**A.

Authorisation**

Here's an explanation of each option and why option A is the correct choice:

A. **Authorisation**: This control category involves ensuring that transactions or actions are
approved by designated individuals with the appropriate authority. In this case, transactions
from the trust account must be initiated by the administration lead and approved by the
managing partner, demonstrating a clear authorization process for financial transactions.

B. **Segregation of duties**: While there is an element of segregation of duties in this scenario

(e.g., different individuals initiating and approving transactions), the primary emphasis is on the
authorization process rather than the segregation of duties per se.

C. **Physical control**: Physical control typically refers to measures taken to safeguard physical
assets or resources, such as locking mechanisms, security systems, or access controls.

D. **Information processing**: Information processing controls focus on ensuring the accuracy,

completeness, and confidentiality of data during processing operations, such as data entry,
storage, retrieval, and transmission.

In the context of Shan O’Donnell's legal practice, the requirement for specific authorization
(initiation by administration lead, approval by managing partner) before transactions can be
processed from the trust account aligns with the concept of authorization controls. This control
mechanism ensures that only authorized personnel can initiate and approve financial
transactions involving client funds, enhancing accountability, and mitigating the risk of
unauthorized or inappropriate transactions.

Therefore, the correct answer is:

**A. Authorisation**

23. To maintain effective segregation of duties, it is important to separate key functions to

ensure proper checks and balances within the organization. Among the options provided, the
functions that should be separated to apply effective segregation of duties controls are best
represented by:

**A. Authorisation of cash payments and access to bank accounts**

Here's an explanation of each option and why option A is the correct choice:

A. **Authorisation of cash payments and access to bank accounts**: Separating the

authorization of cash payments (e.g., approving and processing payments) from access to bank
accounts (e.g., initiating transfers, reconciling statements) helps prevent potential misuse or
fraud by ensuring that no single individual has complete control over both the payment process
and bank account activities.
B. **Authorisation of cash payments and customer invoicing**: While it's important to separate
these functions to some extent, the most critical aspect for segregation of duties is to separate
the authorization of payments from access to financial accounts.

C. **Processing of source documents and maintenance of the general ledger**: Separating the
processing of source documents (e.g., recording transactions) from the maintenance of the
general ledger (e.g., posting entries, preparing financial reports) ensures that transactions are
accurately recorded and independently verified.

D. **Customer invoicing and budget preparation**: While these functions involve different
aspects of financial management, they do not directly address the core principle of segregation
of duties related to financial controls.

In the context of Terry’s Flooring, separating the authorization of cash payments (e.g., approving
payments to vendors or suppliers) from access to bank accounts (e.g., initiating wire transfers,
reconciling accounts) is essential for maintaining effective segregation of duties. This separation
helps reduce the risk of fraud, errors, or unauthorized transactions by ensuring that different
individuals oversee different aspects of financial transactions and controls.

Therefore, the correct answer is:

**A. Authorisation of cash payments and access to bank accounts**

24. To determine which control is an application information processing control within Leroy
Motors' information system, let's evaluate each option:

A. **All modules within the ERP system are fitted with virus protection software**: This control
refers to a security control aimed at protecting the ERP system and its modules from viruses
and malware. While important for system security, this is not specifically an application control
related to information processing within the system.

B. **Every Leroy Motors employee has a unique profile and password**: This control is related
to user authentication and access control, ensuring that each employee has a unique login
profile and password. This is more of an access control measure rather than an application
control directly focused on information processing.

C. **A prescribed date and time format for all entries to the customer management module**:
This control defines a specific data format requirement for entries into the customer
management module. This is an example of an application control, as it regulates how data is
inputted and processed within a specific module of the information system.

D. **All entries of data are backed up automatically by the system**: This control pertains to
data backup procedures, ensuring that data entered into the system is automatically backed up
to prevent data loss. While important for data integrity and recovery, this is more of a data
management and backup control rather than an application control focused on data processing.

Therefore, among the options provided, the control that best represents an application
information processing control within Leroy Motors' information system is: