the sources?
   2. Which ones to you include in the BPD and why?

Warranty Call Center case

1. Business situation
2. Database
3. BPD

Wireless Billing case

1. Business situation
2. Database

Business process modeling

1. Introduction to BPMN
2. Business Process Modeling Notation Version 1.0 May 3, 2004 (2.6MB)
3. Flowcharting in Excel. In Excel 2007, the drawing symbols are available from the Insert tab (to the right of the Home tab) under Shapes.

1. Answer practice questions.
2. Based on the question results, what do you need to do to prepare for next week's quiz?

Wireless Billing case

1. Business situation
2. Database

Consider the implications of graphical representations of business processes

1. Why do we need yet another format for representing business processes?
2. How is BPMN similar to/different from earlier graphical notations such as flowcharting and data flow diagramming? What prompted its creation?
3. Of the software that is readily available for preparing BPMN representations, which should we use? Excel? Visio? Something else?
4. Evaluating internal control (Krishnan et al. 2005)
   1. Could graphical representations facilitate identifying:
      1. Key controls? pp. 309-310
      2. Effective and efficient sets of key controls? pp. 310
   2. Why does the span of a control matter? pp. 310-312
   3. Why is identifying effective and efficient sets of key controls such a hard problem? Why is there such variability in experienced auditors' selection of key control sets? pp. 320-323
   4. How could auditors use an automated means of modeling controls? p. 320-323

1. Introduction to BPMN
2. Business Process Modeling Notation Version 1.0 May 3, 2004 (2.6MB)
3. Krishnan et al. 2005. On data reliability assessment in accounting information systems. Information Systems Research 16(3): 307-326

1. Represent business processes as a means to understand business situations sufficient to:
   1. Develop assurance objectives for risks of information systems
2. Implement assurance procedures with software tools
3. Communicate assurance results

1. Complete Wireless Billing case report
   1. Analyze the wireless billing situation to complete this report, which includes a link to a version of the database that would contain your queries, to:
      1. Detect errors, if any, in the billing
      2. Identify less expensive calling configurations, if they exist
         
   2. In your GSU web space, publish:
      1. The analysis with the filename:

         05-wirelessAnalysis.htm

      2. The database containing your queries with the filename:
         
         05-wirelessQueries.mdb
         
         Before publishing the database, compact it so that it takes less disk space. A smaller file will load faster too! Verify that your files can be viewed through the link on the learning progress page.
         
         If your database link got corrupted, e.g., through saving 05-wirelessAnalysis.htm across folders, remove all the path for the link except the filename 05-wirelessQueries.mdb: In Word, highlight the name of the link | Insert | Hyperlink | [edit the path].
         
         The report is worth half the points for the Wireless Billing case.
         
         
2. Prepare to answer questions about the case in next week's quiz. By case, ways to practice querying and making inferences are:
   
   
   1. Car maker/Car dealer case
      1. Perform the querying for the case. Repeat the querying until you can query the database without referring to the explanations in the "Query creation" links.
      2. Answer the questions in uLearn about the case. Think about the structure and logic of the questions until you can answer them independently. Imagine similar questions in the context of the Warranty Call Center case. The question structure and logic are important because the Warranty Call Center case questions have similar structure and logic.
         
         
   2. Warranty Call Center case
      1. Develop query objectives
      2. Query the database to satisfy the query objectives.
         
         For help with query objectives and query sequences, see the uLearn quiz Warranty Call Center practice. A database with queries is available in a discussion post.
         
         
   3. Wireless Billing case
      1. Imagine analogs in the Wireless Billing situation to the questions in the Car maker/Car dealer and Warranty Call Center cases

Wireless Billing case

1. Business situation
2. Database

Consider the difference between auditors having a choice about evaluating internal control (pre-SOX) and being required to evaluate internal control (post-SOX)

1. What prompted the shift? Was the shift an over reaction to events in 2002 such as Enron and WorldCom?
2. How does information technology change the nature of internal control compared to internal control based on manual procedures?
3. How does an auditor go from identifying a potentially relevant internal control to placing audit reliance on it? Hint: Remember the examples in Auditing Standard No. 2.
4. How do you test internal controls in highly automated situations? Example of change control (begin at "we've identified our key controls".
5. How do auditors know they have tested the right "key controls"? (cf. Krishnan et al. 2005)

1. Pre-SOX internal control summary
2. Post-SOX
   1. Hunton pp. 1-18
   2. PCAOB site:
      1. Auditing Standard No. 2
      2. Policy Statement Regarding Implemen-tation of Auditing Standard No. 2
      3. Auditing Standard No. 5
   3. Example of change control
   4. Krishnan et al. 2005. On data reliability assessment in accounting information systems. Information Systems Research 16(3): 307-326

Prepare questions about the Eticket case

1. Eticket situation
2. Auditing standards:
   1. Pre-SOX: AU326
   2. Post-SOX: SAS 106
3. Krishnan et al. 2005. On data reliability assessment in accounting information systems. Information Systems Research 16(3): 307-326