How do telecommunicating workers pose IT system risks?
> Identify two of the biggest risks to companies who use e‐commerce, along with controls to prevent these risks.
> Identify and distinguish between the three types of IT systems used in the sales process.
> Two feasibility studies occur during the SDLC: one during systems planning and one during systems design. Describe the differences between these two feasibility studies.
> How could fraud be perpetrated through the sales returns process?
> How can a security guard in a warehouse be considered an important component of a company’s accounting system?
> Why should the person responsible for shipping goods to customers not also have responsibility for maintaining records of customer accounts?
> How can an effective system of internal controls lead to increased sales revenue?
> Distinguish between a pick list and a packing slip.
> Why is it important to establish and monitor credit limits for customers?
> An auditor’s characteristic of professional skepticism is most closely associated with which ethical principle of the AICPA Code of Professional Conduct?
> Why is it so important to obtain a letter of representation from an audit client?
> Which of the four types of audit reports is the most favorable for an audit client? Which is the least favorable?
> What kinds of audit tools are used to perform routine tests on electronic data files taken from databases? List the types of tests that can be per‑ formed with these tools.
> Describe the role that the board of directors should play in IT governance.
> Explain the necessity for performing substantive testing even for audit clients with strong internal controls and sophisticated IT systems.
> The test data method and an integrated test facility are similar in that they are both tests of applications controls and they both rely on the use of test data. Explain the difference between these two audit techniques.
> Batch totals and hash totals are common input controls. Considering the fact that hash totals can be used with batch processing, differentiate between these two types of controls.
> Explain why Benford’s Law is useful to auditors in the detection of fraud.
> Explain why it is customary to complete the testing of general controls before testing applications controls.
> Distinguish between auditing through the computer and auditing with the computer. When are auditors required to audit through the computer as opposed to auditing around the computer?
> If management is responsible for its own financial statements, why are auditors important?
> Distinguish among the focuses of the GAAS standards of fieldwork and standards of reporting.
> Explain how an audit trail might get “lost” within a computerized system.
> Differentiate between a compliance audit and an operational audit.
> Why would errors be reduced if a company switched input methods from manual keying of source documents to a bar code system?
> How can an ERP system assist a company in its efforts to comply with the Sarbanes–Oxley Act of 2002?
> Which method of conversion to an ERP system is sometimes referred to as a “pilot” method? Why is this name appropriate?
> Differentiate between location‐wise and modular implementation approaches to the conversion to an ERP system.
> Why should customization of an ERP system be limited?
> Why is business process reengineering an important aspect of ERP implementation?
> Which of the tier one ERP companies is likely to provide the “best fit” for a manufacturing firm? for a human resources placement company?
> What are some of the features of an ERP module for customer relationship management?
> What are some of the activities included in an ERP module for supply chain management?
> Differentiate between the features of SAP’s R/1, R/2, and R/3. What does the “R” stand for in this name?
> What was unique about SAP’s first ERP system?
> What do you think would be the advantages of an e‐payables system over a traditional system that uses paper purchase orders and invoices?
> Differentiate between the enterprise‐wide and nonvolatile features of a company’s data warehouse.
> What are the two databases used by ERP systems?
> What is an MRP II system and how is it different from the ERP systems in use today?
> How has ERP increased the responsibilities of customer service representatives?
> How are accountants involved in data conversion?
> How can control totals serve as input, processing, and output controls?
> Explain some examples of input validation checks that you have noticed when filling out forms on websites you have visited.
> Why is it critical that source documents be easy to use and complete?
> Why is it true that the use of EDI means that trading partners may need to grant access to each other’s files?
> How does the use of public cloud computing reduce costs?
> Given the business and accounting environment today, do you think it is still important to understand the manual input of accounting data?
> Can you think of any procedures in place at McDonald’s that are intended to ensure the accuracy of your order?
> What kinds of risks are inherent when an organization begins conducting business over the Internet?
> What kinds of risks are inherent when an organization stores its data in a database and database management system?
> Why is it true that increasing the number of LANs or wireless networks within an organization increases risks?
> Why should accountants be concerned about risks inherent in a complex software system such as the operating system?
> Why do you think the uppermost managers should serve on the IT governance committee?
> What kinds of duties should be segregated in IT systems?
> What is the difference between business continuity planning and disaster recovery planning? How are these two concepts related?
> What kinds of risks exist in wireless networks that can be limited by WEP, WPA, and proper use of SSID?
> How does encryption assist in limiting unauthorized access to data?
> How is an extranet different from the Internet?
> A firewall should inspect incoming and outgoing data to limit the passage of unauthorized data flow. Is it possible for a firewall to restrict too much data flow?
> Why should an organization be concerned about repudiation of sales transactions by the customer?
> Explain the general controls that can be used to authenticate users.
> What kinds of risks or problems can occur if an organization does not authenticate users of its IT systems?
> Is it necessary to have both general controls and application controls to have a strong system of internal controls?
> What is the difference between general controls and application controls?
> What does section 404 of the Sarbanes– Oxley Act require of management regarding internal control systems?
> Distinguish between the Trust Services Principles of privacy and confidentiality.
> Identify and describe the five categories of the AICPA Trust Services Principles.
> What does it mean when information flows “down, across, and up the organization”?
> Why is data contained in the data warehouse called nonvolatile?
> Why is a policies and procedures manual considered an element of internal control?
> Name and distinguish among the three types of internal controls.
> Distinguish between Internet spoofing and e‐mail spoofing.
> Describe three popular program manipulation techniques.
> Identify and explain the three types of internal source computer fraud.
> Distinguish between internal and external sources of computer fraud.
> Do you think it is possible that a business manager may perpetrate fraud and still have the company’s best interest in mind? Discuss.
> What are the advantages to using some form of IT systems for input, rather than manual input?
> Why would accounting software development companies be interested in expanding their software products into other market segments?
> What are some of the differences between ERP systems and accounting software for small companies?
> How would accounting software requirements for large corporations differ from requirements for small companies?
> Why might it be important to have internal documents produced as an output of the accounting information system?
> What are the distinguishing characteristics of cloud computing?
> How do internal reports differ from external reports?
> How does client–server computing divide the processing load between the client and server?
> Why might the time lag involved in batch processing make it unsuitable for some types of transaction processing?
> What is the difference between general controls and application controls?
> In what ways are the characteristics of e-business different from those of e-commerce?
> How is e-business a broader concept than e-commerce?
> The Gas and Java Mart (G & J) is a gas station and convenience market similar to any BP, Shell, or Speedway gas and convenience stores. G & J is a regional chain located in eastern Missouri, with 14 locations. Required: The section of this chapter ide
> The following description is excerpted from “Coupon Accounting Abuse,” Management Accounting, January 1993, p. 47. It’s November 15, and Gary, brand manager for a major consumer products firm, is contemplating his year‐end bonus. It is becoming increasi
> Explain why random access files would be preferable to sequential access files when payroll personnel are changing a pay rate for a single employee.
> At the old city hall, mail was sorted in a glorified closet—not the sort of place you’d expect to be frequented by a high‐ranking city official with multiple degrees. However, the city of Weston’s chief financial officer, Steve Kaufmann, had an unusual i
> Refer to case 48. Describe which parts of the design phase Miller should undertake to ensure that the purchased software matches with the business processes that it will use. From case 48: Miller International Corp. is in the process of purchasing a new
> Miller International Corp. is in the process of purchasing a new accounting software system. Miller is in a very specialized industry, with an international market. The company manufactures specialized parts to sell to companies in the oil exploration an
> The ElectroShock is a retailer of electronics such as cell phones, satellite radios, mp3 players, and highend LCD and plasma TVs. The ElectroShock is a large chain with stores in strip shopping centers throughout the United States. However, each store is
> Putnam Sound, Inc. (PSI) is a manufacturer of stereo speaker systems. The company prepares special journals and subsidiary ledgers for its revenue, expenditures, payroll, and conversion processes. For administrative processes, however, journal vouchers a
> Clouse Analytics is a financial services consulting firm that assists its clients with financial analyses surrounding proposed business ventures. John Y. Clouse is the firm’s founder and project director. As such, he is responsible for preparing most of
> Trudy’s Trendy Threads (TTT) is a regional wholesaler of women’s casual attire. The company is located in Jacksonville, Florida, and it sells to retail stores in resort communities in Florida, Georgia, and the Carolinas. TTT employs six salespeople, with
> The screen capture that follows shows the relation‑ ships in a Microsoft Access database. For each relationship, explain the following: a. The type of parent–child relationship it represents. b. Which attributes in t
> Kroger Co., a large, nationwide grocery chain, maintains a customer reward system titled the “Kroger Plus” card. Customers who enroll in this system are entitled to discounts on products at Kroger stores and on gasoline. To earn discounts and other rewa
