Question: Apply the following data to evaluate the

> As an internal auditor, you have been assigned to evaluate the controls and operation of a computer payroll system. To test the computer systems and programs, you submit independently created test transactions with regular data in a normal production run

> As an internal auditor for the Quick Manufacturing Company, you are participating in the audit of the company’s AIS. You have been reviewing the internal controls of the computer system that processes most of its accounting applications. You have studied

> Which of the following should have the primary responsibility to detect and correct data processing errors? Explain why that function should have primary responsibility and why the others should not. a. The data processing manager b. The computer operat

> You are auditing the financial statements of a cosmetics distributor that sells thousands of individual items. The distributor keeps its inventory in its distribution center and in two public warehouses. At the end of each business day, it updates its in

> The fixed-asset master file at Thermo-Bond includes the following data items: Asset number ………………………….. Date of retirement (99/99/2099 for assets still in service)  Description …………………….………. Depreciation method code  Type code …………………….…………. De

> Obtain the practitioner’s version of Generally Accepted Privacy Principles from the AICPA’s web site (www.aicpa.org). You will find it located under professional resources and then information technology. Use it to answer the following questions: 1. Wha

> You are the director of internal auditing at a university. Recently, you met with Issa Arnita, the manager of administrative data processing, and expressed the desire to establish a more effective interface between the two departments. Issa wants your he

> For each of the following scenarios, determine whether the company’s current backup procedures enable it to meet its recovery objectives and explain why: a. Scenario 1:  Recovery point objective = 24 hours  Daily backups at 3:00 am, process takes 2

> Creating and testing check digits. a. Create a spreadsheet that will take as input a five-digit account number and calculate a check digit using this formula: (5 x left-most digit + 4 x next digit + 3 x third digit + 2 x fourth digit + fifth digit) modu

> MonsterMed Inc. (MMI) is an online pharmaceutical firm. MMI has a small systems staff that designs and writes MMI‟s customized software. The data center is installed in the basement of its two-story headquarters building. The data center is equipped with

> Which control(s) would best mitigate the following threats? a. The hours worked field in a payroll transaction record contained the value 400 instead of 40. As a result, the employee received a paycheck for $6,257.24 instead of $654.32. b. The accounts

> Create a spreadsheet with the following columns:  Plaintext character  ASCII code (7-bits, binary number) First bit  Second bit  Third bit  Fourth bit  Fifth bit  Sixth bit Seventh bit  Number of bits with value = 1  Parity bit fo

> Obtain a copy of COBIT (available at www.isaca.org) and read the control objectives that relate to encryption (DS5.8 and DS5.11). What are the essential control procedures that organizations should implement when using encryption?

> Research the problem of identity theft and write a report that explains: a. Whether the problem of identity theft is increasing or decreasing b. What kind of identity theft protection services or insurance products are available. Compare and contrast at

> In what situations would you expect to model a relationship between an agent and a resource?

> Research the information rights management software that may be available for your computer. What are its capabilities for limiting access rights? Write a report of your findings. Optional: If you can download and install IRM software, use it to prevent

> How would you respond to the treasurer of a small charity who tells you that the organization does not use a separate checking account for payroll because the benefits are not worth the extra monthly service fee?

> Visit the SEC website (www.sec.gov) and explore what is available in terms of interactive data (the SEC’s term for XBRL reports). Use the SEC’s viewer software and examine the annual reports for two companies.

> Examine issues of the Journal of Accountancy, Strategic Finance, and other business magazines for the past three years to find stories about current developments in factory automation. Write a brief report that discusses the accounting implications of on

> Search popular business and technology magazines (Business Week, Forbes, Fortune, CIO, etc.) to find an article about an innovative use of IT that can be used to improve one or more activities in the expenditure cycle. Write a report that: a. Explains h

> Search popular business and technology magazines (Business Week, Forbes, Fortune, CIO, etc.) to find an article about an innovative use of IT that can be used to improve one or more activities in the revenue cycle. Write a report that: a. Explains how I

> The balanced scorecard measures organizational performance along four dimensions. Is it possible that measures on the customer, internal operations, and innovation and learning dimensions could be improving without any positive change in the financial di

> Why is the audit trail an important control?

> How can responsibility accounting and flexible budgets improve morale?

> In which phase of the systems development life cycle would each of the following positions be most actively involved? Justify your answers.

> The following notice was posted in the employee cafeteria on Monday morning: To: All Accounting and Clerical Employees From: I.M. Krewel, President Subject: Termination of Employee Positions Effective this Friday, all accounting and clerical em

> Physical security is extremely important. Read the article “19 Ways to Build Physical Security into a Data Center,” which appeared in the CSO Magazine November 2005. (You can find the article at www.csoonline.com/read/110105/datacenter.html). Which meth

>   Data from Case Date Supplier Invoice Supplier Name Supplier Address Amount March 7 AJ34 Bud's Soil Prep, Inc.

> When a company converts from one system to another, many areas within the organization are affected. Explain how conversion to a new system will affect the following groups, both individually and collectively.

> Prism Glass is converting to a new information system. To expedite and speed up implementation, the CEO asked your consulting team to postpone establishing standards and controls until after the system is fully operational. How should you respond to the

> Sara Jones owns a rapidly growing retail store that faces stiff competition due to poor customer service, late and error-prone billing, and inefficient inventory control. To continue its growth, its AIS must be upgraded but Sara is not sure what it wants

> You are a systems consultant for Ernst, Price, and Deloitte, CPAs. At your country club’s annual golf tournament, Frank Fender, an automobile dealer, describes a proposal from Turnkey Systems and asks for your opinion. The system will handle inventories,

> In a Midwest city of 45,000, a computer was purchased and in-house programmers began developing programs. Four years later, only one incomplete and poorly functioning application had been developed, none of software met users’ minimum requirements, and t

> What is the accountant’s role in the computer acquisition process? Should the accountant play an active role, or should all the work be left to computer experts? In what aspects of computer acquisition might an accountant provide a useful contribution?

> Ajax Manufacturing installed a new bar code based inventory tracking system in its warehouse. To close the books each month on a timely basis, the six people who work in the warehouse must scan each item in a 36-hour period while still performing their n

> A manufacturing firm needed a specialized software program to identify and monitor cost overruns. After an extensive analysis, the company purchased prepackaged software and assigned three programmers to modify it to meet its individual circumstances and

> For years, Jerry Jingle’s dairy production facilities led the state in sales volume but recent declines worry him. Customers are satisfied with his products but are troubled by the dairy’s late deliveries and incomplete orders. Production employees (not

> Give some examples of systems analysis decisions that involve a trade-off between each of the following pairs of objectives: a. economy and usefulness b. economy and reliability c. economy and customer service d. simplicity and usefulness e. simplicity

> The chapter briefly discussed the following three common attacks against applications a. Buffer overflows b. SQL injection c. Cross-site scripting Required Research each of these three attacks and write a report that explains in detail how each atta

> The following problem situations occurred in a manufacturing firm. What questions should you ask to understand the problem? Customer complaints about product quality have increased. Accounting sees an increase in the number and dollar value of bad debt

> For each of the following, discuss which data-gathering method(s) are most appropriate and why: a. Examining the adequacy of internal controls in the purchase requisition procedure b. Identifying the controller’s information needs c. Determining how c

> While reviewing a list of benefits from a computer vendor‟s proposal, you note an item that reads, “Improvements in management decision making—$50,000 per year.” How would you interpret this item? What influence should it have on the economic feasibility

> You are a consultant advising a firm on the design and implementation of a new system. Management has decided to let several employees go after the system is implemented. Some have many years of company service. How would you advise management to communi

> The approach to long-range AIS planning described in this chapter is important for large organizations with extensive investments in computer facilities. Should small organizations with far fewer information systems employees attempt to implement plann

> How would you modify the expenditure cycle REA diagram in Figure 19-4 to include the return of defective products to suppliers for credit?

> How are the similarities and differences between the purchase of services, such as telephone service, and the purchase of raw materials reflected in an REA data model?

> How would you model the acquisition of a digital asset, such as the purchase of software online (the software is downloaded and then installed on the purchaser’s computer)?

> Why is depreciation not represented as an event in the REA data model?

> How could an automobile dealer model the use of loaner cars, which it gives to customers for free whenever they drop off a vehicle for maintenance that will take longer than one day to complete?

> Often it takes several sales calls to obtain the first order from a new customer. Why then does Figure 19-1 depict the relationship between the Call on Customer and Take Customer Order events as being 1:1?

> Why do the Inventory, Customers, and Suppliers tables all have an attribute that contains data about the balance at the beginning of the current fiscal period?

> Why does Figure 18-4 show only one cash disbursement entity if Fred’s Train Shop uses a general operating checking account for purchases of inventory, supplies, and operating expenses such as rent but also uses a separate checking account for payroll?

> How would you determine the amount of cash that Fred’s Train Shop has at any point in time?

> Assume that there exists a 1:1 relationship between the Receive Inventory and Disburse Cash events. How does the manner in which the relationship between the two events is implemented (i.e., in which table a foreign key is placed) affect the process used

> Building separate tables for every relationship (1:1, 1:N, and M:N) does not violate any of the rules for building a well-structured database. Why then do you think that REA data modelers recommend building separate tables only for M:N relationships and

> Why take the time to develop separate REA diagrams for each business cycle if the ultimate objective is to combine them into one integrated enterprise-wide data model? Why not just focus on the integrated model from the start?

> How would the process of generating a cash disbursements journal from the REA data model presented differ from the process for creating a sales journal?

> What is the difference between an Entity-Relationship (E-R) diagram and an REA diagram?

> What are the five stages of the database design process? In which stages should accountants participate? Why?

> Install and run the latest version of the Microsoft Baseline Security Analyzer on your home computer or laptop. Write a report explaining the weaknesses identified by the tool and how to best correct them. Attach a copy of the MBSA output to your report.

> How would accounts payable be reflected in an REA diagram? Why?

> What is the relationship between the things that would be represented as resources in an REA diagram and the different categories of assets found on an organization’s balance sheet? (Hint: Are there any assets that would not be modeled as resources? Are

> Which parts of Figure 17-6 would accurately depict almost every organization’s revenue cycle? Which parts would change?

> How can REA diagrams help an auditor understand a client’s business processes?

> The basic REA template includes links between two events and links between events and resources and between events and agents. Why do you think the basic REA template does not include direct links between (a) two resources, (b) two agents, or (c) betw

> Why is it not necessary to model activities such as entering information about customers or suppliers, mailing invoices to customers, and recording invoices received from suppliers as events in an REA diagram?

> This chapter discussed how the HR department should have responsibility for updating the HRM/payroll database for hiring, firing, and promotions. What other kinds of changes may need to be made? What controls should be implemented to ensure the accuracy

> One of the threats associated with having employees telecommute is that they may use company-provided resources (e.g., laptop, printer, etc.) for a side business. What are some other threats? What controls can mitigate the risk of these threats?

> You are responsible for implementing a new employee performance measurement system that will provide factory supervisors with detailed information about each of their employees on a weekly basis. In conversation with some of these supervisors, you are su

> Some accountants have advocated that a company’s human assets be measured and included directly in the financial statements. For example, the costs of hiring and training an employee would be recorded as an asset that is amortized over the employee’s exp

> Consider the following two situations: For the situations presented, describe the recommendations the internal auditors should make to prevent the following problems. Situation 1: Many employees of a firm that manufactures small tools pocket some of th

> This chapter noted many of the benefits that can arise by integrating the HRM and payroll databases. Nevertheless, many companies maintain separate payroll and HRM information systems. Why do you think this is so? (Hint: Think about the differences in e

> Some companies have switched from a “management by exception” philosophy to a “continuous improvement” viewpoint. The change is subtle, but significant. Continuous improvement focuses on comparing actual performance to the ideal (i.e., perfection). Conse

> Typically, McDonald’s produces menu items in advance of customer orders based on anticipated demand. In contrast, Burger King produces menu items only in response to customer orders. Which system (MRP-II or lean manufacturing) does each company use? What

> Why should accountants participate in product design? What insights about costs can accountants contribute that differ from the perspectives of purchasing managers and engineers?

> When activity-based cost reports indicate that excess capacity exists, management should either find alternative revenue-enhancing uses for that capacity or eliminate it through downsizing. What factors influence management’s decision? What are the lik

> Should companies allow purchasing agents to start their own businesses that produce goods the company frequently purchases? Why? Would you change your answer if the purchasing agent’s company was rated by an independent service, like Consumer Reports, as

> Should every company switch from the traditional 3-way matching process (purchase orders, receiving reports, and supplier invoices) to the 2-way match (purchase orders and receiving reports) used in Evaluate Receipt Settlement (ERS)? Why (not)?

> In what ways can you apply the control procedures discussed in this chapter to paying personal debts (e.g., credit card bills)?

> Procurement cards are designed to improve the efficiency of small noninventory purchases. What controls should be placed on their use? Why?

> Companies such as Wal-Mart have moved beyond JIT to VMI systems. Discuss the potential advantages and disadvantages of this arrangement. What special controls, if any, should be developed to monitor VMI systems?

> Lexsteel, a manufacturer of steel furniture, has facilities throughout the United States. Problems with the accounts payable system have prompted Lexsteel’s external auditor to recommend a detailed study to determine the company’s exposure to fraud and t

> In this chapter and in Chapter 12 the controller of AOE played a major role in evaluating and recommending ways to use IT to improve efficiency and effectiveness. Should the company’s chief information officer make these decisions instead? Should the co

> The use of some form of electronic “cash” that would provide the same kind of anonymity for e-commerce that cash provides for traditional physical business transactions has been discussed for a long time. What are the advantages and disadvantages of elec

> Invoiceless pricing has been adopted by some large businesses for B2B transactions. What are the barriers, if any, to its use in B2C commerce?

> Table 12-1 suggests that restricting physical access to inventory is one way to reduce the threat of theft. How can information technology help accomplish that objective?

> Many companies use accounts receivable aging schedules to project future cash inflows and bad-debt expense. Review the information typically presented in such a report (see Figure 12-8). Which specific metrics can be calculated from those data that might

> Some products, like music and software, can be digitized. How does this affect each of the four main activities in the revenue cycle?

> Customer relationship management systems hold great promise, but their usefulness is determined by the amount of personal data customers are willing to divulge. To what extent do you think concerns about privacy-related issues affect the use of CRM syste

> Compare and contrast the frameworks for auditing program development/acquisition and for auditing program modification.

> Explain the four steps of the risk-based audit approach, and discuss how they apply to the overall security of a company.

> Lou Goble, an internal auditor for a large manufacturing enterprise, received an anonymous note from an assembly-line operator who has worked at the company’s West Coast factory for the past 15 years. The note indicated that there are some fictitious emp

> AICPA adapted a. Prepare a schedule showing how much the cashier embezzled. b. Describe how the cashier attempted to hide the theft.

> The assistant finance director for the city of Tustin, California, was fired after city officials discovered that she had used her access to city computers to cancel her daughter’s $300 water bill. An investigation revealed that she had embezzled a large

> At present, no Berwick employees have auditing experience. To staff its new internal audit function, Berwick could (a) train some of its computer specialists in auditing, (b) hire experienced auditors and train them to understand Berwick’s information

> Should internal auditors be members of systems development teams that design and implement an AIS? Why or why not?

> Auditing an AIS effectively requires that an auditor have some knowledge of computers and their accounting applications. However, it may not be feasible for every auditor to be a computer expert. Discuss the extent to which auditors should possess comput

> Should organizations permit personal use of e-mail systems by employees during working hours?

> What risks, if any, does offshore outsourcing of various information systems functions pose to satisfying the principles of confidentiality and privacy?

> What is the relationship between COSO, COBIT, and the AICPA’s Trust Services frameworks?