CONFIDENTIAL

SET 1

UNIVERSITI KUALA LUMPUR

BUSINESS SCHOOL

FINAL EXAMINATION

SEPTEMBER 2017 SEMESTER

COURSE CODE : EAB41103

COURSE NAME : ACCOUNTING INFORMATION SYSTEM 2

PROGRAMME NAME : BACHELOR IN ACCOUNTING (HONS)

TIME / DURATION : / 3 HOURS

DATE :

INSTRUCTIONS TO CANDIDATES

1. Please CAREFULLY read the instructions given in the question paper.

2. This question paper has information printed on both sides of the paper.

3. This question paper consists of FOUR (4) questions. Answer ALL questions.

4. Please write your answers on the answer booklet provided.

5. All questions must be answered in English (any other language is not allowed).

6. This question paper must not be removed from the examination hall.

THERE ARE EIGHT (8) PAGES OF QUESTIONS, INCLUDING THIS PAGE.

SEPTEMBER 2017 CONFIDENTIAL

(Total: 100 marks)

INSTRUCTION: Answer ALL questions.

Please use the answer booklet provided.

Question 1

Sapura Gaga Sdn Bhd (SGSB) is a manufacturer of a mobile phone with factory in Serdang
and Head Office in Cyberjaya; Malaysia. The company purchases raw materials such as
phone unibody metals, touchscreen glass and super processing chips from China and other
related parts from Malaysia. The following describes SGSB’s purchases (done from Serdang
plant) and payment procedures (done from its Head Office).

En Rosli, the purchasing clerk monitors raw material inventory levels and prepares purchase
requisition when purchases are necessary. These are sent to the purchasing agent, who
prepares six copies of purchase orders. Two copies are sent to vendor directly, one is placed
in an open purchase order file in the purchasing department, and one is used for posting to
purchases journal. Each week, the purchasing department clerk prepares a journal voucher
from the purchases journal and sends it to the General Ledger departments for posting. The
Accounts Payable (AP) and the receiving departments also each receive a copy of the
purchase order, which is filed temporarily.

Upon receiving the raw materials, the receiving department clerk creates five copies of the
receiving reports. One copy is sent to the raw materials warehouse, and one copy is sent to
the AP department. Two copies are sent to the purchasing department, where one is filed
and one is used to update inventory records. The final copy is filed in the receiving
department with the purchase order and packing slip. Vendors send their invoices to the AP
department, where they are used to update the AP subsidiary ledger.

In the cash disbursement department, Pn Sakinah receives the information from the AP
department, such as purchase requisition, purchases order, receiving report and invoice. She
then prepares and signs cheque for the supplier. After the preparation of the cheques, the
supporting documents are sent to the AP department. Each week, Pn Sakinah prepares
journal voucher and sends it to the General Ledger department for posting.

EAB41103_Accounting Information System 2 Page 2 of 9

SEPTEMBER 2017 CONFIDENTIAL

Required:

(a) Prepare the Resource, Events and Agents (REA) model of the purchase and
payment processes. Show the cardinalities for all the associations.
(12 marks)

(b) Define Enterprise Resource Planning (ERP).

(1 marks)

(c) Explain TWO (2) risks associated with implementation of ERP in business
organization.
(4 marks)

(d) Sarbanes Oxley Act (SOX) of 2002 established new corporate governance
regulations and standards for public companies registered with the Securities and
Exchange Commission (SEC). Differentiate the key features between Section 302
and Section 404 under SOX 2002.
(4 marks)

(e) Describe the nature and usage of PERT and GANTT charts in System Development
Life Cycle (SDLC) delivery activities.
(4 marks)
[Total: 25 marks]

EAB41103_Accounting Information System 2 Page 3 of 9

SEPTEMBER 2017 CONFIDENTIAL

Question 2

(a) In term of electronic commerce, risk relates to the loss, theft, or destruction of data as
well as the use of computer programs that financially or physically harm an
organization. Briefly explain THREE (3) Intranet risks of electronic commerce.
[answer = page 208]

(6 marks)

(b) Define what seal of assurance is and give ONE (1) example of seal of assurance.
[answer = page 517]

(4 marks)

(c) Your company, KrikKrik Bhd. is employing the System Development Life Cycle
(SDLC) for its new information system. You have been chosen as a member of the
development team because your strong accounting background. This background
includes a good understanding of both financial and management accounting
concepts and required data. You also possess a great understanding of internal
control activities. You do not, however fully understand exactly what internal auditors
will need from the system in order to comply with Section 404 of the Sarabnes Oxley
Act. Highlight the THREE (3) fact gathering techniques you might employ to increase
your understanding of this important component of your new system.

1. Observation
Involves passively watching the physical procedures of the system to alloww
the analyst to determine what get done, who performs the task, when they do
them, how they do them, why they do them, and how long they take

2. Task participation
An extension of observation, whereby the analyst takes an active role in
performing the user’s work. This allows the analyst to experience first-hand
the problems involved in the operation of the current system.

EAB41103_Accounting Information System 2 Page 4 of 9

SEPTEMBER 2017 CONFIDENTIAL

3. Personal interview
A method to experience facts about the current system and user perceptions
about the requirements for the new system

4. Reviewing key documents

Organizational charts, job descriptions, accounting records, charts of account,
and policy statements are the examples of another source of facts about the
system being surveyed from the organization’s document.
(6 marks)

(d) Cost benefit analysis helps management determine whether the benefits received
from a proposed system will outweigh its costs. Discuss the THREE (3) steps in the
application of cost benefit analysis including methods used in each step.
Pages: 560
(9 marks)
[Total: 25 marks]

Question 3

(a) CASE STUDY 1

Tuluslah Sdn. Bhd. located in Kuala Lumpur, is a company that provides financial advice to
individuals and small to mid-sized businesses. Its primary operations are in wealth
management and financial advice. Each client has an account where basic personal
information is stored in a server within the main office in Kuala Lumpur. The company also
keeps the information about the amount of investment of each client on a separate server at
their data centre in Cyberjaya. This information includes the total value of portfolio, type of
investment made, the income structure of each client and associated tax liabilities.

EAB41103_Accounting Information System 2 Page 5 of 9

SEPTEMBER 2017 CONFIDENTIAL

In the last few years, larger commercial banks have started providing such services
and are competing for the same set of customers. Tuluslah, which provides itself in personal
consumer relations, is now trying to set up additional services to keep its current customers.
It has recently upgraded its web site, which formally only allowed clients to update their
personal information. Now clients can access information about their investment, incomes
and tax liabilities that is stored at the data centre in Cyberjaya.

As a result of previous dealings, Tuluslah has been given free access to use the
computer room of an older production plant. The company believes that this location is
secure enough and would keep the data intact from physical intruders. The servers are
housed in a room that the production plant used to house its legacy system. The room has
detectors for smoke and associated sprinklers. It is enclosed, with no windows, and has
specialized temperature controlled air ducts.

Management has recently started looking at other alternatives to house the server as
the plant is going to be shut down. Management has major concerns about the secrecy of
the location and the associated measures. They want to incorporate newer methods of
physical data protection. The company’s auditor has also expressed a concern that some of
the measures at the current location are inadequate and newer alternatives should be found.

Required:

i. In your opinion, why are the auditors of Tuluslah stressing on the need to have better
physical environment for the server.
(4 marks)

ii. Briefly explain any THREE (3) essential control features that contribute directly to the
security of the computer server environment.
(6 marks)
(b) CASE STUDY 2

The headquarters of Heaven Bhd, a private company with RM15 million in annual
sales, is located in Iskandar Johor. Heaven Bhd provides for its 150 clients an online legal
software services that includes data storage and administrative activities for law offices. The
company has grown rapidly since its inception 3 years ago, and its data processing
department has expanded to accommodate this growth. Because Heaven Bhd’s president
and sales personnel spend a great deal of time out of the office soliciting new clients, the
planning of the IT facilities has been left to the data processing professionals.

EAB41103_Accounting Information System 2 Page 6 of 9

SEPTEMBER 2017 CONFIDENTIAL

Heaven Bhd’s recently moved its headquarters into a remodeled warehouse on the
outskirts (rural area) of the city. While remodeling the warehouse, the architects retained
much of the original structure, including the wooden-wall exterior and exposed wooden
beams throughout the interior. The minicomputer distributive processing hardware is situated
in a large open area with high ceilings and skylights. The openness makes the data
processing area accessible to the rest of the staff and encourages a team approach to
problem solving. Before occupying the new facility, city inspectors declared the building safe
because it had sufficient exits even though the building does not have water sprinkler
systems and only had four fire extinguishers.

In an effort to provide further protection for its large database of client’s information,
Heaven Bhd instituted a tape backup procedure that automatically backs up database every
Sunday evening, avoiding interruption in the daily operations and procedures. All tapes are
then labelled and carefully stored on shelves reserved for this purpose in the data processing
department. The departmental operator’s manual operator’s manual has instruction on how
to use these tape to restore the database, should the need arise. Heaven Bhd has recently
increased its liability insurance for data loss from RM50,000 to RM100,000. This past
Saturday, the Heaven Bhd headquarters building was completely ruined by fire, and the
company must now inform its clients that all of their information has been destroyed.

Required:

i. Briefly explain the computer security weaknesses present at Heaven Bhd that made it
possible for a disastrous data loss.
(5 marks)

ii. Briefly explain FIVE (5) major internal control concerns that should have been
included in the disaster recovery plan at Heaven Bhd to ensure computer recovery.

(10 marks)
[Total: 25 marks]

Question 4

EAB41103_Accounting Information System 2 Page 7 of 9

SEPTEMBER 2017 CONFIDENTIAL

(a) The FBSB company’s external auditors are developing an audit plan to review the
company’s systems development procedures. Their audit objectives are to ensure
that:

1. the system was judged necessary and justified at various checkpoints

throughout the SDLC.
2. system development activities are applied consistently and in accordance with
management’s policies to all systems development projects.
3. the system as originally implemented was free from material errors and fraud.
4. system documentation is sufficiently accurate and complete to facilitate to
audit and maintenance activities.

The following six controllable activities have been identifies as sources of audit
evidence for meeting these objectives: system authorization, user specification,
technical design, internal audit specification, program testing and user testing and
acceptance.

Required:

Explain the importance of each of the SIX (6) activities in promoting effective control.

(12 marks)

(b) Elaborate what is meant by password and differentiate between reusable password
and one time password.
(5 marks)

(c) Listed below are five scenarios. For each scenario, discuss the possible damages
that can occur. In each scenario, suggest a preventive control.

i. Because of occasional noise on a transmission line, electronic message

received are extremely garbled.
ii. Because of occasional noise on a transmission line, data being transferred are
lost or garbled.
iii. An intruder is temporarily delaying important strategic messages over the
telecommunications lines.
iv. An intruder is altering electronic messages before the user receives them.

EAB41103_Accounting Information System 2 Page 8 of 9

SEPTEMBER 2017 CONFIDENTIAL

(8 marks)
[Total: 25 marks]

END OF EXAMINATION PAPER

EAB41103_Accounting Information System 2 Page 9 of 9