Your classmate asks you to explain flowcharting conventions using real-world examples. Draw each of the major flowchart symbols from memory, placing them into one of four categories: input/output, processing, storage, and flow and miscellaneous. For each symbol, suggest several uses.
> Explain what is meant by objective setting and describe the four types of objectives used in ERM.
> Do you agree with the following statement: “Any one of the systems documentation procedures can be used to adequately document a given system”? Explain.
> Which preventive, detective, and/or corrective controls would best mitigate the following threats? a. An employee’s laptop was stolen at the airport. The laptop contained personally identifying information about the company’s customers that could potenti
> The UCLA computer lab was filled to capacity when the system slowed and crashed, disrupting the lives of students who could no longer log into the system or access data to prepare for finals. IT initially suspected a cable break or an operating system fa
> The first column in Table 10-3 lists transaction amounts that have been summed to obtain a batch total. Assume that all data in the first column are correct. Cases a through d each contain an input error in one record, along with a batch total computed f
> The Moose Wings Cooperative Flight Club owns a number of airplanes and gliders. It serves fewer than 2,000 members, who are numbered sequentially from the founder, Tom Eagle (0001), to the newest member, Jacques Noveau (1368). Members rent the flying mac
> Consider the following two situations: For the situations presented, describe the recommendations the internal auditors should make to prevent the following problems. Situation 1: Many employees of a firm that manufactures small tools pocket some of
> Table 2-1 lists some of the documents used in the revenue, expenditure, and human resources cycle. What kinds of input or output documents or forms would you find in the production (also referred to as the conversion cycle)? TABLE 2-1 Common Business
> What are the advantages and disadvantages of having the person responsible for information security report directly to the chief information officer (CIO), who has overall responsibility for all aspects of the organization’s information systems?
> Explain why an organization would want to use all of the following information security controls: firewalls, intrusion prevention systems, intrusion detection systems, and a CIRT.
> With respect to the data processing cycle, explain the phrase “garbage in, garbage out.” How can you prevent this from happening?
> What is the relationship between COSO, COBIT 5, and the AICPA’s Trust Services frameworks?
> 1. Figure 5-4 shows the employees and external parties that deal with Heirloom. Explain how Heirloom could defraud the bank and how each internal and external party except the bank could defraud Heirloom. 2. What risk factor, unusual item, or abnormality
> a. Why should USAA collect data on which auto parts are fixed most frequently? What could it do with this data? b. Even though USAA offered to waive the deductible, the repair shops still managed to convince 95% of the owners to replace rather than repai
> Environmental, institutional, or individual pressures and opportune situations, which are present to some degree in all companies, motivate individuals and companies to engage in fraudulent financial reporting. Fraud prevention and detection require that
> Explain what an event is. Using the Internet as a resource, create a list of some of the many internal and external factors that COSO indicated could influence events and affect a company’s ability to implement its strategy and achieve its objectives.
> When U.S. Leasing (USL) computers began acting sluggishly, computer operators were relieved when a software troubleshooter from IBM called. When he offered to correct the problem they were having, he was given a log-on ID and password. The next morning,
> MonsterMed Inc. (MMI) is an online pharmaceutical firm. MMI has a small systems staff that designs and writes MMI’s customized software. The data center is installed in the basement of its two-story headquarters building. The data center is equipped with
> Reliability is often included in service level agreements (SLAs) when outsourcing. The toughest thing is to decide how much reliability is enough. Consider an application like e-mail. If an organization outsources its e-mail to a cloud provider, what is
> The ABC Company is considering the following options for its backup plan: 1. Daily full backups: 2. Weekly full backups on Saturdays, plus daily incremental backups: 3. Weekly full backups plus daily differential backup: All backups, whether partial or f
> Because improved computer security measures sometimes create a new set of problems—user antagonism, sluggish response time, and hampered performance—some people believe the most effective computer security is educating users about good moral conduct. Ric
> You are the president of a multinational company where an executive confessed to kiting $100,000. What is kiting and what can your company do to prevent it? How would you respond to the confession? What issues must you consider before pressing charges?
> a. Develop a context diagram and a level 0 DFD for the cash receipts system at S&S. b. Prepare a document flowchart to document the cash receipts system at S&S. c. Prepare a business process diagram for the cash receipts system at S&S
> A client heard through its hot line that John, the purchases journal clerk, periodically enters fictitious acquisitions. After John creates a fictitious purchase, he notifies Alice, the accounts payable ledger clerk, so she can enter them in her ledger.
> Design a chart of accounts for SDC. Explain how you structured the chart of accounts to meet the company’s needs and operating characteristics. Keep total account code length to a minimum, while still satisfying all of Mace’s desires.
> a. What kind of information do you think Tesco gathers? b. How do you think Tesco has motivated over 12 million customers to sign up for its Clubcard program? c. What can Tesco accomplish with the Clubcard data it collects? Think in term of strategy and
> Which control(s) would best mitigate the following threats? a. The hours worked field in a payroll transaction record contained the value 400 instead of 40. As a result, the employee received a paycheck for $6,257.24 instead of $654.32. b. The accounts r
> The management at Covington, Inc., recognizes that a well-designed internal control system provides many benefits. Among the benefits are reliable financial records that facilitate decision making and a greater probability of preventing or detecting erro
> Explain how the following items individually and collectively affect the overall level of security provided by using a password as an authentication credential. a. Length. b. Complexity requirements (Which types of characters are required to be used: nu
> The principle of confidentiality focuses on protecting an organization’s intellectual property. The flip side of the issue is ensuring that employees respect the intellectual property of other organizations. Research the topic of software piracy and writ
> Obtain a copy of Generally Accepted Privacy Principles from the AICPA’s web site (www.aicpa.org). (You will find it by following this path: Under Interest Areas choose Information Management and Technology Assurance then in the upper left portion of tha
> Some individuals argue that accountants should focus on producing financial statements and leave the design and production of managerial reports to information systems specialists. What are the advantages and disadvantages of following this advice? To wh
> Identify the computer fraud and abuse technique used in each the following actual examples of computer wrongdoing. Identify the computer fraud and abuse technique used in each the following actual examples of computer wrongdoing. a. A teenage gang known
> The Journal of Accountancy (available at www.aicpa.org) has published a series of articles that address different aspects of disaster recovery and business continuity planning: 1. Gerber, J. A., and Feldman, E. R. 2002. “Is Your Busines
> During a recent review, ABC Corporation discovered that it has a serious internal control problem. It is estimated that the impact associated with this problem is $1 million and that the likelihood is currently 5%. Two internal control procedures have be
> a. Prepare and file a tax return with the tax owed to the Internal Revenue Service. b. A customer pays an invoice with a check. Accounts receivable is updated to reflect the payment. The check is recorded and deposited into the bank. c. A customer places
> Nino Moscardi, president of Greater Providence Deposit & Trust (GPD&T), received an anonymous note in his mail stating that a bank employee was making bogus loans. Moscardi asked the bank’s internal auditors to investigate the transactions detailed in th
> What is the difference between using check digit verification and a validity check to test the accuracy of an account number entered on a transaction record?
> The following description represents the policies and procedures for agent expense reimbursements at Excel Insurance Company. Agents submit a completed expense reimbursement form to their branch manager at the end of each week. The branch manager reviews
> For each of the three basic options for replacing IT infrastructure (cold sites, hot sites, and real-time mirroring) give an example of an organization that could use that approach as part of its DRP. Be prepared to defend your answer.
> Explain how the principle of separation of duties is violated in each of the following situations. Also, suggest one or more procedures to reduce the risk and exposure highlighted in each example. a. A payroll clerk recorded a 40-hour workweek for an emp
> Create data validation rules in a spreadsheet to perform each of the following controls: a. Limit check – that values in the cell are < 70 b. Range check – that values in the cell are between 15 and 65 c. Sign check – that values in the cell are positive
> Apply the value chain concept to S&S. Explain how it would perform the various primary and support activities.
> The department of taxation in your state is developing a new computer system for processing individual and corporate income-tax returns. The new system features direct data input and inquiry capabilities. Identification of taxpayers is provided by using
> An accountant with the Atlanta Olympic Games was charged with embezzling over $60,000 to purchase a Mercedes-Benz and to invest in a certificate of deposit. Police alleged that he created fictitious invoices from two companies that had contracts with the
> PriceRight Electronics (PEI) is a small wholesale discount supplier of electronic instruments and parts. PEI’s competitive advantage is its deep-discount, three-day delivery guarantee, which allows retailers to order materials often to minimize in-store
> The Langston Recreational Company (LRC) manufactures ice skates for racing, figure skating, and hockey. The company is located in Kearns, Utah, so it can be close to the Olympic Ice Shield, where many Olympic speed skaters train. Given the precision requ
> Compare the guidelines for preparing flowcharts, BPDs, and DFDs. What general design principles and limitations are common to all 3 documentation techniques?
> A bank auditor met with the senior operations manager to discuss a customer’s complaint that an auto loan payment was not credited on time. The customer said the payment was made on May 5, its due date, at a teller’s window using a check drawn on an acco
> Practice encryption using both any encryption capabilities provided by your computer’s operating system and by using third-party encryption software. Required: a. Use your computer operating system’s built-in encryption capability to encrypt a file. b. D
> The data processing cycle in Figure 2-1 is an example of a basic process found throughout nature. Relate the basic input/process/store/output model to the functions of the human body. Data Storage Data Information Data Input Processing Output
> In recent years, Supersmurf’s external auditors have given clean opinions on its financial statements and favorable evaluations of its internal control systems. Discuss whether it is necessary for this corporation to take any further action to comply wit
> Download a hash calculator that can create hashes for both files and text input. Use it to create SHA-256 (or any other hash algorithm your instructor assigns) hashes for the following: a. A document that contains this text: “Congratulations! You earned
> The chart of accounts must be tailored to an organization’s specific needs. Discuss how the chart of accounts for the following organizations would differ from the one presented for S&S in Table 2-4.
> Match the following terms with their definitions: Тегр Definition 1. Vulnerability a. Code that corrects a flaw in a program. 2. Exploit b. Verification of claimed identity. 3. Authentication c. The firewall technique that filters traffic by examini
> The ABC Company runs two shifts, from 8:00 AM to Midnight. Backups and system maintenance are performed between midnight and 8:00 AM. For each of the following scenarios, determine whether the company’s current backup procedures enable it to meet its rec
> Lancaster Company makes electrical parts for contractors and home improvement retail stores. After their annual audit, Lancaster’s auditors commented on the following items regarding internal controls over equipment: 1. The operations department that ne
> Figure 1-4 shows that developments in IT affect both an organization’s strategy and the design of its AIS. How can a company determine whether it is spending too much, too little, or just enough on IT?
> Spring Water Spa Company is a 15-store chain in the Midwest that sells hot tubs, supplies, and accessories. Each store has a full-time, salaried manager and an assistant manager. The sales personnel are paid an hourly wage and a commission based on sales
> Discuss the following statement by Roswell Steffen, a convicted embezzler: “For every foolproof system, there is a method for beating it.” Do you believe a completely secure computer system is possible? Explain. If internal controls are less than 100% ef
> You are an audit supervisor assigned to a new client, Go-Go Corporation, which is listed on the New York Stock Exchange. You visited Go-Go’s corporate headquarters to become acquainted with key personnel and to conduct a preliminary review of the company
> Tralor Corporation manufactures and sells several different lines of small electric components. Its internal audit department completed an audit of its expenditure processes. Part of the audit involved a review of the internal accounting controls for pay
> Two ways to create processing integrity controls in Excel spreadsheets are to use the built-in Data Validation tool or to write custom code with IF statements. What are the relative advantages and disadvantages of these two approaches?
> The Howard Leasing Company is a privately held, medium-sized business that purchases school busses and leases them to school districts, churches, charitable organizations, and other businesses. To better serve its customers and, more important, to protec
> One function of the AIS is to provide adequate controls to ensure the safety of organizational assets, including data. However, many people view control procedures as “red tape.” They also believe that, instead of producing tangible benefits, business
> The value of information is the difference between the benefits realized from using that information and the costs of producing it. Would you, or any organization, ever produce information if its expected costs exceeded its benefits? If so, provide some
> What are some business processes for which an organization might use batch processing?
> Use the numbers 10–19 to show why transposition errors are always divisible by 9.
> a. Prepare a context diagram and at least two levels of DFDs for this process. b. Prepare a flowchart to document this process.
> What do you think an organization’s duty or responsibility should be to protect the privacy of its customers’ personal information? Why?
> Cost-effective controls to provide confidentiality require valuing the information that is to be protected. This involves classifying information into discrete categories. Propose a minimal classification scheme that could be used by any business, and pr
> Match the terms with their definitions: 15. Asymmetric encryption O. An encryption process that uses a pair of matched keys, one public and the other private. Either key can encrypt something, but only the other key in that pair can decrypt it. 16.
> 1. How does Miller fit the profile of the average fraud perpetrator? 2. Explain the three elements of the opportunity triangle (commit, conceal, convert) and discuss how Miller accomplished each when embezzling funds from Associated Communications. What
> Match the internet related computer fraud and abuse technique in the left column with the scenario in the right column. Terms may be used once, more than once, or not at all.
> What motives do people have for hacking? Why has hacking become so popular in recent years? Do you regard it as a crime? Explain your position.
> You were hired to assist Ashton Fleming in designing an accounting system for S&S. Ashton has developed a list of the journals, ledgers, reports, and documents that he thinks S&S needs (see Table 2-6). He asks you to complete the following tasks: a. Spec
> Assume you have interviewed for a job online and now receive an offer of employment. The job requires you to move across the country. The company sends you a digital signature along with the contract. How does this provide you with enough assurance to tr
> Can the characteristics of useful information listed in Table 1-1 be met simultaneously? Or does achieving one mean sacrificing another?
> For each of the following scenarios identify which data processing method (batch or online, real-time) would be the most appropriate. a. Make an airline reservation b. Register for a university course c. Prepare biweekly payroll checks d. Process an orde
> You were asked to investigate extremely high, unexplained merchandise shortages at a department store chain. Classify each of the five situations as a fraudulent act, an indicator of fraud, or an event unrelated to the investigation. Justify your answers
> Draw a context diagram and at least two levels of DFDs for the preceding operations.
> Figure 1-4 shows that organizational culture and the design of an AIS influence one another. What does this imply about the degree to which an innovative system developed by one company can be transferred to another company?
> Enter the tables in Table 4-15 into a relational DBMS package. Write queries to answer the following questions. Note: For some questions, you may have to create two queries—one to calculate a total and the second to answer the question asked. a. Which c
> Compare and contrast the following three frameworks: COBIT, COSO Integrated Control, and ERM.
> Retrieve the S&S In-Chapter Database (in Microsoft Access format) from the text’s website (or create the tables in Table 4-5 in a relational DBMS product). Write queries to answer the following questions. Note: For some questions, you may have to create
> Create a spreadsheet to compare current monthly mortgage payments versus the new monthly payments if the loan were refinanced, as shown (you will need to enter formulas into the two cells with solid borders like a box: D9 and D14) a. Restrict access to t
> From the database created in the comprehensive problem, perform queries based on the tables and query grid shown in Table 4-19. a. Which borrowers use Advent Appraisers? b. What is the average amount borrowed from National Mortgage? c. List all of the pr
> Create relational tables that solve the update, insert, and delete anomalies in Table 4-18.
> Create relational tables that solve the update, insert, and delete anomalies in Table 4-17.
> You want to extend the schema shown in Table 4-16 to include information about customer payments. Some customers make installment payments on each invoice. Others write a check to pay for several different invoices. You want to store the following inform
> As in all areas of IT, DBMSs are constantly changing and improving. Research how businesses are using DBMSs, and write a report of your findings. Address the following issues: 1. Which popular DBMS products are based on the relational data model? 2. Whic
> The relational data model represents data as being stored in tables. Spreadsheets are another tool that accountants use to employ a tabular representation of data. What are some similarities and differences in the way these tools use tables? How might an
> Contrast the logical and the physical views of data and discuss why separate views are necessary in database applications. Describe which perspective is most useful for each of the following employees: a programmer, a manager, and an internal auditor. Ho
> Compare and contrast the file-oriented approach and the database approach. Explain the main advantages of database systems.
> Some restaurants use customer checks with prenumbered sequence codes. Each food server uses these checks to write up customer orders. Food servers are told not to destroy any customer checks; if a mistake is made, they are to void that check and write
> An audit trail enables a person to trace a source document to its ultimate effect on the financial statements or work back from amounts in the financial statements to source documents. Describe in detail the audit trail for the following: a. The audit tr
> What is a data dictionary, what does it contain, and how is it used?
> Accountants often need to print financial statements with the words “CONFIDENTIAL” or “DRAFT” appearing in light type in the background. a. Create a watermark with the word “CONFIDENTIAL” in a Word document. Print out a document that displays that water
> Why is it so important to have good data?
> Relational DBMS query languages provide easy access to information about the organization’s activities. Does this mean that online, real-time processing should be used for all transactions? Does an organization need real-time financial reports? Why or wh