Which preventive, detective, and/or corrective controls would best mitigate the following threats? a. An employee’s laptop was stolen at the airport. The laptop contained personally identifying information about the company’s customers that could potentially be used to commit identity theft. b. A salesperson successfully logged into the payroll system by guessing the payroll supervisor’s password. c. A criminal remotely accessed a sensitive database using the authentication credentials (user ID and strong password) of an IT manager. At the time the attack occurred, the IT manager was logged into the system at his workstation at company headquarters. d. An employee received an email purporting to be from her boss informing her of an important new attendance policy. When she clicked on a link embedded in the email to view the new policy, she infected her laptop with a keystroke logger. e. A company’s programming staff wrote custom code for the shopping cart feature on its web site. The code contained a buffer overflow vulnerability that could be exploited when the customer typed in the ship-to address. f. A company purchased the leading “off-the-shelf” e-commerce software for linking its electronic storefront to its inventory database. A customer discovered a way to directly access the back-end database by entering appropriate SQL code. g. Attackers broke into the company’s information system through a wireless access point located in one of its retail stores. The wireless access point had been purchased and installed by the store manager without informing central IT or security. h. An employee picked up a USB drive in the parking lot and plugged it into their laptop to “see what was on it,” which resulted in a keystroke logger being installed on that laptop. i. Once an attack on the company’s website was discovered, it took more than 30 minutes to determine who to contact to initiate response actions. j. To facilitate working from home, an employee installed a modem on his office workstation. An attacker successfully penetrated the company’s system by dialing into that modem. k. An attacker gained access to the company’s internal network by installing a wireless access point in a wiring closet located next to the elevators on the fourth floor of a high-rise office building that the company shared with seven other companies.
> Briefly list and discuss the primary threats to complying with the Independence Rule of the AICPA Code of Professional Conduct.
> Practicing CPAs generally are subject to the AICPA Code of Professional Conduct. What is its stated purpose?
> Not all individuals who for compensation prepare or assist with the preparation of all or substantially all of a tax return or claim for refund are subject to the duties and restrictions relating to practice in subpart B as well as subject to the sanctio
> A compensated individual who prepares or assists with the preparation of all or substantially all of a tax return or claim for refund must have a PTIN. What is a PTIN, and which individual(s) are required to obtain one?
> What is a technical advice memorandum? Who may request it? What kinds of issues are addressed therein? Does the IRS include technical advice memoranda in any official publication?
> A practitioner cannot give written advice under Circular 230 § 10.37 in which situations?
> What are the four best practices under Circular 230 § 10.33?
> It has been said that the tax research process is more circular than linear. Do you agree with this statement? Explain your answer.
> If a tax practitioner finds an error in a prior year’s tax return, what action (if any) must he or she take under Circular 230? What subpart and section addresses this situation?
> Tax planning falls into two major categories, the “open” transaction and the “closed” transaction. Discuss each type of transaction and describe how each affects tax planning.
> Several groups of individuals do most of the tax compliance work in the United States. Identify these groups and briefly describe the kind of work that each group does. In this regard, be sure to define the term enrolled agent.
> Discuss briefly the events leading to the passage of the 16th Amendment to the U.S. Constitution.
> What are the six basic steps in conducting tax research? Briefly discuss each step in the tax research process.
> May a tax practitioner who is a CPA form a CPA partnership with a former IRS agent who is also a CPA? What limits (if any) would be placed on such a partnership?
> In a modern, industrial society, the tax system is derived from several disciplines. Identify the disciplines that play this role in the United States. Explain how each of them affects the U.S. tax system.
> What is a determination letter? Which office of the IRS issues determination letters? What kinds of issues are addressed therein?
> What is tax planning? Explain the difference between tax evasion and tax avoidance and the role of each in professional tax planning.
> What is tax planning? Explain the difference between tax evasion and tax avoidance and the role of each in professional tax planning.
> Have you ever imagined having one electronic device that does everything you would ever need? a. What commercial activities can be done with a cell phone? With a cell phone/PC combination device? What do you do when you’re on your cell phone? What do you
> Certificate authorities are an important part of a public key infrastructure (PKI). Research at least two certificate authorities and write a report that explains the different types of digital certificates that they offer.
> Security awareness training is necessary to teach employees “safe computing” practices. The key to effectiveness, however, is that it changes employee behavior. How can organizations maximize the effectiveness of their security awareness training program
> Read the article “Security Controls that Work” by Dwayne Melancon in the 2007 Issue, Volume 4 of the Information Systems Control Journal. Write a report that answers the following questions: 1. What are the differences between high-performing organizatio
> What are the limitations, if any, of relying on the results of penetration tests to assess the overall level of security?
> Enter the following data into a spreadsheet and then perform the following tasks: a. Calculate examples of these batch totals: • A hash total • A financial total • A record count b. Assume the followi
> a. Identify and discuss the basic factors of communication that must be considered in the presentation of the annual report. b. Discuss the communication problems a corporation faces in preparing the annual report that result from the diversity of the us
> Visit Symantec.com or any other security software vendor assigned by your instructor and download a trial version of encryption software. a. Use the software to encrypt a file. b. Send the encrypted file to your instructor and to a friend. c. Try to ope
> A purchasing department received the following e-mail. Dear Accounts Payable Clerk, You can purchase everything you need online—including peace of mind—when you shop using Random Account Numbers (RAN). RAN is a free service for Big Credit Card customers
> What kinds of documents are most likely to be turnaround documents? Do an internet search to find the answer and to find example turnaround documents.
> The Gardner Company, a client of your firm, has come to you with the following problem. It has three clerical employees who must perform the following functions: a. Maintain the general ledger b. Maintain the accounts payable ledger c. Maintain the acco
> A few years ago, news began circulating about a computer virus named Michelangelo that was set to “ignite” on March 6, the birthday of the famous Italian artist. The virus attached itself to the computer’s operating system boot sector. On the magical dat
> An auditor found that Rent-A-Wreck management does not always comply with its stated policy that sealed bids be used to sell obsolete cars. Records indicated that several vehicles with recent major repairs were sold at negotiated prices. Management vigor
> Discuss several ways that ERM processes can be continuously monitored and modified so that deficiencies are reported to management.
> Prepare flowcharting segments for each of the following operations: a. processing transactions stored on a sequential medium such as a magnetic tape to update a master file stored on magnetic tape b. processing transactions stored on magnetic tape to upd
> Given the following list of potential authentication credentials, identify as many combinations as possible that can be used to implement (a) a multi-modal authentication process and (b) a multi-factor authentication process. Consider both combinations
> a.Use the following facts to assess the time-based model of security for the ABC Company; how well does the existing system protect ABC? Assume that the best-, average-, and worst-case estimates are independent for each component of the model. • Estimate
> How do an organization’s business processes and lines of business affect the design of its AIS? Give several examples of how differences among organizations are reflected in their AIS.
> Do you agree that the most effective way to obtain adequate system security is to rely on the integrity of company employees? Why or why not? Does this seem ironic? What should a company do to ensure the integrity of its employees?
> Effective segregation of duties is sometimes not economically feasible in a small business. What internal control elements do you think can help compensate for this threat?
> What privacy concerns might arise from the use of biometric authentication techniques? What about the embedding of RFID tags in products such as clothing? What other technologies might create privacy concerns?
> You are the systems analyst for the Wee Willie Williams Widget Works (also known as Dub 5, which is a shortened version of 5 Ws). Dub 5 produces computer keyboard components. It has been producing keyboards for more than 20 years and has recently signed
> At 9:00., Andrew Mantovani, cofounder of the group Shadowcrew, received a knock at his door while chatting on his computer. For Mantovani and 27 others, that knock marked the end of Shadowcrew, which provided online marketplaces and discussion forums for
> Match the description in the right column with the information characteristic in the left column. 1. Relevant a. The report was carefully designed so that the data contained on the report became information to the reader 2. Reliable b. The manager wa
> What are the advantages and disadvantages of the three types of authentication credentials (something you know, something you have, and something you are)?
> From the viewpoint of the customer, what are the advantages and disadvantages to the opt-in versus the opt-out approaches to collecting personal information? From the viewpoint of the organization desiring to collect such information?
> The controller of a small business received the following e-mail with an authentic-looking e-mail address and logo: From: Big Bank [[email protected]] To: Justin Lewis, Controller, Small Business USA Subject: Official Notice for all users of Big
> a. Prepare a context diagram and a level 0 DFD to document accounts payable processing at S&S. b. Prepare a document flowchart to document accounts payable processing at S&S.
> On a Sunday afternoon at a hospital in the Pacific Northwest, computers became sluggish, and documents would not print. Monday morning, the situation became worse when employees logged on to their computers. Even stranger things happened—operating room d
> Explain what is meant by objective setting and describe the four types of objectives used in ERM.
> Do you agree with the following statement: “Any one of the systems documentation procedures can be used to adequately document a given system”? Explain.
> The UCLA computer lab was filled to capacity when the system slowed and crashed, disrupting the lives of students who could no longer log into the system or access data to prepare for finals. IT initially suspected a cable break or an operating system fa
> The first column in Table 10-3 lists transaction amounts that have been summed to obtain a batch total. Assume that all data in the first column are correct. Cases a through d each contain an input error in one record, along with a batch total computed f
> The Moose Wings Cooperative Flight Club owns a number of airplanes and gliders. It serves fewer than 2,000 members, who are numbered sequentially from the founder, Tom Eagle (0001), to the newest member, Jacques Noveau (1368). Members rent the flying mac
> Consider the following two situations: For the situations presented, describe the recommendations the internal auditors should make to prevent the following problems. Situation 1: Many employees of a firm that manufactures small tools pocket some of
> Table 2-1 lists some of the documents used in the revenue, expenditure, and human resources cycle. What kinds of input or output documents or forms would you find in the production (also referred to as the conversion cycle)? TABLE 2-1 Common Business
> What are the advantages and disadvantages of having the person responsible for information security report directly to the chief information officer (CIO), who has overall responsibility for all aspects of the organization’s information systems?
> Explain why an organization would want to use all of the following information security controls: firewalls, intrusion prevention systems, intrusion detection systems, and a CIRT.
> With respect to the data processing cycle, explain the phrase “garbage in, garbage out.” How can you prevent this from happening?
> What is the relationship between COSO, COBIT 5, and the AICPA’s Trust Services frameworks?
> 1. Figure 5-4 shows the employees and external parties that deal with Heirloom. Explain how Heirloom could defraud the bank and how each internal and external party except the bank could defraud Heirloom. 2. What risk factor, unusual item, or abnormality
> a. Why should USAA collect data on which auto parts are fixed most frequently? What could it do with this data? b. Even though USAA offered to waive the deductible, the repair shops still managed to convince 95% of the owners to replace rather than repai
> Environmental, institutional, or individual pressures and opportune situations, which are present to some degree in all companies, motivate individuals and companies to engage in fraudulent financial reporting. Fraud prevention and detection require that
> Explain what an event is. Using the Internet as a resource, create a list of some of the many internal and external factors that COSO indicated could influence events and affect a company’s ability to implement its strategy and achieve its objectives.
> When U.S. Leasing (USL) computers began acting sluggishly, computer operators were relieved when a software troubleshooter from IBM called. When he offered to correct the problem they were having, he was given a log-on ID and password. The next morning,
> MonsterMed Inc. (MMI) is an online pharmaceutical firm. MMI has a small systems staff that designs and writes MMI’s customized software. The data center is installed in the basement of its two-story headquarters building. The data center is equipped with
> Reliability is often included in service level agreements (SLAs) when outsourcing. The toughest thing is to decide how much reliability is enough. Consider an application like e-mail. If an organization outsources its e-mail to a cloud provider, what is
> The ABC Company is considering the following options for its backup plan: 1. Daily full backups: 2. Weekly full backups on Saturdays, plus daily incremental backups: 3. Weekly full backups plus daily differential backup: All backups, whether partial or f
> Because improved computer security measures sometimes create a new set of problems—user antagonism, sluggish response time, and hampered performance—some people believe the most effective computer security is educating users about good moral conduct. Ric
> You are the president of a multinational company where an executive confessed to kiting $100,000. What is kiting and what can your company do to prevent it? How would you respond to the confession? What issues must you consider before pressing charges?
> a. Develop a context diagram and a level 0 DFD for the cash receipts system at S&S. b. Prepare a document flowchart to document the cash receipts system at S&S. c. Prepare a business process diagram for the cash receipts system at S&S
> A client heard through its hot line that John, the purchases journal clerk, periodically enters fictitious acquisitions. After John creates a fictitious purchase, he notifies Alice, the accounts payable ledger clerk, so she can enter them in her ledger.
> Design a chart of accounts for SDC. Explain how you structured the chart of accounts to meet the company’s needs and operating characteristics. Keep total account code length to a minimum, while still satisfying all of Mace’s desires.
> a. What kind of information do you think Tesco gathers? b. How do you think Tesco has motivated over 12 million customers to sign up for its Clubcard program? c. What can Tesco accomplish with the Clubcard data it collects? Think in term of strategy and
> Which control(s) would best mitigate the following threats? a. The hours worked field in a payroll transaction record contained the value 400 instead of 40. As a result, the employee received a paycheck for $6,257.24 instead of $654.32. b. The accounts r
> The management at Covington, Inc., recognizes that a well-designed internal control system provides many benefits. Among the benefits are reliable financial records that facilitate decision making and a greater probability of preventing or detecting erro
> Explain how the following items individually and collectively affect the overall level of security provided by using a password as an authentication credential. a. Length. b. Complexity requirements (Which types of characters are required to be used: nu
> The principle of confidentiality focuses on protecting an organization’s intellectual property. The flip side of the issue is ensuring that employees respect the intellectual property of other organizations. Research the topic of software piracy and writ
> Obtain a copy of Generally Accepted Privacy Principles from the AICPA’s web site (www.aicpa.org). (You will find it by following this path: Under Interest Areas choose Information Management and Technology Assurance then in the upper left portion of tha
> Some individuals argue that accountants should focus on producing financial statements and leave the design and production of managerial reports to information systems specialists. What are the advantages and disadvantages of following this advice? To wh
> Identify the computer fraud and abuse technique used in each the following actual examples of computer wrongdoing. Identify the computer fraud and abuse technique used in each the following actual examples of computer wrongdoing. a. A teenage gang known
> The Journal of Accountancy (available at www.aicpa.org) has published a series of articles that address different aspects of disaster recovery and business continuity planning: 1. Gerber, J. A., and Feldman, E. R. 2002. “Is Your Busines
> During a recent review, ABC Corporation discovered that it has a serious internal control problem. It is estimated that the impact associated with this problem is $1 million and that the likelihood is currently 5%. Two internal control procedures have be
> a. Prepare and file a tax return with the tax owed to the Internal Revenue Service. b. A customer pays an invoice with a check. Accounts receivable is updated to reflect the payment. The check is recorded and deposited into the bank. c. A customer places
> Nino Moscardi, president of Greater Providence Deposit & Trust (GPD&T), received an anonymous note in his mail stating that a bank employee was making bogus loans. Moscardi asked the bank’s internal auditors to investigate the transactions detailed in th
> What is the difference between using check digit verification and a validity check to test the accuracy of an account number entered on a transaction record?
> The following description represents the policies and procedures for agent expense reimbursements at Excel Insurance Company. Agents submit a completed expense reimbursement form to their branch manager at the end of each week. The branch manager reviews
> For each of the three basic options for replacing IT infrastructure (cold sites, hot sites, and real-time mirroring) give an example of an organization that could use that approach as part of its DRP. Be prepared to defend your answer.
> Explain how the principle of separation of duties is violated in each of the following situations. Also, suggest one or more procedures to reduce the risk and exposure highlighted in each example. a. A payroll clerk recorded a 40-hour workweek for an emp
> Create data validation rules in a spreadsheet to perform each of the following controls: a. Limit check – that values in the cell are < 70 b. Range check – that values in the cell are between 15 and 65 c. Sign check – that values in the cell are positive
> Apply the value chain concept to S&S. Explain how it would perform the various primary and support activities.
> The department of taxation in your state is developing a new computer system for processing individual and corporate income-tax returns. The new system features direct data input and inquiry capabilities. Identification of taxpayers is provided by using
> An accountant with the Atlanta Olympic Games was charged with embezzling over $60,000 to purchase a Mercedes-Benz and to invest in a certificate of deposit. Police alleged that he created fictitious invoices from two companies that had contracts with the
> PriceRight Electronics (PEI) is a small wholesale discount supplier of electronic instruments and parts. PEI’s competitive advantage is its deep-discount, three-day delivery guarantee, which allows retailers to order materials often to minimize in-store
> The Langston Recreational Company (LRC) manufactures ice skates for racing, figure skating, and hockey. The company is located in Kearns, Utah, so it can be close to the Olympic Ice Shield, where many Olympic speed skaters train. Given the precision requ
> Compare the guidelines for preparing flowcharts, BPDs, and DFDs. What general design principles and limitations are common to all 3 documentation techniques?
> A bank auditor met with the senior operations manager to discuss a customer’s complaint that an auto loan payment was not credited on time. The customer said the payment was made on May 5, its due date, at a teller’s window using a check drawn on an acco
> Your classmate asks you to explain flowcharting conventions using real-world examples. Draw each of the major flowchart symbols from memory, placing them into one of four categories: input/output, processing, storage, and flow and miscellaneous. For ea
> Practice encryption using both any encryption capabilities provided by your computer’s operating system and by using third-party encryption software. Required: a. Use your computer operating system’s built-in encryption capability to encrypt a file. b. D
> The data processing cycle in Figure 2-1 is an example of a basic process found throughout nature. Relate the basic input/process/store/output model to the functions of the human body. Data Storage Data Information Data Input Processing Output
> In recent years, Supersmurf’s external auditors have given clean opinions on its financial statements and favorable evaluations of its internal control systems. Discuss whether it is necessary for this corporation to take any further action to comply wit
> Download a hash calculator that can create hashes for both files and text input. Use it to create SHA-256 (or any other hash algorithm your instructor assigns) hashes for the following: a. A document that contains this text: “Congratulations! You earned