The following description represents the policies and procedures for agent expense reimbursements at Excel Insurance Company. Agents submit a completed expense reimbursement form to their branch manager at the end of each week. The branch manager reviews the expense report to determine whether the claimed expenses are reimbursable based on the company’s expense reimbursement policy and reasonableness of amount. The company’s policy manual states that agents are to document any questionable expense item and that the branch manager must approve in advance expenditures exceeding $500. After the expenses are approved, the branch manager sends the expense report to the home office. There, accounting records the transaction, and cash disbursements prepares the expense reimbursement check. Cash disbursements sends the expense reimbursement checks to the branch manager, who distributes them to the agents. To receive cash advances for anticipated expenses, agents must complete a Cash Advance Approval form. The branch manager reviews and approves the Cash Advance Approval form and sends a copy to accounting and another to the agent. The agent submits the copy of the Cash Advance Approval form to the branch office cashier to obtain the cash advance. At the end of each month, internal audit at the home office reconciles the expense reimbursements. It adds the total dollar amounts on the expense reports from each branch, subtracts the sum of the dollar totals on each branch’s Cash Advance Approval form, and compares the net amount to the sum of the expense reimbursement checks issued to agents. Internal audit investigates any differences. Identify the internal control strengths and weaknesses in Excel’s expense reimbursement process. Look for authorization, recording, safeguarding, and reconciliation strengths and weaknesses.
> Do you agree that the most effective way to obtain adequate system security is to rely on the integrity of company employees? Why or why not? Does this seem ironic? What should a company do to ensure the integrity of its employees?
> Effective segregation of duties is sometimes not economically feasible in a small business. What internal control elements do you think can help compensate for this threat?
> What privacy concerns might arise from the use of biometric authentication techniques? What about the embedding of RFID tags in products such as clothing? What other technologies might create privacy concerns?
> You are the systems analyst for the Wee Willie Williams Widget Works (also known as Dub 5, which is a shortened version of 5 Ws). Dub 5 produces computer keyboard components. It has been producing keyboards for more than 20 years and has recently signed
> At 9:00., Andrew Mantovani, cofounder of the group Shadowcrew, received a knock at his door while chatting on his computer. For Mantovani and 27 others, that knock marked the end of Shadowcrew, which provided online marketplaces and discussion forums for
> Match the description in the right column with the information characteristic in the left column. 1. Relevant a. The report was carefully designed so that the data contained on the report became information to the reader 2. Reliable b. The manager wa
> What are the advantages and disadvantages of the three types of authentication credentials (something you know, something you have, and something you are)?
> From the viewpoint of the customer, what are the advantages and disadvantages to the opt-in versus the opt-out approaches to collecting personal information? From the viewpoint of the organization desiring to collect such information?
> The controller of a small business received the following e-mail with an authentic-looking e-mail address and logo: From: Big Bank [antifraud@bigbank.com] To: Justin Lewis, Controller, Small Business USA Subject: Official Notice for all users of Big
> a. Prepare a context diagram and a level 0 DFD to document accounts payable processing at S&S. b. Prepare a document flowchart to document accounts payable processing at S&S.
> On a Sunday afternoon at a hospital in the Pacific Northwest, computers became sluggish, and documents would not print. Monday morning, the situation became worse when employees logged on to their computers. Even stranger things happened—operating room d
> Explain what is meant by objective setting and describe the four types of objectives used in ERM.
> Do you agree with the following statement: “Any one of the systems documentation procedures can be used to adequately document a given system”? Explain.
> Which preventive, detective, and/or corrective controls would best mitigate the following threats? a. An employee’s laptop was stolen at the airport. The laptop contained personally identifying information about the company’s customers that could potenti
> The UCLA computer lab was filled to capacity when the system slowed and crashed, disrupting the lives of students who could no longer log into the system or access data to prepare for finals. IT initially suspected a cable break or an operating system fa
> The first column in Table 10-3 lists transaction amounts that have been summed to obtain a batch total. Assume that all data in the first column are correct. Cases a through d each contain an input error in one record, along with a batch total computed f
> The Moose Wings Cooperative Flight Club owns a number of airplanes and gliders. It serves fewer than 2,000 members, who are numbered sequentially from the founder, Tom Eagle (0001), to the newest member, Jacques Noveau (1368). Members rent the flying mac
> Consider the following two situations: For the situations presented, describe the recommendations the internal auditors should make to prevent the following problems. Situation 1: Many employees of a firm that manufactures small tools pocket some of
> Table 2-1 lists some of the documents used in the revenue, expenditure, and human resources cycle. What kinds of input or output documents or forms would you find in the production (also referred to as the conversion cycle)? TABLE 2-1 Common Business
> What are the advantages and disadvantages of having the person responsible for information security report directly to the chief information officer (CIO), who has overall responsibility for all aspects of the organization’s information systems?
> Explain why an organization would want to use all of the following information security controls: firewalls, intrusion prevention systems, intrusion detection systems, and a CIRT.
> With respect to the data processing cycle, explain the phrase “garbage in, garbage out.” How can you prevent this from happening?
> What is the relationship between COSO, COBIT 5, and the AICPA’s Trust Services frameworks?
> 1. Figure 5-4 shows the employees and external parties that deal with Heirloom. Explain how Heirloom could defraud the bank and how each internal and external party except the bank could defraud Heirloom. 2. What risk factor, unusual item, or abnormality
> a. Why should USAA collect data on which auto parts are fixed most frequently? What could it do with this data? b. Even though USAA offered to waive the deductible, the repair shops still managed to convince 95% of the owners to replace rather than repai
> Environmental, institutional, or individual pressures and opportune situations, which are present to some degree in all companies, motivate individuals and companies to engage in fraudulent financial reporting. Fraud prevention and detection require that
> Explain what an event is. Using the Internet as a resource, create a list of some of the many internal and external factors that COSO indicated could influence events and affect a company’s ability to implement its strategy and achieve its objectives.
> When U.S. Leasing (USL) computers began acting sluggishly, computer operators were relieved when a software troubleshooter from IBM called. When he offered to correct the problem they were having, he was given a log-on ID and password. The next morning,
> MonsterMed Inc. (MMI) is an online pharmaceutical firm. MMI has a small systems staff that designs and writes MMI’s customized software. The data center is installed in the basement of its two-story headquarters building. The data center is equipped with
> Reliability is often included in service level agreements (SLAs) when outsourcing. The toughest thing is to decide how much reliability is enough. Consider an application like e-mail. If an organization outsources its e-mail to a cloud provider, what is
> The ABC Company is considering the following options for its backup plan: 1. Daily full backups: 2. Weekly full backups on Saturdays, plus daily incremental backups: 3. Weekly full backups plus daily differential backup: All backups, whether partial or f
> Because improved computer security measures sometimes create a new set of problems—user antagonism, sluggish response time, and hampered performance—some people believe the most effective computer security is educating users about good moral conduct. Ric
> You are the president of a multinational company where an executive confessed to kiting $100,000. What is kiting and what can your company do to prevent it? How would you respond to the confession? What issues must you consider before pressing charges?
> a. Develop a context diagram and a level 0 DFD for the cash receipts system at S&S. b. Prepare a document flowchart to document the cash receipts system at S&S. c. Prepare a business process diagram for the cash receipts system at S&S
> A client heard through its hot line that John, the purchases journal clerk, periodically enters fictitious acquisitions. After John creates a fictitious purchase, he notifies Alice, the accounts payable ledger clerk, so she can enter them in her ledger.
> Design a chart of accounts for SDC. Explain how you structured the chart of accounts to meet the company’s needs and operating characteristics. Keep total account code length to a minimum, while still satisfying all of Mace’s desires.
> a. What kind of information do you think Tesco gathers? b. How do you think Tesco has motivated over 12 million customers to sign up for its Clubcard program? c. What can Tesco accomplish with the Clubcard data it collects? Think in term of strategy and
> Which control(s) would best mitigate the following threats? a. The hours worked field in a payroll transaction record contained the value 400 instead of 40. As a result, the employee received a paycheck for $6,257.24 instead of $654.32. b. The accounts r
> The management at Covington, Inc., recognizes that a well-designed internal control system provides many benefits. Among the benefits are reliable financial records that facilitate decision making and a greater probability of preventing or detecting erro
> Explain how the following items individually and collectively affect the overall level of security provided by using a password as an authentication credential. a. Length. b. Complexity requirements (Which types of characters are required to be used: nu
> The principle of confidentiality focuses on protecting an organization’s intellectual property. The flip side of the issue is ensuring that employees respect the intellectual property of other organizations. Research the topic of software piracy and writ
> Obtain a copy of Generally Accepted Privacy Principles from the AICPA’s web site (www.aicpa.org). (You will find it by following this path: Under Interest Areas choose Information Management and Technology Assurance then in the upper left portion of tha
> Some individuals argue that accountants should focus on producing financial statements and leave the design and production of managerial reports to information systems specialists. What are the advantages and disadvantages of following this advice? To wh
> Identify the computer fraud and abuse technique used in each the following actual examples of computer wrongdoing. Identify the computer fraud and abuse technique used in each the following actual examples of computer wrongdoing. a. A teenage gang known
> The Journal of Accountancy (available at www.aicpa.org) has published a series of articles that address different aspects of disaster recovery and business continuity planning: 1. Gerber, J. A., and Feldman, E. R. 2002. “Is Your Busines
> During a recent review, ABC Corporation discovered that it has a serious internal control problem. It is estimated that the impact associated with this problem is $1 million and that the likelihood is currently 5%. Two internal control procedures have be
> a. Prepare and file a tax return with the tax owed to the Internal Revenue Service. b. A customer pays an invoice with a check. Accounts receivable is updated to reflect the payment. The check is recorded and deposited into the bank. c. A customer places
> Nino Moscardi, president of Greater Providence Deposit & Trust (GPD&T), received an anonymous note in his mail stating that a bank employee was making bogus loans. Moscardi asked the bank’s internal auditors to investigate the transactions detailed in th
> What is the difference between using check digit verification and a validity check to test the accuracy of an account number entered on a transaction record?
> For each of the three basic options for replacing IT infrastructure (cold sites, hot sites, and real-time mirroring) give an example of an organization that could use that approach as part of its DRP. Be prepared to defend your answer.
> Explain how the principle of separation of duties is violated in each of the following situations. Also, suggest one or more procedures to reduce the risk and exposure highlighted in each example. a. A payroll clerk recorded a 40-hour workweek for an emp
> Create data validation rules in a spreadsheet to perform each of the following controls: a. Limit check – that values in the cell are < 70 b. Range check – that values in the cell are between 15 and 65 c. Sign check – that values in the cell are positive
> Apply the value chain concept to S&S. Explain how it would perform the various primary and support activities.
> The department of taxation in your state is developing a new computer system for processing individual and corporate income-tax returns. The new system features direct data input and inquiry capabilities. Identification of taxpayers is provided by using
> An accountant with the Atlanta Olympic Games was charged with embezzling over $60,000 to purchase a Mercedes-Benz and to invest in a certificate of deposit. Police alleged that he created fictitious invoices from two companies that had contracts with the
> PriceRight Electronics (PEI) is a small wholesale discount supplier of electronic instruments and parts. PEI’s competitive advantage is its deep-discount, three-day delivery guarantee, which allows retailers to order materials often to minimize in-store
> The Langston Recreational Company (LRC) manufactures ice skates for racing, figure skating, and hockey. The company is located in Kearns, Utah, so it can be close to the Olympic Ice Shield, where many Olympic speed skaters train. Given the precision requ
> Compare the guidelines for preparing flowcharts, BPDs, and DFDs. What general design principles and limitations are common to all 3 documentation techniques?
> A bank auditor met with the senior operations manager to discuss a customer’s complaint that an auto loan payment was not credited on time. The customer said the payment was made on May 5, its due date, at a teller’s window using a check drawn on an acco
> Your classmate asks you to explain flowcharting conventions using real-world examples. Draw each of the major flowchart symbols from memory, placing them into one of four categories: input/output, processing, storage, and flow and miscellaneous. For ea
> Practice encryption using both any encryption capabilities provided by your computer’s operating system and by using third-party encryption software. Required: a. Use your computer operating system’s built-in encryption capability to encrypt a file. b. D
> The data processing cycle in Figure 2-1 is an example of a basic process found throughout nature. Relate the basic input/process/store/output model to the functions of the human body. Data Storage Data Information Data Input Processing Output
> In recent years, Supersmurf’s external auditors have given clean opinions on its financial statements and favorable evaluations of its internal control systems. Discuss whether it is necessary for this corporation to take any further action to comply wit
> Download a hash calculator that can create hashes for both files and text input. Use it to create SHA-256 (or any other hash algorithm your instructor assigns) hashes for the following: a. A document that contains this text: “Congratulations! You earned
> The chart of accounts must be tailored to an organization’s specific needs. Discuss how the chart of accounts for the following organizations would differ from the one presented for S&S in Table 2-4.
> Match the following terms with their definitions: Тегр Definition 1. Vulnerability a. Code that corrects a flaw in a program. 2. Exploit b. Verification of claimed identity. 3. Authentication c. The firewall technique that filters traffic by examini
> The ABC Company runs two shifts, from 8:00 AM to Midnight. Backups and system maintenance are performed between midnight and 8:00 AM. For each of the following scenarios, determine whether the company’s current backup procedures enable it to meet its rec
> Lancaster Company makes electrical parts for contractors and home improvement retail stores. After their annual audit, Lancaster’s auditors commented on the following items regarding internal controls over equipment: 1. The operations department that ne
> Figure 1-4 shows that developments in IT affect both an organization’s strategy and the design of its AIS. How can a company determine whether it is spending too much, too little, or just enough on IT?
> Spring Water Spa Company is a 15-store chain in the Midwest that sells hot tubs, supplies, and accessories. Each store has a full-time, salaried manager and an assistant manager. The sales personnel are paid an hourly wage and a commission based on sales
> Discuss the following statement by Roswell Steffen, a convicted embezzler: “For every foolproof system, there is a method for beating it.” Do you believe a completely secure computer system is possible? Explain. If internal controls are less than 100% ef
> You are an audit supervisor assigned to a new client, Go-Go Corporation, which is listed on the New York Stock Exchange. You visited Go-Go’s corporate headquarters to become acquainted with key personnel and to conduct a preliminary review of the company
> Tralor Corporation manufactures and sells several different lines of small electric components. Its internal audit department completed an audit of its expenditure processes. Part of the audit involved a review of the internal accounting controls for pay
> Two ways to create processing integrity controls in Excel spreadsheets are to use the built-in Data Validation tool or to write custom code with IF statements. What are the relative advantages and disadvantages of these two approaches?
> The Howard Leasing Company is a privately held, medium-sized business that purchases school busses and leases them to school districts, churches, charitable organizations, and other businesses. To better serve its customers and, more important, to protec
> One function of the AIS is to provide adequate controls to ensure the safety of organizational assets, including data. However, many people view control procedures as “red tape.” They also believe that, instead of producing tangible benefits, business
> The value of information is the difference between the benefits realized from using that information and the costs of producing it. Would you, or any organization, ever produce information if its expected costs exceeded its benefits? If so, provide some
> What are some business processes for which an organization might use batch processing?
> Use the numbers 10–19 to show why transposition errors are always divisible by 9.
