word document - Amanda Habenschuss

advertisement
ACC 492 - HOMEWORK
Amanda Grieco
J00687082
CHAPTER ONE: Accounting Information Systems and the Accountant
DISCUSSION QUESTIONS:
3. Advances in IT are likely to have a continuing impact on financial accounting. What are
some changes you think will occur in the way financial information is gathered, processed,
and communicated as a result of increasingly sophisticated IT?
Advances in IT that allow transactions to be captured immediately, accountants and
even the AIS itself can produce financial statements almost in real-time. Interactive data allows
for information to be reused and carried seamlessly among a variety of applications or reports.
4. XBRL is emerging as the language that will be used to create interactive data that financial
managers can use in communication. How do you think the use of interactive data might
enhance the value of a company’s financial statements?
It will allow the data to be used between programs, allowing for faster access and
calculations, meaning that the company can quickly prepare financial statements at any time.
5. Discuss suspicious activity reporting. For example, do you think that such reporting should
be a legal requirement, or should it be just and ethical matter? Do you think that the majority
of SAR activity is illegal, or are these mostly false alarms?
SAR laws now require accountants to report questionably financial transactions to the
U.S. Department of Treasury. It should be a legal requirement because of the ease of
committing fraud through an AIS and the fact that it can be used as a deterrent. Most of the
activity is probably false alarms, but it is better to be safe than sorry.
6. Managerial accounting is impacted by IT in many ways, including enhancing CPM. How do
you think a university might be able to use a scorecard or dashboard approach to operate
more effectively?
The scorecard and dashboard approach allow a university to track and assess the
functionality of its activities and match it against its strategic values. It can trace unfavorable
performance to be able to correct it. This ensures the university has successful internal controls
as well. The dashboard will allow it to be easier to understand given there are many
elements/departments within a university.
7. Look again at the list of assurance services shown in Figure 1-9. Can you think of other
assurance services that CPA’s could offer which would take advantage of their AIS
experience?
They could offer an assurance/IT help for individuals and their AISs and computer
systems. They could vouch for compliance with organizations or other companies that might
come in contact with them, as in to recommend them. They could offer a “seal of approval.”
10. This chapter stressed the importance of IT for understanding how AISs operate. But is this
the only skill valued by employers? How important do you think analytical thinking skills or
writing skills are? Discuss.
No. Due to the fact that AISs are complex, analytical skills are necessary to make
decisions and figure out whatever is needed. Writing skills are important to communication and
also programming AISs. Both of these skills are very valued by employers. A well-rounded mix
would make an ideal candidate in accounting/IT fields.
PROBLEMS
11.
a. AAA – American Accounting Association
b. ABC – Activity Based Costing
c. AICPA – American Institute of Certified Public Accountants
d. AIS – Accounting Information Systems
e. CFO – Certified Financial Officer
f. CISA – Certified Information Systems Auditor
g. CITP- Certified Information Technology Professional
h. CPA – Certified Public Accountant
i. CPM – Corporate Performance Measurement
j. ERP – Enterprise Resource Planning
k. FASB – Financial Accounting Standards Board
l. HIPPA – Health Insurance Portability and Accountability Act
m. ISACA – Information Systems Audit and Control Association
n. IT – Information Technology
o. KPI – Key Performance Indicators
p. OSC q. PATRIOT Act - Uniting and Strengthening America by Providing Appropriate Tools
Required to Intercept and Obstruct Terrorism
r. REA – resources, events, and agents
s. SAR – Suspicious Activity Reporting
t. SEC – Securities Exchange Commission
u. SOX – Sarbanes- Oxley Act
v. VARs – Value-Added Resellers
w. XBRL – Extensible Business Reporting Language
16.
a. Dues paid, expenses, donations, operating costs, and capital investments and costs.
b. Yes, because AISs do not have to be computerized.
c. No, fraud tends to occur when there isn’t a separation of duties.
d. Benefits would include ease of information collected/entered, real-time reporting,
ease of access to information, e-commerce style record keeping. It would only be cost effective
if system is easy to use/user-friendly.
CHAPTER TWO: Information Technology and AISs
DISCUSSION QUESTIONS
1. Why is important to view and AIS as a combination of hardware, software, data, people,
and procedure?
It takes ALL components to work successfully.
2. Why is information technology important to accountants?
1. On CPA exam
2. Used a lot therefore need to understand it
3. To be able to audit systems
4. Task Identification
5. Help clients make hardware and software purchases
6. To evaluate efficiency and effectiveness
7. IT profoundly affects work today and in the future
3.Why do most AISs try to avoid data transcription?
To avoid errors, time-consuming, costly, inefficient, nonproductive, can bottleneck data
at transcription site, embeds errors, and provides opportunities for fraud, embezzlement, or
sabotage.
11. What are local area networks? What advantages do LANs offer accounting applications?
LANs consist of microcomputers, printers, terminals, and similar devices that are
connected together for communications purposes. Most use file servers to store centralized
software and data files and also to coordinate data transmissions between devices. Most LANs
occupy single building and are wireless. Advantages include:
1. Facilitating communications
2. Sharing computer equipment
3. Sharing computer files
4. Saving software costs
5.Enabling unlike computer equipment to communicate with one another
12. What is client/server computing? How does it differ from host/mainframe computing?
What are some advantage and disadvantages of client/server systems?
It is an alternative technology to mainframe and/or hierarchal networks; typically a
microcomputer. Mainframe systems normally centralize everything, whereas client/server
applications distribute data and software among the server and client computers of the system.
Advantages: flexibility of distributing capabilities, reduced telecommunications costs, and
ability to install thin/client systems. Disadvantages: must maintain multiple copies of same
databases making backup and recovery difficult, difficult data synchronization, system
consistency makes it difficult to change versions of a program, and user training is greater.
PROBLEMS:
17.
a. ALU – CPU component
b. CD-ROM - secondary storage
c. keyboard – input equipment
d. Modem – data communications
e. dot-matrix printer – output equipment
f. POS device - input equipment
g. MICR reader - input equipment
h. laser printer - output equipment
i. flash memory – secondary storage
j. OCR reader - input equipment
k. magnetic (hard) disk – secondary storage
l. ATM - data communications
m. Primary memory - CPU component
18.
a. POS – Point of sale devices, gather and record electronic data
b. CPU – Central processing unit, processes tasks within a computer
c. OCR – Optical character recognition, optical readers to interpret data
d. MICR – Magnetic ink character recognition, magnetically-encoded paper coding
e. ATM – Automated teller machine, to communicate to banking customers
f. RAM – Random access memory, primary memory, operating instructions
g. ALU- Arithmetic-logic unit, performs arithmetic and logic tasks
h. MIPS – Millions of instructions per second, computer processing speeds
i. OS – Operating system, helps computer run itself and programs within
j. MHz – Megahertz, computer processing speeds
k. pixel – Picture elements, dots of color in video output
l. CD-ROM – Compact disk-read only memory, secondary storage
m. worm – Write-once, read-many, type of cd-rom
n. modem – modulator-demodulator, transmission over phone lines
o. LAN – Local area network, small area connected devices
p. WAN – Wide are network, large area connected devices
q. RFID – Radio frequency Identification, enables identification using radio waves
r. WAP – Wireless application protocol, set of communication standards and language
s. Wi-Fi – Wireless fidelity, transmitting over wireless channels
t. ppm – Pages per minute, printing speeds
u. dpi – Dots per inch, resolution of ink-jet printers
v. NFC – Near-field communication, enables communication with other NFC devices
CHAPTER SIX: Documenting Accounting Information Systems
DISCUSSION QUESTIONS
1. Why is documentation important to AISs? Why should accountants be interested in AIS
documentation?
Documentation explains how AISs operate: describes the tasks for recording data, the
procedures that users must perform, the processing steps that AISs follow, and the logical and
physical flows of accounting data through systems.
1. Depicting how system works
2. Training Users
3. Designing new systems
4. Controlling system development and maintenance
5. Standardizing communications with others
6. Auditing AISs
7. Documenting business processes
8. Complying with SOX Act
9. Establishing Accountability
It is important for accountants to understand the documentation that describes how
processing takes place.
2. Distinguish between documentation flowcharts, system flowcharts, data flow diagrams,
and program flowcharts. How are they similar and different?
Document Flowchart – traces the physical flow of documents through an organization
from who first created them to their final destination.
System Flowchart – Concentrate on computerized data flow of AISs.
Data Flow Diagrams – (DFDs) development process, as a tool for analyzing an existing
system or as a planning aid for creating a new system, describes the sources of data stored in a
database and the ultimate destinations of these data.
Program Flowchart – outline the processing logic of computer programs as well as the
order in which processing take place.
All four use symbols and linage to describe the flow/activity. Data flow diagrams
describe the source and flow of data in a database. Document flowcharts trace the flow of
documents. System flowcharts are created when there is computerized/electronic data and
processing. Program flowcharts outline computer programs and how they determine each
process. System flowcharts, data flow diagrams, and program flowcharts can be designed at
different levels/hierarchal process maps of detail.
5. What are the four symbols in a data flow diagram? What does each mean?
External Entity (data source or destination)
Data Flow
Internal Entity (physical DFDs) or Transformational Process (logical DFDs)
Data Store (file)
8. What is the purpose of a decision table? How might they be useful to accountants?
The purpose of a decision table is to indicate what action to take for each possibility of
conditions and processing tasks and as an alternative to program flowcharts. They will be useful
to accountants because they provide a large number of conditions in a compact, easily
understood format. This ensures accuracy, completeness, and fewer omissions of important
processing possibilities.
CHAPTER SEVEN: AISs and Business Processes: Part 1
DISCUSSION QUESTIONS
1. As you might imagine, the chart of accounts for a manufacturing firm would be different
from that of a service firm. Not surprisingly, service firms differ so much that software now
exists for almost any type of firm that you could name. Think of yourself as an entrepreneur
who is going to start up your own business. Now, go online to find at least two different
software packages that you might use for the type of firm you are going to start up. What
does the chart of accounts include? Are both software packages the same? What are the
differences between the packages?
1. Intuit® QuickBooks® Premier Retail Edition 2014
Difference from QuickBooks Pro:
 Organize your business finances all in one place and save time on everyday tasks






Accounting tools for retailers
Save time managing retail activities, tracking sales results and profitability
Organize your customer information on one screen –see who’s paid and who owes you
Gain greater insight with retail specific reports to help manage your business better
Use tools to create and track service work orders
Get reliable records for tax time
2. QuickBooks Pro 2014 – cheaper than Retail Edition.
For both versions, when you start up the program it will ask you
questions in order to tailor a chart of accounts for what is needed. The retail version is tailored
to retailers to provide insight beyond financial aspects.
3. What are some typical outputs of an AIS? Why do system analysts concentrate on
managerial reports when they start to design an effective AIS? Why not start with the inputs
to the system instead?
Outputs include: Reports to management, reports to investors and creditors, files that retain
transaction data, files that retain current data about accounts, i.e. customer billing statements,
aging report, bad debt report, cash receipts forecast, approved customer listing, sales analysis
reports, check register, discrepancy reports, and cash requirements forecast. Most of the
accounting data collected by an organization ultimately appears on come type of
internal/external report, therefore the design of an effective AIS usually begin with the outputs
(reports) that users will expect from the system.
PROBLEMS
14. Recommend a type of coding:
a. Employee id number on a computer file – Sequence, simple identification
b. Product number for a sales catalog – Group
c. Inventory number for the products of a wholesale drug company - Block
d. Inventory part number for a bicycle mfg company - Block
e. ID numbers on the forms waiters use to take orders – Sequence, simple identification
f. ID numbers on airline ticket stubs – Sequence, simple identification
g. Auto registration numbers – Sequence, simple identification
h. Auto engine block numbers – Sequence, simple identification
i. Shirt sizes for men’s shirts – Mnemonic, lettering used to identify sizing
j. Color codes for house paint – Mnemonic, lettering used to identify color combonations
k. ID numbers on payroll check forms – Sequence, simple identification
l. Listener ID for a radio station – Block, numbering based on region
m. Numbers on lottery tickets – Sequence, simple identification
n. ID numbers on a credit card – Block, first numbers indicate type of card
o. ID numbers on dollar bills – Block, lettering first then numbers
p. Passwords used to gain access to a computer – Mnemonic, lettering used to create pw
q. Zip codes – Block, based on regional areas
r. A chart of accounts for a department store – Block, categorized by type
s. A chart of accounts for a flooring contractor – Block, categorized by type
t. Shoe sizes – Sequence, simple identification by size
u. ID number on a student exam – Sequence, simple identification
v. ID number on an insurance policy – Block, identifiers on region/policy type/etc.
CHAPTER EIGHT: AISs and Business Processes: Part 2
DISCUSSION QUESTIONS
2. Why are accounting transactions associated with payroll processing so repetitive in nature?
Why do some companies choose to have payroll processed by external service companies
rather than do it themselves?
There are standards for payroll that are government mandated, including very strict
control procedures, and with the transactions occurring very frequently, it causes payroll
processing to be repetitive. Many companies find it cost-effective to outsource the process for
payroll reports and paychecks.
5. What are the basic concepts of lean manufacturing? What concepts are the root of lean
production and lean manufacturing?
Lean manufacturing involves making the commitment to eliminate waste throughout the
organization (not just production). It focuses on the elimination or reduction of non-valueadded waste to improve overall customer value and to increase the profitability of the products
or services that the organization offers. It was developed through the concepts of just-in-time
and Total Quality Management.
PROBLEMS
14. How could an automated time and billing system help your firm? What is the name of the
software package and what are the primary features of this BPM software?
Automated time and billing systems could be more cost-effective, as well as help with
tedious transaction and reporting, aid in detecting and reducing errors, and help with keeping
up with delinquent accounts. Tabs3 Billing will keep track of time easily, bill exactly the way you
want to, get bills out faster, create useful reports to stay on top of the business of law, secure
your information, has advanced compensation formulas to compute with, and has free practice
management included.
CHAPTER NINE: Introduction to Internal Control Systems
DISCUSSION QUESTIONS
1. What are the primary provisions of the 1992 COSO Report? The 2004 COSO Report?
1992- Internal Control-Integrated Framework: Defines internal control and describe its
components, Presents criteria to evaluate internal control systems, provides guidance for public
reporting on internal controls, and offers materials to evaluate internal control system.
2004 – Focuses on enterprise risk management, include 5 components of 1992 Report,
and adds three components: objective setting, event identification, and risk response.
2. What are the primary provisions of COBIT?
Control Objectives for Business and IT; A framework for IT management; provides
managers, auditors, and IT users a set of generally accepted measures, indicators, processes,
and best practices to maximize benefits of IT and develop appropriate IT governance and
control.
5. Why are accountants so concerned about their organization having an efficient and
effective internal control system?
Accountants rely on an internal control system to safeguard assets, check the accuracy
and reliability of accounting data, promote operational efficiency, and enforce prescribed
managerial policies. If it is not efficient and effective, the accountants will suffer.
6. Discuss what you consider to be the major differences between preventative, detective,
and corrective control procedures. Give two examples of each type of control.
Preventative controls are put in place to prevent problems, such as scenario planning and
firewalls. Detective controls alert managers when preventative controls fails, such as motion
detection and log monitoring and review. Corrective controls are what a company uses to solve
or correct a problem, such as changing back up procedures and camera systems.
7. Why are competent employees important to an organization’s internal control system?
Competent and honest employees are more likely to create value for an organization and
lead to efficient use of the company’s assets.
8. How can separation of duties reduce the risk of undetected errors and irregularities?
The purpose of separation of duties is to structure work assignments so that one
employee’s work serves as a check on another employee(s).
9. Discuss some of the advantages to an organization from using a voucher system and
prenumbered checks for its cash disbursement transaction.
A voucher system reduces the number of cash disbursement checks that are written,
since several invoices to the same vendor can be included on one disbursement voucher, the
disbursement voucher is an internally generated document, and can be prenumbered to
simplify the tracking of all payables, thereby contributing to an effective audit train over cash
disbursements.
10. What role does cost-benefit analysis play in an organization’s internal control system?
Companies develop their own optimal internal control package by applying the costbenefit concept: only those controls whose benefits are expected to be greater than, or at least
equal to, the expected costs are implemented.
11. Why is it important for managers to evaluate internal controls?
SOX compliance, managers must acknowledge their responsibility for establishing and
maintaining adequate internal control structure and procedures.
12. Why did COSO think it was so important to issue the 2009 Report on monitoring?
COSO observed that many organizations did not fully understand the benefits and
potential of effective monitoring and were not effectively using their monitoring results to
support assessments of their internal control systems.
PROBLEMS
13. Internal control weaknesses:
*Oral authorization to remove items from storeroom: should be documented not oral.
* Physical Inventory count by storeroom clerks: should be management if
documentation of inventory is not going to occur; regardless of supervision.
* Reordering when below reorder level: should not order until at reorder level, excess of
inventory will allow for possible theft.
* Number of items ordered available to storeroom clerks: should be a separate receiving
person, separation of duties.
CHAPTER TEN: Computer Controls for Organizations and AISs
DISCUSSION QUESTIONS
1. What is a security policy? What do we mean when we say organizations should have an
integrated security policy?
A security policy is an integrated plan that helps protect an enterprise from both internal
and external threats. An integrated security policy combines logical and physical security
technologies.
2. What do we mean when we talk about convergence of physical and logical security? Why
might this be important to an organization?
Combining technologies of physical and logical securities, supported by a comprehensive
security policy, can significantly reduce the risk of attack because it increases the costs and
resources needed by the intruder.
4. What controls must be used to protect data that is transmitted across wireless networks?
Virtual private network to remote access to entity’s resources and data encryption to
avoid electronic eavesdropping.
5. Why is business continuity planning so important? Identify several reasons why testing the
plan is a good idea?
They use BCP to be reasonably certain that they will be able to operate in spite of any
interruptions, such as, power failures, IT system crashes,, natural disasters, supply chain
problems, and others.
6. What is backup and why is it important when operating an accounting system?
Backup is similar to the redundancy concept in fault-tolerant systems. It is important
when operating an accounting system because you could lose all of your work and client
information.
7. Discuss some of the unique control risks associated with the use of PC’s and laptop
computers compared to using mainframes.
PC’s are relatively in-expensive, therefore it is not cost-effective for a company to go to
elaborate lengths to protect them. Important safeguards are: (1) backup important laptop data
often, (2) password protect them, and (3) encrypt sensitive files. Antitheft systems can help
avoid theft. Control procedures include: Identify your laptop and keeping information in a safe
place, use non-breakable cables to attach laptops to stationary furniture to avoid theft, load
antivirus software onto the hard disk to avoid theft of data, and back up laptop information to
ensure data integrity.
9. Explain how each of the following can be used to control the input, processing, and output
of accounting data:
a. EDIT TESTS- examine selected fields of input data and reject those transactions whose
data fields so not meet the pre-established standards of data quality. INPUT CONTROL
b. CHECK DIGITS – computed as a mathematical function of the other digits in a numeric
field and its sole purpose is to test the validity of the associated data. INPUT CONTROL
c. PASSWORDS – INPUT CONTROL, to ensure validity
d. ACTIVITY LISTINGS - OUTPUT CONTROL, documents processing activities
e. CONTROL TOTALS – PROCESSING CONTROL, to control large amounts of data
processing
10. What is the difference between logical and physical access to the computer? Why is the
security of both important?
Logical refers to the access of technology on a computer while physical access refers to the
access to the actual computer equipment. Both are important because they are both assets of
the company, and an integrated security system that includes both logical and physical security
can significantly reduce the risk of theft and attack.
11. Discuss the following statement: “The separation of duties control is very difficult in
computerized accounting information systems because computers often integrate functions
when performing data processing tasks. Therefore, such a control is not advisable for those
organizations using computers to perform their accounting functions.”
This is incorrect. Due to the fact that functions are integrated, extra measures need to be
taken to separate functions of authority and responsibility between accounting and IT
subsystems or departments.
PROBLEMS
13. I think both types of controls, personnel and edit tests, are set forth to eliminate potential
errors and frauds of both intentional and accidental natures. Not specifically for one type or the
other.
15. Separation of duties to stop him from setting up companies, ordering, payments, etc to
these fictitious companies. Also, input controls, such as edit and validity tests to disallow the
creation of new vendors.
16. a. Input controls, such as edit and validity tests.
b. Output controls to notify aged accounts, and input controls to disallow the ability to sell
to the company.
c. Separation of duties, to eliminate potential of fraud.
d. Input controls to disallow the creation of new master files for wrong codes entered.
e. Separation of duties, to keep him from being able to pay vendors and write off inventory
at same time.
17. a. Input to disallow incorrect deposit code, b. input/check digits, c. input/edit tests, d.
input/edit tests, e. input/check digits, f. input/edit tests or check digits, g. general to disallow
access without proper identification, h. Processing/batch control total
CHAPTER ELEVEN: Computer Crime, Fraud, Ethics, & Privacy
DISCUSSION QUESTIONS
1. The cases of computer crime that we know about have been described as just “the tip of
the iceberg.” Do you consider this description accurate?
Since most computer crimes are caught through luck, chance, or accident, generally only
an estimated 1% of computer crime is detected. This description is correct due to exponential
growth in the use of computer resources, continuing lax security, and availability of information
on how to commit computer crime.
2. Most computer crimes are not reported. Give as many reasons as you can why much of this
crime is purposely downplayed. Do you consider these reasons valid?
From a business’ perspective, reasons could include costs to persecute, wanting to avoid
the media, reputation issues, easier to just fire people rather than persecute, company not
wanting consumers/customers knowing about lack of controls, possible auditing issues. None of
these reasons are technically valid because crime cannot be controlled without reporting.
5. What enabled employees at TRW to get away with their crime? What controls might have
prevented the crime from occurring?
What enabled the employees was the fact that they were able to enter false information
into the computer procedures. Controls that could have prevented the crime are authorization
and validation of credit changes and separation of duties.
11. The fact that Mr. Allen has never taken a vacation is a key red flag that he may have been
manipulating the account data. Making him Employee-of-the-Year should not be a
consideration until he/his department had been audited for the potential fraud. Giving him
such a title would entice him to continue committing frauds.
PROBLEMS
12. a. The university had too strict policy about releasing passwords. There should have been
additional controls that allowed someone who had lost a password to obtain it, i.e. personal
data question, etc. This would allowed for assurance that the student was who she said she was
and also avoiding complaints of that nature.
b. The company should have adopted a policy against personal use on company computers
regardless of on company time or not, and the fact that the computers are owned by the
company, it shouldn’t be an issue of privacy.
c. The company should require a certain level of password and adopt a policy that is any
passwords are found there will be consequences. Otherwise they need to use a biometric way
of logging in to systems.
d. The company should have a policy against personal use of company computers and also
on the fact that he is holding and attending to a second job instead of at the hospital.
e. This is an indication of a possible fraud, and the company needs to investigate the 20
employees and the departments associated with inputting of the data.
f. Ebay needs to clearly state this in their seller’s policies, and also create a control that
disallows someone to bid on their own items for sale. This also needs to extend to users with
similar addresses, phone number, email address, etc.
g. The Web company should have a control restricting its employees from visiting certain
sites it does business with.
15. a. A policy that only allows certain employees access to mail, or a separate mailing address
that is accessible only by certain people.
b. The checks should only be drawn on one account, and the bookkeeper shouldn’t be
allowed to assign paychecks.
c. Separation of duties, the HR personnel should not have access to paychecks.
d. Separation of duties and access to certain authorizations.
e. Separation of duties, the purchasing agent should not be accounts payable.
f. The company should have strict password requirements that are more difficult to hack.
g. The clerk should have been taking vacations or time off in three years.
h. The company should have a system that disallows the loading of unapproved programs.
i. The company should use serial numbers for patients and also have a strict privacy policy.
CHAPTER TWELVE: InformationTechnology Auditing
DISCUSSION QUESTIONS
1. Distinguish between the roles of an internal and an external auditor. Cite at least two
examples of auditing procedures that might reasonably be expected of an internal audition
but not and external. Which type of auditor would you rather be? Why?
Internal auditors work for their own company while external work for an independent CPA
firm. The difference is in purpose: staff positions that report to top management, an audit
committee or board of directors, and also involve evaluation of the company to provide
assurance about the efficiency and effectiveness of almost any aspect of its organization. I
would rather be an internal auditor. The duties are more broad and less of risk of being sued in
the end.
4. IT auditors need people skills as well as technical skills. One such skill is the ability to
interview effectively. Discuss some techniques or tools that might help an interviewer get the
best information from an interviewee, including sensitive material.
Being more personable and able to build trust quickly will get people to open up to you and
deliver information they may not have otherwise. Learning skills on how to interrogate would
have read body language and signs hidden between the lines of lies. Learning the aspects of the
position the person works in will help the interviewer ask better questions and delivery whatifs.
5. Describe how an auditor might use through-the –computer techniques such as test data, an
integrated test facility, parallel simulation, or validation of computer programs to accomplish
audit objectives relative to accounts payable.
Test data will allow an auditor to check the range of exception situations and compare the
results with a predetermined set of answers on an audit worksheet, such as invalid dates and
use of alphabetic data in numeric codes. An integrated test facility will allow an audit in an
operational setting by using artificial transactions and companies, such as payments to vendors
and shipments/orders from vendors. Parallel simulation allows the auditor to run live data
instead of test data in a second system that duplicates the client system to look for differences,
such as payments to vendors only system and not the entire accounts payable program.
Validation allows an auditor to guard against program tampering with program change controls,
program comparison, reviews of the system software, validating users and access privileges,
and continuous auditing for real-time assurance.
6. A company always wants to be safe, but when costs are an issue, priority guidance is a must.
The auditor and the company should invest in a computerized auditing software to help audit.
The controls, even though all beneficial, should still be portrayed in a hierarchy to show which
ones are technically worth more (risk assessment). The auditor should evaluate those control
procedures (systems review) and then evaluate the weaknesses. Control weaknesses in one
area of an AIS may be acceptable if control strengths in other areas of the AIS compensate for
them.
PROBLEMS
8. a & b. According to the risk analysis, the high probability of occurrence is VANDALISM,
medium probability is BROWNOUT and POWER SURGE, and low probability is EQUIPMENT
FAILURE, SOFTWARE FAILURE, EMBEZZELMENT, FLOOD, and FIRE. When using a cost-basis
analysis, the figures would indicate that the only two that wouldn’t be affordable to enlist
controls for are EMBEZZELMENT and SOFTWARE FAILURE. Considering the low cost compared
to the losses and the fact that they could stop a business from continuation, FLOOD and FIRE
must have physical general controls in place. EQUIPMENT FAILURE would also need similar
controls because of the low cost compare to high losses estimates. Due to the medium
probability of occurrence and low cost to control BROWN OUT and POWER SURGE would need
physical general controls in place.
Download