A manufacturing firm needed a specialized software program to identify and monitor cost overruns. After an extensive analysis, the company purchased prepackaged software and assigned three programmers to modify it to meet its individual circumstances and processes. After six months of work, during final testing, the company told them to stop all work until further notice. While reading the software vendor‟s sales agreement, the manufacturing manager found a clause stating that the software could not be changed without the prior written consent of the vendor. The firm had to pay the software vendor an additional fee so it could use the modified software in its manufacturing process. Which aspect(s) of feasibility did the manufacturing firm failed to consider prior to purchasing the software.
> The Family Support Center is a small charitable organization. It has only four full-time employees: two staff, an accountant, and an office manager. The majority of its funding comes from two campaign drives, one in the spring and one in the fall. Donors
> Figure 12-18 depicts the activities performed in the revenue cycle by the Newton Hardware Company. (CPA Examination, adapted) a. Identify at least 7 weaknesses in Newton Hardware’s revenue cycle. Explain the resulting threat b. Identify ways to use IT t
> O’Brien Corporation is a midsize, privately owned, industrial instrument manufacturer supplying precision equipment to manufacturers in the Midwest. The corporation is 10 years old and uses an integrated ERP system. The administrative offices are located
> For each of the following activities identify the data that must be entered by the employee performing that activity and list the appropriate data entry controls: a. Sales order entry clerk taking a customer order b. Shipping clerk completing a bill of
> Weisel, in the December 2006 issue of the Journal of Accountancy. The Journal of Accountancy is available in print or online at the AICPA’s Web site: www.aicpa.org Required: a. Create a 12-month cash flow budget in Excel using the following assumptions
> For good internal control, which of the following duties can be performed by the same individual? 1. Approve changes to customer credit limits 2. Sales order entry 3. Shipping merchandise 4. Billing customers 5. Depositing customer payments 6. Main
> Give two specific examples of nonroutine transactions that may occur in processing cash receipts and updating accounts receivable. Also specify the control procedures that should be in place to ensure the accuracy, completeness, and validity of those tra
> What internal control procedure(s) would provide protection against the following threats? a. Theft of goods by the shipping dock workers, who claim that the inventory shortages reflect errors in the inventory records. b. Posting the sales amount to th
> The Journal of Accountancy (available at www.aicpa.org) has published a series of articles that address different aspects of disaster recovery and business continuity planning: 1. Gerber, J. A., and Feldman, E. R. 2002. “Is Your Business Prepared for th
> Melinda Robinson, the director of internal auditing at Sachem Manufacturing Company, believes the company should purchase software to assist in the financial and procedural audits her department conducts. Robinson is considering the following software pa
> As an internal auditor for the state auditor’s office, you are assigned to review the implementation of a new computer system in the state welfare agency. The agency is installing an online computer system to maintain the state’s database of welfare reci
> You are performing an information system audit to evaluate internal controls in Aardvark Wholesalers’ (AW) computer system. From an AW manual, you have obtained the following job descriptions for key personnel: Director of information systems: Responsib
> You are a manager for the CPA firm of Dewey, Cheatem, and Howe (DC&H). While reviewing your staff’s audit work papers for the state welfare agency, you find that the test data approach was used to test the agency’s accounting software. A duplicate progra
> You are involved in the audit of accounts receivable, which represent a significant portion of the assets of a large retail corporation. Your audit plan requires the use of the computer, but you encounter the following reactions: For each situation, sta
> As an internal auditor, you have been assigned to evaluate the controls and operation of a computer payroll system. To test the computer systems and programs, you submit independently created test transactions with regular data in a normal production run
> As an internal auditor for the Quick Manufacturing Company, you are participating in the audit of the company’s AIS. You have been reviewing the internal controls of the computer system that processes most of its accounting applications. You have studied
> Which of the following should have the primary responsibility to detect and correct data processing errors? Explain why that function should have primary responsibility and why the others should not. a. The data processing manager b. The computer operat
> You are auditing the financial statements of a cosmetics distributor that sells thousands of individual items. The distributor keeps its inventory in its distribution center and in two public warehouses. At the end of each business day, it updates its in
> The fixed-asset master file at Thermo-Bond includes the following data items: Asset number ………………………….. Date of retirement (99/99/2099 for assets still in service) Description …………………….………. Depreciation method code Type code …………………….…………. De
> Obtain the practitioner’s version of Generally Accepted Privacy Principles from the AICPA’s web site (www.aicpa.org). You will find it located under professional resources and then information technology. Use it to answer the following questions: 1. Wha
> You are the director of internal auditing at a university. Recently, you met with Issa Arnita, the manager of administrative data processing, and expressed the desire to establish a more effective interface between the two departments. Issa wants your he
> For each of the following scenarios, determine whether the company’s current backup procedures enable it to meet its recovery objectives and explain why: a. Scenario 1: Recovery point objective = 24 hours Daily backups at 3:00 am, process takes 2
> Creating and testing check digits. a. Create a spreadsheet that will take as input a five-digit account number and calculate a check digit using this formula: (5 x left-most digit + 4 x next digit + 3 x third digit + 2 x fourth digit + fifth digit) modu
> MonsterMed Inc. (MMI) is an online pharmaceutical firm. MMI has a small systems staff that designs and writes MMI‟s customized software. The data center is installed in the basement of its two-story headquarters building. The data center is equipped with
> Which control(s) would best mitigate the following threats? a. The hours worked field in a payroll transaction record contained the value 400 instead of 40. As a result, the employee received a paycheck for $6,257.24 instead of $654.32. b. The accounts
> Create a spreadsheet with the following columns: Plaintext character ASCII code (7-bits, binary number) First bit Second bit Third bit Fourth bit Fifth bit Sixth bit Seventh bit Number of bits with value = 1 Parity bit fo
> Obtain a copy of COBIT (available at www.isaca.org) and read the control objectives that relate to encryption (DS5.8 and DS5.11). What are the essential control procedures that organizations should implement when using encryption?
> Research the problem of identity theft and write a report that explains: a. Whether the problem of identity theft is increasing or decreasing b. What kind of identity theft protection services or insurance products are available. Compare and contrast at
> In what situations would you expect to model a relationship between an agent and a resource?
> Research the information rights management software that may be available for your computer. What are its capabilities for limiting access rights? Write a report of your findings. Optional: If you can download and install IRM software, use it to prevent
> How would you respond to the treasurer of a small charity who tells you that the organization does not use a separate checking account for payroll because the benefits are not worth the extra monthly service fee?
> Visit the SEC website (www.sec.gov) and explore what is available in terms of interactive data (the SEC’s term for XBRL reports). Use the SEC’s viewer software and examine the annual reports for two companies.
> Examine issues of the Journal of Accountancy, Strategic Finance, and other business magazines for the past three years to find stories about current developments in factory automation. Write a brief report that discusses the accounting implications of on
> Search popular business and technology magazines (Business Week, Forbes, Fortune, CIO, etc.) to find an article about an innovative use of IT that can be used to improve one or more activities in the expenditure cycle. Write a report that: a. Explains h
> Search popular business and technology magazines (Business Week, Forbes, Fortune, CIO, etc.) to find an article about an innovative use of IT that can be used to improve one or more activities in the revenue cycle. Write a report that: a. Explains how I
> The balanced scorecard measures organizational performance along four dimensions. Is it possible that measures on the customer, internal operations, and innovation and learning dimensions could be improving without any positive change in the financial di
> Why is the audit trail an important control?
> How can responsibility accounting and flexible budgets improve morale?
> In which phase of the systems development life cycle would each of the following positions be most actively involved? Justify your answers.
> The following notice was posted in the employee cafeteria on Monday morning: To: All Accounting and Clerical Employees From: I.M. Krewel, President Subject: Termination of Employee Positions Effective this Friday, all accounting and clerical em
> Physical security is extremely important. Read the article “19 Ways to Build Physical Security into a Data Center,” which appeared in the CSO Magazine November 2005. (You can find the article at www.csoonline.com/read/110105/datacenter.html). Which meth
> Data from Case Date Supplier Invoice Supplier Name Supplier Address Amount March 7 AJ34 Bud's Soil Prep, Inc.
> When a company converts from one system to another, many areas within the organization are affected. Explain how conversion to a new system will affect the following groups, both individually and collectively.
> Prism Glass is converting to a new information system. To expedite and speed up implementation, the CEO asked your consulting team to postpone establishing standards and controls until after the system is fully operational. How should you respond to the
> Sara Jones owns a rapidly growing retail store that faces stiff competition due to poor customer service, late and error-prone billing, and inefficient inventory control. To continue its growth, its AIS must be upgraded but Sara is not sure what it wants
> You are a systems consultant for Ernst, Price, and Deloitte, CPAs. At your country club’s annual golf tournament, Frank Fender, an automobile dealer, describes a proposal from Turnkey Systems and asks for your opinion. The system will handle inventories,
> In a Midwest city of 45,000, a computer was purchased and in-house programmers began developing programs. Four years later, only one incomplete and poorly functioning application had been developed, none of software met users’ minimum requirements, and t
> What is the accountant’s role in the computer acquisition process? Should the accountant play an active role, or should all the work be left to computer experts? In what aspects of computer acquisition might an accountant provide a useful contribution?
> Ajax Manufacturing installed a new bar code based inventory tracking system in its warehouse. To close the books each month on a timely basis, the six people who work in the warehouse must scan each item in a 36-hour period while still performing their n
> For years, Jerry Jingle’s dairy production facilities led the state in sales volume but recent declines worry him. Customers are satisfied with his products but are troubled by the dairy’s late deliveries and incomplete orders. Production employees (not
> Give some examples of systems analysis decisions that involve a trade-off between each of the following pairs of objectives: a. economy and usefulness b. economy and reliability c. economy and customer service d. simplicity and usefulness e. simplicity
> The chapter briefly discussed the following three common attacks against applications a. Buffer overflows b. SQL injection c. Cross-site scripting Required Research each of these three attacks and write a report that explains in detail how each atta
> The following problem situations occurred in a manufacturing firm. What questions should you ask to understand the problem? Customer complaints about product quality have increased. Accounting sees an increase in the number and dollar value of bad debt
> For each of the following, discuss which data-gathering method(s) are most appropriate and why: a. Examining the adequacy of internal controls in the purchase requisition procedure b. Identifying the controller’s information needs c. Determining how c
> While reviewing a list of benefits from a computer vendor‟s proposal, you note an item that reads, “Improvements in management decision making—$50,000 per year.” How would you interpret this item? What influence should it have on the economic feasibility
> You are a consultant advising a firm on the design and implementation of a new system. Management has decided to let several employees go after the system is implemented. Some have many years of company service. How would you advise management to communi
> The approach to long-range AIS planning described in this chapter is important for large organizations with extensive investments in computer facilities. Should small organizations with far fewer information systems employees attempt to implement plann
> How would you modify the expenditure cycle REA diagram in Figure 19-4 to include the return of defective products to suppliers for credit?
> How are the similarities and differences between the purchase of services, such as telephone service, and the purchase of raw materials reflected in an REA data model?
> How would you model the acquisition of a digital asset, such as the purchase of software online (the software is downloaded and then installed on the purchaser’s computer)?
> Why is depreciation not represented as an event in the REA data model?
> How could an automobile dealer model the use of loaner cars, which it gives to customers for free whenever they drop off a vehicle for maintenance that will take longer than one day to complete?
> Apply the following data to evaluate the time-based model of security for the XYZ Company. Does the XYZ Company satisfy the requirements of the time-based model of security? Why? Estimated time for attacker to successfully penetrate system = 25 minute
> Often it takes several sales calls to obtain the first order from a new customer. Why then does Figure 19-1 depict the relationship between the Call on Customer and Take Customer Order events as being 1:1?
> Why do the Inventory, Customers, and Suppliers tables all have an attribute that contains data about the balance at the beginning of the current fiscal period?
> Why does Figure 18-4 show only one cash disbursement entity if Fred’s Train Shop uses a general operating checking account for purchases of inventory, supplies, and operating expenses such as rent but also uses a separate checking account for payroll?
> How would you determine the amount of cash that Fred’s Train Shop has at any point in time?
> Assume that there exists a 1:1 relationship between the Receive Inventory and Disburse Cash events. How does the manner in which the relationship between the two events is implemented (i.e., in which table a foreign key is placed) affect the process used
> Building separate tables for every relationship (1:1, 1:N, and M:N) does not violate any of the rules for building a well-structured database. Why then do you think that REA data modelers recommend building separate tables only for M:N relationships and
> Why take the time to develop separate REA diagrams for each business cycle if the ultimate objective is to combine them into one integrated enterprise-wide data model? Why not just focus on the integrated model from the start?
> How would the process of generating a cash disbursements journal from the REA data model presented differ from the process for creating a sales journal?
> What is the difference between an Entity-Relationship (E-R) diagram and an REA diagram?
> What are the five stages of the database design process? In which stages should accountants participate? Why?
> Install and run the latest version of the Microsoft Baseline Security Analyzer on your home computer or laptop. Write a report explaining the weaknesses identified by the tool and how to best correct them. Attach a copy of the MBSA output to your report.
> How would accounts payable be reflected in an REA diagram? Why?
> What is the relationship between the things that would be represented as resources in an REA diagram and the different categories of assets found on an organization’s balance sheet? (Hint: Are there any assets that would not be modeled as resources? Are
> Which parts of Figure 17-6 would accurately depict almost every organization’s revenue cycle? Which parts would change?
> How can REA diagrams help an auditor understand a client’s business processes?
> The basic REA template includes links between two events and links between events and resources and between events and agents. Why do you think the basic REA template does not include direct links between (a) two resources, (b) two agents, or (c) betw
> Why is it not necessary to model activities such as entering information about customers or suppliers, mailing invoices to customers, and recording invoices received from suppliers as events in an REA diagram?
> This chapter discussed how the HR department should have responsibility for updating the HRM/payroll database for hiring, firing, and promotions. What other kinds of changes may need to be made? What controls should be implemented to ensure the accuracy
> One of the threats associated with having employees telecommute is that they may use company-provided resources (e.g., laptop, printer, etc.) for a side business. What are some other threats? What controls can mitigate the risk of these threats?
> You are responsible for implementing a new employee performance measurement system that will provide factory supervisors with detailed information about each of their employees on a weekly basis. In conversation with some of these supervisors, you are su
> Some accountants have advocated that a company’s human assets be measured and included directly in the financial statements. For example, the costs of hiring and training an employee would be recorded as an asset that is amortized over the employee’s exp
> Consider the following two situations: For the situations presented, describe the recommendations the internal auditors should make to prevent the following problems. Situation 1: Many employees of a firm that manufactures small tools pocket some of th
> This chapter noted many of the benefits that can arise by integrating the HRM and payroll databases. Nevertheless, many companies maintain separate payroll and HRM information systems. Why do you think this is so? (Hint: Think about the differences in e
> Some companies have switched from a “management by exception” philosophy to a “continuous improvement” viewpoint. The change is subtle, but significant. Continuous improvement focuses on comparing actual performance to the ideal (i.e., perfection). Conse
> Typically, McDonald’s produces menu items in advance of customer orders based on anticipated demand. In contrast, Burger King produces menu items only in response to customer orders. Which system (MRP-II or lean manufacturing) does each company use? What
> Why should accountants participate in product design? What insights about costs can accountants contribute that differ from the perspectives of purchasing managers and engineers?
> When activity-based cost reports indicate that excess capacity exists, management should either find alternative revenue-enhancing uses for that capacity or eliminate it through downsizing. What factors influence management’s decision? What are the lik
> Should companies allow purchasing agents to start their own businesses that produce goods the company frequently purchases? Why? Would you change your answer if the purchasing agent’s company was rated by an independent service, like Consumer Reports, as
> Should every company switch from the traditional 3-way matching process (purchase orders, receiving reports, and supplier invoices) to the 2-way match (purchase orders and receiving reports) used in Evaluate Receipt Settlement (ERS)? Why (not)?
> In what ways can you apply the control procedures discussed in this chapter to paying personal debts (e.g., credit card bills)?
> Procurement cards are designed to improve the efficiency of small noninventory purchases. What controls should be placed on their use? Why?
> Companies such as Wal-Mart have moved beyond JIT to VMI systems. Discuss the potential advantages and disadvantages of this arrangement. What special controls, if any, should be developed to monitor VMI systems?
> Lexsteel, a manufacturer of steel furniture, has facilities throughout the United States. Problems with the accounts payable system have prompted Lexsteel’s external auditor to recommend a detailed study to determine the company’s exposure to fraud and t
> In this chapter and in Chapter 12 the controller of AOE played a major role in evaluating and recommending ways to use IT to improve efficiency and effectiveness. Should the company’s chief information officer make these decisions instead? Should the co
> The use of some form of electronic “cash” that would provide the same kind of anonymity for e-commerce that cash provides for traditional physical business transactions has been discussed for a long time. What are the advantages and disadvantages of elec
> Invoiceless pricing has been adopted by some large businesses for B2B transactions. What are the barriers, if any, to its use in B2C commerce?
> Table 12-1 suggests that restricting physical access to inventory is one way to reduce the threat of theft. How can information technology help accomplish that objective?