Management Information System

Section A, Group 4
Adithya Shankar 10P005
Manali Subramanian 10P026
Milind Agrawal 10P030
Nalamati Laxman Siddharth 10P032
Rajat Gupta 10P042
Vaibhav Goyal 10P058
Management Information System Term 3

Table of Contents
INDUSTRY ANALYSIS................................................................................................................................3
Accounting Audits................................................................................................................................3
Audit Industry in the USA....................................................................................................................4
Porter’s Five Forces in Audit Industry..................................................................................................5
DELOITTE.................................................................................................................................................6
Mission................................................................................................................................................6
Vision...................................................................................................................................................6
Shared Beliefs......................................................................................................................................6
SARBANES-OXLEY ACT.............................................................................................................................7
History and context: events contributing to the adoption of SOX.......................................................7
Effects on exchange listing choice of non-US companies....................................................................9
CRITICAL SUCCESS FACTORS..................................................................................................................10
CRITICAL DECISION SET..........................................................................................................................11
CRITICAL INFORMATION SET.................................................................................................................12
STATEMENT ON AUDITING STANDARDS 99...........................................................................................13
SAS 99 Guidelines..............................................................................................................................13
DELOITTE AUDIT....................................................................................................................................14
Tabs for testing..................................................................................................................................14
1. Reconciliation............................................................................................................................14
2. Population summary..................................................................................................................16
3. Trend Graphs.............................................................................................................................16
4. General Analysis & Characteristics.............................................................................................17
5. Analysis of journal entries..........................................................................................................18
6. Analysis of accounts...................................................................................................................19
7. Income Statement Analysis........................................................................................................21
8. Selections...................................................................................................................................22
References.................................................................................................................................................24

Term 3: Section A, Group 4 Page 2

 d
o
n
s
u
a
e
t
i
r
C
ti
Management Information System

INDUSTRY ANALYSIS
Accounting Audits
Term 3

Accounting audits are conducted to perform an assessment of a system’s internal control. Audit
certifies an organization on its hygiene factor. Accounting audit’s purview extends only to the
assessment of the company’s financial statements. Methods based on statistical sampling are
generally used in auditing activities. In the case of financial audits, a set of financial statements
are said to be true and fair when they are free of material misstatements - a concept influenced
by both quantitative (numerical) and qualitative factors. Audits can be primarily classified into
internal audits and external audits.

Internal auditing is an independent, objective assurance and consulting activity designed to add
value and improve an organization's operations. This activity helps the organization maintain
control over its risk management, internal and governance processes. Professionals called
internal auditors are employed by organizations to perform the internal auditing activity.
Internal auditing involves focus on topics such as the efficacy of operations, the reliability of
financial reporting, deterring and investigating fraud, safeguarding assets, and compliance with
laws and regulations and measuring compliance with the entity's policies and procedures.

Each audit finding within the body of the report may contain five elements, sometimes called
the "5 C's":

5 C's of Internal Auditing

Term 3: Section A, Group 4 Page 3

Management Information System Term 3

Internal Auditor’s Role in an Organization’s Value Chain

External Auditing is done by an audit professional who performs an audit in accordance with

specific laws or rules on the financial statements of a company, government entity, other legal
entity or organization, and who is independent of the entity being audited. Users of these
entities' financial information, such as investors, government agencies, and the general public,
rely on the external auditor to present an unbiased and independent audit report. External
auditors are generally appointed by the respective region’s regulator. In the United
States, certified public accountants are the only authorized non-governmental type of external
auditors who may perform audits and attestations on an entity's financial statements and
provide reports on such audits for public review.

Term 3: Section A, Group 4 Page 4

Management Information System Term 3

Audit Industry in the USA

The audit industry in the USA is an oligopoly and factors the “Big four” audit firms. They are:

 Deloitte
 PricewaterhouseCoopers
 Ernst & Young
 KPMG

Each “Big Four” firms is a network of individual smaller firms, owned and managed
independently. Common name, quality and brand is shared among each of these networks to
ensure strategic control in the audit industry.

Porter’s Five Forces in Audit Industry

In the wake of industry concentration and individual firm failure, the issue of a credible
alternative industry structure has been raised. The limiting factor on the growth of additional
firms is that although some of the firms in the next tier have become quite substantial, and
have formed international networks, effectively all very large public companies insist on having
a "Big Four" audit, so the smaller firms have no way to grow into the top end of the market.

Term 3: Section A, Group 4 Page 5

Management Information System Term 3

DELOITTE

Deloitte has been named in Fortune magazine’s prestigious list of “100 Best Companies to Work
For” in America for the fifth consecutive year. It is the only major professional services firm to
be included on the list for five years in a row. The ranking, which appears in Fortune’s February
4, 2002, issue, is based on an in-depth analysis of Deloitte’s culture, human resources practices,
and a random survey of the firm’s employees.

Term 3: Section A, Group 4 Page 6

Management Information System Term 3

Mission

To help our clients and our people excel. We are one of the world's leading business advisory
organizations. Our size, strength and resources will help us carry out our mission now and in the
future.

Vision

Deloitte Touche Tohmatsu is driven to be recognized as the best professional services firm in
the world. To achieve our vision, we are continuously growing and evolving our global
innovative services, which is creating exciting career opportunities for our people. The
employer you select will have a profound impact on your future. People who join us are
attracted to challenges, variety, and rapid advancement. If you are a high talent individual
seeking exciting career opportunities, continual challenge, and professional development - your
future lies with the firm.

Shared Beliefs

Shared beliefs are the underlying values that contribute to long - lasting success at Deloitte
Touche Tohmatsu. They are the foundation from which they make decisions and take action.
They are the fundamental principles that link their diverse practices, cultures, and functions
together. They are simple, yet make a powerful statement about what they value and how they
act individually and as a global firm.

 Commitment to Each Other

 Integrity
 Outstanding Value to Clients
 Strength from Cultural Diversity

SARBANES-OXLEY ACT
The Sarbanes-Oxley Act of 2002 (often shortened to SOX) is legislation enacted in response to
the high-profile Enron and WorldCom financial scandals to protect shareholders and the
general public from accounting errors and fraudulent practices in the enterprise.

The act is administered by the Securities and Exchange Commission (SEC), which sets deadlines
for compliance and publishes rules on requirements. Sarbanes-Oxley is not a set of business

Term 3: Section A, Group 4 Page 7

Management Information System Term 3

practices and does not specify how a business should store records; rather, it defines which
records are to be stored and for how long.

Sarbanes–Oxley contains 11 titles that describe specific mandates and requirements for
financial reporting. Each title consists of several sections, summarized below:

 Public Company Accounting Oversight Board (PCAOB)

 Auditor Independence
 Corporate Responsibility
 Enhanced Financial Disclosures
 Analyst Conflicts of Interest
 Commission Resources and Authority
 Studies and Reports
 Corporate and Criminal Fraud Accountability
 White Collar Crime Penalty Enhancement
 Corporate Tax Returns
 Corporate Fraud Accountability

History and context: events contributing to the adoption of SOX

A variety of complex factors created the conditions and culture in which a series of large
corporate frauds occurred between the year 2000 and 2002.

The spectacular, highly-publicized frauds at Enron, WorldCom, and Tyco exposed significant
problems with conflicts of interest and incentive compensation practices. The analysis of their
complex and contentious root causes contributed to the passage of SOX in 2002.

In a 2004 interview, Senator Paul Sarbanes stated:

The Senate Banking Committee undertook a series of hearings on the problems in the markets
that had led to a loss of hundreds and hundreds of billions, indeed trillions of dollars in market
value. The hearings set out to lay the foundation for legislation. We scheduled 10 hearings over
a six-week period, during which we brought in some of the best people in the country to
testify...The hearings produced remarkable consensus on the nature of the problems:
inadequate oversight of accountants, lack of auditor independence, weak corporate

Term 3: Section A, Group 4 Page 8

Management Information System Term 3

governance procedures, stock analysts' conflict of interests, inadequate disclosure provisions,

and grossly inadequate funding of the Securities and Exchange Commission.

 Auditor conflicts of interest: Prior to SOX, auditing firms, the primary financial "watchdogs"
for investors, were self-regulated. They also performed significant non-audit or consulting
work for the companies they audited. Many of these consulting agreements were far more
lucrative than the auditing engagement. This presented at least the appearance of a
conflict of interest. For example, challenging the company's accounting approach might
damage a client relationship, conceivably placing a significant consulting arrangement at
risk, damaging the auditing firm's bottom line.

 Boardroom failures: Boards of Directors, specifically Audit Committees, are charged with
establishing oversight mechanisms for financial reporting in U.S. corporations on the behalf
of investors. These scandals identified Board members who either did not exercise their
responsibilities or did not have the expertise to understand the complexities of the
businesses. In many cases, Audit Committee members were not truly independent of
management.

 Securities analysts' conflicts of interest: The roles of securities analysts, who make buy and
sell recommendations on company stocks and bonds, and investment bankers, who help
provide companies loans or handle mergers and acquisitions, provide opportunities for
conflicts. Similar to the auditor conflict, issuing a buy or sell recommendation on a stock
while providing lucrative investment banking services creates at least the appearance of a
conflict of interest.

 Inadequate funding of the SEC: The SEC budget has steadily increased to nearly double the
pre-SOX level. In the interview cited above, Sarbanes indicated that enforcement and rule-
making are more effective post-SOX.

 Banking practices: Lending to a firm sends signals to investors regarding the firm's risk. In
the case of Enron, several major banks provided large loans to the company without
understanding, or while ignoring, the risks of the company. Investors of these banks and
their clients were hurt by such bad loans, resulting in large settlement payments by the
banks. Others interpreted the willingness of banks to lend money to the company as an
indication of its health and integrity, and were led to invest in Enron as a result. These
investors were hurt as well.

Term 3: Section A, Group 4 Page 9

Management Information System Term 3

 Internet bubble: Investors had been stung in 2000 by the sharp declines in technology
stocks and to a lesser extent, by declines in the overall market. Certain mutual fund
managers were alleged to have advocated the purchasing of particular technology stocks,
while quietly selling them. The losses sustained also helped create a general anger among
investors.

 Executive compensation: Stock option and bonus practices, combined with volatility in
stock prices for even small earnings "misses," resulted in pressures to manage earnings.
Stock options were not treated as compensation expense by companies, encouraging this
form of compensation. With a large stock-based bonus at risk, managers were pressured to
meet their targets.

Effects on exchange listing choice of non-US companies

Some have asserted that Sarbanes–Oxley legislation has helped displace business from New
York to London, where the Financial Services Authority regulates the financial sector with a
lighter touch. In the UK, the non-statutory Combined Code of Corporate Governance plays a
somewhat similar role to SOX. The Alternative Investment Market claims that its spectacular
growth in listings almost entirely coincided with the Sarbanes Oxley legislation. In December
2006 Michael Bloomberg, New York's mayor, and Charles Schumer, a US senator from New
York, expressed their concern.

The Sarbanes–Oxley Act's effect on non-US companies cross-listed in the US is different on firms
from developed and well regulated countries than on firms from less developed countries.
Companies from badly regulated countries see benefits that are higher than the costs from
better credit ratings by complying with regulations in a highly regulated country (USA), but
companies from developed countries only incur the costs, since transparency is adequate in
their home countries as well. On the other hand, the benefit of better credit rating also comes
with listing on other stock exchanges such as the London Stock Exchange.

CRITICAL SUCCESS FACTORS

Besides many advantages, SOX solutions allow clients to address their IT control weaknesses by
targeting these critical success factors:

 Compliance is a Process, Not just a Project

Regulatory compliance should be a way of corporate life, not just a project with an end
state. It commands the ongoing expenditures and the staffing to be sustained.

Term 3: Section A, Group 4 Page 10

Management Information System Term 3

 Get Help and Build Relationships

Engage services of an IT partner who is experienced in SOX. External auditors don’t just
identify shortcomings in controls, but are also careful about consulting to alleviate risks.
Select a partner who has experience with external auditors, because it is important for all
parties to develop a positive working relationship. Open communication helps identify
problems early, ample time for remediation.

 Success Starts at the Top

Implementation of controls typically brings change to an organization. In order for change

to be positive and productive, direction needs to come from the top and be effectively
promulgated across the organization. Absence of an executive mandate or clear
communication from senior management will diminish acceptance of controls at lower
levels.

 Build Support Across the Organization

Allow those affected by controls to have input and commit to a positive outcome. Controls
are most effective if based on a clearly understood policy, responsiveness to departmental
issues, and specific benefits to each constituency. An educated organization will tend to be
less resistant with knowledge that controls are not arbitrary and benefits are shared.

 Get Control by Giving Control

Ask department heads to play a collaborative role in any areas of IT control which impact
them. This transparency promotes understanding and tends to demystify IT. It also
alleviates concerns about technology expenditures and actions, and helps align IT solutions
with organizational goals.

 Form an IT Steering Committee

A steering committee is the most direct way to foster IT-business alignment and keep all
organizational constituencies positively engaged. Old perceptions of IT dictating to the
organization can be dispelled and tuning IT alignment with constantly changing business
needs can be better achieved through frequent and formal steering committee
communications.

 Look for Ways to Benefit from Control

Term 3: Section A, Group 4 Page 11

Management Information System Term 3

External auditors will often use results of third-party testing such as that performed by
internal auditors. This can reduce audit expense and, more importantly, advance the
testing of controls to an earlier stage in the audit cycle—maximizing remediation time.
Internal audits should provide evidential matter, and rely on tools that make ongoing
compliance more efficient and cost effective.

 Get Control through Knowledge and Understanding

You cannot control what you cannot measure and you cannot measure what you do not
understand. Use the process documentation to elucidate the control testing roles and
responsibilities, and project lifecycle standardization to clearly define control requirements.

 Manage and Test Control Processes

The more controls are defined, the more testing is required. Define only a necessary
minimal number of “key controls” and test frequently too ensure they are working and
functional. Testing should yield “evidential matter”. If evidential matter isn’t being created,
the control isn't working.

CRITICAL DECISION SET

The Sarbanes-Oxley stocks compliance report helps the client in terms of decision support and
regulatory compliance needs. This kind of report can help the client with: 

 Enterprise data management and analysis needs

 Data management, trade and risk policy, practice and procedure development
 IT and operational audits
 Forward price forecasting
 Market intelligence
 Expert regulatory support

CRITICAL INFORMATION SET

A well-designed business intelligence system can aid in meeting compliance reporting
guidelines by sharing critical information with all members of an organization who need it in
easy-to-use reports and spreadsheets, and by providing a complete audit trail as to how these
reports and spreadsheets were generated.

Term 3: Section A, Group 4 Page 12

Management Information System Term 3

Also important is a data integration infrastructure that accesses the native data sources in an
efficient and optimal manner so as not to impact operational systems that also rely on these
data sources.

IT support functions that fall under the scope of a SOX compliance assessment include:

 Transaction processing control processes which directly alleviate identified financial

reporting risk. There are a few such controls in major applications in each financial
procedure, e.g. accounts payable, general ledger, payroll, etc.

 IT controls which support the assertion that programs act as intended and key financial
reports are dependable.

 IT operations controls, which ensure identification and correction of problems with

processing.

STATEMENT ON AUDITING STANDARDS 99

Statement on Auditing Standards No. 99- The consideration of fraud in a Financial Statement
Audit, commonly abbreviated as SAS 99, is an auditing statement issued by the Auditing
Standards Board of the American Institute of Certified Public Accountants (AICPA).

SAS 99 defines fraud as an intentional act that results in a material misstatement in financial
statements. There are two types of fraud considered:

Term 3: Section A, Group 4 Page 13

Management Information System Term 3

 Misstatements arising from fraudulent financial reporting (e.g. falsification of

accounting records)
 Misstatements arising from misappropriation of assets (e.g. theft of assets or fraudulent
expenditures)

The standard describes the fraud triangle. Generally, the three ‘fraud triangle’ conditions are
present when fraud occurs. First, there is an incentive or pressure that provides a reason to
commit fraud. Second, there is an opportunity for fraud to be perpetrated (e.g. absence of
controls, ineffective controls, or the ability of management to override controls.) Third, the
individuals committing the fraud possess an attitude that enables them to rationalize the fraud.

SAS 99 Guidelines

Characteristics of journal entries to be considered as fraudulent or potential sources of fraud as

per paragraph 61 of SAS99 Guidelines

 Entries made to unusual, unrelated or seldom-used accounts

 Entries made by individuals who typically do not make entries
 Entries recorded at the end of the period or as post-closing entries that have little or no
explanation or description

 Entries made either before or during the preparation of the financial statements that do
not have account numbers

 Entries that contain round numbers or consistent ending numbers

DELOITTE AUDIT

Deloitte Audit services provide audits and reviews of financial statements and reporting on
internal controls in accordance with applicable professional standards. The audits are planned
to be responsive to the assessment of the risk of material misstatement based on the
understanding gained of the organization and its environment, including its internal control.

It works closely with organizations, while maintaining an objective and independent attitude,
and encourages open communication during the course of the services. Insights regarding
matters that may affect an organization’s business are also provided.

Term 3: Section A, Group 4 Page 14

Management Information System Term 3

The global network of Audit and Enterprise Risk Services professionals at Deloitte provides a
range of audit and advisory services to assist clients in achieving their business objectives,
managing their risk and improving their business performance—anywhere in the world. Using
state-of-the-art tools enables Deloitte audit professionals to deliver the assurance service
quality and excellence.

Tabs for testing

1. Reconciliation

1.1. Balancing check

This test checks whether the journal entries net to $0 or not i.e. total debits equal total
credits. If there is a difference between the two values then the audit team needs to look
for the correctness of the data once again.

1.2. Reconciliation

This test performs reconciliation between the accounts on the trial balance file and the
journal entry file on the note line level by taking the help of the charts of account file. If
there is a difference at the note line level, the audit team needs to check the correctness of
the trial balance.

Term 3: Section A, Group 4 Page 15

Management Information System Term 3

2. Population summary

2.1. Population statistics overview

This test gives the values of the mean, median, mode, max and min values for the amounts
in the journal entry file. If the audit team thinks that the data shows some aversions from
the expected trend then they can mark those journal entries for Risk Based Sampling.

Term 3: Section A, Group 4 Page 16

Management Information System Term 3

2.2. Dollar stratification against MP

This test breaks down the amounts in the journal entry file in the multiples of the Monetary
Precision value provided by the audit team. If the concentration of journal entries is quite
high in one segment then this could be a potential source of fraud and the audit team might
want to look at this bracket of journal entries.

2.3. Top Line amount

This test gives the list of top 15 amounts. The audit team might be concerned of the
amounts are much more than expected.

3. Trend Graphs
This test gives a pictorial representation of the trends being observed in the journal entries
by the amounts and also the period of occurrence.

4. General Analysis & Characteristics

4.1. User Authorization

This test checks whether the user has posted journal entries on Sundays, Saturdays and all
other holidays when the client didn’t expect to enter any journal entries.

Term 3: Section A, Group 4 Page 17

Management Information System Term 3

4.2. Period end and post closing entries

If the user has posted any journal entries once the quarter has ended or before the starting
of a quarter then the audit team might want to check those journal entries.

4.3. Duplicate amounts

Duplicate line amounts to the same account is defined as: the same value more than XX
times in the same account over the test period with the same note lines on the counter-
balancing side of the entry. These lines will be considered for Journal Entry testing
selection.

5. Analysis of journal entries

5.1. Entries to unrelated accounts

The entries are divided into three categories:

 Entries to unrelated accounts
 Entries to related accounts

Term 3: Section A, Group 4 Page 18

Management Information System Term 3

 Entries to neither unrelated nor related accounts

5.2. Entries with blank or little description

Entries with blank description or with descriptions containing less than XX characters (based
on professional judgment) will be included in the pool of journal entries to be selected
based on a sample. The graph and table below show the statistics related to such entries.
The audit engagement team reviews the information below and decides on the selections of
audit interest.

5.3. Entries with recurring ending digits

Entry lines with recurring ending digits of audit interest are considered for journal entry
testing selections.

Term 3: Section A, Group 4 Page 19

Management Information System Term 3

6. Analysis of accounts

6.1. Seldom Used Accounts

Accounts with less than XX number of lines in a month are defined as "seldom used
accounts" based on professional judgment and understanding of the entity’s financial
reporting processes. The analysis below shows the statistics related to journal lines
recorded against such accounts.

Term 3: Section A, Group 4 Page 20

Management Information System Term 3

6.2. Unusual Accounts

Characteristics of audit interest pertaining to an account balance may consist of:

 Particular keywords in their names/descriptions ("MISC", "OTHER", and "TEST") or
blank account name/description;
 Particular unconventional account numbers.

The associated entries/lines will be considered for Journal Entry testing selection. The
analysis below shows the results of the search for keywords and unusual account numbers.

Term 3: Section A, Group 4 Page 21

Management Information System Term 3

7. Income Statement Analysis

7.1. Revenue Cut –Off: Large Credits to revenue Accounts just before quarter end

Credits to revenues for more than X% of PM within the last XX days before fiscal quarters
end are presented in the graph below, in two scatter plots by amount and effective date, for
Non-standard and Standard entries respectively. The audit engagement team may analyze
the information and decide whether to mark for 100% examination

Term 3: Section A, Group 4 Page 22

Management Information System Term 3

7.2. Large Credits to Income Statement Accounts Other Than Revenue

Large credits (above X% of PM) to income statement account balances other than revenue
are displayed in a scatter plot by amount and effective date below. This analysis can assist
in the identification of potentially significant increases to Net Income via inappropriate
reversal or capitalization of expenses.

8. Selections

Tab 8 contains all the selections made by the audit team for further investigation. This tab
includes 2 risk approaches.

1. Risk Based Sampling: These samples are selected by calculating their risk by using
PPS(Probability Proportionate to size) approach where the size is determines by the $
amount of the journal entry.

Term 3: Section A, Group 4 Page 23

Management Information System Term 3

2. 100% examination: These are the journal entries which are not marked for risk based
sampling. Audit team is sure to analyze these journal entries.

Term 3: Section A, Group 4 Page 24

Management Information System Term 3

References

1. "Deloitte nudges ahead of PwC as largest global firm".

2.  "Total network revenues rise. Advisory business returns to strong growth". PwC.
3.  "Ernst & Young reports fiscal year 2010 global revenues of US$21.3 billion". Reuters.
4.  "KPMG International Annual Review 2010". KPMG.
5.  Institute of Chartered Accountants in England & Wales: Firms' family trees
6.  Deloitte: Our domestic routes
7.  IIA Website-Standards
8.  IIA Website
9. Role of Internal Auditing in ERM
10.  KPMG Evolution of Risk and Control
11. Typical organization standards for external auditors
12. Discussion of the Sarbanes-Oxley Act in relation to external auditors

Term 3: Section A, Group 4 Page 25