You are here

PROBLEMS

19 January, 2016 - 12:35

1.

You worked with the Causeway Company cash receipts system in Documenting Business Processes and Information Systems. The narrative of that system and its systems flowchart are reproduced in Table 9.5 and Figure 9.12, respectively.

Using Table 9.5  and Figure 9.12, do the following:

a. Prepare a control matrix, including explanations of how each recommended existing control plan helps to accomplish—or would accomplish in the case of missing plans—each related control goal. Your choice of recommended control plans should come from Table 9.2, Table 9.3, or Table 9.4 as appropriate. Be sure to tailor the matrix columns to conform to the specifics of the Causeway system. In doing so, assume the following two operations process goals only:

  • To deposit cash receipts on the same day received.
  • To ensure that customer balances in the accounts receivable master data reflect account activity on a timely basis.

b. Annotate the systems flowchart in Figure 9.12 to show the location of each control plan you listed in the control matrix.

Table 9.5 Causeway Company System Narrative to Accompany Problem 9-1

The Causeway Company uses the following procedures to process the cash received from credit sales. Customers send checks and remittance advices to Causeway. The mailroom clerk at Causeway endorses the checks and writes the amount paid and the check number on the remittance advice. Periodically, the mailroom clerk prepares a batch total of the remittance advices and sends the batch of remittance advices to accounts receivable, along with a copy of the batch total. At the same time, the clerk sends the corresponding batch of checks to the cashier.

In accounts receivable, a clerk enters the batch into the computer by keying the batch total, the customer number, the invoice number, the amount paid, and the check number. After verifying that the invoice is open and that the correct amount is being paid, the computer updates the accounts receivable master data. If there are any discrepancies, the clerk is notified.

At the end of each batch (or at the end of the day), the computer prints a deposit slip in duplicate on the terminal in the cashier’s office. The cashier compares the deposit slip to the corresponding batch of checks and then takes the deposit to the bank.

As they are entered, the check number and the amount paid for each receipt are logged on a disk. This event data is used to create a cash receipts listing at the end of each day. A summary of customer accounts paid that day is also printed at this time. The accounts receivable clerk compares these reports to the remittance advices and batch totals and sends the total of the cash receipts to the general ledger office.

 
media/image16.PNG
Figure 9.12 Causeway Company Systems Flowchart to Accompany Problem 9-1 
 

2.

The following narrative describes the processing of customer mail orders at Phoenix Company.

Phoenix Company is a small manufacturing operation engaged in the selling of widgets. Customer mail orders are received in the sales order department, where sales order clerks open the orders and review them for accuracy. The clerks enter each order into the computer, where they are edited by comparing them to customer master data (stored on a disk). The computer displays the edited order on the clerk’s screen. The clerk reviews and accepts the order. The order is then added to the sales event data (stored on a disk) and updates the sales order master data (also stored on a disk). As the order is recorded, it is printed on a printer in the warehouse (the picking ticket). A copy of the sales order is also printed in the sales order department and is sent to the customer (a customer acknowledgment).

(Complete only those requirements specified by your instructor)

a. Prepare a table of entities and activities.

b. Draw a context diagram.

c. Draw a physical data flow diagram (DFD).

d. Indicate on the table of entities and activities prepared for part a, the groupings, bubble numbers, and titles to be used in preparing a level 0 logical DFD.

e. Draw a level 0 logical DFD.

f. Draw a systems flowchart.

g. Prepare a control matrix, including explanations of how each recommended existing control plan helps to accomplish—or would accomplish in the case of missing plans—each related control goal. Your choice of recommended control plans should come from Table 9.2, Table 9.3, or Table 9.4 as appropriate. Be sure to tailor the matrix columns to conform to the specifics of the Phoenix Company system. In doing so, assume the following two operations process goals only:

  • To provide timely acknowledgment of customer orders.
  • To provide timely shipment of goods to customers.

h. Annotate the systems flowchart prepared in requirement f to show the location of each control plan listed in the control matrix.

3.

The following is a list of 14 control plans from this chapter:

Control Plans

A. Populate inputs with master data

B. Online prompting

C. Interactive feedback checks

D. Programmed edit checks

E. Manual agreement of batch totals

F. Batch sequence check

G. Cumulative sequence check

H. Document design

I. Key verification

J. Written approvals

K. Procedures for rejected inputs

L. Compare input data with master data

M. Turnaround documents

N. Digital signatures

Listed below are 10 system failures that have control implications. On your solution sheet, list the numbers 1 through 10. Next to each number, insert the capital letter from the list above for the best control plan to prevent the system failure from occurring. (If you can’t find a control that will prevent the failure, then choose a detective plan or, as a last resort, a corrective control plan.) A letter should be used only once, with four letters left over.

System Failures

  1. At Datatech Inc., data entry clerks receive a variety of documents from many departments throughout the company. In some cases, unauthorized inputs are keyed and entered into the computer.
  2. Data entry clerks at the Visitron Company use networked PCs to enter data into the computer. Recently, a number of errors have been found in key numeric fields. The supervisor would like to implement a control to reduce the transcription errors being made by the clerks.
  3. Purchase orders are prepared online by purchasing clerks. Recently, the purchasing manager discovered that many purchase orders are being sent to the wrong vendor, for the wrong items, and for quantities far greater than would normally be requested.
  4. The tellers at Bucks Bank have been having difficulty reconciling their cash drawers. All customer events are entered online at a teller terminal. At the end of the shift, the computer prints a list of the events that have occurred during the shift. The tellers must then review the list to determine that their drawer contains checks, cash, and other documents to support each entry on the list.
  5. At Helm Inc., clerks in the accounting offices of Helm’s three divisions prepare prenumbered general ledger voucher documents. Once prepared, the vouchers are given to each office’s data entry clerk, who keys them into an online terminal. Then, the computer records whatever general ledger adjustment was indicated by the voucher. The controller has found that several vouchers were never recorded, and some vouchers were recorded twice.
  6. At the Baltimore Company, clerks in the cash applications area of the accounts receivable office open mail containing checks from customers. They prepare a remittance advice (RA) containing the customer number, invoice numbers, amount owed, amount paid, and check number. Once prepared, the RAs are sent to a clerk who keys them into an online computer terminal. The accounts receivable manager has been complaining that the RA entry process is slow and error-prone.
  7. Occasionally, the order entry system at Dorsam Inc. fails to record a customer order. After failing to receive an acknowledgment, the customer will call to inquire. Inevitably, the sales clerk will find the customer’s order filed with other customer orders that had been entered into the computer. In each case, all indications are that the order had been entered.
  8. The Stoughton Company enters shipping notices in batches. Upon entry, the computer performs certain edits to eliminate those notices that have errors. As a result, many actual shipments never get recorded.
  9. A computer hacker gained access to the computer system of Big Bucks Bank and entered an event to transfer funds to his bank account in Switzerland.
  10. Refer to the vignette at the beginning of the chapter. It describes a botched securities trade caused by a clerk’s mistakenly entering the dollar amount of a trade into the box on the computer screen reserved for the number of shares to be sold, and then transmitting the incorrect trade to the stock exchange’s computer.

4.

The following is a list of 12 controls from CONTROLLING INFORMATION SYSTEMS: PROCESS CONTROLS:

Controls

A. Turnaround documents

B. Tickler files

C. Public-key cryptography

D. One-for-one checking

E. Batch sequence check

F. Document/record counts

G. Written approvals

H. Hash totals (for a batch)

I. Limit checks

J. Procedures for rejected inputs

K. Digital signatures

L. Interactive feedback checks

Listed below are 10 definitions or descriptions. List the numbers 1 through 10 on your solution sheet. Next to each number, insert the capital letter from the list above for the term that best matches the definition. A letter should be used only once, with two letters left over.

Definitions or Descriptions

  1. Ensures that transmitted messages can only be read by authorized receivers.
  2. A control plan that cannot be implemented unless source documents are prenumbered.
  3. In systems where accountable documents are not used, this control plan helps assure input completeness by informing the data entry person that events have been accepted by the computer system.
  4. Used to determine that a message has not been altered and has actually been sent by the person claiming to have sent the message.
  5. A process control plan that implements the pervasive control (see IT Governance: The Management and Control of Information Technology and Information Integrity) of general or specific authorization.
  6. Data related to open sales orders is periodically reviewed to ensure the timely shipment of goods.
  7. Used to detect changes in batches of events to ensure the validity, completeness, and accuracy of the batch.
  8. Sales orders are compared to packing slips and the goods to determine that what was ordered is what is about to be shipped.
  9. A system output becomes an input source in a subsequent event.
  10. A type of programmed edit that is synonymous with a reasonableness test.

5.

The following is a description of seven control/technology descriptions and a list of seven control/technology names.

Control/Technology Descriptions Control/Technology Names
A. When you type a customer code into the enterprise system the matching master data is called up to the screen. 1. Firewall
B. All enterprise systems can be programmed to consider a number of pieces of stored data and real-time calculations as business event data are being entered into the system. 2. Preformatted screens
C. Access to the company network from the Internet is through a server on which there are programs to monitor the traffic, coming and going. 3. Compare input data with master data, programmed edits, customer credit check
D. Workflow software within enterprise systems can be used to route business events to those who must work on the business event data, or approve the business event before it is finalized. 4. Populate inputs with master data
E. A standard practice at most firms is to develop profiles for each employee to grant them access to the appropriate computer resources. 5. Program change controls
F. To make changes to production programs, a copy of the program is moved successively through “development,” “testing,” and “staging,” before the modified program is moved into production. 6. Approvals, such as POs
G. Enterprise system software can be configured to require that certain fields be completed on an input screen before being allowed to move on to the next screen. 7. Security module
 

Listed below are five potential risks or systems failures that can be addressed with a control or a technology from the lists above.

A. On the blank line to the left of each number (the “Description” column), insert the capital letter from the list above for the control/technology that bestaddresses the risk. A letter should be used only once, with two letters left over.

B. In the column titled “Explanation,” provide an explanation of why you selected that control/technology description. You need to specifically describe how the control/technology addresses the risk.

C. In the right column (titled “Name”) insert the number from the list above corresponding to the control/technology name for the answer provided in part A.

 
DESCRIPTION POTENTIAL RISKS EXPLANATION NAME
  a. A computer programmer altered the order entry programs so that the credit-checking routine was bypassed for one of the customers, a company owned by his uncle.    
  b. A hacker accessed the Web site at Dorothy’s Gifts & Flowers and changed some of the graphics. Several customers, confused by the graphics, took their business elsewhere.    
  c. Roxy’s Retailing maintains an extensive and valuable repository of information about its customers. Tricky Nick was fired from Roxy’s and now works at a competing firm. Last night Nick dialed into the Roxy computer system and downloaded some valuable customer data to his own computer.    
  d. Cash application clerks at the Blanford Company have been posting payments to the incorrect customer accounts because the customer account numbers are being keyed in incorrectly.    
  e. At Natick Company, customers who are four months late in making payments to their accounts are still able to have their orders accepted and goods shipped to them.