8/2/2006 Prelimary – do not quote 1
Transaction Objects, Control Objects, Control tags and
Tags Dynamics
Miklos A. VasarhelyiRutgers University
2
Outline Introduction Transaction Objects Control Objects Control tags Tags Dynamics Conclusions
8/2/2006 Prelimary – do not quote 3
Introduction
4
The evolving environment WEB services create a set of anonymous cooperating
processes Transactions are complex virtual entities that can assume
many forms and can be modified by sequential processes Transactions can be routed along processes and
modified by these processes Data structures are being progressively balkanized Transactions, databases, and processes can cooperate in
forms that are bizarre under traditional systems designs
5
Introduction The emergence of digital business
measurement and document processing has changed fundamentally business processes
Control measurement has been interpreted as control documentation
XBRL/FR deals with the reporting tail end of the process
XBRL/GL allow for a more granular data structure
There are major conceptual needs in this world
6
Conceptual needs Transactions must be defined with unique
characteristics relative to type (objects) Controls must be describable, measurable,
monitorable, and combinable Transaction x control clusters must be
definable and measurable Transactions must have some form of
accuracy (quality) parameter and this parameter must be related to its entailing processes
Transactions must have security mechanisms to ensure their integrity
7
Basic Elements Business process Transaction Control Database Events Procedures and Flows
8/2/2006 Prelimary – do not quote 8
Transaction Objects
9
What is a transaction? Is a unique record transmitted among
processes? Is a record that is modified in a sequence of
processes? Is a single record of a database? Is a basic atom of certain XML derivative
languages? Is a matching unit of an XBRL/GL taxonomy?
10
Customerdatabase
Productdatabase
Salesperson
database
Client
Items
Sold
Client Management
Process
Clientdatabase
Sales
person
• A process generates a transaction that has 97% reliability
•The best estimator is that the transaction is 97% reliable
•What does that mean?
Automatic confirmation
Data entry edit - lookup
Management Control
Management Control
•Bad database item
•Bad data entry
•Correct form, entry but fallacious transaction due to other process fault
•Not delivered
•Client cannot pay
•Product defective
•Broken in transit
•Client changed mind
•Product bad
11
Transaction objects Must be defined when a process is conceived Have object characteristics, attributes, defined
behaviors, and inheritance algorithms Have to have defined their interaction with
other processes Are affected by controls and processes and
events
8/2/2006 Prelimary – do not quote 12
Control Objects
13
Control Objects There are many types They have unique attributes such as
transactions They modify business processes and
transactions The control object can be part of a transaction,
part of a BP, encompass several business processes
May be linear, layered, amorphous, sequential, parallel, etc…
14
Types of Controls – Summary
I. AUTHORIZATIONS II. VALIDITY III. POPULATION AND TRANSFER CONTROLS IV . PROCESS CONTROLS V. COVERAGE
• Va. SEGREGATION• V.b SUPERVISION• V.c RULES AND PROCEDURES• V.d INSURANCE
VI. ACCESS VII. AUDIT (ex-post analysis) VIII. COMPLIANCE WITH GAAP
15
Types of Errors
I. PROCEDURAL ERRORS II. COMPUTATION ERRORS III. ACCOUNTING ERROR IV. INTEGRITY ERROR V. TIMING ERROR VI. GAAP ERROR VII. IRREGULARITIES VIII. LEGAL ERRORS IX. MISCELLANEOUS MANAGEMENT
ERRORS
16
Information and C
omm
unication
Control ActivitiesICPsICC
Control Environment
MONI TORING
Risk Assessment
Operations Financial Compliance Reporting
Unit A
Unit B
Entity 1
Entity 2
Entity 3
Manual &AutomatedSystems
MetricsAnalyticsAlarmsStandards
Basic set of ControlsControl reportsControl MetricsControl Evaluation rules
COSO and continuous monitoring
17
•"An internal control procedure (ICP) is a single control measure such as the checking of a control total." (Cushing[1], p.25)
•Controls are seldom used in isolation and may entail anything from one procedure with many functions (such as supervision) to a precise numerical check. It is necessary, therefore to define and relate internal controls, and groups of controls.
•"An Internal Control Cluster (ICC) consists of one or more internal control procedures related to one or more types of error or activity, while an internal control system (ICS) is a set of ICCs that constitute a particular cycle of the business organization." (Vasarhelyi, op. cit., p. 43)
8/2/2006 Prelimary – do not quote 20
Control tags
21
Definition XML derivative tagging with a new type
of tag, the control tags that incorporate specific control information on items of information.
22
Types of Control Tags 1) reliability related tags
• that specify the reliability of the item being measured• at its most basic it entails the reliability of the control
process that has generated the transaction 2) control aid tags
• tags that serve to leave behind tracer information on the datum processing (cookie crumbs),
• tags that record processes that the transaction was submitted,
• tags that contain other control information, and• a mixture of the above.
23
Reliability control tags An ongoing assessment of the reliability
of the control processes that generate a transaction is made.
This measurement is carried with the transaction
If it is subject to other processes, this reliability assessment is changed
24
Control tags, cookie crumbs and digital IDs
ConsolidationFinancial statements
Subsidiary 2Financial statements
Subsidiary 3Financial statements
Subsidiary 1Financial statements
Assurance station
DID1
DID6
DID5DID4
DID2
DID3 Financial IntermediaryFinancial statements
analysis
DID7DID8
DID9
Dynamic control spots with cookie crumb
collection
25
Tracer related control tags (cookie crumbs) Tags carry a unique identifier of the
transaction that is encrypted This identifier is deposited in tracer
receptacles across the transaction path Public x private encrypting schema are
used to verify transaction paths
26
Path recording control tags Transactions record its path by collecting
process DIDs and carrying them encrypted
Alternatively these may be deposited in a third party safe Web site and a pointer carried
Information about the crypt decoding key / method is carried by the transaction as a tag
27
Information Control Tags Contain other control related information
that could entail• Organizational placement and hierarchies• Reliability change related information• Name of the DLA assuror, e.g. KPMG• Outsource related agreements
8/2/2006 Prelimary – do not quote 28
Tags Dynamics
29
Followups Clientdatabase orders
database Price-product
database transactiondatabase
Process 1Pre-salesProcesses
lComplementaryproducts
Salespeople-entities
leads
SalesProcesses
Provisioningprocesses
CashCollections
Receivables
client
8/2/2006 Prelimary – do not quote 30
Conclusions
31
Conclusions The balkanization financial information distribution
creates serious integrity concerns One must create a new conceptualization to
understand and represent the elements of business processes
Control tags associated to XML derivative transactions can deal with many of these problems
Substantial investments on the standards, their implementation into software, and their conceptualization must be made
32
Conclusions 2 Transactions and controls are object types with
unique characteristics related to their types They have to be unique in type and
measurable They are denominated in clusters and
procedures They are modified across the life-cycle of the
busines process elements
Top Related