How could it be possible for two companies to conduct EDI if they are not directly connected with each other?
> What are the two types of documents or reports that are likely to trigger the conversion process?
> Differentiate between the roles of the engineering and the research and development departments.
> Differentiate between a bill of materials and an operations list.
> Why are conversion activities typically considered routine data processes?
> Do conversion processes occur in manufacturing companies only? Why, or why not?
> What are the three resources that an organization must have to conduct a conversion (or transformation) process?
> How does the misclassification of fixed asset expenditures result in misstatement of financial statements?
> Why might a supervisor collude with an employee to falsify time cards?
> For each of the following parts of an IT system of a company, write a one‐sentence description of how unauthorized users could use this as an entry point: a. A local area network (LAN) b. A wireless network c. A telecommuting worker d. A company webs
> What negative things might occur if fixed asset software systems lacked appropriate access controls?
> Why is the beginning of a fiscal year the best time to implement a fixed asset software system?
> Explain why a real‐time update of fixed asset records might be preferable to batch processing of fixed asset changes.
> Why are some fixed assets susceptible to theft?
> Why is it important to conduct an investment analysis prior to the purchase of fixed assets?
> Fixed assets are purchased and retired frequently. Given this frequent change, why are clear accounting records of fixed assets necessary?
> What are the advantages of outsourcing payroll?
> What are the advantages of automated time keeping such as bar code readers, or ID badges that are swiped through a reader?
> Why do payroll processes result in sensitive information, and what is the sensitive information?
> Why is it important to use an independent paymaster to distribute paychecks?
> For each AICPA Trust Services Principles category shown, list a potential risk and a corresponding control that would lessen the risk. An example is provided. EXAMPLE Security: Risk: A hacker could alter data. Control: Use a firewall to limit unauthori
> What is the purpose of supervisory review of employee time cards?
> Explain the reasons for an organization having a separate bank account established for payroll.
> Why is it important that the human resources department maintain records authorizing the various deductions from an employee’s paycheck?
> Even though payroll and fixed asset processes may not be as routine as revenue processes, why are they just as important?
> What techniques can a company use to reveal problems concerning potential exposure to unauthorized access to its systems?
> Identify three ways that buyers and sellers may be linked electronically.
> Identify each category of risk that can be reduced by using authority tables, computer logs, passwords, and firewalls.
> What is typically the most time‐consuming aspect of the expenditures process?
> What paper document is eliminated when ERS is used?
> What can a company do to protect itself from business interruptions due to power outages?
> Each of the given situations is independent of the other. For each, list the programmed input validation check that would prevent or detect the error. a. The ZIP code field was left blank on an input screen requesting a mailing address. b. A state abbr
> How is an audit trail maintained in an IT system where no paper documents are generated?
> Explain how system availability problems could cause cash management problems.
> List three examples of BPR used in the expenditures processes.
> What are the advantages of BPR?
> What accounting records are used by accounts payable personnel to keep track of amounts owed to each vendor?
> Why should accountants periodically review the sequence of checks issued?
> During the process of reconciling the bank account, why is it necessary to review the dates, payees, and signatures on the canceled checks?
> Why would some checks need to include two signatures?
> Which department is responsible for making sure that payments are made in time to take advantage of vendor discounts?
> Under what circumstances would it be necessary to manually update accounts payable prior to the receipt of a vendor’s invoice?
> Discuss the accuracy of the following statements regarding internal control: • The more computerized applications exist within a company’s accounting system, the lower the risk will be that fraud or errors will occur. • The more involved top management
> Briefly describe the five components of an accounting information system.
> How does the maintenance of a receiving log enhance internal controls?
> Name the first document that should be prepared when a production employee recognizes that the quantity of goods on hand is insufficient to meet customer demand.
> Describe a popular fraud scheme where company employees misuse the sales revenues cutoff.
> List some advantages of a POS system.
> What is the purpose of maintaining transaction logs? Why are they especially important in IT systems?
> List the advantages of an EDI system.
> What are the three important characteristics of the EDI definition?
> Why is a redundant server system needed in an e‐commerce environment?
> List the advantages of e‐commerce systems.
> Identify the steps involved in risk assessment. Do you think it would be effective for an organization to hire external consultants to develop its risk assessment plan? Why, or why not?
> Distinguish between B2B sales and B2C sales. Other than those presented in this chapter, name a company from your personal experience that uses B2C sales.
> How are sales invoices used (in a manual system) in the preparation of credit memos?
> What is the purpose of a credit memorandum?
> How can auditors evaluate internal controls when their clients use IT outsourcing?
> Think about a place you have worked where computers were present. What are some physical and environmental controls that you have observed in the workplace? Provide at least two examples of each from your personal experience.
> Identify four important aspects of administrative control in an IT environment.
> During which phase of an audit would an auditor consider risk assessment and materiality?
> List the techniques used for gathering evidence.
> Which professional standard‐setting organization provides guidance on the conduct of an IT audit?
> Explain how the presence of IT processes can improve the quality of information that management uses for decision making.
> Think of a job you have held, and consider whether the control environment was risky or conservative. Describe which you chose and why.
> Describe the three causes of information risk.
> Identify the three areas of an auditor’s work that are significantly impacted by the presence of IT accounting systems.
> Which type of audit is most likely to be performed by government auditors? Which type of audit is most likely to be performed by internal auditors?
> What are assurance services? What value do assurance services provide?
> Which tier one company introduced the first ERP system that was “pure Internet,” requiring no programming code to reside on the client computer?
> Differentiate between Oracle’s back office and front office modules.
> Which company is today’s top seller of ERP systems in the United States?
> How did the tragic events of September 11, 2001, affect the market for ERP systems?
> How do ERP II systems allow businesses to improve efficiencies with respect to sharing information with trading partners?
> Why is real‐time processing essential in an ERP system?
> Describe why the control environment is regarded as the foundation of a business’s system of internal control.
> Describe how ERP systems enhance efficiency in a business organization.
> What ethical obligations do employees have as IT systems are revised?
> How does the SDLC serve as an internal control?
> Why is post implementation review undertaken?
> Why is user acceptance important?
> Why is parallel conversion costly?
> Why is a direct cutover conversion risky?
> What is the purpose of software testing?
> Which part of the system design phase would include designing rows and columns of output reports? Why is it important to design reports?
> Within the system design phase, what are the purposes of evaluation and selection?
> What are some ways a business could promote its code of ethics?
> How is conceptual design different from detailed design?
> Why might it be important to follow some or all of the SDLC phases for purchased software?
> What are the advantages of Internet EDI over traditional EDI?
> What are the ten areas of privacy practices described in the Online Privacy section of the AICPA Trust Services Principles?
> Describe the benefits to a company that engages in B2B transactions via the Internet.
> Describe the benefits to the company of B2C sales.
> Using Anheuser‐Busch’s BudNet example presented in this chapter, think about the queries that might be valuable if a company like Gap, Inc., used data mining to monitor its customers’ buying behavior.
> Identify several factors that indicate the need for more extensive internal controls covering conversion processes.
> Explain the kinds of information that must be maintained in fixed asset records during the asset continuance phase.
> Describe how the use of prenumbered forms for debit memos can help a company ascertain that purchase return transactions have not been omitted from the accounting records.
> Explain the relationship between computer hacking and industrial espionage. Give a few additional examples of how hacking could cause damage in a business.
> Explain why standards of fieldwork for GAAS are not particularly helpful to an auditor who is trying to determine the types of testing to be used on an audit engagement.
> Identify which of the cardinal relationships apply, from the following: a. Component part–product b. Customer–product c. Employee ID badge–employee d. Employee–supervisor e. Vendor–check
> Arrange the following database models in order from earliest development to most recent: network databases, hierarchical databases, flat file databases, and relational databases.