Академический Документы
Профессиональный Документы
Культура Документы
PROBLEMS
11.
On CPA exam
Used a lot therefore need to understand it
To be able to audit systems
Task Identification
Help clients make hardware and software purchases
To evaluate efficiency and effectiveness
IT profoundly affects work today and in the future
Facilitating communications
Sharing computer equipment
Sharing computer files
Saving software costs
PROBLEMS:
17.
18.
5. What are the four symbols in a data flow diagram? What does
each mean?
Data Flow
PROBLEMS
14. Recommend a type of coding:
a. Employee id number on a computer file Sequence, simple
identification
b. Product number for a sales catalog Group
c. Inventory number for the products of a wholesale drug company Block
d. Inventory part number for a bicycle mfg company - Block
e. ID numbers on the forms waiters use to take orders Sequence,
simple identification
f. ID numbers on airline ticket stubs Sequence, simple identification
g. Auto registration numbers Sequence, simple identification
h. Auto engine block numbers Sequence, simple identification
i. Shirt sizes for mens shirts Mnemonic, lettering used to identify
sizing
j. Color codes for house paint Mnemonic, lettering used to identify
color combonations
k. ID numbers on payroll check forms Sequence, simple identification
l. Listener ID for a radio station Block, numbering based on region
m. Numbers on lottery tickets Sequence, simple identification
n. ID numbers on a credit card Block, first numbers indicate type of
card
o. ID numbers on dollar bills Block, lettering first then numbers
p. Passwords used to gain access to a computer Mnemonic, lettering
used to create pw
q. Zip codes Block, based on regional areas
r. A chart of accounts for a department store Block, categorized by
type
s. A chart of accounts for a flooring contractor Block, categorized by
type
t. Shoe sizes Sequence, simple identification by size
u. ID number on a student exam Sequence, simple identification
v. ID number on an insurance policy Block, identifiers on
region/policy type/etc.
PROBLEMS
14. How could an automated time and billing system help your firm?
What is the name of the software package and what are the primary
features of this BPM software?
Automated time and billing systems could be more cost-effective, as
well as help with tedious transaction and reporting, aid in detecting and
reducing errors, and help with keeping up with delinquent accounts. Tabs3
Billing will keep track of time easily, bill exactly the way you want to, get bills
out faster, create useful reports to stay on top of the business of law, secure
your information, has advanced compensation formulas to compute with,
and has free practice management included.
Competent and honest employees are more likely to create value for
an organization and lead to efficient use of the companys assets.
8. How can separation of duties reduce the risk of undetected errors
and irregularities?
The purpose of separation of duties is to structure work assignments
so that one employees work serves as a check on another employee(s).
9. Discuss some of the advantages to an organization from using a
voucher system and prenumbered checks for its cash disbursement
transaction.
A voucher system reduces the number of cash disbursement checks
that are written, since several invoices to the same vendor can be included
on one disbursement voucher, the disbursement voucher is an internally
generated document, and can be prenumbered to simplify the tracking of all
payables, thereby contributing to an effective audit train over cash
disbursements.
10. What role does cost-benefit analysis play in an organizations
internal control system?
Companies develop their own optimal internal control package by
applying the cost-benefit concept: only those controls whose benefits are
expected to be greater than, or at least equal to, the expected costs are
implemented.
11. Why is it important for managers to evaluate internal controls?
SOX compliance, managers must acknowledge their responsibility for
establishing and maintaining adequate internal control structure and
procedures.
12. Why did COSO think it was so important to issue the 2009
Report on monitoring?
COSO observed that many organizations did not fully understand the
benefits and potential of effective monitoring and were not effectively using
their monitoring results to support assessments of their internal control
systems.
PROBLEMS
PROBLEMS
13. I think both types of controls, personnel and edit tests, are set forth to
eliminate potential errors and frauds of both intentional and accidental
natures. Not specifically for one type or the other.
15. Separation of duties to stop him from setting up companies, ordering,
payments, etc to these fictitious companies. Also, input controls, such as edit
and validity tests to disallow the creation of new vendors.
16. a. Input controls, such as edit and validity tests.
b. Output controls to notify aged accounts, and input controls to disallow
the ability to sell to the company.
c. Separation of duties, to eliminate potential of fraud.
d. Input controls to disallow the creation of new master files for wrong
codes entered.
e. Separation of duties, to keep him from being able to pay vendors and
write off inventory at same time.
17. a. Input to disallow incorrect deposit code, b. input/check digits, c.
input/edit tests, d. input/edit tests, e. input/check digits, f. input/edit tests or
check digits, g. general to disallow access without proper identification, h.
Processing/batch control total
PROBLEMS
12. a. The university had too strict policy about releasing passwords. There
should have been additional controls that allowed someone who had lost a
password to obtain it, i.e. personal data question, etc. This would allowed for
assurance that the student was who she said she was and also avoiding
complaints of that nature.
b. The company should have adopted a policy against personal use on
company computers regardless of on company time or not, and the fact that
the computers are owned by the company, it shouldnt be an issue of
privacy.
c. The company should require a certain level of password and adopt a
policy that is any passwords are found there will be consequences. Otherwise
they need to use a biometric way of logging in to systems.
d. The company should have a policy against personal use of company
computers and also on the fact that he is holding and attending to a second
job instead of at the hospital.
e. This is an indication of a possible fraud, and the company needs to
investigate the 20 employees and the departments associated with inputting
of the data.
f. Ebay needs to clearly state this in their sellers policies, and also create
a control that disallows someone to bid on their own items for sale. This also
needs to extend to users with similar addresses, phone number, email
address, etc.
g. The Web company should have a control restricting its employees from
visiting certain sites it does business with.
15. a. A policy that only allows certain employees access to mail, or a
separate mailing address that is accessible only by certain people.
b. The checks should only be drawn on one account, and the bookkeeper
shouldnt be allowed to assign paychecks.
c. Separation of duties, the HR personnel should not have access to
paychecks.
d. Separation of duties and access to certain authorizations.
e. Separation of duties, the purchasing agent should not be accounts
payable.
f. The company should have strict password requirements that are more
difficult to hack.
g. The clerk should have been taking vacations or time off in three years.
h. The company should have a system that disallows the loading of
unapproved programs.
i. The company should use serial numbers for patients and also have a
strict privacy policy.
system and not the entire accounts payable program. Validation allows an
auditor to guard against program tampering with program change controls,
program comparison, reviews of the system software, validating users and
access privileges, and continuous auditing for real-time assurance.
6. A company always wants to be safe, but when costs are an issue, priority
guidance is a must. The auditor and the company should invest in a
computerized auditing software to help audit. The controls, even though all
beneficial, should still be portrayed in a hierarchy to show which ones are
technically worth more (risk assessment). The auditor should evaluate those
control procedures (systems review) and then evaluate the weaknesses.
Control weaknesses in one area of an AIS may be acceptable if control
strengths in other areas of the AIS compensate for them.
PROBLEMS
8. a & b. According to the risk analysis, the high probability of occurrence is
VANDALISM, medium probability is BROWNOUT and POWER SURGE, and low
probability is EQUIPMENT FAILURE, SOFTWARE FAILURE, EMBEZZELMENT,
FLOOD, and FIRE. When using a cost-basis analysis, the figures would
indicate that the only two that wouldnt be affordable to enlist controls for
are EMBEZZELMENT and SOFTWARE FAILURE. Considering the low cost
compared to the losses and the fact that they could stop a business from
continuation, FLOOD and FIRE must have physical general controls in place.
EQUIPMENT FAILURE would also need similar controls because of the low cost
compare to high losses estimates. Due to the medium probability of
occurrence and low cost to control BROWN OUT and POWER SURGE would
need physical general controls in place.