Professional Documents
Culture Documents
Relationship of GLS To Other Information Subsystems: The General Ledger System Figure 8-1
Relationship of GLS To Other Information Subsystems: The General Ledger System Figure 8-1
Its
primary purpose is to provide historical financial data for comparative financial
Figure 8-1 characterizes the GLS as a hub connected to the reports.
other systems of the firm through spokes of information flows.
Transaction cycles process individual events that are recorded The journal voucher file is the total collection of the journal vouchers processed in
in special journals and subsidiary accounts. Summaries of the current period. This file provides a record of all general ledger transactions
these transactions flow into the GLS and become sources of and replaces the traditional general journal.
input for the MRS and FRS. The bulk of the flows into the GLS
comes from the transaction processing subsystems. Note, The journal voucher history file contains journal vouchers for past periods. This
however, that information also flows from the FRS as feedback historical information supports management’s stewardship responsibility to
into the GLS. We shall explore this point more thoroughly account for resource utilization. Both the current and historical journal voucher
later. In this section, we review key elements of the GLS. files are important links in the firm’s audit trail.
Figure 8-1Relationship of GLS to Other Information Subsystems
The responsibility center file contains the revenues, expenditures, and other
resource utilization data for each responsibility center in the organization. The
MRS draws upon these data for input in the preparation of responsibility reports
for management.
GLS Procedures
The GLS database includes a variety of files. Whereas these will vary from firm The primary recipients of financial statement information are
to firm, the following examples are representative. external users, such as stockholders, creditors, and government
agencies. Generally speaking, outside users of information are
interested in the performance of the organization as a whole. subsidiary ledgers, are prepared and posted to the GL
Therefore, they require information that allows them to observe accounts. The frequency of updates to the GL will be
trends in performance over time and to make comparisons between determined by the degree of system integration.
different organizations. Given the nature of these needs, financial 5. Prepare the unadjusted trial balance. At the end of the
reporting information must be prepared and presented by all accounting period, the ending balance of each account in
organizations in a manner that is generally accepted and understood the GL is placed in a worksheet and evaluated in total for
by external users. debit-credit equality.
6. Make adjusting entries. Adjusting entries are made to the
Sophisticated Users with Homogeneous Information Needs worksheet to correct errors and to reflect unrecorded
transactions during the period, such as depreciation.
Because the community of external users is vast and their individual 7. Journalize and post adjusting entries. Journal vouchers for
information needs may vary, financial statements are targeted at a the adjusting entries are prepared and posted to the
general audience. They are prepared on the proposition that the appropriate accounts in the GL.
audience comprises sophisticated users with relatively 8. Prepare the adjusted trial balance. From the adjusted
homogeneous information needs. In other words, it is assumed that balances, a trial balance is prepared that contains all the
users of financial reports understand the conventions and entries that should be reflected in the financial
accounting principles that are applied and that the statements have statements.
information content that is useful. 9. Prepare the financial statements. The balance sheet,
income statement, and statement of cash flows are
prepared using the adjusted trial balance.
10. Journalize and post the closing entries. Journal vouchers
Financial Reporting Procedures are prepared for entries that close out the income
statement (temporary) accounts and transfer the income
Financial reporting is the final step in the overall accounting process or loss to retained earnings. Finally, these entries are
that begins in the transaction cycles. Figure 8-4 presents the FRS in posted to the GL.
relation to the other information subsystems. The steps illustrated 11. Prepare the postclosing trial balance. A trial balance
and numbered in the figure are discussed briefly in the following worksheet containing only the balance sheet accounts
section. may now be prepared to indicate the balances being
carried forward to the next accounting period.
The process begins with a clean slate at the start of a new fiscal year. Only The periodic nature of financial reporting in most
the balance sheet (permanent) accounts are carried forward from the previous organizations establishes it as a batch process, as
illustrated in Figure 8-4. This often is the case for larger
year. From this point, the following steps occur:
organizations with multiple streams of revenue and
1. Capture the transaction. Within each transaction cycle, expense transactions that need to be reconciled before
transactions are recorded in the appropriate transaction being posted to the GL. Many organizations, however,
file. have moved to a real-time GL/FRS that produces
2. Record in special journal. Each transaction is entered into financial statements on short notice. Figure 8-5 presents
the journal. Recall that frequently occurring classes of a flowchart of a real-time GL/FRS. A noteworthy feature
transactions, such as sales, are captured in special of this system is the changed role of the journal voucher.
journals. Those that occur infrequently are recorded in In batch GL systems, transaction processing applications
the general journal or directly on a journal voucher. summarize and capture transactions in journal vouchers
3. Post to subsidiary ledger. The details of each transaction where they are held, reviewed, and later posted to the
are posted to the affected subsidiary accounts. GL. In such systems, journal vouchers are the authority
4. Post to general ledger. Periodically, journal vouchers, and the source of all GL postings. In contrast, a real-time
summarizing the entries made to the special journals and GL system posts each transaction directly to the general
ledger and concurrently creates a journal voucher. The describes how the attributes will be presented in a document. The
journal voucher in this system does not authorize a GL book order in this example can only be viewed visually (similar to a
entry in the traditional sense. Rather, it provides a FAX) and must be manually entered into the bookstore’s order entry
posting reference and audit trail, which links GL system for processing. In the case of the XML order, the tags are
summary account balances to specific transactions. customized to the user, and the user’s application can read and
interpret the tagged data. Thus, the bookstore order prepared in
XML presents order attributes in a relational form that can be
XBRL—Reengineering Financial Reporting
Online reporting of financial data has become a competitive automatically imported into a bookseller’s internal database.
necessity for publicly traded organizations. In recent years,
organizations accomplish this by placing their financial statements XBRL
and other financial reports on their respective websites as HTML
(Hyper Text Markup Language ) documents. These documents Recognizing the potential benefits of XML, the AICPA encouraged
could then be downloaded by users such as the SEC, financial research into the creation of an accounting-specific markup
analysts, and other interested parties. The HTML reports, however, language. XBRL is an XML-based language that would provide the
are not conveniently processed through IT automation. Performing financial community with a standardized method for preparing,
any analysis on the data contained in the reports requires them to be publishing, and automatically exchanging financial information,
manually entered into the user’s information system. including financial statements of publicly held companies. Figure 8-
7 presents an overview of the XBRL reporting process, the key
The solution to this problem was found in XBRL (extensible elements of which are discussed in the following sections.
Business Reporting Language), which is the Internet standard
specifically designed for business reporting and information
exchange. The objective of XBRL is to facilitate the publication, The first step in the process is to select an XBRL taxonomy. Taxonomies are
exchange, and processing of financial and business information. classification schemes that are compliant with XBRL specifications to
XBRL is a derivative of another Internet standard called XML accomplish a specific information exchange or reporting objective such as filing
(extensible Markup Language). with the SEC. In essence, the XBRL taxonomy specifies the data to be included in
an exchange or report. The XBRL Standards Committee has created several
taxonomies for widespread use. The illustrations in Figures 8-8, 8-9, 8-10 and 8-
XML 11 are based on XBRL Taxonomy for Financial Reporting for Commercial and
Industrial Companies, referred to as CI taxonomy.
XML is a metalanguage for describing markup languages. The
term extensible means that any markup language can be created The next step is to cross reference each account in the reporting
using XML. This includes the creation of markup languages capable organization’s general ledger to an appropriate XBRL taxonomy element
of storing data in relational form in which tags (or formatting (tag). Figure 8-8 presents part of a hypothetical company’s internal database.
commands) are mapped to data values. Thus, XML can be used to
This snapshot shows various GL accounts and their values. Currently, these data
model the data structure of an organization’s internal database.
are organized and labeled according to the reporting company’s internal needs
The examples illustrated in Figure 8-6 serve to distinguish HTML and conventions. To make the data useful to outsiders and comparable with
from XML, using a bookstore order formatted in both languages. other firms, they need to be organized, labeled, and reported in a manner that
Although essentially the same information is contained in both all XBRL users generally accept. This involves mapping the organization’s
examples, and they look similar in structure, important differences internal data to XBRL taxonomy elements.
exist between them. Although both examples use tags (words that
are bracketed by the symbols < and >) and attributes such as Doe The mapping process is accomplished through a Taxonomy Mapper
and John, the way in which these tags and attributes are used differs. tool, an example of which is pictured in Figure 8-9. Note how the
In the HTML example, the tags have predefined meaning that XBRL tag labeled Cash, Cash Equivalents, and Short-Term
Investments is mapped to the database account labeled Cash in Bank
—Canada. Once the mapping process is complete, each database
record will receive a tag as illustrated by the Taxonomy Element
field in Figure 8-10.
In previous chapters, we have seen how the general provide the ability to answer inquiries, for example, from
ledger provides verification control for the accounting customers or vendors;
process. To do so, the task of updating the general ledger (2)
must be separate from all accounting and asset custody
responsibilities within the organization. Therefore, be able to reconstruct files if they are completely or
individuals with access authority to GL accounts should partially destroyed;
not:
(3)
1. have recordkeeping responsibility for special journals or provide historical data required by auditors;
subsidiary ledgers,
2. prepare journal vouchers, and (4)
3. have custody of physical assets. fulfill government regulations; and
Notice that in Figure 8-5, transactions are authorized,
processed, and posted directly to the general ledger. To (5)
compensate for this potential risk, the system should
provide a means for preventing, detecting, and correcting
provide end users and GL departments with detailed
errors.
listings of journal voucher and account activity reports.
These documents advise users of the automated actions Independent Verification
taken by the system so that errors and unusual events, Previous chapters have portrayed the GL function as an
which warrant investigation, can be identified. independent verification step within the accounting
information system. The FRS produces two operational
reports—journal voucher listing and the GL change
report—that provide proof of the accuracy of this
process. The journal voucher listingprovides relevant
details about each journal voucher posted to the GL.
The general ledger change reportpresents the effects
of journal voucher postings to the GL accounts. Figures 8-
12 and 8-13 present examples of these reports.
IT Application Controls
The IT application controls presented in previous
chapters apply also to the GL/FRS. Input controls in the
form of edits and check digits ensure that data (journal
vouchers) entering the general ledger are free from data
entry errors that can corrupt GL accounts. Process
controls, such as error messages, passwords, and
Figure 8-13General Ledger Change Report
multilevel security, serve the same objectives in the GLS
as they do in transaction processing applications.
Likewise, output controls need to be in place to
ensure that financial statements and other management
reports produced by the FRS arrive at their intended
destinations.
Performance Evaluation
The decision maker compares the performance of the Level of details Highly summarized Detailed
operation in question against the standard. The
difference between the two is the variance. For example, Recurrence Nonrecurring Periodic recurring
a price variance for an item of inventory is the difference
between the expected price—the standard—and the
price actually paid. If the actual price is greater than the Certainty Uncertain Highly certain
standard, the variance is said to be unfavorable. If the
actual price is less than the standard, the variance is
favorable.
Problem Structure
Taking Corrective Action
The structure of a problem reflects how well the decision
After comparing the performance to the standard, the maker understands the problem. Structure has three
manager takes action to remedy any out of control
elements.
condition. Recall from Chapter 3, however, that we must
apply extreme caution when taking corrective action. An 1. Data—the values used to represent factors that are
inappropriate response to performance measures may relevant to the problem.
have undesirable results. For example, to achieve a 2. Procedures—the sequence of steps or decision rules
favorable price variance, the purchasing agent may used in solving the problem.
pursue the low-price vendors of raw materials and 3. Objectives—the results the decision maker desires to
sacrifice quality. If the lower-quality raw materials result attain by solving the problem.
in excessive quantities being used in production because When all three elements are known with certainty, the
of higher-than-normal waste, the firm will experience an problem is structured. Payroll calculation is an example
unfavorable material usage variance. The unfavorable of a structured problem:
usage variance may completely offset the favorable price
variance to create an unfavorable total variance. 1. We can identify the data for this calculation with
certainty (hours worked, hourly rate, withholdings, tax
Table 8-1 classifies strategic planning, tactical planning, rate, etc.).
2. Payroll procedures are known with certainty:
3. The objective of payroll is to discharge the firm’s
financial obligation to its employees.
Structured problems do not present unique situations to
the decision maker, and, because their information
requirements can be anticipated, they are well suited for
traditional data processing techniques. In effect, the
designer who specifies the procedures and codes the
programs solves the problem.
Unstructured Problems
Problems are unstructured when any of the three
characteristics identified previously are not known with
certainty. In other words, an unstructured problem is
one for which we have no precise solution techniques.
Either the data requirements are uncertain, the
procedures are not specified, or the solution objectives
have not been fully developed. Such a problem is
normally complex and engages the decision maker in a
unique situation. In these situations, the systems analyst
cannot fully anticipate user information needs, rendering
traditional data processing techniques ineffective. Figure 8-17 also shows the use of information systems by
different levels of management. The traditional
Figure 8-17 illustrates the relationship between problem information system deals most effectively with fully
structure and organizational level. We see from the structured problems. Therefore, operations management
figure that lower levels of management deal more with and tactical management receive the greatest benefit
fully structured problems, whereas upper management from these systems. Because management control and
deals with unstructured problems. Middle-level strategic planning decisions lack structure, the managers
managers tend to work with partially structured who make these decisions often do not receive adequate
problems. Keep in mind that these structural support from traditional systems alone.
classifications are generalizations. Top managers also
deal with some highly structured problems, and lower- Types of Management Reports
level managers sometimes face problems that lack
structure. Reports are the formal vehicles for conveying
information to managers. The term report tends to imply
Figure 8-17Problem Structure-Management Level, and Information a written message presented on sheets of paper. In fact,
System Usage a management report may be a hardcopy document or
a digital image displayed on a computer terminal. The
report may express information in verbal, numeric, or
graphic form, or any combination of these.
Report Objectives
Chapter 1 made the distinction between information and
data. Recall that information leads the user to an action.
Therefore, to be useful, reports must have information
content. Their value is in the effect they have on users as
expressed in two general reporting objectives: Examples of Programmed Reports
Responsibility Centers
To achieve accountability, business entities frequently
organize their operations into units
called responsibility centers. The most common forms
of responsibility centers are cost centers, profit centers,
and investment centers. Profit Centers
A profit center manager has responsibility for both cost
Cost Centers control and revenue generation. For example, the local
A cost center is an organizational unit with manager of a national department store chain may be
responsibility for cost management within budgetary responsible for decisions about the following:
limits. For example, a production department may be
responsible for meeting its production obligation while The items of merchandise to stock in the store.
keeping production costs (labor, materials, and The prices to charge.
overhead) within the budgeted amount. The The kind of promotional activities for products.
performance report for the cost center manager reflects The level of advertising.
its controllable cost behavior by focusing on budgeted The size of the staff and the hiring of employees.
costs, actual costs, and variances from budget. Figure 8- Building maintenance and limited capital improvements.
21 shows an example of a cost center performance The performance report for the profit center manager is
report. Performance measurements should not consider different from that for the cost center manager.
costs that are outside the manager’s control, such as Nevertheless, the reporting emphasis for both should be
on controllable items. Figure 8-22 is an example of a
profit center report. Whereas only controllable items are
used to assess the manager’s performance, the profit
center itself is assessed by its contribution after
noncontrollable costs.
Chapters
8-4cBehavioral Considerations
Goal Congruence
Earlier in
Investment Centers this
The manager of an investment center has the general chapter, we
authority to make decisions that profoundly affect the touched on
organization. Assume that a division of a corporation is the
an investment center with the objective of maximizing manageme
the return on its investment assets. The division nt
manager’s range of responsibilities includes cost principles
management, product development, marketing, of
distribution, and capital disposition through investments authority,
of funds in projects and ventures that earn a desired rate responsibil
of return. Figure 8-23 illustrates the performance report ity, and the
for an investment center. formalizati
on of tasks.
Figure 8-23Investment Center Performance Report When
properly the
applied organizatio
within an n.
organizatio
n, these A carefully
principles structured
promote g MRS plays
oal an
congruenc important
e. Lower- role in
level promoting
managers and
pursuing preserving
their own goal
objectives congruence
contribute . On the
in a other hand,
positive a badly
way to the designed
objectives MRS can
of their cause
superiors. dysfunctio
For nal actions
example, that are in
by opposition
controlling to the
costs, a organizatio
production n’s
supervisor objectives.
contributes Two
to the pitfalls that
division cause
manager’s managers
goal of to act
profitabilit dysfunctio
y. Thus, as nally are
individual informatio
managers n overload
serve their and
own best inappropri
interests, ate
they also performan
serve the ce
best measures.
interests of
Information
Overload required
Informati by lower-
on level
overload o managers
ccurs when would
a manager quickly
receives overload
more the
informatio president’s
n than he decision-
or she can making
assimilate. process.
This Although
happens the report
when may have
designers many of
of the the
reporting informatio
system do n
not attributes
properly discussed
consider earlier
the (complete,
manager’s accurate,
organizatio timely, and
nal level concise), it
and span of may be
control. useless if
For not
example, properly
consider summarize
the d.
informatio
n volume Informatio
that would n overload
flow to the causes
president if managers
the reports to
were not disregard
properly su their
mmarized formal
(refer informatio
to Figure 8- n and rely
18). The on
details informal
cues to
help them however,
make the report
decisions. can have
Thus, the the
formal opposite
informatio effect. Let’s
n system is see how
replaced by this can
heuristics happen
(rules of using a
thumb), common
tips, performan
hunches, ce measure
and —return
guesses. on
The investment
resulting (ROI).
decisions Assume
run a high that the
risk of corporate
being manageme
suboptimal nt of an
and organizatio
dysfunctio n evaluates
nal. division
manageme
Inappropriate nt
Performance performan
Measures ce solely on
Recall that the basis of
one ROI. Each
purpose of manager’s
a report is objective is
to to
stimulate maximize
behavior ROI.
consistent Naturally,
with the the
objectives organizatio
of the firm. n wants
When inap this to
propriate happen
performan through
ce prudent
measures cost
are used,
manageme like
nt and favorable
increased performan
profit ce. A closer
margins. analysis of
When ROI the cost
is used as and
the single revenue
criterion figures,
for however,
measuring gives a
performan different
ce, picture.
however, Actual
the sales were
criterion below
itself budgeted
becomes sales for
the focus of 2017, but
attention the
and object shortfall in
of revenue
manipulati was offset
on. We by
illustrate reductions
this point in
with the discretiona
multiperio ry
d operating
investment expenditur
center es
report (employee
in Figure 8- training
24. Notice and plant
how actual maintenan
ROI went ce). The
up in 2014 ROI figure
and is further
exceeded improved
the by
budgeted reducing
ROI in investment
2017. On s in
the surface, inventory
this looks and plant
equipment nal to the
(fixed organizatio
assets) to n. Usually,
lower the such tactics
asset base. can
succeed in
Figure 8-24Multiperiod Investment Center Report the short
run only.
As the
plant
equipment
starts to
wear out,
customer
dissatisfact
ion
increases
(because of
stock-
outs), and
employee
dissent
becomes
epidemic.
The ROI
figure will
then begin
to reflect
the
economic
reality. By
that time,
however,
the
manager
may have
The been
manager promoted
took based on
actions the
that perception
increased of good
ROI but performan
were ce, and his
dysfunctio or her
successor a
will inherit supervisor
the can affect
problems quality
left behind. control,
material
The use of usage
any single- efficiency,
criterion labor
performan relations,
ce measure and plant
can impose maintenan
personal ce.
goals on 3. The use of
managers profit
that measures
conflict such as
with ROI, net
organizatio income,
nal goals and
and result contributio
in n margin
dysfunctio can affect
nal plant
behavior. investment
, employee
Consider training,
the inventory
following reserve
examples: levels,
customer
1. The use of satisfaction
price , and labor
variance to relations.
evaluate a Performan
purchasing ce
agent can measures
affect the should
quality of consider all
the items relevant
purchased. aspects of a
2. The use of manager’s
quotas responsibil
(e.g., units ity. In
produced) addition to
to evaluate
measures their information needs. This is particularly true for top
of general and middle management who are faced with problems
performan that require information in large volumes, in
ce (e.g., unstructured formats, from multiple sources, and on
ROI), short notice. This section presents two data analytics
manageme approaches used to address these types of
nt should problems: small data analytics and big data analytics.
measure
trends in 8-5aSmall Data Analytics
key The term “small data analytics” characterizes techniques
variables that employ data that are in a format and of a volume
such as that allows them to be analyzed and acted upon by
sales, cost traditional technologies. Typically, small data analytics
of goods produces information directed at solving a specific
sold, problem or answering a specific question. Business
operating examples of small data are inventory turnover reports,
expenses, customer buying preferences, customer search histories
and asset at a website, and vendor service reports. Increases in
levels. computing power, point-of-transaction scanners, and
Nonfinanci continuous reductions in data storage costs have enabled
al organizations to accumulate massive quantities of raw
measures data. A central feature of a small data analytics initiative
such as is a data warehouse of archived data. This consists of a
product centralized relational database, which is separate from
leadership, the organization’s operational data, and has been
personnel designed specifically to meet the needs of data analytics.
developme The warehouse contains copies of operational data about
nt, current transactions as well as events that have
employee transpired over many years. Data are coded and stored in
attitudes, the warehouse in fine detail and at various levels of
and public aggregation to facilitate identification of recurring
responsibil patterns and trends. These data are tapped to support
ity may management reporting through a concept known as data
also be mining, which is the process of selecting, exploring, and
relevant in modeling data to uncover relationships and global
assessing patterns. Data mining techniques follow two general
manageme models: verification and discovery.
nt
performan The verification model uses a drill-down technique to
ce. either verify or reject a user’s hypothesis. For example,
assume a marketing manager needs to identify the best
Chapters target market, as a subset of the organization’s entire
8-5Data Analytics and Ad Hoc Reporting customer base, to direct an ad campaign for a new
Data analytics represents a significant departure from product. The data mining software will examine the
the traditional structured reporting discussed in the firm’s historical customer sales data and demographic
previous section. Managers cannot always anticipate information to reveal comparable sales and the
demographic characteristics shared by those purchasers. hospital, predicting expected visits to emergency rooms,
This subset of the customer base can then be used to and patient monitoring
focus the promotion campaign. Insurance: Predicting future claim rates to price insurance
risk
The discovery model uses data mining to discover Financial services: Fraud monitoring and fraud pattern
previously unknown but important information that is recognition
hidden within the data. This model employs inductive Energy: Real-time analytical processing of oil well data
learning to infer information from detailed data by Horizontal: Market basket analysis, segmenting customers,
searching for recurring patterns, trends, and predicting equipment failure
generalizations. This approach is fundamentally different Forecasting world events
from the verification model in that the data are searched The top users of big data within business organizations
with no specific hypothesis driving the process. For are marketing, executive management, and finance.
example, a company may apply discovery techniques to
identify customer buying patterns and gain a better Velocity
understanding of customer motivations and behavior.
Velocity refers to the speed at which big data must be
Management decision making can be greatly enhanced analyzed. The vast volumes of data and the growing
through data mining, but only if the appropriate data needs for rapid analysis, particularly as big data analytics
have been identified, collected, and stored in the data expands into the machine learning and artificial
warehouse. Therefore, many of the important issues intelligence fields, have created unique computing
related to data mining and warehousing require an infrastructure requirements. The volume and velocity
understanding of relational database technology. These requirements of big data analytics can overwhelm
topics are examined further in Chapters 9 and 11. traditional data mining and storage infrastructures. One
solution, which is not a viable option for many
organizations, is to obtain and apply the storage and
Big Data Analytics
processing power of hundreds or thousands of servers
that work in parallel to complete the big data analytics
The concept of big data was introduced in 1941, but has project. The significant investment required, however, is
since undergone many redefinitions. Its current one that many organizations are reluctant to make. An
rendition is characterized and defined by three Vs: alternative solution is to turn to public cloud computing
extreme volumes of data, the rapid velocity at which the for big data analytics. We saw in Chapter 1 that
data must be processed, and the wide variety of scalability is a defining feature of cloud computing. The
structured and unstructured data types that need to be cloud provider can thus temporarily employ the storage
integrated. Each of these characteristics is discussed and computing power of thousands of servers to meet
next. the needs of the big data project. The advantage to the
client organization is that it pays for only the storage and
Volume processing resources that were actually used.
Volume is the “V” most associated with big data, which
often involves terabytes, petabytes, and even exabytes of Variety
data. These voluminous data come from sources such as Although volume is the “V” most associated with big
customer sales records, voice and text log files, stored data, variety is the primary driver of volume.
images, and speech-to-text data from call center Conventional wisdom estimates that 80 percent of big
recordings. Examples of industry uses of big data data are unstructured and are derived from audio, video,
analytics are : timeseries data, real-time streaming data, external web
data, external social media, and a wide variety of data
Healthcare: Predicting expected patient readmittance to
supplied by the vast and growing array of IoT (Internet diabetes, and other serious conditions. In business,
of things) devices. IoT refers to the network of physical predictive models are used to analyze current and
objects that feature an IP address for Internet historical data on potential customers to rank order
connectivity. These devices extend Internet connectivity them in terms of their likely future performance such as
beyond traditional laptops, desktops, and tablets. their creditworthiness (the likelihood that they will pay
Examples of IoT are thermostats, automobiles, their bill) and their likelihood to respond to a particular
environmental data from private households and offer or product promotion. Credit card companies use
commercial buildings, security systems, electricity usage predictive models to detect in real time the likelihood
sensors, water meters, and cell phones. To make full use that a current transaction is fraudulent. In the
of big data, advanced technology platforms need to entertainment sector, Netflix designed a movie
integrate these disparate data sources and formats. recommendation system called CinematchSM. It predicts
whether someone will enjoy a movie based on how much
Big Data Reporting Systems they liked or disliked other movies. The system then
Since big data management reporting systems draw from makes personal movie recommendations based on each
multiple sources of unstructured and structured customer’s unique tastes.
transactions to uncover hidden patterns and
Descriptive analytics is a mathematical process that
relationships, it can deliver high-quality business
describes real-world events and the relationships
intelligence that provides rich insight to the nature the
between factors responsible for them. This form of
business. Four sources of business intelligence are as
analysis is useful in allowing management to learn from
follows: prescriptive, predictive, descriptive, and
data about historic activities and events, and understand
diagnostic analytics.
how they might influence future outcomes. In this
Prescriptive analytics tells the user what context, “historic” data refers to data generated at any
actions should be taken in response to specific questions. point of time when an event occurred, which could be
For example, some companies use predictive analytics to years or only seconds past. Descriptive analytics is useful
optimize trade promotions. Prescriptive analytics helps for reporting data such as sales by customer, average
them determine which campaigns to run and for which purchases by vendor, inventory turnover rates, and sales
products. Another use is to support product assortment levels over time. Unlike the prescriptive and predictive
optimization. Business managers can thus determine the models, descriptive analytics does not interpret the data
optimal configuration of premium, high-end, medium- and provide an answer to the user. Instead, it creates a
price, and low-price items that maximize the total value summary of historical data that is either interpreted by
to the company. The analysis draws upon structured data the user or submitted as input for further analysis.
such as the price of items and their baseline demand as Diagnostic analytics, which is discussed next, provides
well as unstructured data such as substitution effects. greater insight into the underlying causes of events and
For example, if the company does not have product “X,” behaviors.
the customers will buy product “Y” or leave the store.
Diagnostic analytics techniques view past performance
Other well-established uses of prescriptive analytics are
to determine why something happened the way it did.
seen in the oil and gas exploration and in healthcare.
These tools help managers understand system-wide
Predictive analytics encompasses a variety of statistical “pipeline” problems and show them how the various
techniques that draw upon current and past data to teams in the system are performing. Often management
calculate the statistical likelihood of future scenarios cannot see the “problem.” Instead, they see a symptom of
occurring. For example, in healthcare, predictive the problem. For example, declining sales during the
analytics are used at the point of care to determine period is not a problem; it is a symptom. The reason for
whether patients are at risk of developing heart disease, the declining sales is the root problem, which may be
masked by the symptoms. By using diagnostic analytics
to drill down into structured data such bills of lading, that insulates the organization’s internal network and
shipping logs, and sales returns, in addition to stored data from outside intruders on the Internet. A
unstructured data such as speech-to-text data from firewall enforces access control to ensure that only
customer call centers and website search data, the authorized traffic passes between the organization and
manager can use commercial visualization software (e.g., individuals on the outside. Validated users are directed
Tableau, Zoho, and Chartio) to uncover the root problem. to the application or data they need. Those who fail the
In this hypothetical case, the declining sales may be validation tests are rejected, and such failed attempts
attributed to shipping department problems that have should be logged and investigated by an internal security
caused an inordinate number of late deliveries, resulting group.
in customer dissatisfaction and lost sales. Once the
manager identifies the underlying problem, he or she is Not all security threats come from the Internet.
able to address the team on what needs to be done to Sometimes computer criminals are already inside the
resolve the issue. corporate walls. Controlling threats from insiders
involves a number of possible tools.
Big Data Analytics Risks and Controls
Organizations invest considerable time and resources in
Access Privileges
data analytics because the resulting information is of Sometimes individuals are mistakenly granted excessive
strategic value to them. Such information is also of value access privileges to internal networks and data. To
to business competitors and cyber criminals. Like any counter this, organizations should implement formal
other asset, big data need to be controlled to mitigate procedures for assigning access privileges and should
risks from misappropriation, theft, and corruption. This periodically review existing employee privileges.
section addresses risk and control issues.
Password Control
Data Security Most organizations employ a reusable password system.
If a password can be guessed or otherwise observed by a
Big data provide a big target for hackers. Many high- computer criminal, he or she can use it to access the
profile events of the recent past stand testimony to the system. The best password control rests heavily on
risks. Because of this, companies need to ensure that data common sense and procedures to enforce it. For
are protected from both external and internal threats. example, employees should be required to create only
Companies that outsource big data analytics and storage strong passwords. In addition, passwords should be
to cloud-based service providers face additional risks in changed periodically to reduce the chance that they are
this regard. Chapter 1 defined cloud computing captured by an intruder. To avoid this risk, some
as location-independent computing, which involves organizations use a one-time password system in which
networks of service and subservice providers working in a new password is randomly generated every 60 seconds
parallel. This means that a client firm’s data may be and can be used only once during the one-minute time
distributed among many anonymous subservice frame. This approach has proven to be a very effective
providers across the Internet. The security procedures in access control method.
place at these locations become an obvious control
concern. Security is an extensive body of material System Audit Trails
involving a combination of technologies and procedures. System audit trails are logs that record activity at the
Some of these topics are outlined in following sections system, application, and user level. They have many uses,
but Chapter 15 offers an in-depth discussion. but as a security device, they can monitor user activity at
the lowest level of detail. This capability will often deter
Firewalls illegal behavior and prevent unauthorized access.
A central component in controlling against external Individuals are less likely to violate an organization’s
hackers is the implementation of an electronic firewall
security policy when they know that their actions are
recorded in an audit log. Audit logs can be set to perform
high-level monitoring that records the IDs of all users
accessing the system, the time and duration of a user’s
session, programs that were executed during a session,
and the files, databases, printers, and other resources
accessed. An audit log can also capture detailed data at
the keystroke level. This form of log may be used after
the fact as a forensic tool to reconstruct the details of an
event or as a real-time control to prevent unauthorized
intrusion.
Outsourcing Controls
Big data outsourcing activities are not riskless
endeavors; client organizations hand over their data to
third-party service providers who then perform the
analysis or, in turn, outsource the data to subservice
provider. The risks are many. First of all, the security
risks from Internet hackers and employees within the
service provider’s or subservice provider’s operations
are still in play. In addition, another risk is failure to
perform, which, simply stated, means the service
provider does not deliver at all or provides unreliable
results upon which the client organization relies. Related
to this is the risk of losing strategic advantage. Flawed
information may be incongruence with a firm’s strategic
business plan, resulting in flawed strategic decision
making. To mitigate these risks, the external auditors of
the service providers and subservice providers may issue
a Statement on Standards for Attestation Engagements
No. 16 (SSAE 16) report to the auditors of the client
company. SSAE 16 is the definitive standard by which the
client firm’s auditors can determine whether the controls
at the third-party service provider are free from material
weaknesses. Chapter 14 examines SSAE 16 issues as part
of a broader discussion on outsourcing.
Chapters