Matrices
For AFW2851 use only
Disclaimer
This guide is NOT designed to replace the lecture
notes, they are meant to make reading the lecture
notes EASIER
The examples in this guide are from the lecture notes
because with a different way of explaining things,
hopefully you can understand the lecture notes better
Finally, I CAN be wrong, so let me know if you see
something you feel is not right so I can help make this
guide better. (This is especially true in regards to the
background knowledge needed to understand Control
Matrices)
Business Processes
As you all know, a business consists of many smaller
processes, each having its own purposes/goals.
Lenox Bookstore
Business Processes
For example, the goals of the Cash Receipts process are:
Make daily cheque deposits into the bank
Comply with compensating balance agreements
with the depository bank
And the goal of the Literature Procurement process is:
System Flowcharts
Generally, for each business process, there should be one system flowchart
System Flowcharts
System flowcharts are supposed to show you two things
Information processes (activities, logic flows, inputs, outputs and data
storage)
Operations processes (entities, physical flows, and operations
activities)
NOTE: even though they have the word process, a business process is NOT
the same as an information/operations process.
In fact, a business process CONTAINS the two processes mentioned, along
with a 3rd process, the management process, but that is normally not shown
in a system flowchart.
By showing you the who/what/where/when of these two processes
mentioned above, system flowcharts should tell you exactly how the goals of
each business process is achieved
Ensure
efficient
employment
of resources
(e.g., people
and
computers)
Ensure
security of
resources (e.g.,
checks and AR
master data)
IV
IC
IA
UC
UA
For each
purpose/goal of
the business
process, write a
letter in its own
column, and
describe it at the
bottom. The
number of goals
are man-made,
so there is now
way to definitely
saw how many
and what these
goals are.
Ensure
effectiveness of
operations
(1)
A
Ensure
efficient
employment
of resources
(e.g., people
and
computers)
Ensure
security of
resources (e.g.,
checks and AR
master data)
(2)
IV
(1)
(3)
(1)
IC
(1)
(2)
IA
UC
(1)
(1)
UA
(1)
IV = Input validity
IC = Input completeness
IA = Input accuracy
UC = Update completeness
UA = Update accuracy
(1) These will ALWAYS stay the same in EVERY control matrix, no matter what business process the control
matrix represents
(2) You will have to know the inputs for the business process, so its not always remittance advice or AR master
data
(3) You wont know what resources need to be secure, most likely its also the inputs of the business process,
but there might be others as well
For Example...
(read this slide from bottom -> up!)
Keying operation
Manual operation
Computer processing
If there are, that means the control plan is already present in the business
process, so we label that trapezium/rectangle as P-1, P-2, P-3, etc. etc.
It is also possible for some control plans that are not handled by any
symbol in the flowchart.
If that is the case, then we must try to figure out where is the best place
for that control plan to be implemented some time in the future (again,
how this is done, I have no idea). These are control plans that are missing
from the business process, so we label these specific areas as M-1, M-2,
M-3, etc. etc.
For Example...
M AILROOM
ACCOUNTS RECEIVABLE
CASHIER
COM PUTER
P-2
Customer
M -1
RAs
Checks
P-1
M -2
RAs
Key customer
number,invoice
number,amount and
check number
Cash
receipts
event data
Endorsed
Checks
Print deposit
slip
Filed until
deposit slip
is received
Temp
file
Endorse
checks
"Accepted
and
processed"
Endorsed
Checks
Accounts
receivable
master data
At end
of day
Endorsed
Checks
Error routine
not shown
Endorsed
Checks
1
Deposit
slip
Compare
RA = Remittance advice
Deposit
slip
Deposit
slip
2
1
Bank
In this case, 4 control plans have been created for this business
process, but only 2 of the these plans are actually carried out (P-1,
P-2) while the other 2 have been decided to be at M-1 and M-2.
Preferably, the
missing
controls should
achieve the
goals that the
present
controls didnt.
Ensure
effectiven
ess of
operation
s
Recommended
control
plans (b)
A
Ensure efficient
employm
ent of
resource
s (eg.
people
and
computer
s)
Ensure security
of
resource
s (eg.
Checks
and AR
data)
IV
IC
IA
UC
UA
Present Controls
P-1: Immediately
endorse
incoming
checks
P-2: Compare
input
(remittan
ce
advices
[RAs])
with
master
data (AR
master
data)
P-1 (c)
P-2
P-2
P-2
P-2
Missing Controls
M-1 Immediately
separate
checks
and RAs
M-2 Compare
checks
and RAs
Both the present and missing controls are written down on the left side of
the table. After that, find out which control goals are achieved by which
control plans, and write their name in the correct cell.
Finally...
Control matrices are meant to show us the current strengths (present
controls) and weaknesses (missing controls) of any particular business
process. Generally, when investigating a business process for the first time,
it wont be perfect and will have some control goals that wont be
achieved until the missing controls are perfected.