University of Adelaide Adelaide Business School

ACCOUNTING SYSTEMS and PROCESSES (M)

TUTORIAL 9 – Answers Guide

BEFORE TUTORIAL 9

1 Read the material indicated below and attempt answers to the questions that
follow.

Material to read:
MyUni>
Data Analytics – Microsoft Power BI Material>
Topic 8 – Anomaly detection.pdf

Key aims of Topic 8 are to develop an understanding of anomaly detection in

time series data, including root cause analyses.

Students are expected to learn basic hands-on skills to carry out these tasks.

Students are expected to attempt tasks in this document before the tute and raise
questions about issues encountered during the tute.

2 Prepare the answers to the following Accounting information systems

Confidentiality and Privacy Controls and Processing Integrity and Availability
Controls (Romney Et Al Chapters 12 and 13):

Question 1
The department of taxation in your state is developing a new computer system for
processing individual and corporate income-tax returns. The new system features
direct data input and inquiry capabilities. Identification of taxpayers is provided by
using the Social Security number for individuals and federal tax identification number
for corporations. The new system should be fully implemented in time for the next tax
season.
The new system will serve three primary purposes:
1 Data will either be automatically input directly into the system if the taxpayer
files electronically or by a clerk at central headquarters scanning a paper return
received in the mail.
2 The returns will be processed using the main computer facilities at central
headquarters. Processing will include four steps:
i. Verifying mathematical accuracy
ii. Auditing the reasonableness of deductions, tax due, and so on, through
the use of edit routines, which also include a comparison of current and
prior years’ data.
iii. Identifying returns that should be considered for audit by department
revenue agents
iv. Issuing refund checks to taxpayers
3 Inquiry services. A taxpayer will be allowed to determine the status of his or
her return or get information from the last three years’ returns by calling or
visiting one of the department’s regional offices, or by accessing the
department’s web site and entering their social security number.
The state commissioner of taxation and the state attorney general are concerned about
protecting the privacy of personal information submitted by taxpayers. They want to
have potential problems identified before the system is fully developed and
implemented so that the proper controls can be incorporated into the new system.
Required
Describe the potential privacy problems that could arise in each of the following three
areas of processing, and recommend the corrective action(s) to solve each problem
identified:
a. Data input
b. Processing of returns
c. Data inquiry

a. Privacy problems that could arise in the processing of input data, and
recommended corrective actions, are as follows:

Problem
Unauthorized employee
accessing paper returns
submitted by mail.
Unauthorized employee
accessing the electronic files.
Interception of tax information
submitted electronically.
Controls
Restrict physical access to room used to house
paper returns and scanning equipment by
• Using ID badges or biometric controls
• Logging all people who enter.
Multi-factor authentication of all employees
attempting to access tax files.
Encrypt all information submitted to the tax
website.

b. Privacy problems that could arise in the processing of returns, and

recommended corrective actions, are as follows:

Problem Controls
Operator intervention to Limit operator access to only that part of the documentation
input data or to gain needed for equipment operation.
output from files.
Prohibit operators from writing programs and designing the
system.
Daily review of console log messages and/or run times.
Encryption of data by the application program.
Attempts to screen Training about proper procedures
individual returns on the
Multi-factor authentication to limit access to system.
basis of surname, sex,
race, etc., rather than Encrypt of tax return data stored in system
tax liability.

c. Privacy problems that could arise in the inquiry of data, and recommended
corrective actions, are as follows:

Accounting Systems and Processes (M) Tutorial 9 Page 2

 Problem Controls
Unauthorized access Strong authentication of all people making inquiries via the
to taxpayer web site using something other than social security numbers
information on web – preferably multi-factor, not just passwords.
site
Encryption of all tax return data while in storage
Encryption of all traffic to/from the web site
Unauthorized release Training on how to properly authenticate taxpayers who
of information in make telephone inquiries
response to telephone
Strong authentication of taxpayers making telephone
inquiry
inquiries
Disclosure of Training on how to shred paper documents prior to disposal
taxpayer information
Training on how to wipe or erase media that contained tax
through improper
return information prior to disposal
disposal of old files

Accounting Systems and Processes (M) Tutorial 9 Page 3

Question 2
MonsterMed Inc. (MMI) is an online pharmaceutical firm. MMI has a small systems
staff that designs and writes MMI’s customized software. The data center is installed
in the basement of its two-story headquarters building. The data center is equipped
with halon-gas fire suppression equipment and an uninterruptible power supply
system.
Because the programming staff is small and the work demands have increased,
backups are only made whenever time permits. The backup files are stored in a locked
cabinet in the data center. Recently, due to several days of heavy rains, MMI’s
building recently experienced serious flooding that destroyed not only the computer
hardware but also all the data and program files that were on-site.
Required
Identify at least five weaknesses in MonsterMed Inc.’s backup and DRP procedures.

1. No written backup plan.

2. No written disaster recovery plan.
3. Backups are not done on a regular basis.
4. Restoration of backups is not tested.
5. The programming staff has access to the computer room without
supervision of the operations staff. The programmers could alter the
data files or operational programs.
6. The location of the computing facility in the basement increases the
risk of damage due to flooding.
7. Backups stored in data centre are subject to the same risk. Backups
should be stored offsite.
8. No evidence of written request, approval process, testing process or
documentation for systems changes

Question 3

Discuss how cloud computing could both positively and negatively affect system
availability.

Answer: Cloud computing significantly reduces the risk that a single event would
result in system unavailability, since the 'cloud' consists of banks of redundant servers,
in multiple locations. However, since users don't own the cloud, if a provider goes out
of business, users may find it very difficult to access applications and data stored in
the cloud. Additionally, users should evaluate the security and availability controls of
the cloud provider before transacting business.

DURING TUTORIAL 9

• Contribute to the class discussion of the above questions.

Please remember that you’ll enhance your learning by ACTIVELY

PARTICIPATING in the discussions.

Accounting Systems and Processes (M) Tutorial 9 Page 4