1 / 32

Transaction Objects, Control Objects, Control tags and Tags Dynamics

Transaction Objects, Control Objects, Control tags and Tags Dynamics. Miklos A. Vasarhelyi Rutgers University. Outline. Introduction Transaction Objects Control Objects Control tags Tags Dynamics Conclusions. Introduction. The evolving environment.

quasar
Download Presentation

Transaction Objects, Control Objects, Control tags and Tags Dynamics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Transaction Objects, Control Objects, Control tags and Tags Dynamics Miklos A. Vasarhelyi Rutgers University Prelimary – do not quote

  2. Outline • Introduction • Transaction Objects • Control Objects • Control tags • Tags Dynamics • Conclusions

  3. Introduction Prelimary – do not quote

  4. The evolving environment • WEB services create a set of anonymous cooperating processes • Transactions are complex virtual entities that can assume many forms and can be modified by sequential processes • Transactions can be routed along processes and modified by these processes • Data structures are being progressively balkanized • Transactions, databases, and processes can cooperate in forms that are bizarre under traditional systems designs

  5. Introduction • The emergence of digital business measurement and document processing has changed fundamentally business processes • Control measurement has been interpreted as control documentation • XBRL/FR deals with the reporting tail end of the process • XBRL/GL allow for a more granular data structure • There are major conceptual needs in this world

  6. Conceptual needs • Transactions must be defined with unique characteristics relative to type (objects) • Controls must be describable, measurable, monitorable, and combinable • Transaction x control clusters must be definable and measurable • Transactions must have some form of accuracy (quality) parameter and this parameter must be related to its entailing processes • Transactions must have security mechanisms to ensure their integrity

  7. Basic Elements • Business process • Transaction • Control • Database • Events • Procedures and • Flows

  8. Transaction Objects Prelimary – do not quote

  9. What is a transaction? • Is a unique record transmitted among processes? • Is a record that is modified in a sequence of processes? • Is a single record of a database? • Is a basic atom of certain XML derivative languages? • Is a matching unit of an XBRL/GL taxonomy?

  10. Management Control Automatic confirmation Data entry edit - lookup • A process generates a transaction that has 97% reliability • The best estimator is that the transaction is 97% reliable • What does that mean? Management Control Client Management Process Client Items Sold Customer database • Bad database item • Bad data entry • Correct form, entry but fallacious transaction due to other process fault • Not delivered • Client cannot pay • Product defective • Broken in transit • Client changed mind • Product bad Sales person Client database Sales person database Product database

  11. Transaction objects • Must be defined when a process is conceived • Have object characteristics, attributes, defined behaviors, and inheritance algorithms • Have to have defined their interaction with other processes • Are affected by controls and processes and events

  12. Control Objects Prelimary – do not quote

  13. Control Objects • There are many types • They have unique attributes such as transactions • They modify business processes and transactions • The control object can be part of a transaction, part of a BP, encompass several business processes • May be linear, layered, amorphous, sequential, parallel, etc…

  14. Types of Controls – Summary • I. AUTHORIZATIONS • II. VALIDITY • III. POPULATION AND TRANSFER CONTROLS • IV . PROCESS CONTROLS • V. COVERAGE • Va. SEGREGATION • V.b SUPERVISION • V.c RULES AND PROCEDURES • V.d INSURANCE • VI. ACCESS • VII. AUDIT (ex-post analysis) • VIII. COMPLIANCE WITH GAAP

  15. Types of Errors • I. PROCEDURAL ERRORS • II. COMPUTATION ERRORS • III. ACCOUNTING ERROR • IV. INTEGRITY ERROR • V. TIMING ERROR • VI. GAAP ERROR • VII. IRREGULARITIES • VIII. LEGAL ERRORS • IX. MISCELLANEOUS MANAGEMENT ERRORS

  16. COSO and continuous monitoring

  17. "An internal control procedure (ICP) is a single control measure such as the checking of a control total." (Cushing[1], p.25) • Controls are seldom used in isolation and may entail anything from one procedure with many functions (such as supervision) to a precise numerical check. It is necessary, therefore to define and relate internal controls, and groups of controls. • "An Internal Control Cluster (ICC) consists of one or more internal control procedures related to one or more types of error or activity, while an internal control system (ICS) is a set of ICCs that constitute a particular cycle of the business organization." (Vasarhelyi, op. cit., p. 43)

  18. Control tags Prelimary – do not quote

  19. Definition • XML derivative tagging with a new type of tag, the control tags that incorporate specific control information on items of information.

  20. Types of Control Tags • 1) reliability related tags • that specify the reliability of the item being measured • at its most basic it entails the reliability of the control process that has generated the transaction • 2) control aid tags • tags that serve to leave behind tracer information on the datum processing (cookie crumbs), • tags that record processes that the transaction was submitted, • tags that contain other control information, and • a mixture of the above.

  21. Reliability control tags • An ongoing assessment of the reliability of the control processes that generate a transaction is made. • This measurement is carried with the transaction • If it is subject to other processes, this reliability assessment is changed

  22. Control tags, cookie crumbs and digital IDs Dynamic control spots with cookie crumb collection Subsidiary 1 Financial statements DID1 DID4 DID5 Consolidation Financial statements Assurance station Subsidiary 2 Financial statements DID2 DID7 DID8 DID9 Subsidiary 3 Financial statements Financial Intermediary Financial statements analysis DID3 DID6

  23. Tracer related control tags (cookie crumbs) • Tags carry a unique identifier of the transaction that is encrypted • This identifier is deposited in tracer receptacles across the transaction path • Public x private encrypting schema are used to verify transaction paths

  24. Path recording control tags • Transactions record its path by collecting process DIDs and carrying them encrypted • Alternatively these may be deposited in a third party safe Web site and a pointer carried • Information about the crypt decoding key / method is carried by the transaction as a tag

  25. Information Control Tags • Contain other control related information that could entail • Organizational placement and hierarchies • Reliability change related information • Name of the DLA assuror, e.g. KPMG • Outsource related agreements

  26. Tags Dynamics Prelimary – do not quote

  27. Process 1 Pre-sales Processes Client database leads orders database Price- product database transaction database lComplementary products Salespeople- entities client Provisioning processes Sales Processes Receivables Cash Collections Followups

  28. Conclusions Prelimary – do not quote

  29. Conclusions • The balkanization financial information distribution creates serious integrity concerns • One must create a new conceptualization to understand and represent the elements of business processes • Control tags associated to XML derivative transactions can deal with many of these problems • Substantial investments on the standards, their implementation into software, and their conceptualization must be made

  30. Conclusions 2 • Transactions and controls are object types with unique characteristics related to their types • They have to be unique in type and measurable • They are denominated in clusters and procedures • They are modified across the life-cycle of the busines process elements

More Related