accounting information systems final (9-16)
How is a financial audit different from an information systems audit?
-A FINANCIAL audit examines the reliability and integrity of financial transactions, account-ing records, and financial statements. -a INFORMATION SYSTEMS audit reviews the controls of an AIS to assess its compliance with internal control policies and procedures and its effectiveness in safeguarding assets. The audits usually evaluate system input and output, processing controls, backup and recovery plans, system security, and computer facilities.
What controls are available to address the threat of payroll errors?
-Data processing integrity controls: batch totals, cross-footing of the payroll register - Supervisory review of payroll register and other reports - Issuing earnings statements to employees - Review of IRS guidelines to ensure proper classification of workers as either employees or independent contractors
Explain benefits to companies and to employees using electronic direct deposit for payroll.
-Direct deposit is one way to improve the efficiency and reduce the costs of payroll processing. - Direct deposit provides savings to employers by eliminating the cost of purchasing, processing, and distributing paper checks. -Direct deposit eliminates the need for the cashier to sign individual payroll checks.
Discuss the reasons small and mid-sized businesses are attracted to payroll service bureaus and PEOs.
-Most companies are doing this in an effort to reduce payroll costs. - not only processes payroll but also provides HRM services such as employee benefit design and administration.
According to COBIT 5, what should be the common features for locating and designing data centers housing mission-critical servers and databases?
-raised floors prevent damage from flooding -fire detection reduces the risk of fire damage -good AC reduces the risk of overheating of systems -cables with special plugs keep people from accidentally unplugging them -surge protection devices prevent power failures -An uninterruptible power supply (UPS) system provides protection in the event of a prolonged power outage, using battery power to enable the system to operate long enough to back up critical data and safely shut down. - Physical access controls reduce the risk of theft or damage.
Discuss the differences between EOQ, MRP, and JIT.
1) Economic Order Quantity (EOQ): The optimal order size to minimize the sum of ordering, carrying, and stockout costs. 2) Materials Requirements Planning (MRP): An approach to inventory management that seeks to reduce required inventory levels by improving the accuracy of forecasting techniques to better schedule purchases to satisfy production needs. 3)Just-in-time (JIT): A system that minimizes or virtually eliminates inventories by purchasing and producing goods only in response to actual, rather than forecasted, sales. *MRP is a forecasted approach of estimating how much is needed; JIT is an approach that orders and produces only in response to actual sales and not forecasted like the MRP method. EOQ is a calculation of an optimal ordering size.
Describe three threats in the general ledger and reporting system and identify corresponding controls for each threat.
1) Inaccurate updating of general ledger control-reconciliation and control reports 2) Unauthorized journal entries control-access controls 3) Inaccurate adjusting entries control- Data entry processing integrity controls
What are the two major types of cost accounting systems and what are the differences between the two?
1) Job-Order Costing: assigns costs to specific production batches, or jobs, and is used when the product or service being sold consists of discretely identifiable items. 2) Process Costing: assigns costs to each process, or work center, in the production cycle, and then calculates the average cost for all units produced. Process costing is used when similar goods or services are produced in mass quantities and discrete units cannot be readily identified. **differences-Process costing is used for broad products in large amounts; Job-Order costing is used for specific items (that are small)
Identify and discuss the two common methods of production planning.
1) Manufacturing resource planning (MRP-II): an extension of materials requirements planning that seeks to balance existing production capacity and raw materials needs to meet forecasted sales demands. MRP-II systems are often referred to as push manufacturing, because goods are produced in expectation of customer demand. 2)Lean Manufacturing: extends the principles of just-in-time inventory systems ; The goal of lean manufacturing is to minimize or eliminate inventories of raw materials, work in process, and finished goods. Lean manufacturing is often referred to as pull manufacturing, because goods are produced in response to customer demand. -only produce in response to customer orders.
Describe the disadvantages of test data processing.
1) the auditor must spend consid-erable time understanding the system and preparing the test transactions. 2) the auditor must ensure that test data do not affect company files and databases.
Describe the basic activities in an HRM/payroll cycle.
1) update payroll master data 2)validate time and attendance data 3)prepare payroll 4)disburse payroll 5)Disburse payroll taxes and miscellaneous deductions
Describe four threats in the revenue cycle and identify appropriate controls for each threat.
1. Inaccurate or invalid master data... control-data processing integrity controls 2. invalid orders.... control-digital or written signatures 3. Picking the wrong items or the wrong quantity control- Bar-code and RFID technology 4. Failure to bill control- Separation of billing and shipping functions **table 12-1
Explain the differences between each type of audit risk.
1. Inherent risk: the susceptibility to material risk in the absence of internal controls. 2. Control Risk: Risk that a material misstatement will get through the internal control structure and into the financial statements. 3. Detection Risk: Risk that auditors and their audit procedures will fail to detect a material error or misstatement.
Describe the basic revenue cycle activities
1. Sales Order Entry: receipt of orders from customers; sale orders are now electronic mostly 2. Shipping: filling customer orders and shipping the desired merchandise. 3. Billing: billing the customers and it involves-invoicing and updating accounts receivable 4. Cash collections: collecting and processing payments from customers
Describe the four basic actions that organizations must take to preserve the confidentiality of sensitive information.
1. identify and classify information 2. encryption 3.training 4.access controls
Describe five threats in the production cycle and the applicable control procedures used to mitigate each threat.
1. inaccurate or invalid master data control-data processing integrity controls 2.unauthorized disclosure of sensitive info control-access controls 3.loss or destruction of data control-backup and disaster recovery procedures 4. Poor product design resulting in excess costs control- Accounting analysis of costs arising from product design choices 5. Theft of inventory control-physical access controls *table14-1
Identify five threats and applicable control procedures in the expenditure cycle.
1. inaccurate or invalid master data control-data processing integrity controls 2.unauthorized disclosure of sensitive info control-access controls 3.loss or destruction of data control-backup and disaster recovery procedures 4.poor performance control-managerial reports 5.purchasing items not needed control-perpetual inventory system
Describe the five commonly used concurrent audit techniques.
1. integrated test facility (ITF) - In-serting a dummy entity in a company's system; processing test transactions to update them will not affect actual records. 2. snapshot technique - Mark-ing transactions with a special code, recording them and their master file records before and after processing, and storing the data to later verify that all processing steps were properly executed. 3. system control audit review file (SCARF) - Using embedded audit modules to continuously monitor transactions, col-lect data on transactions with special audit significance, and store the data to later identify and investigate questionable transactions. 4. audit hooks - Audit routines that notify auditors of question-able transactions, often as they occur. 5. continuous and intermittent simulation (CIS) - Embedding an audit module in a DBMS that uses specified criteria to exam-ine all transactions that update the database.
How is an audit trail used in the general ledger and reporting system?
AUDIT TRAIL: a traceable path that shows how a transaction flows through the information system to affect general ledger account balances. It is an important detective control that provides evidence about the causes of changes in general ledger account balances.
Compare the advantages and disadvantage of symmetric and asymmetric encryption.
Advantages: symmetric-the speed is much faster assymetric- everyone can use the public key to communicate with you;no need to store keys for each party; can be used to make legally binding signatures disadvantages: symmetric- requires seperate key for each person who wants to communicate;must find secure way to share the secret key asymmetric-speed is much slower; requires PKI to validate ownership of keys
Why do all audits follow a sequence of events that can be divided into four stages, and what are the four stages?
All audits follow similar sequences of events that are divided into four steps, this is bc it is proven to work best and keeps things simple. Four Stages: 1. audit planning 2. collection of audit evidence 3. evaluation of audit evidence 4. communication of audit results
How can Electronic Data Interchange (EDI) facilitate the billing and accounts receivable process?
EDI benefits the billing and accounts receivable stage by reducing time and costs, which then increase satisfaction and loyalty of the customers.
Describe symmetric encryption and identify three limitations.
Encryption systems that use the same key both to encrypt and to decrypt. 1. loss of theft of encryption keys 2. both parties have to know the share secret key 3.a separate secret key needs to be created for use by each party with whom the use of encryption is desired.
Describe typical credit approval procedures.
If the customer is an existing customer with good standing of the company, a formal credit approval is not needed. FOR existing customers, credit approval simply involves checking the customer master file to verify the account exists, identifying the customer's credit limit, and verifying that the amount of the order plus any current account balance does not exceed this limit. This can be done automatically by the system. - The system can also automatically flag orders that require specific authorization because they exceed a customer's preapproved credit limit. For such cases, and for sales to new customers, someone other than the sales representative should specifically approve extension of credit. This is especially important if the sales staff is paid on commission because their motivation is to make sales, not focus on collectability.
Define and contrast a recovery point objective and a recovery time objective. Provide a numeric example.
Recovery point objective(RPO): the amount of data the organization is willing to reenter or potentially lose.>>>>>(how much data lost) Recovery time objective(RTO): The maximum tolerable time to restore an organization's information system following a disaster, representing the length of time that the organization is willing to attempt to function without its information system.>>>(how long the system is down)
Explain the purpose of a journal voucher file.
The journal voucher file contains the information that would be found in the general journal in a manual accounting system: the date of the journal entry, the accounts debited and credited, and the amounts. **the journal voucher file forms an important part of the audit trail, providing evidence that all authorized transactions have been accurately and completely recorded.
In the expenditure cycle, the majority of payments made are by check. What are some control issues related to payment of vendors by check?
The most serious threat of making payments by checks is the threat of theft or misappropriation of funds. The access control is mostly related to payment of checks. Access to cash, blank checks, and check-signing machines should be restricted. (control-physical security of blank checks and check machine) Checks should be numbered and accounted for by the cashier ( Periodic accounting of all sequentially numbered checks by cashier )<control
Discuss the criticisms of traditional cost accounting methods.
Traditional cost systems tend to apply too much overhead to some products and too little to others, because too few cost pools are used. This creates two problems: 1) companies may accept sales contracts for some products at prices below their true cost of production. Consequently, although sales in-crease, profits decline. 2)companies may overprice other products, thereby inviting new competitors to enter the market.
How can using RFID tags or bar codes on goods or products provide significant benefit in the expenditure cycle?
Using RFID tags or bar codes on items improves efficiency of the process of counting and recording inventory. This does not delete the need of inspecting the quality of the goods.
Explain what CIM means and its benefits.
computer-integrated manufacturing (CIM) - A manufacturing approach in which much of the manufacturing process is performed and monitored by computerized equipment, in part through the use of robotics and real-time data collection of manufacturing activities. benefits: helps avoid costs and delays due to breakdowns.
Discuss how cloud computing could both positively and negatively affect system availability.
positive affect: reduce the risk that a single catastrophe could result in system downtime and the loss of all data, bc they utilize redundant servers in multiple locations. negative affect: if a public cloud provider goes out of business, it may be difficult, if not impossible, to retrieve any data stored in the cloud.
Describe some steps you can take to minimize your risk of identity theft.
• Shred all documents that contain personal information • Never send personal information in unencrypted email • Beware of email, phone, and print requests to "verify" personal information that the requesting party should already possess • Do not carry your social security card with you • Print only your initials and last names rather than your full name on checks • Limit the amount of other information preprinted on checks • Do not place outgoing mail containing check or personal information in your mailbox for pick up • Do not carry more than a few blank checks with you • Use special software to thoroughly clean any digital media prior to disposal, or physically destroy the media • Monitor you credit reports regularly • File a police report as soon as you discover that your purse or wallet was lost/stolen • Make photocopies of driver's licenses, passports, and credit cards • Immediately cancel any stolen or lost credit cards
