ACCOUNTING INFORMATION SYSTEMS CONTROLS AND PROCESSESS 3RD EDITION BY LESLIE TURNER, ANDREA WEICKGEN

Page 1

TEST BANK

TEST BANK


ACCOUNTING INFORMATION SYSTEMS CONTROLS AND PROCESSESS 3RD EDITION BY LESLIE TURNER, ANDREA WEICKGENANNT, MARY KAY COPELAND SOLUTIONS MANUAL Turner/Accounting Information Systems, 3e Solutions Manual Chapter 1 Concept Check 1. d 2. d 3. b 4. c 5. c 6. c 7. b 8. b 9. b 10. a

Discussion Questions 11. (SO 1) How might the sales and cash collection processes at a Wal-Mart store differ from the sales and cash collection processes at McDonald’s? Wal-Mart sells items that are pre-priced and bar coded with that price. Therefore the cash registers at Wal-Mart use bar code scanners. However, McDonalds sells fast foods that are not bar coded. The cash registers at McDonalds use touch screen systems that require a cashier to indicate the items purchased. The cash collection processes are not different. In both cases, the employee collects the cash or credit card, and returns any change. 12. (SO 1) Can you think of any procedures in place at McDonald’s that are intended to ensure the accuracy of your order? Student responses may vary, however, following are a few examples: Often, at either the drive-through or the inside cash register, the customer can see a screen that displays the items ordered. In addition, a fast food restaurant uses pre-designed slots to hold certain types of menu items. When a customer orders a particular sandwich, the person filling the order knows exactly which slot to pull the sandwich from. Each customer receives a printed receipt with the items listed and the customer can verify the accuracy. Page 1-1


13. (SO 1) How might the sales and cash collection processes at Boeing Co. (maker of commercial passenger jets) differ from the sales and cash collection processes at

Page 1-2


Chapter 1 Solutions

Introduction to AIS

McDonald’s? Boeing does not sell to end-user consumers; rather, it sells to companies such as airlines. Therefore Boeing does not have stores, nor inventory in stores, nor cash registers to process sales. Boeing is more likely to maintain a sales force that visits potential customers to solicit sales. Those sales may be entered by the salesperson into a laptop computer connected to Boeing’s network. McDonald’s, on the other hand, sells to consumers, uses order input touch screens at each location, and maintains supplies of perishable food products. 14. (SO 1) Are there business processes that do not in some way affect accounting records or financial statements? There may be processes that do not directly affect accounting records (such as recruiting and hiring a new employee), but all processes have a direct or indirect affect on accounting records. All processes use resources such as material or employee time. Therefore, all processes have expenses related to those processes that will affect the accounting records. 15. (SO 2) Briefly describe the five components of an accounting information system. 1. Work steps within a business process that capture accounting data as the business process occurs. 2. Manual or computer-based records that capture the accounting data from the business processes. 3. Internal controls within the business process that safeguard assets and ensure accuracy and completeness of the data. 4. Work steps that process, classify, summarize, and consolidate the raw accounting data. 5. Work steps that generate both internal and external reports. 16. (SO 2) Describe how sales data are captured and recorded at a restaurant such as Applebee’s. At most Applebee’s restaurants, a server writes the order on a pad and carries that pad to a cash register. The server enters the order on a touch screen terminal. The order information is then displayed on a terminal in the kitchen. When the customer has finished the meal, the server prints a check and delivers the check to the table. The customer pays the server by using cash or a credit card. The server processes the payment on the touch screen register and returns the change or credit card slip to the customer. 17. (SO 2) What occurs in an accounting information system that classifies accounting transactions? For each business process that affects accounting records, the accounting information system must capture any resulting accounting data, record the data, process it through classification, summarization, and consolidation, and generate appropriate reports. 18. (SO 2) What are the differences between internal reports and external reports generated by the accounting information system? Internal reports are used by management to oversee and direct processes within the organization. External reports are the financial statements used by investors and creditors to make

Page 1-3


Chapter 1 Solutions

Introduction to AIS

decisions about investing or extending credit to the organization. 19. (SO 3) What types of businesses are in the supply chain of an automobile manufacturer? The types of businesses in an automaker’s supply chain are often manufacturers of parts used in cars. This would include manufacturers of tires, batteries, steel, plastic, vinyl and leather, as well as many other manufacturers making the thousands of parts in a car. 20. (SO 3) When a company evaluates a supplier of materials, what kinds of characteristics might be evaluated? The supplier’s characteristics that are likely to be evaluated include price and payment terms, quality, reliability of the materials, as well as whether the supplier can deliver materials when needed. 21. (SO 3) How do you think a company may be able to influence a supplier to meet its business processing requirements? A company may be able to influence a supplier by choosing only suppliers that meet expectations regarding the terms of price, quality, and delivery timing. Those suppliers that do not meet these expectations may not be used in the future. This exerts some influence over suppliers, as the suppliers will lose business if they do not meet the buyer’s requirements. 22. (SO 4) Describe any IT enablement that you have noticed at a large retail store such as Wal-Mart or Target. The most noticeable IT enablement is the use of bar coded systems on the products and how they are read by the cash registers. 23. (SO 4) How do you think the World Wide Web (WWW) has led to business process reengineering at companies such as Lands End or J.Crew? Prior to the World Wide Web, customers placed orders either on the phone or by mail. Both phone and mail orders require employees to take the order and enter it into the computer system. Using online sales, customers enter their own orders and no company personnel are needed to key orders into the computer system. Therefore, there was a major change in the number of people employed to key orders. 24. (SO 4) What two kinds of efficiency improvement result from business process reengineering in conjunction with IT systems? The use of IT systems usually leads to two kinds of efficiency improvements. First, the underlying processes are reengineered (through rethinking and redesign) to be conducted more efficiently. Second, the IT systems improve the efficiency of the underlying processes. 25. (SO 5) Explain the differences between a field, a record, and a file. A field is one set of characters that make up a single data item. For example, last name would be a field in a customer database. A record is a collection of related fields for a single entity. For example, last name, first name, address, phone number, and credit card number fields might make up a single customer record. A file is a collection of similar records. For example, all customer records together make up a customer file.

Page 1-4


Chapter 1 Solutions

Introduction to AIS

26. (SO 5) Explain why random access files would be preferable to sequential access files when payroll personnel are changing a pay rate for a single employee. When the desired action is to access a single record, random access is preferable. If sequential access storage is used, all records must be read in sequence until the desired record is reached. On the other hand, random access allows a single record to be accessed without the necessity of reading other records. This makes it more efficient to access a particular employee record to change the pay rate. 27. (SO 5) Why do real-time systems require direct access files? If transactions are to be processed online and in real-time, it is necessary that the computer access a single record immediately. Thus, direct access files are required so the records can be accessed in real-time. 28. (SO 5) Why is data contained in the data warehouse called nonvolatile? Each time a new transaction is completed, parts of the operational data must be updated. Therefore, the operational database is volatile – with constantly changing information. However, the data warehouse does not change with each transaction. The data warehouse is only changed when periodic updates occur. The data in the data warehouse are nonvolatile because they do not change constantly. 29. (SO 5) How is an extranet different from the Internet? The extranet allows access only to selected outsiders, while the Internet is open to an unlimited number of outsiders (essentially anyone having access to the Internet). On the other hand, extranets are typically used by companies to interact with specific suppliers and customers who have been granted access to a company’s network. 30. (SO 6) Prepare a list of the types of businesses that you have been in that use point of sale systems. Student responses may vary, but would likely include department stores, grocery stores, specialty stores, restaurants, gas stations, and car washes. 31. (SO 6) What do you think would be the advantages of an e-payables system over a traditional system that uses paper purchase orders and invoices? An e-payables system should be faster and more efficient than a paper-based system. In addition, fewer processing errors should be expected from an e-payables system. 32. (SO 7) Describe why enterprise risk management is important. All organizations face risks and Enterprise Risk Management (ERM) assists managers in reducing and controlling risk. ERM also involves personnel across the entire business organization, as they implement strategies to achieve the organization’s objectives. 33. (SO 7) What is the difference between general controls and application controls? General controls apply overall to the IT accounting system. They are controls that are not restricted to any particular accounting application. An example of a general control is the use of passwords to allow only authorized users to log into an IT-based accounting system. Application controls are used specifically in accounting applications to control inputs, processing, and output. Application controls are

Page 1-5


Chapter 1 Solutions

Introduction to AIS

intended to insure that inputs are accurate and complete, processing is accurate and complete, and that outputs are properly distributed, controlled, and disposed. 34. (SO 7) In what way is a code of ethics beneficial to an organization? If top management institutes a code of ethics and emphasizes this code by modeling its principles and disciplining or discharging those who violate the code, it can help reduce unethical behavior in the organization. 35. (SO 8) What roles do accountants have in relation to the accounting information system? Accountants are users of the AIS, they assist in the design of the AIS, and they are auditors of the AIS.

Brief Exercises 36. (SO 1) For each category of business processes (revenue, expenditure, conversion, administrative), give an example of a business process. Student responses are likely to vary greatly, as they may refer to any of the subprocesses within each category. For example, the revenue processes include sales, sales returns, and cash collections; the expenditure processes include purchasing, purchase returns, cash disbursements, payroll, and fixed asset processes; the conversion processes include planning, resource management, and logistics; administrative processes include capital processes, investments, and general ledger processes. Accordingly, any type of business process can be cited to answer this question, but the student must match the example with the appropriate process. 37. (SO 2) Think of a company that you have worked for or with which you have done business. Which departments within the company need reports generated by the accounting information systems? Student responses are likely to vary greatly, as nearly every department within a business organization uses reports generated by the accounting information systems. For example, sales departments need customer account information to help in their efforts to sell products to customers. Purchasing departments need product information to help in their efforts to purchase products needed in the business. These types of information are maintained in accounting information systems. There are numerous additional examples that could apply. 38. (SO 3) Explain a supply chain linkage and give an example. A supply chain linkage is the connection of activities in the supply chain, including the entities, processes, and information flows that involve the movement of materials, funds, and related information through the full logistics process – from the acquisition of raw materials to the delivery of finished products to the end user. It therefore includes the linked activities of vendors, service providers, customers, and intermediaries. In addition to the example of McDonald’s buns given in the text, another example would be a shirt sold by the Gap. The Gap’s supply chain linkage would likely include a supplier from whom the shirt was purchased, a manufacturer who assembled and sewed the shirt,

Page 1-6


Chapter 1 Solutions

Introduction to AIS

a secondary supplier that provided the fabric from which the shirt was constructed, and a farmer who raised cotton used to make the fabric. 39. (SO 4) Explain how business process reengineering occurs. Also, explain how it differs from the typical changes in company policies. With business process reengineering (BPR), the underlying business processes are reengineered to be conducted more efficiently. In other words, a comprehensive rethinking and redesign takes place in order to enhance performance of the process. A key component of BPR is the leveraging of IT capabilities to improve process efficiencies. BPR differs from typically organizational change in that it involves “thinking outside the box” in order to offer completely new and improved methods for business processes. 40. (SO 4, 6) Describe automated matching in the purchasing process and explain how this IT enablement has improved efficiency in companies. Microsoft Dynamics GP has automated purchase order matching functionality. This functionality electronically matches a purchase order, receiving report and vendor invoice within the system. In MS Dynamics GP a vendor purchase order can be created and printed in the system. The purchase order is sent to the vendor identifying the amount of the authorized purchase. When the goods or services are received, the person responsible for logging the receipt can pull up the original purchase order and receive the items on the PO. If there are any discrepancies between what was ordered and what was received the system adjusts for the discrepancies. Later when the vendor invoices for the goods or services that were received, the matched PO and receiving report can be selected and compared with the prices and quantities of the items invoiced. If there are any differences between the amounts ordered/received and invoiced, the system will adjust for the differences. This automated matching of a PO/receiving report and vendor invoice eliminates the need to manually match these items. Automated matching is an example of IT enablement. In this example of IT enablement, the process is more streamlined, efficient and reduces the likelihood of errors.. 41. (SO 5) For an accounts receivable system, what kind of data would be found in the master files and transaction files, respectively? An accounts receivable master file would include relatively permanent data necessary to process customer transactions. This would include a record for each customer. The data in the master file would likely include customer name, address, phone numbers, credit limit, and current balance. A transaction file for accounts receivable would contain the relatively temporary data that must be processed to update the master file, such as details from individual sales and cash collection transactions from customers.

Page 1-7


Chapter 1 Solutions

Introduction to AIS

42. (SO 5) Describe the differences in the following three types of processing: a. Batch processing involves the grouping of similar transactions to be processed together; b. Online processing involves processing individual transactions, one-at-a-time; and c. Real-time processing is an online processing method that involves the immediate processing of individual transactions. 43. (SO 5) The networks discussed in this chapter were LANs, Internet, intranet, and extranet. Explain each. A LAN is a computer network that spans a relatively small area such as a building or group of buildings within a business organization. The Internet is the global computer network made up of millions upon millions of computers and subnetworks throughout the world. An intranet is an organization’s private computer network, accessible only by employees of that organization to share data and manage projects. An extranet is an expansion of an intranet that allows limited access to designated outsiders such as customers and suppliers. 44. (SO 7) Give a brief summary of each of the following: a. enterprise risk management is an ongoing strategy-setting and risk assessment process that is effected by top management but involves personnel across the entire entity. b. corporate governance is an elaborate system of checks and balances whereby a company’s leadership is held accountable for building shareholder value and creating confidence in the financial reporting process. c. IT governance is the corporate governance process that applies specifically to the proper management, control, and use of IT systems. 45. (SO 9) Describe why accountants should be concerned about ethics. Accountants should be concerned about ethics because accounting information systems are often the tools used to commit or cover up unethical behavior. Accountants need to be aware of the possibility of fraud within the AIS so that they can help develop and implement effective internal controls to reduce the risk of such unethical acts. In addition, accountants need to be prepared to resist the temptation to commit unethical acts and to avoid being coerced into assisting with a fraudulent cover-up. 46. (SO 9) Melissa Simpson is currently pursuing her accounting degree at Fairfield University. She has excelled in each of her major courses to date; however, she tends to struggle in her computer classes and with assignments requiring use of computer technology. Nevertheless, Melissa confidently claims that she will become an excellent accountant. Comment on the practical and ethical implications of her position. Melissa is mistaken in her position for the following reasons:  Practically speaking, accountants need to be well-informed about the operation of accounting information systems, which nearly always involve computer technology. The AIS is the foundation of most accounting functions, so to resist computer technology would be unreasonable, if not impossible. Also, in order to assist in developing internal controls, accountants must understand the

Page 1-8


Chapter 1 Solutions

Introduction to AIS

processes within the AIS, including the use of technology, so that effective controls can be developed and implemented to reduce risks.  Ethically speaking, accountants need to be well-informed about the operation of the AIS so that they are poised to recognize fraud and errors that may occur. Without an understanding of the underlying technology, accountants would be unable to effectively capture and monitor business processes. Rather than fulfilling her responsibility as an accountant to develop and implement internal controls, Melissa’s ignorance of the AIS could actually allow fraud to be perpetrated without being prevented or detected. For these reasons, Melissa’s viewpoint is quite dangerous.

Problems 47. (SO 2) If an accounting information system were entirely a manual system (no computers used), explain how data would be captured, recorded, classified, summarized, and reported. Discuss how the sophistication of the company’s computer system impacts the accounting output and, alternatively, how the requirements for accounting outputs impact the design of the accounting information system. In a manual accounting information system, data would be captured on source documents and recorded by hand in subledgers or special journals. Account classifications would be determined by the accountants responsible for recording the transaction. The accountants would perform mathematical computations to summarize the records and post them to a general ledger. The general ledger would be manually summarized at the end of the period so that financial statements could be prepared. The financial reports would be manually compiled based on the ending general ledger balances. Since a great deal of paper and human processing are required for a manual system, it is prone to error. More sophisticated, computerbased systems tend to produce more output that is more accurate because they are programmed to process data consistently. They also use programming to perform mathematical computations, which promotes accuracy and time savings. Therefore, IT usage to support business processes results in increased accuracy, increased efficiency, and reduced costs. The requirements for accounting outputs impact the design of the AIS. Work steps within a business process can be designed to capture data in a manner that is consistent with the desired content and format of the related output. This promotes efficiency and effectiveness of the overall process. When business process reengineering is used to design business processes, IT systems can be introduced to take advantage of the speed and efficiency of computers to enhance the AIS. 48. (SO 1,3) Classify each of the following processes as either a revenue process, expenditure process, conversion process, or administrative process: a. Selling common stock to raise capital - ADMINISTRATIVE b. Purchasing electronic components to manufacture DVD players EXPENDITURE

Page 1-9


Chapter 1 Solutions

Introduction to AIS

c. Moving electronic components from the stockroom to the production floor to begin making DVD players - CONVERSION d. Paying employees at the end of a payroll period - EXPENDITURE e. Preparing financial statements - ADMINISTRATIVE f. Receiving cash payments from customers - REVENUE g. Buying fixed assets - EXPENDITURE h. Moving manufactured DVD players from the production floor to the warehouse CONVERSION 49. (SO 1) Business processes are composed of three common stages: an initial event, a beginning, and an end. For items a through h listed in Problem 47, identify the applicable initial event, beginning, and end of the process. Student responses may vary as their experiences are likely to be different. Different businesses may have different events that trigger these processes; however, the following are common examples: a. Selling common stock to raise capital: Initial Event – Contacting and communicating with investors; Beginning – Receiving consideration from investor; End – Recording transactions in the accounting records. b. Purchasing electronic components to manufacture DVD players: Initial Event – Receiving a purchase request from operations personnel; Beginning – Placing an order with a supplier; End – Recording the payment for the component parts. c. Moving electronic components from the stockroom to the production floor to begin making DVD players: Initial Event – Receiving a request from the Production department for the movement of materials; Beginning – Removing inventory from the stockroom; End – Recording the receipt of goods in the production area. d. Paying employees at the end of a payroll period: Initial Event – Receiving a time sheet or other record of time worked; Beginning – Recording hours in the payroll records; End – Distributing paychecks or depositing paychecks in employee accounts. e. Preparing financial statements: Initial Event – Preparing end-of-period adjusting entries; Beginning – Summarizing adjusted account balances; End – Compiling data in financial statement format and writing related disclosure notes. f. Receiving cash payments from customers: Initial Event – Communicating with customer about a sale; Beginning – Notifying customer of amounts owed related to the sale; End – Recording the receipt of cash and deposit in a bank account. g. Buying fixed assets: Initial Event – Planning for an expenditure as part of a capital budgeting process; Beginning – Placing an order for the fixed asset; End – Receiving the asset and recording it in a subsidiary ledger. h. Moving manufactured DVD players from the production floor to the warehouse: Initial Event – Receiving notification from the Production department regarding completion of products; Beginning – Removing finished goods from the production floor; End – Recording the receipt of finished goods in the warehouse.

Page 1-10


Chapter 1 Solutions

Introduction to AIS

50. (SO 1,2,7) Each of the points listed next represents an internal control that may be implemented within a company’s accounting information system to reduce various risks. For each point, identify the appropriate business process (revenue, expenditure, conversion, administrative). In addition, refer to the description of business processes under Study Objective 2 in the chapter, and identify the appropriate subprocess. (Some subprocesses may be used more than once, and others may not be used at all.) a. Customer credit must be authorized before a business transaction takes place. Revenue process, sales subprocess b. An authorized price list of goods for sale is provided. Revenue process, sales subprocess c. A shipping report is prepared for all shipments of goods so that customers may be billed in a timely manner. Revenue process, sales subprocess d. Access to personnel files and paycheck records is available only in accordance with management specifications. Expenditure process, payroll subprocess e. New vendors are required to be authorized before a business transaction takes place. Expenditure process, purchasing subprocess f. Access to cash is restricted to those employees authorized by management. Revenue or Expenditure process, Cash collection or cash disbursement subprocess, respectively g. Costs of goods manufactured is properly summarized, classified, recorded, and reported. Conversion process, resource management subprocess h. Amounts due to vendors are reconciled by comparing company records with statements received from the vendors. Expenditure process, cash disbursements subprocess i. Employee wage rates and paycheck deductions must be authorized by management. Expenditure process, payroll subprocess j. Specific procedures such as the performance of a background check are carried out for all new employee hires. Expenditure process, payroll subprocess k. The purchasing manager is notified when stock levels are low so that items may be restocked to prevent backorders. Conversion process, resource management subprocess l. Two signatures are required on checks for payments in excess of $5000. Expenditure process, cash disbursement subprocess m. When excess cash is on hand, the funds are invested in short-term securities. Administrative process, investment subprocess n. Goods received are inspected, and any damaged or unmatched items are promptly communicated to the vendor. Revenue process, sales subprocess o. The monthly bank statement is reconciled to the company’s cash records by an outside accountant. Revenue or Expenditure process, Cash collection or cash disbursement subprocess, respectively 51. (SO 3) Using an internet search engine, search for the terms “RFID” and “supply chain.” Put both of these terms in your search and be sure that “supply chain” is in quotation marks. Read some of the resulting web sites you find and answer these

Page 1-11


Chapter 1 Solutions

Introduction to AIS

questions: a. What is RFID? Radio-frequency identification (RFID) technology helps companies identify and manage large lots of goods, typically received and stored in cartons or on skids. The cartons or skids include tags that are encoded with identifying information about the items, their supplier, and their purchase transaction. These tags can be instantly read and recorded by the company through the use of antennae or battery-operated transmitters and radio waves. b. How is RFID related to the supply chain? RFID enhances supply chain management by significantly reducing the time required to record purchases and inventory tracking. The instantaneous reading of RFID tags allows the items to move swiftly through the logistics process with increased speed and accuracy of the underlying records. c. How will RFID improve the accuracy of data from the supply chain? Accuracy is increased by the use of tags containing company and product identifiers. These tags reduce the risk of recording items in duplicate. They also aid in inventory tracking through enhanced security of products being moved between locations. 52. (SO 7) Go to the COSO web site and locate the guidance on enterprise risk management. The executive summary of the article “Enterprise Risk Management – Integrated Framework” can be downloaded at no cost. Read the sections titled “Roles and Responsibilities” and “Use of this Report.” Describe the roles that various parties should play in enterprise risk management. Although everyone within a business entity has responsibility for its ERM processes, the chief executive officer is ultimately responsible and must assume ownership of the process. Accordingly, the CEO should bring together key managers from each functional area to plan, implement, and monitor the process. The board of directors should provide necessary oversight and maintain contact with top management, internal auditors, and external auditors regarding the ERM process. Other managers should support the organization’s philosophy, promote compliance with its risk appetite, and manage risks within their areas of responsibility. The CFO and internal auditors typically have a support role. External to the business organization, three groups are key to the effective use of ERM: regulators, professional organizations, and educators. Regulators are expected to refer to the COSO framework in the development of expectations as well as the conduct of their examinations for business organizations they oversee. Professional organizations should consider the COSO framework in the development of guidelines for financial management, auditing, and related topics. Educators are urged to incorporate the framework into university curricula, as well as to conduct research and analysis on potential enhancements to the ERM process. 53. (SO 9) Using an internet search engine, search for the term (in quotations) “earnings management.” From the items you read, answer the following questions: a. Is earnings management always criminal? No, earnings management is not always illegal. Since accounting principles allow for some flexibility, accountants may use the discretion at their disposal in preparing financial statements.

Page 1-12


Chapter 1 Solutions

Introduction to AIS

b. Is earnings management always unethical? No, earnings management is not always unethical, due to the materiality constraint. Yet earnings management becomes unethical when it “crosses the line” to reflect management’s desires rather than an accurate representation of the company’s financial performance. If earnings management deceives or distracts investors, it is unethical. 54. (SO 9) Using an internet search engine, search for “HealthSouth” and “fraud” or “Scrushy” (the name of the company’s CEO). Explain the fraud that occurred at HealthSouth Corporation. What was the ultimate result of the prosecution of HealthSouth officials? HealthSouth’s fraud was an elaborate earnings management scheme whereby earnings were overstated by at least $1.4 billion. False revenues were recorded with corresponding decreases in contra-revenue accounts, expenses, and/or liabilities and increases in assets. Ultimately, after a long and dramatic trial, Scrushy was acquitted of all criminal charges due to lack of evidence tying him to the fraud.

Cases 55. Gas and Java Mart and the accounting information system. 1. Accounting data is likely to be captured at Gas and Java Mart at the gas pump if the customer uses a debit card or credit card to pay for a gas purchase at the pump. Even if the customer chooses to pay inside, the information pertaining to the sale of gasoline is recorded at the pump. The snacks must be purchased inside the store, but can be added to the gasoline charge. The accounting effect is that the sale and the payment collected should increase the Sales account and Cash or Accounts Receivable, respectively. 2. The records that capture the accounting data would be maintained within the computer system. Although a manual process is required to operate the gas pump and cash register, the remainder of the system is computer-based, so the system records the sale and all related data. 3. Internal controls would include the security cameras in the store and gas filling area, as well as reconciliation procedures. Like the McDonalds’ example, a manager is likely to close and reconcile the cash register and gas pump sales at the end of the day. 4. The summarization of accounting data is likely to occur at the end of the period when financial reports are prepared. These steps are probably accomplished by the computer software. 5. Financial reporting occurs at the end of the period, as data are summarized into reports used for internal and external purposes. This likely includes a combination of manual and computerized processes. There are likely to be separate classifications for the sales of gasoline versus snack items. 56. Business processes and IT enablement at fast food restaurants. Student responses may vary, but are likely to consistent with the following: a. List and describe four different activities that are manual parts of business processes at a restaurant such as Wendy’s. Manual processes are required to:

Page 1-13


Chapter 1 Solutions

Introduction to AIS

 greet customers at the drive-through window or counter  enter customer orders on the cash register touch-screens  prepare the food  gather the customer’s order  collect payment from the customer  clean the dining area  refill the condiment dispensers, etc.  reconcile the cash in the cash register to amounts included in the sales summaries b. List and describe four different activities that are IT enabled parts of business processes at a restaurant such as Wendy’s. IT enables processes are used to:  record customer orders input in the cash registers. The system accumulates sales data based on the orders transacted  prepare sales amounts based upon the pre-programmed prices of items ordered and applicable tax rates  determine the amount of change due to customers based on the amount of cash collected  prepare a sales receipt upon completion of a sales transaction  transfer order details to the food preparation stations so that the items can be prepared and assembled  prepare a daily summary for each cash register at the end of the shift 57. Business processes at department stores. a. Describe any necessary supporting processes that precede the sale of a product to you. Some of the supporting processes that precede a sale to a customer include acquiring, pricing and display of the merchandise, hiring and training sales personnel and cashiers, preparation of cash register drawers with adequate change, and programming the system to recognize the items when they are read by a bar code scanner. b. Describe any necessary supporting processes that occur after a sale to you. Some of the supporting processes that occur after a sale to a customer include handling customer returns, summarization of the sales data, reconciling the cash registers with the computerized data from the registers, preparation of a bank deposit, periodic sales reporting, and reconciliation of the bank statements. 58. Business processes at Cooper’s Cues Co. a. What are the business processes that apply to this business? The business processes described include the expenditure process involved in purchasing materials needed to manufacture pool cues and disbursing cash to suppliers for materials purchased. The case also describes revenues processes for sales of pool cues over the internet, customer collections, and sales returns (replacements). This business would also include subprocesses for payroll expenditures to pay Rob and Stacy Cooper for their time worked, and fixed asset processes to handle any capital assets acquired (such the workshop, office space, furniture and computers, tools and equipment, delivery vehicle, etc.). In addition, conversion processes would involve planning of the manufacturing Page 1-14


Chapter 1 Solutions

Introduction to AIS

process, planning and managing materials and resources needed for production, and logistics (movement of the manufactured goods through the production process through delivery to a customer). b. How would the business processes change if Cooper’s Cues expanded to a regional focus? If Cooper’s Cues expanded to a regional focus, it is likely that its business would grow. Rob and Stacy Cooper may have difficulty managing a regional business on their own, so they would likely need to hire and train employees to join their business. As more people became involved in the business processes, they would need to determine how responsibilities would be divided and how to implement internal controls in the processes. Rob Cooper may no longer be able to personally handle all deliveries. The company’s website may also need to be enhanced to handle the additional volume anticipated in connection with the business expansion. c. How would the business processes change if Cooper’s Cues began selling pool balls and other billiard equipment in addition to cues? If Cooper’s Cues began selling pool balls and other billiard equipment in addition to its pool cues, its business processes would change. If Cooper’s acquired this type of merchandise, it would have to enhance its expenditures processes to include the types of suppliers of these billiard accessories. It would also need to consider the logistics of inventory storage. In addition, its revenue processes would need to be enhanced to differentiate sales of manufactured cues versus other billiard merchandise. Its website would need to be updated to handle the additional product lines.

Page 1-15


Chapter 2 Solutions

Foundational Concepts of AIS

Turner/Accounting Information Systems, 3e Solutions Manual Chapter2 Concept Check 1. d 2. c 3. b 4. c 5. a 6. b 7. b 8. c 9. c 10. c 11. b 12. d

Discussion Questions 13. (SO 1) What is the relationship between business processes and the accounting information system? As the systematic steps are undertaken within a business processes, the corresponding data generated must be captured and recorded by the accounting information system. 14. (SO 1) Why is it sometimes necessary to change business processes when IT systems are applied to business processes? When IT systems are applied to business processes, some of the detailed transaction data may no longer be taken from paper-based source documents, and manual processing may no longer be needed to summarize and post that data. Accordingly, some of the related manual steps within the business process can be eliminated or changed. 15. (SO 2) Are manual systems and processes completely outdated? No, manual systems and business processes are not completely outdated. Manual records and tasks may still be involved in the business processes of even the largest and most sophisticated accounting information systems. 16. (SO 2) What is the purpose of source documents? Source documents capture the key data of a transaction, including date, purpose, entity, quantities, and dollar amounts.

Page 2-1


Chapter 2 Solutions

Foundational Concepts of AIS

17. (SO 2) What are some examples of turnaround documents that you have seen? An example of a turnaround document, as described in the chapter, is a credit card statement, where the statement itself (as received in the mail by the credit card holder) represents the output of the credit card company’s accounting information system. When the credit card holder returns the top portion of the statement with his or her payment, it then becomes an input to the company’s cash collection process. 18. (SO 2) Why would the training of employees be an impediment to updating legacy systems? One of the advantages of legacy systems is that they are well supported and understood by existing personnel who are already trained to use the system. Since those legacy systems are not generally based on user-friendly interfaces and they tend to be use software written in older computer languages, there is likely to be a significant investment of time and human resources required to maintain the system. In addition, legacy systems are often difficult to modify. Employees may be reluctant to forego their investment or to commit additional time in support of an updated system that becomes more challenging to maintain. 1. 19. (SO 2) Why is it true that the accounting software in and of itself is not the entire accounting information system? The accounting software is not the entire accounting information system; rather, it is a tool that supports the organization’s unique business processes. The software must often be customized to meet the needs of the organization and to integrate well with the manner in which transactions are processed. The human resources and/or manual records and documents that are part of the business processes are also an integral part of the accounting information system. 20. (SO 2) How is integration across business processes different between legacy systems and modern, integrated systems? Integration across business processes within a legacy system is extremely challenging and costly, as those systems are usually not based on user-friendly interfaces that are difficult to modify. It is also difficult to find programmers to perform such tasks. The result is that organizations which integrate business processes between legacy systems typically must resort to enhancements to their existing software or bridging their existing software to new systems or interfaces. On the other hand, modern, integrated systems are based on a single software system that integrates many or all of the business processes within the organization, thus eliminating the coordination and updating efforts required by the older systems. 21. (SO 3) How does client-server computing divide the processing load between the client and server? In client-server computing, the processing load is assigned to either the server or the client on the basis of which one can handle each task most efficiently. The server is more efficient in managing large databases, extracting data from databases, and running high-volume transaction processing software applications. The client is more efficient at manipulating subsets of data and presenting data in a user-friendly, graphical-interface environment.

Page 2-2


Chapter 2 Solutions

Foundational Concepts of AIS

22. (SO 3) Why do you think the client computer may be a better computer platform for presentation of data? The client computer is better for presentation of data because it manipulates subsets of data without being bogged down by the processing load of the entire data set. In addition, the client computer maintains presentation software in a user-friendly format for reporting purposes.

23. (S04) What are the distinguishing characteristics of cloud computing? Cloud computing is a centralized approached to computing, whereby computing services are outsourced to a third party provider. Accordingly, a company’s software and data may reside on the server of the provider. This offers many advantages, including the ability to scale the level of service to the needs of the company, as well as cost savings associated with the reduced infrastructure. 24. (S04) Why do you think a company would benefit from using cloud computing rather than client server computing? The primary benefits of cloud computing are in the areas of access, scalability, and cost savings. Companies are likely to benefit from using cloud computing when their employees may need to access and read data from many different locations while using different types of computing devices. In addition, since cloud computing is a pay-for-service model, companies only pay for the level of service they need, so it is not necessary to invest in capacity that may not yet be required. Also, the cost savings result from the reduced infrastructure (including equipment, hardware, software, maintenance, and technical employees). 25. (SO4) If your personal data were stored on a computer in cloud computing, would you have any concerns about it? Student responses may vary, and although the risks of cloud computing are discussed in a later chapter, students may identify concerns about security of private data stored in the cloud and access to data in the event of a service interruption. 26. (SO 5) Why do you think there are different market segments for accounting software? There are different market segments for accounting software to support the different needs of organizations depending on their size and the complexities of their business processes. 27. (SO 5) How would accounting software requirements for large corporations differ from requirements for small companies? Larger companies tend to need more power and functionality from their software systems because of their size and the complexities of their business processes. This may especially be true of large, multinational corporations which need to integrate business processes located all around the globe. Small companies are not likely to need such extensive power and functionality from their systems. 28. (SO 5) What are some of the differences between ERP systems and accounting software for small companies? ERP systems are multimodule software systems designed to manage all aspects of an enterprise. The modules (financials, sales,

Page 2-3


Chapter 2 Solutions

Foundational Concepts of AIS

purchasing, inventory management, manufacturing, and human resources) are based on a relational database system that provides extensive set-up options to facilitate customization to specific business needs. Thus, the modules work together to provide a consistent user interface. These systems are also extremely powerful and flexible. Many of the software systems in the small and mid market categories are not true ERP systems with fully integrated modules; however, these systems assimilate many of the features of ERP systems. 29. (SO 5) Why would accounting software development companies be interested in expanding their software products into other market segments? Software development companies and software vendors often attempt to increase the appeal of their software products to more than one market segment when the features of their products may fit the needs of different sized organizations. In addition, there is a trend toward increasing the functionality of existing systems to offer increased flexibility and functionality to meet such diverse needs. Since business organizations make considerable investments in the software products that comprise their accounting information systems, it is not surprising that there is much competition among the companies that provide these systems. 30. (SO 6) Given the business and accounting environment today, do you think it is still important to understand the manual input of accounting data? Manual input of data is still important to understand in today’s accounting environment. Many business organizations still use some manual processes for reading source documents and keying the relevant information into the accounting information system. Even hightech point of sale systems require manual processes to input the accounting data contained on bar codes. 31. (SO 6) What are the advantages to using some form of IT systems for input, rather than manual input? Using IT systems for input has the advantages of reducing the time, cost, and errors that tend to occur with manual data input. 32. (SO 6) Why would errors be reduced if a company switched input methods from manual keying of source documents to a bar code system? With manual input, human efforts are required to write on the source documents and to manually key in the data. Errors tend to occur from time-to-time with such a system. On the other hand, the manual steps of writing and keying are eliminated when using a bar code system, thus reducing the likelihood of error. 33. (SO 7) In general, what types of transactions are well suited to batch processing? Batch processing is best suited to applications having large volumes of similar transactions that can be processed at regular intervals, such as payroll. 34. (SO 7) Why might the time lag involved in batch processing make it unsuitable for some types of transaction processing? By necessity, batch systems involve a time lag while all transactions in the batch are collected. This means that available information in files will not always be current, as it would be in real-time systems.

Page 2-4


Chapter 2 Solutions

Foundational Concepts of AIS

Therefore, when constantly up-to-date information is needed by users on a timely basis, batch processing is likely to be unsuitable for transaction processing. 35. (SO 7) How would real-time processing provide a benefit to managers overseeing business processes? Real-time processing is beneficial for business managers because it provides for system checks for input errors. Therefore, errors can be corrected immediately, thus increasing the quality of the information for which the manager is held accountable. In addition, real-time systems enhance the efficiency of information availability. 36. (SO 8) How do internal reports differ from external reports? Although internal and external reports are both forms of output from an accounting information system, they have different purposes. Internal reports provide feedback to managers to assist them in running the business processes under their control. On the other hand, external reports (such as the financial statements) are used by external parties to provide information about the business organization. 37. (SO 8) What are some examples of outputs generated for trading partners? Invoices and account statements are examples of outputs generated for customers; whereas checks and remittance advices are examples of outputs sent to vendors. 38. (SO 8) Why might it be important to have internal documents produced as an output of the accounting information system? It is important to produce internal documents as an output of an accounting information system because internal documents provide feedback needed by managers assist them in running the business processes under their control. These internal documents can be customized to allow a manger to “drill down” into the details of the process being managed. 39. (SO 9) How does documenting a system through a pictorial representation offer benefits? A pictorial representation of an accounting information system is beneficial because it provides a concise and complete way for accountants to analyze and understand the procedures, processes, and the underlying systems that capture and record the accounting data.

Brief Exercises 40. (SO 1) Think about your most recent appointment at the dentist’s office. Describe the business process that affected you as the patient/customer. In addition, describe the administrative and accounting processes that are likely to support this business. As a patient, you would experience the revenue processes as you receive services from the hygienist and dentist. You would also be affected by the billing and

Page 2-5


Chapter 2 Solutions

Foundational Concepts of AIS

collections processes when you receive an invoice for services rendered and submit payment for those services. The dental office would need to have specific steps in place for recording the services provided to each patient so that they can be properly billed and reported. These steps may be very detailed, especially in instances where patient fees must be allocated between dental insurance companies and the patients themselves. There would also need to processes in place for purchasing, as a dentist’s office is expected to make regular purchases of supplies as well as to handle the other operating costs of the business. Payroll processes would also be needed to account for the time and pay of each employee in the dentist’s office, and fixed asset processes would be needed to support the investments in and depreciation of office furniture and equipment, fixtures, and dental equipment. Finally, it is possible that the business may have administrative processes in place to handle investment, borrowing, and capital transactions. Once these transactions are recorded, the business must have processes in place to post the related data to the general ledger and summarize it in a manner that facilitates the preparation of financial statements and other accounting reports. 41. (SO 2) Describe the purpose of each of the following parts of a manual system: a. source document – captures the key data of a transaction, including the date, purpose, entity, quantities, and dollar amounts. b. turnaround document – provides a connection between different parts of the accounting system by serving as the output of one system and the input to another system in a subsequent transaction. c. general ledger – provides details for the entire set of accounts used in the organization’s accounting systems. d. general journal – captures the original transactions for non routine transactions, adjusting entries, and closing entries. e. special journal – captures the original transactions for routine transactions such as sales, purchases, payroll, cash receipts, and cash disbursements. f. subsidiary ledger – maintains detailed information regarding routine transactions, with an account established for each trading partner. 42. (SO 2) Consider the accounting information system in place at an organization where you have worked. Do you think that it was a manual system, legacy system, or an integrated IT system? Describe one or two characteristics of that accounting information system that lead you to your conclusion. Student responses are likely to vary greatly, as they may refer to any work experience. Characteristics of manual systems may include paper-based documents and records, and manual processes performed by humans. Characteristics of legacy systems may include older technology including a mainframe computer and the use of software languages such as COBOL, RPG, Basic, and PL1. Characteristics of an integrated IT system include powerful,

Page 2-6


Chapter 2 Solutions

Foundational Concepts of AIS

technologically advanced computer systems with Internet interfaces, which are typically marked by efficiencies in terms of limited paperwork and user-friendly interfaces. 43. (SO 2) Suppose that a company wants to upgrade its legacy system, but cannot afford to completely replace it. Describe two approaches that can be used. One approach to updating a legacy system is to use screen scrapers, or frontware, which add modern, user-friendly screen interfaces to an existing system. Another approach is to bridge the legacy system to new hardware and software using enterprise application integration, or EAI. 44. (SO 4) Both Gmail and iCloud for iTunes were mentioned as examples of cloud computing. Can you describe any other examples of cloud computing? Student responses are likely to vary greatly, but may include examples such as the following: video and photo storage in the cloud, as well as document storage; online collaboration tools to facilitate groups who hold meetings and/or work on projects requiring participation from multiple locations; online data sharing between trading partners; virtual office space for people who travel or telecommute. 45. (SO 5, 7) Consider the real world example of Cole Haan presented in this chapter. a. Use Exhibits 2-3 and 2-4 to help you determine the approximate range of Cole Haan’s annual revenues. Since Cole Haan’s ERP system, falls in the High End or Tier 1 market segment, the company’s revenues must be over $100 million. b. What are the advantages Cole Haan likely realized as a result of having real-time data available? The advantages to real-time data processing include:  reduced errors, since the system checks inputs and corrects errors immediately  more timely information  constantly up-to-date data files  integrated business processes into a single database so that a single system can be achieved. 46. (SO 6) Using IT systems to input accounting data can reduce costs, time, and errors. Give an example showing how you think IT systems can lead to these reductions (cost, time, and errors). Student responses may vary. The responses below apply to the savings a company would be expected to realize upon implementation of a bar code system as a method of inputting data. Using IT systems to input data can help reduce costs, such as when bar code systems at a self-checkout line eliminate the human resource costs of using a checkout clerk.

Page 2-7


Chapter 2 Solutions

Foundational Concepts of AIS

Using IT systems to input data can help save time, such as when bar code systems at a checkout line can reduce the checkout time to a fraction of the time required to manually record the transaction. This is because it eliminates the manual processes involved in writing data on a source document and/or keying the data into the software system. Using IT systems to input data can help reduce errors, such as when bar code systems eliminate the duplicate manual processes involved in writing data on a source document and later keying the data into the software system. 47. (SO 8) Identify whether the following reports would be categorized as trading partner documents, internal documents, internal reports, or external reports: a. daily cash receipts listing – internal document b. accounts receivable aging – internal report c. wire transfer of funds to a vendor – trading partner document d. customer price list – trading partner document e. general ledger – internal report f. statement of cash flows – external report g. sales invoice – trading partner document h. production schedule – internal document i. customer address list – internal document j. payroll journal – internal report 48. (SO 8) Which type of accounting information system reports would likely be prepared most frequently by financial accountants? By managerial accountants? Financial accounts are most likely to prepare external reports (such as financial statements and other reports provided to external users of the company’s accounting information); whereas managerial accountants are most likely to prepare internal reports (such as journals and other reports that provide feedback to managers about their areas of responsibility). 49. (SO 9) Identify which of the cardinal relationships apply, from the following: a. component part – product b. customer – product c. employee ID badge – employee d. employee – supervisor e. vendor – check

Problems

Page 2-8

Many to many Many to many One to one One to many One to many


Chapter 2 Solutions

Foundational Concepts of AIS

50. (SO 2) Suppose that a large company is considering replacing a legacy system that is nearing obsolescence. Describe any aspects of this decision that the company should consider. When considering whether or not to replace a legacy system, a company should conduct a cost-benefit analysis. A business organization may decide to maintain a legacy system if it determines that the replacement costs would be too high. In such cases, the organization would likely place strong emphasis on the advantages of its legacy system, including its degree of customization and the extent of historical data that it contains which would be difficult to integrate into a new system. On the other hand, if the organization decided to replace its legacy system, it is likely that its reasons included such things as difficulty in supporting the older hardware, software, and programming language of its legacy system, difficulty in integrating the legacy system with newer business applications, and lack of user-friendly interfaces and supporting documentation from the legacy system. 51. (SO 1, 9) Visit the campus bookstore at your university. From what you see happening at the bookstore, try to draw a process map of how the processes at that store serve students, the customers. Refer to the separate Microsoft Excel file “Chapter 2 Solutions Pictorial Representations.xls 52. (SO 5) Look at Exhibit 2-4 and pick one accounting software product from the midmarket segment and one software product from the tier 1 ERP segment. Using those brand names of software, search the Internet for information about those products. Based on your investigation, what are the differences between the two software products you chose? (Hint: To begin your search, you might try examining the following websites. www.accounting-software 411.com , www.findaccountingsoftware.com, and www.2020software.com) Student responses are likely to vary greatly, depending upon the software brands selected. However, the modules within the midmarket products may not be fully integrated or may be less complex than the Tier 1 ERP systems. 53. (SO 6) Using the Internet or other research tool, search for the term “RFID.” From the results you find, describe how RFID will be used as an input method. RFID stands for radio-frequency identification. RFID technology helps companies identify and manage large lots of goods, typically received and stored in cartons or on skids. The cartons or skids include tags that are encoded with identifying information about the items, their supplier, and their purchase transaction. RFID is used as an input method whereby the tags can be instantly read and recorded by using antennae or battery-operated transmitters and radio waves.

Page 2-9


Chapter 2 Solutions

Foundational Concepts of AIS

54. (SO 3) Using the Internet or other research tool, search for the terms “client-server” and “scalable.” From the results you find, explain why client-server systems are scalable. Scalable systems have the ability to handle growth or increased capabilities. Thus, client-server systems are deemed to be scalable because of the manner in which tasks are divided. Since client PCs normally accomplish local processing tasks, additional client PCs could be added to the network to handle new or growing subsets of data from the server.

55. (SO 4) Using the Internet or other research tool, search for the terms “Amazon elastic cloud.” Describe what you find. Why do you believe it is called elastic? Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides resizable compute capacity in the cloud. It is designed to make web-scale computing easier for developers. Amazon EC2’s simple web service interface allows users to obtain and configure capacity with minimal friction. It provides complete control of users’ computing resources and allows users to run on Amazon’s computing environment. Amazon EC2 reduces the time required to obtain and boot new server instances to minutes, allowing users to quickly scale capacity as their computing requirements change. Amazon EC2 provides developers the tools to build failure resilient applications and isolate themselves from common failure scenarios. The term “elastic” likely refers to the ability for users to quickly scale capacity both up and down as their computing requirements change. Thus, users can create, launch, and terminate server instances as needed.

Cases 56. Pictorial representations of a drive-through window at a fast food chain. Student responses are likely to vary, but may be similar to those shown in the Microsoft Excel file “Chapter 2 Solutions Pictorial Representations.xls” 57. Pictorial representations of a college’s parking services processes. Student responses are likely to vary, but may be similar to those shown in the Microsoft Excel file “Chapter 2 Solutions Pictorial Representations.xls”

Page 2-10


Chapter 3 Solutions

Fraud, Ethics, and Internal Control

Turner/Accounting Information Systems, 3e Solutions Manual Chapter 3

Concept Check 1. b 2. c 3. a 4. d 5. d 6. b 7. b 8. a 9. a 10. d 11. c 12. b 13. c 14. d

Discussion Questions 15. (SO 1) Management is held accountable to various parties, both internal and external to the business organization. To whom does management have a stewardship obligation and to whom does it have reporting responsibilities? Management has a stewardship obligation to the shareholders, investors, and creditors of the company, i.e., any parties who have provided funds or invested in the company. Management has a reporting responsibility to business organizations and governmental units with whom the company interacts. 16. (SO 2, 4) If an employee made a mistake that resulted in a loss of company funds and misstated financial reports, would the employee be guilty of fraud? Discuss. No, a mistake, or unintentional error, does not constitute fraud. In this situation, there is no theft or concealment, so fraud does not exist. 17. (SO 2, 3) Do you think it is possible that a business manager may perpetrate fraud and still have the company’s best interest in mind? Discuss. Student responses may vary. Those agreeing that it is possible may refer to the fraud triangle and note that the incentive may be job-related (such as opportunities to produce enhanced

Page 3-1


Chapter 3 Solutions

Fraud, Ethics, and Internal Control

financial statements, which may increase the company’s stock price, increase compensation, avoid firings, enhance promotions, and delay bankruptcy) and the rationalization may involve plans to make restitution. On the other hand, some students may reject the notion that management fraud could be in a company’s best interest, as it puts the company at great risk. When frauds are discovered, they are often devastating due to the financial restatements and loss of trust. 18. (SO 7) Distinguish between internal and external sources of computer fraud. Employees are the source of internal computer fraud. When employees misuse the computer system to commit fraud (through manipulation of inputs, programs, or outputs), this is known as internal computer fraud. On the other hand, external sources of computer fraud are people outside the company or employees of the company who conduct computer network break-ins. When an unauthorized party gains access to the computer system to conduct hacking or spoofing, this is known as external computer fraud. 19. (SO 7) Identify and explain the three types of internal source computer fraud. The three types of internal source computer fraud are input manipulation, program manipulation, and output manipulation. Input manipulation involves altering data that is input into the computer. Program manipulation involves altering a computer program through the use of a salami technique, Trojan horse program, trap door alteration, etc. Output manipulation involves altering reports or other documents generated from the computer system. 20. (SO 7) Describe three popular program manipulation techniques. The salami technique accomplishes a fraud by altering small “slices” of computer information. These slices of fraud are difficult to detect because they are so small, but they may accumulate to a considerable amount if they are carried out consistently across many accounts. This is often accomplished by rounding or applying minor adjustments. The perpetrator typically steals the amounts represented by these slices or uses them to his or her benefit. A Trojan horse program is a small, unauthorized program within a larger, legitimate program, used to manipulate the computer system to conduct a fraud. For example, a customer account may be automatically written off upon the processing of a new batch of transactions. A trap door alteration involves misuse of a valid programming tool, a trap door, to commit fraud. Trap doors are unique hidden entrances to computer programs that are written into the software applications to provide a manner of testing the systems. Although they should be removed prior to implementation, they may remain to provide a tool for misusing the system to perpetrating fraud. 21. (SO 7) Distinguish between Internet spoofing and e-mail spoofing. Internet spoofing involves a person working through the Internet to access a computer network while pretending to be a trusted source. The packet of data containing the Internet

Page 3-2


Chapter 3 Solutions

Fraud, Ethics, and Internal Control

protocol (IP) address contains malicious data such as viruses or programs that capture passwords and log-in names. E-mail spoofing bombards employee e-mail accounts with junk mail intended to scam the recipients. 22. (SO 10) What are the objectives of a system of internal control? The objectives of an internal control system are as follows:    

To safeguard assets from fraud or errors To maintain accuracy and integrity of accounting data To promote operational efficiency To ensure compliance with management directives

23. (SO 10) Name and distinguish among the three types of internal controls. The three types of internal controls are preventative controls, detective controls, and corrective controls. Preventative controls are designed to avoid fraud and errors by stopping any undesired acts before they occur. Detective controls help employees uncover or discover problems that may exist. Corrective controls involve steps undertaken to correct existing problems. 24. (SO 10) Identify the COSO report’s five interrelated components of internal controls. According to the COSO report, there are five interrelated components of internal control: the control environment, risk assessment, control activities, information and communication, and monitoring. 25. (SO 10) Name the COSO report’s five internal controls activities. According to the COSO report, there are five internal control activities: authorization of transactions, segregation of duties, adequate records and documents, security of records and documents, and independent checks and reconciliations. 26. (SO 10) Distinguish between general and specific authorization. General authorization is a set of guidelines that allows transactions to be completed as long as they fall within established parameters. Specific authorization means that explicit approval is needed for that single transaction to be completed. 27. (SO 10) Due to cost/benefit considerations, many business organizations are unable to achieve complete segregation of duties. What else could they do to minimize risks? Close supervision may serve as a compensating control to lessen the risk of negative effects when other controls, especially segregation of duties, are lacking. 28. (SO 10) Why is a policies and procedures manual considered an element of internal control? Formally written and thorough documentation on prescribed policies and procedures should establish clarity and promote compliance within a business organization, thus providing an important element of internal control. The policies and procedures should cover both manual and automated processes and control measures, and must be communicated to all responsible parties within the company.

Page 3-3


Chapter 3 Solutions

Fraud, Ethics, and Internal Control

29. (SO 10) Why does a company need to be concerned with controlling access to its records? Securing and protecting company records is important to ensure that they are not misused or stolen. Unauthorized access or use of records and documents allows the easy manipulation of those records and documents, which can result in fraud or a concealment of fraud. 30. (SO 10) Many companies have mandatory vacation and periodic job rotation policies. Discuss how these practices can be useful in strengthening internal controls. Mandatory vacations and periodic job rotation policies provide for independent monitoring of the internal control systems. Internal control responsibilities can be rotated so that someone is monitoring the procedures that are typically performed by someone else, which enhances the effectiveness of those procedures. 31. (SO 10) Name the objectives of an effective accounting system. An effective accounting system must accomplish the following four objectives:    

Identify all relevant financial transactions of the organization. Capture the important data of these transactions. Record and process the data through appropriate classification, summarization, and aggregation. Report the summarized and aggregated information to managers.

32. (SO 10) What does it mean when information flows “down, across, and up the organization”? A business organization must implement procedures to assure that its information and reports are communicated to the appropriate management level. This communication is described by COSO as “flowing down, across, and up that organization”. Such a communication flow assists management in properly assessing operations and making changes to operations as necessary. 33. (SO 10) Provide examples of continuous monitoring and periodic monitoring. Any ongoing review activity may be an example of continuous monitoring, such as a supervisor’s examination of financial reports and a computer system’s review modules. An example of periodic monitoring is an annual audit performed by a CPA firm or a cyclical review performed by internal auditors. 34. (SO 10) What are the factors that limit the effectiveness of internal controls? It is not possible for an internal control system to provide absolute assurance because of the following factors that limit the effectiveness of internal controls:   

Flawed judgments Human error Circumventing or ignoring established controls

In addition, excessive costs may prevent the implementation of some controls.

Page 3-4


Chapter 3 Solutions

Fraud, Ethics, and Internal Control

35. (SO 11) Identify and describe the five categories of the AICPA Trust Services Principles. The AICPA Trust Services Principles are divided into the following five categories of risks and controls:     

Security. Security is concerned with the risk of unauthorized physical and logical access, such as breaking into the company’s facilities or computer network. Availability. Availability is concerned with the risk of system interruptions or failures due to hardware of software problems such as a virus. Processing integrity. Processing integrity is concerned with the risk of inaccurate, incomplete, or improperly authorized information due to error or fraud. Online privacy. Online privacy is concerned with the risk of inappropriate access or use of a customer’s personal information. Confidentiality. Confidentiality is concerned with the risk of inappropriate access or use of company information.

36. (SO 11) Distinguish between the Trust Services Principles of privacy and confidentiality. Both privacy and confidentiality are concerned with the risk of in appropriate access or use of information. However, privacy is focused on protecting the privacy of a customer’s personal information; whereas confidentiality is focused private information about the company itself and its business partners. 37. (SO 12) What does section 404 of the Sarbanes-Oxley Act require of management regarding internal control systems? The following was outlined by the SEC: Section 404 of the Sarbanes-Oxley Act of 2002, requires publically held companies (companies subject to the reporting requirements of the Securities Exchange Act of 1934, other than registered investment companies), to include in their annual reports:  a report of management on the company's internal control over financial reporting. The internal control report must include: o a statement of management's responsibility for establishing and maintaining adequate internal control over financial reporting for the company; o management's assessment of the effectiveness of the company's internal control over financial reporting as of the end of the company's most recent fiscal year; o a statement identifying the framework used by management to evaluate the effectiveness of the company's internal control over financial reporting; and o a statement that the registered public accounting firm that audited the company's financial statements included in the annual report has issued an attestation report on management's assessment of the company's internal control over financial reporting.

Page 3-5


Chapter 3 Solutions

Fraud, Ethics, and Internal Control

Under the new rules, a company is required to file the registered public accounting firm's attestation report as part of the annual report. Management must also evaluate any change in the company's internal control over financial reporting that occurred during a fiscal quarter that has materially affected, or is reasonably likely to materially affect, the company's internal control over financial reporting.

Brief Exercises 38. (SO 2, 3) What possible motivation might a business manager have for perpetrating fraud? Management might be motivated to perpetrate fraud in order to improve the financial statements, which may have the result of increasing the company’s stock price and increasing incentive-based compensation. Altered financial information might also have the effect of delaying cash flow problems and/or bankruptcy, as well as improving the potential for business transactions such as mergers, borrowing, stock offerings, etc. 39. (SO 5) Discuss whether any of the following can be examples of customer fraud: 

 

An employee billed a customer twice for the same transaction. This is not an example of customer fraud; rather, the customer is being defrauded in this scenario. This is an example of employee fraud (assuming that the double-billing was intentional and the resulting cash receipts are stolen by employees). A customer remitted payment in the wrong amount. This may be an example of customer fraud, assuming that the payment was made as a deceptive tactic to avoid the full amount of the customer’s liability. A customer received merchandise in error, but failed to return it or notify the sender. Although this scenario involves a customer’s improper receipt of goods, it would not be considered customer fraud since it was the result of an error. Regardless of whether the error was committed by the company or the customer, deception is a required element of fraud.

40. (SO 7) Explain the relationship between computer hacking and industrial espionage. Give a few additional examples of how hacking could cause damage in a business. Computer hacking is the term commonly used for computer network break-ins. Hacking may be undertaken for various purposes, including theft of proprietary information, credit card theft, destruction or alteration of data, or merely thrillseeking. Industrial espionage is the term used for theft of proprietary company information. Although computer hacking provides one method of conducting industrial espionage, a computer is not always required to steal company information. Fraudsters trying to conduct industrial espionage may also resort to digging through the trash in order to gain information about a target company. 41. (SO 9) What are some ways in which a business could promote its code of ethics? The best way for a company to promote its code of ethics is for its top managers to live by it on a day-to-day basis. If the code is well documented and adhered to by

Page 3-6


Chapter 3 Solutions

Fraud, Ethics, and Internal Control

management, others in the organization are likely to recognize its importance. Furthermore, if discipline and/or discharges are applied to those who violate the code, this will serve as a strong message regarding the importance of the code. 42. (SO 10) Describe why the control environment is regarded as the foundation of a business’s system of internal control. The control environment is regarded as the foundation of a system of internal controls because it sets the tone of an organization and influences the control consciousness of its employees. Thus, the tone at the top flows through the whole business organization and affects behavior at every level. It also provides the discipline and structure of all other components of internal control. COSO identifies the tone set by management as the most important factor related to providing accurate and complete financial reports. 43. (SO 10) Think of a job you have held, and consider whether the control environment was risky or conservative. Describe which you chose and why. Student responses will vary. Characteristics of a risky control environment include absence of a code or ethics or lack of enforcement of a code of ethics, aggressive management philosophy and operating style, overlapping duties and vague lines of authority, lack of employee training, and an inactive board of directors. On the other hand, a conservative control environment is characterized by a rigidly enforced code of ethics, a conservative management philosophy and operating style, clearly established job descriptions and lines of authority, a focus on employee training and organizational development, and an accountable and attentive board of directors. 44. (SO 10) Identify the steps involved in risk assessment. Do you think it would be effective for an organization to hire external consultants to develop its risk assessment plan? The steps involved in risk assessment include:     

Identify the sources of risk, both internal and external. Determine the impact of such risks in terms of finances and reputation. Estimate the likelihood of such risks occurring. Develop an action plan to reduce the impact and probability of identified risks. Execute the action plan on an ongoing basis.

It would not likely be effective for an organization to hire consultants to develop its risk assessment plan because company-specific experience and expertise are needed in order to do this work effectively. For instance, members of management who are actively involved in day-to-day operations and reporting will likely have the best ability to identify risks, determine the impact of those risks, and estimate the likelihood of occurrence of such risks. Although a consultant may be useful in assisting with the development and implementation of the action plan, the first three steps of the risk assessment process would likely depend upon the working knowledge of members of the company’s management. 45. (SO 10, 11) Discuss the accuracy of the following statements regarding internal control:

Page 3-7


Chapter 3 Solutions

Fraud, Ethics, and Internal Control

The more computerized applications within a company’s accounting system, the lower the risk will be that fraud or errors will occur. It is not necessarily true that extensive computerized application will lower a company’s risk of fraud. This is because computerized systems also increase vulnerabilities such as unauthorized access, business interruptions, and inaccuracies. The technological complexities that accompany sophisticated computer applications call attention to the need for extensive internal controls to reduce the risk of fraud and errors. The more involved top management is in the day-to-day operations of the business, the lower the risk will be that fraud or errors will occur. It is certainly true that the tone at the top (the tone set by top management) is the most important factor of internal control. Accordingly, it can be implied that involved managers would promote strong internal controls. However, although this is often true, it will be true only when top management acts with integrity, exemplifying and enforcing its code of ethics, maintaining a conservative approach to operations and financial reporting, and cultivating clear communications and responsibilities.

Problems 46. (SO 10) Identify whether each of the following accounting positions or duties involves authorization, recording, or custody:           

cashier - Custody payroll processor - Recording credit manager - Authorization mailroom clerk - Custody data entry clerk - Recording deliver paychecks - Custody deliver the bank deposit - Custody prepare the bank reconciliation - Recording check signer - Authorization inventory warehouse supervisor - Custody staff accountant - Recording

47. (SO 10) Identify whether each of the following activities represents preventative controls, detective controls, or corrective controls:      

job rotation - Detective preparation of a bank reconciliation - Corrective segregation of duties - Preventative recalculating totals on computer reports - Detective use of passwords - Preventative preparing batch totals for check processing - Detective

Page 3-8


Chapter 3 Solutions      

Fraud, Ethics, and Internal Control

establishing a code of ethics - Preventative use of a security guard - Preventative verifying source documents before recording transactions - Preventative matching supporting documents before paying an invoice - Preventative independent review of accounting reports - Detective performing comparisons of financial statement items - Detective

48. (SO 10) Shown is a list of selected sources of internal control guidelines, given in order of issuance, followed by a list of primary purposes. Match each guideline with its primary purpose. I. Foreign Corrupt Practices Act – b. Prevented bribery and established internal control guidelines. II. COSO – d. Established internal control concepts based on comprehensive study. III. SAS 99 – a. Required auditors to focus on risks and controls and to conduct audits with skepticism. IV. Sarbanes-Oxley Act – c. Curbed fraud by requiring additional internal control reporting within annual reports. V. Trust Services Principles – e. Established essential criteria for evaluating reliability of business systems. a. Required auditors to focus on risks and controls and to conduct audits with skepticism. b. Prevented bribery and established internal control guidelines. c. Curbed fraud by requiring additional internal control reporting within annual reports. d. Established internal control concepts based on comprehensive study. e. Established essential criteria for evaluating reliability of business systems. 49. (SO 1, 3, 10) Using a search engine on the Internet, find articles or descriptions of the collapse of Enron. The collapse began in November 2001, and many articles appeared over the next two to three years. Required: a. Briefly describe the fraud that occurred. Student responses are likely to vary, but should focus on the accounting frauds which attempted to hide the company’s debt and losses. For instance, Enron created special purpose entities (related partnerships) for the purpose of off-balance sheet financing. Other deceptive transactions are known to have taken place for the sole purpose of creating false financial results, such as transactions involving the sale and buy-back of barges near year-end and prepaid commodities deals that were never delivered. b. Discuss what you see as weaknesses in the control environment. It is likely that students will focus on the tone at the top, and conclude that management did not set a good example of the company’s code of ethics. They may also provide evidence of aggressive management practices. 50. (SO 3) Using a search engine on the Internet, search for articles on fraud that occurred in 2000 to 2002 in the following companies:

Page 3-9


Chapter 3 Solutions

Fraud, Ethics, and Internal Control

Adelphia Enron Global Crossing WorldCom Xerox Try to locate articles or information about stock prices, how the fraud was conducted. You might wish to look at the following websites: edgar.sec.gov, www.hoovers.com and www.forbes.com Required: a. Find information to help you complete the following table: Students are not likely to find all of this information, but what they do find may help them better understand the massive size and scope of these frauds. Some of the stock prices or loss to investors can be found by web searches. For example, the Xerox stock prices can be found by searching on Xerox, fraud and “stock price”. Position of Brief Those Description of Conducting Fraud Company Name Fraud Off balance sheet financing, CEO, CFO, VP inflated of Operations earnings, improper use of (Rigas family Adelphia company funds members) Off balance CEO (Ken sheet financing Lay), CFO through special (Andrew purpose Fastow), entities, inflated Pres./CEO (Jeff Enron Skilling) earnings Inflated revenue through network capacity swaps, Founder (Gary mismanagement Winnick), CEO, and excessive CFO, and Pres. Global Crossing spending Of Finance Off-balance sheet credit, inflated earnings through improper capitalization of CFO & operating Controller WorldCom expenses (possibly CEO)

Stock Price when fraud was uncovered

Page 3-10

Stock Price one year Shares Loss to later outstanding Investors

~$750 mil.

$90

$0.70

$60

$0.20


Chapter 3 Solutions

Xerox

Accelerated revenue recognition on leased assets

Fraud, Ethics, and Internal Control

Senior executives

$11.24

$4.30

b. Discuss the common characteristics that you see in each of these examples. Most of these frauds involved misstated financial statements involving inflated earnings and off-balance sheet financing. Most of these frauds were perpetrated by members of top management, including top ranking financial executives. 51. (SO 3) Using a search engine on the Internet, search for information on the following two companies, which were paying bribes in foreign countries: Student responses are likely to vary, but the information below highlights the main facts of these cases. Siemens: a. How it was discovered. The Siemens frauds were discovered after being exposed by a middleman/consultant who helped carry out some of the transactions to pay bribes and kickbacks to government officials in exchange for being awarded contracts in foreign countries. These types of bribery transactions were being carried out for years and in countries all over the globe. It was only a matter of time before investigators began examining the suspicious transactions. b. The end result of the investigation. In 2008, Siemens pleaded guilty to criminal violations of the corrupt practices act, and has paid over $1.6 billion in fines and settlements. In late 2011, civil bribery charges were brought against several former Siemens executives. c. What you think the company might have done to prevent this, or lessen the impact. These frauds involved high-ranking company officials, so internal controls should have been enhanced through practicing tone at the top. All of the funds and bank accounts that were established to carry out these acts should have been under the supervision of top executives. Senior managers at Siemens assumed that they would be supported by top executives, but they found out that they were wrong. After the bribes were discovered, Siemens worked hard to quickly remove many senior managers and reform company policies; however, there should have been controls in place to prevent these actions much sooner; it should have provided more thorough corporate governance and management oversight. d. What you learned about the Foreign Corrupt Practices Act. The FCPA is enforced by the SEC and seeks to root out companies who engage in corrupt practices. Johnson & Johnson: a. How it was discovered. The J&J frauds were discovered internally and were reported to the SEC. Most of the frauds involved paying bribes to European doctors and hospital administrators in exchange for using J&J

Page 3-11


Chapter 3 Solutions

Fraud, Ethics, and Internal Control

medical devices. It also paid kickbacks to Iraq to obtain contracts under the United Nations Oil for Food Program. b. The end result of the investigation. J&J paid over $70 million in civil and criminal fines. Its penalties were reduced because of the level of cooperation the company provided throughout the investigation. c. What you think the company might have done to prevent this, or lessen the impact. Like Siemens, top management should have had better controls in place from the beginning, rather than having to work so hard on damage control and subsequent compliance efforts. In particular, if the cash payments had been more closely monitored, these bribes and kickbacks could have been detected and stopped at a much earlier point in time. d. What you learned about the Foreign Corrupt Practices Act. The FCPA is enforced by the SEC and seeks to root out companies who engage in corrupt practices.

Cases 52. Fraud at Weston’s city hall. Required: a. Which internal control activity was violated in order for Mr. Kaufmann to perpetrate this fraud? A case could be made for any or all of the internal control activities were violated in this scenario. With regard to authorization, it can be said that Mr. Kaufmann abused his authority by circumventing the established controls in order to carry out these transactions on his own. His interference in the mailroom procedures made it impossible for any segregation of duties to occur. There was apparently inadequate security and documentation for the assets and transactions with which he was involved, and there was no one willing to come forward to review or reconcile these transactions. b. Do you consider this case to be an example of management fraud or employee fraud? Although it involves misappropriation of assets, which is typically an employee fraud, this was conducted by the chief financial officer. Accordingly, it would be considered a management fraud. It is not likely that Mr. Kaufmann would have been able to carry out his fraud if it had not been for his high-ranking position, which apparently prevented anyone from stopping him. c. Was the city’s procedural manual adequate for prescribing internal controls to prevent this type of fraud? Why or why not? Although the case states that written guidelines were in place regarding the mailroom and bank deposit policies, requirements for logging checks received and performing an independent verification of receipts, these guidelines were obviously not followed when Mr. Kaufmann stepped in. Rather than being a problem with the documented policies, this case seems to present a situation marked by circumvention of controls. Page 3-12


Chapter 3 Solutions

Fraud, Ethics, and Internal Control

d. Why do you think no one reported the unusual mailroom practices of Mr. Kaufmann? To whom would such a violation be reported? Since Mr.Kaufmann was the highest ranking financial officer in the organization, employees who suspected misconduct likely believed that there was no one with authority over Mr. Kaufmann to whom the problem could be reported. If management is involved in fraud, it should be brought to the attention of the board of directors. In the case of a municipality, the problem could be reported to the chief administrator, mayor, or the city’s advisory council. e. Do you think a business in Weston could be guilty of customer fraud if it agreed to deliver its payments to Mr. Kaufmann personally rather than send them to the city’s mailing address? A business that agreed to deliver its payments to Mr. Kaufmann personally would not likely be guilty of fraud. Customer fraud requires the intent to deceive, so unless the business had knowledge or was otherwise involved in Mr. Kaufmann’s fraud scheme, it would not be guilty of customer fraud. f. The comments made by the neighbor CFO express which type of limitation of internal control systems discussed in this chapter? The limitation of small staff size typically means that the business organization does not have sufficient resources to accomplish segregation of duties. Accordingly, controls can be easily circumvented. The comment regarding the tight operating budget reflects upon the cost/benefit limitations of internal controls. 53. Coupon accounting abuse. Required: a. Discuss whether the situation described can happen to a company with a good control environment. This situation would not be likely to happen to a company with a good control environment. In a conservative control environment, management would not place so much emphasis on profitability, would not likely tie compensation to profitability and then give employees responsibility for preparing their own profitability reports, and would have likely provided for other controls (such as supervision and review of Gary’s figures). b. Describe any steps a company could take to prevent such abuse. If the firm was going to compensate brand managers based on profitability of their brands, then those managers should not have responsibility for preparing their own profitability reports. Rather, an independent accounting function should be in place to account for Gary’s brands. In addition, independent reconciliations should be performed with specific emphasis on risky financial items such as coupon drops. c. List those parties who might be harmed by this situation. The following parties are likely to be harmed as a result of Gary’s fraud:  investors and creditors who rely upon the fair presentation of the firm’s financial statements as a basis for business decisions

Page 3-13


Chapter 3 Solutions

Fraud, Ethics, and Internal Control

 shareholders to whom the firms owes a stewardship obligation, especially as they are deceived with respect to the firm’s current financial status  fellow employees in the firm who will begin the next year with an inflated expense for the coupon drop (and whose compensation will be tied to financial performance)  fellow employees who share in Gary’s bonus pool, whose bonuses would have been larger had Gary’s figures been accurate d. Do you consider this example to be management fraud or employee fraud? Describe how it fits the definition of your choice. This case describes management fraud, as it involves misstatement of financial records, which is typically perpetrated by managers who are attempting to realize benefits (such as increased compensation). 54. Ethical dilemma involving a CEO. Required: a. Discuss whether Mr. Bell’s violation of corporate ethics policy affects or reflects the control environment of the company. Yes, Mr. Bell’s actions affect the control environment of Missouri Motor Company. As its CEO, Mr. Bell has primary responsibility for setting the tone at the top and living by the code of ethics. If others in the organization are aware of this violation, it sends the message that the code of ethics is not important. This is likely to lead to other problems, including fraud. b. Since the violation is personal in nature, should Mr. Bell have been forced to resign? Since the code of ethics specifically prohibits personal relationships between managers and members of their management chain, then Mr. Bell should be held accountable for his actions. Even though it could be argued that the relationship did not affect his ability to perform his job effectively, the company must have thought otherwise when it established its code of ethics. c. Should Mountain State have hired him to teach business strategy courses? Student responses are likely to vary and may provide the basis for an interesting class discussion. Some students may agree that someone who violated a company ethics policy should not be teaching students about the proper management of organizations. Others may agree that faculty members are not questioned about their personal lives and that Mr. Bell’s wealth of experience is beneficial to students. 55. Ethical dilemma involving mail order fraud. Required: a. Discuss which type of fraud is involved in this case, from the perspective of the mail order company. This case presents an example of customer fraud, as Lynn deceived the mail order company. She obtained property and lied about it in order to avoid the corresponding liability. b. Which of the AICPA Trust Services Principles most closely related to this situation? Processing integrity is the Trust Services Principle that most

Page 3-14


Chapter 3 Solutions

Fraud, Ethics, and Internal Control

closely relates to this situation. Since Lynn provided false information and the company had no way to substantiate it, inaccurate information was processed and became part of the financial records of the company. c. Describe a preventative control that could be performed by the carrier to avoid the possible recurrence of this type of fraud. If the carrier had documented the address where the package was dropped off or obtained a signature from Lynn’s neighbor at the time of delivery, the deception would have been prevented. This would have provided documentation of the delivery, which could have been investigated. 56. Ethical dilemma involving charitable fundraiser. Required: a. Do you think Cody’s actions were justified? What would you have advised him to do in this situation? No, Cody’s actions were not justified because he did not use the donated funds for their intended purpose. Since Cody represented to the donors that the monies were to be used for a charitable purpose, he had an ethical obligation to fulfill that commitment. Even though he invested more time than he planned, he knew that his efforts were not to be compensated. This is a variation of an employee fraud. As a representative of a charitable cause, he carried out a cash receipts theft for his personal gain. b. What internal control activities could the fraternity have implemented in order to prevent Cody’s actions? The fraternity should have required its treasurer to handle the cash receipts related to this fundraising campaign. This would separate the custody of the cash receipts from the recordkeeping that Cody was conducting. c. Can you think of a detective control that could uncover the omission of the $200 check? A review of all receipts – or in this case, acknowledgement letters – could be performed and reconciled to the cash contributions records. Unless Cody concealed the letter written to the donor of the $200 that he stole, such a reconciliation procedure would uncover the difference.

Page 3-15


Chapter 4 Solutions

Internal Controls and Risks in IT Systems

Turner/Accounting Information Systems, 3e Solutions Manual Chapter 4

Concept Check 1. d 2. b 3. c 4. a 5. a 6. a 7. b 8. d 9. c 10. d 11. a 12. b 13. b

Discussion Questions 14. (SO 1) What is the difference between general controls and application controls? General controls are internal controls that apply overall to the IT accounting systems; they are not restricted to any particular accounting application. Application controls apply within accounting applications to control inputs, processing, and outputs. They are intended to ensure that inputs and processing are accurate and complete and that outputs are properly distributed, controlled, and disposed. 15. (SO 1) Is it necessary to have both general controls and application controls to have a strong system of internal controls? Yes, it is necessary to have both types of controls in a strong system of internal controls. Since they cover different aspects of the IT accounting systems and serve different purposes, both are important and necessary. An IT system would not have good internal control if it lacked either general or application controls. 16. (SO 2) What kinds of risks or problems can occur if an organization does not authenticate users of its IT systems? If an organization does not authenticate users of its IT systems, a security breach may occur in which an unauthorized user may be able to gain access to the computer system. If hackers or other unauthorized users

Page 2-1


Chapter 4 Solutions

Internal Controls and Risks in IT Systems

gain access to information to which they are not entitled, the organization may suffer losses due to exposure of confidential information. Unauthorized users may gain access to the system for the purpose of browsing, altering, or stealing company data. They could also record unauthorized transactions, shut down systems, alter programs, sabotage systems, or repudiate existing transactions. 17. (SO 2) Explain the general controls that can be used to authenticate users. In order to authenticate users, organizations must limit system log-ins exclusively to authorized users. This can be accomplished by requiring login procedures, including user IDs and passwords. Stronger systems use biometric identification or security tokens to authenticate users. In addition, once a user is logged in, the system should have established access levels and authority tables for each user. These determine which parts of the IT system each user can access. The IT system should also maintain a computer log to monitor log-ins and follow up on unusual patterns. 18. (SO 2) What is two-factor authentication with regard to smart cards or security tokens? Two-factor authentication limits system log-ins to authorized users by requiring them to have possession of a security device such as a smart card or token, and also have knowledge of a user ID and/or password. Both are needed to gain access to the system. 19. (SO 2) Why should an organization be concerned about repudiation of sales transactions by the customer? Repudiation is the attempt to claim that the customer was not part of a sales transaction that has taken place. Organizations may suffer losses if customers repudiate sales transactions. If companies do not have adequate controls to prevent repudiation, they may not be able to collect amounts due from customers. However, organizations may reduce the risk of such losses if they require log-in of customers and if they maintain computer logs to establish undeniably which users take particular actions. This can provide proof of online transactions. 20. (SO 2) A firewall should inspect incoming and outgoing data to limit the passage of unauthorized data flow. Is it possible for a firewall to restrict too much data flow? Yes, it is possible for a firewall to restrict legitimate data flow as well as unauthorized data flow. This may occur if the firewall establishes limits on data flow that are too restrictive. In order to prevent blocking legitimate network traffic, the firewall must examine data flow and attempt to determine which data is authorized or unauthorized. The packets of information that pass through the firewall must have a proper ID to allow it to pass through the firewall. 21. (SO 2) How does encryption assist in limiting unauthorized access to data? Encryption is the process of converting data into secret codes referred to as cipher text. Encrypted data can only be decoded by those who possess the encryption key or password. It therefore renders the data useless to any unauthorized user who does not possess the encryption key. Encryption alone does not prevent access to data, but it does prevent an unauthorized user from reading or using the data.

Page 2-2


Chapter 4 Solutions

Internal Controls and Risks in IT Systems

22. (SO 2) What kinds of risk exist in wireless networks that can be limited by WEP, WPA, and proper use of SSID? WEP, WPA, and SSIDs can limit the risk of unauthorized access to wireless networks, which transmit network data as high frequency radio signals through the air. Since anyone within range of these radio signals can receive the data, protecting data is extremely important within a wireless network. This can be accomplished through encryption via wired equivalency privacy (WEP), through encryption and user authentication via wireless protected access (WPA), and through password protection of the network sending and receiving nodes via service set identifiers (SSIDs). 23. (SO 2) Describe some recent news stories you have seen or heard regarding computer viruses. Student responses will vary greatly depending upon the date this is discussed, but should describe situations of computer malfunctions caused by network break-ins where damaging actions were upon an organization’s programs and data. 24. (SO 2) What is the difference between business continuity planning and disaster recovery planning? How are these two concepts related? Business continuity planning is a proactive program for considering risks to the continuation of business and developing plans and procedures to reduce those risks so that continuation of the IT system is always possible. On the other hand, disaster recovery planning is a reactive program for restoring business operations, including IT operations, to normal after a catastrophe occurs. These two concepts are related in that they are both focused on maintaining IT operations at all times in order to minimize business disruptions. 25. (SO 2) How can a redundant array of independent disks (RAID) help protect the data of an organization? RAID accomplishes redundant data storage by setting up two or more disks as exact mirror images. This provides an automatic backup of all data. If one disk drive fails, the other (maintained on another disk drive) can serve in its place. 26. (SO 2) What kinds of duties should be segregated in IT systems? In an IT system, the duties to be segregated are those of systems analysts who analyze and design the systems, programmers who write the software, operators who process data, and database administrators who maintain and control the database. No single person should develop computer programs and also have access to data. 27. (SO 2) Why do you think the uppermost managers should serve on the IT governance committee? An IT governance committee should be comprised of top management in order to ensure that appropriate priority is assigned to the function of governing the overall development and operation of the organization’s IT systems. Since the committee’s functions include aligning the IT systems to business strategy and to budget funds and personnel for the effective use of IT systems, it is important that high-ranking company officials be aware of these priorities and involved in their

Page 2-3


Chapter 4 Solutions

Internal Controls and Risks in IT Systems

development. Only top management has the power to undertake these responsibilities. 28. (SO 3,4) Why should accountants be concerned about risks inherent in a complex software system such as the operating system? Accountants need to be concerned about the risks inherent in the organization’s software systems because all other software runs on top of the operating system. These systems may have exposure areas that contain entry points for potential unauthorized access to software and/or data. These entry points must be controlled by the proper combination of general controls and application controls. 29. (SO 4) Why is it true that increasing the number of LANs or wireless networks within an organization increases risks? Increasing the number of LANs or wireless networks within an organization increases exposure areas, or entry points through which a user can gain access to the network. Each LAN or wireless access point is another potential entry point for an unauthorized user. The more entry points, the more security risk the organization faces. 30. (SO 4) What kinds of risks are inherent when an organization stores its data in a database and database management system? Since a database management system involves multiple use groups accessing and sharing a database, there are multiple risks of unauthorized access. Anyone who gains access to the database may be able to retrieve data that they should not have. This multiples the number of people who potentially have access to the data. In addition, availability, processing integrity, and business continuity risks are also important due to the fact that so many different users rely on the system. Proper internal controls can help to reduce these inherent risks. 31. (SO 4) How do telecommuting workers pose IT system risks? The network equipment and cabling that enables telecommuting can be an entry point for hackers or other break-ins, and the teleworker’s computer is another potential access point that is not under the company’s direct control. Therefore, it is difficult for the company to monitor whether telecommuters’ computers is properly protected from viruses and other threats. These entry points pose security, confidentiality, availability, and processing integrity risks. 32. (SO 4) What kinds of risks are inherent when an organization begins conducting business over the Internet? The Internet connection required to conduct web-based business can expose the company network to unauthorized use. The sheer volume of users of the World Wide Web dramatically increases the potential number of unauthorized users who may attempt to access an organization’s network of computers. An unauthorized user can compromise security and confidentiality, and affect availability and processing integrity by altering data or software or by inserting virus or worm programs. In addition, the existence of e-commerce in an organization poses online privacy risks.

Page 2-4


Chapter 4 Solutions

Internal Controls and Risks in IT Systems

33. (SO4) How does the use of public cloud computing reduce costs? Since cloud computing is usually a pay-for-service model, it means that companies need to pay only for the level of service needed. There is no need to maintain (and incur the costs associated with) a large IT system to accommodate peak demand periods. In addition, cloud computing allows a company to reduce its investment in IT hardware and personnel. 34. (SO4) Why is a private cloud less risky than a public cloud? A private cloud is developed, owned, maintained, and used by the user company; therefore, the company controls the security, availability, processing integrity, and confidentiality of its data. Accordingly, there is significantly less risk of losing data and applications. 35. (SO 4) Why is it true that the use of EDI means that trading partners may need to grant access to each other’s files? EDI involves transferring electronic business documents between companies. Because EDI involves the use of a network or the Internet, risks of unauthorized access are prevalent. In order to authenticate trading partner users to accomplish the transfer of business documents, other company data files may be at risk of unauthorized use. 36. (SO 5) Why is it critical that source documents be easy to use and complete? Source documents should be easy to use and complete in order minimize the potential for errors, incomplete data, or unauthorized transactions are entered from those source documents into the company’s IT systems. Since source documents represent the method of collecting data in a transaction, they need to be easy to use in order to reduce the risk of incorrect or missing data in the accounting system. 37. (SO 5) Explain some examples of input validation checks that you have noticed when filling out forms on websites you have visited. Student responses are likely to vary, but may include field checks, validity checks, limit checks, range checks, reasonableness checks, completeness checks, or sign checks. Although sequence checks and self-checking digits are additional input validation checks, they are not likely to be cited because they are applicable to transactions processed in batches, which is not likely to apply to students’ web transactions. 38. (SO 5) How can control totals serve as input, processing, and output controls? Control totals can be used as input controls when they are applied as record counts, batch totals, or hash totals to verify the accuracy and completeness of data that is being entered into the IT system. These same control totals can be used as processing controls when they are reconciled during stages of processing to verify the accuracy and completeness of processing. Finally, to ensure accuracy and completeness, the output from an IT system can be reconciled to control totals, thus serving as an output control. Therefore, totals at any stage can be compared against the initial control total to help ensure the accuracy of input, processing, or output. 39. (SO 5) What dangers exist related to computer output such as reports? Output reports contain data that should not fall into the wrong hands, as the information

Page 2-5


Chapter 4 Solutions

Internal Controls and Risks in IT Systems

contained in reports is often confidential or proprietary and could help someone commit fraud. Therefore, the risk of unauthorized access must be controlled through strict policies and procedures regarding report distribution, retention, and disposal.

Brief Exercises 40. (SO 2,5) Categorize each of the following as either a general control or an application control: a. validity check – application control (input) b. encryption – general control c. security token – general control d. batch total – application control (input, processing, and output) e. output distribution – application control (output) f. vulnerability assessment – general control g. firewall – general control h. antivirus software – general control 41. (SO 5) Each of the given situations is independent of the other. For each, list the programmed input validation check that would prevent or detect the error. a. The zip code field was left blank on an input screen requesting a mailing address. – Completeness check b. A state abbreviation of “NX” was entered in the state field. – Validity check c. A number was accidentally entered in the last name field. – Field check d. For a weekly payroll, the hours entry in the “hours worked field was 400. – Limit check or range check e. A pay rate of $50.00 per hour was entered for a new employee. The job code indicates an entry-level receptionist. – Reasonableness check 42. (SO 3) For each AICPA Trust Services Principles category shown, list a potential risk and a corresponding control that would lessen the risk. An example is provided. In a similar manner, list a risk and control in each of the following categories: a. Security. Risk: an unauthorized user could record an invalid transaction. Control: security token to limit unauthorized users. b. Availability. Risk: An unauthorized user may shut down a program. Control: intrusion detection to find instances of unauthorized users. c. Processing Integrity. Risk: environmental problems such as temperature can cause glitches in the system. Control: temperature and humidity controls. d. Confidentiality. Risk: an unauthorized user could browse data. Control: encryption.

Page 2-6


Chapter 4 Solutions

Internal Controls and Risks in IT Systems

43. (SO 4) For each of the following parts of an IT system of a company, write a onesentence description of how unauthorized users could use this as an “entry point”: a. A local area network (LAN). Each workstation or the network wiring on the LAN are access points where someone could tap into the system. b. A wireless network. The wireless signals broadcast into the air could be intercepted to gain access to the system. c. A telecommuting worker. The telecommuter’s computer may be infected with a virus that allows a perpetrator to see the login ID and password. d. A company website to sell products. A hacker may try to break through the web server firewall to gain access to company data. 44. (SO 5) Explain the risk categories for cloud computing and how these risks may differ from a company that maintains its own IT hardware, software, and data. Security – All processing, storing, and reading data occur over the Internet under a cloud computing model; therefore, the third party provider must maintain good security controls. For a company that maintains its own data, it is responsible for its own security. Availability – In a cloud computing model, any service interruptions are under the control of a third party provider; whereas, a company that maintains its own data would need to implement its own backups, business continuity, and disaster recovery plans. Processing Integrity – All control of software installation, testing, and upgrading is transferred to the third-party provider of cloud computing services; whereas, a company that maintains its own data is responsible for the accuracy and completeness of its own processing. Confidentiality – Under cloud computing, the control of maintaining confidentiality is transferred to the third-party provider rather than resting in the hands of the user company. 45. (SO 5) Application controls include input, processing, and output controls. One type of input control is source document controls. Briefly explain the importance of each of the following source document controls: a. Form design. A well-designed form will reduce the chance of erroneous or incomplete data. It could also increase the speed at which the form is completed. b. Form authorization and control. Forms should have a signature line to indicate that the underlying transaction was approved by the correct person. Blank documents should be properly controlled to limit access to them. c. Retention of source documents. Source documents should be maintained as part of the audit trail. They also serve as a way to look up data when queries are raised.

Page 2-7


Chapter 4 Solutions

Internal Controls and Risks in IT Systems

46. (SO 5) Explain how control totals such as record counts, batch totals, and hash totals serve as input controls, processing controls, and output controls. Control totals serve as expected results after input, processing, or output has occurred. At each stage, the current totals can be compared against the initial control total to help ensure the accuracy of input, processing, or output. 47. (SO 6) Briefly explain a situation at your home, university, or job in which you think somebody used computers unethically. Be sure to include an explanation of why you think it was unethical. Student responses will vary significantly. Some possibilities include copyrighted music or video downloading from an unauthorized source, viewing pornography on computers at work, shopping or other browsing while at work, using a work computer to store personal files or process personal work, using company e-mail systems for personal e-mail (some companies may not consider this as problematic as other potential unethical acts).

Problems 48. (SO 1, 2) Explain why an organization should establish and enforce policies for its IT systems in the following areas regarding the use of passwords for log-in: a. Length of password. Passwords should be at least eight characters in length. This would make it difficult for a hacker to guess the password in order to gain unauthorized access to the system. b. The use of numbers or symbols in passwords. Passwords should contain a mix of alphanumeric digits as well as other symbols. There may also be a mix of case sensitive letters. This would make it difficult for a hacker to guess the password. c. Using common words or names as passwords. Names, initials, and other common names should be avoided as passwords, as they tend to be easy to guess. d. Rotation of passwords. Passwords should be changed periodically, approximately every 90 days. This will limit the access of a hacker who has gained unauthorized access. e. Writing passwords on paper or sticky notes. Passwords should be committed to the user’s memory and should not be written down. If they are documented, this increases the likelihood that an unauthorized user may find the password and use it to gain access to the system. 49. (SO 2) The use of smart cards or tokens is called two-factor authentication. Answer the following questions, assuming that the company you work for uses smart cards or tokens for two-factor authentication. Required:

Page 2-8


Chapter 4 Solutions

Internal Controls and Risks in IT Systems

a. What do you think the advantages and disadvantages would be for you as a user? As a user, the advantages of two-factor authentication would be the security of the information in the system that I am using. I would know that it would be difficult for an unauthorized user to alter a system that uses two-factor authentication, so I have more confidence in the data within such a system. In addition, it is relatively easy to remember a password and to transport a smart card or security token. On the other hand, I might consider the use of two-factor authentication to be a disadvantage because it places more responsibility on me, the user. For instance, in order to access the system, I have to remember my password and maintain control of a security device. It might be considered an inconvenience to a user to maintain a smart card or security token and remember to keep it accessible at all times that I may need to access the system. It might also be susceptible to loss, similar to a set of keys. b. What do you think the advantages and disadvantages would be for the company? From the company’s perspective, the advantage of two-factor authentication is the strength of the extra level of security. The company has additional protection against unauthorized access, which makes it difficult for a hacker to access the system. The disadvantage is the cost of the additional authentication tools that comprise the dual layer of security. 50. (SO 4) Many IT professionals feel that wireless networks pose the highest risks in a company’s network system. Required: a. Why do you think this is true? Wireless networks pose the highest risks in a company’s network computer system because the network signals are transported through the air (rather than over cables). Therefore, anyone who can receive radio signals could potential intercept the company’s information and gain access to its network. This exposure is considered greater than in traditional WANs and LANs. b. Which general controls can help reduce these risks? A company can avoid its exposure to unauthorized wireless network traffic by implementing proper controls, such as wired equivalency privacy (WEP) ore wireless protected access (WPA), station set identifiers (SSIDs), and encrypted data. 51. (SO 5) Control totals include batch totals, hash totals, and record counts. Which of these totals would be useful in preventing or detecting IT system input and processing errors or fraud described as follows? a. A payroll clerk accidentally entered the same time card twice. Any of the three control totals could be used: A batch total could detect that too many hours were entered; A hash total could detect that an employee number summation was overstated; A record count could detect that too many time cards were entered.

Page 2-9


Chapter 4 Solutions

Internal Controls and Risks in IT Systems

b. The accounts payable department overlooked an invoice and did not enter it into the system because it was stuck to another invoice. Any of the three control totals could be used: A batch total could detect the missing amount; A hash total could detect that the vendor number summation was misstated; A record count could detect that too few invoices were entered. c. A systems analyst was conducting payroll fraud by electronically adding to his “hours worked” field during the payroll computer run. A batch total could detect this fraud by revealing that the hours worked on the inputs did not agree with the hours worked on the output reports. d. To create a fictitious employee, a payroll clerk removed a time card for a recently terminated employee and inserted a new time card with the same hours worked. A record count could detect this fraud only if there was a control in place to compare the number of records processed with the number of active employees and the number of active employees had been updated to reflect a reduction for the recently terminated employee. 52. (SO 5) Explain how each of the following input validation checks can prevent or detect errors: a. A field check examines a field to determine whether the appropriate type of data was entered. This will detect mistakes in input, such as erroneous input of numeric information in an alpha field. b. A validity check examines a field to ensure that the data entry in the field is valid compared with a preexisting list of acceptable values. This will detect mistakes in input, such as nonsense entries caused by the input personnel striking the wrong key. c. A limit check verifies field inputs by making sure that they do not exceed a pre-established limit. This prevents gross overstatements of the data beyond the acceptable limit. d. A range check verifies field inputs by making sure that they fall within a pre-established range limit. This prevents gross overstatements and understatements of the data beyond the acceptable limits. e. A reasonableness check compares the value in a field with similar, related fields to determine whether the value seems reasonable. This can detect possible errors by identifying “outliers”. f. A completeness check assesses the critical fields in an input screen to make sure that an entry has been input in those fields. This detects possible omissions of critical information. g. A sign check examines a field to determine that it has the appropriate positive or negative sign. This can prevent misstatements caused by misinterpretation of information. h. A sequence check ensures that a batch of transactions is sorted and processed in sequential order. This ensures that a batch will be in the same order as the master file. This may prevent errors in the master file by ensuring that the sequence is appropriate to facilitate an accurate update of the master file.

Page 2-10


Chapter 4 Solutions i.

Internal Controls and Risks in IT Systems

A self-checking digit is an extra digit added to a coded identification number, determined by a mathematical algorithm. This detects potential errors in input data.

53. (SO 2) The IT governance committee should comprise top level managers. Describe why you think that is important. What problems are likely to arise with regard to IT systems if the top level managers are not involved in IT governance committees? It is important for an IT governance committee to be comprised of members of top management so it can appropriately align IT investments with the company’s overall business strategies. If top level managers were not involved in this committee, it is likely that IT changes could be approved which do not enhance the company’s overall goals and strategies. In addition, it is possible that IT changes could be discussed and developed without receiving proper approval or funding. 54. (SO 2) Using the Internet or other research tool, look up the term “penetration testing.” Describe the software tools you find that are intended to achieve penetration testing. Describe the types of systems that penetration testing is conducted upon. Software tools that perform penetration tests must be able to replicate a successful unauthorized access attempt or recreate an attack on a company’s security, but it must be able to do so without altering of damaging the systems upon which these tests are conducted. This will reveal weaknesses in the system so that the company can implement controls to strengthen the security of its system. Penetration testing is typically conducted upon network systems. 55. (SO 2) Visit the AICPA website at www.aicpa.org. Search for the terms “WebTrust” and “SysTrust.” Describe these services and the role of Trust Services Principles in these services. WebTrust services are professional services that build trust and confidence among customers and businesses which operate on the Internet. SysTrust services build trust and confidence between business partners who use and rely upon each other’s computer systems. These services are built upon the Trust Services Principles of Security, Privacy, Availability, Confidentiality, and Processing Integrity to help companies create trustworthy systems. Both of these services are represented by seal on the company’s Web site. 56. (SO 2) Using the Internet or other research tool, look up the terms “disaster recovery,” along with “9/11.” The easiest way to search for both items together is to type into the search box the following: “disaster recovery” “9/11.” Find at least two examples of companies that have changed their disaster recovery planning since the terrorist attacks on the World Trade Center on September 11, 2001. Describe how these companies changed their disaster recovery plans after the terrorist attacks. Students’ answers may vary greatly, as there are numerous examples of companies who operated in or near the World Trade Center or were otherwise affected by the events of September 11, 2001 and who have revised their business disaster recovery plans as a result. A few examples are the financial services companies of Lehman Brothers, Merrill Lynch, and American Express. An article at www.cio.com

Page 2-11


Chapter 4 Solutions

Internal Controls and Risks in IT Systems

includes interviews with the IT executives at these companies as they look back to the events of 9/11. In particular, Lehman Brothers has worked hard to increase its redundant storage and real-time back-ups. It also updated its phone systems so that all direct lines to customers would not terminate at the same place, as they did at the World Financial Center. In addition, it has developed a new business continuity plan, with variations that are now tied to the Homeland Security Advisory System’s color-coded warning levels. At Merrill Lynch, disaster recovery efforts focused on diversification of vendors to relieve the concentration from Lower Manhattan. In addition, it outfitted its buildings used for recovery with wireless LANs; this allows for increased flexibility through the broadcast of signals to multiple access points. For American Express, disaster recovery planning and business continuity planning have changed to a geography-based approach, recognizing that disasters are likely to affect large geographic areas. The events of 9/11 proved that Amex’s previous building-based program was not effective. 57. (SO 5) Go to any website that sells goods. Examples would be BestBuy, Staples, and J.Crew. Pretend that you wish to place an order on the site you choose and complete the order screens for your pretend order. Do not finalize the order; otherwise, you will have to pay for the goods. As you complete the order screens, attempt to enter incorrect data for fields or blanks that you complete. Describe the programmed input validation checks that you find that prevent or detect the incorrect data input. Student’s responses are likely to vary significantly, as different Web sites have different input validation checks. However, most Web sites have a warning message that will appear if invalid information is entered. (For instance, the message “The billing city, state, zip code, and country entered do not match up. Please revise your selections below” was encountered on jcrew.com when bogus city and zip code information was entered.) The warning message will typically prevent the user from proceeding to the next step in the transaction until the error is corrected. 58. (SO4) Using the Internet or other research tool, search “cloud computing” and create a list of at least ten companies that provide cloud computing services. List the names of the companies and a brief description of the cloud computing services provided by each company. Student’s responses are likely to vary significantly but are likely to include companies such as        

Microsoft Cloud Dell Cloud Computing Services GoogleApps, Microsoft Office 365, Windows Azure, Amazon, Google Cloud Computing Hewlett Packard Enterprise

Page 2-12


Chapter 4 Solutions

Internal Controls and Risks in IT Systems

Cases 59. Authentication and hacking controls at an environmental consulting company. Required: a. From the list of general controls shown in Exhibit 4-5, list each authentication and hacking control that you think the EnviroPlan Company should have in place. Any of the Authentication controls could be used, including user IDs, passwords, security tokens or smart cards, biometric devices, login procedures, access levels, computer logs, and authority tables. In addition, any of the hacking controls could be used, including a firewall, security policies, security breach resolution, secure socket layers, a virtual private network, wired equivalency privacy, service set identifiers, antivirus software, vulnerability assessments, penetration testing, and intrusion detection. Encryption is also likely to be necessary in order to protect the confidential data of the companies throughout the US that EnviroPlan serves. b. Explain how each control that you list can prevent IT related risks for EnviroPlan. Login procedures, including passwords, security tokens or smart cards, and biometric devices, are needed to limit access to the system to authorized users. Login procedures should always include passwords, and may be strengthened to include two-factor authentication by requiring a security token or smart card in addition to the password. In addition, the company’s system policies should be documented and administered consistently, including authority tables and establishment of appropriate access levels and securities breach resolutions, and the maintenance of computer logs. This will provide for limiting access to authorized employees, monitoring and resolving problems, and recording access times so as to establish accountability. Regarding hacking controls, firewalls are needed to block unauthorized external network traffic. Encryption will convert the data into cipher text, or secret codes that will be deemed useless to any hacker who intercepts it. SSL can be built into the Web server to encrypt data transferred on the Web site. A VPN is needed for authentication and encryption of Internet traffic, which is important for the EnviroPlan consultants working offsite who need to access the company’s database. For the wireless network, WEP would also be useful for encrypting the data and unique SSIDs would require passwords between the network’s sending and receiving nodes. Antivirus software is needed to scan the system for viruses or worms and delete them before they infect the data or system. Finally, vulnerability assessments, penetration testing, and intrusion detection testing could each be used to locate weaknesses in the company’s systems so that they can be controlled to prevent unauthorized access. c. Are there any general controls that you think would not be cost-beneficial? Biometric devices, such as fingerprint or retina scans or voice recognition

Page 2-13


Chapter 4 Solutions

Internal Controls and Risks in IT Systems

software is probably not cost beneficial in the case of EnviroPlan, as other forms of two-factor authentication could be used just as effectively at a lower cost. 60. Consideration of Internet EDI in a plastics manufacturing company. Required: a. Describe the extra IT system risks that Gleason, Inc. should consider as it evaluates whether to buy or develop an Internet EDI system. As Gleason converts to an Internet EDI system, it will become susceptible to a wide range of risks concerning the security, availability, processing integrity, and confidentiality of its system. As new business partners may be granted access to Gleason’s systems, the potential exists for those users to browse, alter, destroy, or steal data or programs, make unauthorized transactions, or otherwise sabotage the systems in order to make them inoperable or unavailable. These risks are increased if the company does not implement controls to detect and prevent them. b. Describe the IT internal controls that should be incorporated into an Internet EDI system. In a well-controlled Internet EDI system, the external users should be required to log with a user ID and password. Security tokens, smart cards, or biometric devices may also be used. Authority tables should limit the access level of the user and computer logs should monitor the activity of the user. A firewall should be installed to limit access to recognized external users, and data should be encrypted to ensure that its privacy is protected. The standard form of encryption used to protect Internet exchange of data is SSL. 61. Fraud at PT&T. Required: List and describe internal controls from this chapter that may helped prevent or detect Chris Schuler’s fraud. Keep in mind that this case occurred before there was an Internet and large company computer networks. CT&T’s authority tables should have limited Chris Schuler’s computer access levels to selected vendor information. He should not have been able to access the entire files and program code for the company’s inventories and ordering systems. In addition, he should not have had the authority to alter programming in order to erase evidence of his activities. If access had been properly limited, the company’s computer logs would have been able to detect the types of activities that Schneider had performed while accessing CT&T’s systems. Finally, a simple physical control should have prevented the issuance of keys to suppliers.

Page 2-14


Chapter 5 Solutions

IT Governance

Turner/Accounting Information Systems, 3e Solutions Manual Chapter 5

Concept Check 1. b 2. b 3. c 4. a 5. d 6. a 7. b 8. d 9. d 10. a 11. c 12. d

Discussion Questions 13. (SO 3) At the beginning of the chapter, the real world example of Allstate’s IT expenditure is mentioned. Prior to the implementation of their IT governance committee, "whoever spoke the loudest or whoever had the biggest checkbook," got to select IT projects. What do you think the problems were with this kind of approach? There would be no long-term strategy in how they spent money on IT projects. Therefore, it would be less likely that the company is buying and using the type of IT systems that support what the company wished to accomplish in the long-term. 14. (SO 1) Why is it important that IT systems be aligned with the business strategy? IT systems are critical systems that support and enhance business processes and business strategy. If the IT systems do not support the business strategy, the company will find it much more difficult to achieve the long-term goals.

Page 6-1


Chapter 5 Solutions

IT Governance

15. (SO 1) Why would IT governance include measuring the performance of IT Systems? IT governance is the proper management of IT. Without monitoring the performance of IT, there is no feedback to determine whether it is meeting the needs of the company, and meeting the objectives it was intended to achieve. 16. (SO 3) What is the difference between technical feasibility and operational feasibility? Technical feasibility examines whether technology exists to accomplish the objectives in a proposed IT system. Operational feasibility is an examination of whether the organization could operate the proposed IT systems, given the limitations of the personnel and resources within the company. 17. (SO 3) How does the analysis of feasibilities in the systems planning phase help to prioritize system changes? A feasibility analysis may eliminate some proposed IT systems as not feasible. Of those remaining under consideration, the feasibility analysis helps determine which proposed IT systems are most feasible. Thus, those that are more feasible would have a higher priority and those that are less feasible have a lower priority. 18.(SO 4) What is the advantage of studying the current system within the systems analysis phase? It is easier to determine how to improve the efficiency and effectiveness of a system if that system is well understood. A study of the current system helps determine which areas need improvement. 19. (SO 4) During the systems analysis phase, which two data collection methods help determine user requirements? Interviews and questionnaires both solicit information or opinions from users. These methods allow users to have input in determining system requirements. 20. (SO 5) What are the advantages of purchased software when compared with software developed in-house? Purchased software is usually less costly, more reliable, and has a shorter implementation time. 21. (SO 5) Why might it be important follow some or all of the SDLC phases for purchased software? Even when software is purchased, it often must be modified or customized. The SDLC phases help organize and manage those steps to modify or customize the software. 22. (SO 5) How is conceptual design different from detailed design? The detailed design is much later in the process and creates the entire set of specifications necessary to build and implement the system. The conceptual design is earlier and is much more general in nature. It establishes alternative conceptual designs.

Page 6-2


Chapter 5 Solutions

IT Governance

23. (SO 5)Within the system design phase, what are the purposes of evaluation and selection? The purpose is to assess the feasibility of each alternative conceptual design and to select the alternative design that best fits the organization’s needs. 24. (SO 5) Which part of the system design phase would include designing rows and columns of output reports? Why is it important to design reports? The detailed design part of system design includes creating the details of output reports. Output reports include the information that users need to accomplish their jobs and without properly designed outputs, they cannot efficiently do these jobs. 25. (SO 6) What is the purpose of software testing? The purpose is to uncover problems in the system that would lead to erroneous accounting data. 26. (SO 6) How are accountants involved in data conversion? Accountants should do two things in data conversion. The first is to oversee the data conversion to make sure all data are completely and accurately converted. Accountants should also reconcile the converted data with the old data to insure it was accurately converted. They would compare control totals of the old and converted data to accomplish the reconciliation. 27. (SO 6) Why is a direct cutover conversion risky? It is risky because the old system is no longer in operation, and therefore, the old system cannot be used as a backup system in the event of errors or problems with the new system. 28. (SO 6) Why is parallel conversion costly? It consumes more time and money because it requires running two systems at the same time. 29. (SO 6) Why is user acceptance important? The project team is more likely to solicit and use feedback from users if they know that users must sign off on the new system. In other words, the project team cannot say their job is finished until the user sign off occurs. 30. (SO 6) Why is post-implementation review undertaken? It is undertaken to help those involved in the SDLC to learn from any mistakes they made during the process. 31. (SO 8) How does the SDLC serve as an internal control? It is an internal control in the sense that it helps ensure that IT systems meet organizational needs and that the development and implementation of new IT systems is properly controlled. 32. (SO 9) What ethical obligations do employees have as IT systems are revised? Employees should make an honest effort to participate as requested in the SDLC, learn new system processes that result, and properly use the new systems and processes.

Page 6-3


Chapter 5 Solutions

IT Governance

Brief Exercises 33. (SO 1) Describe the role that the Board of Directors should play in IT governance. The board must oversee all aspects of IT within the organization. They must articulate and communicate the direction for IT, stay aware of development, investments, and costs in IT. They should receive and review reports on major IT projects and regular performance reports, and ensure that there are suitable resources and infrastructure available. 34. (SO 3, 5) Two feasibility studies occur during the SDLC: one during systems planning, and one during systems design. Describe the differences between these two feasibility studies. In the systems design phase, the feasibility study is more detailed and the scope is different. At this part of the system design phase, the alternative system conceptual designs have been narrowed to one alternative. Thus, the feasibility study focuses on the details of that one design. The estimates of the technology needed, the operational requirements, the costs, and the implementation schedule can be more precise. In the systems planning phase, the purpose is to assess the feasibility of several alternative conceptual designs and to narrow the alternative conceptual designs. 35. (SO 4) There are four methods of data collection used in the study of the current system: observation, documentation review, interviews, and questionnaires. Compare and contrast these four methods. In observation and documentation review, the project team views strengths and weaknesses of the system from their own perspective and they are not asking for user feedback. Interviews and questionnaires are methods to ask for user input. Interviews are faceto-face and verbal in the collection of user feedback. Questionnaires can be anonymous and written. Both interviews and questionnaires can be structured or unstructured. 36. (SO 4) Describe the purpose of Business Process Reengineering during the System Design phase. During the system design phase, the changes inherent in a new IT system may require changes in the underlying business processes. BPR is as radical rethinking and redesign of a business process to take advantage of the speed and

Page 6-4


Chapter 5 Solutions

IT Governance

efficiency of computers. BPR allows the company to make sure they are leveraging the capabilities of IT to improve the efficiency of the business processes. 37. (SO 6) There are four methods of system conversion: parallel, direct cutover, pilot, and phase-in. Describe these four methods and how they differ. A parallel conversion is the operation of both the old system and the new system for a limited period of time. A direct cutover occurs when the new system begins as of a certain date and the old system is discontinued on that same date. In a pilot conversion, the new system is implemented in a subunit or subunits within the organization. The old system would continue in other parts of the organization. In a phase-in conversion, the new system is introduced in modules, rather than the entire system at once. In comparing the four methods, the direct cutover is the most risky and the parallel is least risky. The pilot and phase-in approaches may take a longer total time to achieve a conversion to the entire new system across the organization. 38. (SO 7) Operation and maintenance is the longest and costliest part of the SDLC. Explain why this is true. When a company has completed the SDLC and implemented a new system, the intent is to operate it for a few years to capture the benefits of the new system. Therefore maintaining and operating the system may last for several years and therefore, be the most costly part also. 39. (SO 7) Describe how IT performance reports are important in IT governance. Regular monitoring of IT systems is necessary to ensure that the systems are meeting their objectives and performing as expected. If management never received performance reports, it would be difficult to know whether systems improvements or revisions were needed. 40. (SO 9) What is the underlying purpose of the restrictions on CPA firms in Section 201 of the Sarbanes Oxley Act? These restrictions are intended to increase the independence of CPA firms that provide audit services for companies. The concern was that if a company receives fees from a client for consulting work, they may be less independent of the client’s wishes and more likely to allow clients to provide misleading accounting information to the investing public.

Page 6-5


Chapter 5 Solutions

IT Governance

Problems 41. (SO 1) Middleton Corporation just became a public corporation when shares of stock were sold to the public three months ago. A new board of directors has been appointed to govern the corporation. Assume that you will be giving a presentation to the board members on their responsibilities for IT systems. Write a report that could be delivered to the board. The board of directors of a company has a set of very important responsibilities related to IT systems. As top management of the company, the board must take responsibility to ensure that the organization has processes that align IT systems to the strategies and objectives of the company. To carry out this responsibility, the board must do certain functions, or ensure there are processes to carry out the following functions: * Align IT strategy with the business strategy * Cascade strategy and goals down to lower levels of the organization * Provide structures that facilitate implementation of strategy and goals * Insist that an IT control framework be adopted and implemented * Measure and review IT performance The more detailed activities needed to carry out these board responsibilities are as follows: * Articulate and communicate long-term strategy * Stay aware of latest developments in IT * Insist that IT be a regular agenda item at board meetings * Stay aware of the company’s investments, and competitors investments in IT * Ensure the senior IT official’s reporting level is appropriate to the role of IT. * Ensure the board has a clear view of the risks and returns of current or proposed IT systems * Receive and review regular reports on the progress of IT projects, and on IT performance. * Ensure adequate resources, skills, and infrastructures to meet strategic goals for IT systems If the board of directors focuses on these activities, it will help the

Page 6-6


Chapter 5 Solutions

IT Governance

board to ensure that IT systems do support long-term strategic objectives of the company. 42. (SO 2) Millennium Tech Stop is a regional retailer of consumer electronics, with warehouses and stores located in several large cities in California. The board and top management of Millennium are considering updating their accounting, inventory, and retail sales software and hardware. The current systems are approximately 15 years old. Assume that you have been hired as a consultant to guide them through the process of upgrading their systems. Write a document that could be presented to the board of directors that summarizes the SDLC. Memorandum To: Board of Directors From: Jennifer Starnes, IT Consultant Re: Systems Development Life Cycle This memo is intended to provide an executive summary on the System Development Life Cycle (SDLC) and the importance of it for your company. IT systems are crucial to the success and profitability of Millennium. To enhance long-term performance, the company must choose and use the IT systems that best support the company’s goals and objectives. To ensure you are selecting and using the most effective IT systems, you should follow a systematic and formal process to select, design, and implement IT systems. A failure to follow a systematic and formal process in selecting and implementing IT systems is likely to lead to a mismatch between Millennium’s strategic objectives and the capabilities of its IT systems. One popular way of using a systematic and formal process is to follow a SDLC method. The SDLC is a set of systematic phases and steps to follow in selecting, designing, and implementing IT systems. Given limited funds and time, following an SDLC process is a planned and controlled method of ensuring a proper match between Millennium’s IT needs and the IT system implemented.

Page 6-7


Chapter 5 Solutions

IT Governance

The phases of the SDLC are: systems planning; systems analysis; systems design; systems implementation; and operation and maintenance. These phases occur in the sequence given as a planned and controlled approach to implementing new IT systems. The following are brief descriptions of each of these phases. Systems planning involves examining the long-term objectives of your company and based on these objectives, planning and prioritizing the type of IT systems that can help you achieve those objectives. For example, if your company’s objective is to minimize inventory levels in your warehouses, you are likely to need IT systems that give you realtime and accurate information about inventory levels, and you are likely to need IT systems that help you predict or forecast sales of the various inventory items. Systems analysis is the study of the current IT system to determine its strengths and weakness, and to get user feedback about the needs in a new IT system. Systems design is the creation of the system that meets user needs as and improves the weaknesses of the old IT system. In other words, the data collected and analyzed in the systems analysis phase will guide the design of the new IT system. Systems implementation is the set of steps undertaken to program, test, and activate the IT system that was designed during the systems design phase. Operation and maintenance is the regular, ongoing functioning of the IT system and the process to fix smaller errors or problems in the IT system. Following these phases, in this order, will help you to have IT systems that best match your company’s needs. 43. (SO 4) Assume that you are the project team manager that is engaged in a systems analysis. The company is a large, national retailer with several stores and warehouses located throughout the United States. The corporate headquarters are in Atlanta, and all major accounting takes place at the corporate headquarters. Describe how you would

Page 6-8


Chapter 5 Solutions

IT Governance

use the various data collection techniques of observation, documentation review, interviews, and questionnaires. Observation and documentation review are both methods that allow a project team to better understand the IT system without soliciting input from users. That is, these methods do not interrupt the work of users, but they only uncover strengths and weaknesses in the IT systems that are evident to the project team. These two methods would be used at the corporate headquarters by the project team. It may be necessary for the project team to also visit and observe at a couple of stores and a couple of warehouses. However, it would not be necessary, nor would it be cost effective, to visit all stores and all warehouses. Interviews and questionnaires both solicit feedback from users. Due to the number of stores and warehouses, it would be more effective to send surveys to these locations for certain users to complete. At the corporate headquarters, it would be possible to use both interviews and questionnaires. Because of the time consuming nature of interviews, they would be used on the smaller set of managers who use the IT system. The questionnaires would be used to survey the larger group of users who are not managers. 44. (SO 5) CEEMCO Corp. is a small, privately owned manufacturing company in Cincinnati. CEEMCO manufactures custom products as well as store display products to sell to other companies such as retailers. Using an Internet search engine, do a search using the search terms “CEEMCO” and “Cincinnati.” Examine the kind of manufacturing the company does. Once you have completed that, examine an accounting software site such as www.2020software.com or www.accountingsoftware411.com. Complete the following: a. Describe the process Ceemco should undertake to determine which accounting software might be the best fit for the company. For a small company, CEEMCO is not likely to have an IT staff that could assist with an SDLC process to develop specifications for any software systems needed. The more likely approach would be to hire a consulting firm to help select and install an accounting software system. b. Although you do not know much about the company, develop a list of requirements you believe any accounting software should have for CEEMCO to consider the software as a viable alternative. Since it produces many different categories of products (store displays, metal

Page 6-9


Get complete Order files download link below https://www.mediafire.com/file/irz9wmopx2uq9nh/S M+Accounting+Information+Systems+Controls+and+Pr ocesses+3e+Turner+Weickgenannt+Mary+Copeland.zip /file

If this link does not work with a click, then copy the complete Download link and paste link in internet explorer/firefox/google chrome and get all files download successfully.


Chapter 5 Solutions

IT Governance

fabrication, plastic parts fabrication, medical case carts, HVAC products such as radiators, and retail products such as window ornaments), the company is very likely to have an extensive array of raw material inventories and the need to track many different types of work-in-process. Therefore, the most critical need may be for manufacturing and inventory tracking modules. The software would also need basic accounting modules such as accounts receivable, accounts payable, and general ledger. It is not possible to determine whether CEEMCO does its own payroll or whether it outsources payroll. If payroll is handled in-house, CEEMCO would need a payroll module. In addition, since the company sells the window-ornament products online, there would be a need for an e-commerce module. There is no mention of locations other than two in Cincinnati. Therefore, there is not likely to be any need for a system that handles international currencies. c. Choose an accounting software from your Web search, and describe why you believe it is a good match for CEEMCO. There is no single correct answer to this question, but there are some answers that would be incorrect. For example, Quickbooks would not have the power necessary for this business. Also, enterprise level systems such as SAP or Oracle would be too expensive for a small company such as CEEMCO. Products such as Sage 100, Sage 300, Dynamics GP, or Cloud-based such as Netsuite would be more appropriate. 45. (SO 2) There are several approaches to applying an SDLC methodology to IT system change. Using an Internet search engine, search for these terms: SDLC, waterfall, JAD (joint application development), RAD (rapid application development), build and fix, and spiral model. For example, you might try entering these search terms: SDLC waterfall. Write a brief definition of these various approaches to the system development life cycle. The student answers to this will vary depending on which web sites they use and when they access web sites. A sample answer is provided. The SDLC waterfall approach is the oldest approach to system development. In a waterfall approach, there is a sequence of steps and the output of one sequence becomes the input for the next step. The method described in this chapter is a waterfall approach. Joint application development (JAD) is intended to reduce

Page 6-10


Chapter 5 Solutions

IT Governance

development time and to increase customer (end user) satisfaction with the system. It is a method that involves a series of meetings with the end users or clients that will use the system. These meetings with end users are called JAD sessions. Rapid application development (RAD) usually involves object-oriented programming, a method that encourages the reuse of programmed modules. RAD includes: 1) workshops or focus groups to gather requirements, 2) Protoyping, and testing of those prototypes, 3) Strict time limits on each development phase that delays immediate fixes and defers these improvements to the next prototype, and 4) Less formality in team communications. The build and fix method is very open-ended and can be very risky. The method does not have formal steps such as in the waterfall method. In this method, a system is simply built (code is written) and then it is fixed until the customer is happy with it. In the spiral approach, an initial model of the system is developed and then successively refined with input from end users. The development of each successive version of the system is undertaken using the carefully controlled steps in the SDLC waterfall approach. In addition, after each development of each successive version, a risk assessment is undertaken to determine whether it is worthwhile to move to the next development version, or to stop. The web sites used for this solution are: http://searchsoftwarequality.techtarget.com/sDefinition/0,,sid92_gci214 246,00.html http://www.ctg.albany.edu/publications/reports/survey_of_sysdev/surve y_of_sysdev.pdf

46. (SO 9) Thomas Clark is an accounting software consultant at Tann and Associates Consulting. Tann is a value-added reseller of accounting software for midsize companies, which normally have revenue between 50 million and 500 million dollars. One of Johnson’s responsibilities is to solicit new client companies and to meet with their management to recommend the best accounting software system for

Page 6-11


Chapter 5 Solutions

IT Governance

them. Midmarket accounting software typically offers several modules that the client may choose from. For example, not all clients would need an e-business module for their accounting software. Since part of Johnson’s compensation is a percentage of software sales and consulting revenue that he generates, what are the ethical conflicts he faces when soliciting new clients and recommending software and software modules? The nature of a consultant’s business can cause ethical issues to be raised because there can be a conflict between what is best for the client and what is best for the consultant. There are at least three important ethical traps that a consultant could easily fall into: excessive billing of hours; recommending only software products that have a high profit margin for the consultant; and recommending unnecessary modules. All three of these ethical issues have a common thread. In each of these situations, the consultant is trying to maximize his own wealth and is not putting the highest priority on the client’s needs. A consultant could inflate hours worked and/or bill for extra hours not really worked for that client. In both cases, the consultant is dishonest and unethical. These fictitious billing acts are also fraudulent and illegal. The other two ethical issues mentioned above are not as easily proven to be illegal, but they are unethical. If a consultant feels two different software systems may meet the customer’s needs, but chooses the one with the higher profit margin solely for the higher profit, he is acting unethically. Also if a consultant recommends additional software modules that are not really needed by the client, he is acting unethically.

Cases 47. The ElectroShock is a retailer of electronics such as cell phones, satellite radios, mp3 players, and high-end LCD and plasma TVs. The ElectroShock is a large chain with stores in strip shopping centers throughout the United States. However, each store is small, with generally five to six employees and a manager. Each store sells much less volume than large electronic retailers such as Best Buy or Circuit City. Top management has recently become concerned with what

Page 6-12


Chapter 5 Solutions

IT Governance

appears to be an excessive amount of inventory loss (shrinkage) at many of its stores. At this point, the management team is uncertain as to whether the excessive loss is due to weaknesses in its IT system that tracks inventory or to customer and employee theft at the stores. Top managers are concerned that the IT system may be a contributing factor to the loss and would like to study whether a new system should be implemented. Through their industry contacts, they know that large retailers such as Best Buy and Circuit City use much more sophisticated inventory management systems than The ElectroShock does. A systems analysis would require a cost benefit analysis and a feasibility study. Describe steps that The ElectroShock should undertake to complete a cost-benefit analysis and a feasibility study for a new IT system to track inventory. A feasibility study assesses feasibility in four areas: technical, operational, economic, and scheduling feasibility. To conduct the technical feasibility, The ElectroShock should determine the kind of inventory management software systems that are available in the market. For example, some companies are now using Radio Frequency Identification systems (RFID). These newer technology systems are the kind of inventory systems that The ElectroShock should investigate during the technical feasibility study. The company should try to determine the latest technology in tracking inventory systems. That is, what does current technology allow the company to achieve in tracking inventory? The company could also consider whether it could build an inventory system internally, but this is not a likely option. To examine operational feasibility, The ElectroShock should compare its current system hardware and personnel to the system hardware and personnel needed to operate the new inventory systems identified in the technical feasibility study. The ElectroShock will find that some systems are more likely to be the type that the company could operate given the hardware and personnel available to them. Of course, some new hardware could be purchased and new personnel hired, but the more of this activity is required for a particular system, the less feasible it is from an operational standpoint.

Page 6-13


Chapter 5 Solutions

IT Governance

An examination of economic feasibility is a cost-benefit analysis. To conduct economic feasibility, The ElectroShock should compare cost estimates for each potential system to the monetary benefits expected for each system. Usually, the monetary benefits are cost savings that result from efficiencies of the new system. The ElectroShock would need to estimate the costs of new systems and the cost savings of those systems. Those potential systems in which benefits are greater than costs are more feasible. To assess schedule feasibility, The ElectroShock must try to estimate the time required to implement each of the potential systems. As the length of time to implementation increases, a system becomes less feasible. A very long implementation period may mean that the system will take too long to begin recognizing benefits and it may also mean that the hardware and software could be out of date by the time it is implemented. 48. Miller International is in the process of purchasing a new accounting software system. Miller is in a very specialized industry, with an international market. The company manufactures specialized parts to sell to companies in the oil exploration and drilling industry. The corporate headquarters are in Fort Worth, Texas, and a significant number – approximately one-half – of their operations are U.S.-based. They also maintain production plants and a sales and support staff in most oil-producing countries. Explain the factors that Miller should consider when determining which software system will best suit its needs. The items mentioned in the question are some of the important factors. For example, the accounting system must have the capability to work with various international currencies. The software must also have the capability to use a large account numbering system to easily identify the various locations and purposes of the various accounts. The chart of accounts will likely have a large number of accounts that are subdivided by location and purpose. Miller also must consider its specialized industry. Therefore the software must be able to match to the special processes or information needs of the industry. In addition to the unique factors that Miller should consider, it should examine the same kinds of feasibility that any company should consider. Therefore, for any accounting software under consideration, Miller

Page 6-14


Chapter 5 Solutions

IT Governance

should assess technical, operational, economic, and schedule feasibility. 49. Refer to case 48. Describe which parts of the design phase Miller should undertake to ensure that the purchased software matches with the business processes that it will use. First, Miller must determine whether it should employ a consulting firm to assist in the purchase and implementation of the software. If a consulting firm is hired, Miller should interview, request bids, and select a consulting firm early in the process. The consulting firm would then assist with all steps in selecting and implementing the software. If so desired, Miller could also bring in a consulting firm for the later stages of the design. Request for proposals (RFPs) must be sent to any software firm under consideration. The returned RFP (bid) will include details about the software, the support provided for the software, and the price. The project team or IT governance committee should review each RFP in detail to select the best software system. The things that should be considered while reviewing the RFPs are: * The price of the software * The match of the software to user needs * The technical, operational, economic, and schedule feasibility * Technical support provided by the vendor * Reputation and reliability of the vendor * Usability and user friendliness of the software * Testimonials from customers currently using the software If the software selected must be modified to meet any specific needs of the company, the project team should develop design specifications for those modifications. If those modifications are extensive, the entire detailed design phase should be undertaken to design outputs, inputs, processes, and controls.

Page 6-15


Chapter 6 Solutions

Enterprise Resource Planning (ERP) Systems

Turner/Accounting Information Systems, 3e Solutions Manual Chapter 6 Concept Check 1. a 2. d 3. b 4. c 5. b 6. b 7. a 8. c 9. d 10. c 11. b 12. a

Discussion Questions 13. (S.O. 1) Describe how ERP systems enhance efficiency in a business organization. ERP systems enhance efficiency by controlling all business processes in one software system. That is, a single system collects, processes, stores, and reports data resulting from all sales, purchase, conversion, and administrative processes. In addition, ERP systems enable e-commerce and e-business, thus further enhancing efficiencies. 14. (S.O. 1) Why is real-time processing essential in an ERP system? Real-time processing is essential in an ERP system because all employees in the organization need to use the same information. Since data is stored in a single database, it is important that the most up-to-date information is available because of its usefulness in so many areas of the organization. 15. (S.O. 1) How has ERP increased the responsibilities of customer service representatives? Since customer services representatives have access to complete and timely information through the ERP system, they are able to answer important questions pertaining to availability of stock, timing of production, purchases, deliveries, and shipments, as well as historical information about customer orders and buying habits. The ERP’s ability to integrate company-wide information enables customer service representatives to deliver better service, thus facilitating a higher level of customer satisfaction.

1


Chapter 6 Solutions

Enterprise Resource Planning (ERP) Systems

16. (S.O. 1) What is an MRP II system and how is it different than the ERP systems in use today? Manufacturing Resource Planning (MRP II) software systems is focused on the movement and use of resources needed by a manufacturing company, such as purchasing, warehousing, and the scheduling of deliveries, production, and shipping. MRP II systems evolved into ERP systems when the system’s functionality increased to include processes related to marketing, distribution, human resources, etc. 17. (S.O. 1) What are the two databases used by ERP systems? The ERP system often utilizes two different databases. These two databases are the operational database and the data warehouse. The operational database contains the data necessary to conduct day-to-day operations and produce management reports. It is continually updated as transactions are processed. The data warehouse contains non-volatile historical information that is used to support management decision-making. 18. (S.O. 1) Differentiate between the “enterprise-wide” and “non-volatile” features of a company’s data warehouse. Data is enterprise-wide when it is pulled from the operational database (which pertains the operations of the entire organization), and is then maintained in the data warehouse for many periods. Data is non-volatile because it does not change rapidly in the same way that operational data changes. Periodically, new enterprisewide data from the operational database is uploaded to the data warehouse, but other than the updating process, the data in a data warehouse does not change. 19. (S.O. 2) What was unique about SAP’s first ERP system? SAP’s first ERP system was unique in that it integrated all business processes (not just manufacturing) and that it made data available in real time. 20. (S.O. 2,5) Differentiate between the features of SAP’s R/1, R/2, and R/3. What does the “R” stand for in this name? SAP differentiated new versions of its software by coding them as R/1, R/2, and R/3, where the “R” stands for “real-time processing” and the number relates to the version. SAP R/1 was SAP’s first release, which integrated all business processes and made data available in real time. R/2 allowed for interactivity between modules and added more features (such as order tracking). R/3 used client-server hardware that allowed the system to run on a variety of computer platforms and allowed for third-party companies to develop software that will integrate with SAP R/3. 21. (S.O. 3) How do ERP II systems allow for businesses to improve efficiencies with respect to sharing information with trading partners? ERP II systems allow for businesses to improve efficiencies with respect to sharing information with trading partners by using EDI, Internet EDI, or extranets to connect with suppliers and customers. Exhibit 15-2 depicts a view of an ERP II system. 22. (S.O. 3) How did the tragic events of September 11, 2001 affect the market for ERP systems? The events of September 11, 2001 caused drastic reductions in sales of ERP systems, as nearly all companies reduced IT spending. The economy experienced a downturn and all most businesses were cutting expenses, including IT expenditures.

2


Chapter 6 Solutions

Enterprise Resource Planning (ERP) Systems

23. (S.O. 4) What are some of the activities included in an ERP module for supply chain management? Supply chain management (SCM) is the management and control of all materials, funds, and related information in the logistics process from the acquisition of raw material to the delivery of finished products to the customer. The supply chain involves trading processes from a supplier to a business, as well as trading processes between the business and its customers and other intermediaries. Similar to internal processes, these trading processes can experience improved efficiency by using ERP systems to initiate, record, store, and report these processes. 24. (S.O.4) What are some of the features of an ERP module for customer relationship management? Customer relationship management (CRM) allows organizations to manage customer relationships in an organized manner by providing a database of detailed customer information that management, salespeople, and customer service representatives can readily access. This database generally includes historical information regarding customer purchases, which can be used to match customer needs with products, inform customers of service requirements, and analyze customer buying behavior. 25. (S.O.5) Which company is today’s top-seller of ERP systems in the U.S.? SAP is the top-selling tier one manufacturer of ERP systems in the U.S. (through 2007). 26. (S.O.5) Differentiate between Oracle’s “back office” and “front office” modules. Back office modules are the ERP modules such as financial, manufacturing, supply chain, procurement, and human resources applications that typically do not involve interaction with the customer. The front office modules are for sales, marketing, service and call center functions that are visible to customers. 27. (S.O.5) Which tier one company introduced the first ERP system that was “pure internet,” requiring no programming code to reside on the client computer? Peoplesoft is the tier one company that introduced the first “pure internet” ERP system that required no programming code to reside on the client computer. 28. (S.O. 5, 6) Which of the tier one ERP companies is likely to provide the “best fit” for a manufacturing firm? For a human resources placement company? SAP is the tier one ERP company that is likely to provide the “best fit” for a manufacturing firm because its systems evolved from MRP II systems. For a human resources placement company, Peoplesoft is likely to be the “best fit” because it evolved from a human resources software system. 29. (S.O.6) Why is business process reengineering an important aspect of ERP implementation? Business process reengineering (BPR) an important aspect of ERP implementation because it aligns business processes with the underlying IT systems used to record processes. In addition, it improves efficiency and effectiveness of these processes. When technology is introduced intro business processes, BPR and IT can have a mutually-enhancing relationship: IT capabilities support the business processes and the business processes can be redesigned to match the capabilities of the IT

3


Chapter 6 Solutions

Enterprise Resource Planning (ERP) Systems

system. Therefore, BPR is important because of its role in improving process efficiencies. 30. (S.O.6) Why should customization of an ERP system be limited? Customization of an ERP system should be limited because of issues with cost and upgrading. Any customizations may require changing or writing new programming code and this can be a very expensive and time-consuming task. The cost of customization can easily exceed the cost of packaged ERP software. Second, any customizations cannot be automatically incorporated when the ERP vendor provides an upgraded version of the ERP software. Therefore, upgrading to the new version may mean losing any customizations. 31. (S.O.6) Differentiate between location-wise and modular implementation approaches to the conversion to an ERP system. In a location-wise implementation of an ERP system, the organization chooses a specific location or sub-unit of the organization and implements the ERP system in that location only. This approach can be considered a “pilot” approach in which the ERP is first carried out in a sub-unit of the larger organization. This means that any resulting problems will be isolated within the pilot unit so that the entire organization is not impacted. In a modular implementation, the ERP system is implemented one module at a time. The implementation team will normally focus on the most critical module first and complete the implementation of modules in descending order. This allows the organization to take advantage of the new features of the module in the ERP system without affecting all processes in the organization. 32. (S.O.7) Which method of conversion to an ERP system is sometimes referred to as a “pilot” method? Why is this name appropriate? The location-wise implementation method is considered a “pilot” approach because the ERP is first implemented in a single location or sub-unit of the organization before it is implemented across the entire organization. This allows any problems to be worked out in an isolated area without impacting the entire organization. Thus, the changes and resolutions experiences in this pilot area can be used to guide the subsequent implementations. 33. (S.O.8) How can an ERP system assist a company in its efforts to comply with the Sarbanes-Oxley Act of 2002? ERP systems assist a company in its efforts to comply with the Sarbanes-Oxley Act of 2002 by providing real-time financial information to facilitate the reporting requirements of the Act. For instance, enhanced financial modules of an ERP system may provide feedback information to management regarding internal controls, which is important for complying with the reporting requirements of section 404 of the Act. In addition, ERP systems can enhance internal controls by providing for the proper segregation of duties and establishment of authority, as well as the real-time monitoring and reporting of exceptions.

Brief Exercises 34. (S.O. 2) Why was there so much growth in the sales of ERP systems in the late 1990s?

4


Chapter 6 Solutions

Enterprise Resource Planning (ERP) Systems

There are two major contributing factors to the rapid growth in sales of ERP software in the late 1990s. One factor was the explosive growth of e-commerce and the dotcom boom that occurred during this time period. To enable e-commerce and accelerate business processes in order to meet the demands of e-commerce sales, companies needed integrated systems such as ERP. A second factor was the valid concern about Y2K compatibility of existing software systems in companies. Many companies were rapidly trying to replace legacy software systems in the late 1990s before the year 2000 changeover occurred. Many were facing uncertainty as to whether their legacy software would work after 1999. System professionals were concerned that older legacy systems would “blow up” when faced with a date of 2000 or later. 35. (S.O. 3) What are the five most common reasons for increased spending on ERP systems in the early 2000s? Which of these reasons was the impetus for Viper’s ERP implementation in 2003? Some of the reasons for this increased ERP spending are: a. The need to improve customer service through standardizing and combining business processes. This necessitates ERP software that can support standardized and combined processes. b. Global companies that operate in several countries may have separate ERP systems in various countries. Many of these companies decide to replace these various ERP systems with one centrally managed ERP system for the entire company. c. Aging ERP systems that were installed prior to Y2K need replacement to meet competitive demands faced by companies. d. Bigger IT budgets in 2005 replaced leaner budgets between 2001 and 2004. Companies began increasing overall IT spending, including spending on ERP systems. e. To enhance compliance with the Sarbanes-Oxley Act. Viper Motorcycle Company implemented an ERP system primarily to enhance compliance with the Sarbanes-Oxley Act of 2002. 36. (S.O. 4) Match the ERP modules on the left with the purpose of the related processes on the right: Financials b. Maintenance of the general ledger and supporting journals and sub-ledgers. Human Resources d. Accounting for personnel and payroll activities. Procurement and c. Keeping track of purchasing and movement of goods and Logistics materials. Manufacturing f. Planning and scheduling of conversion activities. Sales and Services a. Taking customer orders and preparing for the impending revenue and cash collection. e. Data mining and other processes for obtaining feedback Analytics and supporting managerial decision-making.

5


Chapter 6 Solutions

Enterprise Resource Planning (ERP) Systems

37. (S.O.6) What potential advantages and disadvantages exist with respect to engaging a consultant for an ERP implementation? Discuss. The primary advantages of hiring a consulting firm include: a. Experience. The use of consultants may provide for a more effective implementation, as long as it is performed by professionals having experience with similar implementations. The experience of a consultant may be translated into savings for the company, particularly with respect to the avoidance of costly and time-consuming mistakes. b. Efficiency. Due to the experience of professional consultants, time savings may be realized in terms of avoidance of unproductive time spent on training, trial-and-error, etc. c. Less strain on employees. The company’s human resources may be relieved so they can engage in their normal activities with minimal disruption to the normal routine. The most significant disadvantages of hiring a consulting firm include: a. Cost. Consultants may be expensive, and can significantly increase the cost of the overall ERP implementation. b. Limited availability. Consultants are typically hired to perform a certain function or are retained for a limited period of time. The ongoing need for the implementation team to address issues may create problems for the company who used consultants that are no longer accessible. 38. (S.O.7) What are the primary benefits of an ERP system? What are the primary risks? The primary benefits of an ERP system are the following: a. The interactive nature of the modules that allows processes to interact with each other. For example, the ordering and receiving processes can automatically trigger payment processes. b. The real-time nature of processing that decreases the total processing time and allows more immediate feedback to management. c. The “best practices” nature of the processes in ERP systems. ERP systems have evolved from many years of software experience with various companies and the software reflects tried and true practices. d. The single database that enhances sharing of information between the business’ functional areas and between processes. e. The capability to analyze large amounts of data in a single database. Analytical tools are incorporated in ERP systems that allow detailed analysis of the data. f. The capability to enhance e-commerce and e-business. The ERP systems of today incorporate modules to fully incorporate e-commerce and e-business. g. The capability to interact in real-time with trading partners. ERP systems are built to interact with the IT systems of trading partners such as customers and suppliers. h. The capability of ERP systems to be scalable. Scalable means the system can grow with the business.

6


Chapter 6 Solutions

Enterprise Resource Planning (ERP) Systems

The primary risks of an ERP system are the following: a. The large size, scope, and complexity of ERP systems cause their implementation to be very costly, time consuming, and potentially disruptive to operations. (Implementation risk) b. The potential for failure of the system may cause business disruption across the entire enterprise. (Operation risk) 39. (S.O.7) What are Shang and Seddon’s five dimensions of ERP benefits? The five dimensions of ERP benefits are: a. Operational benefits, including reductions in time and costs, and improvements in productivity, quality, and customer service. b. Managerial benefits, including improvements in resource management, planning, decision-making, and performance. c. Strategic benefits, including support for various aspects of business growth. d. IT infrastructure benefits, including increased flexibility and infrastructure capability, as well as cost reductions. e. Organizational benefits, including the facilitation of organizational learning, change management, and employee morale. 40. (S.O.7) Name the AICPA Services Trust Principles’ five operations risks? Why are these risks greater for ERP systems than for other IT systems? The five areas of operations risks are as follows: a. Security. The system is protected against unauthorized (physical and logical) access. b. Availability. The system is available for operation and use as committed or agreed. c. Processing integrity. System processing is complete, accurate, timely, and authorized. d. Online privacy. Personal information obtained as a result of e-commerce is collected, used, disclosed, and retained as committed or agreed. e. Confidentiality. Information designated as confidential is protected as committed or agreed. These risks are greater for ERP systems than for other IT systems because of its size and complexity. Security becomes a greater risk because the

processes are integrated, and often automatically triggered in ERP systems. Therefore, any unauthorized user can affect more processes than would be true in an older, legacy system. For example, unauthorized access to a purchase module in an ERP system could allow an unauthorized user to trigger not only purchase activities, but the related payment within Accounts Payable. Availability risks are also magnified in ERP systems because of the integrated nature of processes. The failure of an ERP system has the potential to stop or disrupt all processes across the entire enterprise. Processing integrity risks are more significant in ERP systems due to the interconnected nature of an enterprise-wide system. Incorrect data generated in a given process can automatically trigger other processes 7


Chapter 6 Solutions

Enterprise Resource Planning (ERP) Systems

and post flawed data to other processes. Processes may be triggered at the wrong time and incorrect data can be spread over several processes and ERP modules. It is important to understand that such processing integrity problems are possible in any IT system. But they have the potential to be more damaging in an ERP system. Online privacy and confidentiality risks are also magnified in ERP systems. ERP systems often have sales and customer relationship management modules in an e-commerce mode. This means that sales and customer data is exchanged via the Web or EDI. In ERP systems these front-office systems of e-commerce and sales are automatically integrated into the back-office systems of an ERP system. The backoffice modules are the financials, supply chain management, and human resources modules. Therefore, in an ERP system, the e-commerce activity of customers often automatically integrates into the general ledger and related processes. This interconnectivity causes more potential areas for private or confidential information to be available. 41. (S.O.8) Explain how an ERP system can enhance internal controls? Specifically, how can it facilitate the separation of duties? Since the passage of the Sarbanes-Oxley Act of 2002, ERP systems have been improved to include enhancements to internal controls. These enhancements include functions that assist management in complying with sections of the Act by providing feedback information to management regarding internal controls. For processes tracked by the ERP software, a report can be generated that identifies which employees are authorized to initiate and conduct processes. Based on each employee’s ID and password, audit trails can be constructed and reported that indicate which employees initiated or conducted individual processes. This module within the ERP system can map processes to assist management in understanding whether duties are appropriately segregated within the process. Segregation of duties is an important part of internal control that can help prevent errors and fraud. ERP systems can be used to properly segregate duties. The ERP system can incorporate a matrix of tasks that are incompatible duties. For each employee ID and password, the system can check the employee’s access to various tasks to insure that no employee can initiate or conduct incompatible tasks. The ERP system electronically segregates duties by limiting the types of transactions each employee can perform. For example, a single employee should not have system access to initiate a purchase and record it as received. In an ERP system in which integrated modules often automatically trigger events, recording the receipt can automatically initiate a check for payment. Thus, it is important that a single employee not have authorization in the ERP system to initiate a purchase and also record the receipt. In addition to the preventative nature of attempting to restrict incompatible duties, an ERP system also allows real-time monitoring and reporting of exceptions. As

8


Chapter 6 Solutions

Enterprise Resource Planning (ERP) Systems

processes and transactions occur that may be exceptions to what was expected, they can be reported to management in real-time. Therefore, an ERP system can assist management in monitoring internal control, monitoring errors and problems, and monitoring exceptions to internal controls.

Problems 42. (S.O. 1) Describe the ERP’s modular interface that is necessary in a typical manufacturing environment. An ERP system is a multi-module software system that integrates all business processes and functions of the entire organization into a single software system, using a single database. Each of the software modules of an ERP system is intended to collect, process, and store data of a functional area of the organization and to integrate with related processes. For example, a module may be designed to process purchase transactions and record all data about purchase orders. This module must integrate with accounts payable and inventory since the vendor must be paid and inventory increased as the purchased goods arrive. Each module automates business activities of a functional area within an organization. Information is updated real-time in the ERP database, so that employees in all business units are using the same information, and all information is up-to-date. Since the data is stored in a single database, each functional area can easily share information with other areas of the organization. 43. (S.O. 2) Identify and describe the first generation of ERP systems used in the 1970s, and the second generation of ERP systems used in the 1980s. The first generation of ERP software was called Materials Requirements Planning (MRP) software. MRP software of the 1970s allowed plant managers to coordinate the planning of production and raw material requirements. MRP software determined order size and timing of raw materials based on sales forecasts and factoring in lead times for order and delivery of materials. The typical computer hardware of the 1970s that was used to enable an MRP system was mainframe computers, sequential file processing, and electronic data interchange (EDI). The EDI allowed up-to-date information about inventories and status of orders to be processed quickly. As mainframe computers improved in speed and power during the 1980’s, MRP software evolved into Manufacturing Resource Planning (MRP II) systems. MRP II was much more broad and encompassing than MRP software. MRP software was intended to provide for the purchase of raw materials to support manufacturing needs. The purpose of MRP II was to integrate manufacturing, engineering, marketing, and finance units to run on the same information system and to use a single database for these functions. As MRP and MRP II systems became more popular in large manufacturing companies, early pioneers of ERP systems were working on a broader concept of information system software. Five former IBM systems analysts began work on an early version of ERP software in 1972. These five formed a company that was to become Systems, Applications and Products in Data Processing (SAP). SAP

9


Chapter 6 Solutions

Enterprise Resource Planning (ERP) Systems

designed the first true ERP system that was called SAP. SAP was intended to integrate all business processes, not just manufacturing, and to make data available in real time. To the financial accounting system, they added modules for Materials Management, Purchasing, Inventory Management and Invoice Verification. SAP release 2, or SAP R/2 was released in 1978. The new version took full advantage of the current mainframe computer technology, allowing for interactivity between modules and additional capabilities like order tracking. 44. (S.O. 4) Compare and contrast the functionality of the Logistics module and Supply Chain Management activities. The logistics function manages all processes related to the purchase and movement of materials and finished goods. This module incorporates the purchase processes, as well as the processes and data resulting from the movement inventories. It is a subset of the functions included in the supply chain management activities. Supply chain management (SCM) activities encompass the planning and management of all sourcing, procurement, conversion, and logistics functions. SCM also includes coordination and collaboration with suppliers, intermediaries, third party service providers, and customers. 45. (S.O.7,8) Suppose a company is experiencing problems with omitted transactions in the conversion processes: i.e., inventory transactions are not always being recorded as they occur. How can an ERP system help to alleviate such a problem? An ERP system could help alleviate problems with omitted transactions through its internal control enhancements. For example, ERP systems allow real-time monitoring and reporting of exceptions. As processes and transactions occur that may be exceptions to what is expected (as in the case of omitted transactions), they can be reported to management immediately. In addition, the system can identify employees involved with the recording of specific transactions, which may help identify the source of a problem so that it may be corrected quickly. 46. (S.O.6) Using the Internet or other research tool, search for the terms “best of breed” + ERP. Locate information that addresses the debate/dilemma faced by many companies regarding the decision implementing best of breed technology versus new applications from an ERP vendor. Write a brief memo to discuss this issue. Answers to this questions may vary. Following is a sample response: An ERP system is an integrated system of modules intended to cover the entire range of company activities. But in some cases, there may be advantages to purchasing and using a module from another vendor if that vendor provides the best software module for that activity. Such a module is called the “best of breed”. The best of breed approach is probably most advantageous when the industry specific processes of a company do not match well with an ERP system that is based on the most common processes. An example of best of breed would be purchasing a separate Customer Relationship Management module instead of using a CRM module within the ERP system. ERP modules have CRM modules that allow you to pull up and manipulate customer data at will. The view of the customer may contain summarizations of activities conducted elsewhere in the system that relate to that customer. For example, if a customer

10


Chapter 6 Solutions

Enterprise Resource Planning (ERP) Systems

places an order with your company, a sales person that is looking at that customer in the hopes of penetrating the account more deeply can see that there is already an outstanding order. This may trigger him/her to offer an appropriate discount on another product or offer add-on product to the one just sold. The ERP approach is, in most cases, the most seamless solution. ERP companies like Peoplesoft either developed or acquired CRM modules and integrated them into the larger suite. The downside to this approach is that their CRM modules may not have all the functionality you need in areas like marketing and decision analysis. This approach may require you to spend money extending their baseline functionality to meet your specific business needs. This is true in general for any best of breed module such as fixed asset management, HR, order fulfillment, etc. The best of breed approach aims to integrate a feature-rich system that can integrate into the ERP system. The vendors of these applications often provide outof-the-box connectors to popular ERP systems to ease the difficulties of integration into the ERP system. The advantages of choosing a best of breed approach include: 1) deeper and more industry specific functions, 2) not being tied to a single vendor, 3) fewer changes to industry specific processes within the company. The disadvantages to best of breed include: 1) a greater total cost of purchasing and maintaining the system, 2) it creates a more complex IT environment because of the need to integrate a separate module into the ERP system. The advantages to using an existing ERP module (not best of breed) includes: 1) simpler IT environment, 2) smaller total cost to purchase and maintain, 3) quicker and simpler implementation, 4) better integration into the entire ERP system. The disadvantages to using the existing ERP module include: 1) a greater change in business processes to match with the ERP system, 2) potential gaps between company needs and software functionality 47. (S.O.6) Using the Internet or other research tool, search for the terms “big bang” + ERP. Identify at least one company that represents a success story with regard to this ERP implementation method (other than Marathon, as described in the Real World Example). Also identify at least one company that experienced problems with this approach (other than the city of Tacoma, as described in the Real World Example). Answers may vary for this question. Complete the search to arrive at the most up to date scenarios in your country. The big bang approach means that all users, modules and locations go live at the same time. Some companies have done this effectively. This approach minimizes the reconciliation of data that results from different locations or modules being brought on line at different intervals. To do this effectively requires strong project management and planning and an experienced consulting firm or other leader that has effectively brought companies live using the big bang approach.

11


Chapter 6 Solutions

Enterprise Resource Planning (ERP) Systems

The text provides an example of Tacoma Washington’s big bang approach that did not go well. 48. Using the Internet or other research tool, search for the terms “SAP” and “SME”. Describe why a small to medium-sized entity might choose SAP as its ERP system. Responses will vary. The following provides an example of a SAP’s outline for the benefits of its product for SMEs (Small to Medium sized entities). http://go.sap.com/solution/sme-business-software.html Run all aspects of your small business or midmarket company with SAP SME software – on-premise or in the cloud. Our scalable business management software supports ERP, HR, e-commerce, analytics, reporting, and more. As more than 250,000 SME customers have discovered, you’ll never outgrow SAP – no matter where your business takes you. a. Many SME’s anticipate, or at least hope for explosive growth in their business. Such growth will make their companies larger, more complicated, and more distributed. An ERP system can help them better track and maintain operations and ERP systems are scalable as the company grows. ERP systems allow them to better manage the growth. b. ERP software solutions are not as expensive as they used to be, particularly if a company uses SaaS (Software as a Service) in which they do not necessarily need to buy expensive hardware to run ERP software on site. c. ERP systems allow them to better track and serve customers. They improve customer response time and allow the company to provide timely and effective customer service. For example, order tracking and service scheduling are more streamlined. In many cases, an ERP system can enhance the systems so that customers can easily do order tracking or service scheduling as a self-service. It cuts cost for the company and better serves the customers. d. They are better able to keep track of strategic partnerships (such as vendors) e. ERP systems allow them to better “assess demand, react to changes more quickly, provide accurate and consistent data, and engage customers and employees”. f. Their study of 300 SME’s with ERP systems in the top 20% experienced: i. A shorter number of days to close the accounting records at the end of the month (2.69 days average). ii. A shorter time period of days sales outstanding (33.11 days), a measure of cash collection speed. iii. More on-time delivery of products or services (96% complete ontime delivery) iv. A 21% growth in operating margin

12


Chapter 6 Solutions

Enterprise Resource Planning (ERP) Systems

g. By using ERP systems, they: i. Lowered operating and administrative costs ii. Improved on-time delivery iii. Increased the speed of decision making iv. Increased customer satisfaction v. Gained better knowledge of day-to-day operations. 49. (SO 6) Using the Internet or other research tool, search for “ERP software in the cloud” and outline (a) PROs (b) CONS and (c) considerations of adopting cloud deployment for an ERP system. There can be a variety of Pros and Cons of ERP cloud adoption identified. Some of these include: PROs  Investment in hardware and software is reduced- Companies do not need to invest in or upgrade their servers, operating systems, databases, data centers, backup equipment, or programming environments.  IT staff to maintain and service the hardware and software is reduced.  Data and applications are stored remotely, so disaster recovery and ERP business continuity requirements are addressed.  Can access applications. Some applications (Salesforce.com (CRM) and Netsuite (ERP) are only available via the cloud.  Budgeting for future costs is simplified. The delivery model, software as a service (SaaS), is easier to budget, since the periodic payments are known in advance.  ERP cloud implementations can be accomplished quicker than on-premise because of the time saved in not having to procure and install the IT infrastructure.  Easier to scale up or down as business grows and contracts. Some articles will say that cloud deployment is less costly. Often this is not the case if you look at the total cost of ownership for the full period covered. CONs  Hardware and software are never paid for. Monthly fee until no longer using the system.  Tax advantages of purchasing the hardware and software are forfeited.  Less control of data, reliant on cloud firm for service.  Reliant on cloud firm for service.  Reliant on cloud firm for security. Considerations include how each of the pros and cons will impact a company specifically.

13


Chapter 6 Solutions

Enterprise Resource Planning (ERP) Systems

50. (SO 6) Using the Internet or other research tool, search for “Total Cost of Ownership and ERP Software” and describe cost to consider when calculating the total cost of ownership for an ERP system. Responses will vary. http://www.calszone.com/documents/whitepapers/aberdeen-erp-roi-tco.pdf http://www.socius1.com/understanding-the-tco-and-roi-of-4-top-erp-softwaresolutions/ What is 'Total Cost Of Ownership – TCO – The total cost a company incurs to put as asset into use and utilize the asset through its life. The following comments are provided from Socius with regard to TCO and ROI. http://www.socius1.com/understanding-the-tco-and-roi-of-4-top-erp-softwaresolutions/ Total cost of ownership (TCO) is the purchase price of an asset plus the costs of operation. When choosing among alternatives in a purchasing decision, buyers should look not just at an item's short-term price, which is its purchase price, but also at its long-term price, which is its total cost of ownership. The item with the lower total cost of ownership is the better value in the long run. 1. Cost to consider when implementing an ERP system: 2. Purchase price (hardware and software) or ongoing SaaS fee 3. Implementation and training cost 4. Annual maintenance 5. Professional fees (internal or external) to keep the asset in operation. Total Cost of Ownership (TCO) TCO is the calculation all of the costs of purchasing, implementing, supporting, and using a product over its lifetime. TCO is used to budget for projects and compare similar products or services. It should be noted, however that TCO does not weigh the benefits that the software brings to a company, so it should not be used as the only criteria to select a software application or prioritize projects. Nucleus Research compared the TCO for companies that implemented four highly competitive ERP solutions: Microsoft Dynamics GP, Oracle, SAP, and PeopleSoft. The study revealed that of the four software solutions, Microsoft Dynamics GP had the lowest TCO. The reason for the lower TCO is that Microsoft Dynamics GP takes less time to deploy and fewer resources to support than the other solutions. The results of the Nucleus study are provided below.

14


Chapter 6 Solutions

Enterprise Resource Planning (ERP) Systems

ERP Product

Average Deployment Effort (in man months)

Average training requirements (in Hours)

Onfoing Support (in FTEs)

Microsoft Dynamics GP Oracle SAP PeopleSoft

77 81 372 555

24 27 49 28

3 9 33.6 11.8

Return on Investment (ROI) is a related concept. ROI is a calculation that divides the average total savings, over 3 years, by the initial cost. (Three years is the accepted operational threshold for technological innovation and product usability). An ROI calculation will account for both direct benefits (explicitly quantifiable cost savings or revenue increases) as well as indirect benefits (returns that are not clearly observable, but whose effects can be measured through investigation). Nucleus Research studied the ROI gained by the same four ERP aoftward products: Microsoft Dynamics GP, Oracle, SAP, and PeopleSoft. They studied benefits in the following areas:     

Reduced staff / increased productivity Reduced IT or other direct costs Improved customer / partner relations Improved operations / visibility Reduced accounting / auditing costs or improved financial management / compliance

Per the Nucleus study: Microsoft Dynamics GP users were the only study participants to report gains in all five of these benefit areas. They were also the able to achieve a positive ROI faster than users of any of the four competing products: ERP Product

% of Customers Payback Period achieving ROI (in months) Microsoft Dynamics GP 71% 23 Oracle 65% 30 SAP 43% 46 PeopleSoft 82% 32

15


Chapter 6 Solutions

Enterprise Resource Planning (ERP) Systems

51. (SO 6) Using the Internet or other research tool, search for “compare ERP software” and describe PROS and CONS of two Midmarket/Tier II ERP systems. Responses will vary depending on the midmarket solutions selected. The following outline three of the most common midmarket products as described by Techtarget.com. http://searchmanufacturingerp.techtarget.com/tutorial/Buying-ERP-Top-10midmarket-ERP-systems NetSuite: NetSuite is an exclusively cloud-based ERP suite. As a SaaS system, NetSuite allows users to avoid many of the hassles of upgrading to newer versions, as the system is kept current by the vendor. Some of the applications it offers are financials, CRM, inventory management and e-commerce. NetSuite can support from 10 to an unlimited number of users. Industry-specific versions are available, including wholesale distribution, manufacturing and software. The One World version of NetSuite is designed for global, multicompany organizations with many assets to manage. The package runs from $10,000 to $100,000. Oracle E-Business Suite: The E-Business Suite is a good fit for midmarket manufacturers looking for an ERP system that will support a wide range of business applications without the need for much customization. It brings together enterprise performance management, business intelligence (BI) and performance management functions. It also covers applications such as supply chain management, CRM, asset management, product lifecycle management and procurement, and works for either discrete or process manufacturing environments. This package can be implemented on-premises or in the cloud or a hybrid of both. E-Business provides support for 25 to 1,000-plus users and costs between $12,000 and $350,000, depending on the implementation. Oracle also offers JD Edwards EnterpriseOne, which targets larger businesses and can be deployed on-premises or SaaS. This ERP suite covers 15 to 1,000 users and sells for $15,000 to $400,000. Microsoft Dynamics NAV, GP and AX: Microsoft's three variations of Dynamics can all handle the needs of manufacturers and distributors. NAV is designed for growing small and midsize companies that require fast and flexible ERP support for their changing business needs. On the plus side, it has a user interface that can be tailored to the specific roles of each user. On the minus side, it's the only Dynamics system that can't be hosted in the cloud. NAV can cover five to 750 users and goes for $8,000 to $250,000. GP is for slightly larger midmarket companies, with support for 25 to 500 users. It can be launched on-premises or in the cloud. GP supports processes such as reporting, forecasting, BI, consolidation and budgeting. Its price ranges from $10,000 to $100,000. Finally, Dynamics AX is for larger midmarket to enterprise-level companies. It covers processes such as financial management, CRM, supply chain management,

16


Chapter 6 Solutions

Enterprise Resource Planning (ERP) Systems

human resources, project management and analytics. AX can support five to 1,000 users and comes in both SaaS and on-premises packages. It costs between $20,000 and $750,000. 52. (SO 6) Using the Internet or other research tool, search for “SAP software” and describe the type of company where SAP would be a good choice for an ERP system. Source of SAP companies http://go.sap.com/about/customer-testimonials/featured-customer-stories.a-c.html

City of Boston City of Buenos Aires City of Cape Town Coca-Cola HBC AG Colorado Department of Transportation (CDOT) ConAgra Foods, Inc. Kraft Foods Group, Inc. National Football League (NFL) National Hockey League (NHL) The Hillshire Brands Company The Kellogg Company University of Amsterdam University of Kentucky Companies that are a good fit for SAP are larger companies with more complex processes, that require a more robust solution. SAP is more costly to purchase and implement. Larger companies have higher IT budgets and can justify the higher spend on an ERP system if this is required to support a more complex business model. 53. (SO 6) Using the Internet or other research tool, search for “Microsoft Dynamics GP software” and describe the type of company where Great Plains would be a good choice for an ERP system. Microsoft Dynamics GP is a good selection for small to midsize companies that require rich functionality. Microsoft Dynamics GP is feature rich, easy to use and to implement. The following examples outline why some companies adopted MS Dynamics GP over other software products. These examples are provided by CAL a Microsoft Dynamics GP implementer. http://www.calszone.com/microsoft-dynamics-gp/compare-gp/

17


Chapter 6 Solutions

Enterprise Resource Planning (ERP) Systems

Dynamics GP vs. Sage MAS 90/200 Microsoft Dynamics GP provides more advanced reporting, integration with Microsoft Office, a stronger foundation, advanced functionality, and a continually improving application. With Microsoft Dynamics GP, your business can benefit from:  Integration with Microsoft Office  Real-time, actionable business intelligence  Robust functionality that’s easy to use  Smooth interoperability with your existing applications  A high level of scalability and flexibility  Microsoft’s commitment to innovation and technology 6 Reasons Real Companies Made the Switch From Sage MAS 90/200 to Microsoft Dynamics GP This insightful report is based on experiences from users who have chosen to convert from MAS 90/200 to Microsoft Dynamics GP and the business partners that have assisted in those conversions. This report aims to compare “life with MAS 90/200” to “life with Dynamics GP” and consolidate the differences into specific categories to focus on the major benefits of making the change. Microsoft Dynamics GP vs Sage Competitive Analysis As a result of an analysis performed in August 2008 utilizing The Accounting Library, one of the most respected software selection tools serving the needs of middle market companies, Microsoft Dynamics GP was ranked higher in terms of functionality than  Sage MAS 90 ERP,  Sage MAS 200 ERP and  Sage MAS 500 ERP. Read more at: Microsoft Dynamics GP Verses Sage MAS 90/200 Accounting Software http://www.calszone.com/microsoft-dynamics-gp/compare-gp/gp-vs-sagemas90200/#ixzz4M0AgpVKn

Other links http://www.calszone.com/documents/erp-in-smb-outgrow-quickbooks.pdf http://www.softwareadvice.com/accounting/microsoft-dynamics-gp-profile/

18


Chapter 6 Solutions

Enterprise Resource Planning (ERP) Systems

Cases 52. ERP Implementation at Michner Industries. a. An ERP system could improve performance at Michner in many ways. Because an ERP uses a single, shared database, information sharing and integration of the various processes would occur. This would lead to more efficient processes. Also. Management could receive more real-time feedback about operations and this can lead to improved decision making. Also, analytical tools are available in ERP systems to help managers do more detailed analysis of operations. The time involved in entering data separately into the various systems will be saved and the time and cost of maintaining legacy systems can be reduced. With an ERP system, Michner would have the capability to automatically interact with IT systems of trading partners and to enhance e-business or e-commerce. All of these aspects improve the efficiency of business processes. Finally, ERP systems are scalable and can grow if Michner grows. b. A ‘big bang” approach implements all modules of the ERP system across the entire organization at the same time. Because of the scope and complexity of a big bang implementation, there are many risks that can cause a failure. ERP implementation usually requires business process reengineering. So at the same time the new software is implemented, there are many changes to processes. Thus, there is much complexity and employees are unfamiliar with new processes. This means mistakes or omissions within processes are likely. The chapter mentions problems with a big bang implementation in Tacoma, Washington. However, if the big bang approach is well-planned and implemented correctly, it offers the advantage of reducing the time and cost of implementation. A modular approach, in which modules are implemented one at a time, could take more time and money. There is less risk than a big bang approach because focusing on one module at a time reduces the scope and complexity of the implementation. A simple analogy might be to compare remodeling every room of a house at the same time (big bang), or doing one room at a time (modular). Using this analogy, it is easier to see that the whole house approach is more likely to cause problems, delays, and chaos. c. To choose the order of implementing modules, Michner should analyze and determine which modules more closely relate to their strategic objectives. Those modules most closely related to achieving strategic objectives should be implemented first. 53. Chacon University potential problems in ERP Implementation. There are several areas of potential problems. Those identified or implied are: d. Universities have a different environment than corporations. Corporations are managed top-down with the chief executives holding much influence 19


Chapter 6 Solutions

Enterprise Resource Planning (ERP) Systems

over everything. Universities are much more decentralized and subunits operate with more autonomy. e. The IT staff at universities are not usually experienced with ERP systems and tend to rush implementation and not test the systems. f. Too many “home-grown” legacy systems that may be difficult to convert into ERP systems. The article does mention that middleware can be used to integrate the legacy systems into an ERP system. g. University presidents or administrators may have too high expectations for ERP systems and try to implement too many modules. h. The ERP systems costs more to support than the legacy systems. i. It is difficult to get “buy-in” from everyone across campus for different processes that match the ERP system. This is difficult in universities because of the autonomy mentioned in (a) above. j. Universities have lean staffs and tight budgets which leads to lack of staff training and less testing of the system. k. In some cases the load on the system of all the returning students in the fall caused the web portal to crash. (for example at Massachusetts) l. ERP vendors, such as PeopleSoft did not have as much experience in University implementations and often were unable to provide answers. m. In the Montclair University lawsuit against Oracle, both sides claim the other party is to blame. The project was named the ”Bell Tower Initiative” and it was to take 25 months and cost $15.75 million. Montclair claimed that the Oracle IT staff were subcontractors who were unprepared to conduct the implementation and were constantly rotated on and then off the project. Oracle claimed the university did not have a competent IT staff who understood the technology. The Montclair staff could not properly assist Oracle’s staff.

http://www.informationweek.com/applications/oracle-montclair-stateuniversity-settle-bitter-contract-dispute/d/d-id/1109019?

20


Chapter 7 Solutions

Auditing Information Technology-Based Processes

Turner/Accounting Information Systems, 3e Solutions Manual Chapter 7

Concept Check 1. b 2. b 3. d 4. c 5. b 6. a 7. c 8. b 9. d 10. a 11. a 12. c 13. c 14. d 15. c 16. a 17. c 18. a 19. a 20. c 21. d

Discussion Questions 22. (SO 1) What are assurance services? What value do assurance services provide? Assurance services are accounting services that improve the quality of information. Many services performed by accountants are valued because they lend credibility to financial information. 23. (SO 2) Differentiate between a compliance audit and an operational audit. A compliance audit is a form of assurance service that involves accumulating and analyzing information to determine whether a company has complied with regulations and policies established by contractual agreements, governmental agencies, company management, or other high authority. Operational audits assess operating policies and procedures for efficiency and effectiveness.


Chapter 7 Solutions

Auditing Information Technology-Based Processes

24. (SO 2) Which type of audit is most likely to be performed by government auditors? Which type of audit is most likely to be performed by internal auditors? Governmental auditors are most likely to perform compliance audits, and internal auditors are most likely to perform operational audits. 25. (SO 2) Identify the three areas of an auditor’s work that are significantly impacted by the presence of IT accounting systems. The IT environment plays a key role in how auditors conduct their work in the following areas:  consideration of risk  determination of audit procedures to be used to obtain knowledge of the accounting and internal control systems  design and performance of audit tests. 26. (SO 3) Describe the three causes of information risk. Information risk is caused by:  Remote information; for instance, when the source of information is removed from the decision maker, it stands a greater chance of being misstated.  Large volumes of information or complex information.  Variations in viewpoints or incentives of the preparer. 27. (SO 3) Explain how an audit trail might get “lost” within a computerized system. Loss of an audit trail occurs when there is a lack of physical evidence to view in support of a transaction. This may occur when the details of accounting transactions are entered directly into the computer system, with no supporting paper documents. If there is a system failure, database destruction, unauthorized access, or environmental damage, the information processed under such a system may be lost or altered. 28. (SO 3) Explain how the presence of IT processes can improve the quality of information that management uses for decision making. IT processes tend to provide information in a timely and efficient manner. This enhances management’s ability to make effective decisions, which is the essence of quality of information. 29. (SO 4) Distinguish among the focuses of the GAAS standards of fieldwork and standards of reporting. The standards of fieldwork provide general guidelines for performing the audit. They address the importance of planning and supervision, understanding internal controls, and evidence accumulation. The standards of reporting address the auditor’s requirements for communicating the audit results in writing, including the reference to GAAP, consistency, adequate disclosures, and the expression of an overall opinion on the fairness of financial statements. 30. (SO 4) Which professional standard-setting organization provides guidance on the conduct of an IT audit? The Information Systems Audit and Control Association (ISACA) is responsible for issuing Information Systems Auditing Standards (ISASs), which provide guidelines for conducting an IT audit. 31. (SO 5) If management is responsible for its own financial statements, why are auditors important? Auditors are important because they are responsible for analyzing financial statements to decide whether they are fairly stated and presented in accordance with GAAP. Since the financial statements are prepared by managers of the company, the role of auditors is to reduce information risk associated with those financial statements. To accomplish this, auditors design tests to analyze information supporting the financial statements in order to determine whether management’s assertions are valid.


Chapter 7 Solutions

Auditing Information Technology-Based Processes

32. (SO 6) List the techniques used for gathering evidence. The techniques used for gathering evidence include the following:  physically examining or inspecting assets or supporting documentation  obtaining written confirmation from an independent source  rechecking or recalculating information  observing activities  making inquiries of company personnel  analyzing financial relationships and making comparisons to determine reasonableness 33. (SO 6) During which phase of an audit would an auditor consider risk assessment and materiality? Risk assessment and materiality are considered during the planning phase of an audit. 34. (SO 7) Distinguish between auditing through the computer and auditing with the computer. When are auditors required to audit through the computer as opposed to auditing around the computer? Auditing through the computer involves directly testing internal controls within the IT system, which requires the auditors to understand the computer system logic. Auditing through the computer is necessary when the auditor wants to test computer controls as a basis for evaluating risk and reducing the amount of audit testing required, and when supporting documents are available only in electronic form. Auditing with the computer involves auditors using their own systems, software, and computer-assisted audit techniques to help conduct an audit. 35. (SO 8) Explain why it is customary to complete the testing of general controls before testing application controls. Since general controls are the automated controls that affect all computer applications, the reliability of general controls must be established before application controls are tested. The effectiveness of general controls is considered the foundation for the IT control environment. If there are problems with the effectiveness of general controls, auditors will not devote attention to the testing of application controls; rather, they will reevaluate the audit approach with reduced reliance on controls. 36. (SO 8) Identify four important aspects of administrative control in an IT environment. Four important aspects of administrative control include:  personal accountability and segregation of incompatible responsibilities  job descriptions and clear lines of authority  computer security and virus protection  IT systems documentation 37. (SO 8) Explain why Benford’s Law is useful to auditors in the detection of fraud. Benford’s Law recognizes non-uniform patterns in the frequency of numbers occurring in a list, so it is useful to auditors in the identification of fabricated data within account balances such as sales, accounts receivable, accounts payable, cash disbursements, income taxes, etc. If fraudulent data are presented, they would not likely follow the natural distribution that Benford’s Law sets forth. 38. (SO 8) Think about a place you have worked where computers were present. What are some physical and environmental controls that you have observed in the workplace? Provide at least two examples of each from your personal experience. Student’s responses are likely to vary greatly. Examples of physical controls may


Chapter 7 Solutions

Auditing Information Technology-Based Processes

include card keys and configuration tables, as well as other physical security features such as locked doors, etc. Environmental controls may include temperature and humidity controls, fire, flood, earthquake controls, or measures to ensure a consistent power supply. 39. (SO 8) Batch totals and hash totals are common input controls. Considering the fact that hash totals can be used with batch processing, differentiate between these two types of controls. Both batch totals and hash totals are mathematical sums of data that can be used to determine whether there may be missing data. However, batch totals are meaningful because they provide summations of dollar amounts or item counts for a journal entry used in the financial accounting system, whereas hash totals are not relevant to the financial accounting system (i.e., the hash totals are used only for their control purpose and have no other numerical significance). 40. (SO 8) The test data method and an integrated test facility are similar in that they are both tests of applications controls and they both rely on the use of test data. Explain the difference between these two audit techniques. The test data method tests the processing accuracy of software applications by using the company’s own computer system to process fictitious information developed by the auditors. The results of the test must be compared with predicted results. An integrated test facility also tests processing applications, but can accomplish this without disrupting the company’s operations. An integrated test facility inputs fictitious data along with the company’s actual data, and tests it using the client’s own computer system. The testing occurs simultaneously with the company’s actual transaction processing. 41. (SO 9) Explain the necessity for performing substantive testing even for audit clients with strong internal controls and sophisticated IT systems. Since substantive testing determines whether financial information is accurate, it is necessary for all financial statement audits. Control testing establishes whether the system promotes accuracy, while substantive testing verifies the monetary amounts of transactions and account balances. Even if controls are found to be effective, there still needs to be some testing to make sure that the amounts of transactions and account balances have actually been recorded fairly. 42. (SO 9) What kinds of audit tools are used to perform routine tests on electronic data files taken from databases? List the types of tests that can be performed with these tools. CPA firms use generalized audit software (GAS) or data analysis software (DAS) to perform audit tests on electronic data files taken from commonly used database systems. These tools help auditors perform routine testing in an efficient manner. The types of tests that can be performed using GAS or DAS include:  mathematical and statistical calculations  data queries  identification of missing items in a sequence  stratification and comparison of data items  selection of items of interest from the data files  summarization of testing results into a useful format for decision making 43. (SO 10) Which of the four types of audit reports is the most favorable for an audit client? Which is the least favorable? An unqualified audit report is the most favorable because it expresses reasonable assurance that the underlying financial statements are fairly stated in all material respects. On the other hand, an adverse


Chapter 7 Solutions

Auditing Information Technology-Based Processes

opinion is the least favorable report because it indicates the presence of material misstatements in the underlying financial statements. 44. (SO 10) Why is it so important to obtain a letter of representations from an audit client? The letter of representations is so important because it is management’s acknowledgement of its primary responsibility for the fair presentation of the financial statements. In this letter, management must declare that it has provided complete and accurate information to its auditors during all phases of the audit. This serves as a significant piece of audit evidence. 45. (SO 11) How can auditors evaluate internal controls when their clients use IT outsourcing? When a company uses IT outsourcing, auditors must still evaluate internal controls. This may be accomplished by relying upon a third-party report from the independent auditor of the outsourcing center, or it can audit around the computer, or it can test controls at the outsourcing center. 46. (SO 12) An auditor’s characteristic of professional skepticism is most closely associated with which ethical principle of the AICPA Code of Professional Conduct? Professional skepticism is most closely associated with the principle of Objectivity and Independence. Professional skepticism means that auditors should have a questioning mind and a persistent approach for evaluating financial information for the possibility of misstatements. This is closely related to the notion of objectivity and independence in its requirements for being free of conflicts of interest.

Brief Exercises 47. (SO 2) Why is it necessary for a CPA to be prohibited from having financial or personal connections with a client? Provide an example of how a financial connection to a company would impair an auditor’s objectivity. Provide an example of how a personal relationship might impair an auditor’s objectivity. An auditor should not have any financial or personal connections with a client company because they could impair his/her objectivity. It would be difficult for an auditor to be free of bias if he/she were to have a financial or personal relationship with the company or one of its associates. For example, if an auditor owned stock in a client company, the auditor would stand to benefit financially if the company’s financial statements included and unqualified audit report, as this favorable opinion could lead to favorable results for the company such as paying a dividend, obtaining financing, etc. Additionally, if an auditor had a family member or other close personal relationship with someone who works for the company, the auditor’s independence may be impaired due to the knowledge that the family member or other person may be financially dependent upon the company or may have played a significant role in the preparation of the financial statements. 48. (SO 3) From an internal control perspective, discuss the advantages and disadvantages of using IT-based accounting systems. The advantages of using ITbased accounting systems are the improvements in internal control due to the reduction of human error and increase in speed. The disadvantages include the loss of audit trail visibility, increased likelihood of lost or altered data, lack of segregation of duties, and fewer opportunities for authorization and review of transactions.


Chapter 7 Solutions

Auditing Information Technology-Based Processes

49. (SO 4) Explain why standards of fieldwork for GAAS are not particularly helpful to an auditor who is trying to determine the types of testing to be used on an audit engagement. GAAS provides a general framework that is not specific enough to provide specific guidance in the actual performance of an audit. For detailed guidance, auditors rely upon standards issued by the PCAOB, the ASB, the IAPC, and ISACA. 50. (SO 5) Kim and Kresiki are assigned to perform the audit of Yin &Yang’s Yoga Company. During the audit, it was discovered that the amount of sales reported on Yin &Yang’s income statement was understated because one week’s sales transactions were not recorded due to a computer glitch. Kim claims that this problem represents a violation of the management assertion regarding existence, because the reported account balance was not real. Kresiki argues that the completeness assertion was violated, because relevant data was omitted from the records. Which auditor is correct? Explain your answer. The completeness assertion is concerned with possible omissions from the accounting records and the related understatements of financial information; in other words, it asserts that all valid transactions have been recorded. Accordingly, Kresiki’s argument is correct. Kim’s argument is not correct because the existence assertion is concerned with the possibility of fictitious transactions and the related overstatements of financial information. 51. (SO 6) One of the most important tasks of the planning phase is for the auditor to gain an understanding of internal controls. How does this differ from the tasks performed during the tests of controls phase? During the planning phase of an audit, auditors must gain an understanding of internal controls in order to determine whether the controls can be relied upon as a basis for reducing the extent of substantive testing to be performed. Understanding of internal controls is the basis for the fundamental decision regarding the strategy of the audit. It also impacts the auditor’s risk assessment and establishment of materiality. During the tests of controls phase, the auditor goes beyond the understanding of the internal controls and actually evaluates the effectiveness of those controls. 52. (SO 8) How is it possible that a review of computer logs can be used to test for both internal access controls and external access controls? Other than reviewing the computer logs, identify and describe two types of audit procedures performed to test internal access controls, and two types of audit procedures performed to test external access controls. Internal access controls can be evaluated by reviewing computer logs for the existence of login failures or unusual activity, and to gauge access times for reasonableness in light of the types of tasks performed. Internal access controls can also be tested by reviewing the company’s policies regarding segregation of IT duties and other IT controls, and can test those controls to determine whether access is being limited in accordance with the company’s policies. In addition, auditors may perform authenticity testing to evaluate the authority tables and determine whether only authorized employees are provided access to IT systems. Computer logs can also be reviewed to evaluate external access controls, as the logs may identify unauthorized users and failed access attempts. External access controls may also be tested through authenticity tests, penetrations tests, and


Chapter 7 Solutions

Auditing Information Technology-Based Processes

vulnerability assessments. Authenticity tests, as described above, determine whether access has been limited to those included in the company’s authority tables. Penetration tests involve the auditor trying to gain unauthorized access to the client’s system, by attempting to penetrate its firewall. Vulnerability assessments are tests aimed at identifying weak points in the company’s IT systems where unauthorized access may occur, such as through a firewall or due to problems in the encryption techniques. 53.(SO 9) Explain why continuous auditing is growing in popularity. Identify and describe a computer-assisted audit technique useful for continuous auditing. Continuous auditing has increased in popularity due to the increase in e-commerce. Real-time financial reporting has created the need for continuous auditing, whereby auditors continuously analyze evidence and provide assurance on the related financial information as soon as it occurs or shortly thereafter. The embedded audit module is a computer-assisted audit technique that accomplishes continuous auditing. The embedded audit module approach involves placing special audit testing programs within a company’s operating system. These test modules search the data and analyze transactions or account balances that meet specified conditions of interest to the auditor. 54. (SO 11) Distinguish between the various service organization controls (SOC) reporting options available to auditors who evaluate cloud computing service providers. The SOC 1 report addresses internal controls over financial reporting. A SOC 1Type I report contains management’s assessment and the auditor’s opinion on the operating design of internal controls over financial reporting. A SOC 1 Type II report is an extension of the Type I report in that it also evaluates the operating effectiveness of those internal controls. A SOC 2 report considers controls over compliance and operations, including the Trust Services Principles. Similar to SOC 1 reports, SOC 2 reporting options also allow for a Type I or Type II conclusion depending upon whether the auditor consider suitability of design or operating effectiveness of those controls, respectively. Finally, a SOC 3 report is an unaudited report that is available to the general public containing a CPA firm’s conclusion on the elements of the Trust Services Principles.

Problems 55. (SO 4) Given is a list of standard-setting bodies and a description of their purpose. Match each standard-setting body with its purpose. I. c. The PCAOB was created by the Sarbanes-Oxley Act of 2002 to establish guidelines for public companies and their auditors. II. a. The ASB was established by the AICPA to issue SASs. III. d. The IAASB issues ISAs to promote uniformity of worldwide auditing practices. IV. b. ISACA issues ISASs to provide guidelines to IT audits. 56. (SO 8) Identify whether audit tests are used to evaluate internal access controls (I), external access controls (E), or both (B).


Chapter 7 Solutions     

Auditing Information Technology-Based Processes

Authenticity tests (B) Penetration tests (E) Vulnerability assessments (E) Review of access logs (B) Review of policies concerning the issuance of passwords and security tokens (I)

57. (SO 9) Refer to the notes payable audit program excerpt presented in Exhibit 7-3. If an auditor had a copy of his client’s data file for its notes receivable, how could a general audit software or data analysis software package be used to assist with these audit tests? GAS and DAS could assist auditors in testing notes payable by performing mathematical calculations of interest amounts, stratification of amounts into current and long-term categories according to maturity dates, and performing ratio calculations as may be needed to assess compliance with restrictions. 58. (SO 11) In order to preserve auditor independence, the Sarbanes-Oxley Act of 2002 restricts the types of nonaudit services that auditors can perform for their publiccompany audit clients. The list includes nine types of services that are prohibited because they are deemed to impair an auditor’s independence. Included in the list are the following:  financial information systems design and implementation  internal audit outsourcing Describe how an auditor’s independence could be impaired if she performed IT design and implementation functions for her audit client. Likewise, how could an auditor’s involvement with internal audit outsourcing impair her independence with respect to auditing the same company? Both of these scenarios would place the auditor in a position of auditing his/her own work. Auditors could not maintain independence if they are involved in both the IT design and implementation as well as the financial statement audit. To the extent that the IT system impacts financial reporting, an auditor could not possibly be unbiased with respect to a system that he/she had designed and implemented. Likewise, auditors are not likely to be unbiased with respect to performing a financial statement audit for the same company as he/she performed internal audit work. Any evaluations performed during the internal audit engagement are likely to have a bearing on the auditor’s professional attitude while performing the financial statement audit. 59. (SO 2) Visit the AICPA website at www.aicpa.org and select the tab for Career Paths. Click on “This Way to CPA” to locate information on audit careers. The AICPA website presents information on the profession (including various career paths, including public accounting, business and industry, governmental accounting, not-for-profit accounting, and entrepreneurship), education, career tools, the CPA exam and licensure, and joining the AICPA. 60. (SO 4, 9) Visit the ISACA website at www.isaca.org and click on the Knowledge Center tab, then select ITAF (Information Technology Assurance Framework) and click on the IT Audit Basics tab to find articles covering topics concerning the audit process. Locate an article on each of the following topics and answer the related


Chapter 7 Solutions

Auditing Information Technology-Based Processes

question: The website has been updated since the printing of this edition of the text. The ITAF section is now located within the area IS Audit & Assurance, and then students can click on the link for IS Audit Basics Articles. The article supporting part a. of this problem is no longer appearing on the site. a. Identify and briefly describe the four categories of CAATs used to support IT auditing. The four categories include:  data analysis software, including GAS and DAS  Network security evaluation software/utilities  OS and DBMS security evaluation software/utilities  Software and code testing tools b. List three possible procedures to be performed by auditors who are evaluating controls pertaining to the backup and recovery of a client’s data. The three procedures include1:  Review or observe backup procedures  Review documentation of a successful restore within the period  Personally verify restoration when risk is high or when restoration is an audit objective. 61. (SO 8) Locate the stock tables for the two major stock exchanges in any issue of the Wall Street Journal. Beginning from any point within the table, prepare a list of the first digits of the daily volume for 100 stocks. Determine whether the listed numbers conform to Benford’s Law. Student responses will vary depending upon the timing of carrying out this requirement and the starting point used. However, students should determine whether the number 1 is represented as the first digit of the volume figures for approximately 33% of the items within the list. If so, then the data conforms to Benford’s Law. 62. (SO 12) Perform an Internet search to determine the nature of Xerox Corporation’s management fraud scheme and to find out what happened to the company after the problems were discovered. Xerox’s fraud involved earnings management or manipulation of the financial statements in order to boost earnings. This occurred at Xerox to the tune of hundreds of millions of dollars and involved various accounting tricks to hide the company’s true financial performance so that it would meet or beat Wall Street expectations. The most significant trick was the premature recording of revenues. Upon discovery of the fraud, the SEC filed a $10 million civil suit against Xerox, the largest fine in SEC history. In addition, Xerox had to restate its earnings from 1997 through 2001.

Cases 63. Internal Controls and CAATs for a Wholesale client. a. What tests of controls would be effective in helping Sanders determine whether World’s vendor database was susceptible to fraud? The following tests of controls could be used: 1 “What Every IT Auditor Should Know About Backup and Recovery” by Tommie W. Singleton for ISACA

Journal, Vol, 6, 2011.


Chapter 7 Solutions

Auditing Information Technology-Based Processes

Verify that the database is physically secure and that programs and data files are password protected to prevent unauthorized access. Since this situation involves an internal breach of authority, access logs should be reviewed for activity at unusual times (non-business hours).  Make sure that system programmers do not have access to database operations so that there is no opportunity to alter source code and the related operational data.  Ascertain that database inputs are being compared with systemgenerated outputs.  Determine whether run-to-run totals are being generated and reviewed to evaluate the possibility of lost or altered data.  Ascertain that computer-generated reports are regularly reviewed by management.  Determine whether the client’s field checks, validity checks, and reasonableness checks are all working effectively. b. What computer-assisted audit technique would be effective in helping Sanders determine whether World’s vendor database had actually been falsified? Sanders could use GAS or DAS to perform audit testing on electronic data files taken from Lea’s database system. Several types of audit tests commonly performed by GAS or DAS systems could be used in this case, including data queries, stratification and comparison of data items, and selection of items of interest. In addition, the following tests can be performed to test the propriety of inputs to the system:  Financial control totals can be used to determine whether total dollar amounts or item counts are consistent with journal entry amounts. This can detect whether additions have been made during processing.  Validation checks can be performed to scan entries for bogus information. Depending on the type of IT system, a validity check of the vendor number field may prevent the entry of fictitious vendors.  Field checks can be performed to identify unrecognized data. If the bogus transactions are being entered during processing, the auditor may use program tracing to evaluate program logic for possible points of entering fraudulent information. Run-to-run totals may also be used to determine whether data have been altered during processing. In addition, output controls such as reasonableness tests could be performed to review the output against authorized inputs, and/or audit trail tests could be performed to trace transactions through the system to determine if changes occurred along the way. 64. Issues with the client representation letter. a. Would it be appropriate for McGuire to reopen the audit testing phases in order to expand procedures, in light of the lack of representative evidence from management? Why or why not? No, McGuire should not expand testing procedures. The purpose of the client’s representations letter is for management to acknowledge its primary responsibility for the fair


Chapter 7 Solutions

Auditing Information Technology-Based Processes

presentation of the financial statements and the accuracy of evidence provided to the auditors. It is considered the most significant piece of audit evidence. Obtaining additional evidence would not compensate for a failure to secure a letter of representations; in fact, it is likely that additional testing would be meaningless unless management represents that the evidence it supplies is accurate. b. Will McGuire’s firm still be able to issue an unqualified audit report if it does not receive the representations letter? Research the standard wording to be included in an unqualified audit report, as well as the typical wording included in a client representations letter. Base your answer on your findings. No, an unqualified report is no longer possible due to the failure to obtain written representations from management. This constitutes a limitation in the scope of the audit. McGuire’s firm may either withdraw from the engagement or issue a disclaimer. The standard wording for a client representations letter can be found in AU-C section 580. The standard wording for an unqualified audit report can be found in AU-C section 700.


Chapter 8 Solutions

Revenue and Cash Collection Processes

Turner/Accounting Information Systems, 3e Solutions Manual Chapter 8 Concept Check 1. a 2. c 3. a 4. c 5. d 6. a 7. c 8. d 9. c 10. a 11. d 12. b 13. a 14. d 15. c 16. d

Discussion Questions 17. (SO 2) Why is it important to establish and monitor credit limits for customers? Allow customers to order an excess over what they are able to pay poses a large risk for companies. It is important to review a customer’s credit worthiness and based on that credit worthiness, establish a credit limit. Once the limit is established, the company should have processes or methods to ensure the credit limit is not exceeded. Without a limit, or monitoring that limit, the company has the risk of not being paid for goods or services purchased by customers. 18. (SO 2) Distinguish between a pick list and a packing slip. Although the information on these two documents is essentially the same, they are used for two different purposes. Both documents contain the items and quantities for a particular customer order. However, the pick list is used in the warehouse to pull items from the warehouse shelves, while the packing slip is included in the box or boxes shipped to the customer. The packing slip tells the customer which items should be in the shipment. 19. (SO 2) How can an effective system of internal controls lead to increased sales revenue? When an effective systems of internal controls is in place, managers may be able to spend less time overseeing operations and can therefore, spend more Page 8-1


Chapter 8 Solutions

Revenue and Cash Collection Processes

time on revenue growth strategies and activities. For example, with a proper set of general authorization procedures for sales, a manager would not need to approve each sale individually. This gives the manager more time to focus on activities that could lead to increased revenue. 20. (SO 2) Why should the person responsible for shipping goods to customers not also have responsibility for maintaining records of customer accounts? Custody of assets and responsibility for record keeping should always be segregated. In this case, the person shipping the goods has custody and could therefore, steal assets. Access to customer records would allow that person to also alter records to hide the theft. The alteration to the records could include deleting the sale or writing off the sale as a bad debt. 21. (SO 3) What is the purpose of a credit memorandum? The credit memorandum documents the fact hat a customer has returned goods. The credit memorandum is also used to reduce the customer’s receivable account balance based upon the return of goods. 22. (SO 3) How are sales invoices used (in a manual system) in the preparation of credit memos? The sales invoice is matched to the receiving report that results from returned goods. This match is necessary to verify the fact that the merchandise was in fact sold to the customer, and to verify the selling price that should be refunded. 23. (SO 2) How can a security guard in a warehouse be considered an important component of a company’s accounting system? Internal controls over asses should include physical controls to prevent theft or misuse. For example, cash should be locked in a safe to prevent the theft of cash. Likewise, a security guard can help prevent theft or misuse of assets. This internal control would not prevent all theft, but would help reduce any theft. 24. (SO 3) How could fraud be perpetrated through the sales returns process? In the absence of good internal controls, there are several types of fraud that could occur in sales returns. These include: 1) customers returning goods not originally purchased from the company, 2) customers requesting a refund higher than the original sales amount, 3) requesting refunds for goods that were never returned, but submitting false documentation of a return, and 4) theft of returned goods by an employee. 25. (SO 6,7,8) Identify and distinguish between the three types of IT systems used in the sales process. The three types of IT systems described are EDI, Internet EDI, and point of sale systems. EDI and Internet EDI are used in company to company sales of goods and services. In EDI systems, the buyer and seller computer systems are connected and order data is exchanged electronically. EDI typically uses a value added network (VAN), while Internet EDI uses the internet to exchange data. Internet EDI is usually much more cost effective than EDI because the exchange via the Internet can be cost free. A POS system is used in end consumer sales such as retail stores and restaurants. A POS system usually is a touch screen, or bar code system at the cash register that records the sale and updates the appropriate cash, sales, and inventory accounts. All three systems are IT enablement of the sales process and they each improve the efficiency and effectiveness of sales processes. 26. (SO 6) Distinguish between B2B sales and B2C sales. Other than those presented in this chapter, name a company from your personal experience that uses B2C

Page 8-2


Chapter 8 Solutions

Revenue and Cash Collection Processes

sales. B2B sales are IT enabled sales between two businesses. B2C sales are IT enabled sales between a business and an end consumer. A student could mention any online retailer, online bank, online broker, airline, or travel agent as examples of B2C. 27. (SO 6) List the advantages of e-commerce systems. The advantages are reduced costs, shorter sales cycles, increased accuracy and reliability of sales data, and an increase in the potential market. 28. (SO 6) Identify two of the biggest risks to companies who use e-commerce, along with controls to prevent these risks. Two of the business risks of e-commerce would be availability and security. If a company relies on online sales extensively, any failure in the hardware or software may make the online sales system unavailable and this causes lost sales. These lost sales can at times be very large losses. Unauthorized access or hackers represent a big risk to e-commerce. Placing sales online opens the company to unauthorized access and hacking, and therefore potential loss or destruction of data. 29. (SO 6,7) What controls should a company implement to ensure consistency of sales information between the front end and back end of its systems? Reconciliations and verifications are important in the integration of front end and back end systems. As data moves from a front end system, such as an online sales system, to a back end system, such as warehouse systems, a reconciliation or verification can ensure the data was transmitted between systems accurately. 30. (SO 6) Why is a redundant server system needed in an e-commerce environment? Availability is extremely important in e-commerce systems. Any failure of the system represents lost sales because the system is not available for customer use. A large e-commerce company could lose thousands of dollars in sales from a two or three hour downtime. 31. (SO 6) Why should a company continuously monitor the capacity of its e-commerce system? 32. (SO 7) What are the three components of an EDI system? The three component parts are: 1) intercompany transfer, indicating the sale/purchase is between two companies; 2) computer to computer, indicating the computer system of the two companies are connected; and 3) a standard format for business documents to facilitate the intercompany transference of electronic documents. 33. (SO 7) What are the three standard parts of an EDI data transmission? Header and trailer data, labeling interchanges, and data segments. Header data is data about the file or transmission being sent. The header identifies the beginning and end of a particular transaction data set. Trailer data is also data about the file or transmission and identifies the end of a particular transaction data set. Labeling interchanges identify the type of transactions in the set, such as a set of sales invoices. Data segments include the actual data within the invoices, such as quantities and prices. 34. (SO 7) How could it be possible for two companies to conduct EDI if they are not directly connected with each other? Two companies could use a value added network (VAN) as a third party to serve as the provider of electronic inboxes for EDI exchanges. 35. (SO 7) List the advantages of an EDI system. The advantages are elimination of keying, keying errors, and the time needed for keying, the elimination of mailing time

Page 8-3


Chapter 8 Solutions

Revenue and Cash Collection Processes

and postage costs, reduction of inventory levels, and competitive advantage and/or preservation of existing business. 36. (SO 6,7,8) What is the purpose of maintaining transaction logs? Why are they especially important in IT systems? Transaction logs serve as the audit trail of transactions processed by the computer. Review of these logs can ensure that transactions are lost or unaccounted for. The logs also help ensure a company can avoid repudiation of sales. 37. (SO 8) List some advantages of a POS system. Advantages are: ease of use by employees, the elimination of manually entered data, real-time access to prices and inventory levels, real-time credit card authorization, real-time update of affected accounting records, immediate summaries and reports of sales and cash, and integration with the general ledger accounts. 38. (SO 8) Why are backup systems one of the most important controls for POS systems? A system failure in a POS system would interrupt or halt sales. Such lost sales can be a large dollar amount and there could be future lost sales if customers become irritated by the system failures. To avoid these failures and the resulting lost sales, a company should maintain some type of backup system. 39. (SO 9) Describe a popular fraud scheme where company employees misuse the sales revenues cutoff. This is called leaving sales open. It counts sales from the first few days of the next month in the current month, and thereby inflates sales.

Brief Exercises 40. (SO 2,4) Describe what is likely to occur if company personnel erroneously recorded a sales transaction for the wrong customer? What if a cash receipt was applied to the wrong customer? Identify internal controls that would detect or prevent this from occurring. If the sale is attached to the wrong customer, the wrong customer would be billed and it may cause both the wrong customer and the correct customer to have a negative opinion about the company. In addition, if the company does not maintain adequate documentation, it may be difficult to determine which customer should be billed. Therefore, the company may not be able to collect the cash they should have collected. If a cash receipt is applied to the wrong customer, then two customer balances will be erroneous. The company would continue to bill the customer who paid, while not billing the correct amount to the wrong customer. Without adequate documentation, it would be difficult to correct this situation. The internal controls that would help prevent these errors are maintaining adequate documentation, including source documents such as sales orders and remittance lists; the matching of key documents before recording; reconciliations and verifications of invoices to receivables; and supervision. 41. (SO 4) Debate the logic used in the following statement: “The person responsible for handling cash receipts should also prepare the bank reconciliation because he is most familiar with the deposits that have been made to the bank account.” It is true that if a person could be absolutely trusted to do both duties, it may be more efficient. However, having both duties provides opportunity and temptation for that

Page 8-4


Chapter 8 Solutions

Revenue and Cash Collection Processes

person to steal cash and cover up the theft. In addition, a single person doing both duties might make an error affecting both the receipts and reconciliation. Segregating these duties may slightly decrease the efficiency of bank reconciliations, but the positive benefits of fraud prevention or detection and error detection outweigh any efficiencies. 42. (SO 7) Revenue systems are crucial in the healthcare industry, where hundreds of billions of dollars are spent annually reconciling revenues and billing data from the perspectives of providers (doctors and clinics, etc.) and payers (insurance companies). Briefly describe how EDI would be beneficial in this industry. Describe the purpose of the header data and trailer data. In an EDI system, the computer systems of the biller and payer are connected and they would greatly speed up the billing and paying process, as well as decrease the errors in the process. Without EDI, there would be keying errors, delays related to keying data and mailing bills and payments. The header and trailer data identify the transaction data set so that the two computer systems can ensure the correct transaction data is matched. The header and trailer also identify the beginning and end of a transaction data set. 43. (SO 2,3,4) Use the process maps in this chapter to answer the following questions: a. What would a credit manager do if a sales order received caused a customer to exceed its credit limit? The sale should be disapproved (rejected). b. What happens after the shipping department verifies that the quantities and descriptions of goods prepared for shipment are consistent with the sales order? The goods are shipped, an invoice is prepared and mailed; the following records are updated: sales, general ledger; and a month end statement is prepared and mailed to the customer. c. What would an accounts receivable clerk do if a $100 credit memo is issued to a customer whose accounts receivable balance is $1,000? The clerk should first check to make sure of the balance. Then, that customer’s balance would be decreased to $900. d. When is it necessary for an accounts receivable clerk to notify a customer? An accounts receivable clerk would not need to notify customers. 44. (SO 2) Describe how the matching of key information on supporting documents can help a company determine that its revenue transactions have not been duplicated. For any sale, return or cash transaction, only one set of matching documents should exist. Once the documents are matched and recorded for a particular transaction, they should be filed as a completed transaction. Thus, that same transaction would not be recorded again since the source documents are filed. 45. (SO 2,3) Describe how the use of pre-numbered forms for receiving reports and credit memos can help a company determine that sales return transactions have not been omitted from the accounting records. When pre-numbered forms are used, it is much easier to ensure that the entire series of transactions have been accounted for. Conversely, a missing number in the sequence of pre-numbered documents is a clear indication that a transaction has been omitted. This may be easier to

Page 8-5


Chapter 8 Solutions

Revenue and Cash Collection Processes

understand if you think about what it would mean if your own personal check book record was missing a check numbered 154. 46. (SO 8) Describe how a POS system could be useful to a company’s marketing managers. How could it be useful to production managers? A POS system can provide immediate feedback about product sales and inventory levels. Therefore, a marketing manager can get immediate feedback about which products sell well, which do not, and how price changes may affect sales of individual products. A purchasing agent could use the real-time inventory level feedback to more appropriately plan when to purchase certain products. They may not have to purchase as frequently or in as large batches if they are better able to monitor inventory levels on a real-time basis. They might also get better information about seasonal or weather related fluctuations in sales of certain products and this would help them better plan purchases. 47. (SO 8) Briefly describe an example from your personal experience where you purchased something from a company that uses a POS system. How might your experience have been different if the POS system did not exist in the experience you described? There are many possible experiences students could describe. Each student would probably describe. Most often students see or use POS systems at fast food restaurants and retail stores. Many students will have been employees who have used POS systems and may have very good examples. In regards to the differences if the POS system did not exist, the check out experience would be slower, thereby leading to longer lines, and more errors in the process. Errors such as incorrect prices and incorrect orders.

Problems 48. (SO 6) In 1990, Luigi Romano opened a pizza restaurant that he named Romano’s in St. Louis, Missouri. Over the years, he opened both company and franchise locations and grew the business to include over 40 restaurants that serve the three states around the St. Louis area. In 2016, Romano introduced a centralized phone ordering system with one phone number for customers to use. This meant that the customer did not need to look up the phone number of a local restaurant and call that restaurant to order. Rather, customers call one number and the employees taking the order can determine the closest Romano’s location and process the order. This system also centralized the pricing, ordering, and inventory systems for Romano’s. In 2017, Romano’s began offering online pizza orders through its Web site. Romano’s advertises this Web ordering as more convenient for the customer. For example, its ads suggest that a customer can examine the entire menu on the Web site prior to ordering; something that is not possible with phone orders. While there are many customer advantages of Web ordering, there are also many advantages to the company. From an accounting and internal control perspective, describe the advantages of Romano’s system, and any risks that it reduces.

Page 8-6


Chapter 8 Solutions

Revenue and Cash Collection Processes

The Web ordering system provides the advantages of: cost savings through lower marketing, employee, and paperwork costs; shorter sales cycles due to reduced time to place an order, increased accuracy and reliability of the order data; and increased potential market for the company’s products. Accordingly, Romano’s Web ordering system reduces the risks of misplacing an order, filling an order incorrectly, losing a sale due to a long wait time, and recording erroneous data due to errors in manual paperwork processing. Although some of these advantages and risk reductions are also realized through the company’s centralized phone ordering system, that phone system still involves manual processes to input customer orders, so there remain some costs and risks associated with employees, accuracy, and wait times. 49. (SO 8) You are the recent heir of $40,000 cash, with which you are considering opening a sushi bar in the university community. You would accept cash and credit card payments, which would be handled primarily by your servers. You also plan to offer introductory specials to attract customers during the initial months of business. Identify some advantages and disadvantages of investing in a POS system as part of this new business venture. What internal controls should be implemented to reduce the risk of theft or error related to the handling of cash, credit card payments, and coupons? The advantages of investing in a POS system as part of a new business venture include the following:  Ease of use and ease of training servers. This is expected to lead to fewer errors and more accurate sales and inventory data.  Time savings related to the elimination of manual input processes. This includes increased efficiency and reduced fraud related to processing of credit card payments from customers.  Increased accuracy due to the real-time access to inventory and price data. For instance, if the sushi bar’s daily special is sold out, that information can be posted online immediately so that servers can quickly inform customers of the change.  Enhanced accounting features such as real-time update of cash, sales, and inventory records, immediate summaries and analyses, and the potential for integration with a general ledger system will save manual steps and provide timely information for management purposes. Despite these many advantages, a new business venture would need to be especially careful of the extensive hardware and software costs that are necessary to support a POS system. In addition, availability risks may be significant, as any hardware and software failures could make the system unavailable and interrupt efficient business processes. Therefore, it is important that a new business venture consider these risks, analyze the costs and benefits of the system, and implement backup systems should be in place to reduce the availability risk. In order to reduce the risk of theft or error related to the handling of cash, credit card

Page 8-7


Chapter 8 Solutions

Revenue and Cash Collection Processes

payments, and coupons, the sushi bar should be sure that its POS system includes all relevant payment information, including options to enter the use of coupons and method of payment. In addition, summaries can be provided immediately, so servers should be required to reconcile their transactions at the end of their shifts. 50. (SO 2,4,6) Caleb Westerfield is the owner of CW Sports, a consignment shop for used sporting goods. Caleb accepts consigned goods and offers them for sale to the general public. Caleb rents business space, including a retail store where the consigned goods are displayed and sold, with adjoining office space where an Internet site is maintained and other administrative functions are performed. The Internet site includes photos and descriptions of items available for sale worldwide. If the goods sell, Caleb’s consignment fee is 40% of the sale price, and 60% is remitted to the consignor. Shipping costs on electronic orders are paid by the customers. Identify internal control considerations for the following: a. The e-commerce portion of the business. Internal control considerations associated with e-commerce should address the risks of security and confidentiality, processing integrity, and availability. Regarding security and confidentiality, Caleb should ensure that customers accessing the website and conducting sales transactions are valid customers with valid payment authorization and that transactions are logged so that an audit trail is established to avoid repudiation. Regarding processing integrity, Caleb should be concerned with data input checks that verify the completeness, accuracy, and validity of the data entered on the website. In addition, he should implement back-end controls, such as reconciliations and verifications, to ensure the accuracy of information taken from this system to the company’s accounting systems. Finally, Caleb should implement controls to minimize service disruptions that could reduce sales. Accordingly, he should implement controls for redundant systems, disaster recovery, testing of software changes, and capacity planning and testing. b. The retail portion of the business, assuming that the accounting systems are mostly manual and handled by Caleb and his wife. The five internal control activities should be considered with respect to the retail business and manual accounting systems involving sales and cash collections. Even though segregation of duties will be difficult considering that only Caleb and his wife are operating the business, they can perform business processes in a manner to promote good control. For instance, they can check each other’s work in instances where they are performing incompatible duties involving combinations of custody and record keeping. They can ensure that prices are properly authorized by consignors and credit card payments are authorized at the time of the sale. Thorough documentation (such as detailed sales receipts) should be maintained and accounted for purposes of performing reconciliations and supporting the general ledger. Also, physical controls should be in place at the retail store in order to protect the company’s assets and records. 51. (SO 2,3,4) Identify an internal control procedure that would reduce each of the risks that follow in a manual system. Also describe how (or if) an IT system could

Page 8-8


Chapter 8 Solutions

Revenue and Cash Collection Processes

reduce these risks: Student responses may vary, as more that one control may apply to risk reduction in these circumstances. However, following are some likely answers: a. Revenues may be recorded before the related shipment occurs. Shipping documentation should be matched with sales order data and presented to the billing department as the basis for recording the sale and preparing the bill. The IT system can perform an automatic match whereby shipping data is required as a basis for recording the revenue. b. Employees responsible for shipping and accounts receivable may collude to steal goods and cover up the theft by recording fictitious sales.  To prevent this type of problem, sales orders should be reviewed for proper customer and authorized by an independent member of management prior to shipment. The IT system can include validity checks or other controls that require a valid customer in order for the transaction to be recorded. In addition, reconciliation procedures can compare manual documentation with system records to determine that valid transactions are recorded. If the collusion involves recording the fictitious sale in the account of a valid, existing customer, the process of sending sales invoices and customer statements, and the subsequent reconciliation procedures, would be important for uncovering this type of fraud. c. Credit memos may be issued at full price, when the goods were originally sold at a discount. Original sales documentation, including key information such as original sales price, must be required as a basis for preparing credit memos. An IT system could automatically match credit memo authorizations with the original sales data so that the credit would be issued at amounts that are consistent with the original sale pricing. d. Sales invoices may contain mathematical errors. Independent checks of sales invoices should occur before the customer is billed. This includes verification of mathematical accuracy. If an automated system is in place, the IT system can perform mathematical computations at a great time savings. e. Amounts collected on accounts receivable may be applied to the wrong customer. Customer account statements should be sent on a regular basis so that customer records can be reconciled to the company’s records. This is likely to detect a misapplication of a customer collection. An IT system could enhance the process by requiring cash receipts to be entered along with a customer account number as well as an invoice number to ensure that the receipt is applied properly. f. Duplicate credit memos may be issued for a single sales return. A comparison of the receiving log with the credit memo listing would indicate if duplicate credit memos have been issued for a single sales return. An IT system could also prevent this risk by requiring that credit memos be generated only upon entering key information from the original sale and blocking the issuance of another credit memo for an item for which credit had already been issued. g. Sales invoices may not be prepared for all shipments. Shipping records should be compared with the sales invoices records. This may be done

Page 8-9


Chapter 8 Solutions

Revenue and Cash Collection Processes

through the verification of the sequence of shipping documents to ensure that an invoice was prepared for each item shipped. An IT system may enhance this process by matching shipping document numbers with invoices, and preparing a warning report for any instances of unmatched shipping documents. h. Shipments may contain the wrong goods. Companies should require the matching of key information on related documents prior to shipment. This includes inventory quantities and descriptions on approved sales orders and packing lists. An IT system may make this process more efficient by performing the match automatically; it can verify whether product numbers and quantities on the sales orders match those on the shipping documentation. i. All sales transactions may not be included in the general ledger. A regular reconciliation should be performed to compare the sales journal with the amounts recorded in the general ledger. An IT system may perform a periodic automatic post of the sales journal to the general ledger, thereby eliminating the potential for missing sales transactions. 52.

(SO 2) When an order for inventory items is fulfilled, in Microsoft Dynamics GP the items are reviewed to see if there is available stock to fill the order for the line item. If there no available stock, the user may select one of the following options. Describe what each of these choices would accomplish on the line item (inventory item being ordered) where there are not sufficient quantities to ship all the items ordered. Describe why companies may select to use each of these options. a. Sell the balance – Assigns the quantity available in inventory to this order. This will result in processing the sales order for a quantity less than the customer originally ordered. The company may select if the customer agrees to change its order to the reduced quantity. b. Override the shortage – Ignores the shortage and results in a negative quantity available, but may be selected if the company expects to receive the inventory items very soon. This allows the company to proceed with processing the order for its full quantity. c. Back order all – Delays the order until the full quantity can be provided. Thus, no inventory movement is reported; rather, a backorder is created for the entire quantity. This may be selected when the customer prefers to receive all items at the same time. d. Back order balance – Processes a partial order and backorders the shortage. This may be selected when the customer agrees to a partial order with a delayed shipment of the remaining items. e. Cancel all – Cancels the entire order. This will be selected when the customer revokes the sales order as a result of the company’s insufficient inventory level. f. Cancel balance – Processes a partial order and cancels the shortage. This will be

Page 8-10


Chapter 8 Solutions

Revenue and Cash Collection Processes

selected when the customer agrees to a reduced quantity and cancels the portion of the shortage. g. Distribute – Substitutes inventory items or pulls items from another location to fill the order. This will be selected when the company has the items available at another site, or when the customer accepts an alternate product. 53. (SO 3,4,5) The following list presents various internal control strengths (S) or risks (R) that may be found in a company’s revenues and cash collection processes. S

Credit is authorized by the credit manager.

_N/A_ Checks paid in excess of $5,000 require the signatures of two authorized members of management. (Although this is viewed as an internal control strength, it is not applicable to the revenues processes.) R

A cash receipts journal is prepared by the Treasurer’s department. (This type of accounting record should be prepared by those with recordkeeping responsibilities rather than those in a position to perform reconciliations of the cash records.)

S

Collections received by check are received by the company receptionist, who has no additional recordkeeping responsibilities.

R

Collections received by check are immediately forwarded unopened to the accounting department. (This would place the accounting department in an incompatible role combining recordkeeping and custody of cash.)

S

A bank reconciliation is prepared on a monthly basis by the Treasurer’s department.

S

Security cameras are placed in the shipping dock.

S

Receiving reports are prepared on pre-printed, numbered forms.

R

The billing department verifies the amount of customer sales invoices by referring to the authorized price list. (This price authorization role should be performed before billing. An approved sales order, including verified prices, should be in place at the time the documents reach the billing department.)

S

Entries in the shipping log are reconciled with the sales journal on a monthly basis.

_N/A_ Payments to vendors are made promptly upon receipt of goods or services. (Vendor payments relate to the expenditures processes rather than the revenues processes.) Page 8-11


Chapter 8 Solutions

Revenue and Cash Collection Processes

R Cash collections are deposited in the bank account on a weekly basis. (If cash receipts occur daily, they should be deposited promptly – preferably on a daily basis.) S

Customer returns must be approved by a designated manager before a credit memo is prepared.

S

Account statements are sent to customers on a monthly basis.

R

Purchase returns are presented to the sales department for preparation of a receiving report. (Receiving reports should be prepared promptly upon receipt of returned items. This should be done in the receiving area, where the personnel have a custody function, rather than in the sales department, where the personnel initiate sales transactions.)

54. See the completed spreadsheet “Problem 8-54.xlsx” on the instructor website. That spreadsheet has two tabs. The first tab is a simple spreadsheet in which numbers for invoice and amount are typed into the appropriate column. This spreadsheet is probably similar to what most students would complete. If students have a higher level of spreadsheet skills, or if they are given some instructions and guidelines, they could produce a more complex spreadsheet with formulas to determine the appropriate column. The spreadsheet in the “Complex Spreadsheet” tab uses IF formulas and the AND function to place amounts in the correct aged column. 55. See the completed spreadsheet “Problem 8-55.xlsx” on the instructor website. There is no single correct answer to this problem. However, as a student attempts to design a spreadsheet, it will cause the student to ponder several important issues. For example, the student must consider how to handle data that appears once, such as sales order number, but would have to be repeated for each line item on the sales order. Also, some data would be in separate tables or files. Information such as bill to address, ship to address, item descriptions, and item prices are likely to be established and maintained in other tables or files. 56. (SO 2,4) Following are ten internal control failures related to the revenues and cash collection processes. d

A customer ordered 12 boxes of your product (total of 144 items) for express shipment. Your data entry clerk inadvertently entered 12 individual items.

q

You enter sales and accounts receivable data in batches at the end of each week. Several problems have resulted recently as a result of recording invoices to the wrong customer account.

f

In an effort to boost sales, you obtain some of the stock of unissued shipping reports and create a dozen fictitious shipments. You submit these documents to the billing department for invoicing.

Page 8-12


Chapter 8 Solutions

Revenue and Cash Collection Processes

g

Checks are received by the mailroom and then forwarded to the accounts receivable department for recording. The accounts receivable clerk holds the checks until the proper customer account has been identified and reconciled.

p

Several shipping reports have been misplaced en route to the billing department from the shipping department.

h

Several sales transactions were not invoiced within the same month as the related shipment.

c

A sales clerk entered a non-existent date in the computer system. The system rejected the data and the sales were not recorded.

a

Upon entering sales orders in your new computer system, a sales clerk mistakenly omitted customer numbers from the entries.

o

A computer programmer altered the electronic credit authorization function for a customer company owned by the programmer’s cousin.

n

Customer orders were lost in the mail en route from the sales office to the accounting department (located at the company’s headquarters).

Required: Select one internal control from the following list that would be most effective in the prevention of the failure. Indicate the letter of the control next to each failure above. Letters should not be used more than once and some letters may not be used at all. a. Pre-formatted data entry screens b. Pre-numbered documents c. Programmed edit checks d. 100% check for matching of customer orders and sales orders e. 100% check for matching of sales orders, pick list, and packing slips f. 100% check for matching of sales orders and invoices g. 100% check for matching of deposit slip and customer check. h. Prompt data entry immediately upon receipt of customer order i. Customer verification j. Independent authorization for shipments k. Independent authorization for billing l. Reasonableness check m. Hash totals n. Data back-up procedures o. Program change controls p. Sequence verification q. Periodic confirmation of customer account balances

Page 8-13


Chapter 8 Solutions

Revenue and Cash Collection Processes

57. (SO 2,3,4) Keller Company is a small company with four people working in the revenue processes. One of the four employees supervises the other three. Some tasks that must be accomplished within the revenue processes are the following: a. Accounts receivable record keeping b. Approving credit of customers c. Authorizing customer returns d. Authorizing new customers e. Billing customers f. Cash receipts journal posting g. Entering orders received h. Inventory record keeping i. Maintaining custody of cash j. Maintaining custody of inventory k. Reconciling records to the bank statement Required: For each of the four employees (supervisor, employee 1, employee 2, and employee 3), consider the duties you would assign to each employee. In assigning duties, no employee should have more than three tasks and there should be a proper separation of duties to achieve appropriate internal control. List the four people, the duties you assigned to each employee, and a description of why those assignments achieve proper separation of duties. Supervisor: Employee 1: Employee 2: Employee 3:

b., c., and d. (all Authorization functions) a., f., and h. (receivables, collections, and inventory Recordkeeping) e., g., and k. (sales and billing Recordkeeping and cash reconciliation) i. and j. (all Custody functions)

58. (SO 6) Refer to the Ethical Dilemma: Mail Order Case presented in Chapter 3. What term introduced in this chapter applies to the type of mail order deceit described in that case? What could the mail order company do to avoid a loss resulting from an event, assuming that it uses an e-commerce system? (This problem is referring to one of the cases (#56) presented within Chapter 3’s end of chapter material.) This type of mail order deceit is known as repudiation. The mail order company should have controls in place to make sure that each sale is to a valid customer with valid payment authorization and that an audit trail is maintained to avoid repudiation. Customer authentication through user ID and password should be used, as well as transaction logs and data trails. In this case, it may be most effective if the company uses digital signatures or digital certificates to authenticate and validate a customer. The signature verification would also be important upon delivery. Page 8-14


Chapter 8 Solutions

Revenue and Cash Collection Processes

59. (SO 9) Visit the financial education website created by Equade Internet Ltd. at www.investopedia.com. Note the definition for channel stuffing. According to this site, what is the primary motivation for channel stuffing? Channel stuffing is a deceptive business practice used by a company to inflate its sales and earnings figures by deliberately sending retailers along its distribution channel more products that they are able to sell to the public. By channel studding, distributors temporarily inflate their accounts receivables. However, unable to sell the excess products, retailers will send the excess items instead of cash back to the distributor, who must adjust its accounts receivable and ultimately its net income. In other words, channel stuffing always catches up with the company, because it cannot maintain sales at the rate it is stuffing. The primary motivation for this fraudulent business practice is to raise the value of the company’s stock. 60. (SO 6) Using a search engine, search for an article written by Vangie Beal titled “Top 2012 eCommerce Trend”. Briefly describe the main point of this article. The main point is that companies must shift their focus away from customers who shop online using a computer or laptop computer. Many shoppers now use a mobile device such as smart phone or tablet. One of her sentences says the following: “On mobile devices your customers do everything from accessing promotional coupons and scanning QR codes to researching products, comparing prices and making a purchase.” Therefore, as an example, websites have to be designed to be optimized for the smaller screens of smartphones. 61. (SO 9) This chapter mentioned alleged fraudulent revenue reporting at Coca Cola and McAfee. Using a search engine, search the phrase “SEC channel stuffing”. Give one more example of a company that was investigated, or is being investigated by the SEC. What are the facts and status of the case? The student’s answer will depend on when the search is conducted. As of the date this solutions manual was prepared, the sec Web site included the following excerpts describing action against OCZ Technology Group. “The Securities and Exchange Commission announced that on October 6, 2015, it charged two former top executives of OCZ Technology Group, Inc. for accounting failures at the now-bankrupt seller of computer memory storage and power supply devices. In a complaint filed in the Northern District of California, the SEC alleges that OCZ’s former CEO Ryan Petersen engaged in a scheme to materially inflate OCZ’s revenues and gross margins from 2010 to 2012. It separately charged OCZ’s former chief financial officer Arthur Knapp for certain accounting, disclosure, and internal accounting controls failures at OCZ. Knapp agreed to settle the SEC’s charges without admitting or denying the allegations against him. The settlement is subject to court approval. The SEC’s litigation continues against Petersen. The SEC’s complaints allege that Petersen’s scheme included, among other things,

Page 8-15


Chapter 8 Solutions

Revenue and Cash Collection Processes

channel-stuffing OCZ’s largest customer by shipping more goods than the customer could sell in the normal course of business. The complaint seeks a permanent injunction, a civil penalty, an officer and director bar, and forfeiture of Petersen’s stock sales profits and bonus. The SEC’s investigation against Petersen is continuing.

Cases 62. Sales processes at Sensible CDs. a. The sales processes in the store are very similar to any retail store. When a customer buys a CD or LP record, the product is scanned by a bar code reader, the customer pays the amount b cash, check, or credit card, and then takes the products out of the store. In online sales, Sensible CDs would have to implement an IT system and a web server to process online sales. It would be necessary for a customer to browse or search the inventory online; requiring a real-time inventory system integrated with the sales processes. The IT systems for the online system would be more complex. The online sales would be processed through the Web site and mailed to the customer. Payment could only be made by credit card at the time of sale. b. Usually very little, if any, data is collected from customers during in-store sales. If the customer pays by cash, he can be completely anonymous. Even in the case of a credit card payment, customer data is only used to charge the credit card and that data is usually not kept by the company. c. In an online sale, much more customer data must be collected, used, and stored. Customer name, address, phone number, and credit card data must be collected and stored. d. In addition to the data mentioned in part c, Sensible CDs may store and analyze the CD titles purchased by individual customers. If Sensible CDs had software capable of doing so, this data could be used to recommend other titles to customers. This system would work like the Amazon.com web site. When purchasing a book at Amazon, the customer receives suggested titles of similar books. e. (This questions is an error in that it is a repeat of d.) 63. Sales and collection processes at Kingston Industries. a. Refer to the separate Microsoft Excel file “Chapter 8 Solutions Process Maps.xlsx”. b. Weakness: The invoice is prepared without comparison to the packing slip. This means the company could bill the customer for items or quantities different from items and quantities shipped. This is especially true if items are out of stock. Improvement: A copy of the packing slip should be forwarded to accountant 1 and the invoice should be based on items and quantities shipped. Furthermore, accountant 2 should file the packing slip copy with the matched invoice and approved sales order.

Page 8-16


Chapter 8 Solutions

Revenue and Cash Collection Processes

Weakness: Customer credit is not approved until after the order is shipped. Improvement: Credit approval should occur before the documentation is forwarded to the warehouse clerk for filling the order and shipment. Weakness: Inventory records are not updated as orders are filled. Improvement: A copy of the packing slip or stamped sales order should be used by accountant 1 or accountant 2 to update inventory records promptly upon shipment. Weakness: There is no prelisting of checks received with the amounts. Such as list helps prevent theft or accidentally misplacing a check. Improvement: A prelisting of checks received should be prepared to be compared to the bank deposit amount. Weakness: There is no mention of a bank reconciliation for checks received. Improvement: The bank account should be reconciled to cash records on a monthly basis. This reconciliation should be performed by someone who has not responsibility for custody, authorization, or recordkeeping for cash. Weakness: There is no comparison of the check received to the original sales invoice. Under this system, it would be possible to assume an invoice is fully paid when it was not. Improvement: The checks received should be compared to the sales invoice. Weakness: The collections clerk has custody of the checks and also records the transactions in the accounts receivable subsidiary ledger. Improvement: Accountant 1 or 2 should record in the subsidiary ledger upon receiving a list of checks received. This would improve controls regarding segregation of duties, as the collections clerk should have custody responsibilities but not the related record keeping responsibilities. Weakness: There is no mention of monthly statements mailed to customers. Such a statement summarizes possibly several invoices for each customer and can show the ages (overdue status) of the amounts. Improvement: A monthly statement should be mailed to each customer. Weakness: There is no mention of performing a reconciliation of subsidiary ledgers and the general ledger. Improvement: A periodic reconciliation of the subsidiary and general ledgers should occur to help prevent or detect errors, omissions, and fraud. c. Refer to the separate Microsoft Excel file “Chapter 8 Solutions Process Maps.xlsx”. 64. Process maps and internal control considerations for Katrupi’s sales, billing, and collection processes

Page 8-17


Get complete Order files download link below https://www.mediafire.com/file/irz9wmopx2uq9nh/S M+Accounting+Information+Systems+Controls+and+Pr ocesses+3e+Turner+Weickgenannt+Mary+Copeland.zip /file

If this link does not work with a click, then copy the complete Download link and paste link in internet explorer/firefox/google chrome and get all files download successfully.


Chapter 8 Solutions

Revenue and Cash Collection Processes

a. Refer to the separate Microsoft Excel file “Chapter 8 Solutions Process Maps.xlsx”. b. Katrupi’s sales department personnel are preparing a sales order without an approval for the transaction and without checking the credit status of the customer. Before the sales department prepares a sales order, it should determine the relevant pricing for the items ordered and check the customer’s credit. The sales journal should not be updated at the time a sales order is prepared; rather, the sales journal should be updated upon shipment of the items to the customer. Katrupi’s warehouse personnel currently have incompatible duties related to both custody of inventory items and inventory recordkeeping. An inventory control function should be implemented for the purpose of inventory recordkeeping. Also, there is no indication that shipping documents are being prepared by Katrupi. A separate shipping function should be established for purposes of preparing a bill of lading to present to the carrier, rather than a copy of the sales order. In addition, a shipping log should be used. Katrupi’s billing department is not preparing a billing record or maintaining records of amounts billed. It should be preparing an invoice to be sent to the customer, rather than sending a priced version of the sales order. A copy of the invoice should be retained in the billing department. The accounts receivable department is not updating the receivables records promptly upon the occurrence of a sales transaction; instead, it is delaying this recordkeeping task until the related cash is collected. The accounts receivable subsidiary ledger should be updated promptly upon the shipment of a sales order and the invoicing of that order. Cash collections should not be handled by the accounts receivable department, as this custody function is incompatible with the recordkeeping of customer accounts. A separate company employee should handle collections received in the mail, and a cash receipts department should be responsible for preparing the cash receipts journal and bank deposit. Katrupi’s general ledger is being updated prematurely. Rather than updating the general ledger upon receipt of a sales order from the sales department, it should be updated at the time the shipment occurs and the related billing and accounts receivable records are prepared. c. Students’ revised process maps for Katrupi’s sales and cash collection processes should be similar to those presented in Exhibits 8-3 and 8-13, respectively. 65. Internal control risks at Inner Artist The following memo presents internal control weaknesses or potential risks, as well as recommendations for strengthening controls:

Page 8-18


Chapter 8 Solutions

Revenue and Cash Collection Processes

To : Amanda Michelson, Owner Inner Artist Fr: AIS Student Re: Internal Control Recommendations During the course of my accounting work, the following circumstances were noted which represent internal control weaknesses and potential business risks in the company’s revenue processes. I am proposing potential enhancements to the company’s system of internal controls in order to reduce these risks. I would be pleased to discuss these items with you further. 

Sales documentation is not being prepared for all sales transactions, but only for sales on account. This allows for the possibility of fraud or error in the retail store, as there is no basis for reconciling sales with cash register and credit receipts for each shift worked by a sales clerk. In addition, inventory records cannot be updated on a regular basis. If sales clerks prepare a sales receipt for each sale, then a record exists for the purposes of performing daily reconciliations of the summaries of cash collections and updating the cash, accounts receivable, and inventory records. A duplicate copy of the receipt could be given to each customer as a record of the transaction. Walk-in sales on account are approved by a manager upon recognizing a credit customer. This presents a potential problem for a growing company to be able to recognize all of its customers, as well as in the event that the walkin customer may no longer be affiliated with the customer company. The supervisor in the accounts receivable department should verify charge slip information in order to approve the sale before it is transacted, rather than afterwards. The accounts receivable supervisor is not effectively utilizing the list of past due accounts. This report should be actively investigated and follow-up should be performed to maximize the likelihood of cash collection. Past due customers should be contacted promptly in order to discuss the reasons for the delay in collections and maximize the likelihood of future collection. Art’s should implement credit and collections functions to investigate and pursue payment on unpaid customer accounts rather than merely writing them off. A cashier should not perform the bank reconciliation because this presents a problem with segregation of duties. The person with custody of cash (who receives payments and prepares the cash receipts listings and bank deposits) should not also have responsibility for reconciling the bank account. This control activity should be performed by someone independent of the cash authorization and recordkeeping functions. The staff accountant does not currently have sufficient information to allow him or her to verify the general ledger postings. For instance, before the general ledger is updated, staff accountants should be able to determine that

Page 8-19


Chapter 8 Solutions

Revenue and Cash Collection Processes

the cash register totals reconcile to the cash deposit and credit summary information and that the cash receipts listings agrees with the bank deposits. 66. Lewis LLC.’s internal control checklist. These checklist questions are expected to achieve the internal control purposes as presented in the following list: 

 

Is the sales department separate from the credit office and the IT department? Separation of duties in important in the revenues and receivables processes, so the separation of the sales office, where initial sales records are prepared, should be separated from the authorization duties performed by the credit office and the systems programming and implementation duties performed by the IT department. Are all collections from customers received in the form of checks? Checks provide a record of collections, which can enhance the recordkeeping accuracy of the related cash, receivables, and sales accounts. On the other hand, cash collections are easier for a dishonest employee to steal. Is it appropriate to program the system for general authorization of certain sales, within given limits? Authorizations are important for ensuring that only valid, approved transactions take place. However, as a cost/benefit consideration, limits may be set regarding the minimum amount for which specific authorization is required. Are product quantities monitored regularly? Independent checks of the physical versus recorded inventory quantities is an important control feature that can detect errors or fraud in the inventory records. This can also be an effective tool for preventing the risk of a stock shortage which could impact customer satisfaction. Will all data entry clerks and accounting personnel have their own PCs with log-in IDs and password protection? If employees have their own PCs, then there should be no reason for computer sharing. Therefore, instances of unauthorized access should be minimized and each employee’s login information can be monitored so that each person is held accountable for changes made. Will different system access levels for different users be incorporated? Access controls are important for limiting access to areas of the employees’ responsibility as well as monitoring and identifying work performed by each member of personnel. This will limit sensitive information from being viewed or altered by unauthorized members of personnel. Will customer orders be received via the Internet? This will provide for prompt recording of customer orders and reduced errors that could otherwise result if customer orders had to be manually input by company personnel. Has the company identified an off-site alternative computer processing location? If computer processing is necessary for the effective and efficient operation of the business, then the company should have plans in place to minimize the risk of loss due to interruptions in computer service.

Page 8-20


Chapter 8 Solutions 

 

 

Revenue and Cash Collection Processes

Does the project budget include line items for an upgraded, uninterrupted power source and firewall? These controls protect against loss of information, loss of a computer processing source, or unauthorized access to the system, which can reduce the risk of data destruction or alteration. Will the system be thoroughly tested prior to implementation? System testing reduces the risk of errors in programming that can cause unreliable financial reporting. Will appropriate file backup procedures be established? Back-up procedures protect a company against a risk of loss due to destruction of data files. They also provide a means for continued processing even if company hardware and software are unavailable or destroyed. Will business continuity plans be prepared? Continuity plans ensure that the company will be able to operate even if there is a disruption in computer processing, destruction of the company’s operating facility, records and/or data, or other unforeseen circumstances. Will an off-site data storage exist? Off-site data storage allows for back-up versions of company information to be maintained in case they are needed or purposes of emergency business continuity. Will intrusion detection systems be incorporated? The company should have this electronic control to monitor for the possibility of unauthorized access to the system. This will protect the data and records within the system.

67. Internal controls at Niagara Pediatrics Evaluate the information in each of the following situations as being either an internal control (1) strength, (2) weakness, or (3) not a strength or weakness. 1. Niagara Pediatrics’ office manager approves the extension of credit to patients and also authorizes write-offs of uncollectible accounts. (2) 2. Niagara Pediatrics’ office manager may extend credit based on special circumstances rather than using a formal credit search and established credit limits. (2) 3. Niagara Pediatrics extends credit rather than requiring cash or insurance in all cases. (3) 4. The computer software package cannot be modified by the employees of the practice. (1) 5. None of the employees who generate revenues or record revenues are able to write checks. (1) 6. Computer passwords are known only by the individual employees and the managing partner, who has no recordkeeping responsibilities. (1) 7. Individual pediatricians document the services they perform on pre-numbered reports that are used for both recording revenues and patient receipts. (1) 8. Insurance coverage is verified by the office manager before medical services are rendered. (1) 9. The bank reconciliation is prepared by an independent CPA firm. (1)

Page 8-21


Chapter 8 Solutions

Revenue and Cash Collection Processes

10. The sequence of pre-numbered service reports are accounted for on a monthly basis by an independent CPA firm. (1) 11. The second accounting clerk receives cash and checks and prepares the daily deposit. (1) 12. The second accounting clerk maintains the accounts receivable records and can add or delete receivables information on the PC. (1) 13. The second clerk receives the cash and checks and also records cash receipts. (2) 14. Niagara Pediatrics is involved only in medical services and does not have diversified business operations. (3) (Excerpt from Adapted CPA Simulation Problem) 68. Internal control weaknesses in cash receipts and sales processes at Radleigh, Inc. a. Refer to the separate Microsoft Excel file for Chapter 8 Solutions Process Maps. b. Internal control weaknesses:  The mail clerk should not forward the checks and remittance advices to departments having recordkeeping responsibilities.  The mail clerk is not preparing a record of cash received in the mail.  Cash collections are not being deposited promptly. Furthermore, the bank deposits are being prepared by accounts receivable department personnel, who also have recordkeeping responsibilities.  The sales department, accounting department, and accounts receivable personnel should not have custody of the checks because they have recordkeeping responsibilities.  There is no procedure for reconciling the daily cash receipts and bank deposits.  Bank reconciliations are being prepared by accounting department personnel, where employees also are responsible for reviewing the past due status of customer accounts. These employees have custody of cash for a limited period of time, which places them in a custody role. The bank statement should not be prepared by someone who has custody of cash.  Cash sales should not be received by sales clerks (because it violates the segregation of duties principles), but should be directly received by the cashier.  The cashier, who has a cash custody role, should not also be responsible for the incompatible authorization task of approving customer credit.  The inventory control catalog should not be updated by the sales department because it violates the segregation of duties principles.

Page 8-22


Chapter 9 Solutions Purchases

Expenditures Processes and Controls –

Turner/Accounting Information Systems, 3e Solutions Manual Chapter 9 Concept Check 1. d 2. d 3. c. 4. b 5. b. 6. d 7. d 8. c 9. a 10. b 11. a 12. b 13. b 14. a 15. b 16. c 17. b 18. b

Discussion Questions 19. (SO 2) Name the first document that should be prepared when a production employee recognizes that the quantity of goods on hand is insufficient to meet customer demand. Purchase requisition. 20. (SO 2) How does the maintenance of a receiving log enhance internal controls? A receiving log is a sequential listing of all goods received. It serves as an audit trail and allows the physical goods received to be matched against other documentation to ensure that all goods are received 21. (SO 2) Why should a receiving clerk be denied access to information on a purchase order? This practice is called a “blind PO” and the advantage is that it forces a physical count of goods received. A clerk

9-1


Chapter 9 Solutions Purchases

Expenditures Processes and Controls –

cannot complete the “quantity received” field of a receiving report until the goods have been counted. If the PO contained quantities ordered, the clerk could assume that the quantity received is equal to quantity purchased and therefore, skip the physical count. However, conducting the physical count is a much better practice and the blind PO serves as a control to force such a count. 22. (SO 2) Under what circumstances would it be necessary to manually update accounts payable prior to the receipt of a vendor’s invoice? When the receipt of goods occurs at the end of a period, but the invoice is not received until the next period, the liability should be recorded in the first period even though the invoice has not yet been received. 23. (SO 4) Which department is responsible for making sure that payments are made in time to take advantage of vendor discounts? It is the responsibility of accounts payable. 24. (SO 4) Why would some checks need to include two signatures? Large checks over a specified amount may require two signatures. Large checks entail more risk for the company and the dual signature lessens risks. 25. (SO 4) During the process of reconciling the bank account, why is it necessary to review the dates, payees, and signatures on the canceled checks? Reviewing dates, payees, and signatures on cancelled checks may help uncover unusual events. These unusual events can then be checked to make sure that they are not part of a fraud scheme. 26. (SO 4,6) What specifically does a cash disbursements clerk do when he or she “cancels” an invoice? How does this compare to the procedures used when computer-based matching exists. To cancel an invoice means to mark or stamp it with the date paid and check number. The purpose is to help prevent duplicate payment of an invoice. In an automated matching system, the system would be programmed to ensure that there were no previous payments that would make a new payment a duplicate payment. 27. (SO 4) Why should accountants periodically review the sequence of checks issued? To ensure there are no missing or unaccounted checks. This helps prevent errors and fraud. 28. (SO 2,4) What accounting records are used by accounts payable personnel to keep track of amounts owed to each vendor? An accounts payable subsidiary ledger is used to record the detail of amounts owed to each vendor. 29. (SO 5) Identify some inefficiencies inherent in a manual expenditures processing system. There is a physical matching of documents by

9-2


Chapter 9 Solutions Purchases

Expenditures Processes and Controls –

humans and this process is time consuming and error prone. Even if a software system such as Microsoft Dynamics GP is used, there are many human tasks that are time consuming and error prone. Those tasks are: keying of data for a purchase order; the manual process of comparing an order received to the PO; keying in the receiving report and finding the PO in the system to match it against; keying the invoice into the system and finding the PO in the system to match it against; and the human decision making process of which invoices to approve for payment. These inefficiencies cause a large expenditure in salaries and wages for the personnel who do the matching. 30. (SO 5) What are the advantages of BPR? Using BPR to design IT systems can reduce the amount of paperwork, manual processing and the costs inherent in paperwork and manual processing. The costs include wages and salaries for the time to do manual processing and to correct errors or mismatches that occur in the manual processes. 31. (SO 5,6,7,8) List three examples of BPR used in the expenditures processes. BPR can be used to change a manual matching and payment system into one of three IT systems. These three include computer based three-way matching, Evaluated Receipt Settlement (ERS), and EDI. 32. (SO 6) Explain how system logic errors could cause cash management problems. When there are logic errors in a system, it may cause the system to make the same error repetitively. If the logic error is in approving payments, the system may repetitively approve payments a the wrong times or in the wrong amounts. Since the error is repetitive, it could quickly cause cash flow problems by paying too much cash, too soon. 33. (SO 6) Explain how system availability problems could cause cash management problems. Significant amounts of downtime in the system could delay payments to vendors. In turn, vendors may delay shipments of materials to the company, which would then delay sales to customers and cash inflows. 34. (SO 8) How is an audit trail maintained in an IT system where no paper documents are generated? Backup files and computer logs of transactions can serve as part of an audit trail. 35. (SO 6) What can a company do to protect itself from business interruptions due to power outages? A company should have a disaster recovery plan and they should use uninterruptible power supplies as a backup to the normal power source. 36. (SO 7) What paper document is eliminated when ERS is used? ERS is an invoiceless match system. This means the invoice is eliminated

9-3


Chapter 9 Solutions Purchases

Expenditures Processes and Controls –

and the vendor is paid if the purchase order matches the goods received. 37. (SO 7) Identify compensating controls needed for an effective ERS system. Some of the compensating controls needed are: Established procedures in receiving to ensure goods are only accepted when quantities and part numbers match exactly; there must be a much more detailed negotiation with suppliers to establish accepted practices and firm prices with suppliers; vendors must understand that substitutions and partial shipments cannot be accepted; there should be established procedures to handle exceptions that arise, but exceptions should be very rare. 38. (SO 5) What is typically the most time-consuming aspect within the expenditures process? It is the matching of documents in a three-way match system. The time involved is usually very high because of the manual steps and because of the time involved in reconciling mismatches of part numbers, quantities, and prices in many shipments. 39. (SO 8) Identify the category of risk that can be reduced by using authority tables, computer logs, passwords, and firewalls. The category of risk that these controls reduce is security and confidentiality risk, and more specifically, unauthorized access. 40. (SO 6) Explain why the availability of computer systems in the receiving department is such an important component of an automated expenditures process. In most automated vendor payment systems, there is a presumption that the receiving personnel must reject shipments that do not match the purchase order. This means that the receiving personnel must be able to look up the desired purchase order at the same time the delivery is at the receiving dock. The receiving personnel must be able to reject the shipment, of necessary, while the delivery person is still at the receiving dock. In this circumstance, the purchase order files must be online and readily accessible to receiving personnel. 41. (SO 5,8) Identify three ways that buyers and sellers may be linked electronically. EDI systems link buyers and sellers electronically, The electronic link may be in the form of private leased lines, third-party networks called value-added networks, or via the Internet. 42. (SO 8) What techniques can a company use to reveal problems concerning potential exposure to unauthorized access to its systems? Penetration testing, vulnerability assessment, and intrusion detection systems all help expose potential unauthorized access.

9-4


Chapter 9 Solutions Purchases

Expenditures Processes and Controls –

43. (SO 9) How are Web browsers used in e-payables systems? In many accounting systems, the accounting software has a custom designed screen to view and enter data. In e-payable system, a web browser is used as the interface to receive and review invoices, as well as to make vendor payments. The web browser is perceived to be a more user friendly approach to the interface. 44. (SO 10) Explain how procurement cards provide for increased efficiencies in the accounts payable department. P-cards are used for purchases of things such as supplies, maintenance, and travel and entertainment expenses. Without p-cards, many companies find they have a large volume of these small dollar transactions that would still require the regular matching process in accounts payable. The p-card eliminates this time consuming matching process for items purchased with the p-card. This eliminates soliciting bids, keying PO and invoice data, matching documents, reconciling mismatches, and writing small dollar amount checks. Instead, the company receives one monthly bill from the credit card issuer. Brief Exercises 45. (SO 2,4) Describe what is likely to occur if company personnel erroneously recorded a purchase transaction for the wrong vendor? What if a cash disbursement was posted to the wrong vendor? Identify internal controls that would detect or prevent this from occurring. If a company erroneously recorded a purchase transaction to the wrong vendor, it is likely to make a payment to the wrong party. When the correct vendor does not collect its payment, it will notify the company and demand payment. This will likely result in the company making a duplicate payment for the same transaction. If a cash disbursement was posted to the wrong vendor account, this would also likely result in the company making a duplicate payment for the same transaction. Since the first payment did not get recorded correctly, the company would not have proper record of the payment. When it reviewed its vendor accounts, it would note that it still needed to make a payment. It would be difficult to discover an erroneous posting of a purchase transaction or cash disbursement to the wrong vendor account. (An incorrect posting of a cash disbursement is more likely to be

9-5


Chapter 9 Solutions Purchases

Expenditures Processes and Controls –

discovered in the document matching and subsequent posting process.) The following internal controls could detect these types of problems:  When invoices arrive from the vendor companies, there should be an attempt to match the invoice to the purchase order and receiving report before the transaction is posted to the vendor account within the accounts payable subsidiary ledger. During this posting, the employee who posts should verify that the transaction is recorded in the proper vendor account.  A reconciliation should be performed upon receipt of the vendor statement. This should reveal any differences in terms of purchase or payment information.  A review of the vendor file should be performed periodically. The vendor to which the purchase should have been recorded or the vendor to which a payment was erroneously applied may show a negative balance (paid more than recorded purchases). The error may also be discovered when there is a reconciliation of the accounts payable subsidiary ledger to the general ledger, although this is not as likely. The reconciliation would still balance even if an amount is recorded in the wrong vendor account. It is also possible that this error would not be discovered particularly if there are always outstanding balances in vendor accounts. The best internal control to prevent these errors would be to use an automated, rather than manual system. An automated system would automatically post to the correct vendor as the purchase order is created. 46. (SO 4) Debate the logic used in the following statement: “The person responsible for approving cash disbursements should also prepare the bank reconciliation because he is most familiar with the checks that have been written on that bank account.” It may be true that this person is more familiar with the checks, but it would not represent a good internal control process. If a separate person reconciles the account, it prevents the first person from writing fraudulent checks and covering it up by altering the bank reconciliation. 47. (SO 8) Expenditure systems are crucial in the automobile manufacturing industry, where hundreds or thousands of parts must be purchased to manufacture cars. Briefly describe how EDI would be beneficial in this industry. Since there would be such a large volume of purchase orders, invoices, and receiving reports, that handling so many paper document would be inefficient. EDI would eliminate all of the manual steps in handling these paper documents, eliminate the keying of the data on these documents, and eliminate mail delays. An

9-6


Chapter 9 Solutions Purchases

Expenditures Processes and Controls –

EDI system would be faster, more efficient, and less error prone. Therefore, it would also reduce the cost per transaction. 48. (SO 2,4) Describe how the matching of key information on supporting documents can help a company determine that purchase transactions have been properly executed. If the company has established proper segregation of duties and matches documents, there is a likelihood they have properly insured that purchase transactions are properly executed. Purchasing would not complete a PO and place an order until they receive a purchase requisition. The PO would be forwarded to accounts payable. The receiving department would complete and forward a receiving report upon receiving the goods. The invoice comes from a separate party – the vendor. If these three separate documents match, it is a good assurance that it was a valid, authorized order, it was properly received, and the vendor billed correctly for goods ordered and received. 49. (SO 2,3) Describe how the use of pre-numbered forms for debit memos can help a company determine that purchase return transactions have not been omitted from the accounting records. It is much easier to account for all debit memos if they are pre-numbered. The sequence of numbers can be checked to ensure all have been posted. 50. (SO 5,7) Describe how a ERS system could improve the efficiency of expenditure processes? An ERS is an invoiceless system that pays vendors if the goods received match the purchase order. This system completely eliminates the document matching system that usually occurs in accounts payable. This eliminates the most time consuming aspect of paying vendors. However, it does require much more strictly defined purchasing agreements with vendors. Vendors must understand that the company cannot accept price differences from those negotiated, substitution of products, undershipments, overshipments, or partial shipments. 51. (SO 10) Describe how a procurement card improves the efficiency of purchasing supplies. A procurement card is usually used to purchase supplies or pay for travel and entertainment. Using a p-card for these purchases eliminates the typically process of PO, receiving report, and invoice matching. Individual users have much more control over the purchase of their supplies and central inventories of supplies need not be maintained.

Problems

9-7


Chapter 9 Solutions Purchases

Expenditures Processes and Controls –

52. (SO 2,5,6,7,8) Refer to the Real World Example for City Harvest and the details in the chapter. Outline the business process improvements that can occur in the inventory and purchasing processes when a manual or nonintegrated system is replaced with a fully integrated ERP system to efficiently manage the purchase and distribution of inventory. ERP business process improvements are aimed at efficiencies with regard to:  Supply chain management i. Provides a dashboard and supplier prospect pipeline ii. Improved supplier relationship management  Tracking freight i. Coordinated routes for drivers  Real-time data i. Easily searchable and accessible data ii. Improved data visibility and sharing of information across the organization iii. Improved records help with notifications of current needs and projections of future needs iv. More accurate and detailed inventory counts and categorizations  Data security i. Cloud backup, recovery, and risk avoidance  Management focus i. Time savings allow managers to devote more attention to growth and other strategic goals 53. (SO 2,3,4) Identify an internal control procedure that would reduce the following risks in a manual system: a. The purchasing department may not be notified when goods need to be purchased. Require that an inventory control department monitor inventory records and request purchases (purchase requisition) when goods need to be reordered. b. Accounts payable may not be updated for items received. Require that the receiving department complete a receiving report for all goods received, and that a copy of the report is forwarded to accounts payable. c. Purchase orders may be prepared based on unauthorized requisitions. Require that the appropriate manager approve each purchase requisition by signing the requisition form.

9-8


Chapter 9 Solutions Purchases

Expenditures Processes and Controls –

d. Receiving clerks may steal purchased goods. Require good physical security such as security cameras and good supervision of receiving employees. Using a “blind” PO at receiving may also help since constant shortages when goods are stolen is more likely to be noticed. e. Payments may be made for items not received. Require a threeway match of the purchase order, receiving report, and invoice before a payment can be approved. f. Amounts paid may be applied to the wrong vendor account. Assuming that the payment was to the correct vendor, but posted to the wrong account, it is very difficult to uncover this error. A reconciliation of subsidiary ledge to the accounts payable account may not uncover this because the total balance would be the same. It may be uncovered if someone notices that the records show payments to a vendor are in excess of that owed. There is no method to completely eliminate errors in posting. g. Payments may be made for items previously returned. Require a debit memorandum be completed for any goods returned, and that a copy of this be forwarded to accounts payable so that the balance owed can be changed. h. Receiving clerks may accept delivery of goods in excess of quantities ordered. First, there must be a clear policy on overshipments that receiving personnel can apply. For example, a policy may be written that overshipments under 5% can be accepted, but all others should be rejected and returned. Second, there must be a policy that all received goods are compared against a purchase order. Also, the use a “blind” PO to force receiving personnel to count goods and they might therefore more easily detect overshipments. i. Duplicate payments may be issued for a single purchase transaction. Require that payment documentation be “cancelled’ when payment is made. This stamp on the documents should help prevent duplicate payments. 54. (SO 2,3,4,5,6) Identify an internal control procedure that would reduce the following risks in an automated fully-integrated ERP systems such as Microsoft Dynamics GP: a. The purchasing department may not be notified when goods need to be purchased. In ERP systems, the inventory records are integrated so that the purchasing department is automatically notified when reorder points are reached.

9-9


Chapter 9 Solutions Purchases

Expenditures Processes and Controls –

b. Accounts payable may not be updated for items received. In ERP systems, receiving reports are completed online so that the accounts payable records can be updated immediately. c. Purchase orders may be prepared on the basis of unauthorized requisitions. In ERP systems, POs require the electronic approval of the purchasing supervisor before the purchase can go forward. d. Receiving clerks may steal purchased goods. In ERP systems, an electronic invoice from a vendor would detect and signal the likely theft if there was not a match to a receiving report. e. Payments may be made for items not received. Because of the automated matching of the PO, receiving report, and vendor invoice, a payment would not be authorized if a receiving report was not present. f. Amounts paid may be applied to the wrong vendor account. Because of the integrated ERP systems, vendors will not be misidentified. g. Payments may be made for items previously returned. Because of the integrated ERP systems, returns are automatically noted in the system so the invoice will be canceled. h. Receiving clerks may accept delivery of goods in excess of quantities ordered. Because the receiving report is completed online, it will be automatically and compared with the PO so that discrepancies can be identified immediately. i. Duplicate payments may be issued for a single purchase transaction. Because the vendor’s invoice and cash disbursement are maintained online in an integrated system, the invoice will be canceled once payment is made. This will prevent a duplicate payment. j. The accounts payable clerk makes a check out to himself (assume the company utilizes automated check signing functionality). Because the cash disbursements system is maintained online and integrated with the accounts payable system, a payment cannot be made to an unauthorized party. 55. Compare how a company with a manual process of matching a PO, receiving report, and vendor invoice would differ from a company that uses Microsoft Dynamics GP or other integrated ERP solution where automated (electric) matching of a PO, receiving report, and vendor invoice occurs. Explain how the audit of the manual and automated systems may differ. A company that uses an integrated ERP system for automated matching would create a PO electronically, and the purchasing supervisor would approve the PO electronically in the system. When newly-purchased inventory is received, the receiving report is completed online and automatically matched with the PO.

9-10


Chapter 9 Solutions Purchases

Expenditures Processes and Controls –

When the vendor’s invoice is received, it is scanned into the system or received electronically, and the system’s document imaging system can retrieve the necessary information for matching the invoice with the receiving report and PO. By contrast, a manual matching process is likely to involve more time-consuming manually procedures for comparing paper documents. Auditors of ERP systems must audit with the computer, as the documents and files (and thus the audit trail) within those systems exist electronically. 56. (SO 1,10) Joy Tucker’s coffee and pastry cart and a procurement card. Suggest some controls that should be in place. Identify some resources that need to be purchased for this business. The credit card used should have a dollar amount limit as well as a daily limit. The card can also be restricted to certain kinds of vendors. For example, hotels, air fare, electronics stores, and liquor stores could all be vendors that would be prohibited purchases on this credit card. The types of resources that would be purchased are paper products such as coffee filters, paper cups, napkins, and plates; plastic utensils; ground coffee beans; creamer, sugar, sweetener, and milk; pastries; and various cleaning supplies. Finally, Joy should review all charges on the credit card each month to detect any misuse of the card. 57. (SO 1,5) Holsten Company and business process reengineering project (BPR). BPR involves the radical redesign of processes, along with IT enablement of processes, to improve the efficiency and lower the cost of processes. BPR in a manual expenditure system would involve methods to convert manual processes into automated processes. Any of the IT enablement methods suggested in this chapter is a possible solution. Therefore, computer based document matching, evaluated receipt settlement, e-business or EDI, e-payables, and procurement cards are all possible. Some combination of these could also be implemented. For example, Holsten could use an EDI system for purchases of inventory, but use a procurement card for small supplies and travel expenditures. 58. (SO 2) Frazier Stamping, Inc. computerization. Assume that Frazier Stamping, Inc. is preparing to computerize the manual input processes such as completing a receiving report. Use Microsoft Excel to perform the following: a. Design an appropriate format for a data entry screen that could be used at the receiving dock to enter information from the packing slip

9-11


Chapter 9 Solutions Purchases

Expenditures Processes and Controls –

in the company’s expenditure system. See the excel file “Problem 9-58.xlsx.” 59. (SO 2,4) The following list presents statements regarding the expenditure processes. Each statement is separate and should be considered to be from a separate company. For each statement, determine whether it is an internal control strength or weakness, then describe why it is a strength or weakness. If it is an internal control weakness, provide a method or methods to improve the internal control. a. A purchasing agent updates the inventory subsidiary ledger when an order is placed. This is an internal control weakness. The purchasing agent is part of the authorization of orders. Therefore, he/she should not have record keeping duties for those purchases. If one person has both duties, unauthorized purchases can be initiated and records can be altered to cover up these unauthorized purchases. These duties should be segregated and someone who does not authorize and does not have custody of purchases should be assigned to the record keeping. b. An employee in accounts payable maintains the accounts payable subsidiary ledger. This is an internal control strength. The payable should be recorded when the invoice arrives and it matches a purchase order and receiving report. c. Purchasing agents purchase items only if they have received an approved purchase requisition. This is an internal control strength. The purchasing agents cannot initiate purchases without proper approval from a separate department or person. d. The receiving dock employee counts and inspects goods and prepares a receiving document that is forwarded to accounts payable. This is an internal control strength. The counting and inspecting of goods ensures that goods are not damaged and that the proper amount was received. This count and inspection prevents companies from paying full price for damaged goods or missing goods. e. The receiving dock employee compares the packing list to the goods received and if they match, forwards the packing list to accounts payable. This is an internal control weakness. Goods should not be compared to the packing list, they should be compared to the purchase order. A comparison to the packing list will not reveal any undershipments, overshipments, or

9-12


Chapter 9 Solutions Purchases

Expenditures Processes and Controls –

product substitutions. The improvement would be to compare the goods received to the purchase order and forward a receiving report, not the packing list, to accounts payable. f. An employee in accounts payable matches an invoice to a receiving report before approving a payment of the invoice. This is an internal control weakness because there is one more document that should be matched. The purchase order should also be matched to the invoice and receiving report. g. A check is prepared in the accounts payable department when the invoice is received. This represents two internal control weaknesses: 1) There is no document matching mentioned (PO, invoice, and receiving report); 2) Accounts payable should authorize the payment, but should not write the check. The matched documents should be forwarded to cash disbursements, and the check should be prepared by cash disbursements 60. (SO 4) Since the accounts payable system of matching purchase orders, invoices, and receiving reports can often be complex, organizations must routinely check to ensure they are not making a duplicate payment. The text book Web site contains a spreadsheet titled “invoices.xls”. Using your knowledge of spreadsheets and the characteristics of duplicate payments, identify any payments within the spreadsheet that appear to be duplicate or problem payments. For the following PO’s, there are duplicate payments in which the invoice amounts are exactly the same, and the same PO is referenced: PO 1514; invoices 5644 and 6871. PO 2635; invoices 7176 and 7700. PO 3477; invoices 7957 and 8340. PO 2818 was invoiced twice, but in different amounts and it could be a duplicate payment, or it could be two partial payments. We would need the amount of the purchase order to determine. 61. (SO 2,3,4) Kittner Company is a small company with three people working in the expenditures processes. One of the three employees is the supervisor of the other two. Some tasks that must be accomplished within the expenditures processes are the following: a. Accounts payable record keeping. b. Authorization of new vendors c. Authorization of purchase returns d. Authorization of purchases

9-13


Chapter 9 Solutions Purchases

Expenditures Processes and Controls –

e. Cash disbursements record keeping f. Check-signing authority g. Custody of inventory in the receiving area. h. Maintaining custody of cash. i. Preparation of a debit memo for a purchase return Required: For each of the three employees (supervisor, employee 1, and employee 2), consider the duties you would assign to each employee. In assigning duties, no employee should have more than three tasks and there should be a proper separation of duties to achieve appropriate internal control. List the three people, the duties you assigned to each employee and a description of why those assignments achieve proper separation of duties. There are likely to be a few possible answers that could be effective. The critical aspect is to try to segregate authorization, custody, and record keeping for related events as much as possible. There is no “perfect” segregation since there are only three employees. Supervisor: duties F, G, and H. The supervisor would be the most logical person to sign checks, and as such, is responsible for custody of inventory and cash. As a supervisor, he/she can override internal controls so it is not as much a problem that there may be some incompatibility for a supervisor. Employee 1: duties A, E, I. This places all record keeping and document preparation with employee 1. He/she has no custody or authorization responsibility. Employee 2: duties B, C, and D. He/she can authorize vendors, purchases, and purchase returns, but has no custody or record keeping responsibility. 62. (SO 5,6,7,8) As noted in the chapter, increasingly companies with updated ERP systems are going paperless and documents and transactional data are being stored electronically. Outline the changes that would need to occur to ensure that there were adequate controls within the companies adopting a paperless option or any aspect of electronic storage. 63. (SO 7) Using a search engine, search the internet for information about Evaluated Receipt Settlement, or ERS. You may have more success by searching for the terms ERS and invoices together in one search. Based on what you read about ERS on the web, what appears to be the difficulties encountered when a company chooses to

9-14


Chapter 9 Solutions Purchases

Expenditures Processes and Controls –

implement ERS? The most frequent problem appears to be the reluctance of suppliers (vendors) to adopt the new processes. The switch to an ERS system is a complete change of the invoice and payment process and it requires that the company and its vendor have negotiated firm prices, and polices on shipments. Since this is such a radical change from the older way of doing business, vendors resist the change. ERS does require extremely good working relationships between a company and its vendors. The company must trust the vendor to bill only “agreed upon” prices and not estimated prices. They must also have greater trust that the vendor ships the appropriate quantity and quality of goods. This would mean that they do not ship more than requested, nor do they ship lower quality items. 64. (SO 8) Koler Manufacturing Company and EDI Controls. Required: Describe the IT controls that Koler should include when it implements an internet EDI system. For each control you suggest, describe the intended purpose of the control. Since Koler will be sending data electronically using a computer system, there are many general and application controls that should be a part of this IT system. Koler may not be able to afford all of the general controls mentioned below, but they should implement as many as are cost effective. General controls include: user IDs, passwords, log-in procedures, access levels, authority tables, firewalls, encryption of data, vulnerability assessment, penetration testing, intrusion detection, software testing, and computer logs, These general controls limit unauthorized access to the IT system. To help prevent availability risks, general controls such as business continuity planning, backup data and backup systems, firewalls, encryption of data, vulnerability assessment, intrusion detection, and penetration testing. The purchasing software and the EDI translation software should also incorporate application input controls such as field check, validity check, limit check, and reasonableness check 65. (SO 9) Using a search engine, search the internet for information about Electronic Invoice Presentment and Payment. You may have more success by searching for the terms EIPP and invoices together in one search. Based on what you read about EIPP on the web, what are the advantages and disadvantages of EIPP? One of the concepts

9-15


Chapter 9 Solutions Purchases

Expenditures Processes and Controls –

about EIPP is that is should benefit both the buying company and the selling company. What do you think the benefits are to buyer, and what are the benefits to the seller? The website Intrix Technology provides an overview of EIPP at www.intrix.com/wp-content/uploads/2010/08/EIPP.pdf This describes supplier benefits are: (1) Invoice creation and delivery which can save $7.25 per invoice as compared with traditional payment systems. In addition, invoices reach their destination faster and with fewer requests for another copy.; (2) Invoice accuracy; (3) Timely dispute resolution; (4) Online payment processing; (5) Better cash flow management; and (6) Improved customer service. Many of the advantages to the supplier are also beneficial to the buyer, including the time savings features, accuracy, simplified dispute resolution, convenience of online payment processing, and improved customer service. Disadvantages to the supplier may include the financial outlay for systems and the time required for training and setup. 66. (SO 9) Using a search engine, search the Internet for an article titled “The Advantages of Customer Self-Service for B2B Electronic Invoice Presentment and Payment (EIPP)”. Briefly describe what the article calls the advantages of adopting EIPP. By capitalizing on the flexibility EIPP offers in creating customized invoices, businesses may gain a competitive advantage by offering customers choices that encourage loyalty and extend relationships. In addition, companies using EIPP can improve cash flow by shortening the time it takes to collect on invoices. At the same time, they may lower the overall cost of accounting operations, especially in the area of customer support. 67. (SO 11) You are an accounts payable clerk for a small home improvements contractor. Speculate on the type of fraud that could be in process here. What (if anything) could you do to ascertain the propriety of the transaction and still make the payment today? It is possible that the site supervisor has created a fictitious vendor name and a fictitious invoice and is seeking reimbursement for this false documentation. In an attempt to verify whether the company exists, you could examine telephone books or online listings of the address and phone number for the company. It would be important to confirm that any address is not a PO Box and it is not the same address as an

9-16


Chapter 9 Solutions Purchases

Expenditures Processes and Controls –

existing employee. This approach is not a guarantee because it is easy to set up a “false storefront”. Ideally, the best controls are the approval of a vendor before any purchases occur with that vendor and payment through the existing accounts payable processes. 68. (SO 11) Two of the most common ways that employees commit fraud against their employers is the misstatement of reimbursable expense accounts and the misuse of office supplies for personal purposes. Although these schemes are usually not individually significant, their magnitude can be damaging if these practices are widespread. Develop suggestions for internal controls that could curb the occurrence of such fraudulent activities. Some useful controls would be: approval of these transactions before they occur; requiring the submission of original invoices or receipts before payment is made; and periodic audits of these expenditures.

Cases 69. Notting Inc. has the following processes related to purchasing. Required: 1. Draw a document flowchart of the purchase processes of Notting. Refer to the separate Microsoft Excel file “Chapter 9 Solutions Process Maps.xlsx”. 2. Identify any weaknesses in internal controls within the purchase processes and indicate the improvements you would suggest. Weakness: No one person or department has been assigned responsibility to monitor inventory levels and determine when to order. Improvement: Assign responsibility to a department such as inventory control. Weakness: There is no purchase requisition completed and forwarded to purchasing to initiate the purchasing process. Improvement: Use a purchase requisition, approved by inventory control, to initiate purchases. Weakness: No copy of the purchase order is forwarded to accounts payable for a document match. Improvement: Forward a copy of the PO to accounts payable.

9-17


Chapter 9 Solutions Purchases

Expenditures Processes and Controls –

Weakness: the inventory control department updates inventory records based on a PO, not the goods received. Improvement: the inventory control department should update inventory from the receiving report. Weakness: No copy of the receiving report goes to inventory control or accounts payable. Improvement: Copies of the receiving report should be forwarded to accounts payable and inventory control so the records can be updated. Weakness: The packing slip is forwarded to accounts payable instead of the receiving report. Improvement: The receiving report is forwarded to accounts payable. Weakness: The accounts payable matches the invoice to the packing slip. Improvement: the accounts payable department should match the invoice to the PO and receiving report. Weakness: the cash disbursements department forwards a copy of the check to the general ledger department. Improvement: The cash disbursements department should send a summary journal voucher of check amounts, not a copy of each check. These subtotals are posted to the general ledger, not each individual check amount. 70. Melcher Enterprises is a wholesaler that purchases consumer merchandise from many different suppliers. Required: 1. List any strengths and weaknesses in the internal control procedures of Melcher enterprises. STRENGTHS: A manager in purchasing approves the PO before it is mailed. The PO is prepared in 4 parts and these copies are forwarded to appropriate departments for future use. If no PO exists for a shipment, it is returned. The receiving report is prepared with three copies and those copies are forwarded to appropriate departments (one improvement would be a copy to a separate inventory control department; see first weakness below. Accounts payable does a three-way match of PO, receiving report,

9-18


Chapter 9 Solutions Purchases

Expenditures Processes and Controls –

and invoice before approval of payment. The matched documents are reviewed by a manager, The check signer (treasurer) is segregated from the preparation of the check. WEAKNESSES: There is no separate inventory control department to maintain inventory records. The requisition should come from inventory control, not the warehouse. The packing slip is compared to the purchase order instead of counting and inspecting the order. The quantities on the receiving report are from the packing slip instead of a separate count by receiving employees. If a separate inventory control department existed, a copy of the receiving report should be forwarded there. In general, there is nothing in the description about record keeping – such as who updates inventory, accounts payable, and general ledger records. 2. Draw a document flowchart of the expenditure processes. Refer to the separate Microsoft Excel file “Chapter 9 Solutions Process Maps.xlsx”. This would be an excellent time to reinforce to students that the process map shows processes, but not document flow. Since the document flowchart does show document flows, it is easier to see where some potential control weaknesses exist when viewing the document flowchart. 3. Describe any benefits that Melcher may receive by installing a newer, IT system to process purchases, goods received, accounts payable, and checks. Be specific as to how IT systems could benefit each of the processes described. There are many types of IT systems for purchases, so the exact benefits would be somewhat dependent on the system chosen. However, any IT system would reduce the number of manual tasks which would improve efficiency, reduce costs, and decrease errors. Examples would be: An IT system could monitor inventory levels and automatically generate a purchase order when quantities if individual items reach a reorder point. An IT system could store documents such as POs or receiving

9-19


Chapter 9 Solutions Purchases

Expenditures Processes and Controls –

reports online so that there need not be actual paper handling in forwarding documents between departments. An IT system could match the PO, receiving, report, and invoice and leave accounts payable personnel free to work on reconciliations of those that do not match correctly. An IT system could prepare and print checks. An IT system could update related records in realtime as goods are ordered, received, or paid. An IT system would provide better and more timely feedback to management about inventory levels, items on order, future expected cash flow, and details about expenditures. 71. Krandolph Metals. is a manufacturer of aluminum cans for the beverage industry. Required: a. Draw two process maps to reflect the business processes at Krandolph. One process map should depict the purchase processes and the second process map should depict the cash disbursements processes. Refer to the separate Microsoft Excel file “Chapter 9 Solutions Process Maps.xlsx”. b. Draw two document flowcharts to reflect the records and reports used by these processes at Krandolph. One flowchart should depict the purchase processes and the second flowchart should depict the cash disbursements processes. Refer to the separate Microsoft Excel file “Chapter 9 Solutions Process Maps.xlsx”. This would be an excellent time to reinforce to students that the process map shows processes, but not document flow. Since the document flowchart does show document flows, it is easier to see where some potential control weaknesses exist when viewing the document flowchart. c. Describe any weaknesses in these processes or internal controls. As you identify weaknesses, also describe suggested improvements. Weakness: Inventory is ordered when it “seems low”. Improvement: There should be pre-established reorder levels for each inventory item.

9-20


Chapter 9 Solutions Purchases

Expenditures Processes and Controls –

Weakness: The inventory control department is not initiating orders by a purchase requisition. Improvement: An inventory control department should maintain inventory records and to complete purchase requisitions when inventory items reach the reorder level. Weakness: The purchase is automatically placed with the last (most recent) vendor used. Improvement: Purchasing agents should find the best price and not automatically use the last vendor. Weakness: No purchasing journal is used. Improvement: Purchasing updates the purchases journal as purchase orders are completed. Weakness: There is no mention of rejecting goods received for which there is no purchase order. Improvement: Have receiving compare goods to PO and reject shipments for which a PO does not exist. Weakness: No copy of the PO is forwarded to accounts payable. Improvement: A copy of the PO should be forwarded to accounts payable. Weakness: The receiving report is prepared from the packing slp rather than a separate count and inspection. Improvement: require receiving personnel to count and inspect goods and complete the receiving report based on this count. Weakness: No copy of the receiving report is forwarded to accounts payable. Improvement: A copy of the receiving report should be forwarded to accounts payable. Weakness: No copy of the receiving report is forwarded to inventory control. Improvement: A copy of the receiving report should be forwarded to inventory control so that inventory records can be updated. Weakness: Accounts payable prepares a cash disbursements voucher for all invoices and does not match the PO, invoice, and

9-21


Chapter 9 Solutions Purchases

Expenditures Processes and Controls –

receiving report before preparing the voucher. Improvement: Match the three documents to ensure it is a valid order that was received in good condition before the voucher is approved. Weakness: the cash disbursements department forwards a copy of the check to the general ledger department. Improvement: The cash disbursements department should send a summary journal voucher of check amounts, not a copy of each check. These subtotals are posted to the general ledger, not each individual check. Weakness: there is no indication of who signs (authorizes) the check. Improvement: some appropriate manager should review the documentation supporting the check, ensure sufficient cash exists, and sign the check. Weakness: There is no mention of a reconciliation of the bank account. Improvement: The Treasurer should reconcile the bank account. d. Draw two new process maps that include your suggested improvements. One process map should depict the purchase processes and the second process map should depict the cash disbursement processes. Refer to the separate Microsoft Excel file “Chapter 9 Solutions Process Maps.xlsx”.

72. The United States General Accounting Office (GAO), Office of Special Investigations was charged with investigating a potential purchase fraud case. The man who committed the alleged fraud was a former civilian employee of the Air Force, Mark J. Krenik. Required: Describe internal controls that should be in place at the Air Force to help prevent such fraud. Internal controls that may help prevent or detect this are: A policy requiring that any special handling instructions be approved by a manager above the person requesting the payment.

9-22


Chapter 9 Solutions Purchases

Expenditures Processes and Controls –

A policy requiring that a vendor cannot be paid unless that vendor has been approved and established in the system through the regular vendor approval system. A segregation of approval so that the person requesting the payment cannot also verify that work was completed or deliveries made. A policy requiring a periodic audit of expenditures by the internal audit department so that the fraud may have been detected sooner.

73. The document flowchart shows part of the purchases and cash disbursements processes for Wilson, Inc., a small manufacturer of gadgets and widgets. Some of the flowchart symbols are labeled to indicate operations, controls, and records. Required: For each of the symbols (numbered 1. through 12.), select one response (lettered A. through T.) from the answer lists below. Each response may be selected once or not at all. 1. 2. 3. 4.

C R F L

5. 6. 7. 8.

M O P H

9. 10. 11. 12.

9-23

T N I K


Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets

Turner/Accounting Information Systems, 3e Solutions Manual Chapter 10 Concept Check 1. c 2. a 3. b 4. b 5. c 6. d 7. c 8. a 9. a 10. d 11. a 12. a 13. d 14. a 15. d 16. a 17. c 18. d

Discussion Questions 19. (SO 1) Sales and inventory purchases are routine processes that occur nearly every day in a business. How are these routine processes different from payroll or fixed asset processes? The major difference is the frequency of occurrence. As stated in the question, sales and purchases are often undertaken daily. Payroll occurs on a fixed schedule such as every week, biweekly, or at month-end. Payroll transaction volume might be large, but only at these time intervals. Some payroll events occur only when employees are hired or fired. Fixed asset processes occur on an “as needed” basis. The volume of fixed asset transactions is relatively small compared to sales or purchase transaction volume. Depreciation of fixed assets occurs on a fixed interval, such as at year-end.

10-1


Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets

20. (SO 1) Even though payroll and fixed asset processes may not be as routine as revenue processes, why are they just as important? They are important because payroll and fixed asset transactions are related to two very critical resources. An organization must have employees and facilities (fixed assets) to operate. 21. (SO 2) Why do you think management should specifically approve all employees hired? It is a nonroutine process, and therefore, the volume of hiring is usually small enough to allow specific approval of each hire. Specific approval is important because hiring the right people is one of the most important keys to success in an organization. Also, hiring unethical people, or people with criminal backgrounds can be very detrimental to the company. 22. (SO 2) Why is it important that the human resources department maintain records authorizing the various deductions from an employee’s paycheck? First, state or federal laws require that employees authorize (allow) deductions from their salary or wages. Secondly, without adequate records, it would be difficult to ensure the correct deductions have been taken from employee wages. 23. (SO 2) Explain why an employee’s individual record is accessed frequently, but changed relatively infrequently. Typically, an employee’s basic information does not change frequently. For example, name, birth date, SSN, either never change, or rarely change. Other employee information such as address, pay rate, or deductions change infrequently. However, some of this information, such as pay rate and deductions must be accessed every time payroll checks are prepared. 24. (SO 2) Explain two things that should occur to ensure that hours worked on a time card are accurate and complete. Each employee should update their time card daily and a supervisor should check the time card and sign or initial it before it is forwarded to payroll for processing. If an employee does not update it daily, they are more likely to put inaccurate information on it simply because it will be harder to remember the specific start and end times of work. The supervisory approval serves as an independent check of the accuracy of the time card. 25. (SO 2) Explain the reasons that an organization would have a separate bank account established for payroll. A separate bank account for payroll makes it easier to account for payroll transactions and to distinguish these transactions from other cash disbursements.

10-2


Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets

26. (SO 3) What is the purpose of supervisory review of employee time cards? The supervisory approval serves as an independent check of the accuracy of the time card. 27. (SO3) Why is it important to use an independent paymaster to distribute paychecks? It is the best segregation of duties to have a separate paymaster to distribute any paper checks. A separate paymaster segregates the custody from authorization, preparation, and recording of paychecks. If these duties were combined, a person could commit payroll fraud such as creating a fictitious employee. A separate paymaster helps ensure only active employees receive paychecks. 28. (SO 3) Why do payroll processes result in sensitive information and what is the sensitive information? The amount of salary or wages is sensitive, as well as the types and amounts of deductions. Also, personal information such as SSN, dependents, address and phone numbers are sensitive. 29. (SO 4) Why is batch processing well-suited to payroll processes? Because it involves transactions that can be grouped and processed at a particular time. For example, all hourly workers might be required to turn in all time cards on Friday afternoon and be paid the next Tuesday. All of these time cards can be processed as a group on Monday. 30. (SO 4) What are the advantages of automated time keeping such as bar code readers or ID badges that are swiped through a reader? Using these automated methods eliminates human steps that are error prone. Thus, timekeeping becomes more efficient and more accurate. 31. (SO 4) What are the advantages of outsourcing payroll? Outsourcing payroll provides increased convenience, confidentiality, and protection from risk of liability for failure to submit tax withholdings and reports. 32. (SO 5) Fixed assets are purchased and retired frequently. Given this frequent change, why are clear accounting records of fixed assets necessary? Not only must the cost and resale value be accounted for properly, but depreciation can only be calculated accurately with proper records, and any gain or loss on sale is computed based on accurate records. 33. (SO 5) Why is it important to conduct an investment analysis prior to the purchase of fixed assets? Since the dollar investment can be large, and there is usually a limited capital budget, there must be an orderly process to determine the best use of capital funds. 34. (SO 5) Explain why categorizing fixed asset expenditures as expenses or capital assets is important. Miscategorization can have a dramatic

10-3


Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets

impact on financial statements and therefore, can mislead users of these statements. These amounts are usually large and therefore, have a larger impact than would other transactions such as sales or inventory purchases. If a fixed asset expenditure is classified as an expense, it will understate the balances sheet assets and understate net income. 35. (SO 5) What are some of the practical characteristics of fixed assets that complicate the calculation of depreciation? For many companies, there is a large number and type of fixed assets. These different asset types may have different service lives and different methods of depreciation. In addition, there are offer additions or retirements of fixed assets. Finally, the tax methods of depreciation for fixed assets may require two different sets of asset and depreciation records; one for financial statement purposes, and one for tax purposes. 36. (SO 6) What is different about the nature of fixed asset purchasing that makes authorization controls important? Fixed asset purchases can be very large amounts of money and in addition, choosing the right fixed assets is very important. Management should be purchasing the fixed assets that have a good return on investment. For these reasons, fixed asset authorization usually requires a higher level of management approval, and usually requires an investment analysis such as net present value. 37. (SO 6) Explain the necessity of supervision over fixed assets. Fixed assets must be located throughout the company where employees have direct access to them. Employees could not do their jobs without these fixed assets. Since fixed assets are readily accessible to many employees, supervision is necessary to ensure that the assets are used for their intended purpose, and that they are not stolen. 38. (SO 6) Why are some fixed assets susceptible to theft? In some cases, fixed assets are small or very portable. Examples would be laptop computers, hand tools, or vehicles. These would be easy to steal. Conversely, a large fixed asset such as a manufacturing robot would not be easy to steal. 39. (SO 7) Explain why a real-time update of fixed asset records might be preferable to batch processing of fixed asset changes. Often, fixed asset changes are non-routine transactions. Since the volume of these transactions could be small, and any one transaction might affect only a single asset record, real-time updates may be more appropriate. 40. (SO 7) Why is the beginning of a fiscal year the best time to implement a fixed asset software system? Because it eliminates any mid-year adjustments for depreciation that would be necessary.

10-4


Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets

41. (SO 7) What negative things might occur if fixed asset software systems lack appropriate access controls? It would be much easier for an employee to steal a fixed asset and alter the records to hide this theft. 42. (SO 8) Why might a supervisor collude with an employee to falsify time cards? In some cases, the supervisor might agree to the fraud so as to share in the extra money that results from the fraudulent pay. 43. (SO 8) How does the misclassification of fixed asset expenditures result in misstatement of financial statements? If something should have been recorded as a fixed asset gets recorded as an expenditure, it will understate assets and understate income. The opposite is true if an expenditure is misclassified as a capital asset – assets and income will be overstated.

Brief Exercises 44. (SO 2) Describe the type of information that a human resources department should maintain for each employee. They should maintain personnel records that include employee application, contract, resume, recommendation letters, interview reports, wage authorization, and and background investigation report. The records should also include employee address, SSN, employment history, information about authorized deductions, vacation and sick time accrued, attendance and performance evaluation records, work schedule, and promotion or termination records. 45. (SO 2) The calculation of gross and net pay can be a complicated process. Explain the items that complicate payroll calculations. Each employee’s deductions are likely to be different. In addition, the payroll formulas must be applied to every employee in the company, one at a time. The process is further complicated the fact that the inputs tend to change constantly. Each payroll period will include some changes in the number of hours worked, pay rates or withholdings. 46. (SO 3) Explain how duties are segregated in payroll. Specifically, who or which departments conduct the authorization, timekeeping, recording, and custody functions? Authorizing, timekeeping, record keeping, and custody of the paychecks should all be separated. Namely, the human resources department, which is responsible for authorizing new employee hiring and maintaining personnel files, should be separate from the payroll time reporting and record keeping functions, performed primarily by the payroll, cash disbursements, and general ledger departments. In addition, employees in each of these

10-5


Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets

departments should not have check-signing authority and should not have access to the signed checks or cash account. The person who distributes paychecks to employees, often referred to as a paymaster, should not have responsibility for any of the related payroll accounting functions and should not have custody of cash. The paymaster should also be independent of the departmental supervision responsibilities, so that it can be determined that paychecks are being distributed to active employees. Finally, information systems operations and programming related to the payroll processing should be separate from those responsible for custody of payroll cash and record keeping for these processes. 47. (SO 3) Explain the various reconciliation procedures that should occur in payroll. The number of hours reported on time sheets should be reconciled to the payroll register, and time sheets should be reconciled with production reports. Each of these reconciliations should be performed before paychecks are signed in order to ensure the accuracy of the underlying payroll information. In addition, the payroll register should be reconciled to the general ledger on a regular basis. Someone separate from the payroll processing functions should reconcile the bank statement for the payroll cash account on a monthly basis. 48. (SO 4) Explain the ways in which electronic transfer of funds can improve payroll processes. EFT can be used to directly deposit p[ay to employee bank accounts. This eliminates the printing and distribution of pay checks. The company can also use EFT to deposit taxes withheld and other employee withholdings. Finally, wage attachments that result from court proceedings can be transmitted via EFT. All of these EFT processes are faster and more efficient than the use of printed checks and mailing of checks. 49. (SO 5) Explain the kinds of information that must be maintained in fixed asset records during the asset continuance phase. For each fixed assets, there must be records of the asset cost, estimated life and salvage values, depreciation, maintenance records, and repair or improvement costs. 50. (SO 6) The authorization to purchase fixed assets should include investment analysis. Explain the two parts of investment analysis. The first part is financial justification using a model such as net present value, payback period, or internal rate of return. The use of these models requires that dollar estimates be determined for costs and benefits of the fixed asset. The second part would be a written narrative of the benefits; especially any benefits that are difficult to

10-6


Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets

quantify in dollars. A written narrative of the need for investment can help justify the expenditure when financial benefits do not immediately exceed costs. 51. (SO 8) Explain the types of unethical behavior that may occur in the fixed assets area. The use of estimates for useful lives and salvage values are an area where unethical managers can manipulate income statement or balance sheet amounts. Showing lower depreciation amounts can increase income and asset values above what they should be. In addition, misclassification of expenses as fixed asset expenditures can be used to show higher income and asset values.

Problems 52. (SO 2) Following is a time sheet completed by an hourly wage earner at Harold, Inc. Use Microsoft Excel to perform the following: a. Design an appropriate format for a data entry screen that could be used in the payroll department to enter information from this time sheet in the company’s payroll software program. See the excel file Problem 10-52.xlsx. b. Prepare a payroll journal. See the Excel file Problem 10-52.xlsx. 53. (SO 2) The text book Web site has a Microsoft Excel spreadsheet titled payroll_problem.xls. This spreadsheet is used by Naltner Company to calculate its bi-weekly payroll. Using the information in that spreadsheet, calculate all details for the February 22, 2008 payroll. Hours worked by each employee are contained in the first worksheet. The following four worksheets contain details for each of the three employees and a total of the three employees. The last worksheet contains federal tax withholding tables to calculate federal tax to withhold. You will calculate gross pay and deductions for all three employees. See the excel file payroll_problem_solution.xlsx. After students have completed the spreadsheet exercise, it might be a good discussion question to ask how a payroll software program would improve the efficiency and accuracy of the payroll process.

10-7


Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets

54. (SO 5) The text book Web site has a Microsoft Excel spreadsheet titled fixed_asset.xls. The spreadsheet represents a fixed asset subsidiary ledger for Brozzos Corporation. On July 3, 2008, Brozzos purchased for the office a multifunction printer/fax/copier from Brereton Office Supplies for $2,000. The machine has no salvage value and a four year life. Add a new ledger record for this machine and calculate and record the 2008 depreciation expense for all fixed assets. Brozzos uses straight-line depreciation with a half-year convention. See the Excel file fixed_asset_solution.xls. After students have completed the spreadsheet exercise, it might be a good discussion question to ask how a fixed asset software program would improve the efficiency and accuracy of the fixed asset processes. 55. (SO 6) Explain the process of approval of purchases for fixed assets. How does this process differ from that of purchasing raw materials? When a request to purchase a fixed asset is initiated by a manager, a formal investment analysis should occur. This would include a costbenefit analysis such as net present value, and a written justification of the benefits and costs, as well as any benefits and costs that are not easily quantifiable. There should also be an established capital budget and any fixed asset purchase request should be analyzed in comparison to other requests within that budget, and a determination made of the best use of the limited capital budget funds. Since fixed asset expenditures can involve large dollar amounts, there should also be specific authorization by a manager for the purchase. The company should have an established policy that identifies the level of managerial approval needed for various levels of expenditure. The processes mentioned above are most of the different processes for fixed asset purchases when compared to raw material purchases. One other difference is that requests to purchase raw materials generally originate in inventory control or production scheduling, the requests for fixed asset purchases would come from various managers of operating units within the enterprise. The other processes of the purchase, such as POs, document matching, and cash disbursements are similar to those processes for raw material purchases. 56. (SO 3) Using an Internet search engine, search for the phrase “biometric time clock” (be sure to include the quotation marks). Based on your search results, describe a biometric time recording system and

10-8


Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets

its advantages. A biometric time clock system uses unique physical characteristics of human beings to identify and record time for employees. Such biometric characteristics are finger print, hand print, face, retina, or voice pattern. The most commonly used biometric characteristic is the finger print. In a biometric time recording system, a company installs a scanner that reads the fingerprint and records the arrival and departure times. The advantage to the employee is the ease of use. The employee does not need to record times on a time card and does not have to use or keep track of an employee ID badge. The employer sees many advantages. Time keeping is more accurate and complete, payroll accuracy is increased, employees are identified with certainty and building security is increased. In addition, it eliminates “buddy punching” where one employee activates the time clock for a coworker who is actually absent. 57. (SO 7) Using an Internet search engine, search for the phrase “fixed asset software” (be sure to include the quotation marks). Examine the results to find companies that sell fixed asset software. List and explain some of the features of fixed asset software that these companies use as selling points for their software. One software vendor (http://www.realassetmgt.com/fixed-assetmanagement-software.html lists the following benefits: Multi-company, multi-currently, and multi-lingual capabilities. Easily access a complete audit trail with history/actions performed by all users. Calculate depreciation for one book or multiple books (state, federal and corporate). Compute and retain depreciation figures for past, current and future periods. Create ‘Parent/Child’ asset relationships to establish key dependencies and hierarchies. Produce a full range of standard and customized reports and forecasts. Set user-defined data and description fields (up to 30 levels of analysis). Conduct full and partial asset disposals, transfers, relifes, revaluations and splits. Upload images of assets for identification purposes. Adapt quickly to the familiar Windows® inspired interface. Comply with corporate governance regulations such as the SarbanesOxley Act.

10-9


Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets

Utilize seamless links to project cost control module. Take advantage of fixed asset tracking capabilities. Directly import raw data, in a range of formats. Access your fixed asset register remotely. Establish individual or group access rights for security purposes. Quickly add new asset details in a single input screen. A simple process for depreciation calculations whether for individual assets or groups of assets. Several methods of depreciation including Straight Line, Double Straight Line, Reducing Balance, Variable Rate, Adjusted Declining, Digressive, MACRS, ACRS, adjustments and Residual, Multiple Units of Production (MUOP) and Non Depreciating The ability to forecast depreciation as far into the future as desired. The ability to recalculate the current period’s depreciation to reflect updates in the asset register. A powerful, built-in report engine that provides more than 100 standard reports and thousands of customizable reports. A full audit history for events including disposals, transfers, asset splits, relifes and revaluations can be accessed in seconds. The ability to physically and financially move an asset from one cost center to another without re-keying information. The software can display asset images and associated documents such as emails, invoices, purchase orders and contracts. 58. (SO 8) Read the article at this link: http://www.offthegridnews.com/privacy/how-car-insurance-companiesare-tracking-your-every-move/ Describe any ethics considerations in using such technology. Consider both the company and employee perspectives. Also discuss whether you believe the use of this device could be an internal control for the company. Yes, it is ethical for a company to use such devices because they have a valid business related purpose. As stated in the article, they would use it to monitor driving habits. This enables the insurance company to create patterns of drivers and categorize dangerous versus safe drivers. Those placed in the safe category might realize significant savings in their car insurance. Without these devices, the insurance company would rely on traffic reports for accident data and history of traffic violations to categorize its drivers. There are a number of reasons why such data may be incomplete with regard to a driver’s actual safety practices. Therefore the company has many valid reasons to monitor the use of these vehicles.

10-10


Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets

Students may wish to advance an argument that such “spying” or monitoring by the company is unethical. This could be a very rich and fruitful discussion. From the customer’s perspective, the ethical behavior is drive in a safe manner. Customers may feel that the monitoring technology is ethical as long as they are notified of its use and purpose. This line of thinking should also be an interesting and fruitful class discussion. Yes, it is an internal control to prevent or detect abuse of the service (an insurance policy) provided by the insurance company. This type of internal control is intended to safeguard the company’s assets. The tracking device helps ensure that the customer’s vehicle is not misused and that company funds are not misused by paying out insurance claims for drivers who do not operate their vehicles safely. As is true for any internal control, the company would have to determine whether the use of this technology is cost effective. There are two types of cost: tangible, measurable cost of buying and maintaining the tracking systems; and intangible costs associated with a decrease in customer satisfaction caused by customers feeling that they are constantly monitored by “big brother. There could also be tangible costs associated with losing customers as a result of adopting this tracking policy. The company must determine if cost savings from using the tracking system offsets the tangible and intangible costs. 59. (SO 8) Using an Internet search engine, search for the terms “Patti Dale” and “theft” (be sure to include the quotation marks around the name). Explain the unethical behavior that occurred. Also, explain any internal controls that you believe were missing or not followed in this case. Patti Dale was a 20 year employee of the University of North Texas who organized a payroll fraud scheme that resulted in the theft of $255,185 from UNT. She allowed students and friends of her son to falsify payroll time sheets. She issued paychecks for work not done and received a kickback from these students. She also fraudulently hired friends of her son and paid them for work they did not do. It appears the most important internal control missing is segregation of

10-11


Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets

duties. No single person should authorize hiring and approve time cards. It appears her supervisor, the Dean, should have been approving time cards. An automated system of time keeping such as ID badge swiping or biometric record keeping systems would have reduced the falsified time records. Ms. Dale also submitted over $65,000 in falsified travel expenditures.

Cases 60. Glazer Company is a small manufacturing firm with 60 employees with seven departments. Required: Describe any improvements you would suggest to strengthen the payroll internal controls at Glazer. Currently, the department managers hire employees and distribute paychecks. This gives managers the opportunity to create fictitious workers and have custody of those checks. The improvement would include two things. Final hiring approvals should be in the HR department, not the department managers. Paychecks should be distributed by independent paymasters, not the department managers. Currently, the pay rate is written on the employee W-4 by the department manager. The HR department should determine pay rates. Time cards are now kept in a holder near the door and workers keep them all day. This gives employees too much opportunity to misuse time cards. They can easily be stolen, altered, or use for “buddy punch” where an employee clocks in for his buddy. Time cards should be more secure or the company should use a more advanced solution such as automated time keeping through ID badges or biometric time recording. Currently, the time cards are removed fro the holder on Friday and taken to payroll by “an employee who is not busy”. Two improvements are needed. First, the supervisor should review and approve each time card. Second, there should be a designated person charged with delivering time cards to payroll.

10-12


Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets

Rather than the manager calling the payroll department to report pay rate changes, there should be written documentation of pay rate changes using a personnel action form. Without such documentation, there is no audit trail of rate changes. In addition, a manager may suggest rate changes, but final approval should occur in the HR department. The company should use an imprest payroll account for paychecks rather than the regular checking account. There is no mention of the cash disbursements department approving a check from the regular account to be deposited in the payroll account. This should occur if a separate payroll account exists. 61. Rossi Industries has payroll processes as described in the following paragraphs. Required: a. Prepare a process map of the payroll processes at Rossi. Refer to the Microsoft Excel file “ch10_solutions_process_maps.xlsx”. b. Identify both internal control strengths and internal control weaknesses of the payroll processes. STRENGTHS There is a separate HR department involved in hiring and terminations, including the completion and approval of documents related to hiring and terminations. Hiring, terminations, and pay rate changes are all initiated by HR on personnel action forms. This creates proper approval and an audit trail. Two copies of each paycheck are generated: the original is forwarded to cash disbursements and a copy goes to accounts payable. Cash disbursements, not payroll signs the checks. The payroll department, the proper department to do so, is updating the payroll ledger. WEAKNESSES An automated time keeping system would be more accurate and less susceptible to fraud. There is no supervisory approval of time cards.

10-13


Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets

There is no reconciliation or independent check of employee hours worked. There is no separate payroll checking account. There is no mention of vouchers for payroll that are forwarded to cash disbursements so that a check can be written to the payroll account for the total of the payroll. There is no independent paymaster to distribute checks. Unclaimed checks are returned to payroll, not a paymaster. c. For any internal control weaknesses, describe suggested improvements. Purchase and use an automated time keeping system. Have supervisors approve time cards before they are forwarded to payroll. There should be a reconciliation to job cards or an independent verification of hours worked. Use a separate bank account for payroll. Accounts payable should prepare a voucher for the total payroll amount and cash disbursements would write a check to be deposited in the payroll account. An independent paymaster should distribute checks. Unclaimed checks should go to a department not involved in the authorization or preparation of paychecks. For example, they could be returned to internal audit. 62. Wilson Enterprises is a mid-size manufacturing company with 120 employees and approximately 45 million in sales. Required: a. Identify any internal control strengths and weaknesses in the fixed asset processes at Wilson. Explain why each of those that you identify are strengths or weaknesses. STRENGTHS There is a process to identify benefits and costs for new asset requests. There is an independent review of costs and benefits of proposed assets by the finance department. A discounted cash flow analysis is undertaken before purchase. There is a pre-established capital budget.

10-14


Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets

A high level manager must approve asset purchases. Payment is not made until the PO, receiving report, and invoice are matched. The accounts payable department updates the accounts payable subsidiary ledger and fixed asset records. WEAKNESSES A set of levels of approval, dependent on the amount of the asset, have not been established. The VP of operations may not necessarily need to exhaust all funds. If there are not enough asset proposals with acceptable cost-benefit, then it would be better to not spend all funds. Buyers should receive bids on assets, especially those assets with very high purchase price. Assets are always delivered to a user department, rather than receiving. b. For each internal control weakness, describe improvement(s) in the processes to address the weakness. Establish higher levels of managerial approval for assets with higher costs. Establish a policy that assets must meet some minimum level of discounted cash flow return before the purchase can be approved. Establishing a bid process for assets that exceed a certain dollar amount. When practical, fixed assets should be delivered to receiving for count and inspection. This may not be possible for fixed assets such as those that must be installed at the user location. 63. The Crishner Company has the following processes related to fixed assets. Required: Describe any improvements you would suggest to strengthen the fixed asset internal controls at Crishner. There should be a more formal approval process that would include: identification of costs and benefits, a discounted cash flow analysis, a specific authorization from a high level manager. There should be established expectations of return on investment that

10-15


Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets

assets must be expected to achieve before purchase is approved. A bid process should be established for assets of high value. When practical, fixed assets should be delivered to the receiving department. This may not be possible for fixed assets such as those that must be installed at the user location. Expected life and salvage values should be estimated for each asset instead of using the same values as the previous purchase. 64. (CMA Adapted) Rider Co. makes automobile parts for sale to major automobile manufacturers in the United States. Required: Identify any internal control weaknesses and suggest improvements to strengthen the internal controls over machinery and equipment at Rider. Weakness: The asset purchase approval process lacks many important processes. Improvement: There should be a more formal approval process that would include: identification of costs and benefits, a discounted cash flow analysis, a specific authorization from a high level manager. Weakness: Asset purchases are approved as long as funds exist. Improvement: There should be established expectations of return on investment that assets must be expected to achieve before purchase is approved. Weakness: There is no bid process, or a process to find the best price on the asset. Improvement: A bid process should be established for assets of high value. Assets of lesser value may not need a bid process, but there should be a price comparison of two or more vendors to find the best price. Weakness: Assets are not inspected at the receiving dock. Improvement: When practical, fixed assets should be delivered to the receiving department and inspected for damage before delivery to the user department. This may not be possible for fixed assets such as those that must be installed at the user location. Weakness: Depreciation methods, rates, and salvage values have not

10-16


Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets

been changed for 10 years. Improvement: Depreciation methods, rates, and salvage values should be reviewed each year. Weakness: It appears the characteristics of each assets are not evaluated in setting salvage values and life. Improvement: Expected life and salvage values should be estimated for each asset. Weakness: The plant manager notifies property accounting of retirements, but it does not indicate that any documents are prepared, or that approval is necessary. Improvement: Formal documents should be prepared for asset disposals and retirements, with proper managerial approval and established policies for handling disposals and retired assets. Weakness: There is no reconciliation of fixed assets to fixed asset records. Improvement: a yearly count of fixed assets and reconciliation to the fixed asset records should occur.

10-17


Chapter 11 Solutions

Conversion Processes and Controls

Turner/Accounting Information Systems, 3e Solutions Manual Chapter 11

Concept Check 1. d 2. d 3. c 4. c 5. a 6. c 7. c 8. a 9. c 10. d 11. c 12. b 13. b 14. d 15. d

Discussion Questions 16. (SO1) What are the three resources that an organization must have to conduct a conversion (or transformation) process? The three resources are materials, labor, and overhead. 17. (SO1) Does a conversion process occur in manufacturing companies only? Why or why not? All companies have a conversion process. That is, all companies use resources to provide an output for customers. Even in the case of service companies, or non-profit organizations, there are conversion processes. Manufacturing companies typically have more complex conversion processes. 18. (SO1) Why are conversion activities typically considered routine data processes? Within conversion processes, there are daily, routine processes that occur. For example, laborers may assemble parts every day. Since these processes occur daily, and repetitively, they are routine. 19. (SO2) Differentiate between a bill of materials and an operations list. The bill of materials is a list of materials and components that are ingredients to manufacture a particular product. The operations list is the set of steps or operations, in the necessary sequence, to manufacture a product. The operations list includes the locations, resources, and standard timings. 20. (SO2) Differentiate between the role of engineering and the research and development department. Research and development focuses on improvement of 11-1


Chapter 11 Solutions

Conversion Processes and Controls

products or product lines. It is intended to develop new products, or improvements to existing products. Engineering designs the detailed specifications for each product to be manufactured. Research ad development would have a more future focus that engineering. 21. (SO2) What are the two types of documents or reports are likely to trigger the conversion process? A sales order or a sales forecast would trigger the conversion process. Manufacturing would not be started until a need for products was documented on either a sales order or sales forecast. 22. (SO2) What are the three primary components of logistics? They are planning, resource management, and operations. Planning is concerned with which products will be made, how many of each of these products, which resources are required, and the timing of production. Resource management is the monitoring and controlling of the use of resources such as the facilities, human resources, and inventory. Operations is the day-to-day performance of production activities. 23. (SO2) What types of information must be taken into consideration when scheduling production? The information that should be considered includes all open sales orders, inventory needs, and resources available. 24. (SO2) Differentiate between a routing slip and an inventory status report. A routing slip documents materials removed from the storeroom and placed into production. An inventory status report documents the extent of work completed and the levels of inventory at the various stages of completion. 25. (SO2) What are the conversion responsibilities of the maintenance and control, inventory control, inventory stores, and human resources departments? Maintenance and control maintains the fixed assets such as production facilities, machinery, equipment, and vehicles. Inventory control manages and records the movement of materials and inventory. Inventory stores controls the raw materials held in storage that will eventually be used to produce goods. 26. (SO2) What is the purpose of an inventory status report? An inventory status report documents the extent of work completed and the levels of inventory at the various stages of completion. 27. (SO2) What is the overall goal of the inventory control department? Its purpose is to manage and record the movement of materials and inventory throughout the production process. 28. (SO2) What is the purpose of the Quality Control department? The purpose is to inspect products and to allow products that meet quality standards to be moved to a warehouse or shipping area. Products that do not meet quality standards are returned to production for rework or they are scrapped. 29. (SO3) What is the purpose of determining standard costs? Standard costs are used as benchmarks of comparison for actual costs. Comparing actual costs to standard costs allows managers to determine whether excessive resources are being used in production. 30. (SO3) What should be done when unfavorable variances are discovered? These differences (variances) help pinpoint problem areas in production. Since unfavorable variances result from actual costs that exceed standard costs, they may indicate that excessive resources are being used in production. This information could be used to improve logistics in the conversion processes.

11-2


Chapter 11 Solutions

Conversion Processes and Controls

31. (SO3) Why would perpetual inventory records be preferable to periodic inventory records in a manufacturing company? With perpetual inventory records, management always has up-to-date information about inventory levels. Having such information improves the ability to plan production schedules and to plan purchases of material. 32. (SO4) Which three activities in the conversion process should require specific authorization before they are begun? The three processes that should require specific authorization are: initiation of production orders; issuance of materials to production; and transfer of finished goods. 33. (SO4) Why is it important to separate the functions of inventory control and the production stations? What could go wrong if these functions were not separated? Inventory control maintains records of inventory, while production stations have custody of materials during production. Custody duties and recording duties for raw materials and good being produced should always be segregated. If these duties are not segregated, one person has both custody and record keeping duties. That person could steal materials or goods and alter records to cover up the theft. 34. (SO4) Why is it so important that variance reports be prepared in a timely manner? Variances serve as independent checks on the accuracy and completeness of production costs. They also indicate to management where changes may need to be made to improve the production processes. If variances are not examined on a timely basis, they are much less effective in serving the functions of independent checks. 35. (SO4) Explain how a physical inventory count would be used differently by a company using a perpetual inventory system vs. a period inventory system. In a perpetual inventory system, a physical inventory count is used to verify the accuracy of inventory records. If a difference exists between the inventory balances and a physical count, perpetual inventory records are adjusted to ensure that the recorded balances equal the physical count. In a periodic system of inventory, there is no ending balance in the records and the physical count is used to determine the balance to place in the inventory control records. 36. (SO5) When IT systems are used in conversion processes, what are some of the resulting advantages to the organization? There are often gains in productivity and flexibility, with reductions in time and cost. Also, IT systems often integrate processing applications, planning, resource management, operations, and cost accounting. This increases workforce efficiency and reduces paperwork and costs. 37. (SO5) How can programmed controls within the IT system for conversion processes enhance internal controls? There are several ways that programmed controls enhance internal control. First, validation of data can detect input errors before actions are initiated. Also, the system may be programmed to issue error reports for errors or unauthorized events in production. As examples, the system could issue error reports if a work-in-process record is not generated for a production order, or if the same operation is performed at multiple work stations, or when an employee performs incompatible operations. 38. (SO5) What is the difference between CAD, CAM, and CIM? CAD is computer aided design. By using the computer in the design process, it becomes more effective ad efficient. CAM is computer aided manufacturing. I usually involves

11-3


Chapter 11 Solutions

Conversion Processes and Controls

computer controlled robotics to perform production procedures. CIM is computer integrated manufacturing. It encompasses more than CAM because it integrates financial and cost accounting, along with computer controlled manufacturing. That is, the computer controls robotic manufacturing, and also captures, records, and maintains accounting information about production processes. 39. (SO5) What is the difference between MRP, MRP-II, and ERP? All three are software systems. MRP is materials requirement planning and it is used to plan, coordinate and track materials in a manufacturing process. MRP II is manufacturing resources planning software. An AMR II system is more comprehensive and includes the ability to plan, coordinate, and track manufacturing resources. This would include materials, labor, and facilities. ERP is enterprise resource planning system. It is software that helps plan, coordinate, and track all enterprise resources. Thus ERP is more encompassing than MRP II, and MRP II is more encompassing than MRP. 40. (SO6) How can conversion processes be manipulated to show higher earnings? Cost accounting uses absorption costing in which fixed overhead is applied to units produced. When excess units are produced, these excess units become part of ending inventory, and the fixed overhead attached to those units is set aside in ending inventory. Therefore, as more units are added to ending inventory, more fixed overhead is deferred and net income becomes higher. Income can be manipulated by producing more units than needed and putting those units in ending inventory.

Brief Exercises 41. (SO1) Consider a company that is in the business of producing canned fruits for grocery stores. (It is not in the business of growing the fruit.) List the items that would likely be included as this company’s direct materials, direct labor, indirect materials, and other overhead. The direct materials would be many different kinds of fruits such as pineapple, peaches, grapes, cherries, pears, and mandarin oranges. The direct materials could also include sugar or fructose. The indirect materials might be water. Direct labor would be those workers that work directly in the cleaning, peeling, slicing, and packaging of the fruit. Even if these processes are automated, rather than manual, the workers who operate the slicing or packaging machinery are direct labor. Other overhead includes other costs of running the canning operation that are not direct materials or direct labor. This could include utilities, rent, depreciation, machine maintenance, and supplies. 42. (SO2) Give some examples of manufacturing processes that would fit into each of the three different types of production processes: continuous processing, batch processing, and custom made-to-order. Continuous processing examples: Soft drink bottling, beer bottling, frozen meal processing (Lean Cuisine, Banquet), cereal, toy making such as dolls, electronics

11-4


Chapter 11 Solutions

Conversion Processes and Controls

manufacturing such as i-pods, power generation as in coal-fired plants. Examples of batch manufacturing might be: wine making, gasoline production, prescription pill production. Many things that could be continuous production might also be made in batches for convenience or efficient use of machinery. For example, equipment to bottle soft drinks might be used for a few hours to bottle a batch of Pepsi, then be cleaned and set to produce a batch of Mountain Dew. Examples of custom, made-to-order manufacturing would include consumer products identified as customized. For example, BeyondBikes.com makes custom mountain bikes using specific parts chosen by the customer. Also, many companies make custom manufactured products for other companies. Examples would include specially machined parts or components, custom made manufacturing machinery or tools, and print shops that print custom made printed material. 43. (SO2) List and describe each activity within the Planning component of the Logistics function. Planning includes: research and development, capital budgeting, engineering, and scheduling. Research and development is the design of new products, or the redesign of existing products to improve the existing products. Capital budgeting is the planning needed in the outlay of funds to acquire capital assets. Capital assets include the facilities and equipment needed to conduct operations. Engineering develops the product specifications for each product, to include the bill of materials and the operations list. Scheduling sets the timing for production activities. Scheduling should minimize idle time and schedule products to meety the demands of the sales forecast or inventory needs. 44. (SO2) Some companies use the same facility for both inventory stores and warehousing. Describe the difference between these two inventory control activities, and how the respective areas might be distinguished within the facility. Inventory stores usually is the term used for raw materials or components used as inputs to manufacture products. A warehouse is the storage location for finished products. Thus, inventory stores is the storage for inputs, while the warehouse is storage for the out puts. Since both are physical storage locations for manufacturing facilities, they have common needs for security and physical controls, as well as proper and accurate record keeping. 45. (SO2) For the following activities within the conversion process, place them in sequence that indicates the order in which they would normally be performed:  Preparation of a production schedule  Preparation of a bill of materials  Materials issuance  Preparation of time sheets  Inspection of goods

11-5


Chapter 11 Solutions 

Conversion Processes and Controls

Preparation of an inventory status report

46. (SO 2, 3) Describe the purpose of each of the following cost accounting records or reports: a. Work-in-process and finished goods inventory accounts. Both are inventory accounts to track the amount of goods in process and the quantity of completed goods respectively. b. Bill of materials. It specifies the quantities needed of each raw material or component to manufacture a particular product. c. Variance reports. Variance reports show differences between actual costs and standard costs (expected costs). These reports are used to pinpoint problem areas that may require logistics changes to improve the manufacturing process. d. Routing slips. The routing slip is used to document the movement of material. This tracks the physical movement of materials in the conversion process. 47. (SO3) Describe how a cost accountant would cancel a production order upon completion of the related product. Why is this important? The documentation for the order, called the production order, should be marked in a manner to show it is complete. For example, a cost accountant might sign a particular line to show it is completed, or stamp the production order with the word “Completed”. This cancelling of the document is important so that the exact status of the order is clear and so that the document may not be misused to commit fraud. For example, an production order not cancelled could be used to fraudulently begin a new production run so that the products could be stolen. 48. (SO4) When taking a physical inventory count at a typical manufacturing facility, which category of inventory (raw materials, work-in-process, or finished goods) is likely to be the most time-consuming to count and determine the relevant costs? Why? Work-in-process is likely to be the most time consuming. This is because the workin-process includes all units in production at various stages of completion and these units could be located at many different work stations or work centers. Tracking the location, quantity, and stage of completion for each work-in-process unit would be more complex than tracking units of raw materials or finished goods. 49. (SO4) Identify several factors that indicate the need for more extensive internal controls covering conversion processes. The factors include: the number of products made; the value or size of products (valuable or small products are more likely to be stolen), high levels of inventory movement, inventory held at various locations, and inventories that are difficult to

11-6


Chapter 11 Solutions

Conversion Processes and Controls

value. 50. (SO5) Using the table below, match the IT systems on the left with their definitions on the right: CAD – a. A network including production equipment, computer terminals, b and accounting systems. CAM – b. Electronic workstation including advanced graphics and 3-D g modeling of production processes. MRP – c. Automated scheduling of manufacturing resources, including f scheduling, capacity, and forecasting functions. MRP-II d. The minimization of inventory levels by controlling production so –c products are produced on a tight schedule in time for their sale. RFID - e. A single software system that includes all manufacturing and h related accounting applications. ERP – f. Automated scheduling of production orders and materials e movement. CIMs – g. Production automation, including use of computers and robotics. a JIT –d. h. The use of tiny tags affixed to inventory items to automatically monitor movement and to account for the various stages of processing.

Problems 51. (SO2) Suppose a company has 1,000 units of a raw material part on hand. If 750 of these units are routed into production, should the company place an order to stock up on more of these parts? In order to answer this question, determine the economic order quantity (EOQ) for this part assuming that: a. the company plans to use 10,000 units during the coming year b. the company orders this part in lots of 1,000 units, and each order placed carries a processing cost of $2.50 c. each unit of inventory carries an annual holding cost of $6.40. Take the square root of (2 x 10,000 x 0.)/6.4 = 2.8 batches, round to 3 batches of 1,000. The reorder point 52. (SO4) Suppose a company is experiencing problems with omitted transactions in the conversion process; i.e., inventory transactions are not always being recorded as they occur. Use Exhibit 11-8 to describe at least three internal controls that should be in place to help alleviate such problems. To better ensure that all inventory transactions that occur are properly recorded. These three controls would be important. 1) All production orders and routing forms should also be on pre-numbered forms. This reduces the risk that a transaction will be overlooked because the entire sequence of documents must be accounted for

11-7


Chapter 11 Solutions

Conversion Processes and Controls

when recording the inventory movement. 2) There should be a segregation of those who maintain inventory custody from those who maintain records. If these duties are not segregated, a person could authorize extra production of inventory, but not make any records of that inventory, and therefore, have the capability to steal this excess inventory. 3) Each inventory production order transaction must be properly authorized in the manner prescribed by management. Without a clearly defined authorization procedure, extra production can be initiated that is never recorded in inventory records. 53. (SO5) Using an Internet search engine, search for the terms “CAD” + “industrial robots”. Identify a company (name and location) that provides manufacturing automation using robotics. Describe some of the robotic operations that are featured on the company’s website. FANUC Robotics America is the leading supplier of robotic automation in the US. They provide robotics for assembly, packing, parts transfer, material removal, welding, and painting. There are too many robotics to explain each, but as an example, FANUC sells a P-10 door opener that is a vertically articulated robot designed specifically for opening automobile and truck doors to facilitate robotic interior painting. There are other companies that provide industrial robots, including KUKA, Epson Robotics, Denso, Yaskawa Motoman. There are many other companies and a student might find names other than these. 54. (SO5) Using an Internet search engine, search for the terms “just in time” + “automotive”. Based on the results you find, explain why just in time inventory systems are such an important factor in the competitive automotive industry.

Just-in-time production systems are intended to be efficient methods to produce cars, but yet maintain smaller inventories of the various parts and pieces needed to produce a car. Under a just-in-time system, the parts are delivered to the production floor right at the time they are needed. It saves companies the cost of storing and moving these parts and can save related costs such as insurance and taxes on inventories. It is part of the entire philosophy of “lean manufacturing” that increases manufacturing efficiency and reduces costs. In the automotive industry, Toyota developed the use of JIT in the 1970s and other auto manufacturers adopted it soon thereafter. However, many auto manufacturers have begun to rethink the use of JIT. In March of 2011, Japan experienced a large earthquake that shutdown auto manufacturers and many of the companies that supply parts. The sales of Japanese manufactured cars were really reduced because auto assembly lines had to be shut down due to lack of parts. In addition, the manufacture of auto parts is a very competitive market. Many automotive part makers have shut down, leaving only a few suppliers of some types of parts. If a natural disaster occurs that affects one or more of those few plants, the auto

11-8


Chapter 11 Solutions

Conversion Processes and Controls

manufacturers are at risk of running out of parts. For example, one German plant made one-fourth of the world-wide supply of a nylon component used in plastic fuel lines. An explosion at the plant interrupted production and the impact on auto manufacturers could be drastic. 55. (SO6) Explain how the over-production of inventories can be seen as unethical in an absorption costing environment. In absorption costing, fixed overhead is allocated to each unit of inventory. Thus, overproduction that leads to increased levels of finished goods inventory results in more fixed overhead in the ending inventory valuations. A higher ending inventory valuation leads to lower cost of goods sold and thereby, higher net income. If the only purpose for this overproduction is to manipulate net income, it is unethical because it misleads those who use the financial statements. 56. (SO6) Price discounts are commonly used in the business world as incentives for customers. How is it that this practice (or its misuse) may be deemed unethical? If it is used as a coercive tactic to lure customers into purchasing early, and therefore increasing profit in a given year, it can be unethical. This is true if the major intent is to inflate profits. Certainly, there are legitimate reasons to grant discounts, but it becomes unethical when the intent is to use discounts to inflate sales. 57. SO3) Austin Bar Supply manufactures equipment for bars and lounges. While the company manufactures several different products, one product is a blender that bartenders use to make certain kinds of drinks. Using information in a spreadsheet template provided, complete the requisition form to calculate the quantity and cost of the parts needed to manufacture a batch of 500 bar blenders. From the book Web site http://www.wiley.com/college/turner, you can download a spreadsheet template named requisition.xls. To look up the cost from the price list sheet, you will use a spreadsheet function called VLOOKUP. Be sure to design your formulas in a way that will incorporate changes in the batch size, or changes to costs of individual parts. See “requisition solution.xls” on the book website.

58. (SO 5) Using an Internet search engine, locate a publication entitled “RFID Journal”. Find a recent article that describes the use of RFID in manufacturing. Briefly describe the example(s) discussed in the article. This answer will vary tremendously depending on the article chosen by the student. At the time this solution was written, a current article on the web is the following: http://blog.atlasrfidstore.com/what-is-rfid-used-for-in-applications. It

11-9


Chapter 11 Solutions

Conversion Processes and Controls

identifies logistics and supply chain management, inventory tracking, materials management, and fixed asset tracking as typical uses. However, it also provides other uses outside of these areas that are innovative. These uses include tool tracking, self-serve kiosks such as DVD rental, laundry management, and interactive marketing. In a July 2012 article, typical RFID tags use at New Sunshine is described. New Sunshine is a manufacturer and distributor of tanning lotion products sold to tanning salons. These are expensive lotions that sell for prices up to $140 per bottle. New Sunshine had been searching for a way to reduce product diversion and counterfeiting. Product diversion is the, “rerouting of items for sale through unauthorized, unofficial or unintended channels.” Such diversion damages the brand and customer loyalty. These RFID tags monitor the bottle during shipping to the customer (the tanning salons). A summary paragraph from the article best describes the use of the RFID tags. In this way, the lotion company can maintain a record of when each specific carton and bottle packed within that carton was shipped, as well as its intended recipient, such as a distributor or a salon. If the product then appears within another supply chain stream, such as being sold by an unauthorized merchant, a record has been established as to when that product was initially shipped, and to whom, thereby enabling New Sunshine to more easily trace the diversion.

Cases 59. Bloomington Enterprises documentation and internal controls..

Required: a. Draw a process map of the conversion processes at Bloomington Enterprises. Refer to the separate Microsoft Excel file “Chapter 11 Solutions Documentation.xls”. b. Draw a document flowchart showing the records used in Bloomington’s conversion processes. Refer to the separate Microsoft Excel file “Chapter 11 Solutions Documentation.xls”. c. List any strengths and weaknesses in Bloomington’s internal control procedures. For each weakness, suggest an improvement. STRENGTHS When a production schedule is prepared, the quantities of raw materials are check and if needed, a purchase requisition is prepared. The initiation of the purchase requisition is segregated from Purchasing. Cost accounting is segregated from authorization and custody functions.

11-10


Chapter 11 Solutions

Conversion Processes and Controls

Standard costs are used and variances are calculated and monitored. The general ledger responsibility is segregated from all other authorization, custody, and record keeping functions. The general ledger is only updated based on journal vouchers received from other departments. WEAKNESSES Louis Tyson, in the stores department, has custody of inventory and the record keeping responsibility for inventory. The record keeping responsibility should be assigned to someone who does not have authorization or custody of inventory. Kathy Williams, in production planning, is ordering materials from stores based on a sales forecast and material requisition forms. However, it is not possible to know how much material is needed until the bill of materials is analyzed. As the case reads, she prepares the bill of materials after ordering materials. These steps should take place in the opposite order. She should take the sales forecast, then analyze the bill of materials for that product, multiply the number of units to be produced times the quantities on the bill of materials, and then prepare a materials requisition based on these quantities. Kathy Williams has custody of inventory as the supervisor, and is also responsible for authorization of production. These two duties should be segregated. Ideally, production planning should be completely segregated from the production room activities. An inventory subsidiary ledger is mentioned, but there is no mention of a reconciliation to the general ledger. There should be a periodic reconciliation of the subsidiary ledger to the general ledger. Job cards are not reconciled to time cards. Cost accounting should reconcile to lessen the chances or errors or fraud. d. Describe any benefits that Compton Falls may receive by installing newer IT systems within its conversion processes. Be specific as to how IT systems could benefit each of the processes described, or how they could eliminate any weakness identified per c. above. IT systems could enhance Bloomington’s IT system. If the conversion process components were integrated, the related inventory and personnel records could be maintained online. This would enable job cards to be automatically prepared from time cards, so the reconciliation would be conducted by the system. In addition, an inventory/general ledger interface would eliminate the need for a manual reconciliation of the two records. Furthermore, this would ease Kathy William’s responsibility for ordering materials, as she could easily access the bill of materials to facilitate accuracy of her ordering. These features would greatly enhance efficiencies in the conversion processes at Bloomington. Some IT systems could even monitor inventory levels and automatically order

11-11


Chapter 11 Solutions

Conversion Processes and Controls

and dispatch materials as needed. These systems, such as MRP II or ERP systems may be too expensive for this size company. 60. Ski Slope, Inc. documentation and internal control weaknesses. Required: a. Draw a process map of the conversion processes at Ski Slope. Refer to the separate Microsoft Excel file “Chapter 11 Solutions Documentation.xls”. b. Draw a document flowchart showing the records used in Ski Slope’s conversion processes. Refer to the separate Microsoft Excel file “Chapter 11 Solutions Documentation.xls”. c. List any strengths and weaknesses in Ski Slope’s internal control procedures. For each weakness, suggest an improvement. i. Weakness: Alex Barton, in the storeroom has physical custody of inventory and also maintains inventory records. Improvement: Assign the maintenance of inventory records to a person who does not have access to inventory. ii. Weakness: Eli Walters prepares authorization documents such as production schedules and production orders, and he also manages the production process. Improvement: Ideally, the authorization to begin production should be segregated from those doing or managing the production. iii. Weakness: Alex Barton forwards his copies of the bill of materials and routing slips to cost accounting. Since these are the only copies that are forwarded to cost accounting, and since Thom has custody of inventory, he could steal inventory and alter these documents to hide the theft. Improvements: segregation of duties as mentioned in (i) above, as well as separate copies of the bill of materials and routing slips could be forwarded to cost accounting from production planning. iv. Weakness: Job cards are not reconciled to time cards. Improvement: Cost accounting should reconcile to lessen the chances or errors or fraud. v. Weakness: There is no mention of an inventory subsidiary ledger. Improvement: An inventory subsidiary ledger should be maintained by someone who does not have authorization or custody functions within inventory. Ideally, an Inventory Control department would maintain such records, but this company may not be large enough to have a separate inventory control department. vi. Weakness: There is no mention of a reconciliation of the subsidiary ledgers to the general ledger. Improvement: An inventory subsidiary ledger should be reconciled to the general ledger.

61. Sole Footwear, Inc. and automated systems. Required:

11-12


Chapter 11 Solutions

Conversion Processes and Controls

a. List the problems with the existing system at Sole. The problems are late deliveries to customers, delayed production, out-of-stock and backordered materials, inventory and production records that are not up-todate, and an inability to accurately predict delivery dates for customers. b. Identify the relevant information that the production and inventory managers need to accumulate in order to support the decision to automate the conversion process. The relevant information would be proposed automated systems that would lessen these problems, the estimated costs and benefits of these systems, and the time necessary to implement these systems. There are probably several alternative types of automated systems and this data should be collected for all viable alternatives. As an example, the company could choose a very new type of system such as RFID systems (Radio frequency ID), or slightly older technology based on bar coding systems. To make the best decision about the best fit for Brock, management would need the information suggested above. Ideally, when investigating and implementing new systems, the company should follow the process described in chapter 6, the System Development Life Cycle (SDLC). Such a process would involve feasibility studies and cost-benefit analyses for all alternatives considered. c. List specific items that could be provided by an automated system, and describe how this would be essential to the company’s continued success. The items that could be provided by an automated system are: i. A record-keeping system that could be real-time. Changes in inventory could be recorded as they occur. This single feature would dramatically lessen all the problems described in the case. Out-of-stock materials, delayed production and delivery, and inaccurate estimates would all improve if the company had realtime inventory information. Real-time inventory levels allow purchases and usage to be properly planned and production flow can be improved with better material flow. These improvements would help lessen delays in production, out-of-stock material, and the inability to predict delivery dates. ii. Fewer human errors in an automated system. Inventory records will become more accurate with an automated system. There are many reasons that an automated system would reduce errors. First, manual record keeping and posting would be eliminated. Second, certain types of IT systems could eliminate keying of information and any keying errors. For example, bar code or RFID systems would eliminate or reduce keying of information because the system would read the bar codes or ID chips. These advanced IT systems could also reduce human errors inherent in physically counting inventory or tracking its movement. More accuracy in inventory records will also improve the problems with delays and inability to accurately predict delivery dates. iii. Labor savings from eliminating or reducing manual steps.

11-13


Chapter 11 Solutions

Conversion Processes and Controls

iv. More accurate, timely, and flexible feedback information to management. Automated systems will provide more timely reports and these reports could be more easily customized to management needs. The case mentions the week backlog in clerks updating accounting records. The elimination of this backlog, as well as the real-time aspect of automated systems will allow much more timely feedback information about inventory status and flows. v. The ability to integrate inventory transactions directly into related modules such as production planning, accounts payable, and general ledger. This would eliminate manual recording or rekeying of information into the related modules. 62. (CMA Adapted) Bentley Dynamics Inc. and ethical issues. Required: a. What should Patty McKay do? Explain your answer and discuss the ethical considerations that she should recognize in this situation. (Since this is adapted from a CMA question, you might wish to direct students to the “Resolution of Ethical Conflict” section of the IMA Statement of Ethical professional Practice at www.imanet.org). The ethical conflict arises because of the competing interests involved. There is a disclosure issue that might suggest that the board should know about the defects. There is also the opposite side that it is not possible or practical to bring every defect issue to the board of directors. The ethical conflict involves how and who should decide which issues are important enough to bring to the board. There are always two sides to any story and in this case, there are two sides to the chip defect story. Patty believes her report should be presented to the board of directors, while the plant manger and the controller believe it would be too alarming to the board. From the brief description in the case, it is not possible to know which of these two views is most defensible. That is, it may be possible that Patty is correctly concerned about this issue. It could just as well be true that the plant manger is correct. Thus, Patty must exercise care in how she proceeds. While she may be an expert in the cost aspect of manufacturing the chips, she would know less about how the board of directors is informed of things and the impact the negative report could have on the board of directors. Thus, she may need to do further investigation of the negative impact of the defects. Once she is clear that she has correct information, her first step should be to meet with her supervisor, the controller, to discuss why she believes the board should have her report. She should provide a fully documented report of why she believes the board should be informed. If she does not believe the ethical conflict has been resolved, she should inform the controller that she will meet with the next level of management, the plant manager, to discuss the issue. If there is no satisfactory resolution of the issue with the plant manager, Patty should continue up the chain of management, but she should always inform each manager that she is planning to meet with the next level of management.

11-14


Chapter 11 Solutions

Conversion Processes and Controls

Going up the chain of management allows those who have the responsibility to decide which information to report to the board to make the decision. Patty is not the correct person to be making the decision about which information the board should have, but she can be an advocate for her report as she works up the chain of management. The IMA guidelines do not support taking any such ethical conflict to parties outside the company unless there is a clear violation of the law. In addition, Patty can call the IMA’s confidential ethics counselors for guidance on how to proceed. If the company does have a less ethical environment, Patty could face retaliation for pushing to bring this information before the board. So, Patty should be aware of the implications within the environment of her company. If, in fact, the company management is unethical and would retaliate, she may find it would be better for her to work elsewhere. Leaving the company may be in her best interest if she would rather work in an ethical company and it may also best protect her from future blame if things go wrong in the company. Often, unethical people will try to shift blame to others. b. What corporate governance functions are missing at Bentley? Be specific and describe the facts of the case and their relevance to corporate governance. There is no mention in the case of a code of ethics. A good code of ethics might help guide the upper management, or Patty as they consider these ethical issues. The case does no give enough detail to truly assess the aspect of tone at the top. The ethical tone or example set by the board of directors and upper managers is a very important part. It is possible that plant manager’s behavior could be ethically suspect, but we cannot know for certain. It is also possible he raises very real concerns that the report is more alarming than it need be. So without knowing the tone at top, we can only suggest that an ethical tone at the top is one of the most important aspects. If the board of directors and top management had set out some objectives and guidelines of how they wish to operate ethically, it would help all involved in the ethical conflict to know how to proceed. It may also set an environment in which lower level managers such as the plant manger would know that upper level managers would be disappointed in his performance if he did not bring forth such issues. That is, what kind of behavior does the board and top management encourage and reward? The tone at the top sets the expectations of lower level managers as to whether they are more likely to be rewarded for open disclosure, or not disclosing problems. There have been companies that have a culture of hiding information, such as the Enron example. All other aspects such as management oversight, internal controls, and financial stewardship are not addressed in the case so it is difficult to know whether these corporate governance functions are missing. Each of these should be in place if the company had good corporate governance structures.

11-15


Chapter 12 Solutions

Administrative Processes and Controls

Turner/Accounting Information Systems, 3e Solutions Manual Chapter 12

Concept Check 1. c 2. d 3. b 4. b 5. b 6. b 7. a 8. d 9. b 10. a

Discussion Questions 11. (SO 1) What characteristics of administrative processes are different from the characteristics of revenue, expenditure, or conversion processes? The characteristics of administrative processes that are different from revenue, expenditure, or conversion processes are the frequency of occurrence and the extent of management authorization. Whereas revenue, expenditure, and conversion processes typically occur on a regular, recurring basis (usually daily), administrative processes occur on a non-regular basis, either as the need arises or on a periodic basis. Therefore, revenue, expenditure, and conversion processes usually involve established procedures and controls that allow these processes to occur without intervention or specific authorization by management. Administrative processes, on the other hand, typically require that specific authorization for each transaction would be necessary. 12. (SO) How do other processes (revenue, expenditure, conversion) affect the general ledger? Revenue, expenditure and conversion processes affect the general ledger periodically through the administrative processes of financial reporting. This is the process of funneling all of the transactions into the general ledger accounts so they can be included in various financial reports. 13. (SO 2) How would you describe capital?

12-1


Chapter 12 Solutions

Administrative Processes and Controls

Capital can be described as the funds used to acquire the long-term capital assets of an organization. Capital usually comes from long-term debt or equity. 14. (SO 2) Describe the nature of the authorization of source of capital processes. Source of capital processes are those processes that authorize the raising of capital, the execution of raising capital, and the proper accounting of that capital. Because of the magnitude and importance of these methods of raising capital, these financial instruments should be used only when necessary. The transactions and resulting processes related to loans, bonds, and stock should be executed only when management authorizes, and the use of the resulting capital must be properly controlled and used. 15. (SO 2) How does the specific authorization and management oversight of source of capital processes affect internal controls? Since top management authorizes and controls the capital transaction processes, there is inherent control. The fact that these transactions and processes cannot occur without specific authorization and oversight by top management is a strong internal control. 16. (SO 3) Describe when an organization would have a need to undertake investment processes. An organization would need to undertake investment processes when it finds that it has more funds on hand than necessary to operate the business. The proper performance of the stewardship function would suggest that management should park (or invest) the excess funds in a place that it can earn a return. 17. (SO 3) Why is the monitoring of funds flow an important underlying part of investment processes? The monitoring of funds flow is an important part of the investment process because funds should be invested only if management has no immediate plans for their use. Therefore, future cash needs of the organization should be monitored regularly in comparison with cash balances to determine if there are excess funds available for investment. 18. (SO 3) How are IT systems potentially useful in monitoring funds flow? IT systems can help management to monitor the organization’s cash needs by forecasting future cash payments and collections. The system can continually compare current cash balances to forecasted needs and sources and provide feedback to top management about potential excess funds that would be available for investing. 19. (SO 4) Explain how cash resulting from source of capital processes may be handled differently than in revenue processes. The cash resulting from source of capital processes is likely to be handled differently than in revenue processes because of the large sums of money involved in source of capital transactions. Whereas collections from revenue processes are typically

12-2


Chapter 12 Solutions

Administrative Processes and Controls

handled by the organization’s employees, these employees are not likely to handle the large sums of cash that tend to result from stock sales or other source of capital transactions. Instead the funds are usually transferred electronically between brokers and banks. 20. (SO 4) What advantages would motivate management to conduct fraud related to source of capital processes? Management may be motivated to conduct fraud through the source of capital processes because of the large sums of money that tend to result from these transactions. In addition, there is a lack of traditional controls covering this process; there are no other employees responsible for reporting or controlling these transactions. Internal controls are not as effective in this area because of their nonregular occurrence and their dependence on close scrutiny by top management and the auditors. The opportunity is greater for management to perpetrate fraud in this process than for other more routine processes. 21. (SO 4) Why are internal controls less effective in capital and investment processes? Internal controls are not as effective in this area because of their non-regular occurrence and their dependence on close scrutiny by top management and the auditors. The opportunity is greater for management to perpetrate fraud in this process than for other more routine processes. 22. (SO 5) How is a special journal different from a general journal? A special journal is a chronological record of specific types of transactions (such as a sales journal, purchases journal, cash receipts journal, etc.); whereas a general journal records irregular, non-recurring transactions that are not included in a special journal. 23. (SO 5) How is a subsidiary ledger different from a general ledger? A subsidiary ledger is a detailed record of routine transactions, with an account established for each entity; whereas a general ledger is a summary of information from special journals, with specific accounts established for each type of transaction. A subsidiary ledger is updated whenever new transactions occur. A general ledger is updated periodically for the summarization of the special journal details. 24. (SO 5) In what way are subsidiary ledgers and special journals replicated in accounting software? Subsidiary ledgers and special journals are replicated in accounting software as they are summarized for the general ledger postings at the end of the period. Although transaction recording in the special journals and subsidiary ledgers takes place at the time the transaction occurs, their replication in the general ledger is an end-ofperiod summarization process. 25. (SO 6) Within accounting software systems, what is the purpose of limiting the number of employees authorized to post to the general ledger?

12-3


Chapter 12 Solutions

Administrative Processes and Controls

Limiting the number of employees authorized to post to the general ledger allows management to give general authority to certain employees to post to the general ledger. Through the assignment of limited access to the general ledger module, management can limit the capability of general ledger posting to selected employees. When an employee with the appropriate access level logs into the accounting system, he can process the general ledger posting. Employees who have not been given access to general ledger posting will be unable to post to the general ledger. In this manner, management may be able to prevent the recording of unauthorized general ledger transactions. 26. (SO 6) In a complex IT system, how may a customer actually “authorize” a sale? A customer may actually authorize a sale in a complex IT environment when their inventory systems interact. For example, When a customer’s inventory levels fall below an establish reorder point, the IT system may authorize a transfer of products from the supplier to the customer. This means that the sale and subsequent update of sales and receivable accounts are triggered by the customer’s computer system. Therefore, these systems require pre-existing and negotiated relationships between buyer and seller companies. Both parties must have already approved these processes and established IT systems that execute the processes. 27. (SO 6) To properly segregate duties, what are the three functions that general ledger employees should not do? Three important segregations should be in place in a manual general ledger system. The three segregations are that the general ledger employees should record journal vouchers, but they should not (1.) authorize journal vouchers, (2.) have custody of assets, or (3.) have responsibility for recording the transactions in the subsidiary ledgers. 28. (SO 6) In an IT accounting system, which IT controls assure the security of the general ledger? In an IT accounting system where the records are electronic file images, access to the system is limited through the use of user IDs, passwords, and resource authority tables. These general controls establish which employees have access to specific records or files. 29. (SO 7) Describe the nature of reports for external users. Since external users do not need detailed balance information on every existing account in the general ledger, certain accounts may be combined or “rolled up” into a single line item that appears on a financial statement. This summary process may occur for all of the line items on the general purpose financial statements. The four general purpose financial statements, the balance sheet, income statement, statement of cash flows, and statement of retained earnings, are each derived from general ledger account balances. These general ledger balances are rolled up in such a manner as to provide summarized information that is useful to evaluate business performance.

12-4


Chapter 12 Solutions

Administrative Processes and Controls

30. (SO 7) Does the general ledger provide all information necessary for internal reports? The general ledger does not provide all information necessary for internal reports. Internal reports often rely on information from various parts of the organization. For instance, manufacturing, retail, service, and charitable organizations would each use different types of information to manage the details of their revenue and expenditure processes. In each of these scenarios, non-financial information is often useful to managers in order to supplement the financial information derived from the general ledger. In addition, there may be detailed financial and non-financial information in an organization’s accounting system that is useful for internal reporting purposes but may not be readily apparent in the general ledger. In addition, internal reports may contain past or future information that is not included in the current period’s general ledger. 31. (SO 7) How would operational internal reports differ from financial internal reports? Operational internal reports focus on non-financial details of operations, such as machine hours, down-time, inventory and sales units, headcounts for human resources, etc. These types of operational reports may not be prepared from data in the general ledger. However, as transactions are recorded in the accounting processes, financial as well as non-financial data is accumulated. Therefore, the accounting system often records both financial and operational data that can be used in reports. Financial reports, on the other hand, are prepared directly from ledgers, journals, and other accounting records. 32. (SO 7) How does time horizon affect the type of information in internal reports? In day-to-day management, managers are more likely to use unit measures and physical counts. For time horizons of one month or longer, however, managers are more likely to use financial measures such as those generated by information in the general ledger. 33. (SO 8) Why are managers, rather than employees, more likely to engage in unethical behavior in capital and investment processes? There are three main reasons why management may be more likely to engage in unethical behavior in the capital and investment processes:  Employees typically do not have access to the assets or records in the capital and investment processes. These assets and records are controlled by management because of their non-routine nature and because of the high amounts of related funds.  Internal controls for these processes are dependent upon the close scrutiny and specific authorization of top management, whereas employees typically have no authority over these types of transactions. However, managers are most likely to be tempted to alter or hide financial information in an effort to improve the appearance of the organization’s financial results for investors and creditors.  The non-routine nature of these transactions makes it more difficult to hide fraudulent transactions. Fraud as committed by employees would be

12-5


Chapter 12 Solutions

Administrative Processes and Controls

much easier to hide within the volumes of transactions in the routine processes like revenues, expenditures, etc. 34. (SO 8) How do processes with large volumes of transactions make fraudulent behavior easier? The routine nature and large volumes of transactions in the processes for sales, purchases, payroll, etc. make it easier for employees to hide fraudulent transactions or unethical behavior. Fraud may be hidden in the large masses of transactions within these processes. 35. (SO 8) Explain the importance of full disclosure in source of capital processes. Full disclosure is extremely important in the source of capital processes so that creditors can be fully informed of all relevant information in making credit decisions. Accordingly, financial reports and other disclosures must be complete and accurate in order to avoid misleading any current or potential creditors.

Brief Exercises 36. (SO 2) Describe the steps in source of capital processes and explain how top management is involved. When the need for capital arises, the Board of Directors is consulted for approval and for determination of whether debt of equity capital will be pursued. If equity capital is chosen, a stock underwriter will be contracted to sell the shares of stock and collect the proceeds. The company will need to determine whether or not to pay dividends. If debt capital is chosen, the company will need to decide whether it should issue bonds or borrow the funds. If bonds are chosen, the company will contract with a bond underwriter, who will sell the bonds and collect the proceeds, as well as handle the periodic payment of interest. If funds are borrowed, arrangements must be made for the bank loan by contracting with creditors. The proceeds will be collected and periodic interest will be paid. Throughout this process, management is involved in most of these steps. Management would present the need for capital to the Board of Directors. Depending on the source of capital determined by the Board, management would then be responsible for contracting with the appropriate party (stock or bond underwriter or bank creditor). Finally, management would be involved in the arrangements for collecting proceeds from the source of capital processes as well as the payment of interest or dividends. 37. (SO 3) Describe the steps in investment processes and explain how top management is involved. When excess funds are identified, they are to be evaluated in comparison with upcoming needs of the organization. If it is decided that the excess should be invested, the type of investment must be determined. The company may invest in marketable securities, in which case it would contract with a stock broker to buy stocks or bonds (and sell these securities as necessary). Alternatively, the company may invest in treasury stock, in which case it would contract with a stock broker to buy the treasury shares and reissue shares as desired. Throughout this process,

12-6


Chapter 12 Solutions

Administrative Processes and Controls

management involvement occurs at many points. Management is responsible for monitoring cash flows to determine if excess funds exist and if they are available for investment or needed for upcoming operations. Management would also be responsible for contracting with a stock broker for the purchase of stocks, bonds, or treasury stock (as well as the subsequent sale of these investments, as needed). 38. (SO 4) Explain the internal control environment of source of capital and investment processes. For both source of capital and investment processes, the important control is the specific authorization and oversight by top management. The very close supervision of these transactions helps prevent risks related to the theft or misuse of the cash that is related to capital and investment processes. In addition, the large sums of money involved in capital and investment decisions usually dictates that the cash not be handled by the regular company employees. Instead, the funds are likely to be transferred electronically between brokers and banks. Because of the high risk of management fraud in these processes and the potential for management circumvention of controls, typical internal controls such as segregation of duties and reconciliations are not as effective in the prevention or detection of fraud surrounding these processes. As an added control feature, auditors are often urged to carefully examine capital and investment transactions. 39. (SO 5) Describe the steps in a manual accounting cycle. When a transaction occurs, it must be identified as either routine or non-routine. Routine transactions are recorded in a special journal and subsidiary ledger; nonroutine transactions are recorded in the general journal. At the end of the day, week, or other period, the journals and ledgers are summarized and posted to the general ledger. General ledger totals are summarized in a trial balance, and end-ofperiod adjusting entries are prepared. The adjusted general ledger is used to prepare financial statements. Once the financial statements are completed, closing entries are prepared, then the cycle may begin anew. 40. (SO 6) Describe why it is true that there may be two authorizations related to sales, revenue, and conversion processes before they are posted to the general ledger. In a properly controlled accounting system, transactions within the revenue and conversion processes must be authorized before they are carried out. In addition, another authorization is needed to begin the process of posting entries from the special journals and subsidiary ledgers to the general ledger. Thus, there may be two authorizations related to these routine processes. 41. (SO 8) For each report below, indicate whether the report is likely to be for internal or external users (some reports may be both), and whether data would come exclusively from the general ledger. The format would be: Report Name

Internal or External

Exclusively G/L Data?

The reports are: Income statement

External

Yes

12-7


Chapter 12 Solutions Aged accounts receivable Inventory stock status Open purchase orders Machine down-time Cash flow statement Production units produced

Administrative Processes and Controls Both Internal Internal Internal External Internal

No No No No No No

Problems 42. (SO 1, SO 2) Compare the source of capital processes to sales processes in terms of: a. The frequency of transactions b. The volume of transactions c. The magnitude in dollars of a single transaction d. The manner of authorization Compared with the sales processes, (a. and b.) source of capital processes occur much less frequently and in smaller volumes. Whereas sales transactions typically occur on a daily basis (and may even occur several times per day), source of capital transactions tend to occur in small volumes and on an irregular basis. Often, there may be only a few times within any given annual period that a source of capital transaction occurs. In addition, (c.) the magnitude of an individual source of capital transaction tends to be much greater than for an individual sales transaction. Finally, (d.) whereas routine sales transactions are usually authorized by employees having general authorization privileges, source of capital transactions require specific authorization of management. 43. (SO 1, SO 3) Compare the investment processes to sales processes in terms of: a. The frequency of transactions b. The volume of transactions c. The magnitude in dollars of a single transaction d. The manner of authorization Compared with the sales processes, (a. and b.) investment processes occur much less frequently and in smaller volumes. Whereas sales transactions typically occur on a daily basis (and may even occur several times per day), investment transactions tend to occur in small volumes and on an irregular basis. Often, there may be only a few times within any given annual period that an investment transaction occurs. In addition, (c.) the magnitude of an individual investment transaction tends to be much greater than for an individual sales transaction. Finally, (d.) whereas routine sales transactions are usually authorized by employees having general authorization privileges, investment transactions require specific authorization of management. 44. Exhibit 12-8 shows a screen capture from Great Plains accounting software. The following modules in Great Plains are shown:

12-8


Chapter 12 Solutions

Administrative Processes and Controls

Financial Sales Purchasing Inventory Payroll Manufacturing Fixed Assets For each of the transactions listed, explain which module would you choose and why. a. Entering an invoice received from a supplier. b. Entering the receiving of materials at the shipping dock. c. Enter a check received in payment of an account receivable. d. Posting a batch of sales invoices to the general ledger. e. Enter hours worked by employees. f. Print checks for suppliers a. Entering an invoice received from a supplier- this would fall under the Purchasing module. The purchasing module is appropriate because it would record the purchase or expenditure in the purchases journal, as well as the related payable to the supplier in an accounts payable subsidiary ledger. b. Entering the receipt of material at the shipping dock – this would fall under the Inventory module. The inventory module is appropriate because it would record the items on hand and the movement of goods available for production. c. Entering a check received in payment of an account receivable – this would fall under the Sales module. The sales module is appropriate because it would include collections of sales in the cash receipts journal and the related customer accounts in the accounts receivable subsidiary ledger. d. Posting a batch of sales invoices to the general ledger – this would fall under the Financial module. The financial module is appropriate because it includes all accounting cycle functions, including the summarization of special journals and their posting to the general ledger. e. Entering hours worked by employees – this would fall under the Payroll module. The payroll module is appropriate because it records all periodic workforce activities in a payroll journal. f. Printing checks for suppliers – this would fall under the Purchasing module. The purchasing module is appropriate because it would record the payment to the supplier in an accounts payable subsidiary ledger as well as the related release of funds in a cash disbursements journal.

12-9


Chapter 12 Solutions

Administrative Processes and Controls

45. Putnam Sound, Inc. internal control weaknesses. Weakness 1: Steve prepares and posts journal vouchers. Journal vouchers should be prepared by the personnel in the other processes of revenue, expenditures, payroll, and conversion. Those journal vouchers should be forwarded to Steve for posting. Weakness 2: The journal vouchers are not prenumbered. Journal vouchers should be prenumbered and the sequence should be accounted for. Any missing numbers in sequence should be reconciled or explained. Weakness 3: Journal vouchers are frequently voided or revised. While it may not be possible to completely eliminate such errors, voided and revised journal vouchers should occur rarely. Weakness 4: Journal vouchers are posted biweekly. Ideally, they should be posted more frequently, and at least weekly. Weakness 5: The voucher log is chronological. It should be in order of the prenumbered sequence. Weakness 6: Steve reconciles the subsidiary accounts to the control accounts in the general ledger. Reconciliation is a good internal control, but ideally, someone other than Steve should do this reconciliation. Weakness 7; The general journal reconciliation occurs bimonthly. It should be reconciled at the end of each month.

12-10


Chapter 13 Solutions

Turner/Accounting Information Systems, 3e Solutions Manual Chapter 13

Concept Check 1. b 2. a 3. c 4. b 5. d 6. a 7. c 8. c 9. c 10. b 11. c 12. b 13. a

Discussion Questions 14. (SO 1) How does data differ from information? Data is the basic facts collected from a transaction. Information is data that has been manipulated by summarizing, categorizing, or analyzing to make that data useful to a decision maker. 15.(SO 1) Why is it important for companies to store transaction data? There are four reasons that a company must collect and store transaction data. Those reasons are: 1) to complete transactions; 2) for follow-up on later transactions or for reference regarding future transactions with the same entity; 3) to prepare external reports such as financial statements; and 4) to provide information to management as they attempt to run the organization efficiently and effectively. 16. (SO 2) Which type of data storage media is most appropriate when a single record of data must be accessed frequently and quickly? Random access storage works best for situations in which a single record must be accessed quickly and easily. 17. (SO 3) Identify one type of business that would likely use real-time data processing rather than batch processing. Describe the advantages of realPage 13-1


Chapter 13 Solutions time processing to this type of business. A business that sells items on a web site, such as Amazon, would be likely to use real-time data processing. This is true because the system must be able to determine information such as whether an item ordered is currently in stock. The main advantage of realtime processing is its ability to provide information immediately. There are many examples of the need for real-time data processing. Airline reservation systems are another example. 18. (SO 4) Differentiate between data redundancy and concurrency. Data redundancy occurs when the same data are stored in more than one file. Thus, there is redundant, or repeated data. Concurrency means that all of the multiple instances of the same data are exactly the same. It is harder to achieve concurrency when there is much data redundancy. 19. (SO 4) What is the term for the software program(s) that monitors and organizes the database and controls access and use of data? Describe how this software controls shared access. This software system is called a Database Management System, or DBMS. The DBMS manages the access of users or processes to the online database. The DBMS manages the data sharing by updating the data available to users immediately upon recording any changes. 20. (SO 4) Describe the trade-offs of using the hierarchical model of database storage. A hierarchical model database is very efficient for processing large volumes of similar transactions. It is not efficient for accessing or processing a single record from a large database. Therefore, it works well with batch processing, but would not be efficient in those situations where accessing a single record, or answering flexible queries, is necessary. 21. (SO 4) Describe the organization of a flat file database. Flat file records are two dimensional tables with rows and columns. The records are stored in text format in sequential order, and all processing must occur sequentially. No relationships are defined between records. These systems must use batch processing only and batches must be processed in sequence. The system makes the processing of large volumes of similar transactions very efficient. 22. (SO 4) What four conditions are required for all types of databases? 1) Items in a column must all be the same data type. 2) Each column must be uniquely named. 3) Each row must be unique in at least one column. 4) Each intersection of a row and column must contain only one data item. 23. (SO 4) Within a hierarchical database, what is the name for the built-in linkages in data tables? Which data relationships can be contained in a hierarchical database? Record pointers are used to link a record to the next record having the same attribute. Using a record pointer system, one-to-one

Page 13-2


Chapter 13 Solutions and one-to-many relationships can be represented in a hierarchical database. 24. (SO 4) Which database models are built on the inverted tree structure? What are the disadvantages of using the inverted tree structure for a database? Both the hierarchical database model and the network database model are based on an inverted tree structure. The network model is more complex because it uses more than one inverted tree structure. This allows two or more paths into the data. Two disadvantages are that new data cannot be added until all related information is known, and deleting a parent record can delete all child records. 25. (SO 4) Which database model is used most frequently in the modern business world? Why do you believe it is frequently used? The relational database model is now used most frequently. It is frequently used because it is the most flexible database model. An English-like query language, SQL, can be used to retrieve data from the database in a very flexible manner. In addition, the increasing computer power and decreasing cost of computing power have made any inefficiencies in a relational database less significant. 26. (SO 5) How is the primary key used in a relational database? The primary key is the unique identifier for each record in the table and it is used to sort, index, and access records from that table. 27. (SO 5) What language is used to access data from a relational database? Why is the language advantageous when accessing data? Structured Query Language, SQL, is the language used to access data in a relational database. Its advantage is its English-like query language that allows easy access to the data in the database and presentation in a manner most useful to the user. 28. (SO 5) Which type of database model has the most flexibility for querying? How does this flexibility assist management? The relational database model is the most flexible database model for querying. It provides important assistance to managers through its flexibility in answering an unlimited number of queries about customers, products, vendors, or any other information in the database. 29. (SO 5) What are the first three rules of normalization? What is meant by the statement that the rules of normalization are additive? 1) Eliminate repeating groups. 2) Eliminate redundant data. 3) Eliminate columns not dependent on the primary key. Additive means that if a table meets the third rule, it has also met the preceding rules: one and two. 30. (SO 6) Differentiate between a data warehouse and an operational database. An operational database is the database in which data is continually updated as transactions are processed. The operational database includes data for the current fiscal year and it supports day-to-day operations and record Page 13-3


Chapter 13 Solutions keeping for the transaction processing systems. The data warehouse is an integrated collection of enterprise-wide data that includes five to 10 years of non-volatile data, and it is used to support management in decision making and planning. Periodically, new data is uploaded to the data warehouse from the operational data, but other than this updating process, the data in the data warehouse does not change. 31. (SO 7) How is data mining different than data warehousing? Data mining is the use of data analysis tools to analyze data in a data warehouse. Tools such as OLAP are used in data mining. An example of data mining is analyzing sales data to determine customer buying patterns. The data warehouse is the database in which the data to be analyzed is stored. 32. (SO 7) How has Anheuser-Busch used data warehousing and data mining successfully? Anheuser-Busch has used a data warehouse and data mining to analyze sales history, price-to-consumer, holidays and special events, daily temperature, and forecasted data such as anticipated temperature to create forecasts of sales by store and by product. Data are used by salespeople and distributors to rearrange displays, rotate stock, and inform stores of promotion campaigns. Using these buying trends, Anheuser-Busch creates promotional campaigns, new products, and local or ethnic target marketing. 33. (SO 7) Identify and describe the analytical tools in OLAP. The analytical tools that are usually part of OLAP are: drill-down, consolidation, pivoting, time-series analysis, exception reports, and what-if simulations. Drill down is the successive expansion of data into more detail, going from high-level data to successively lower levels of data. Consolidation is the aggregation or collection of similar data; it is the opposite of drill down in that consolidation takes detailed data and summarizes it into larger groups. Pivoting is examining data from different perspectives. Time series analysis is the comparison of figures over several successive time periods to uncover trends. Exception reports present variances from expectations. What-if simulations use changing variables to examine interactions between different parts of the business. 34. (SO 8) Differentiate between centralized data processing and distributed data processing. In centralized data processing, data processing and databases are stored and maintained in a central location. In distributed data processing, the processing and the databases are dispersed to different geographic locations of the organization. A distributed database is actually a collection of smaller databases dispersed across several computers on a computer network. 35. (SO 9) Why would a small company with 400 employees find it advantageous to use a cloud database (DaaS)? A cloud database (Database as a Service) is a database that is hosted by a third party. That third party takes Page 13-4


Chapter 13 Solutions responsibility for the hardware, software, and security measures necessary to store, use, and access the data. For a small company, this would be a more cost effective way to maintain a database since it would not have to purchase the hardware and software necessary to maintain the database. In addition, it would not need a large IT staff to manage the data, hardware, and software for the database. Since the third party assumes responsibility for the security and backup of the database, the small company would not have to establish and maintain the internal controls over the database. Finally, a DaaS is more easily scaled in size if the company grows. The company would simply purchase more data storage from the provider and would not need to expand any internal hardware or software. DaaS, like other cloud services is a service that is paid depending on the use. Therefore, a small company could avoid the cost of buying hardware and software that could meet the extra capacity if the company grows. Instead, it would simply buy more space from the third party. 36. (SO 10) Explain the terms Big Data and data analytics. Big Data is a data base so large and complex that the usual software and tools are not adequate to handle it. Big Data has extremely large volume, variety, and velocity. These terms mean that the quantity is data is extremely large, it changes or is added to very rapidly, and the type of data stored varies greatly. Data analytics is using large-scale software tools to analyze the data to allow a company to better forecast or predict future events. 37. (SO 11) Why is control over unauthorized access so important in a database environment? Data are valuable resources that must be protected with good internal controls such as those that prevent unauthorized access. Access controls help prevent unauthorized users from accessing, altering, or destroying data in the database. The database is such a critical resource for most organizations that they must insure the data is accurate and complete. 38. (SO 11) What are some internal control measures that could prevent a hacker from altering data in your company’s database? Measures that prevent hackers from accessing and altering data include authentication and hacking controls such as login procedures, passwords, security tokens, biometric controls, firewalls, encryption, intrusion detection, and vulnerability assessment. In addition to these controls, the database management system (DBMS) must be set up so that each authorized user has a limited view (schema) of the database. 39. (SO 11) Why is data considered a valuable resource that is worthy of extensive protection? The database of an organization is a critically important component of the organization. Data are a valuable resource that must be protected with good internal controls. Missing or incorrect data can have a negative impact on the ability to conduct the necessary business processes.

Page 13-5


Chapter 13 Solutions

Brief Exercises 40. (SO 2) Arrange the following data storage concepts in order from smallest to largest, in terms of their size: File, Record, Database, Character, and Field. The hierarchy of terms is character, field, record, file, and database. 41. (SO 2) Think of a database that would be needed at a professional service firm to maintain the contact list of clients or patients at the office of a CPA, attorney or medical doctor. Identify the fields likely to be used in this database. If you were constructing this database, how many spaces would you allow for each field? The fields and suggested sizes that usually be needed are: last name (24), first name (24), middle initial or name (24), address line 1 (50), address line 2 (50), apartment number (12), city (24), state (2), zip code (9), home telephone number (10), office telephone number (10), mobile telephone number (10). Some field sizes could be more or fewer spaces. Of course, fields sizes for fields such as zip code and phone number are more certain. It is important that the field size must be slightly larger than the longest item to appear in that field. In the case of items for which we know the size precisely, the field size can be set accordingly. For example, zip codes will never include more than 9 digits. These fields would represent a minimal number of necessary fields. Depending on the type of firm, there may be many other fields that would be needed. For example, a doctor’s office would need emergency contact information, while a CPA firm would not need this information. In addition, there would be many other fields to be designed if the company desired more than contact information. 42. (SO 3) Suppose that a large company uses batch processing for recording its inventory purchases. Other than its slow response time, what would be the most significant problem with using a batch processing system for recording inventory purchases? A company would not know its true inventory balance until the batch of transactions was processed. There would be no online, current balance of inventory to be used to respond to inquiries from managers, employees, or customers. Therefore, purchases and sales of inventory might need to be delayed until the batch processing occurs and new balances are known. This delay can cause the company to maintain higher or lower levels of inventory than may be desired. With a longer time to place an order, the company might need to maintain higher inventory levels to avoid a stock out. 43. (SO 4) Arrange the following database models in order from earliest development to most recent: Network Databases, Hierarchical Databases, Flat File Databases, and Relational Databases. The historical order is flat file, hierarchical, network, and relational databases.

Page 13-6


Chapter 13 Solutions 44. (SO 4) Categorize each of the following as one-to-one, one-to-many, or many-to-many relationships.  Subsidiary ledgers and general ledgers. This is best categorized as a one- to-many relationship. A general ledger account, such as accounts receivable, could have many supporting sub-accounts in the accounts receivable subsidiary ledger. It is also true that a general ledger would have many subsidiary ledgers (accounts receivable, accounts payable, inventory, payroll).  Transactions and special journals. This is best categorized as a one- tomany relationship. A special journal, such as sales journal, would have many supporting transactions recorded in the special journal.  General ledgers to trial balances. This is best categorized as a one-toone relationship. For each time period, one set of general ledger balances would result in one trial balance. 45. (SO 6) How might a company use both an operational database and a data warehouse in the preparation of its annual report? A company would use the operational database for the current fiscal year reports, but may need past information from the data warehouse to prepare comparative financial statements from previous years. The company might also use the data warehouse to examine and report important trends in financial information. 46. (SO 7) Using Anheuser-Busch’s BudNet example presented in this chapter, think about the list queries that might be valuable if a company like Gap Inc. used data mining to monitor its customers’ buying behavior. The Gap could use queries related to: the effects of promotional pricing; dates or holiday buying patterns; dates when seasonal style updates should be introduced in stores; regional clothing preferences; ethic group clothing patterns; and GAP sales in relation to competitors.

Problems 47. (SO 3) Differentiate between batch processing and real-time processing. What are the advantages and disadvantages of each form of data processing? Which form is more likely to be used by a doctor’s office in preparing the monthly patient bills? Batch processing occurs when similar transactions are grouped into a batch and that batch is processed as a group. The alternative to batch processing is real time processing. Real-time processing occurs when transactions are processed as soon as they are entered. Real-time processing is interactive because the transaction is processed immediately. The advantages of batch processing are that it is an efficient way to process a large volume of like transactions, it is less complex than real-time systems, it Page 13-7


Chapter 13 Solutions is easier to control and maintain an audit trail; and the data can be stored in less complex, sequential storage. The major disadvantage of batch processing is the slow response time. Balances are not updated in real-time and therefore, management does not have current information at all times. The major advantage of real-time processing is the rapid response time. Since balances are updated in real-time, management always has current information. The disadvantages of real-time processing are that it is less efficient for processing large volumes of like transactions; it is more complex than batch systems; it is more difficult to control and maintain an audit trail; and data must be stored in random access databases. Monthly processing of patient bills could be batch processing. There would be a high volume of like transactions at month-end. 48. (SO 4) Arminello Company does not use a database system; rather, it maintains separate data files in each of its departments. Accordingly, when a sale occurs, the transaction is initially recorded in the sales department. Next, documentation is forwarded from the sales department to the accounting department so that the transaction can be recorded there. Finally, the customer service group is notified so its records can be updated. Describe the data redundancy and concurrency issues that are likely to arise under this scenario at Arminello. There would be much data redundancy in this system. For example, customer name, address, and other contact information must be maintained in separate files in both the sales department and the customer service department. Customer service and the sales department would have nearly identical fields in their data, but maintained in separate files. It may take hours our days for the sale documentation to move from one department to the next. Therefore not all departments have the same information stored in their files at the same time. After a sale is recorded in the sales department, it may be days before that sale is recognized in the customer service department. Therefore on any given day, managers in the two departments will be operating with feedback from data sets that do not match. If someone in the sales department needs to check with customer service regarding a particular sale, it is possible that the customer service department has not yet received information for that sale. This lengthens response time in answering queries or following up on orders. 49. (SO 6) List and describe the steps involved in building a data warehouse. The steps are: identify the important data to be stored in the data warehouse; standardize that data across the enterprise; scrub or cleanse the data; and upload that data to the data warehouse. Page 13-8


Chapter 13 Solutions

Identifying the proper data requires examining user needs and high-impact processes (HIPs). HIPs are the processes that are critically important and that must be executed correctly if the organization is to survive and thrive. Data needed by users and data from HIPs should be in the data warehouse. The data must then be standardized across the enterprise. Various subunits within the enterprise might have conflicting definitions or field names for the same type of data. The designers of the data warehouse must design a standard format for the data. The data must also be scrubbed or cleansed to remove errors and inconsistencies in the data. The data must then be uploaded to the data warehouse. Also there should be a periodic upload of data from the operational databases into the data warehouse. 50. (SO 8) Describe the advantages and disadvantages of using a distributed database and distributed data processing. Do you think the advantages are worthwhile? Explain your answer. The advantages are: 1) Reduced hardware cost. Distributed systems use networks of smaller computers rather than a single mainframe computer. This configuration is much less costly to purchase and maintain. 2) Improved Responsiveness. Access is faster since data can be located at the site of the greatest demand for that data. Processing speed is improved since the processing workload is spread over several computers. 3) Easier incremental growth. As the organization grows or requires additional computing resources, new sites can be added quickly and easily. Adding smaller, networked computers is easier and less costly than adding a new mainframe computer. 4) Increased user control and user involvement. If data and processing are distributed locally, the local users have more control over the data. This control also allows users to be more involved in the maintenance of the data and users are therefore more satisfied. 5) Automatic integrated backup. When data and processing are distributed across several computers, the failure of any single site is not as harmful. Other computers within the network can take on extra processing or data storage to make up for the loss of any single site. The disadvantages are: 1) Increased difficulty of managing, controlling, and maintaining integrity of the data. 2) Increased likelihood of concurrency problems. Yes, I think it is worthwhile to have distributed, local control of the data and automated, integrated backup of a distributed system. However, greater attention must be paid to controls that ensure the security and concurrency of the data in a distributed system. 51. (SO 6) Read an online article from http://www.xconomy.com/boston/2010/09/20/netezza-sold-to-ibm-for-1-7bPage 13-9


Chapter 13 Solutions will-help-big-blue-tackle-big-data/. Describe the services that Netezza offered and why IBM decided to purchase the company. This article indicates that IBM announced a purchase of Netezza in September, 2010. Netezza, “makes hardware and software used by big companies like Amazon and Nieman Marcus to combine their storage, server, and database functions in one system.” This acquisition helps IBM expand its offerings in the field of business analytics. Specifically, Netezza helps IBM “make products for analyzing huge amounts of complicated data and finding trends in the data.” 52. (SO 10) Big Data is increasingly important to companies and to accountants. Using a web search on Google or other search sites, find an article within the last 12 months on “Big Data” and accounting. Summarize how the article describes the use of Big Data in an accounting context. The answer to this will vary greatly depending upon the article each student finds on the Internet. As of the writing of this edition of the text, one of the best articles is from an Accounting Horizons article by Warren, Moffet, and Byrnes. The synopsis summarizes various ways it will be used in accounting. The synopsis says: “Big Data will have increasingly important implications for accounting, even as new types of data become accessible. The video, audio, and textual information made available via Big Data can provide for improved managerial accounting, financial accounting, and financial reporting practices. In managerial accounting, Big Data will contribute to the development and evolution of effective management control systems and budgeting processes. In financial accounting, Big Data will improve the quality and relevance of accounting information, thereby enhancing transparency and stakeholder decision making. In reporting, Big Data can assist with the creation and refinement of accounting standards, helping to ensure that the accounting profession will continue to provide useful information as the dynamic, realtime, global economy evolves.” 53. (SO 10) Explain how a healthcare organization, such as a hospital or medical clinic, may use Big Data and data analytics as compared to a manufacturing firm. A manufacturing firm would likely use data analytics to forecast customer demand and any patterns in customer demand so that they can better plan the purchase and supply of materials and labor to manufacture products in a way to match quantity purchased to what would be demanded by customers. A healthcare organization would probably use data analytics to look for large scale trends in diseases to find patterns as to how frequently various kinds of diseases or conditions are experienced. This would allow them to better forecast the needed supply of appropriate medicines, treatments, nursing and physician staffing, and other capacity needs. They could also better plan emergency room staffing. For example, would data analytics show patterns a to when traffic accident injuries are more likely to occur and need emergency room treatment. These are some samples of how a healthcare organization could benefit from data analytics of Big Data.

Page 13-10


Chapter 13 Solutions 54. (SO 10) Explain how CPA firms are using Big Data and data analytics in the audits of their client firms. CPA firms can use the data analytics tools in Big Data software to analyze the full population of transactions (all transactions) rather than only a sample of transactions. This reduces or eliminates the audit risk called sample risk. By chance, a sample of transactions may not include any errors or fraud even if there is underlying errors or fraud in the entire set of transactions. Using the entire population of transactions is much more likely to reveal the true extent of errors, misstatements, or fraud. In addition, data analytics tools allow auditors to do continuous auditing by analyzing large volumes of transactions on a continuous basis. Chapter 7 of this text lists the following potential uses of Big Data and data analytics: Examining social media to anticipate issues such as inventory obsolescence and warranty claims; Obtaining data about weather patterns or stock market performance to predict sales activity; Viewing surveillance camera footage to corroborate the existence of a new fleet of vehicles; Using radiofrequency identifiers to monitor inventory movements; Using the global positioning system (GPS) location of company delivery trucks to determine the status of sales transactions; Performing an electronic match of key transaction information, such as customer orders, shipping reports, and sales invoices. 55. (SO 10) Consider how auditing has changed by comparing audit techniques prior to the 1980s when many firms prepared manual accounting records and there were manual audits, versus audits today that use computerized techniques to analyze data. First, the Big Data related answer from question number 54 is one of the recent differences in audits that has occurred in the last five to ten years. In addition to these changes, there are many others. As the accounting systems have become much more computerized, automated, and online since the 1980s, the auditing process has been able to mirror those changes. With CAATs and Generalized Audit Software (GAS), the computer can be used to do many audit steps that were completed manually in the era before 1980. GAS software can recalculate amounts to check accuracy, select samples and create confirmations. Prior to the 1980’s many of the audit tasks and processes were manually completed. The following are some examples of some differences that have resulted from the introduction of Big Data and computerized audit tools. Sample selection: Selection of samples were often completed manually, for example every nth cash disbursement or all cash disbursements over a certain dollar threshold. The samples were selected manually by the auditor or the individual creating the audit schedule. Computerized auditing allows a sample to automatically be selected. It also allows for 100% auditing which means that all the data is reviewed (not just a sample) and unusual trends or Page 13-11


Chapter 13 Solutions anomalies identified for follow up. One auditor from KPMG commented how the client was surprised that the auditors knew more about their inventory transactions than the company. Examination of manual records: With the exception of larger companies that were computerized, many companies kept manual records. Audit techniques for most companies were completed manually. For example, an auditor that examined the Work in Process monthly adjustment for Xerox’s copier manufacturing facility examined and recalculated a manual spreadsheet that was used to support the adjustment. Analytical review of last year’s balances and current year’s balances had to be manually calculated. When completing steps manually the volume of data that could be analyzed was significantly less. Computerized auditing techniques: The introduction of computerized audit techniques has significantly changed how auditors analyze data in the audit. Most notably, significantly more data can be analyzed when utilizing computerized audit techniques. Two examples are: Analytical review procedures: during the time of a manual audit, a financial statement category, such as sales, cost of sales, interest expense may have been compared year over year with large, more significant variances being analyzed. After the introduction of computerized auditing techniques, every account can be compared electronically and large variances in a particular account analyzed. 100% auditing verses sample selection: The introduction of computerized auditing techniques, allow large volumes of data to be analyzed. In some cases, instead of selecting a sample and examining the sample, the entire population of data can be analyzed, examined for unusual transactions and recomputed. These are just a few examples of the significant transformation that has occurred as a result of automated accounting and auditing and the emergence of Big Data. 56. (SO 10) What are some benefits and outcomes that can result from examining Big Data with regard to a firm’s inventory processing? Examining Big Data with regard to a firm's inventory processing can result in - Uncovering slow moving inventory - Identifying obsolete inventory where transactions have not been processed over a period of time -Identifying inventory items with inconsistent sales prices or cost -Identifying inventory transactions that are outside the norm with respect to timing of the transaction, size of the transaction and sales price or purchase cost.

Page 13-12


Chapter 13 Solutions 57. (SO 10) What are some benefits and outcomes that can result from examining Big Data with regard to a firm’s purchasing transaction processing? - Identifying inventory items with inconsistent cost - Identifying purchases from vendors that cannot be verified externally - Identifying transactions that are outside the norm with respect to timing of the transaction, size of the transaction or purchase cost. 58. (SO 10) What are some benefits and outcomes that can result from examining Big Data with regard to a firm’s revenue transaction processing? - Identifying inconsistent sales prices - Identifying sales to customers that cannot be verified externally or do not match other records within the system (shipping, etc) - Identifying transactions that are outside the norm with respect to timing of the transaction, size of the transaction or sales price. 59. (SO 12) Describe the ethical obligations of companies to their online customers. A company must put processes and safeguards into place to protect the privacy and confidentiality of customer data. The nine privacy practices described by the AICPA Trust Services Principles are a good source of the guidelines a company should follow. A summary of those principles would be to notify customers of the data that will be collected, how it will be used and retained, how the customer may edit the data, and how the customer may consent, or not consent, to such use of the data. 60.(SO 9) Read the article at http://www.eweek.com/c/a/EnterpriseNetworking/IBM-Moves-Customers-to-SmartCloud-for-Collaboration-147563/. Explain how the IBM customers mentioned in the article are using IBM’s SmartCloud. Most of the article is devoted to an IBM client named Newly Weds Foods. This company is a world leader in food ingredient technology in more than 68 countries. SmartCloud allows the chefs doing research and development on recipes to collaborate and share ideas online. The company reduced travel costs by 10 percent using this online collaboration. SmartCloud provides, “business-grade file sharing, social networking, communities, online meetings, instant messaging, e-mail, and calendar”. It allows users to co-edit documents in real time. In addition, the article describes how business students at York University in Canada are using SmartCloud for a semesterlong project to create a comprehensive business plan. They use it for, “online meetings, file sharing, decision making, workload sharing and overall project

Page 13-13


Chapter 13 Solutions management. 61. (SO 8) Oracle is the world’s largest enterprise software company. Its business is based on information: helping people use it, share it, manage it, and protect it. Using an Internet search engine, search using the terms “Google” and “distributed database”. Describe how and why Google uses a distributed database. What problems is Google encountering related to its distributed database? Google uses distributed databases in a few ways. One way is to store user settings and user ID information for the many Google services such as Gmail, Google Alerts, personalized home page, and Google Answers. This distributed database of user settings is an Oracle database. Whenever a user logs in, and from wherever they log in, the distributed database can access and provide the appropriate user settings. An article at http://www.oracle.com/customers/snapshots/google-oracleberkeley-db-casestudy.pdf indicates that: “Read requests—such as when an existing user returns and logs in—are routed to any device in the partition, be it a master or a replica. However, updates to the database—such as the addition of a new user or modification of an existing user’s data—are routed only to the partition master. That master system records the change and then propagates it to the replicas. It considers the update complete when more than half the replicas have recorded the change. This design ensures that if a system failure occurs, the nodes can replicate the change among themselves and throughout the rest of the partition.”

Google also uses a distributed database in its search processes. It is a distributed database system that breaks search queries into fragments and distributes them to multiple computers in a network to get faster results. The problem that Google has encountered recently is that it has been sued by Northeastern University and a company named Jarg for patent infringement. The suit claims that Google illegally uses this patented distributed database technology developed at Northeastern University. 62. (SO 11) List and describe the ten privacy practices recommended by the AICPA Trust Services Principles’ Privacy Framework. If you have ever made a purchase online, you have likely seen these practices in use. Provide any examples from your own personal experience. Management. An organization should properly manage privacy. This means that a person or persons must be assigned responsibility to oversee privacy practices. This person should insure that privacy practices are documented and followed. Notice. Notice implies that companies provide their privacy policy to customers. In many cases, the privacy policy is posted on the website. The notice should inform customers of the purpose for collecting the information and how it will be used. Choice and consent. The company should tell customers of any choices the customer might have to opt out of providing information. Also, the online company should gain consent from the customer to collect, use, and retain the information. Consent can be implicit or explicit. Page 13-14


Chapter 13 Solutions Collection. The company should limit collection of customer data to that data for which they have received consent. Use and retention. The company should only use customer data as disclosed in its privacy policy and should retain such data only as long as necessary. Access. The company should provide access that would allow the customer to view, edit, or delete personal information. Disclosure to third parties. Any data collected from customers should not be shared with third parties unless the customer has given consent. Security for privacy. The organization should have protections to insure that customer data is not lost, destroyed, altered, or subject to unauthorized access. Quality. Protection and controls should exist to insure that the data has quality. Quality means it is accurate and complete. Monitoring and enforcement. Privacy practices should be continuously monitored to insure they are followed. Examples that students provide will differ from student to student. Examples would be things such as viewing the privacy policies on the web site, granting consent for data collected, etc.

Cases 63. The following relationships appear in the screen capture. a. Suppliers table is related to Products table. It is a one-to-many relationship. The linked field is SupplierID. b. Categories table is related to Products table. It is a one-to-many relationship. The linked field is CategoryID. c. Products table is related to Order Details table. It is a one-to-many relationship. The linked field is ProductID. d. Order Details table is related to Orders table. It is a one-to-many relationship. The linked field is OrderID. e. Employees table is related to Orders table. It is a one-to-many relationship. The linked field is EmployeeID. f. Customers table is related to Orders table. It is a one-to-many relationship. The linked field is CustomerID. g. Shippers table is related to Orders table. It is a one-to-many relationship. The linked field is ShipperID. 64. Shuttle-Eze operates airport shuttle vans in twelve large cities. Those cities are Los Angeles, San Diego, San Francisco, Phoenix, Las Vegas, Houston, Dallas, Chicago, New York City, Washington D.C., Miami, and Orlando. Shuttle-Eze operates passenger vans to shuttle travelers to and from the airports for a $25 fee per person. Page 13-15


Chapter 13 Solutions

Required: a. Design the tables that the company would need in its database to operate these shuttles. Remember that they must collect, record, and track information about customers, payments, flights, gates, vans, drivers, pick up and delivery addresses. There may be other types of data not mentioned in the previous sentence that you would wish to add. The tables you design should have attributes (columns) for each critical piece of data. See Exhibit 13-4 for the concept of the table layouts. The tables you design should meet the first three rules of data normalization. b. Describe the advantages and disadvantages of using a centralized database for Shuttle-Eze. There is no single correct answer to this question. Also, student responses are not likely to be comprehensive enough to represent the entire set of data needed. The question will, however, generate thought and discussion about which data to keep and how to store it in tables. It also illustrates how complex a database can be with the full scope of data required and the interrelationships between data. A sample answer follows. Part a: The tables proposed are: Customer table, including fields for Customer ID; first name; last name; address line 1; address line 2, city; state, zip code; home phone; business phone; cell phone; fax number; billing address line 1; billing address line 2, billing city; billing state, billing zip code; credit card number; credit card expiration date Reservation table, including fields for Reservation ID; Customer ID; Arrival date; arrival time; arrival flight airline; arrival flight number; arrival gate; departure date; departure time; departure flight airline; departure flight number; departure gate; deliver to address; deliver to city; deliver to city; deliver to state; deliver to phone; pick up address; pick up city; pick up state; pick up zip; pick up; phone number Employee tables, including Employee ID, first name; last name; address line 1; address line 2; city; state; zip code; SSN; birth date; hire date; review date; pay rate; federal exemptions; state exemptions; fields for all other pay deductions Driver table, including fields for Employee ID; city assigned to; license type; Van table, including fields for VanID; Van make; van model; van VIN; city assigned to; current driver assigned; last service date; mileage at last Page 13-16


Chapter 13 Solutions service Part b: A centralized database could be advantageous for several reasons. First, it avoids the need to keep several distributed databases concurrent. If each location maintains a separate database, it would be more difficult to share customer information between locations. A single customer may use the company’s services in Miami and Chicago. With a single, centralized database, once the customer’s basic data is entered, it need not be reentered when that customer uses the services in another city. Additionally, vans might be shuttled between cities if needed. For example, a shortage of vans in Orlando might be fixed by driving a van or vans from Miami. A centralized database could easily be changed to reflect the new location of the van. If separate databases were maintained, the van details would have to be reentered at the new location. 65. Kroger, a large, nation-wide grocery company, maintains a customer reward system titled the “Kroger Plus Shopper’s Card”. Customers who enroll in this system are entitled to discounts on products at Kroger stores and Kroger gasoline. To earn discounts and other rewards, the shopper must use the “Kroger Plus” card at the time of checkout. The card has a bar code that identifies the customer. For Kroger, the system allows the opportunity to determine customer buying patterns and to use this data for data mining. Required: Using a Web search engine, search for “data mining’ and grocery. Describe what type of information grocery stores collect that they can use for data mining purposes. Also, describe how grocery chains use data mining to improve performance. Grocery stores use these customer reward systems, sometimes called “loyalty cards”, to induce customer loyalty and to track purchases. A grocery store could collect data such as products and brands purchased. So as an example, if a customer’s buying habits include frequent purchase of Tyson chicken products, the store’s system can be set to print chicken or Tyson coupons at the time of check-out. Such data mining can assist the grocery chain in identifying customer buying habits and thereby increase sales through targeted promotions. Many grocers hire a firm named Catalina to assist in the data mining. One article says the following: “Catalina collects loyalty and bulk sales data from more than 20,000 stores, then uses it to create pictures of shoppers over time, says CEO L. Dick Buell. The picture gets clearer the more data stores collect. For example, Catalina can help retailers determine that someone lives in an upscale area, buys diapers, and may be interested in high-end baby food.” (http://www.usatoday.com/tech/news/internetprivacy/2006-07-11-datamining_x.htm) Page 13-17


Chapter 13 Solutions

There appear to be many web sites online that discuss that one Midwest chain found a connection between men who buy diapers on Thursday and increased purchase of beer by those men. Other web sites suggest that is an urban myth, but it appears unresolved as to whether it is true. This data collection has also caused privacy concerns. Some have suggested that grocery chains do not need loyalty cards to collect data about sales of products. They believe grocers could collect such data by analyzing sales in general and inventory levels.

Page 13-18


Chapter 14 Solutions

E-commerce and E-business

Turner/Accounting Information Systems, 2e Solutions Manual Chapter 14

Concept Check 1. b 2. c 3. d 4. c 5. b 6. c 7. d 8. a 9. d 10. a 11. b 12. e 13. a 14. c

Discussion Questions 15. (SO 1) How do e-commerce and e-business differ? E-business is a very broad concept that includes any electronically enabled business process. E-business can include electronic enhancements of processes with trading partners, as well as internal processes. E-commerce is a subset of e-business and it includes electronic sales between a retail business and an end consumer. E-commerce is conducted via the Internet, while e-business could use the Internet as well as other electronic means. 16. (SO 2) What was the original purpose of the network of computers that eventually became the Internet? The original purpose was to facilitate communication and sharing of work between universities engaged in research for the Department of defense. 17. (SO 2) Why was ARPANET designed with many different alternative routes for network traffic? ARPANET was designed during the height of the Cold War with the USSR and there were many fears of nuclear attack. A design with many alternative routes could still operate if a nuclear attack destroyed one or more of those routes. 18. (SO 2) Why is a standard protocol necessary in computer networks? There may be many different brands or types of computers on a network, and these computers

Page14-1


Chapter 14 Solutions

E-commerce and E-business

could use different operating systems. In order for these various computer systems to communicate, there must be a standard protocol. The protocol establishes the common communication method. 19. (SO 2) How quickly did Internet usage by the public grow after the Internet was opened to business transactions in 1994? The public use of the Internet exploded in growth after it was opened to business transactions. This was especially true in the 1998 to 2001 period. 20. (SO 3) Describe the relationship between national backbone providers, regional ISPs, and local ISPs? Backbone providers make up the main trunk-lines of the Internet. They are made up of high capacity , high speed lines. Regional Internet Service Providers (ISP) connect to the backbone providers with lines with less speed and capacity than backbone providers. The local ISPS then connect to the regional ISPs and these local ISPs provide Internet connect to local customers. 21. (SO 3) What is the importance of a standard formatting language for Web pages and a standard addressing system? The standard formatting language for web pages is HTML. A standard formatting language is necessary to show a web page in the same form on the many different kind of computers connected to the World Wide Web. There is a similar reason to have a standard addressing system. Varius types of computers need a way to locate the desired web site If a standard method of accessing web sites exists, the computer browsers can be built to use the standard addressing system on the various kinds of computers. 22. (SO 4) Which types of costs can be reduced when a company decides to engage in B2B e-commerce on the Internet? Marketing costs, order processing costs, and distribution costs can be reduced by engaging in B2C sales. 23. (SO 4) What are the differences between brick and mortar retailers and clicks and mortar retailers? Brick and mortar refers to retailers that sell in traditional forms in a building that customers visit to make a purchase. Clicks and mortar refers to retailers who have traditional sales in a building, but also sell to customers via the Internet. 24. (SO 5) According to the Online Privacy section of the AICPA Trust Services Principles, what types of personal information should be protected? All information collected from customers should remain private unless the customer has given implicit or explicit permission to share such information with third parties. In addition, companies should collect only data necessary to conducting the transaction. 25. (SO 5) If you could condense the ten areas of Online Privacy in the AICPA Trust Principles, into a shorter list (three, four, or five point list), how would you word that list? Collect only necessary data, keep that data private unless the customer gives permission to share it, make sure you have enforced policies to store and use the data as the customer intends you to use it, notify the customer of how you intend to use the data. 26. (SO 5) What is meant by “monitoring and enforcement” regarding online privacy practices? It means that a company should continuously monitor how well it follows its privacy practices and that they must put processes in place to ensure privacy practices are followed. 27. (SO 6) How is E-business a broader concept than e-commerce? E-commerce refers to web-based sales between a business and an end consumer. E-business is a

Page14-2


Chapter 14 Solutions

E-commerce and E-business

much broader concept that includes electronic forms of process improvement throughout the supply chain. Thus it can include processes between a business and its suppliers, a business and its customers, or internal processes. It also includes many forms of electronic enhancement beyond web-based. 28. (SO 6) Describe the concept of a supply chain. It is the set of linked activities from the acquisition and delivery of raw materials, through the manufacture, distribution, and delivery to a customer. 29. (SO 6) Why is it important to insure an efficient flow of goods throughout the supply chain? Any slow-down or bottle neck in the supply chain can slow or stop the entire supply chain. 30. (SO 6) Which functions within the supply chain can be enhanced through the use of e-business? Virtually any process within the supply chain can be enhanced through e-business. 31. (SO 6) How are activities in the supply chain interdependent? They are interdependent in that one step in the supply chain drives the following step. For example, a secondary supplier must provide products to a supplier, who then converts it to a product to be sold to the manufacturer. 32. (SO 6) In what ways are the characteristics of e-business different from ecommerce? E-business is often business to business, while e-commerce is business to consumer. In an e-business order, it is likely to be a large dollar order, with many line items, and with a business that we have a pre-existing relationship. An ecommerce order may be from an unknown customer and each order may be a small dollar amount, but a large volume of orders. E-commerce transactions are likely to be credit card transactions while e-business transactions are likely to involve purchase orders and invoices. 33. (SO 8) What are the three levels of network platforms that are utilized in e-business and which groups use each level? The Internet is used by internal and external users, potentially including anyone in the world. Extranets are used by trading partners and are not available to the entire world. Intranets are used by employees within the company. 34. (SO 8) Which type of users should have access to an intranet? Only those inside the company. 35. (SO 8) Which type of users should have access to an extranet? Trading partners such as suppliers, secondary suppliers, and distributors. 36. (SO 9) What types of controls should be used to properly limit access in intranets and extranets? Authentication controls should be used, including controls such as user Ids, passwords, access levels, computer logs, and authority tables. Also, hacking and break-in controls should be used. These include controls such as firewalls, encryption, security policies, VPN, vulnerability assessment, penetration testing, and intrusion detection. 37. (SO 10) Why is the use of XML advantageous in Internet EDI? XML allows a more rich exchange of data than traditional EDI. For example, it could allow the exchange of product descriptions, pictures, or even databases of information regarding products. 38. (SO 10) In what ways are XBRL financial statements advantageous when compared to traditional paper financial statements? XBRL statements can be viewed by a

Page14-3


Chapter 14 Solutions

E-commerce and E-business

browser, or printed. In addition, the viewing of an XBRL statement on a web browser could be much more interactive. For example a reader of the statements could click on an item such as sales to see more underlying detail of the sales total. 39. (SO 11) What are some of the ethical obligations of companies related to ecommerce? Companies have an obligation to collect, store, and use customer data in a ethical manner. These obligations are described in the ten privacy practices of the AICPA Trust Services Principles. 40. (SO 11) Is there a difference between ethical obligations and legal obligations in regards to online privacy? Yes, for example, there is no legal obligation to have a privacy policy displayed on the company web site. However, companies that wish to be very ethical should display privacy practices.

Brief Exercises 41. (SO 1) Much of the e-business and e-commerce conducted by companies uses the Internet as the form of electronic communication. Describe other electronic means to conduct e-business or e-commerce. Electronic Data interchange (EDI) and Electronic Funds Transfer (EFT) are other communication means. 42. (SO 3) How does the use of HTML, URLs, domain names, and SSL contribute to an Internet that can be used world-wide? There are many different types or brands of computers throughout the world and these computers use different operating systems. There must be some common standards within the Internet to allow these various types of computers to read and interact with the Internet. HTML, URLs, domain names, and SSL are all standards in use world-wide that facilitate a userfriendly Internet. Without such common standards, it would not be as easy to connect to and use the Internet. 43. (SO 4) Describe the benefits to the consumer of B2C sales. Customers benefit in through increased access, speed, convenience, and information sharing inherent in B2C sales. They have access to a broader market, 24 hours a day, every day, and therefore more product choices. B2C also often results in lower prices, q2uicker deliver, and marketing targeted specifically to the customers needs. Customers also sometimes have the opportunity to conduct live chats with company representatives, or can view FAQs about the products. 44. (SO 4) Describe the benefits to the company of B2C sales. Benefits to the company are: a broader market of customers beyond the geographic area of any stores they maintain; reduced marketing, order processing, and distribution costs; higher profits; the ability to conduct richer marketing; and the ability to react quickly to market changes. 45. (SO 5) Describe the benefits to a company that engages in B2B transactions via the Internet. They are a wider potential market, reduced transaction cost, higher profits, faster cycle times for product purchase or sale and cash flow, reduction in keying of

Page14-4


Chapter 14 Solutions

E-commerce and E-business

information and reduced data errors. 46. (SO 5) What are the ten areas of privacy practices described in the Online Privacy section of the AICPA Trust Services Principles? The ten areas are: management, notice, choice and consent, collection, use and retention, access, disclosure to third parties, security for privacy, quality, monitoring and enforcement. 47. (SO 6) Describe the activities that take place in the supply chain of a manufacturing firm. Before a manufacturer can produce goods, it must buy raw materials from suppliers. Often those suppliers also need to purchase raw materials, so there are secondary suppliers in the supply chain. The internal processes of manufacturing are also part of the supply chain. Upon completion, products must be distributed through warehouses or distributors to retailers, who then sell these goods to customers. 48. (SO 6) Describe the differences between B2C and B2B. B2C is a sale between a company and an end consumer. B2B is a sale or purchase between two companies. The differences in these types of transactions causes many differences in the characteristics of the transactions. A B2B sale is likely to be ordered via a purchase order, with many line items on the purchase order, with a relatively high total dollar amount. These B2B sales are between companies with preexisting relationships in which they have negotiated specific shipping instructions or prices. B2C sales are relatively smaller dollar amounts, but with a larger volume of sales transactions. It may be a sale to a customer with no preexisting relationship to the company and it is likely to be a credit card sale. 49. (SO 9) Explain the importance of user authentication and network break-in controls in extranets. Only trading partners such as suppliers, secondary suppliers, distributors, or retailers should have access to an extranet. That is, it should not allow any user on the web to log in. Thus, there must be extensive authentication controls. These controls in include user Id, password, log in procedures, biometric devises or security tokens, computer logs, and authorization tables. Since the extranet often uses internet network facilities, it can be susceptible to hackers or other network break-ins. Controls such as firewalls, encryption, SSL, vulnerability assessments, penetration testing, and intrusion detection must be used. 50. (SO 10) What are the advantages of Internet EDI over traditional EDI? The Internet allows cost-free exchanges of data. In traditional EDI, the companies usually pay a VAN for network capabilities and communication. The software and systems for Internet EDI are also simpler and cheaper than those for traditional EDI. Even very small companies can afford hardware and software to conduct Internet EDI.

Problems

Page14-5


Chapter 14 Solutions

E-commerce and E-business

51. (SO 2) Explain the hardware or standards that were developed during the ARPANET that were an important foundation for the Internet of today. There were hardware items or standards developed during the ARPANET time frame. These include packet switching, routers, and the TCP/IP protocol. Packet switching is the method to send data over a computer network. Data is divided into small packets and sent individually. Packets may travel different routes and as they arrive, they are reassembled into the original data. A router is hardware that serves as a gateway between two or more networks. TCP/IP is an acronym for transmission control protocol/Internet protocol. It is the protocol used today. 52. (SO 4) Sweet Susanna’s is a local chain of bakeries in Austin. The chain has 30 locations throughout the city and its suburbs. The management is considering opening a Web site to conduct e-commerce with customers. Describe any benefits that might be derived from this move. A move to sales on the web site may not increase the geographic area from which Sweet Susanna’s draws customers. This is because the delivery area is not likely to change. However, it may experience increased sales due to the convenience of placing bakery orders online. It will also be likely to increase the accuracy of orders and reduce the costs of filling bakery orders. Sweet Susanna’s may also see a benefit to the marketing available on the web site, For examples, they could put pictures of bakeris on “special” and perhaps increase the sales of promotional items. If these benefits do occur, the company will experience increased profits. 53. (SO 5) Using your favorite search website, enter the term “privacy seal” and search. Answer the following questions: a. What is the purpose of a Web privacy seal? The purpose of a privacy seal is to inform customers that the company web site adheres to high standards of privacy of data. When a company displays a privacy seal, they are alerting customers that the company can be trusted to maintain the privacy of customer data. b. Which organizations provide Web privacy seals to web-based companies? Providers include the Better Business Bureau (BBBOnLine), TRUST-e, CPA WebTrust (AICPA), and The Electronic Frontier Foundation and CommerceNet Consortium, Inc. (TRUSTe). c. What are the advantages to a company that maintains a Web privacy seal? Those parties that provide privacy seals indicated that having a privacy seal leads to increased customer confidence and higher revenue. d. What are the benefits to a consumer of shopping a website that has a privacy seal? The consumer should feel a greater sense of confidence that their data is private. There should also be fewer concerns about negative consequences such as a customers contact information being sold, or identity theft. 54. (SO 5) Visit the website www.webtrust.org and answer the following questions:

Page14-6


Chapter 14 Solutions

E-commerce and E-business

e. What is a WebTrust seal? A Webtrust Seal is placed on a web site of a company that has been examined by a CPA firm to determine that it has appropriate privacy practices and that it adheres to those practices. f. Which organization sanctions the WebTrust seal? The American Institute of Certified Public Accountants (AICPA) g. What kind of professional can provide a WebTrust seal to a company? Licensed CPAs who have been trained in WebTrust service examinations. h. What must this professional do before providing a WebTrust seal? For a firm to become a licensed Webtrust Services provider, the firm must: be in good standing with the AICPA; be a CPA majority owned firm; be part of a recognized quality control system; and, sign a licensing agreement and remit an annual licensing fee to the AICPA. 55. (SO 5) Enter the Web site of a popular retail company that sells a large volume of goods or services on the Internet. Search for company “Privacy Policies” on that Web site. If you do not find any privacy policies, continue visiting other company Web sites until you do find privacy policies. Once you have found a company with privacy policies, describe how the company policies do or do not meet the privacy practices in the AICPA Trust Principles. The solution will depend on which company the student uses in their answer. For any company, the student answer should compare the privacy practices against those in the AICPA Trust services Principles privacy practices. The following sample answer is based on Target ®, the retail department store, www.target.com, accessed on February 15, 2008. The Target web site has privacy practices at http://www.target.com/c/targetprivacy-policy/-/N-4sr7p and it is divided into several areas: a. What information is collected? b. Third party automated collection c. How is this information used? d. How is this information shared? e. What choices do you have? f. How do you access and update your information? g. How is this information protected? Target identifies the information it collects such as name, address, e-mail address, phone number, drivers’ license number, credit card number, and purchase/return/exchange information. Target also indicates that any information that a customer submits in a public forum, “can be read, collected, or used by us and others, and could be used to personalize your experience.” The site indicates there are several parties they may share information with. Those uses include: use by Target and Target subsidiaries such as Target National Bank, Target Bank, and Target Commercial Interiors to offer products or services; service providers that help them market products and services; and other companies for their marketing purposes.

Page14-7


Chapter 14 Solutions

E-commerce and E-business

The site also discloses how a customer can limit use of data provided. It appears that when information is collected by Target, customers are giving implicit consent to use information as outlined in the privacy practices. Within the privacy policy, there are several instances in which Target identifies a toll free number that a customer must call to opt out. This would include the ability to opt out of receiving postal mail, telephone calls, e-mails, and the sharing of information with other companies. Thus, the Target site does include some of the privacy practices in the AICPA Trust Services Principles, but not all. It does seem to include adequate notice, consent, and disclosure to third parties as described above. However, the site describes little, if any, information about management, collection, access, security for privacy, quality, or monitoring and enforcement. The site does briefly describe use of the information, such as for offering special promotions. There is no information about the retention of data. Therefore, the Target site partially describes use and retention.

56. (SO 8) EDIPipeline is an Internet EDI solution for small to mid-size companies. View the Web page at http://www.edipipeline.com. Click on the link called “Trading Partners”. Examine two or three company names you recognize. Describe how this EDI system might be advantageous for a small or mid-size company seeking to be a vendor to a large corporation such as Coca-Cola. EDIPipeline is an Internet EDI system for small and mid-size entities that allows them to sell products or services to large corporations via an EDI system. It is a simple user system that is based on a web browser and it gives the company an “Inbox” showing all received EDI purchase orders (POs), and “Outbox” showing all pending outbound documents (i.e. 810 Invoices, 856 Advance Ship Notices, 855 Purchase Order Acknowledgements, and 997 Functional Acknowledgments), and logs for sent, received, and deleted documents. It includes the capability to import the PO information directly into the company’s accounting system. This would eliminate the need to manually key purchase order information into the accounting system. This would save time, costs, and reduce errors. Since the software is web-based and works on a browser, it can be accessed from an computer and very little training is necessary for employees. 57. (SO 10) Read the article at http://xbrl.us/learn/documents/betterreporting.pdf. Briefly describe what this article says about how XBRL has transformed financial reporting. This artyicle is available, but the link has changed. Currently, it is available at https://xbrl.us/wp-content/uploads/2011/12/BetterReporting.pdf Page 6 of this report has a section entitled “How XBRL Has Transformed Financial Statement Reporting”. It indicates that XBRL for financial reporting to the SEC, “enables greater accuracy, reliability and timeliness for users including regulators, investors, and analysts”. A direct quote from that section that summarizes the advantages is as follows.

Page14-8


Chapter 14 Solutions

E-commerce and E-business

a. Financial statement data that previously took weeks or even months to put into an electronic format is now available to the public immediately after it is submitted to the regulator. b. Most financial statement data reported by public companies is now more comparable from company to company – in the past, one company’s “cash” line item could be defined vastly differently from another company’s “cash.” Today, creators and users have agreed-upon definitions for every term. c. Changes in reporting requirements, like new accounting standards, can be more easily disseminated to the public company universe as companies are required to work with a specified release of the taxonomy, e.g., 2011 Release, 2012 Release. In addition, companies can electronically assess the impact of changes in rules on their filings and quickly assess the impact on future filings. d. Investors and analysts have easier, faster, cheaper access to “asreported” company data and no longer need to rekey data resulting in greater accuracy and timeliness. 58. (SO 5) List and describe the nine privacy practices recommended by the AICPA Trust services Principles Privacy Framework. If you have ever made a purchase online, you have likely seen these practices in use. Provide any examples from your own personal experience. Management. An organization should properly manage privacy. This means that a person or persons must be assigned responsibility to oversee privacy practices. This person should insure that privacy practices are documented and followed. Notice. Notice implies that companies provide their privacy policy to customers. In many cases, the privacy policy is posted on the website. The notice should inform customers of the purpose for collecting the information and how it will be used. Choice and consent. The company should tell customers of any choices the customer might have to opt out of providing information. Also, the online company should gain consent from the customer to collect, use, and retain the information. Consent can be implicit or explicit. Collection. The company should limit collection of customer data to that data for which they have received consent. Use and retention. The company should only use customer data as disclosed in its privacy policy and should retain such data only as long as necessary. Access. The company should provide access that would allow the customer to view, edit, or delete personal information. Disclosure to third parties. Any data collected from customers should not be shared with third parties unless the customer has given consent. Security for privacy. The organization should have protections to insure that customer data is not lost, destroyed, altered, or subject to unauthorized access.

Page14-9


Chapter 14 Solutions

E-commerce and E-business

Quality. Protection and controls should exist to insure that the data has quality. Quality means it is accurate and complete. Monitoring and enforcement. Privacy practices should be continuously monitored to insure they are followed. Examples that students provide will differ from student to student. Examples would be things such as viewing the privacy policies on the web site, granting consent for data collected, etc.

59. (SO 5) Describe the ethical obligations of companies to their online customers. When a company sells online via the Web, the customer may have much more difficulty determining whether the company is bona fide and trustworthy. The company has the same duty that any company has to conduct business ethically. However, the inability of the customer to know a Web-based business in the same way they know a local business adds an additional layer of ethical obligation. Thus it would be in the interest of the company, and the proper ethical behavior, to follow the kind of practices in the AICPA Trust Services Principles that deal with privacy of customer information. Those principles define preferable privacy practices in ten categories. A summary of the policies would be that the company should notify the customers of the data they will collect, how it will be used, shared, stored, and how a customer may modify the data. They should also clearly define how they will keep the data secure and what choices the customer may have to either consent or deny access to certain parts of information.

Cases 60. Trudy’s Trendy Threads. (TTT) and delivery problems. Required: a. Speculate as to potential causes of this problem. It appears that Alex and possibly other sales representatives are making date entry errors as they enter the delivery information. Aaron’s original sales order files specify delivery to the retail stores and this would indicate that customers are not making the error as they e-mail sales orders, but that Aaron is making data errors as he enters delivery information. b. What additional information would be needed to determine the actual cause of this problem? A computer log of the transactions may help determine the errors. c. What controls could be implemented to avoid repeated instances of this problem? It is probably not possible to avoid some errors, but not all. BBI could possibly reduce these errors by instituting a few policies or practices. One practice might be to sales reps to choose delivery ocati0n via a drop-down box rather than keying in delivery data. Another useful practice would be to require sales reps to print the order data as entered,

Page14-10


Chapter 14 Solutions

E-commerce and E-business

and compare it to the original sales order before confirming the order in the online system. Another option may be to eliminate one step in the sales order process. Rather than having sales reps enter order information in a web browser, the customer could enter the data. This would eliminate the steps of the customer e-mailing the order and the sales rep entering the order. The customer could also make data entry errors, but typically, removing extra human steps reduces the total number of errors. 61. Clouse Analytics and XBRL. Required: Perform an online research of XBRL at http://www.xbrl.org and determine whether or not XBRL would be appropriate for Clouse’s business. Would XBRL be more effective and reliable? Why or why not? Your response should focus on the existence of any enhancements or concerns that are likely to result in terms the timeliness of information, internal controls, and security. The following paragraphs were excerpted from www.xbrl.org on February 15, 2008. The introduction of XBRL tags enables automated processing of business information by computer software, cutting out laborious and costly processes of manual re-entry and comparison. Computers can treat XBRL data "intelligently": they can recognise the information in a XBRL document, select it, analyse it, store it, exchange it with other computers and present it automatically in a variety of ways for users. XBRL greatly increases the speed of handling of financial data, reduces the chance of error and permits automatic checking of information. Companies can use XBRL to save costs and streamline their processes for collecting and reporting financial information. Consumers of financial data, including investors, analysts, financial institutions and regulators, can receive, find, compare and analyze data much more rapidly and efficiently if it is in XBRL format. These paragraphs indicate that XBRL can reduce costs, processing time, labor, errors when compared to manual processing. The capability of computers to recognize, analyze, store, and exchange the data means that it streamlines the type of processes at Clouse and makes them more efficient. Thus, Clouse would find XBRL more effective and reliable. There may, of course, be extra costs involved to implement the hardware and software needed to use XBRL. It may also require that his clients be able to provide data in XBRL format.

Page14-11



Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.