Question: Listed here are 20 control plans discussed
Listed here are 20 control plans discussed in the chapter. On the blank line to the left of each control plan, insert a P (preventive), D (detective), or C (corrective) to classify that control most accurately. If you think that more than one code could apply to a particular plan, insert all appropriate codes and briefly explain your answer.
Transcribed Image Text:
Code Control Plan 1. Aptitude tests 2. Program change controls 3. Fire and water alarms 4. Fire and water insurance 5. Install batteries to provide backup for temporary loss of power 6. Backup and recovery procedures 7. Service level agreements 8. IT steering committee 9. Security officer 10. Operations run manuals 11. Rotation of duties and forced vacations 12. Fidelity bonding 13. Personnel management (supervision) 14. Personnel termination procedures 15. Segregati on of duties 16. Strategic IT plan 17. Disaster recovery planning 18. Restrict entry to the computer facility through the use of employee badges, guest sign-in, and locks on computer room doors 19. Access control software 20. Personnel development controls
> The chapter presented a brief example of how the OE/S process might or might not support the decision-making needs of marketing managers. For each of the functional positions shown in the organization chart of Figure 10.2 (pg. 361), Figure 10.2: Spec
> Among the three functional entities (marketing, finance, and logistics) shown in Figure 10.1 (pg. 359), Figure 10.1: What goal conflicts could exist, and how might this affect the results of the OE/S process? FIGURE 101 A Haraontal Perspecive of
> Figure 9.10: Lists 10 control plans from this chapter and three control goals for the information process. Fill in the table cells, as appropriate, to indicate which control plans can accomplish which control goals. Number your entries, and describe th
> Figure 9.9 (p. 346) depicts the transmission of an electronic message incorporating public key cryptography, encryption, and digital signatures. Answer the following questions related to that figure: 1. Can anyone read the message? Why? 2. Can Sally be s
> Using Figure 8.9, Figure 8.9: Select one COBIT process in each COBIT domain and find a specific control plan from the chapter that you believe would be categorized in the process. You will have five answers. For example: A requirements walkthrough wo
> Search the Internet or an organization to which you have access (e.g., university, your employer) to find a company policy related to employees (e.g., hiring policy) or IT (e.g. password policy). Summarize the policy and explain how the policy enhances p
> Research the Internet, newspapers, magazines, and journals to find a recent fraud case involving IT and pervasive controls failure. Develop a report (format and length to be determined by your instructor) briefly describing the case, what pervasive contr
> 1. Using a key of 2 and an algorithm of adding and subtracting from alternating letters starting with addition, encrypt the word “accounting.” 2. Using a key of 3 and an algorithm of adding and subtracting from alternating letters starting with subtracti
> The following is a list of six control plans from this chapter, followed by a list of five situations that have control implications. Match each of the five situations with the control plan that would best prevent the system failure from occurring. Becau
> Consider a business process that you have experienced at work, as a customer, or as a student. Examples might include any process in a work setting, such as payroll and purchasing, or any process with which you have interacted, such as ordering from a We
> The following is a list of six control plans from this chapter, followed by a list of five situations that have control implications. Match each of the five situations with a control plan that would best prevent the system failure from occurring. Because
> Match the concept in List 1 with the definition or description in List 2. There is only one correct or best answer for each match. Therefore, you should have three letters left over from List 1. List 1—Terms A. Pervasive control plan B. Preventive contro
> Match the concept in List 1 with the definition or description in List 2. There is only one correct or best answer for each match. Therefore, you should have three letters left over from List 1. List 1—Terms A. Input accuracy B. Input validity C. Pervasi
> Provide a comparison of the internal control frameworks of COSO’s ERM and SAS No. 78/COSO 2013 Internal Control – Integrated Framework. Discuss (in a manner prescribed by your professor) the implications to independent auditors of the differences.
> Examine the REA model for Hera Industrial Supply that appears in Figure 6.18. Figure 6.18: For each of the six entities in the model, list the attributes that a database designer should include in each table. Identify primary key attributes with (PK
> Examine the REA model for Hera Industrial Supply that appears in Figure 6.18. Figure 6.18: Determine the maximum cardinalities for each of the eight relationships indicated in the model. State any assumptions you needed to make, and be prepared to d
> Examine Figure 6.18, which contains the REA model for Hera Industrial Supply (HIS). The model is partially completed; it includes all entities and relationships, but it does not include cardinalities or descriptions of the relationships (which would appe
> Using the vendor and purchase order tables from Short Problem 6-3 and SQL commands, create a query to find out the date of each purchase order and the vendor by name each purchase order was sent to.
> Using SQL commands, create a vendor table and purchase order table, and populate them with data.
> Develop the REA data model from Short Problem 6-1 into an E-R diagram with maximum cardinalities. Assume that each inventory item can be ordered multiple times. Draw the model using Microsoft Visio (or other software).
> Describe how an enterprise system can assist an organization in optimizing its value system.
> Develop an REA data model for ordering inventory. Consider this a single event. You will need to identify the associated resource(s) and agent(s). Draw the model using Microsoft Visio (or other software).
> Using database software (e.g., Access) and the database tables implemented in SP 5-3, run a query identifying customers by name and the inventory item(s) they received by description. Obtain a printout of the query design and the results.
> Implement the E-R diagram from SP 5-1 as tables in a database software package, such as Access. Once the tables are created, link the tables together in relationships. Finally, populate the tables with several instances of each entity. To do this, it wil
> Using the E-R diagram in from SP 5-1, write a description for each of the relationships in the diagram. In your description, include the cardinalities. For example, you might describe the relationship between CUSTOMERS and SHIPMENTS as: “Shipments are ma
> Using Microsoft Visio (or an alternative software), create an E-R diagram with maximum cardinalities for the shipping of inventory to customers. Show this diagram as an REA model identifying resources, events, and agents.
> Historically, many businesses served only local customers. That model usually limited customers to a small geographic area. Identify a specific type of business, and compare/contrast the opportunities and risks for the business pre-Internet, and in today
> Identify a specific situation in which periodic processing is sufficient to support the business process, and a second situation where immediate processing is necessary to adequately support the process.
> E-business has allowed companies to reduce inventory while simultaneously offering a wide variety of items. Amazon.com is an example of such a company. Identify another organization that has expanded or improved (or could potentially expand or improve) b
> Provide an example of a business where the evolution of communication (i.e., face-to-face, phone, e-mail, etc.) has altered its business activities. What are the advantages and disadvantages associated with these changes?
> Some people believe that an automated accounting system is always better than a manual system. Describe circumstances, and provide examples, where you would recommend a manual system rather than automated solution.
> Periodically, you will read in the news about one company in the ERP industry acquiring another company in that industry. Discuss the pros and cons of consolidation of the ERP software industry.
> Enterprise systems may provide better information than nonintegrated systems for management decisions. Provide specific examples that support (or refute) this claim.
> Consider the business event–processing activity, entering a customer’s order. Identify the key business event data (who, what, where, and when) you would want to capture. (For an example of the event you may refer to F
> Find the most current listing of the AICPA’s or CPA Canada’s Top Technology Initiatives Survey. Research and write a paper on the accounting and business implications for the number one item on the list. Include any external pressures that may impact the
> Identify the skills required to be a forensic accountant. How does the knowledge of technology and AIS help enable or augment those skills?
> Find the most current listing of the AICPA’s or CPA Canada’s Top Technology Initiatives Survey. Compare the listing to prior years’ listings. Identify and discuss trends among the years. Your professor will tell you how long your paper should be.
> About three decades ago, in his first address as Chairman of the Board of the American Institute of Certified Public Accountants (AICPA), Robert K. Elliott said: Knowledge leveraging will shape a wide range of CPA services. CPAs will be able to identify
> The following is a brief description of the financial statement assertions from PCAOB Auditing Standards Section AU 326, Evidential Matter: A. Existence or occurrence: Assets or liabilities of the entity exist at a given date (existence) or recorded tran
> The following is a list of 12 control plans from this chapter, followed by a list of 10 examples of System Failures or problem situations that have control implications: Match the 10 system failures with a control plan that would best prevent the system
> The following narrative describes the processing of customer mail orders at Eye-Dee-A-Pet, Inc.: Eye-Dee-A-Pet, Inc. is a small manufacturing operation engaged in the selling of digital identification chips that can be implanted into household pets, such
> Research the Internet, newspapers, magazines, and journals to find recent incidences of denial-of-service attacks on one or more Web sites. Develop a report (format and length to be determined by your instructor) providing a general overview of the incid
> The Tigris Company is considering taking customers’ orders on its Web site. a. What information would Tigris collect from the customer during this process? b. What information would need to come from Tigris’ Web and back-end systems to complete the order
> Research the Internet, newspapers, magazines, and journals to find recent incidences of outages of one or more Web sites. Develop a report (format and length to be determined by your instructor) providing a general overview of the incident(s), including
> Examine the last column in Table 8.2 (p. 280) for the following personnel only: access control officer, chief information officer (CIO), structural security/disaster recovery manager, testing/quality assurance, and database administrator. For each of the
> AS5 outlines the processes for “An Audit of Internal Control over Financial Reporting That Is Integrated with an Audit of Financial Statements.” Paragraph 24 of this document lists eight entity-level controls. Entity-level controls are comparable to the
> Personnel at C&P Company must perform the following functions: 1. Receive checks and remittance advice from customers. 2. Approve vendor invoices for payment and prepare checks. 3. Approve credit memoranda for customer sales returns. 4. Record collection
> Assume that accounts payable are processed on a computer and that the options in the accounts payable system module are as follows: 1. Maintain vendor master data (i.e., add, change, or delete vendors in the vendor master data). 2. Record vendor invoices
> The following is a list of 13 control plans from this chapter, followed by a list of 10 situations that have control implications. Match the 10 situations with the control plan that would best prevent the system failure from occurring. Because there are
> The following is a list of 10 common security problems. For each problem, describe why it is a problem and choose a control plan from this chapter that would prevent or detect the problem from occurring. a. Criminals posing as small business owners obtai
> Figure 7.8: depicts the adaptation of a sample control matrix from a PricewaterhouseCoopers guide for Section 404 of the Sarbanes-Oxley Act of 2004.28 We have added some data from the Suprina Company example to the first row of the matrix. Compare the
> The CFO of PKD Corporation is very uncomfortable with its current risk exposure related to the possibility of business disruptions. Specifically, PKD is heavily involved in E-business, and its internal information systems are tightly interlinked with its
> After the core of an ERP system has been implemented, any of the modules may then be implemented separately. What is the implication of being able to implement an ERP system on a piece-by-piece basis?
> In the following first list are 10 examples of the items described in the second list. Match the two lists by placing the capital letter from the first list on the blank line preceding the description to which it best relates. You should have two letters
> Following is a list of eight generic control goals from the chapter, followed by eight descriptions of either process failures (i.e., control goals not met) or instances of successful control plans (i.e., plans that helped to achieve control goals). List
> Conduct research to determine management’s responsibility for establishing and maintaining an adequate system of internal control. Create a written report, in a manner prescribed by your instructor, describing applicable statutory and professional guidan
> Match the concept in List 1 with the definition or description in List 2. There is only one correct or best answer for each match. Therefore, you should have two letters left over from List 1. List 1—Concepts A. Application (i.e., automated) control B. C
> The following E-R diagram (Figure 6.19) Figure 6.19: Represents students registering for classes for a single semester. Assume that the Registration table can hold a complete history of each individual student’s registration events.
> Using the REA model in Figure 6.18 (pg. 222) Figure 6.18: And your answers to Discussion Questions 6-2, 6-3, and 6-4, create a database for HIS in the software package of your choice. This will require that you do the following: a. Create tables for
> This problem is a continuation of Problem 6-3 but requires use of a spreadsheet package that is capable of reading data from your database package (e.g., Excel can import data from an Access database). a. Using your spreadsheet package, construct SQL que
> Note: This problem is a continuation of Problem 6-3 but requires access to the Internet, a site for posting the database on the Web, and an understanding of Internet access. a. Take the database developed in Problem 6-3 and place it on the Internet (or y
> Using the information from Figure 6.12 (pg. 212) and Figure 6.13 create the database in the software package of your choice. This will require three steps: Implement the relations from Figure 6.13. Insert the data from Figure 6.13 into the relational tab
> Human Resources department needs the work time, vacation time, and sick time for Greg Kinman (see the EMPLOYEE table in Figure 6.13). What SQL command(s) would you use to extract this information from the tables in Figure 6.13?
> To be of any value, a modern information process must assist all levels of management.” Discuss.
> What SQL command(s) would you use to add the date on which an employee was hired to the EMPLOYEE table represented in Figure 6.13 (pg. 213)? Name this new attribute Employment_Date. Assume that the employees were hired on the following dates, using a yea
> Transform the database structure that appears in Figure 5.15 into 3NF. Be sure to show your intermediate steps of 1NF and 2NF.
> This problem asks you to research the literature for applications of intelligent systems. Your instructor will guide you regarding the number of pages required for each part. a. Develop a paper that outlines the use of ES in accounting and tax applicatio
> Review the E-R diagram in Figure 5.14 (pg. 189) and: a. List the resources, events, and agents that are represented as entities in this diagram. b. Write a description for each of the six relationships in the diagram. In your description, include the car
> A local accounting firm that is growing rapidly has asked for your help. The firm has four partners who are primarily responsible for developing new business. In addition to developing new business, the partners are very busy with their management tasks,
> Use the database structure and sample data in Figure 5.10 to: a. Combine the tables to obtain a complete record of orders and shipments. Obtain a printout of the algorithm(s) used to combine the tables and a printout of the list of these records. b. Writ
> Using the database structure and sample data in Figure 5.10 (pg. 169) as a starting point (rather than Figure 5.2), complete the requirements of Problems 5-1 through 5-3 (or whatever portions of those problems your instructor may indicate).
> Note: This problem is a continuation of Problem 5-1. a. Write a “program” to enter customer order amounts into the database and to have the system either warn the user if the new order places the customer over his or her credit limit or advise the user i
> a. “Search” the database for all customers with a specific state (choose a state that is common to at least two but not to all of your customers). Obtain a printout of your search algorithm and a list of customers whose records met the search parameter.
> Using a spreadsheet (e.g., Excel), design a decision aid to help you complete the following task. You are looking for a new apartment and decided to go through a realtor instead of shopping for the apartment through advertisements. Avbel Realty provided
> Describe two structured decisions and two unstructured decisions. Discuss the relative amount of structure in each decision.
> Use the Internet to research knowledge management systems. Specifically, (1) find one example of a knowledge management system, (2) identify the provider or vendor, (3) provide the Web site URL, and (4) list the features of the system found that help an
> Technology Summary 5.2 (pp. 159–160) uses examples of employee ID codes to illustrate five data coding types. Refer to those examples. Create student ID codes that illustrate each of the five coding schemes. Discuss the strengths and weaknesses of each e
> Use the Internet to research the database integration features of an ERP software package and a CRM software package. The number of pages will be indicated by your instructor. a. Learn about the ERP products of SAP and the CRM products of Oracle’s Siebel
> Figure 5.16 (pg. 191) is a sample from a spreadsheet used to record donors for a small college. You have been asked to design and implement a database to allow easy inputting, updating, and reporting of contribution data. Figure 5.16: a. Transform the
> Before starting this problem, you should consult the customer master data record layout in Figure 5.2 (pg. 148). Figure 5.2: Using the database software indicated by your instructor: a. Create the “structure” for th
> The chapter describes how a batch processing system works with a used book shop as an example. Looking at Figure 3.2 and its description of how the system works, identify another type of business that might use a similar batch processing system, and desc
> Use the Internet to locate www.cia.gov and www.Amazon.com. Find the privacy and security policies for each. Compare and contrast the use of privacy statements, encryption, SSL, and cookie policies.
> Using the Internet, find and describe an Internet market exchange or Internet auction market. Your discussion should include the products and services available and the type of buyers and sellers you expect to participate. If you choose a private market,
> Explain how EDMhas been (or could be) used in your AIS class to eliminate all paper flow between the students and professor. Include in your explanation what technologies were (would be) necessary to enable your plan. (Your professor will direct you rega
> Develop a research paper on the use of the Internet to support EDI between companies. Your paper should consider how companies set up communications over the Internet to maintain the same security and standardization that are achieved using VANs for non-
> Comparing relevance and reliability, which information quality is most important? Support your answer with examples.
> Identify a business venture that you believe could be successful using only Internet commerce. Explain how you would design your Web page, how you would capture business event data, and the mode of processing you would use. Provide a report detailing sup
> Consider a business you might want to start on the Internet using e-mail to communicate with customers and capture business data. Explain why e-mail would be a good approach for your business. Draft a brief business plan evaluating the advantages and dis
> Technology Summary 3.4 briefly describes cloud computing. Write a report on the opportunities and concerns relating to a company using the cloud for mission critical software applications. (Your professor will direct you regarding the length of the repor
> Using the four methods of conducting E-business (e-mail, EDM, EDI, and Internet commerce), select a business of your choice and describe how each method is currently integrated into their business or how each method could be incorporated into their busin
> Find a merchandising business on the Internet (other than the Eddie Bauer or Amazon.com examples used in this chapter). Explore its Web page and how the order processing system works. a. Is there any information provided on how secure the Web page is? Wh
> There are several organizations that provide Internet assurance services. Although WebTrust was created by CPAs and has been in existence for several years, it has met limited acceptance by business. If Internet assurance is truly important, why do you t
> Imagine that you are conducting a field-based research project for your AIS class in a small local business. Assume that the business is a custom furniture manufacturer. In the course of your project, you tell the owner that you are using SAP in your AIS
> Choose a familiar Web site, such as Dell, Amazon.com, or Walmart. Describe the order-to-cash process from the customer’s perspective as illustrated by that site.
> Conduct research on the Web sites of either CIO Magazine or CFO Magazine (or another that your instructor suggests) for stories about ERP implementation successes and failures. Using specific examples, describe the reasons for the successes and failures.
> Choose (or you instructor may designate) an ERP add-on module (such as CRM, SCM, PLM, or SRM). Describe how Airgas (or another organization selected by your instructor) might use the module to support its business value chain.
> Regarding financial reporting, which quality of information do you think should be superior to all other qualities? Discuss your answer.
> I just want to be a good accountant, technology does not interest me.” Comment on this statement, considering today’s technology environment.
> How do you explain why investment falls as the interest rate rises?
> According to classical economists, does Say’s Law hold in a money economy? Explain your answer.
