Which control(s) would best mitigate the following threats?
a. The hours worked field in a payroll transaction record contained the value 400 instead of 40. As a result, the employee received a paycheck for $6,257.24 instead of $654.32.
b. The accounts receivable file was destroyed because it was accidentally used to update accounts payable.
c. During processing of customer payments, the digit 0 in a payment of $204 was mistakenly typed as the letter “O.” As a result, the transaction was not processed correctly and the customer erroneously received a letter that the account was delinquent.
d. A salesperson mistakenly entered an online order for 50 laser printers instead of 50 laser printer toner cartridges.
e. A 20-minute power brownout caused a mission-critical database server to crash, shutting down operations temporarily.
f. A fire destroyed the data center, including all backup copies of the accounts receivable files.
g. After processing sales transactions, the inventory report showed a negative quantity on hand for several items.
h. A customer order for an important part did not include the customer’s address. Consequently, the order was not shipped on time and the customer called to complain.
i. When entering a large credit sale, the clerk typed in the customer’s account number as 45982 instead of 45892. That account number did not exist. The mistake was not caught until later in the week when the weekly billing process was run. Consequently, the customer was not billed for another week, delaying receipt of payment.
j. A visitor to the company’s Web site entered 400 characters into the five-digit Zip code field, causing the server to crash.
k. Two traveling sales representatives accessed the parts database at the same time. Salesperson A noted that there were still 55 units of part 723 available and entered an order for 45 of them. While salesperson A was keying in the order, salesperson B, in another state, also noted the availability of 55 units for part 723 and entered an order for 33 of them. Both sales reps promised their customer next-day delivery. Salesperson A‟s customer, however, learned the next day that the part would have to be back-ordered. The customer canceled the sale and vowed to never again do business with the company.
l. The warranty department manager was upset because special discount coupons were mailed to every customer who had purchased the product within the past 3 years, instead of to only those customers who had purchased the product within the past 3 months.
m. The clerk entering details about a large credit sale mistakenly typed in a nonexistent account number. Consequently, the company never received payment for the items.
n. A customer filled in the wrong account number on the portion of the invoice being returned with payment. Consequently, the payment was credited to another customer’s account.
o. A batch of 73 time sheets was sent to the payroll department for weekly processing. Somehow, one of the time sheets did not get processed. The mistake was not caught until payday, when one employee complained about not receiving a paycheck.
p. Sunspot activity resulted in the loss of some data being sent to the regional office. The problem was not discovered until several days later when managers attempted to query the database for that information.
> Payroll has traditionally been an accounting function and some CPAs have provided payroll processing services to their clients. Today, CPAs are finding additional new lucrative opportunities to provide not only payroll processing but also various HR serv
> Objective: Learn how to use the VLOOKUP function for payroll calculations. a. Read the article “Make Excel a Little Smarter” by Lois S. Mahoney and Charles Kelliher in the Journal of Accountancy (July 2003). You can find a copy at www.aicpa.org. b. Rea
> Objective: Learn how to find and correct errors in complex spreadsheets used for payroll. a. Read the article “Ferret Out Spreadsheet Errors” by Mark G. Simkin, in the Journal of Accountancy (February 2004). You can find a copy online by accessing www.a
> Arlington Industries manufactures and sells engine parts for large industrial equipment. The company employs over 1,000 workers for three shifts, and most employees work overtime when necessary. Figure 15-10 depicts the procedures followed to process pay
> Although most medium and large companies have implemented sophisticated payroll and HRM systems like the one described in this chapter, many smaller companies still maintain separate payroll and HRM systems that employ many manual procedures. Typical of
> What internal control procedure(s) would be most effective in preventing the following errors or fraudulent acts? a. An inadvertent data entry error caused an employee’s wage rate to be overstated in the payroll master file. b. A fictitious employee pay
> a. Download the spreadsheet for this problem from the course Web site. b. In column I, under the label “Ghost Employee?” write a function that compares the employee# in the timecards column to the employee# in the payroll master data column and displays
> Create the spreadsheet shown in Figure 14-11. Write formulas to calculate the total depreciation expense and to display the correct values in the following three columns: Age, Depreciation Rate, and Depreciation Expense. (Hint: You will need to use the V
> Task: Use Excel and the Solver add-in to explore the effect of various resource constraints on the optimal product mix. a. Read the article “Boost Profits with Excel,” by James A. Weisel in the December 2003 issue of the Journal of Accountancy (availabl
> a. Create the following spreadsheet b. Create formulas to calculate  Accumulated depreciation (all assets use the straight line method; all assets acquired any time during the year get a full year’s initial depreci
> The XYZ Company’s current production processes have a scrap rate of 15% and a return rate of 3%. Scrap costs (wasted materials) are $12 per unit; warranty/repair costs average $60 per unit returned. The company is considering the following alternatives t
> You are performing a financial audit of the general ledger accounts of Preston Manufacturing. As transactions are processed, summary journal entries are added to the general ledger file at the end of the day. At the end of each day, the general journal f
> The Joseph Brant Manufacturing Company makes athletic footwear. Processing of production orders is as follows: At the end of each week, the production planning department prepares a master production schedule (MPS) that lists which shoe styles and quanti
> You have recently been hired as the controller for a small manufacturing firm that makes high-definition televisions. One of your first tasks is to develop a report measuring throughput. Describe the data required to measure throughput and the most effi
> What internal control procedure(s) would best prevent or detect the following problems? a. A production order was initiated for a product that was already overstocked in the company’s warehouse. b. A production employee stole items of work-in-process in
> Alden, Inc. has hired you to review its internal controls for the purchase, receipt, storage, and issuance of raw materials. You observed the following: aw materials, which consist mainly of high-cost electronic components, are kept in a locked store
> Last year the Diamond Manufacturing Company purchased over $10 million worth of office equipment under its “special ordering” system, with individual orders ranging from $5,000 to $30,000. Special orders are for low-volume items that have been included i
> For good internal control, which of the following duties can be performed by the same individual? 1. Approve purchase orders 2. Negotiate terms with suppliers 3. Reconcile the organization’s bank account 4. Approve supplier invoices for payment 5. C
> The following list identifies several important control features. For each control, (1) describe its purpose and (2) explain how it could be best implemented in an integrated ERP system. a. Cancellation of the voucher package by the cashier after sign
> For each of the following activities, identify the data that must be entered by the employee performing that activity and list the appropriate data entry controls: a. Purchasing agent generating a purchase order b. Receiving clerk completing a receivin
> a. Expand the cash budget you created in Problem 12.4 to include a row for expected cash outflows equal to 77% of the current month’s sales. b. Also add a row to calculate the amount of cash that needs to be borrowed, in order to maintain a minimum cash
> a. Read the article “Using Spreadsheets and Benford’s Law to Test Accounting Data,” by Mark G. Simkin in the ISACA Journal, Vol. 1, 2010, available at www.isaca.org. b. Follow the steps in the articl
> Read section AI6 in version 4.1 of COBIT (available at www.isaca.org) and answer the following questions: 1. What is the purpose of each detailed control objective – why is it important? AI6.1 Change Standards and Procedures AI6.2 Impact Assessment, Pr
> a. A purchasing agent orders materials from a supplier that he partially owns. b. Receiving-dock personnel steal inventory and then claim the inventory was sent to the warehouse. c. An unordered supply of laser printer paper delivered to the office is ac
> Use EXCEL’s regression tools to analyze and forecast future sales. (Hint: The article “Forecasting with Excel,” by James A. Weisel in the February 2009 issue of the Journal of Accountancy (available
> The Family Support Center is a small charitable organization. It has only four full-time employees: two staff, an accountant, and an office manager. The majority of its funding comes from two campaign drives, one in the spring and one in the fall. Donors
> Figure 12-18 depicts the activities performed in the revenue cycle by the Newton Hardware Company. (CPA Examination, adapted) a. Identify at least 7 weaknesses in Newton Hardware’s revenue cycle. Explain the resulting threat b. Identify ways to use IT t
> O’Brien Corporation is a midsize, privately owned, industrial instrument manufacturer supplying precision equipment to manufacturers in the Midwest. The corporation is 10 years old and uses an integrated ERP system. The administrative offices are located
> For each of the following activities identify the data that must be entered by the employee performing that activity and list the appropriate data entry controls: a. Sales order entry clerk taking a customer order b. Shipping clerk completing a bill of
> Weisel, in the December 2006 issue of the Journal of Accountancy. The Journal of Accountancy is available in print or online at the AICPA’s Web site: www.aicpa.org Required: a. Create a 12-month cash flow budget in Excel using the following assumptions
> For good internal control, which of the following duties can be performed by the same individual? 1. Approve changes to customer credit limits 2. Sales order entry 3. Shipping merchandise 4. Billing customers 5. Depositing customer payments 6. Main
> Give two specific examples of nonroutine transactions that may occur in processing cash receipts and updating accounts receivable. Also specify the control procedures that should be in place to ensure the accuracy, completeness, and validity of those tra
> What internal control procedure(s) would provide protection against the following threats? a. Theft of goods by the shipping dock workers, who claim that the inventory shortages reflect errors in the inventory records. b. Posting the sales amount to th
> The Journal of Accountancy (available at www.aicpa.org) has published a series of articles that address different aspects of disaster recovery and business continuity planning: 1. Gerber, J. A., and Feldman, E. R. 2002. “Is Your Business Prepared for th
> Melinda Robinson, the director of internal auditing at Sachem Manufacturing Company, believes the company should purchase software to assist in the financial and procedural audits her department conducts. Robinson is considering the following software pa
> As an internal auditor for the state auditor’s office, you are assigned to review the implementation of a new computer system in the state welfare agency. The agency is installing an online computer system to maintain the state’s database of welfare reci
> You are performing an information system audit to evaluate internal controls in Aardvark Wholesalers’ (AW) computer system. From an AW manual, you have obtained the following job descriptions for key personnel: Director of information systems: Responsib
> You are a manager for the CPA firm of Dewey, Cheatem, and Howe (DC&H). While reviewing your staff’s audit work papers for the state welfare agency, you find that the test data approach was used to test the agency’s accounting software. A duplicate progra
> You are involved in the audit of accounts receivable, which represent a significant portion of the assets of a large retail corporation. Your audit plan requires the use of the computer, but you encounter the following reactions: For each situation, sta
> As an internal auditor, you have been assigned to evaluate the controls and operation of a computer payroll system. To test the computer systems and programs, you submit independently created test transactions with regular data in a normal production run
> As an internal auditor for the Quick Manufacturing Company, you are participating in the audit of the company’s AIS. You have been reviewing the internal controls of the computer system that processes most of its accounting applications. You have studied
> Which of the following should have the primary responsibility to detect and correct data processing errors? Explain why that function should have primary responsibility and why the others should not. a. The data processing manager b. The computer operat
> You are auditing the financial statements of a cosmetics distributor that sells thousands of individual items. The distributor keeps its inventory in its distribution center and in two public warehouses. At the end of each business day, it updates its in
> The fixed-asset master file at Thermo-Bond includes the following data items: Asset number ………………………….. Date of retirement (99/99/2099 for assets still in service) Description …………………….………. Depreciation method code Type code …………………….…………. De
> Obtain the practitioner’s version of Generally Accepted Privacy Principles from the AICPA’s web site (www.aicpa.org). You will find it located under professional resources and then information technology. Use it to answer the following questions: 1. Wha
> You are the director of internal auditing at a university. Recently, you met with Issa Arnita, the manager of administrative data processing, and expressed the desire to establish a more effective interface between the two departments. Issa wants your he
> For each of the following scenarios, determine whether the company’s current backup procedures enable it to meet its recovery objectives and explain why: a. Scenario 1: Recovery point objective = 24 hours Daily backups at 3:00 am, process takes 2
> Creating and testing check digits. a. Create a spreadsheet that will take as input a five-digit account number and calculate a check digit using this formula: (5 x left-most digit + 4 x next digit + 3 x third digit + 2 x fourth digit + fifth digit) modu
> MonsterMed Inc. (MMI) is an online pharmaceutical firm. MMI has a small systems staff that designs and writes MMI‟s customized software. The data center is installed in the basement of its two-story headquarters building. The data center is equipped with
> Create a spreadsheet with the following columns: Plaintext character ASCII code (7-bits, binary number) First bit Second bit Third bit Fourth bit Fifth bit Sixth bit Seventh bit Number of bits with value = 1 Parity bit fo
> Obtain a copy of COBIT (available at www.isaca.org) and read the control objectives that relate to encryption (DS5.8 and DS5.11). What are the essential control procedures that organizations should implement when using encryption?
> Research the problem of identity theft and write a report that explains: a. Whether the problem of identity theft is increasing or decreasing b. What kind of identity theft protection services or insurance products are available. Compare and contrast at
> In what situations would you expect to model a relationship between an agent and a resource?
> Research the information rights management software that may be available for your computer. What are its capabilities for limiting access rights? Write a report of your findings. Optional: If you can download and install IRM software, use it to prevent
> How would you respond to the treasurer of a small charity who tells you that the organization does not use a separate checking account for payroll because the benefits are not worth the extra monthly service fee?
> Visit the SEC website (www.sec.gov) and explore what is available in terms of interactive data (the SEC’s term for XBRL reports). Use the SEC’s viewer software and examine the annual reports for two companies.
> Examine issues of the Journal of Accountancy, Strategic Finance, and other business magazines for the past three years to find stories about current developments in factory automation. Write a brief report that discusses the accounting implications of on
> Search popular business and technology magazines (Business Week, Forbes, Fortune, CIO, etc.) to find an article about an innovative use of IT that can be used to improve one or more activities in the expenditure cycle. Write a report that: a. Explains h
> Search popular business and technology magazines (Business Week, Forbes, Fortune, CIO, etc.) to find an article about an innovative use of IT that can be used to improve one or more activities in the revenue cycle. Write a report that: a. Explains how I
> The balanced scorecard measures organizational performance along four dimensions. Is it possible that measures on the customer, internal operations, and innovation and learning dimensions could be improving without any positive change in the financial di
> Why is the audit trail an important control?
> How can responsibility accounting and flexible budgets improve morale?
> In which phase of the systems development life cycle would each of the following positions be most actively involved? Justify your answers.
> The following notice was posted in the employee cafeteria on Monday morning: To: All Accounting and Clerical Employees From: I.M. Krewel, President Subject: Termination of Employee Positions Effective this Friday, all accounting and clerical em
> Physical security is extremely important. Read the article “19 Ways to Build Physical Security into a Data Center,” which appeared in the CSO Magazine November 2005. (You can find the article at www.csoonline.com/read/110105/datacenter.html). Which meth
> Data from Case Date Supplier Invoice Supplier Name Supplier Address Amount March 7 AJ34 Bud's Soil Prep, Inc.
> When a company converts from one system to another, many areas within the organization are affected. Explain how conversion to a new system will affect the following groups, both individually and collectively.
> Prism Glass is converting to a new information system. To expedite and speed up implementation, the CEO asked your consulting team to postpone establishing standards and controls until after the system is fully operational. How should you respond to the
> Sara Jones owns a rapidly growing retail store that faces stiff competition due to poor customer service, late and error-prone billing, and inefficient inventory control. To continue its growth, its AIS must be upgraded but Sara is not sure what it wants
> You are a systems consultant for Ernst, Price, and Deloitte, CPAs. At your country club’s annual golf tournament, Frank Fender, an automobile dealer, describes a proposal from Turnkey Systems and asks for your opinion. The system will handle inventories,
> In a Midwest city of 45,000, a computer was purchased and in-house programmers began developing programs. Four years later, only one incomplete and poorly functioning application had been developed, none of software met users’ minimum requirements, and t
> What is the accountant’s role in the computer acquisition process? Should the accountant play an active role, or should all the work be left to computer experts? In what aspects of computer acquisition might an accountant provide a useful contribution?
> Ajax Manufacturing installed a new bar code based inventory tracking system in its warehouse. To close the books each month on a timely basis, the six people who work in the warehouse must scan each item in a 36-hour period while still performing their n
> A manufacturing firm needed a specialized software program to identify and monitor cost overruns. After an extensive analysis, the company purchased prepackaged software and assigned three programmers to modify it to meet its individual circumstances and
> For years, Jerry Jingle’s dairy production facilities led the state in sales volume but recent declines worry him. Customers are satisfied with his products but are troubled by the dairy’s late deliveries and incomplete orders. Production employees (not
> Give some examples of systems analysis decisions that involve a trade-off between each of the following pairs of objectives: a. economy and usefulness b. economy and reliability c. economy and customer service d. simplicity and usefulness e. simplicity
> The chapter briefly discussed the following three common attacks against applications a. Buffer overflows b. SQL injection c. Cross-site scripting Required Research each of these three attacks and write a report that explains in detail how each atta
> The following problem situations occurred in a manufacturing firm. What questions should you ask to understand the problem? Customer complaints about product quality have increased. Accounting sees an increase in the number and dollar value of bad debt
> For each of the following, discuss which data-gathering method(s) are most appropriate and why: a. Examining the adequacy of internal controls in the purchase requisition procedure b. Identifying the controller’s information needs c. Determining how c
> While reviewing a list of benefits from a computer vendor‟s proposal, you note an item that reads, “Improvements in management decision making—$50,000 per year.” How would you interpret this item? What influence should it have on the economic feasibility
> You are a consultant advising a firm on the design and implementation of a new system. Management has decided to let several employees go after the system is implemented. Some have many years of company service. How would you advise management to communi
> The approach to long-range AIS planning described in this chapter is important for large organizations with extensive investments in computer facilities. Should small organizations with far fewer information systems employees attempt to implement plann
> How would you modify the expenditure cycle REA diagram in Figure 19-4 to include the return of defective products to suppliers for credit?
> How are the similarities and differences between the purchase of services, such as telephone service, and the purchase of raw materials reflected in an REA data model?
> How would you model the acquisition of a digital asset, such as the purchase of software online (the software is downloaded and then installed on the purchaser’s computer)?
> Why is depreciation not represented as an event in the REA data model?
> How could an automobile dealer model the use of loaner cars, which it gives to customers for free whenever they drop off a vehicle for maintenance that will take longer than one day to complete?
> Apply the following data to evaluate the time-based model of security for the XYZ Company. Does the XYZ Company satisfy the requirements of the time-based model of security? Why? Estimated time for attacker to successfully penetrate system = 25 minute
> Often it takes several sales calls to obtain the first order from a new customer. Why then does Figure 19-1 depict the relationship between the Call on Customer and Take Customer Order events as being 1:1?
> Why do the Inventory, Customers, and Suppliers tables all have an attribute that contains data about the balance at the beginning of the current fiscal period?
> Why does Figure 18-4 show only one cash disbursement entity if Fred’s Train Shop uses a general operating checking account for purchases of inventory, supplies, and operating expenses such as rent but also uses a separate checking account for payroll?
> How would you determine the amount of cash that Fred’s Train Shop has at any point in time?
> Assume that there exists a 1:1 relationship between the Receive Inventory and Disburse Cash events. How does the manner in which the relationship between the two events is implemented (i.e., in which table a foreign key is placed) affect the process used
> Building separate tables for every relationship (1:1, 1:N, and M:N) does not violate any of the rules for building a well-structured database. Why then do you think that REA data modelers recommend building separate tables only for M:N relationships and
> Why take the time to develop separate REA diagrams for each business cycle if the ultimate objective is to combine them into one integrated enterprise-wide data model? Why not just focus on the integrated model from the start?
> How would the process of generating a cash disbursements journal from the REA data model presented differ from the process for creating a sales journal?
> What is the difference between an Entity-Relationship (E-R) diagram and an REA diagram?
> What are the five stages of the database design process? In which stages should accountants participate? Why?
> Install and run the latest version of the Microsoft Baseline Security Analyzer on your home computer or laptop. Write a report explaining the weaknesses identified by the tool and how to best correct them. Attach a copy of the MBSA output to your report.
> How would accounts payable be reflected in an REA diagram? Why?