Professional Documents
Culture Documents
FINAL EXAMINATION
DATE :
INSTRUCTIONS TO CANDIDATES
2. This question paper has information printed on both sides of the paper.
6. All questions must be answered in English (any other language is not allowed).
7. This question paper must not be removed from the examination hall.
8. Present and future values tables and formulas have been appended for your reference.
Question 1
(a) Brusell Computers sells desktop computer systems that it manufacturers from parts
and software that third-party vendors provide. Customers are both private
consumers and small business. Consumers pay cash or credit card, but business
customers buy on credit. A credit check is made of all new business customers
before approving a line of credit. Sales are made online or by a hard-copy order
document that customers mail or fax to the company.
When a credit order is received, the sales clerk verifies inventory availability,
prepares a sales order, and sends the stock release copy to Sofea, a warehouse
employee who picks the goods and arranges shipment. Sofea then prepares the
bills of lading and shipping notices. Muthiah in the billing department receives the
shipping notices from Sofea and updates the inventory subsidiary ledger to account
for the reduction in inventory. Muthiah files the stick release, prepares the invoice,
and mails acopy of it to the customer. Muthiah then updates the sales journal and
then sends the invoice, sales order, stock release, and shipping notice to the AR
department.
Adam in the AR department files the documents that Muthiah sends him and
updates the AR subsidiary ledger. Dicky in the mail room receives remittance
advices and customer checks sent in payment of accounts. He sends the remittance
advise to Adam for posting to the AR ledger and sends the checks to Carol, the
receipts clerk. At the end of the day, Carol prepares a deposit slip and deposits the
checks into the company’s bank account, files the bank receipt, and updates the
cash receipts journal.
Cash sales to consumer customers are handled in a manner similar to the process
described here except that checks or credit card account numbers are submitted
with the original order.
At the end of the week, John, an accounting clerk, reconciles all transactions and
posts them to the general ledger.
Required:
Prepare the REA model of the sales/collection process and show all the cardinalities
for all associations.
(10 marks)
(b) For each of the following processes, state whether OLTP or OLAP is appropriate,
and please provide reason for your answer.
Question 2
(a) Systems development life cycle (SDLC) involved a logical sequence of activities
used to identify new systems need and develop new systems to support those
needs. It has been develop involves careful planning, execution, control, and
documentation of business operation. Therefore, developing new information
systems requires an understanding of top management’s vision, which has shaped
the organization’s business strategy.
Required:
(b) A lack of top management support has led to the downfall of many new systems
projects during the implementation phase. Define what is the meaning of top
management support is and give TWO (2) examples of top management support.
Pages: 566-567
(4 marks)
(c) The next step in the cost-benefit analysis is to identify the benefit of the system.
Distinguish between tangible and intangible benefits.
(2 marks)
[Total: 20 marks]
Question 3
Violet is an online retailer of exotic foods including spices from around the worlds, canned
sauces, and prepackaged breads such as tortillas and naan. The company does 100% of its
business over the Internet to consumers and through private networks with retail trading
partners. Recently, Violet moved its sales and business headquarters functions into a
warehouse on the outskirts of New York. Prior to the move, the company engaged the
services of an architect to redesign the facility to be modern yet in keeping with the original
character of the building. While remodelling the warehouse, the architects retained the
wooden-shingled exterior and the exposed wooden beams throughout the interior. The data
processing center, which contained the servers and networked terminals were situated in a
large open area with high ceilings and skylights. The center was made accessible to the rest
of the staff to be consistent with the firm’s philosophy of removing barriers and encouraging a
team approach to problem solving. Before occupying new facility, city inspectors declared the
building to be compliant with all relevant building codes.
In a recent compliant audit, Violet’s auditors advised the company’s management to develop
a disaster recovery plan. Toward this end, the company entered into a mutual aid agreement
with several other firms in the area that had similar technology systems. These firms all
agreed verbally to provide emergency assistance to each other in the event of disasters or
emergencies. In addition, Violet implemented a data backup system in which all files are
copied daily to tapes and disks and each week the backup storage devices are taken to an
offsite facility where they are secured.
The operators’ manual with instructions on how to restore the system is stored in the main
data processing area along with a list of names and phone numbers of key IT professionals
to contact in case of an emergency.
Required:
(a) Discuss any FIVE (5) internal control weaknesses present at Violet.
(10 marks)
(b) Describe any FIVE (5) control features that contribute to the physical security of the
computer center.
(10 marks)
[Total: 20 marks]
Question 4
(a) Control over database management fall into two general categories: access control
and backup controls. Access controls are designed to prevent unauthorized
individuals from viewing, retrieving, corrupting, or destroying the entity’s data.
Backup controls ensure that in the event of data loss due to unauthorized access,
equipment failure, or physical disaster, the organization can recover its files and
databases.
Required:
i. Message authentication
v. Line error
(b) Explain the THREE (3) ways that audit trails can be used to support security
objectives.
(6 marks)
Question 5
Required:
(b) The systems development and maintenance controls and the test of controls
described was apply both to management’s SOX-compliance objectives and the
auditor’s attest responsibility. To test specific application controls, auditor (internal
and external) use several types of CAATTs.
Required:
(c) Explain what does auditing around the computer mean versus auditing through the
computer?
(6 marks)
[Total: 20 marks]