Exam 2 discussion questions
Inventory was stolen by receiving dock personnel. The receiving clerk claimed the inventory was sent to the warehouse, but the warehouse clerk did not record properly.
detective control: inventory manager could check
Writing off a customer's accounts receivable balances as uncollectible in order to conceal the theft of subsequent cash collections.
segregation of duties
Describe some real-world examples of (a) one-to-one relationships, (b) one-to-many relationships, and (c) many-to-many relationships. Which do you think is most common? Which does a relational database handle most easily?
(A) cash sales at the grocery store (one cash receipt per sale), sales of new cards (one car and a new car is sold only once) (B) There are many chapters but only one book, customers and the sales, employees and their paychecks (C) sales and inventory, payments over time on a credit card
From your experience, think about the sales process for an online or brick-and-mortar store. Describe some business rules that help provide internal controls over that process.
1) making sure that a payment has been made 2) acceptable and in range shipping address 3) handling large bills in an effective manner to make sure it is not fraudulent 4) having a manager check over the order details to make sure everything is acceptable
Authorization of a credit memo for a customer's account (on receivables) when the goods were never actually returned
1. Documentation 2. Validity check
Figure 4.32 lists the modules available from SAP. List and explain which modules would be most appropriate for either Maytag or a manufacturing company you are familiar with.
1. Material Management (MM): manages the movement of materials 2. Financial accounting (FI): responsible for tracking flow of money throughout the company 3. Sales and distribution management (SD): manages activities of sales and distribution in the organization
What are the objectives and components of the COSO ERM 2004 framework?
1. Strategic 2. Operations 3. Reporting 4. Compliance
Theft of funds by the cashier, who cashed several checks and did not record their receipt.
1. segregation of duties 2. validity check 3. Automatic receipts
Some larger companies and government entities issue contracts for major purchases and then issue specific purchase orders to their contractors according to the terms of the contract. The contract can specify prices and payment terms as well as other administrative procedures. How would the use of contracts affect the standard process flow as shown in figure 6.2? How would it affect the UML class diagram for the purchases and payments process?
A contract would affect the standard process flow because the company would have to determine if the purchase order was major enough for a contract. If the purchase was major, then they would have to show the process of signing the contract. This would effect the UML class diagram because it would have to add a contract class and show the relationship between those.
Structured Query Language (SQL) is used to retrieve data from a data base. Why would an accountant need to learn SQL?
Accountants would use an SQL to pull data from the master table, to design queries to get the calculated data and to run report in an application. It also helps accountants communicate with the IT team when they are needed for assistance.
Billing customers for the quantity ordered when the quantity shipped was actually less due to back-ordering of some items.
Application control- shipping personnel should be required to record the actual quantity shipped on the order
What are the differences between asymmetric- and symmetric-key encryption, and when is each used?
Asymmetric key encryption is a slower process compared to the symmetric key encryption. Because it is slower it is not used for the larger datasets. Asymmetric also uses a public and a private key while the symmetric key encryption uses session keys.
Explain how to use the asymmetric-key encryption method to maintain confidentiality in transmitting a business document electronically.
Asymmetric key is an encryption method where any document can be encrypted only by using a private key which is a password. In this method there is one key for encrypting and another for decrypting.
\What are the differences between authentication and authorization?
Authentication is the process of verification and giving someone rights to access. While authorization is where the extent of rights are determined and takes place after authentication.
What classes and associations would be included in a model that describes the information needed for a query that calculates the accounts receivable balance for each customer? Describe differences In the information for the open-invoice method, where customers pay according to specific invoices, versus balance-forward method, where customers pay balances on monthly statements.
Classes: Account, customer, bank Associations: bank -> account Bank-> customer Customer -> Account Open invoice payments can be applied to specific payments while the balance forward method has the payments automatically applied to the current balance. Another difference is that the balance forward method only retains the transaction information for the current period and then it is consolidated into an account for each following period. The open invoice method saves its individual transaction information including customer details until the transaction is removed.
Consider the diagram in discussion question 4. Identify some examples of classes that would be modeled with a composition model. Identify some examples of classes that would be modeled with an aggregation relationship model. Book (1..1) ------- Chapters (1..*)
Composition models -a 'human' class is a composition of heart and lungs -a car cannot exist without an engine Aggregation model -Teams and players. Although players can exist separately from a team, they are part of a team -Wallet and money. Because a wallet can exist without a wallet
What is the goal of each of the general security objectives (e.g., confidentiality, integrity, availability, access control)? Why should a company care about these?
Confidentiality- to make sure that information is not accessible to any unauthorized person Integrity- information is to always be accurate and complete availability- information is accessible on demand
How can data integrity be ensured when conducting e-business? Why is it critical to e-business?
Data integrity can be ensured by creating a secure web page and protecting all the information of its customers. The company should also maintain a user id and password system to prevent any unauthorized use. Data integrity is critical to e-business because it is very crucial for companies to operate in this day in age. When a company uses the internet to conduct business they need to make sure that their information is accurate and not misused by anyone.
Explain the differences among hierarchical, network, and relational data models. What makes the relational data model the most popular data model in use today?
Hierarchical data models are used when the data in the organization can be put down in terms of levels, one after another. It can be looked at as looking like a tree structure. Network data models inter-connects the entities of an organization into a network. The NDM uses blocks, the area, and the arrows to represent the database of the organization. The NDM is much more flexible than the HDBM. The relational data model has its data stored in the form of tables which are connected to each other using primary and foreign keys. Relational models are more popular because they are easy for programmers to work with, users can use this with minimal effort or training, and it's easier to maintain than the hierarchical and network models.
Use a few sentences to describe IT general controls and application controls. Give a few examples of these two types of controls.
IT general controls are related to the enterprise-level controls over IT. Application controls are activities specific to a subsystem's or an application's input, processing, and output. An example of IT general is IT control environment and IT application controls would be field checks to ensure the characters in a field are of the proper type.
Recall that type images apply guidelines, constraints, and descriptive information, as well as categorizing the economic resources, events, and agents for a business process. Figure 6.7 shows two examples of type images for Sunset graphics. Are there other possible type images that could be added to the diagram to help sunset's managers manage the purchases and payments process?
Looking at figure 6.7 I can see that you could add a type image for purchase order category. This could help the company is figuring out what kind of purchase was made and help mitigate the transactions.
Describe the control activities in the COSO framework. Why are these control activities important for most firms?
Physical controls: involve the physical use of computing technology like segregation of duties and authorization. There is also IT Controls which help mitigate risks associated with the use of technology. Input controls ensure the authorization, entry, and verification of data entering the system. Processing controls are controls that data is processed accurately. Lastly, there are Output controls which ensures that the data is used properly by everyone. These control activities are important to a firm to ensure that their information is not being misused in any way to harm the company.
There are three types of controls: preventative, detective, and corrective. List some examples of each type. Explain which type of control auditors would focus on while evaluating a company's effectiveness of controls and why.
Preventative: transactions should be authorized to ensure the accuracy, fraud prevention software on computers Detective: bank reconciliations and monthly trial balances are prepared to catch the mistakes, managers double checking inventory and assets to make sure everything is running smoothly Corrective: backing up files to recover corruptive data, blocking fraud, retraining employees on the issues that have arisen Auditors would look at preventative controls to see how well they are preventing issues before they happen.
Segregation of duties is an important internal control. What functions must be separated? If ideal segregation of duties is not economically feasible, what are some compensating controls that would help reduce the risk of fraud or error?
Segregation of duties ensures that there is oversight and review to catch errors. Some functions that must be separated are record keeping of assets and having custody over certain assets. Some other internal controls that could be authorization to ensure transactions are valid. Also the company could do an independent verification to double check for errors and misrepresentations.
If social engineering is a common reason that confidential information was revealed, what needs to be done to prevent this from occurring?
Something that would need to be implemented is user training so that employees know how to accurately and efficiently use the software in a manner that it is not misused on accident or on purpose.
Phishing is an example of social engineering where the attacker attempts to trick people into giving them personal information. Give two examples of phishing.
Spoofing and website cloning
Consider the following model and corresponding relational tables. Describe the meaning of the diagram in words. Assume that Students are identified by Student ID Number and Courses are identified by Course Number. List the relational tables that would implement the diagram (you may make assumptions about the non identifying fields in the tables). Student (0..*)------Course (0..*)
Students may take an any amount of courses and a course can have any amount of students attending. student: student ID #, student name, student address Course: Course Number, Course subject, Student ID #.
Chapter 13 identifies COBIT and ISO 27000 as information security frameworks. How do they relate to GTAG's Vulnerability Assessment? What similarities and differences are there among these three?
The COBIT and ISO 27000 relate to GTAG's vulnerability assessment because they all make sure law and regulations are compiled while taking actions on security management. They are also all for information security. The differences between the three is that ISO 27000 is a international standard, COBIT provides best practice of IT management framework and GTAG is the guiding framework for information security audit.
How has the Sarbanes-Oxley Act affected the audit profession and corporate governance of public firms?
The SOX requires companies that are registered with the SEC to annually assess and report on the design and effectiveness of internal control over financial reporting.
How would the following model look if you used a composition relationship? Which is more descriptive? Hint: Consider a composition relationship. Book (1..1) ------- Chapters (1..*)
The boob would have a closed diamond because in this case, chapters do not exist separately from the books.
Why would a manager be inclined to use the COBIT framework as a guide for IT governance and management?
a. COBIT allows businesses to improve efficiency and performance when it comes to IT governance. COBIT can also help in training employees and make sure they are performing to the best of their ability. COBIT also helps with decision making.
Think about the last time that you purchased something over the internet. What did the checkout page look like? What categories of operational decisions do you think were made by the website operator. What business rules applied?
The checkout page consists of the items that were purchased, the shipping costs, sales tax, personal information (like address), and payment information. I think the website coordinator made decisions about the calculation of the costs, potential fraud (is the credit card actually theirs), and suggesting certain items to the customer based on what they purchased. The business rules that apply would be what is the allowed payment method, correct shipping destinations.
What are the basic requirements of a relational database?
The integrity rule: the primary key of a table must have data values (cannot be null) Referential integrity rule: the data value for a foreign key must either be null or match one of the data and values that already exist in the corresponding table -Each attribute must have a unique name -Values of a specific attribute must be of the same type
In Figure 7.6, the labor operations event tracks direct labor incurred in the conversion process. What event tracks indirect labor?
The product authorization event would track indirect labor.
Sunset Graphics often buys inventory after receiving a sales order from the customer. Suppose you are asked to prepare one UML class diagram that combines both the sales and collection process and the purchases and payments process. What would be shared among these processes? What would be unique to each process? why?
The quotes associated with these sales would be shared among these processes. The Sunset employee would prepare the quote while the customer confirms the quote. The quote specifies the products and their quantities to be delivered, and the price.
Compare the UML class diagram shown in Figure 3.3 with the entity-relationship diagram shown in figure 3.A2. Describe the differences and the similarities.
There are some differences between the association lines and the relationship diamonds.
Using Amazon.com as an example, prepare a collaboration sales activity model. What is the difference between an online process and a traditional brick-and-mortar store process?
an online process would have shipping in the model whole a traditional brick and mortar would not have a shipping or purchase order online because it is face to face.
Consider the sale and cash receipt classes shown in Discussion Question 1. What kind of business is this (in terms of its payment requirements from customers)? How would the multiplicities change if the business (e.g., a used car dealer) accepted multiple payments over time? sales 1..1------Cash Receipt 0..1
This business is a cash only business which suggests that it might be a small dealership that is owned by one or two people. If they accepted multiple payments over time, their sale table would have to be related to all other payment methods. So this would create a one-to-many relationship, between the sale table and the other payment methods.
Disaster recover planning (DRP) and business continuity management (BCM) help businesses manage security risks. What similarities and differences exist between these two approaches?
a. Similarities -Both are proactive strategies that help a business prepare for sudden events. Instead of reacting to a disaster, both take an preventative approach, seeking to minimize the effects of a catastrophe before it occurs -Both require regular review, and they may sometimes require revision to ensure that they match the company's changing goals. b. Differences -A BCM can ensure communication methods like phones and network servers continue operating in the midst of a crisis. A DRP helps ensure an organization's ability to return to full functionality after a disaster occurs. -Unlike BCM, a DRP strategy involves creating additional employee safety measures, such as conducting fire drills or getting emergency supplies
The ISO 27000 series serves different purposes than ITIL. Which one could be more important to accounting professionals and why?
Using the ISO 27000 series most important purpose is to help protect assets and data to build a better protection system. This is most important because it protects business and helps accounting professionals with things like fraud and theft.
What classes and associations would be included in a model that describes the information needed for a query that calculates the accounts payable balance for each supplier? Describe the logic of that query. (In other words, what steps would you follow to compute that balance?)
the accounts payable query should include purchases, a supplier agent and cash disbursement event. This logic applies to each supplier and their sum of purchases would reflect total accounts payable and calculate the sum of cash disbursements. At the end, calculate the difference between the sum of cash disbursements and sum of purchases.
Think about the process you went through to enroll in this class. What business rules fo you think applied to the enrollment process? Are all of these rules written? Why or why not?
the business rules I think that were applied were: the student needs to pay tuition before registering for class, the student must have taken the prerequisite courses before taking certain classes, the student cannot enroll in a class unless they are a student at the university. All of these rules are not written and are just implied because there are certain things that are known.
Consider the following one-to-one association between classes. You are mapping the diagram to a set of relational tables. Where would you post the foreign key? Why would you post is there? sales 1..1------Cash Receipt 0..1
the cash receipt record can't exist without a sales id because a cash receipt is generated at the time of sales. Therefore the sales id of the sale table will act as a foreign key in the cash receipt.