Explain why Benford’s Law is useful to auditors in the detection of fraud.
> What characteristics of administrative processes are different from the characteristics of revenue, expenditures, or conversion processes?
> Think of a company that you have worked for or with which you have done business. Which departments within the company need reports generated by the accounting information systems?
> How can conversion processes be manipulated to show higher earnings?
> What is the difference between MRP, MRP‐II, and ERP?
> What is the difference between CAD, CAM, and CIM?
> How can programmed controls within the IT system for conversion processes enhance internal controls?
> Explain how a physical inventory count would differ in a company using a perpetual inventory system versus one using a period inventory system.
> Why is it so important that variance reports be prepared in a timely manner?
> Why is it important to separate the functions of inventory control and the production stations? What could go wrong if these functions were not separated?
> What are the three primary components of logistics?
> Explain the necessity of supervision over fixed assets.
> What is different about the nature of fixed asset purchasing that makes authorization controls important?
> For each category of business processes (revenue, expenditure, conversion, and administrative), give an example of a business process.
> What are some of the practical characteristics of fixed assets that complicate the calculation of depreciation?
> Explain why categorizing fixed asset expenditures as expenses or capital assets is important.
> Why is batch processing well suited to payroll processes?
> Explain two things that should occur to ensure that hours worked on a time card are accurate and complete.
> Explain why an employee’s individual record is accessed frequently, but changed relatively infrequently.
> Why do you think management should specifically approve all employees hired?
> Sales and inventory purchases are routine processes that occur nearly every day in a business. How are these routine processes different from payroll or fixed asset processes?
> Explain how procurement cards provide for increased efficiencies in the accounts payable department.
> How are Web browsers used in e‐payables systems?
> Explain why the availability of computer systems in the receiving department is such an important component of an automated expenditures process.
> There are four methods of data collection used in the study of the current system: observation, documentation review, interviews, and questionnaires. Compare and contrast these four methods.
> Identify compensating controls needed for an effective ERS system.
> Explain how system logic errors could cause cash management problems.
> Identify some inefficiencies inherent in a manual expenditures processing system.
> What specifically does a cash disbursements clerk do when he or she “cancels” an invoice? How does this compare with the procedures followed when computer‐based matching in the system is utilized?
> Why should a receiving clerk be denied access to information on a purchase order?
> Why are backup systems one of the most important controls for POS systems?
> What are the three standard parts of an EDI data transmission?
> What controls should a company implement to ensure consistency of sales information between the front end and back end of its systems?
> Identify two of the biggest risks to companies who use e‐commerce, along with controls to prevent these risks.
> Identify and distinguish between the three types of IT systems used in the sales process.
> Two feasibility studies occur during the SDLC: one during systems planning and one during systems design. Describe the differences between these two feasibility studies.
> How could fraud be perpetrated through the sales returns process?
> How can a security guard in a warehouse be considered an important component of a company’s accounting system?
> Why should the person responsible for shipping goods to customers not also have responsibility for maintaining records of customer accounts?
> How can an effective system of internal controls lead to increased sales revenue?
> Distinguish between a pick list and a packing slip.
> Why is it important to establish and monitor credit limits for customers?
> An auditor’s characteristic of professional skepticism is most closely associated with which ethical principle of the AICPA Code of Professional Conduct?
> Why is it so important to obtain a letter of representation from an audit client?
> Which of the four types of audit reports is the most favorable for an audit client? Which is the least favorable?
> What kinds of audit tools are used to perform routine tests on electronic data files taken from databases? List the types of tests that can be per‑ formed with these tools.
> Describe the role that the board of directors should play in IT governance.
> Explain the necessity for performing substantive testing even for audit clients with strong internal controls and sophisticated IT systems.
> The test data method and an integrated test facility are similar in that they are both tests of applications controls and they both rely on the use of test data. Explain the difference between these two audit techniques.
> Batch totals and hash totals are common input controls. Considering the fact that hash totals can be used with batch processing, differentiate between these two types of controls.
> Explain why it is customary to complete the testing of general controls before testing applications controls.
> Distinguish between auditing through the computer and auditing with the computer. When are auditors required to audit through the computer as opposed to auditing around the computer?
> If management is responsible for its own financial statements, why are auditors important?
> Distinguish among the focuses of the GAAS standards of fieldwork and standards of reporting.
> Explain how an audit trail might get “lost” within a computerized system.
> Differentiate between a compliance audit and an operational audit.
> Why would errors be reduced if a company switched input methods from manual keying of source documents to a bar code system?
> How can an ERP system assist a company in its efforts to comply with the Sarbanes–Oxley Act of 2002?
> Which method of conversion to an ERP system is sometimes referred to as a “pilot” method? Why is this name appropriate?
> Differentiate between location‐wise and modular implementation approaches to the conversion to an ERP system.
> Why should customization of an ERP system be limited?
> Why is business process reengineering an important aspect of ERP implementation?
> Which of the tier one ERP companies is likely to provide the “best fit” for a manufacturing firm? for a human resources placement company?
> What are some of the features of an ERP module for customer relationship management?
> What are some of the activities included in an ERP module for supply chain management?
> Differentiate between the features of SAP’s R/1, R/2, and R/3. What does the “R” stand for in this name?
> What was unique about SAP’s first ERP system?
> What do you think would be the advantages of an e‐payables system over a traditional system that uses paper purchase orders and invoices?
> Differentiate between the enterprise‐wide and nonvolatile features of a company’s data warehouse.
> What are the two databases used by ERP systems?
> What is an MRP II system and how is it different from the ERP systems in use today?
> How has ERP increased the responsibilities of customer service representatives?
> How are accountants involved in data conversion?
> How can control totals serve as input, processing, and output controls?
> Explain some examples of input validation checks that you have noticed when filling out forms on websites you have visited.
> Why is it critical that source documents be easy to use and complete?
> Why is it true that the use of EDI means that trading partners may need to grant access to each other’s files?
> How does the use of public cloud computing reduce costs?
> Given the business and accounting environment today, do you think it is still important to understand the manual input of accounting data?
> Can you think of any procedures in place at McDonald’s that are intended to ensure the accuracy of your order?
> What kinds of risks are inherent when an organization begins conducting business over the Internet?
> How do telecommunicating workers pose IT system risks?
> What kinds of risks are inherent when an organization stores its data in a database and database management system?
> Why is it true that increasing the number of LANs or wireless networks within an organization increases risks?
> Why should accountants be concerned about risks inherent in a complex software system such as the operating system?
> Why do you think the uppermost managers should serve on the IT governance committee?
> What kinds of duties should be segregated in IT systems?
> What is the difference between business continuity planning and disaster recovery planning? How are these two concepts related?
> What kinds of risks exist in wireless networks that can be limited by WEP, WPA, and proper use of SSID?
> How does encryption assist in limiting unauthorized access to data?
> How is an extranet different from the Internet?
> A firewall should inspect incoming and outgoing data to limit the passage of unauthorized data flow. Is it possible for a firewall to restrict too much data flow?
> Why should an organization be concerned about repudiation of sales transactions by the customer?
> Explain the general controls that can be used to authenticate users.
> What kinds of risks or problems can occur if an organization does not authenticate users of its IT systems?
> Is it necessary to have both general controls and application controls to have a strong system of internal controls?
> What is the difference between general controls and application controls?
> What does section 404 of the Sarbanes– Oxley Act require of management regarding internal control systems?
> Distinguish between the Trust Services Principles of privacy and confidentiality.
> Identify and describe the five categories of the AICPA Trust Services Principles.
> What does it mean when information flows “down, across, and up the organization”?
