You are here

Problems

31 August, 2015 - 09:38

1.

List 1 contains 12 terms from this chapter or from Chapter 1, and list 2 includes 10 definitions or explanations of terms. Match the definitions with the terms by placing a capital letter from list 1 on the blank line to the left of its corresponding definition in list 2. You should have two letters left over from list 1.

 

A.

Process control plan

G.

Input accuracy

 

B.

Control environment

H.

Input completeness

 

C.

Control goal

I.

Input validity

 

D.

Risk

J.

Pervasive control plan

 

E.

Data maintenance

K.

Preventive control plan

 

F.

Master data update

L.

Operations process goal

 

____

1.

The process of modifying master data to reflect the results of new events.

 

____

2.

A control designed to keep problems from occurring.

 

____

3.

A control goal of the information process that is directed at ensuring that fictitious or bogus events are not recorded.

 

____

4.

A goal of an operations process that signifies the very reason for which that system exists.

 

____

5.

The highest level in the control hierarchy; a control category that evidences management’s commitment to the importance of control in the organization.

 

____

6.

The process of modifying standing master data.

 

____

7.

A type of control that is exercised within each business process as that system’s events are processed.

 

____

8.

The probability that an adverse consequence could result from an organization’s actions or inactions.

 

____

9.

The element that appears as a heading in each column of a control matrix.

 

____

10.

A control that addresses a multitude of goals across many business processes.

2.

Below is a list of eight generic control goals from the chapter, followed by eight descriptions of either system failures (i.e., control goals not met) or instances of successful control plans (i.e., plans that helped to achieve control goals).

 

List the numbers 1 through 8 on a solution sheet. Each number represents one of the described situations. Next to each number:

 

a.

Place the capital letter of the control goal that best matches the situation described.

 

b.

Provide a one- to two-sentence explanation of how the situation relates to the control goal you selected.

 

HINT: Some letters may be used more than once. Some letters may not apply at all.

 

Control Goals

 

A.

Ensure effectiveness of operations.

 

B.

Ensure efficient employment of resources.

 

C.

Ensure security of resources.

 

D.

Ensure input validity.

 

E.

Ensure input completeness.

 

F.

Ensure input accuracy.

 

G.

Ensure update completeness.

 

H.

Ensure update accuracy.

 

Situations

 

1.

A company uses prenumbered documents for recording its sales invoices to customers. When the invoices for a particular day were entered, the system noted that invoice #12345 appeared twice. The second entry (i.e., the duplicate) of this same number was rejected by the system since it was unsupported by a shipment.

 

2.

In entering the invoices mentioned in situation 1, the data for salesperson number and sales terms were missing from invoice #12349 and therefore were not keyed into the computer.

 

3.

Instead of preparing deposit slips by hand, Causeway Company has them generated by the computer. The company does so in order to speed up the deposit of cash.

 

4.

In the Causeway Company cash receipts system, one of the earliest processes is to endorse each customer’s check with the legend, “for deposit only to Causeway Company.”

 

5.

XYZ Co. prepares customer sales orders on a multipart form, one copy of which is sent to its billing department where it is placed in a temporary file pending shipping notification. Each morning, a billing clerk reviews the file of open sales orders and investigates with the shipping department any missing shipping notices for orders entered 48 hours or more earlier.

 

6.

In situation 5, once a shipping notice is received in the billing department, the first step in preparing the invoice to the customer is to compare the unit prices shown on the sales order with a standard price list kept in the billing system.

 

7.

Alamo Inc. posts its sales invoice event file against its accounts receivable master data each night. Before posting the new sales event data, the computer program first checks the old master data to make sure that it is the version from the preceding day.

 

8.

MiniScribe Corporation recorded actual shipments of disk drives to their warehouse as sales. Those disks drives that had not been ordered by anyone were still the property of MiniScribe.

3.

In the first list below are 10 examples of the items described in the second list.

 

Match the two lists by placing the capital letter from the first list on the blank line preceding the description to which it best relates. You should have two letters left over from list 1.

 

A.

Management philosophy and operating style.

F.

Fire extinguishers.

 

B.

Customer order received over the Internet.

G.

Deleting an inactive customer’s record from the accounts receivable master data.

 

C.

Customer name and address.

H.

Ensure input validity.

 

D.

The process of increasing customer balances for sales made.

I.

Ensure security of resources.

 

E.

Total monthly sales report.

J.

Software piracy.

 

____

1.

Event data in a computer system.

 

____

2.

A control goal of the information process.

 

____

3.

An element included in the control environment.

 

____

4.

An element of standing data.

 

____

5.

A control goal of the operations process.

 

____

6.

An instance of data maintenance.

 

____

7.

Master data in a computerized system.

 

____

8.

An illustration of a master data update.

4.

Investigate the internal controls in one of the following (ask your instructor which): a local business, your home, your school, or your place of employment. Report (in a manner prescribed by your instructor) on the controls that you found and the goals that they were designed to achieve.

5.

Two lists follow. The first is a list of 10 situations that have control implications, and the second is a list of 12 control plans from this chapter.

 

Control Situations

 

1.

During a violent electrical storm, an employee was keying data at one of the computers in the order entry department. After about an hour of data entry, lightning caused a company-wide power failure. When power was restored, the employee had to rekey all the data from scratch.

 

2.

The computer center at Otis Company was badly damaged during a thunderstorm. When they attempted to begin operations at their hot site they discovered that they could not read the tapes containing the backup copies of their data and programs. Apparently, the machines on which the tapes were made had not been operating correctly.

 

3.

Your instructor made arrangements for your class to take a guided tour of the computer center at a large metropolitan bank. The father of one of your classmates had recently been fired as a teller at that bank. That classmate kept his visitor’s badge and gave it to his father, who used it to access the computer center the next day. The father then erased several computer files.

 

4.

The customer service representatives of We-Sell-Everything, a catalog sales company, have been complaining that the computer system response time is very slow. They find themselves apologizing to customers who are waiting on the phone for their order to be completed.

 

5.

At Culpepper Company, most event processing is automated. When an inventory item reaches its reorder point, the computer automatically prints a purchase order for the predetermined economic order quantity (EOQ). Purchase orders of $500 or more require the signature of the purchasing manager; those under $500 are mailed to vendors without being signed. An applications programmer, who was in collusion with the vendor who supplied part 1234, altered the computer program and the inventory master data for that part. He reduced the EOQ and made certain program alterations, such that every time part 1234 reached its reorder point, two purchase orders were produced, each of which was under the $500 threshold.

 

6.

The resume of an applicant for the job of CFO at OYnot Mills showed that the candidate had graduated, some 10 years earlier, magna cum laude from Large State University (LSU) with a major in finance. LSU’s finance program was very well respected, and OYnot had hired several of its graduates over the years. In his second month on the job, the new CFO became tongue-tied when the CEO asked him a technical question about their investment strategy. When later it was discovered that the CFO’s degree from LSU was in mechanical engineering, he was dismissed.

 

7.

June Plugger, the company cashier, was known throughout the company as a workaholic. After three years on the job, June suddenly suffered a gallbladder attack and was incapacitated for several weeks. While she was ill, the treasurer temporarily assumed the cashier’s duties and discovered that June had misappropriated several thousand dollars since she was hired.

 

8.

A hacker accessed the Web site at Deuteronomy Inc. and changed some of the graphics to pornography. Outraged by these changes, some customers took their business elsewhere.

 

9.

During a normal workday, Sydney looked through the trash behind Acme Company’s offices and was able to find some computer reports containing user IDs and other sensitive information. He later used that information to gain access to Acme’s enterprise system.

 

10.

John, an employee at Smith & Company, successfully accessed the order entry system at Smith and entered some orders for goods to be shipped to his cousin at no cost.

 

Control Plans

 

A.

Personnel termination policies

 

B.

Biometric security systems

 

C.

Personnel selection and hiring control plans

 

D.

Rotation of duties and forced vacations

 

E.

Program change controls

 

F.

Mirror site

 

G.

Service level agreement

 

H.

Firewall

 

I.

WebTrust audit

 

J.

Visitor’s log and employee badges

 

K.

Preventive maintenance

 

L.

Security module

 

Match the 10 situations from the first list with the items in the second list by creating a table similar to the following, and completing column 2, “Control Plan.” In column 2, insert one letter to identify the control plan that would best prevent the system failure from occurring. You should have two letters left over.

   
 

Control situation

 

Control plan

 
 

1

 

___

 
 

2

 

___

 
 

3

 

___

 

6.

Listed here are 20 control plans discussed in the chapter. On the blank line to the left of each control plan, insert a P (preventive), D (detective), or C (corrective) to classify that control most accurately. If you think that more than one code could apply to a particular plan, insert all appropriate codes and briefly explain your answer:

 

Code

 

Control Plan

 
 

1

 

___

 
 

2

 

___

 
 

3

 

___

 

6.

Listed here are 20 control plans discussed in the chapter. On the blank line to the left of each control plan, insert a P (preventive), D (detective), or C (corrective) to classify that control most accurately. If you think that more than one code could apply to a particular plan, insert all appropriate codes and briefly explain your answer:

 

Code

 

Control Plan

 
 

___

1.

Biometric identification

 

___

2.

Program change controls

 

___

3.

Fire and water alarms

 

___

4.

Adequate fire and water insurance

 

___

5.

Install batteries to provide backup for temporary loss in power

 

___

6.

SysTrust examination

 

___

7.

Service level agreements

 

___

8.

Chief Privacy Officer

 

___

9.

Digital signatures

 

___

10.

Mirror site

 

___

11.

Rotation of duties and forced vacations

 

___

12.

Fidelity bonding

 

___

13.

Hot site

 

___

14.

Personnel termination policies

 

___

15.

Segregation of duties

 

___

16.

IT strategic plan

 

___

17.

Disaster recovery planning

 

___

18.

Restrict entry to the computer facility through the use of security guards, locks, badges, and identification cards

 

___

19.

Computer security module

 

___

20.

Computer library controls

7.

Two lists follow. The first is a list of 10 situations that have control implications, and the second is a list of 12 control plans from this chapter.

 

Situations

 

1.

A computer programmer was fired for gross incompetence. During the 2-week notice period, the programmer destroyed the documentation for all programs that he had developed since being hired.

 

2.

A fire destroyed part of the computer room and the adjacent library of computer disks. It took several months to reconstruct the data from manual source documents and other hardcopy records.

 

3.

A competitor flooded the Oak Company Web server with false messages (i.e., a denial of service attack). The Web server, unable to handle all of this traffic, shut down for several hours until the messages could be cleared.

 

4.

A junior high school computer hacker created a program to generate random telephone numbers and passwords. Over the Web, he used the random number program to “crack” the computer system of a major international corporation.

 

5.

A computer room operator was not able to handle the simplest problems that arose during his shift. He had received all the training recommended for his position and had been counseled a number of time in an attempt to improve his performance.

 

6.

During the nightly computer run to update bank customers’ accounts for deposits and withdrawals for that day, an electrical storm caused a temporary power failure. The run had to be reprocessed from the beginning, resulting in certain other computer jobs not being completed on schedule.

 

7.

A group of demonstrators broke into a public utility’s computer center overnight and destroyed computer equipment worth several thousand dollars.

 

8.

The computer users at the Barrington Company have experienced significant delays in receiving responses from the computer. They thought that the computer should respond to inquiries in less than three seconds.

 

9.

A disgruntled applications programmer planted a “logic bomb” in the computer program that produced weekly payroll checks. The bomb was triggered to “go off” if the programmer were ever terminated. When the programmer was fired for continued absenteeism, the next weekly payroll run destroyed all the company’s payroll master data.

 

10.

The computer systems at Coughlin Inc. were destroyed in a recent fire. It took Coughlin several days to get its IT functions operating again.

 

Control Plans

 

A.

Off-site storage of backup computer programs and databases

 

B.

Service level agreements

 

C.

Personnel termination policies

 

D.

Security guards

 

E.

Program change controls

 

F.

Selection and hiring control plans

 

G.

Firewall

 

H.

Batteries and backup generators

 

I.

Help desk

 

J.

Identification badges and visitor’s log

 

K.

Hot site

 

L.

Security modules

 

Match the 10 situations from the first list with the items in the two other lists by making a table like that shown for Problem 1. In column 2, insert one letter to identify the control plan that would best prevent the system failure from occurring. You should have two letters left over.

8.

Assume that inventory records are kept in an enterprise system and that the options in the inventory system module are as follows:

 

1.

Maintain inventory master data (i.e., add new products, change or delete old products in the inventory master data).

 

2.

Record newly arrived shipments of inventory.

 

3.

Record returns of incorrect or damaged inventory.

 

4.

Select items to be reordered, the amount to reorder, and the vendor.

 

5.

Print and record new orders.

 

6.

Print inventory reports.

 

Further assume that personnel in the inventory department include the department manager and two clerks, R. Romeo and J. Juliet.

 

By placing a “Y” for yes or an “N” for no in the table below, show which users should (or should not) have access to each of the six accounts payable options. Make and state whatever assumptions you think are necessary. Explain in one or two paragraphs how your matrix design would optimize the segregation of duties control plan.

 

Option

Manager

Remeo

Juliet

 

1

___

___

___

 

2

___

___

___

 

3

___

___

___

 

4

___

___

___

 

5

___

___

___

 

6

___

___

___

9.

Conduct research on the events related to the Enron Corp. bankruptcy in December 2001. Prepare a report describing the controls that might have prevented, detected, or corrected the stakeholder losses associated with that bankruptcy.

10.

Conduct research on the events related to the disasters of September 11, 2001. Prepare a report describing the controls that might have prevented, detected, or corrected the losses suffered by companies in the World Trade Center.