PROBLEMS

1.

You worked with the Causeway Company cash receipts system in Documenting Business Processes and Information Systems. The narrative of that system and its systems flowchart are reproduced in Table 9.5 and Figure 9.12, respectively.

Using Table 9.5  and Figure 9.12, do the following:

a. Prepare a control matrix, including explanations of how each recommended existing control plan helps to accomplish—or would accomplish in the case of missing plans—each related control goal. Your choice of recommended control plans should come from Table 9.2, Table 9.3, or Table 9.4 as appropriate. Be sure to tailor the matrix columns to conform to the specifics of the Causeway system. In doing so, assume the following two operations process goals only:

• To deposit cash receipts on the same day received.
• To ensure that customer balances in the accounts receivable master data reflect account activity on a timely basis.

b. Annotate the systems flowchart in Figure 9.12 to show the location of each control plan you listed in the control matrix.

Figure 9.12 Causeway Company Systems Flowchart to Accompany Problem 9-1 

 

2.

The following narrative describes the processing of customer mail orders at Phoenix Company.

Phoenix Company is a small manufacturing operation engaged in the selling of widgets. Customer mail orders are received in the sales order department, where sales order clerks open the orders and review them for accuracy. The clerks enter each order into the computer, where they are edited by comparing them to customer master data (stored on a disk). The computer displays the edited order on the clerk’s screen. The clerk reviews and accepts the order. The order is then added to the sales event data (stored on a disk) and updates the sales order master data (also stored on a disk). As the order is recorded, it is printed on a printer in the warehouse (the picking ticket). A copy of the sales order is also printed in the sales order department and is sent to the customer (a customer acknowledgment).

(Complete only those requirements specified by your instructor)

a. Prepare a table of entities and activities.

b. Draw a context diagram.

c. Draw a physical data flow diagram (DFD).

d. Indicate on the table of entities and activities prepared for part a, the groupings, bubble numbers, and titles to be used in preparing a level 0 logical DFD.

e. Draw a level 0 logical DFD.

f. Draw a systems flowchart.

g. Prepare a control matrix, including explanations of how each recommended existing control plan helps to accomplish—or would accomplish in the case of missing plans—each related control goal. Your choice of recommended control plans should come from Table 9.2, Table 9.3, or Table 9.4 as appropriate. Be sure to tailor the matrix columns to conform to the specifics of the Phoenix Company system. In doing so, assume the following two operations process goals only:

• To provide timely acknowledgment of customer orders.
• To provide timely shipment of goods to customers.

h. Annotate the systems flowchart prepared in requirement f to show the location of each control plan listed in the control matrix.

3.

The following is a list of 14 control plans from this chapter:

Control Plans

A. Populate inputs with master data

B. Online prompting

C. Interactive feedback checks

D. Programmed edit checks

E. Manual agreement of batch totals

F. Batch sequence check

G. Cumulative sequence check

H. Document design

I. Key verification

J. Written approvals

K. Procedures for rejected inputs

L. Compare input data with master data

M. Turnaround documents

N. Digital signatures

Listed below are 10 system failures that have control implications. On your solution sheet, list the numbers 1 through 10. Next to each number, insert the capital letter from the list above for the best control plan to prevent the system failure from occurring. (If you can’t find a control that will prevent the failure, then choose a detective plan or, as a last resort, a corrective control plan.) A letter should be used only once, with four letters left over.

System Failures

1. At Datatech Inc., data entry clerks receive a variety of documents from many departments throughout the company. In some cases, unauthorized inputs are keyed and entered into the computer.
2. Data entry clerks at the Visitron Company use networked PCs to enter data into the computer. Recently, a number of errors have been found in key numeric fields. The supervisor would like to implement a control to reduce the transcription errors being made by the clerks.
3. Purchase orders are prepared online by purchasing clerks. Recently, the purchasing manager discovered that many purchase orders are being sent to the wrong vendor, for the wrong items, and for quantities far greater than would normally be requested.
4. The tellers at Bucks Bank have been having difficulty reconciling their cash drawers. All customer events are entered online at a teller terminal. At the end of the shift, the computer prints a list of the events that have occurred during the shift. The tellers must then review the list to determine that their drawer contains checks, cash, and other documents to support each entry on the list.
5. At Helm Inc., clerks in the accounting offices of Helm’s three divisions prepare prenumbered general ledger voucher documents. Once prepared, the vouchers are given to each office’s data entry clerk, who keys them into an online terminal. Then, the computer records whatever general ledger adjustment was indicated by the voucher. The controller has found that several vouchers were never recorded, and some vouchers were recorded twice.
6. At the Baltimore Company, clerks in the cash applications area of the accounts receivable office open mail containing checks from customers. They prepare a remittance advice (RA) containing the customer number, invoice numbers, amount owed, amount paid, and check number. Once prepared, the RAs are sent to a clerk who keys them into an online computer terminal. The accounts receivable manager has been complaining that the RA entry process is slow and error-prone.
7. Occasionally, the order entry system at Dorsam Inc. fails to record a customer order. After failing to receive an acknowledgment, the customer will call to inquire. Inevitably, the sales clerk will find the customer’s order filed with other customer orders that had been entered into the computer. In each case, all indications are that the order had been entered.
8. The Stoughton Company enters shipping notices in batches. Upon entry, the computer performs certain edits to eliminate those notices that have errors. As a result, many actual shipments never get recorded.
9. A computer hacker gained access to the computer system of Big Bucks Bank and entered an event to transfer funds to his bank account in Switzerland.
10. Refer to the vignette at the beginning of the chapter. It describes a botched securities trade caused by a clerk’s mistakenly entering the dollar amount of a trade into the box on the computer screen reserved for the number of shares to be sold, and then transmitting the incorrect trade to the stock exchange’s computer.

4.

The following is a list of 12 controls from CONTROLLING INFORMATION SYSTEMS: PROCESS CONTROLS:

Controls

A. Turnaround documents

B. Tickler files

C. Public-key cryptography

D. One-for-one checking

E. Batch sequence check

F. Document/record counts

G. Written approvals

H. Hash totals (for a batch)

I. Limit checks

J. Procedures for rejected inputs

K. Digital signatures

L. Interactive feedback checks

Listed below are 10 definitions or descriptions. List the numbers 1 through 10 on your solution sheet. Next to each number, insert the capital letter from the list above for the term that best matches the definition. A letter should be used only once, with two letters left over.

Definitions or Descriptions

1. Ensures that transmitted messages can only be read by authorized receivers.
2. A control plan that cannot be implemented unless source documents are prenumbered.
3. In systems where accountable documents are not used, this control plan helps assure input completeness by informing the data entry person that events have been accepted by the computer system.
4. Used to determine that a message has not been altered and has actually been sent by the person claiming to have sent the message.
5. A process control plan that implements the pervasive control (see IT Governance: The Management and Control of Information Technology and Information Integrity) of general or specific authorization.
6. Data related to open sales orders is periodically reviewed to ensure the timely shipment of goods.
7. Used to detect changes in batches of events to ensure the validity, completeness, and accuracy of the batch.
8. Sales orders are compared to packing slips and the goods to determine that what was ordered is what is about to be shipped.
9. A system output becomes an input source in a subsequent event.
10. A type of programmed edit that is synonymous with a reasonableness test.

5.

The following is a description of seven control/technology descriptions and a list of seven control/technology names.

Listed below are five potential risks or systems failures that can be addressed with a control or a technology from the lists above.

A. On the blank line to the left of each number (the “Description” column), insert the capital letter from the list above for the control/technology that bestaddresses the risk. A letter should be used only once, with two letters left over.

B. In the column titled “Explanation,” provide an explanation of why you selected that control/technology description. You need to specifically describe how the control/technology addresses the risk.

C. In the right column (titled “Name”) insert the number from the list above corresponding to the control/technology name for the answer provided in part A.