Essay
CMA Part 1 Section A Essay Questions.
1. Question ID: HRC (Topic: CMA Part 1 - Section A
- External Financial
Reporting)
HRC Inc., Financial Reporting
HRC Inc. is a large publicly-held corporation. List
ed below are six selected expenditures
made by the company during the year ended December
31, 20X5. The proper
accounting treatment of these transactions must be
determined to ensure that HRS’s
annual financial statements are prepared in accorda
nce with generally accepted
accounting principles.
1. HRC Inc. spent $2,000,000 on a program designed
to improve relations with its
dealers. This project was favorably received by the
dealers and HRC’s
management believes that significant future benefit
s should be received from this
program. The program was conducted during the fourt
h quarter of 20X5.
2. A pilot plant was constructed during 20X5 at a c
ost of $4,000,000 to test a new
production process. The plant will be operated for
approximately five years. At that
time, the company will make a decision regarding th
e economic value of the
process. The pilot plant is too small for commercia
l production, so it will be
dismantled when the test is over.
3. A new product will be introduced next year. The
company spent $3,000,000 during
the current year for design of tools, jigs, molds,
and dies for this product.
4. HRC Inc. purchased Merit Company for $5,000,000
in cash in early August 20X5.
The fair market value of the identifiable assets of
Merit was $4,000,000.
5. A large advertising campaign was produced during
December 20X5 for use during
the first quarter of 20X6 to introduce a new produc
t to be released during the first
quarter of 20X6. The production costs of the advert
ising campaign were
$2,500,000.
6. During the first six months of the year, $500,00
0 was expended for legal work in
connection with a successful patent application. Th
e patent became effective July
1, 20X5. The legal life of the patent is 17 years w
hile the economic life of the patent
is expected to be approximately 10 years.
Required:
For each of the six expenditures presented, determi
ne and justify the amount, if any,
1. that should be capitalized and be included on HR
C’s Statement of Financial
Position prepared as of December 31, 20X5.
2. that should be included in HRC’s Statement of In
come for the year ended
December 31, 20X5.
a. Standard full manufacturing costs plus a markup
The selling division will be motivated to control costs because any costs over standard
cannot be passed on to the buying division and will reduce the profit of the selling
division.
The buying division may be pleased with this transfer price if the market price is higher.
However, if the market price is lower and the buying divisions are forced to take the
transfer price, the managers of the buying division will be unhappy.
b.
Market selling price of the product being transferred
This creates a fair and equal chance for the buying and selling divisions to make the
most profit they can. It should promote cost control, motivate divisional management,
and optimize overall company performance. Since both parties are aware of the market
price, there will be no distrust between the parties, and both should be willing to enter
into the transaction.
c.
Outlay (out-of-pocket) costs incurred to the point of transfer, plus
opportunity costs per unit.
This method is the same as market price when there is an established market price and
the seller is at full capacity. At any level below full capacity, the transfer price is the
outlay cost only (as there is no opportunity cost), which would approximate the variable
costs of the goods being transferred.
Both buyers and sellers should be willing to transfer under this method because the
price is the best either party should be able to realize for the product under the
circumstances. This method should promote overall goal congruence, motivate
managers, and optimize overall company profits.
4.
To better protect its programs and databases from u
nauthorized use, the company
should consider logical security controls. These co
ntrols include e-IDs and passwords,
system authentication requirements, biometrics, log
s of log-on attempts, application
level firewalls, antivirus and antispyware software
, intrusion detection systems,
encryption for data in transits, or smart cards.
5.
Highly integrated accounting information systems of
ten combine procedures that used
to be performed by separate individuals. Consequent
ly, an individual who has unlimited
access to the computer, its programs, and live data
also has the opportunity to execute
and subsequently conceal a fraud. To reduce this ri
sk, a company should design and
implement effective separation of duties control pr
ocedures. It is essential to divide the
authority and responsibility for these two function
s. The design and implementation of
effective separation of duties control procedures m
ake it difficult for any one employee
to commit a successful fraudulent activity.
6.
Accounting system duties that should be kept separa
te include:

The data control group should review records for ev
idence of unauthorized computer
access.

Computer operators should not have access to progra
m documentation or logic.

Two operators should be in the computer room during
processing of data.

Maintain a processing log and review periodically f
or evidence of irregularities.

Rotate computer operators among jobs to avoid any s
ingles operator always overseeing
the same application.

Require formal authorizations for program changes,
submit written description of
changes to a supervising manager for approval.

Test changes to programs prior to implementation.

A data control group should maintain registers of c
omputer access codes, help acquire
new accounting software, coordinate security contro
ls with specific computer personal,
reconcile input and output and distribute output to
authorized user. This person should
be independent of computer operation which inhibits
unauthorized access to computer
facility and contributes to more efficient data pro
cessing authorizations.
6. Question ID: Hanson (Topic: Business Continuity
and System Auditing)
Michael Hanson, Internal Audit and Internal Control
Michael Hanson is an internal auditor who has been
asked to evaluate the internal
controls and risks of his company, Consolidated Ent
erprises Inc. He has been asked to
present recommendations to senior management with r
espect to Consolidated’s general
operations with particular attention to the company
’s database procedures. With regard
to database procedures, he was specifically directe
d to focus attention on (1)
transaction processing, (2) virus protection, (3) b
ackup controls, and (4) disaster
recovery controls.
Required:
1. For each of the areas shown below, identify two
controls that Hanson should review and
explain why.
a. Transaction processing.
b. Virus protection.
c. Backup controls.
2. Identify four components of a sound disaster rec
overy plan.
3. During his evaluation of general operations, Han
son found the following conditions.
a. Daily bank deposits do not always correspond wit
h cash receipts.
b. Physical inventory counts sometimes differ from
perpetual inventory records, and
there have been alterations to physical counts and
perpetual records.
c. An unexplained and unexpected decrease in gross
profit percentage has
occurred.
For each of these conditions, (1) describe a possib
le cause of the condition and
(2) recommend actions to be taken and/or controls t
o be implemented that would
correct the condition.

Suggested answer
1.
a. Transaction processing controls include: passwo
rds to limit access to input or
change data, segregation of duties to safeguard ass
ets, control totals to ensure
data accuracy.
b. Virus protection controls include: ensuring that
latest edition of anti-virus software
is installed and updated, firewalls set up to deter
incoming risks, limit internet
access to business-related purposes to reduce chanc
es of viruses.
c. Backup controls include identification of vital
systems to be backed up regularly,
development of a disaster recovery plan, testing of
backup communications and
resources.
2. A sound disaster recovery plan contains the foll
owing components:
o
Establish priorities for recovery process
o
Identification of software and hardware needed for critical processes Identify all
data files and program files required for recovery
o
Store files in off-site storage
o
Identify who has responsibility for various activities, which activities are needed
first
o
Set up and check arrangements for backup facilities
o
Test and review recovery plan
3.
. Bank deposits do not always correspond with cash receipts. Possible cause:
cash received after the bank deposit has been made. Action: have a separate
individual reconcile incoming cash receipts to bank deposits.
a. Physical inventory counts sometimes differ from perpetual inventory records, and
sometimes there have been alterations to physical counts and perpetual records.
Possible cause: timing differences. Actions: limit access to physical inventory,
require and document specific approvals for adjustments to records.
b. Unexpected and unexplained decrease in gross profit percentage has occurred.
Possible cause: unauthorized discounts or credits provided to customers.
Actions: establish policies for discounts and credits, document approvals.
7. Question ID: Greeting-Card (Topic: Business Cont
inuity and System Auditing)
Greeting Card Stores, Business Continuity
The headquarters of Greeting Card Stores Inc. is lo
cated near a large river that flooded
after an extremely heavy rainfall. The disaster rec
overy leader had recently left the
company, and a new person had not yet been named, n
or had the plan been tested for
some time. The company has a backup location for al
l systems, but it is in the same
area and was subject to the same flood. The backup
files were in the basement and first
floor of the backup location. Some files were salva
ged but do not have clear
descriptions, and management is not sure if they ar
e the correct files. After two days of
being unable to process the store sales, management
has implemented a backup
system. This system allows them to process sales, b
ut it does not have all of the current
data, so some large sales that were in process were
lost.
Required:
1. Explain the objective of a disaster recovery pla
n.
2. Explain the importance of backing up all program
and data files regularly and storing
them at a secure remote site.
3. Explain the difference between a hot backup site
and a cold backup site.
4. Recommend four changes to improve the disaster r
ecovery and storage control
procedures at Greeting Card Stores Inc.
5. Besides disaster recovery, system security is al
so an important control to the business.
Identify three means by which management can protec
t programs and databases from
unauthorized use.

Suggested answer
1.
The objective of a disaster recovery plan is to ens
ure that a company will be able to
operate despite any interruptions such as power fai
lures, system crashes, natural
disasters, etc. It is a process and set of procedur
es that organizations follow to resume
business after a disruptive event. Important compon
ents include:

Disaster recovery team, including a primary leader
and an alternate leader.

Designation of a specific backup site to use for al
ternate computer processing – i.e. hot
site or cold site.

Test, document and update the plan as required. Rev
iew the plan continuously.

Also include backups for hardware.
2.
The regular backup and proper storage of program an
d data files will reduce financial
risk and business risk. Misstatements might arise i
f data is lost due to inadequate
backing up. Loss of data can also cause severe inte
rruptions of business operations
and loss of income.
3.
A hot site is fully operational and can come online more or less immediately. A flyingstart hot site has the latest data and software, so it can switch on in only a few seconds
after the main site goes down.
A cold site is basically a bare facility, where hardware can be installed relatively quickly
(days not minutes). A warm site is somewhere in between, with some communications
and networking capabilities, but requiring some hardware / software installation.
The choice of the level of backup site preparedness is based on the company’s
weighing the cost of being off-line (lost sales, etc.) versus the cost of buying /
maintaining the level of backup.
4.
Greeting Cards can improve the disaster recovery and storage control procedures by:

Ensure a disaster recovery leader is named.

Test backup plan regularly to ensure that it is working.

Keep backups in a location that might not be subject to the same natural disasters.

Keep several sets of backups in case the most recent one can’t be used.

Use better file labeling storage controls. External file labels or internal file labels.
5.
Means that management can use to protect programs and databases from unauthorized
use include:
Facility and hardware controls: Control access to the building, locate data center away
from public areas, give access to only authorized personnel, use key codes or
biometrics for entrance, etc.
Network controls: Use private network or use virtual private networks to secure
connection to Internet, add password protection and require periodic password change,
encrypt data before data transmission, ensure correct destination address by routing
verification, verify message delivery via message acknowledgement, detect and defend
attacks through virus protection software and firewall, alert intrusion by intrusion
detection system, etc.