Professional Documents
Culture Documents
It will allow the data to be used between programs, allowing for faster
access and calculations, meaning that the company can quickly prepare
financial statements at any time.
They could offer an assurance/IT help for individuals and their AISs and
computer systems. They could vouch for compliance with organizations or
other companies that might come in contact with them, as in to recommend
them. They could offer a seal of approval.
No. Due to the fact that AISs are complex, analytical skills are
necessary to make decisions and figure out whatever is needed. Writing skills
are important to communication and also programming AISs. Both of these
skills are very valued by employers. A well-rounded mix would make an ideal
candidate in accounting/IT fields.
PROBLEMS
11. a. AAA American Accounting Association
b. ABC Activity Based Costing
c. AICPA American Institute of Certified Public Accountants
d. AIS Accounting Information Systems
e. CFO Certified Financial Officer
f. CISA Certified Information Systems Auditor
g. CITP- Certified Information Technology Professional
h. CPA Certified Public Accountant
i. CPM Corporate Performance Measurement
j. ERP Enterprise Resource Planning
k. FASB Financial Accounting Standards Board
l. HIPPA Health Insurance Portability and Accountability Act
m. ISACA Information Systems Audit and Control Association
n. IT Information Technology
o. KPI Key Performance Indicators
p. OSC -
q. PATRIOT Act - Uniting and Strengthening America by Providing
Appropriate Tools Required to Intercept and Obstruct Terrorism
r. REA resources, events, and agents
s. SAR Suspicious Activity Reporting
t. SEC Securities Exchange Commission
u. SOX Sarbanes- Oxley Act
v. VARs Value-Added Resellers
w. XBRL Extensible Business Reporting Language
16. a. Dues paid, expenses, donations, operating costs, and capital
investments and costs.
b. Yes, because AISs do not have to be computerized.
c. No, fraud tends to occur when there isnt a separation of duties.
d. Benefits would include ease of information collected/entered, real-
time reporting, ease of access to information, e-commerce style record
keeping. It would only be cost effective if system is easy to use/user-friendly.
1. On CPA exam
2. Used a lot therefore need to understand it
3. To be able to audit systems
4. Task Identification
5. Help clients make hardware and software purchases
6. To evaluate efficiency and effectiveness
7. IT profoundly affects work today and in the future
11. What are local area networks? What advantages do LANs offer
accounting applications?
1. Facilitating communications
2. Sharing computer equipment
3. Sharing computer files
4. Saving software costs
5.Enabling unlike computer equipment to communicate with one
another
PROBLEMS:
17. a. ALU CPU component
b. CD-ROM - secondary storage
c. keyboard input equipment
d. Modem data communications
e. dot-matrix printer output equipment
f. POS device - input equipment
g. MICR reader - input equipment
h. laser printer - output equipment
i. flash memory secondary storage
j. OCR reader - input equipment
k. magnetic (hard) disk secondary storage
l. ATM - data communications
m. Primary memory - CPU component
18. a. POS Point of sale devices, gather and record electronic data
b. CPU Central processing unit, processes tasks within a computer
c. OCR Optical character recognition, optical readers to interpret data
d. MICR Magnetic ink character recognition, magnetically-encoded
paper coding
e. ATM Automated teller machine, to communicate to banking
customers
f. RAM Random access memory, primary memory, operating
instructions
g. ALU- Arithmetic-logic unit, performs arithmetic and logic tasks
h. MIPS Millions of instructions per second, computer processing speeds
i. OS Operating system, helps computer run itself and programs
within
j. MHz Megahertz, computer processing speeds
k. pixel Picture elements, dots of color in video output
l. CD-ROM Compact disk-read only memory, secondary storage
m. worm Write-once, read-many, type of cd-rom
n. modem modulator-demodulator, transmission over phone lines
o. LAN Local area network, small area connected devices
p. WAN Wide are network, large area connected devices
q. RFID Radio frequency Identification, enables identification using
radio waves
r. WAP Wireless application protocol, set of communication standards
and language
s. Wi-Fi Wireless fidelity, transmitting over wireless channels
t. ppm Pages per minute, printing speeds
u. dpi Dots per inch, resolution of ink-jet printers
v. NFC Near-field communication, enables communication with other
NFC devices
All four use symbols and linage to describe the flow/activity. Data flow
diagrams describe the source and flow of data in a database. Document
flowcharts trace the flow of documents. System flowcharts are created when
there is computerized/electronic data and processing. Program flowcharts
outline computer programs and how they determine each process. System
flowcharts, data flow diagrams, and program flowcharts can be designed at
different levels/hierarchal process maps of detail.
5. What are the four symbols in a data flow diagram? What does
each mean?
Data Flow
PROBLEMS
14. Recommend a type of coding:
a. Employee id number on a computer file Sequence, simple
identification
b. Product number for a sales catalog Group
c. Inventory number for the products of a wholesale drug company -
Block
d. Inventory part number for a bicycle mfg company - Block
e. ID numbers on the forms waiters use to take orders Sequence,
simple identification
f. ID numbers on airline ticket stubs Sequence, simple identification
g. Auto registration numbers Sequence, simple identification
h. Auto engine block numbers Sequence, simple identification
i. Shirt sizes for mens shirts Mnemonic, lettering used to identify
sizing
j. Color codes for house paint Mnemonic, lettering used to identify
color combonations
k. ID numbers on payroll check forms Sequence, simple identification
l. Listener ID for a radio station Block, numbering based on region
m. Numbers on lottery tickets Sequence, simple identification
n. ID numbers on a credit card Block, first numbers indicate type of
card
o. ID numbers on dollar bills Block, lettering first then numbers
p. Passwords used to gain access to a computer Mnemonic, lettering
used to create pw
q. Zip codes Block, based on regional areas
r. A chart of accounts for a department store Block, categorized by
type
s. A chart of accounts for a flooring contractor Block, categorized by
type
t. Shoe sizes Sequence, simple identification by size
u. ID number on a student exam Sequence, simple identification
v. ID number on an insurance policy Block, identifiers on
region/policy type/etc.
CHAPTER EIGHT: AISs and Business Processes: Part
2
DISCUSSION QUESTIONS
2. Why are accounting transactions associated with payroll
processing so repetitive in nature? Why do some companies choose
to have payroll processed by external service companies rather than
do it themselves?
PROBLEMS
14. How could an automated time and billing system help your firm?
What is the name of the software package and what are the primary
features of this BPM software?
12. Why did COSO think it was so important to issue the 2009
Report on monitoring?
COSO observed that many organizations did not fully understand the
benefits and potential of effective monitoring and were not effectively using
their monitoring results to support assessments of their internal control
systems.
PROBLEMS
13. Internal control weaknesses:
*Oral authorization to remove items from storeroom: should be
documented not oral.
* Physical Inventory count by storeroom clerks: should be
management if documentation of inventory is not going to occur; regardless
of supervision.
* Reordering when below reorder level: should not order until at
reorder level, excess of inventory will allow for possible theft.
* Number of items ordered available to storeroom clerks: should be a
separate receiving person, separation of duties.
CHAPTER TEN: Computer Controls for
Organizations and AISs
DISCUSSION QUESTIONS
1. What is a security policy? What do we mean when we say
organizations should have an integrated security policy?
They use BCP to be reasonably certain that they will be able to operate
in spite of any interruptions, such as, power failures, IT system crashes,,
natural disasters, supply chain problems, and others.
7. Discuss some of the unique control risks associated with the use
of PCs and laptop computers compared to using mainframes.
PCs are relatively in-expensive, therefore it is not cost-effective for a
company to go to elaborate lengths to protect them. Important safeguards
are: (1) backup important laptop data often, (2) password protect them, and
(3) encrypt sensitive files. Antitheft systems can help avoid theft. Control
procedures include: Identify your laptop and keeping information in a safe
place, use non-breakable cables to attach laptops to stationary furniture to
avoid theft, load antivirus software onto the hard disk to avoid theft of data,
and back up laptop information to ensure data integrity.
This is incorrect. Due to the fact that functions are integrated, extra
measures need to be taken to separate functions of authority and
responsibility between accounting and IT subsystems or departments.
PROBLEMS
13. I think both types of controls, personnel and edit tests, are set forth to
eliminate potential errors and frauds of both intentional and accidental
natures. Not specifically for one type or the other.
What enabled the employees was the fact that they were able to
enter false information into the computer procedures. Controls that could
have prevented the crime are authorization and validation of credit changes
and separation of duties.
11. The fact that Mr. Allen has never taken a vacation is a key red flag that
he may have been manipulating the account data. Making him Employee-of-
the-Year should not be a consideration until he/his department had been
audited for the potential fraud. Giving him such a title would entice him to
continue committing frauds.
PROBLEMS
12. a. The university had too strict policy about releasing passwords. There
should have been additional controls that allowed someone who had lost a
password to obtain it, i.e. personal data question, etc. This would allowed for
assurance that the student was who she said she was and also avoiding
complaints of that nature.
b. The company should have adopted a policy against personal use on
company computers regardless of on company time or not, and the fact that
the computers are owned by the company, it shouldnt be an issue of
privacy.
c. The company should require a certain level of password and adopt a
policy that is any passwords are found there will be consequences. Otherwise
they need to use a biometric way of logging in to systems.
d. The company should have a policy against personal use of company
computers and also on the fact that he is holding and attending to a second
job instead of at the hospital.
e. This is an indication of a possible fraud, and the company needs to
investigate the 20 employees and the departments associated with inputting
of the data.
f. Ebay needs to clearly state this in their sellers policies, and also create
a control that disallows someone to bid on their own items for sale. This also
needs to extend to users with similar addresses, phone number, email
address, etc.
g. The Web company should have a control restricting its employees from
visiting certain sites it does business with.
Internal auditors work for their own company while external work for an
independent CPA firm. The difference is in purpose: staff positions that report
to top management, an audit committee or board of directors, and also
involve evaluation of the company to provide assurance about the efficiency
and effectiveness of almost any aspect of its organization. I would rather be
an internal auditor. The duties are more broad and less of risk of being sued
in the end.
Being more personable and able to build trust quickly will get people to
open up to you and deliver information they may not have otherwise.
Learning skills on how to interrogate would have read body language and
signs hidden between the lines of lies. Learning the aspects of the position
the person works in will help the interviewer ask better questions and
delivery what-ifs.
Test data will allow an auditor to check the range of exception situations
and compare the results with a predetermined set of answers on an audit
worksheet, such as invalid dates and use of alphabetic data in numeric
codes. An integrated test facility will allow an audit in an operational setting
by using artificial transactions and companies, such as payments to vendors
and shipments/orders from vendors. Parallel simulation allows the auditor to
run live data instead of test data in a second system that duplicates the
client system to look for differences, such as payments to vendors only
system and not the entire accounts payable program. Validation allows an
auditor to guard against program tampering with program change controls,
program comparison, reviews of the system software, validating users and
access privileges, and continuous auditing for real-time assurance.
6. A company always wants to be safe, but when costs are an issue, priority
guidance is a must. The auditor and the company should invest in a
computerized auditing software to help audit. The controls, even though all
beneficial, should still be portrayed in a hierarchy to show which ones are
technically worth more (risk assessment). The auditor should evaluate those
control procedures (systems review) and then evaluate the weaknesses.
Control weaknesses in one area of an AIS may be acceptable if control
strengths in other areas of the AIS compensate for them.
PROBLEMS
8. a & b. According to the risk analysis, the high probability of occurrence is
VANDALISM, medium probability is BROWNOUT and POWER SURGE, and low
probability is EQUIPMENT FAILURE, SOFTWARE FAILURE, EMBEZZELMENT,
FLOOD, and FIRE. When using a cost-basis analysis, the figures would
indicate that the only two that wouldnt be affordable to enlist controls for
are EMBEZZELMENT and SOFTWARE FAILURE. Considering the low cost
compared to the losses and the fact that they could stop a business from
continuation, FLOOD and FIRE must have physical general controls in place.
EQUIPMENT FAILURE would also need similar controls because of the low cost
compare to high losses estimates. Due to the medium probability of
occurrence and low cost to control BROWN OUT and POWER SURGE would
need physical general controls in place.