ACC 492 - HOMEWORK

CHAPTER ONE: Accounting Information Systems

and the Accountant
DISCUSSION QUESTIONS:
3. Advances in IT are likely to have a continuing impact on financial
accounting. What are some changes you think will occur in the way
financial information is gathered, processed, and communicated as
a result of increasingly sophisticated IT?
Advances in IT that allow transactions to be captured immediately,
accountants and even the AIS itself can produce financial statements almost
in real-time. Interactive data allows for information to be reused and carried
seamlessly among a variety of applications or reports.
4. XBRL is emerging as the language that will be used to create
interactive data that financial managers can use in communication.
How do you think the use of interactive data might enhance the
value of a companys financial statements?
It will allow the data to be used between programs, allowing for faster
access and calculations, meaning that the company can quickly prepare
financial statements at any time.
5. Discuss suspicious activity reporting. For example, do you think
that such reporting should be a legal requirement, or should it be
just and ethical matter? Do you think that the majority of SAR
activity is illegal, or are these mostly false alarms?
SAR laws now require accountants to report questionably financial
transactions to the U.S. Department of Treasury. It should be a legal
requirement because of the ease of committing fraud through an AIS and the
fact that it can be used as a deterrent. Most of the activity is probably false
alarms, but it is better to be safe than sorry.
6. Managerial accounting is impacted by IT in many ways, including
enhancing CPM. How do you think a university might be able to use
a scorecard or dashboard approach to operate more effectively?
The scorecard and dashboard approach allow a university to track and
assess the functionality of its activities and match it against its strategic
values. It can trace unfavorable performance to be able to correct it. This
ensures the university has successful internal controls as well. The
dashboard will allow it to be easier to understand given there are many
elements/departments within a university.

7. Look again at the list of assurance services shown in Figure 1-9.

Can you think of other assurance services that CPAs could offer
which would take advantage of their AIS experience?
They could offer an assurance/IT help for individuals and their AISs and
computer systems. They could vouch for compliance with organizations or
other companies that might come in contact with them, as in to recommend
them. They could offer a seal of approval.
10. This chapter stressed the importance of IT for understanding
how AISs operate. But is this the only skill valued by employers?
How important do you think analytical thinking skills or writing
skills are? Discuss.
No. Due to the fact that AISs are complex, analytical skills are
necessary to make decisions and figure out whatever is needed. Writing skills
are important to communication and also programming AISs. Both of these
skills are very valued by employers. A well-rounded mix would make an ideal
candidate in accounting/IT fields.

PROBLEMS
11.

a. AAA American Accounting Association

b. ABC Activity Based Costing
c. AICPA American Institute of Certified Public Accountants
d. AIS Accounting Information Systems
e. CFO Certified Financial Officer
f. CISA Certified Information Systems Auditor
g. CITP- Certified Information Technology Professional
h. CPA Certified Public Accountant
i. CPM Corporate Performance Measurement
j. ERP Enterprise Resource Planning
k. FASB Financial Accounting Standards Board
l. HIPPA Health Insurance Portability and Accountability Act
m. ISACA Information Systems Audit and Control Association
n. IT Information Technology
o. KPI Key Performance Indicators
p. OSC q. PATRIOT Act - Uniting and Strengthening America by Providing
Appropriate Tools Required to Intercept and Obstruct Terrorism
r. REA resources, events, and agents
s. SAR Suspicious Activity Reporting
t. SEC Securities Exchange Commission
u. SOX Sarbanes- Oxley Act
v. VARs Value-Added Resellers
w. XBRL Extensible Business Reporting Language

16. a. Dues paid, expenses, donations, operating costs, and capital

investments and costs.
b. Yes, because AISs do not have to be computerized.
c. No, fraud tends to occur when there isnt a separation of duties.
d. Benefits would include ease of information collected/entered, realtime reporting, ease of access to information, e-commerce style record
keeping. It would only be cost effective if system is easy to use/user-friendly.

CHAPTER TWO: Information Technology and AISs

DISCUSSION QUESTIONS
1. Why is important to view and AIS as a combination of hardware,
software, data, people, and procedure?
It takes ALL components to work successfully.
2. Why is information technology important to accountants?
1.
2.
3.
4.
5.
6.
7.

On CPA exam
Used a lot therefore need to understand it
To be able to audit systems
Task Identification
Help clients make hardware and software purchases
To evaluate efficiency and effectiveness
IT profoundly affects work today and in the future

3.Why do most AISs try to avoid data transcription?

To avoid errors, time-consuming, costly, inefficient, nonproductive, can
bottleneck data at transcription site, embeds errors, and provides
opportunities for fraud, embezzlement, or sabotage.
11. What are local area networks? What advantages do LANs offer
accounting applications?
LANs consist of microcomputers, printers, terminals, and similar
devices that are connected together for communications purposes. Most use
file servers to store centralized software and data files and also to coordinate
data transmissions between devices. Most LANs occupy single building and
are wireless. Advantages include:
1.
2.
3.
4.

Facilitating communications
Sharing computer equipment
Sharing computer files
Saving software costs

5.Enabling unlike computer equipment to communicate with one

another
12. What is client/server computing? How does it differ from
host/mainframe computing? What are some advantage and
disadvantages of client/server systems?
It is an alternative technology to mainframe and/or hierarchal
networks; typically a microcomputer. Mainframe systems normally centralize
everything, whereas client/server applications distribute data and software
among the server and client computers of the system. Advantages: flexibility
of distributing capabilities, reduced telecommunications costs, and ability to
install thin/client systems. Disadvantages: must maintain multiple copies of
same databases making backup and recovery difficult, difficult data
synchronization, system consistency makes it difficult to change versions of
a program, and user training is greater.

PROBLEMS:
17.

18.

a. ALU CPU component

b. CD-ROM - secondary storage
c. keyboard input equipment
d. Modem data communications
e. dot-matrix printer output equipment
f. POS device - input equipment
g. MICR reader - input equipment
h. laser printer - output equipment
i. flash memory secondary storage
j. OCR reader - input equipment
k. magnetic (hard) disk secondary storage
l. ATM - data communications
m. Primary memory - CPU component

a. POS Point of sale devices, gather and record electronic data

b. CPU Central processing unit, processes tasks within a computer
c. OCR Optical character recognition, optical readers to interpret data
d. MICR Magnetic ink character recognition, magnetically-encoded
paper coding
e. ATM Automated teller machine, to communicate to banking
customers
f. RAM Random access memory, primary memory, operating
instructions
g. ALU- Arithmetic-logic unit, performs arithmetic and logic tasks
h. MIPS Millions of instructions per second, computer processing speeds
i. OS Operating system, helps computer run itself and programs
within
j. MHz Megahertz, computer processing speeds

k. pixel Picture elements, dots of color in video output

l. CD-ROM Compact disk-read only memory, secondary storage
m. worm Write-once, read-many, type of cd-rom
n. modem modulator-demodulator, transmission over phone lines
o. LAN Local area network, small area connected devices
p. WAN Wide are network, large area connected devices
q. RFID Radio frequency Identification, enables identification using
radio waves
r. WAP Wireless application protocol, set of communication standards
and language
s. Wi-Fi Wireless fidelity, transmitting over wireless channels
t. ppm Pages per minute, printing speeds
u. dpi Dots per inch, resolution of ink-jet printers
v. NFC Near-field communication, enables communication with other
NFC devices

CHAPTER SIX: Documenting Accounting

Information Systems
DISCUSSION QUESTIONS
1. Why is documentation important to AISs? Why should
accountants be interested in AIS documentation?
Documentation explains how AISs operate: describes the tasks for
recording data, the procedures that users must perform, the processing
steps that AISs follow, and the logical and physical flows of accounting data
through systems.
1.
2.
3.
4.
5.
6.
7.
8.
9.

Depicting how system works

Training Users
Designing new systems
Controlling system development and maintenance
Standardizing communications with others
Auditing AISs
Documenting business processes
Complying with SOX Act
Establishing Accountability

It is important for accountants to understand the documentation that

describes how processing takes place.

2. Distinguish between documentation flowcharts, system

flowcharts, data flow diagrams, and program flowcharts. How are
they similar and different?
Document Flowchart traces the physical flow of documents through
an organization from who first created them to their final destination.
System Flowchart Concentrate on computerized data flow of AISs.
Data Flow Diagrams (DFDs) development process, as a tool for
analyzing an existing system or as a planning aid for creating a new system,
describes the sources of data stored in a database and the ultimate
destinations of these data.
Program Flowchart outline the processing logic of computer programs
as well as the order in which processing take place.
All four use symbols and linage to describe the flow/activity. Data flow
diagrams describe the source and flow of data in a database. Document
flowcharts trace the flow of documents. System flowcharts are created when
there is computerized/electronic data and processing. Program flowcharts
outline computer programs and how they determine each process. System
flowcharts, data flow diagrams, and program flowcharts can be designed at
different levels/hierarchal process maps of detail.

5. What are the four symbols in a data flow diagram? What does
each mean?

External Entity (data source or destination)

Data Flow

Internal Entity (physical DFDs) or Transformational Process

(logical DFDs)

Data Store (file)

8. What is the purpose of a decision table? How might they be

useful to accountants?
The purpose of a decision table is to indicate what action to take
for each possibility of conditions and processing tasks and as an alternative
to program flowcharts. They will be useful to accountants because they
provide a large number of conditions in a compact, easily understood format.
This ensures accuracy, completeness, and fewer omissions of important
processing possibilities.

CHAPTER SEVEN: AISs and Business Processes:

Part 1
DISCUSSION QUESTIONS
1. As you might imagine, the chart of accounts for a manufacturing
firm would be different from that of a service firm. Not surprisingly,
service firms differ so much that software now exists for almost any
type of firm that you could name. Think of yourself as an
entrepreneur who is going to start up your own business. Now, go
online to find at least two different software packages that you
might use for the type of firm you are going to start up. What does
the chart of accounts include? Are both software packages the
same? What are the differences between the packages?
1. Intuit QuickBooks Premier Retail Edition 2014
Difference from QuickBooks Pro:
Organize your business finances all in one place and save time on everyday tasks

Accounting tools for retailers

Save time managing retail activities, tracking sales results and profitability
Organize your customer information on one screen see whos paid and who owes you
Gain greater insight with retail specific reports to help manage your business better
Use tools to create and track service work orders
Get reliable records for tax time
2. QuickBooks Pro 2014 cheaper than Retail Edition.

For both versions, when you start up the program it will

ask you questions in order to tailor a chart of accounts for what is needed.
The retail version is tailored to retailers to provide insight beyond financial
aspects.
3. What are some typical outputs of an AIS? Why do system analysts
concentrate on managerial reports when they start to design an
effective AIS? Why not start with the inputs to the system instead?
Outputs include: Reports to management, reports to investors and
creditors, files that retain transaction data, files that retain current data
about accounts, i.e. customer billing statements, aging report, bad debt
report, cash receipts forecast, approved customer listing, sales analysis
reports, check register, discrepancy reports, and cash requirements forecast.

Most of the accounting data collected by an organization ultimately appears

on come type of internal/external report, therefore the design of an effective
AIS usually begin with the outputs (reports) that users will expect from the
system.

PROBLEMS
14. Recommend a type of coding:
a. Employee id number on a computer file Sequence, simple
identification
b. Product number for a sales catalog Group
c. Inventory number for the products of a wholesale drug company Block
d. Inventory part number for a bicycle mfg company - Block
e. ID numbers on the forms waiters use to take orders Sequence,
simple identification
f. ID numbers on airline ticket stubs Sequence, simple identification
g. Auto registration numbers Sequence, simple identification
h. Auto engine block numbers Sequence, simple identification
i. Shirt sizes for mens shirts Mnemonic, lettering used to identify
sizing
j. Color codes for house paint Mnemonic, lettering used to identify
color combonations
k. ID numbers on payroll check forms Sequence, simple identification
l. Listener ID for a radio station Block, numbering based on region
m. Numbers on lottery tickets Sequence, simple identification
n. ID numbers on a credit card Block, first numbers indicate type of
card
o. ID numbers on dollar bills Block, lettering first then numbers
p. Passwords used to gain access to a computer Mnemonic, lettering
used to create pw
q. Zip codes Block, based on regional areas
r. A chart of accounts for a department store Block, categorized by
type
s. A chart of accounts for a flooring contractor Block, categorized by
type
t. Shoe sizes Sequence, simple identification by size
u. ID number on a student exam Sequence, simple identification
v. ID number on an insurance policy Block, identifiers on
region/policy type/etc.

CHAPTER EIGHT: AISs and Business Processes: Part

2
DISCUSSION QUESTIONS
2. Why are accounting transactions associated with payroll
processing so repetitive in nature? Why do some companies choose
to have payroll processed by external service companies rather than
do it themselves?
There are standards for payroll that are government mandated,
including very strict control procedures, and with the transactions occurring
very frequently, it causes payroll processing to be repetitive. Many
companies find it cost-effective to outsource the process for payroll reports
and paychecks.
5. What are the basic concepts of lean manufacturing? What
concepts are the root of lean production and lean manufacturing?
Lean manufacturing involves making the commitment to eliminate waste
throughout the organization (not just production). It focuses on the
elimination or reduction of non-value-added waste to improve overall
customer value and to increase the profitability of the products or services
that the organization offers. It was developed through the concepts of just-intime and Total Quality Management.

PROBLEMS
14. How could an automated time and billing system help your firm?
What is the name of the software package and what are the primary
features of this BPM software?
Automated time and billing systems could be more cost-effective, as
well as help with tedious transaction and reporting, aid in detecting and
reducing errors, and help with keeping up with delinquent accounts. Tabs3
Billing will keep track of time easily, bill exactly the way you want to, get bills
out faster, create useful reports to stay on top of the business of law, secure
your information, has advanced compensation formulas to compute with,
and has free practice management included.

CHAPTER NINE: Introduction to Internal Control

Systems
DISCUSSION QUESTIONS
1. What are the primary provisions of the 1992 COSO Report? The
2004 COSO Report?
1992- Internal Control-Integrated Framework: Defines internal control
and describe its components, Presents criteria to evaluate internal control
systems, provides guidance for public reporting on internal controls, and
offers materials to evaluate internal control system.
2004 Focuses on enterprise risk management, include 5 components
of 1992 Report, and adds three components: objective setting, event
identification, and risk response.
2. What are the primary provisions of COBIT?
Control Objectives for Business and IT; A framework for IT
management; provides managers, auditors, and IT users a set of generally
accepted measures, indicators, processes, and best practices to maximize
benefits of IT and develop appropriate IT governance and control.
5. Why are accountants so concerned about their organization
having an efficient and effective internal control system?
Accountants rely on an internal control system to safeguard assets,
check the accuracy and reliability of accounting data, promote operational
efficiency, and enforce prescribed managerial policies. If it is not efficient and
effective, the accountants will suffer.
6. Discuss what you consider to be the major differences between
preventative, detective, and corrective control procedures. Give two
examples of each type of control.
Preventative controls are put in place to prevent problems, such as
scenario planning and firewalls. Detective controls alert managers when
preventative controls fails, such as motion detection and log monitoring and
review. Corrective controls are what a company uses to solve or correct a
problem, such as changing back up procedures and camera systems.
7. Why are competent employees important to an organizations
internal control system?

Competent and honest employees are more likely to create value for
an organization and lead to efficient use of the companys assets.
8. How can separation of duties reduce the risk of undetected errors
and irregularities?
The purpose of separation of duties is to structure work assignments
so that one employees work serves as a check on another employee(s).
9. Discuss some of the advantages to an organization from using a
voucher system and prenumbered checks for its cash disbursement
transaction.
A voucher system reduces the number of cash disbursement checks
that are written, since several invoices to the same vendor can be included
on one disbursement voucher, the disbursement voucher is an internally
generated document, and can be prenumbered to simplify the tracking of all
payables, thereby contributing to an effective audit train over cash
disbursements.
10. What role does cost-benefit analysis play in an organizations
internal control system?
Companies develop their own optimal internal control package by
applying the cost-benefit concept: only those controls whose benefits are
expected to be greater than, or at least equal to, the expected costs are
implemented.
11. Why is it important for managers to evaluate internal controls?
SOX compliance, managers must acknowledge their responsibility for
establishing and maintaining adequate internal control structure and
procedures.
12. Why did COSO think it was so important to issue the 2009
Report on monitoring?
COSO observed that many organizations did not fully understand the
benefits and potential of effective monitoring and were not effectively using
their monitoring results to support assessments of their internal control
systems.

PROBLEMS

13. Internal control weaknesses:

*Oral authorization to remove items from storeroom: should be
documented not oral.
* Physical Inventory count by storeroom clerks: should be
management if documentation of inventory is not going to occur; regardless
of supervision.
* Reordering when below reorder level: should not order until at
reorder level, excess of inventory will allow for possible theft.
* Number of items ordered available to storeroom clerks: should be a
separate receiving person, separation of duties.

CHAPTER TEN: Computer Controls for

Organizations and AISs
DISCUSSION QUESTIONS
1. What is a security policy? What do we mean when we say
organizations should have an integrated security policy?
A security policy is an integrated plan that helps protect an enterprise
from both internal and external threats. An integrated security policy
combines logical and physical security technologies.
2. What do we mean when we talk about convergence of physical
and logical security? Why might this be important to an
organization?
Combining technologies of physical and logical securities, supported
by a comprehensive security policy, can significantly reduce the risk of
attack because it increases the costs and resources needed by the intruder.
4. What controls must be used to protect data that is transmitted
across wireless networks?
Virtual private network to remote access to entitys resources and data
encryption to avoid electronic eavesdropping.
5. Why is business continuity planning so important? Identify
several reasons why testing the plan is a good idea?
They use BCP to be reasonably certain that they will be able to operate
in spite of any interruptions, such as, power failures, IT system crashes,,
natural disasters, supply chain problems, and others.
6. What is backup and why is it important when operating an
accounting system?
Backup is similar to the redundancy concept in fault-tolerant systems.
It is important when operating an accounting system because you could lose
all of your work and client information.
7. Discuss some of the unique control risks associated with the use
of PCs and laptop computers compared to using mainframes.

PCs are relatively in-expensive, therefore it is not cost-effective for a

company to go to elaborate lengths to protect them. Important safeguards
are: (1) backup important laptop data often, (2) password protect them, and
(3) encrypt sensitive files. Antitheft systems can help avoid theft. Control
procedures include: Identify your laptop and keeping information in a safe
place, use non-breakable cables to attach laptops to stationary furniture to
avoid theft, load antivirus software onto the hard disk to avoid theft of data,
and back up laptop information to ensure data integrity.
9. Explain how each of the following can be used to control the
input, processing, and output of accounting data:
a. EDIT TESTS- examine selected fields of input data and reject those
transactions whose data fields so not meet the pre-established standards of
data quality. INPUT CONTROL
b. CHECK DIGITS computed as a mathematical function of the other
digits in a numeric field and its sole purpose is to test the validity of the
associated data. INPUT CONTROL
c. PASSWORDS INPUT CONTROL, to ensure validity
d. ACTIVITY LISTINGS - OUTPUT CONTROL, documents processing
activities
e. CONTROL TOTALS PROCESSING CONTROL, to control large
amounts of data processing
10. What is the difference between logical and physical access to
the computer? Why is the security of both important?
Logical refers to the access of technology on a computer while physical
access refers to the access to the actual computer equipment. Both are
important because they are both assets of the company, and an integrated
security system that includes both logical and physical security can
significantly reduce the risk of theft and attack.
11. Discuss the following statement: The separation of duties
control is very difficult in computerized accounting information
systems because computers often integrate functions when
performing data processing tasks. Therefore, such a control is not
advisable for those organizations using computers to perform their
accounting functions.
This is incorrect. Due to the fact that functions are integrated, extra
measures need to be taken to separate functions of authority and
responsibility between accounting and IT subsystems or departments.

PROBLEMS
13. I think both types of controls, personnel and edit tests, are set forth to
eliminate potential errors and frauds of both intentional and accidental
natures. Not specifically for one type or the other.
15. Separation of duties to stop him from setting up companies, ordering,
payments, etc to these fictitious companies. Also, input controls, such as edit
and validity tests to disallow the creation of new vendors.
16. a. Input controls, such as edit and validity tests.
b. Output controls to notify aged accounts, and input controls to disallow
the ability to sell to the company.
c. Separation of duties, to eliminate potential of fraud.
d. Input controls to disallow the creation of new master files for wrong
codes entered.
e. Separation of duties, to keep him from being able to pay vendors and
write off inventory at same time.
17. a. Input to disallow incorrect deposit code, b. input/check digits, c.
input/edit tests, d. input/edit tests, e. input/check digits, f. input/edit tests or
check digits, g. general to disallow access without proper identification, h.
Processing/batch control total

CHAPTER ELEVEN: Computer Crime, Fraud, Ethics,

& Privacy
DISCUSSION QUESTIONS
1. The cases of computer crime that we know about have been
described as just the tip of the iceberg. Do you consider this
description accurate?
Since most computer crimes are caught through luck, chance, or
accident, generally only an estimated 1% of computer crime is detected. This
description is correct due to exponential growth in the use of computer
resources, continuing lax security, and availability of information on how to
commit computer crime.
2. Most computer crimes are not reported. Give as many reasons as
you can why much of this crime is purposely downplayed. Do you
consider these reasons valid?
From a business perspective, reasons could include costs to persecute,
wanting to avoid the media, reputation issues, easier to just fire people
rather than persecute, company not wanting consumers/customers knowing
about lack of controls, possible auditing issues. None of these reasons are
technically valid because crime cannot be controlled without reporting.
5. What enabled employees at TRW to get away with their crime?
What controls might have prevented the crime from occurring?
What enabled the employees was the fact that they were able to
enter false information into the computer procedures. Controls that could
have prevented the crime are authorization and validation of credit changes
and separation of duties.
11. The fact that Mr. Allen has never taken a vacation is a key red flag that
he may have been manipulating the account data. Making him Employee-ofthe-Year should not be a consideration until he/his department had been
audited for the potential fraud. Giving him such a title would entice him to
continue committing frauds.

PROBLEMS
12. a. The university had too strict policy about releasing passwords. There
should have been additional controls that allowed someone who had lost a

password to obtain it, i.e. personal data question, etc. This would allowed for
assurance that the student was who she said she was and also avoiding
complaints of that nature.
b. The company should have adopted a policy against personal use on
company computers regardless of on company time or not, and the fact that
the computers are owned by the company, it shouldnt be an issue of
privacy.
c. The company should require a certain level of password and adopt a
policy that is any passwords are found there will be consequences. Otherwise
they need to use a biometric way of logging in to systems.
d. The company should have a policy against personal use of company
computers and also on the fact that he is holding and attending to a second
job instead of at the hospital.
e. This is an indication of a possible fraud, and the company needs to
investigate the 20 employees and the departments associated with inputting
of the data.
f. Ebay needs to clearly state this in their sellers policies, and also create
a control that disallows someone to bid on their own items for sale. This also
needs to extend to users with similar addresses, phone number, email
address, etc.
g. The Web company should have a control restricting its employees from
visiting certain sites it does business with.
15. a. A policy that only allows certain employees access to mail, or a
separate mailing address that is accessible only by certain people.
b. The checks should only be drawn on one account, and the bookkeeper
shouldnt be allowed to assign paychecks.
c. Separation of duties, the HR personnel should not have access to
paychecks.
d. Separation of duties and access to certain authorizations.
e. Separation of duties, the purchasing agent should not be accounts
payable.
f. The company should have strict password requirements that are more
difficult to hack.
g. The clerk should have been taking vacations or time off in three years.
h. The company should have a system that disallows the loading of
unapproved programs.
i. The company should use serial numbers for patients and also have a
strict privacy policy.

CHAPTER TWELVE: InformationTechnology Auditing

DISCUSSION QUESTIONS
1. Distinguish between the roles of an internal and an external
auditor. Cite at least two examples of auditing procedures that
might reasonably be expected of an internal audition but not and
external. Which type of auditor would you rather be? Why?
Internal auditors work for their own company while external work for an
independent CPA firm. The difference is in purpose: staff positions that report
to top management, an audit committee or board of directors, and also
involve evaluation of the company to provide assurance about the efficiency
and effectiveness of almost any aspect of its organization. I would rather be
an internal auditor. The duties are more broad and less of risk of being sued
in the end.
4. IT auditors need people skills as well as technical skills. One such
skill is the ability to interview effectively. Discuss some techniques
or tools that might help an interviewer get the best information
from an interviewee, including sensitive material.
Being more personable and able to build trust quickly will get people to
open up to you and deliver information they may not have otherwise.
Learning skills on how to interrogate would have read body language and
signs hidden between the lines of lies. Learning the aspects of the position
the person works in will help the interviewer ask better questions and
delivery what-ifs.
5. Describe how an auditor might use through-the computer
techniques such as test data, an integrated test facility, parallel
simulation, or validation of computer programs to accomplish audit
objectives relative to accounts payable.
Test data will allow an auditor to check the range of exception situations
and compare the results with a predetermined set of answers on an audit
worksheet, such as invalid dates and use of alphabetic data in numeric
codes. An integrated test facility will allow an audit in an operational setting
by using artificial transactions and companies, such as payments to vendors
and shipments/orders from vendors. Parallel simulation allows the auditor to
run live data instead of test data in a second system that duplicates the
client system to look for differences, such as payments to vendors only

system and not the entire accounts payable program. Validation allows an
auditor to guard against program tampering with program change controls,
program comparison, reviews of the system software, validating users and
access privileges, and continuous auditing for real-time assurance.
6. A company always wants to be safe, but when costs are an issue, priority
guidance is a must. The auditor and the company should invest in a
computerized auditing software to help audit. The controls, even though all
beneficial, should still be portrayed in a hierarchy to show which ones are
technically worth more (risk assessment). The auditor should evaluate those
control procedures (systems review) and then evaluate the weaknesses.
Control weaknesses in one area of an AIS may be acceptable if control
strengths in other areas of the AIS compensate for them.

PROBLEMS
8. a & b. According to the risk analysis, the high probability of occurrence is
VANDALISM, medium probability is BROWNOUT and POWER SURGE, and low
probability is EQUIPMENT FAILURE, SOFTWARE FAILURE, EMBEZZELMENT,
FLOOD, and FIRE. When using a cost-basis analysis, the figures would
indicate that the only two that wouldnt be affordable to enlist controls for
are EMBEZZELMENT and SOFTWARE FAILURE. Considering the low cost
compared to the losses and the fact that they could stop a business from
continuation, FLOOD and FIRE must have physical general controls in place.
EQUIPMENT FAILURE would also need similar controls because of the low cost
compare to high losses estimates. Due to the medium probability of
occurrence and low cost to control BROWN OUT and POWER SURGE would
need physical general controls in place.