1.

Define Business Processes

Business processes are structured activities or tasks performed by people or systems within an
organization to produce a specific service or product for customers. These processes are
essential for the day-to-day operations of a business and are usually categorized into three
types: operational (core) processes, supporting processes, and management processes.
Examples include sales order processing, inventory management, and payroll processing.

2. Examples and Explanation of Business Cycles:

●​ Revenue Cycle:​
Example: A customer buys a smartphone from an online store. The store processes the
order, ships the product, sends an invoice, and receives payment.​
Explanation: The revenue cycle refers to all activities related to selling goods or services
and collecting payment. It includes order entry, shipping, billing, and cash collection.​

●​ Expenditure Cycle:​
Example: A company purchases raw materials for manufacturing. They place a
purchase order, receive the goods, and then pay the supplier.​
Explanation: The expenditure cycle involves acquiring goods or services and making
payments. It includes ordering, receiving, and settling the invoice.​

●​ General Ledger and Financial Reporting Cycle:​

Example: At the end of the month, a company gathers all transactions from the revenue
and expenditure cycles, posts them to the general ledger, and prepares the financial
statements.​
Explanation: This cycle focuses on summarizing financial information and preparing
reports such as the income statement and balance sheet, ensuring that records are
accurate and complete.​

3. Source Documents Used in a Revenue Cycle

These are the key documents that initiate and support transactions in the revenue cycle:

Customer Order or Sales Order Form: Records what the customer wants to buy.​
Shipping Document (Bill of Lading): Confirms that goods have been shipped.​
Sales Invoice: Requests payment from the customer.​
Remittance Advice: Sent by the customer with the payment, indicating what the payment
covers.​

Cash Receipt: Acknowledges the payment received from the customer.​

4. Inputs and Outputs in a Revenue Cycle

Inputs:​
Customer purchase orders​
Shipping notices​
Invoices​
Payments and remittance advice​
Sales data​

Outputs:​
Customer invoices​
Sales reports​
Accounts receivable updates​
Payment confirmations​
Revenue summaries​

5. Source Documents Used in an Expenditure Cycle

These documents initiate and support purchasing and payment transactions:

Purchase Requisition: Request to order a specific item or service.​

Purchase Order (PO): Formal document sent to the supplier to order goods or services.​
Receiving Report: Confirms the delivery of goods and checks their condition/quantity.​
Supplier Invoice: Sent by the supplier to request payment.​
Check or Payment Voucher: Used to authorize and process payment to the supplier.​

6. Inputs and Outputs in an Expenditure Cycle

Inputs:​
Purchase requisitions​
Purchase orders​
Supplier invoices​
Receiving reports​

Outputs:​
Payment to suppliers​
Updated accounts payable records​
Inventory records​
Purchase summaries​

7. Difference Between Management Reports and General Purpose Financial

Reports

Management Reports​

Purpose: Used internally by managers for decision-making, planning, and controlling

operations.​
Audience: Internal (managers, department heads)​
Format: Customized, detailed, may include forecasts or non-financial data​
Example: Budget vs. actual expense report, departmental performance report​
General Purpose Financial Reports​
Purpose: Provide standardized financial information to external stakeholders.​
Audience: External (investors, creditors, government)​
Format: Follows accounting standards like IFRS or GAAP​
Example: Income Statement, Balance Sheet, Cash Flow Statement

​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
1. Define Internal Controls​
Internal controls are accounting and auditing processes used in a company's finance
department that ensure the integrity of financial reporting and regulatory compliance.
Internal controls help companies to comply with laws and regulations and prevent fraud. They
can also help improve operational efficiency by ensuring that budgets are adhered to, policies
are followed, capital shortages are identified, and accurate reports are generated for leadership.
​
2. What is a COBIT framework?​
COBIT, or Control Objectives For IT, is an ISACA-designed and globally accepted framework
helping IT managers/professionals to easily figure out the hidden and surfaced technical issues,
governance risks, and areas where control is lacking.

The framework is extensive and explains everything about how a business can have a better
hold over IT systems and ensure their quality controls. It’s so flexible and expandable that
business ventures from any background and domain can adopt it effectively. Seeing the
authenticity and viability of this framework, the US has adopted this framework as the
foundation to achieve SOX compliance.

Not only this, COBIT has become so famous that globally recognized standards such as ISO
27000, ITIL, COSO, PMBOK, and many more have given their acceptance to it. It mainly works
like a guideline integrator to de-clutter this space and bring all-possible key solutions under one
roof.​

3. What are the 5 principles of COBIT?​

1.​ Meeting Stakeholder Needs – Ensures IT delivers value to stakeholders by aligning IT

goals with business objectives.​

2.​ Covering the Enterprise End-to-End – Integrates IT governance into overall enterprise
governance.​

3.​ Applying a Single Integrated Framework – Aligns with other standards and
frameworks (like ITIL, ISO).​

4.​ Enabling a Holistic Approach – Considers processes, people, culture, and technology
together.​

5.​ Separating Governance from Management – Distinguishes decision-making and

performance monitoring (governance) from planning and executing (management).​
4. What are General Controls? Cite 5 example​
Examples:

1.​ Password and user access policies​

2.​ Backup and recovery procedures​

3.​ Physical security of IT equipment​

4.​ Change management procedures​

5.​ Antivirus and firewall configurations​

5. What are Application Controls?​

Application controls are the steps organizations can implement within their applications to keep
them private and secure. Though applications are an inevitable and vital part of the daily
operations of modern organizations, they also put organizations at an unprecedented risk of
breach.

Every time information is transmitted from one user or application to another, the organization
could be compromising its data. IT application controls help mitigate the risks of using these
tools by putting various checks in place. These checks authenticate applications and data
before it’s allowed into or out of the company’s internal IT environment, ensuring that only
authorized users can take action with the company’s digital assets.​

6. Define Input Controls and give 5 examples​

Input controls are checks built into a system to ensure that data entered is correct, complete,
and authorized before being processed.

Examples:

1.​ Field validation checks – e.g., date field only accepts date format​

2.​ Drop-down menus – to limit user input​

3.​ Batch totals – checking total items or amounts before processing​

4.​ Required fields – user cannot proceed unless the field is filled​

5.​ User authentication – only authorized users can enter data​

7. Define Processing Controls and give 5 examples​
Processing controls ensure that data is processed accurately, completely, and only once. These
controls help maintain the integrity of transactions during processing.

Examples:

1.​ Run-to-run totals – comparing totals between steps​

2.​ Error checking routines – system flags inconsistencies​

3.​ Data matching – e.g., matching invoice number with purchase order​

4.​ System logging – records each transaction processed​

5.​ Sequence checks – ensures transactions follow a proper order​

8. Define Output Controls and give 5 examples​

Output controls ensure that results of data processing are complete, accurate, and properly
distributed.

Examples:

1.​ Report distribution logs – track who received what​

2.​ Reconciliation reports – compare system output with manual records​

3.​ Print control – restricts unauthorized printing of sensitive data​

4.​ User reviews – users check reports for accuracy​

5.​ Output encryption – secures data during transmission or storage