TEST BANK
ACCOUNTING INFORMATION SYSTEMS THE PROCESSES AND CONTROLS 5TH EDITION BY LESLIE TURNER, ANDREA WEICKGENANNT SOLUTIONS MANUAL Chapter 1 Concept Check 1. d 2. d 3. b 4. c 5. c 6. c 7. b 8. a 9. b 10. a
Discussion Questions 11. (SO 1) How might the sales and cash collection processes at a Wal-Mart store differ from the sales and cash collection processes at McDonald’s? Wal-Mart sells items that are pre-priced and bar coded with that price. Therefore the cash registers at Wal-Mart use bar code scanners. However, McDonalds sells fast foods that are not bar coded. The cash registers at McDonalds use touch screen systems that require a cashier to indicate the items purchased. The cash collection processes are not different. In both cases, the employee collects the cash or credit card, and returns any change. 12. (SO 1) Can you think of any procedures in place at McDonald’s that are intended to ensure the accuracy of your order? Student responses may vary, however, following are a few examples: Often, at either the drive-through or the inside cash register, the customer can see a screen that displays the items ordered. In addition, a fast food restaurant uses pre-designed slots to hold certain types of menu items. When a customer orders a particular sandwich, the person filling the order knows exactly which slot to pull the sandwich from. Each customer receives a printed receipt with the items listed and the customer can verify the accuracy. 13. (SO 1) How might the sales and cash collection processes at Boeing Co. (maker of commercial passenger jets) differ from the sales and cash collection processes at
Page 1-1
Chapter 1 Solutions
Introduction to AIS
McDonald’s? Boeing does not sell to end-user consumers; rather, it sells to companies such as airlines. Therefore Boeing does not have stores, nor inventory in stores, nor cash registers to process sales. Boeing is more likely to maintain a sales force that visits potential customers to solicit sales. Those sales may be entered by the salesperson into a laptop computer connected to Boeing’s network. McDonald’s, on the other hand, sells to consumers, uses order input touch screens at each location, and maintains supplies of perishable food products. 14. (SO 1) Are there business processes that do not in some way affect accounting records or financial statements? There may be processes that do not directly affect accounting records (such as recruiting and hiring a new employee), but all processes have a direct or indirect affect on accounting records. All processes use resources such as material or employee time. Therefore, all processes have expenses related to those processes that will affect the accounting records. 15. (SO 2) Briefly describe the five components of an accounting information system. 1. Work steps within a business process that capture accounting data as the business process occurs. 2. Manual or computer-based records that capture the accounting data from the business processes. 3. Internal controls within the business process that safeguard assets and ensure accuracy and completeness of the data. 4. Work steps that process, classify, summarize, and consolidate the raw accounting data. 5. Work steps that generate both internal and external reports. 16. (SO 2) Describe how sales data are captured and recorded at a restaurant such as Applebee’s. At most Applebee’s restaurants, a server writes the order on a pad and carries that pad to a cash register. The server enters the order on a touch screen terminal. The order information is then displayed on a terminal in the kitchen. When the customer has finished the meal, the server prints a check and delivers the check to the table. The customer pays the server by using cash or a credit card. The server processes the payment on the touch screen register and returns the change or credit card slip to the customer. 17. (SO 2) What occurs in an accounting information system that classifies accounting transactions? For each business process that affects accounting records, the accounting information system must capture any resulting accounting data, record the data, process it through classification, summarization, and consolidation, and generate appropriate reports. 18. (SO 2) What are the differences between internal reports and external reports generated by the accounting information system? Internal reports are used by management to oversee and direct processes within the organization. External reports are the financial statements used by investors and creditors to make
Page 1-2
Chapter 1 Solutions
Introduction to AIS
decisions about investing or extending credit to the organization. 19. (SO 3) What types of businesses are in the supply chain of an automobile manufacturer? The types of businesses in an automaker’s supply chain are often manufacturers of parts used in cars. This would include manufacturers of tires, batteries, steel, plastic, vinyl and leather, as well as many other manufacturers making the thousands of parts in a car. 20. (SO 3) When a company evaluates a supplier of materials, what kinds of characteristics might be evaluated? The supplier’s characteristics that are likely to be evaluated include price and payment terms, quality, reliability of the materials, as well as whether the supplier can deliver materials when needed. 21. (SO 3) How do you think a company may be able to influence a supplier to meet its business processing requirements? A company may be able to influence a supplier by choosing only suppliers that meet expectations regarding the terms of price, quality, and delivery timing. Those suppliers that do not meet these expectations may not be used in the future. This exerts some influence over suppliers, as the suppliers will lose business if they do not meet the buyer’s requirements. 22. (SO 4) Describe any IT enablement that you have noticed at a large retail store such as Wal-Mart or Target. The most noticeable IT enablement is the use of bar coded systems on the products and how they are read by the cash registers. 23. (SO 4) How do you think the World Wide Web (WWW) has led to business process reengineering at companies such as Lands End or J.Crew? Prior to the World Wide Web, customers placed orders either on the phone or by mail. Both phone and mail orders require employees to take the order and enter it into the computer system. Using online sales, customers enter their own orders and no company personnel are needed to key orders into the computer system. Therefore, there was a major change in the number of people employed to key orders. 24. (SO 4) What two kinds of efficiency improvement result from business process reengineering in conjunction with IT systems? The use of IT systems usually leads to two kinds of efficiency improvements. First, the underlying processes are reengineered (through rethinking and redesign) to be conducted more efficiently. Second, the IT systems improve the efficiency of the underlying processes. 25. (SO 5) Explain the differences between a field, a record, and a file. A field is one set of characters that make up a single data item. For example, last name would be a field in a customer database. A record is a collection of related fields for a single entity. For example, last name, first name, address, phone number, and credit card number fields might make up a single customer record. A file is a collection of similar records. For example, all customer records together make up a customer file.
Page 1-3
Chapter 1 Solutions
Introduction to AIS
26. (SO 5) Explain why random access files would be preferable to sequential access files when payroll personnel are changing a pay rate for a single employee. When the desired action is to access a single record, random access is preferable. If sequential access storage is used, all records must be read in sequence until the desired record is reached. On the other hand, random access allows a single record to be accessed without the necessity of reading other records. This makes it more efficient to access a particular employee record to change the pay rate. 27. (SO 5) Why do real-time systems require direct access files? If transactions are to be processed online and in real-time, it is necessary that the computer access a single record immediately. Thus, direct access files are required so the records can be accessed in real-time. 28. (SO 5) Why is data contained in the data warehouse called nonvolatile? Each time a new transaction is completed, parts of the operational data must be updated. Therefore, the operational database is volatile – with constantly changing information. However, the data warehouse does not change with each transaction. The data warehouse is only changed when periodic updates occur. The data in the data warehouse are nonvolatile because they do not change constantly. 29. (SO 5) How is an extranet different from the Internet? The extranet allows access only to selected outsiders, while the Internet is open to an unlimited number of outsiders (essentially anyone having access to the Internet). On the other hand, extranets are typically used by companies to interact with specific suppliers and customers who have been granted access to a company’s network. 30. (SO 6) Prepare a list of the types of businesses that you have been in that use point of sale systems. Student responses may vary, but would likely include department stores, grocery stores, specialty stores, restaurants, gas stations, and car washes. 31. (SO 6) What do you think would be the advantages of an e-payables system over a traditional system that uses paper purchase orders and invoices? An e-payables system should be faster and more efficient than a paper-based system. In addition, fewer processing errors should be expected from an e-payables system. 32. (SO 7) Describe why enterprise risk management is important. All organizations face risks and Enterprise Risk Management (ERM) assists managers in reducing and controlling risk. ERM also involves personnel across the entire business organization, as they implement strategies to achieve the organization’s objectives. 33. (SO 7) What is the difference between general controls and application controls? General controls apply overall to the IT accounting system. They are controls that are not restricted to any particular accounting application. An example of a general control is the use of passwords to allow only authorized users to log into an IT-based accounting system. Application controls are used specifically in accounting applications to control inputs, processing, and output. Application controls are
Page 1-4
Chapter 1 Solutions
Introduction to AIS
intended to insure that inputs are accurate and complete, processing is accurate and complete, and that outputs are properly distributed, controlled, and disposed. 34. (SO 7) In what way is a code of ethics beneficial to an organization? If top management institutes a code of ethics and emphasizes this code by modeling its principles and disciplining or discharging those who violate the code, it can help reduce unethical behavior in the organization. 35. (SO 8) What roles do accountants have in relation to the accounting information system? Accountants are users of the AIS, they assist in the design of the AIS, and they are auditors of the AIS.
Brief Exercises 36. (SO 1) For each category of business processes (revenue, expenditure, conversion, administrative), give an example of a business process. Student responses are likely to vary greatly, as they may refer to any of the subprocesses within each category. For example, the revenue processes include sales, sales returns, and cash collections; the expenditure processes include purchasing, purchase returns, cash disbursements, payroll, and fixed asset processes; the conversion processes include planning, resource management, and logistics; administrative processes include capital processes, investments, and general ledger processes. Accordingly, any type of business process can be cited to answer this question, but the student must match the example with the appropriate process. 37. (SO 2) Think of a company that you have worked for or with which you have done business. Which departments within the company need reports generated by the accounting information systems? Student responses are likely to vary greatly, as nearly every department within a business organization uses reports generated by the accounting information systems. For example, sales departments need customer account information to help in their efforts to sell products to customers. Purchasing departments need product information to help in their efforts to purchase products needed in the business. These types of information are maintained in accounting information systems. There are numerous additional examples that could apply. 38. (SO 3) Explain a supply chain linkage and give an example. A supply chain linkage is the connection of activities in the supply chain, including the entities, processes, and information flows that involve the movement of materials, funds, and related information through the full logistics process – from the acquisition of raw materials to the delivery of finished products to the end user. It therefore includes the linked activities of vendors, service providers, customers, and intermediaries. In addition to the example of McDonald’s buns given in the text, another example would be a shirt sold by the Gap. The Gap’s supply chain linkage would likely include a supplier from whom the shirt was purchased, a manufacturer who assembled and sewed the shirt,
Page 1-5
Chapter 1 Solutions
Introduction to AIS
a secondary supplier that provided the fabric from which the shirt was constructed, and a farmer who raised cotton used to make the fabric. 39. (SO 4) Explain how business process reengineering occurs. Also, explain how it differs from the typical changes in company policies. With business process reengineering (BPR), the underlying business processes are reengineered to be conducted more efficiently. In other words, a comprehensive rethinking and redesign takes place in order to enhance performance of the process. A key component of BPR is the leveraging of IT capabilities to improve process efficiencies. BPR differs from typically organizational change in that it involves “thinking outside the box” in order to offer completely new and improved methods for business processes. 40.
(SO 4, 6) Describe automated matching in the purchasing process and explain how this IT enablement has improved efficiency in companies. Microsoft Dynamics GP has automated purchase order matching functionality. This functionality electronically matches a purchase order, receiving report and vendor invoice within the system. In MS Dynamics GP a vendor purchase order can be created and printed in the system. The purchase order is sent to the vendor identifying the amount of the authorized purchase. When the goods or services are received, the person responsible for logging the receipt can pull up the original purchase order and receive the items on the PO. If there are any discrepancies between what was ordered and what was received the system adjusts for the discrepancies. Later when the vendor invoices for the goods or services that were received, the matched PO and receiving report can be selected and compared with the prices and quantities of the items invoiced. If there are any differences between the amounts ordered/received and invoiced, the system will adjust for the differences. This automated matching of a PO/receiving report and vendor invoice eliminates the need to manually match these items. Automated matching is an example of IT enablement. In this example of IT enablement, the process is more streamlined, efficient and reduces the likelihood of errors..
41. (SO 5) For an accounts receivable system, what kind of data would be found in the master files and transaction files, respectively? An accounts receivable master file would include relatively permanent data necessary to process customer transactions. This would include a record for each customer. The data in the master file would likely include customer name, address, phone numbers, credit limit, and current balance. A transaction file for accounts receivable would contain the relatively temporary data that must be processed to update the master file, such as details from individual sales and cash collection transactions from customers.
Page 1-6
Chapter 1 Solutions
Introduction to AIS
42. (SO 5) Describe the differences in the following three types of processing: a. Batch processing involves the grouping of similar transactions to be processed together; b. Online processing involves processing individual transactions, one-at-a-time; and c. Real-time processing is an online processing method that involves the immediate processing of individual transactions. 43. (SO 5) The networks discussed in this chapter were LANs, Internet, intranet, and extranet. Explain each. A LAN is a computer network that spans a relatively small area such as a building or group of buildings within a business organization. The Internet is the global computer network made up of millions upon millions of computers and subnetworks throughout the world. An intranet is an organization’s private computer network, accessible only by employees of that organization to share data and manage projects. An extranet is an expansion of an intranet that allows limited access to designated outsiders such as customers and suppliers. 44. (SO 7) Give a brief summary of each of the following: a. enterprise risk management is an ongoing strategy-setting and risk assessment process that is effected by top management but involves personnel across the entire entity. b. corporate governance is an elaborate system of checks and balances whereby a company’s leadership is held accountable for building shareholder value and creating confidence in the financial reporting process. c. IT governance is the corporate governance process that applies specifically to the proper management, control, and use of IT systems. 45. (SO 9) Describe why accountants should be concerned about ethics. Accountants should be concerned about ethics because accounting information systems are often the tools used to commit or cover up unethical behavior. Accountants need to be aware of the possibility of fraud within the AIS so that they can help develop and implement effective internal controls to reduce the risk of such unethical acts. In addition, accountants need to be prepared to resist the temptation to commit unethical acts and to avoid being coerced into assisting with a fraudulent cover-up. 46. (SO 9) Melanie Gibson is currently pursuing her accounting degree at Ohio State University. She has excelled in each of her major courses to date; however, she tends to struggle in her computer classes and with assignments requiring use of computer technology. Nevertheless, Melanie confidently claims that she will become an excellent accountant. Comment on the practical and ethical implications of her position. Melanie is mistaken in her position for the following reasons: Practically speaking, accountants need to be well-informed about the operation of accounting information systems, which nearly always involve computer technology. The AIS is the foundation of most accounting functions, so to resist computer technology would be unreasonable, if not impossible. Also, in order to assist in developing internal controls, accountants must understand the
Page 1-7
Chapter 1 Solutions
Introduction to AIS
processes within the AIS, including the use of technology, so that effective controls can be developed and implemented to reduce risks. Ethically speaking, accountants need to be well-informed about the operation of the AIS so that they are poised to recognize fraud and errors that may occur. Without an understanding of the underlying technology, accountants would be unable to effectively capture and monitor business processes. Rather than fulfilling her responsibility as an accountant to develop and implement internal controls, Melanie’s ignorance of the AIS could actually allow fraud to be perpetrated without being prevented or detected. For these reasons, Melanie’s viewpoint is quite dangerous.
Problems 47. (SO 2) If an accounting information system were entirely a manual system (no computers used), explain how data would be captured, recorded, classified, summarized, and reported. Discuss how the sophistication of the company’s computer system impacts the accounting output and, alternatively, how the requirements for accounting outputs impact the design of the accounting information system. In a manual accounting information system, data would be captured on source documents and recorded by hand in subledgers or special journals. Account classifications would be determined by the accountants responsible for recording the transaction. The accountants would perform mathematical computations to summarize the records and post them to a general ledger. The general ledger would be manually summarized at the end of the period so that financial statements could be prepared. The financial reports would be manually compiled based on the ending general ledger balances. Since a great deal of paper and human processing are required for a manual system, it is prone to error. More sophisticated, computerbased systems tend to produce more output that is more accurate because they are programmed to process data consistently. They also use programming to perform mathematical computations, which promotes accuracy and time savings. Therefore, IT usage to support business processes results in increased accuracy, increased efficiency, and reduced costs. The requirements for accounting outputs impact the design of the AIS. Work steps within a business process can be designed to capture data in a manner that is consistent with the desired content and format of the related output. This promotes efficiency and effectiveness of the overall process. When business process reengineering is used to design business processes, IT systems can be introduced to take advantage of the speed and efficiency of computers to enhance the AIS. 48. (SO 1,3) Classify each of the following processes as either a revenue process, expenditure process, conversion process, or administrative process: a. Selling common stock to raise capital - ADMINISTRATIVE b. Purchasing electronic components to manufacture DVD players EXPENDITURE
Page 1-8
Chapter 1 Solutions
Introduction to AIS
c. Moving electronic components from the stockroom to the production floor to begin making DVD players - CONVERSION d. Paying employees at the end of a payroll period - EXPENDITURE e. Preparing financial statements - ADMINISTRATIVE f. Receiving cash payments from customers - REVENUE g. Buying fixed assets - EXPENDITURE h. Moving manufactured DVD players from the production floor to the warehouse CONVERSION 49. (SO 1) Business processes are composed of three common stages: an initial event, a beginning, and an end. For items a through h listed in Problem 47, identify the applicable initial event, beginning, and end of the process. Student responses may vary as their experiences are likely to be different. Different businesses may have different events that trigger these processes; however, the following are common examples: a. Selling common stock to raise capital: Initial Event – Contacting and communicating with investors; Beginning – Receiving consideration from investor; End – Recording transactions in the accounting records. b. Purchasing electronic components to manufacture DVD players: Initial Event – Receiving a purchase request from operations personnel; Beginning – Placing an order with a supplier; End – Recording the payment for the component parts. c. Moving electronic components from the stockroom to the production floor to begin making DVD players: Initial Event – Receiving a request from the Production department for the movement of materials; Beginning – Removing inventory from the stockroom; End – Recording the receipt of goods in the production area. d. Paying employees at the end of a payroll period: Initial Event – Receiving a time sheet or other record of time worked; Beginning – Recording hours in the payroll records; End – Distributing paychecks or depositing paychecks in employee accounts. e. Preparing financial statements: Initial Event – Preparing end-of-period adjusting entries; Beginning – Summarizing adjusted account balances; End – Compiling data in financial statement format and writing related disclosure notes. f. Receiving cash payments from customers: Initial Event – Communicating with customer about a sale; Beginning – Notifying customer of amounts owed related to the sale; End – Recording the receipt of cash and deposit in a bank account. g. Buying fixed assets: Initial Event – Planning for an expenditure as part of a capital budgeting process; Beginning – Placing an order for the fixed asset; End – Receiving the asset and recording it in a subsidiary ledger. h. Moving manufactured DVD players from the production floor to the warehouse: Initial Event – Receiving notification from the Production department regarding completion of products; Beginning – Removing finished goods from the production floor; End – Recording the receipt of finished goods in the warehouse.
Page 1-9
Chapter 1 Solutions
Introduction to AIS
50. (SO 1,2,7) Each of the points listed next represents an internal control that may be implemented within a company’s accounting information system to reduce various risks. For each point, identify the appropriate business process (revenue, expenditure, conversion, administrative). In addition, refer to the description of business processes under Study Objective 2 in the chapter, and identify the appropriate subprocess. (Some subprocesses may be used more than once, and others may not be used at all.) a. Customer credit must be authorized before a business transaction takes place. Revenue process, sales subprocess b. An authorized price list of goods for sale is provided. Revenue process, sales subprocess c. A shipping report is prepared for all shipments of goods so that customers may be billed in a timely manner. Revenue process, sales subprocess d. Access to personnel files and paycheck records is available only in accordance with management specifications. Expenditure process, payroll subprocess e. New vendors are required to be authorized before a business transaction takes place. Expenditure process, purchasing subprocess f. Access to cash is restricted to those employees authorized by management. Revenue or Expenditure process, Cash collection or cash disbursement subprocess, respectively g. Costs of goods manufactured is properly summarized, classified, recorded, and reported. Conversion process, resource management subprocess h. Amounts due to vendors are reconciled by comparing company records with statements received from the vendors. Expenditure process, cash disbursements subprocess i. Employee wage rates and paycheck deductions must be authorized by management. Expenditure process, payroll subprocess j. Specific procedures such as the performance of a background check are carried out for all new employee hires. Expenditure process, payroll subprocess k. The purchasing manager is notified when stock levels are low so that items may be restocked to prevent backorders. Conversion process, resource management subprocess l. Two signatures are required on checks for payments in excess of $5000. Expenditure process, cash disbursement subprocess m. When excess cash is on hand, the funds are invested in short-term securities. Administrative process, investment subprocess n. Goods received are inspected, and any damaged or unmatched items are promptly communicated to the vendor. Revenue process, sales subprocess o. The monthly bank statement is reconciled to the company’s cash records by an outside accountant. Revenue or Expenditure process, Cash collection or cash disbursement subprocess, respectively 51. (SO 3) Using an internet search engine, search for the terms “RFID” and “supply chain.” Put both of these terms in your search and be sure that “supply chain” is in quotation marks. Read some of the resulting web sites you find and answer these
Page 1-10
Chapter 1 Solutions
Introduction to AIS
questions: a. What is RFID? Radio-frequency identification (RFID) technology helps companies identify and manage large lots of goods, typically received and stored in cartons or on skids. The cartons or skids include tags that are encoded with identifying information about the items, their supplier, and their purchase transaction. These tags can be instantly read and recorded by the company through the use of antennae or battery-operated transmitters and radio waves. b. How is RFID related to the supply chain? RFID enhances supply chain management by significantly reducing the time required to record purchases and inventory tracking. The instantaneous reading of RFID tags allows the items to move swiftly through the logistics process with increased speed and accuracy of the underlying records. c. How will RFID improve the accuracy of data from the supply chain? Accuracy is increased by the use of tags containing company and product identifiers. These tags reduce the risk of recording items in duplicate. They also aid in inventory tracking through enhanced security of products being moved between locations. 52. (SO 7) Go to the COSO web site and locate the guidance on enterprise risk management. The executive summary of the article “Enterprise Risk Management – Integrated Framework” can be downloaded at no cost. Read the sections titled “Roles and Responsibilities” and “Use of this Report.” Describe the roles that various parties should play in enterprise risk management. Although everyone within a business entity has responsibility for its ERM processes, the chief executive officer is ultimately responsible and must assume ownership of the process. Accordingly, the CEO should bring together key managers from each functional area to plan, implement, and monitor the process. The board of directors should provide necessary oversight and maintain contact with top management, internal auditors, and external auditors regarding the ERM process. Other managers should support the organization’s philosophy, promote compliance with its risk appetite, and manage risks within their areas of responsibility. The CFO and internal auditors typically have a support role. External to the business organization, three groups are key to the effective use of ERM: regulators, professional organizations, and educators. Regulators are expected to refer to the COSO framework in the development of expectations as well as the conduct of their examinations for business organizations they oversee. Professional organizations should consider the COSO framework in the development of guidelines for financial management, auditing, and related topics. Educators are urged to incorporate the framework into university curricula, as well as to conduct research and analysis on potential enhancements to the ERM process. 53. (SO 9) Using an internet search engine, search for the term (in quotations) “earnings management.” From the items you read, answer the following questions: a. Is earnings management always criminal? No, earnings management is not always illegal. Since accounting principles allow for some flexibility, accountants may use the discretion at their disposal in preparing financial statements.
Page 1-11
Chapter 1 Solutions
Introduction to AIS
b. Is earnings management always unethical? No, earnings management is not always unethical, due to the materiality constraint. Yet earnings management becomes unethical when it “crosses the line” to reflect management’s desires rather than an accurate representation of the company’s financial performance. If earnings management deceives or distracts investors, it is unethical. 54. (SO 9) Using an internet search engine, search for “HealthSouth” and “fraud” or “Scrushy” (the name of the company’s CEO). Explain the fraud that occurred at HealthSouth Corporation. What was the ultimate result of the prosecution of HealthSouth officials? HealthSouth’s fraud was an elaborate earnings management scheme whereby earnings were overstated by at least $1.4 billion. False revenues were recorded with corresponding decreases in contra-revenue accounts, expenses, and/or liabilities and increases in assets. Ultimately, after a long and dramatic trial, Scrushy was acquitted of all criminal charges due to lack of evidence tying him to the fraud.
Cases 55. Gas and Java Mart and the accounting information system. 1. Accounting data is likely to be captured at Gas and Java Mart at the gas pump if the customer uses a debit card or credit card to pay for a gas purchase at the pump. Even if the customer chooses to pay inside, the information pertaining to the sale of gasoline is recorded at the pump. The snacks must be purchased inside the store, but can be added to the gasoline charge. The accounting effect is that the sale and the payment collected should increase the Sales account and Cash or Accounts Receivable, respectively. 2. The records that capture the accounting data would be maintained within the computer system. Although a manual process is required to operate the gas pump and cash register, the remainder of the system is computer-based, so the system records the sale and all related data. 3. Internal controls would include the security cameras in the store and gas filling area, as well as reconciliation procedures. Like the McDonalds’ example, a manager is likely to close and reconcile the cash register and gas pump sales at the end of the day. 4. The summarization of accounting data is likely to occur at the end of the period when financial reports are prepared. These steps are probably accomplished by the computer software. 5. Financial reporting occurs at the end of the period, as data are summarized into reports used for internal and external purposes. This likely includes a combination of manual and computerized processes. There are likely to be separate classifications for the sales of gasoline versus snack items. 56. Business processes and IT enablement at fast food restaurants. Student responses may vary, but are likely to consistent with the following: a. List and describe four different activities that are manual parts of business processes at a restaurant such as Wendy’s. Manual processes are required to:
Page 1-12
Chapter 1 Solutions
Introduction to AIS
greet customers at the drive-through window or counter enter customer orders on the cash register touch-screens prepare the food gather the customer’s order collect payment from the customer clean the dining area refill the condiment dispensers, etc. reconcile the cash in the cash register to amounts included in the sales summaries b. List and describe four different activities that are IT enabled parts of business processes at a restaurant such as Wendy’s. IT enables processes are used to: record customer orders input in the cash registers. The system accumulates sales data based on the orders transacted prepare sales amounts based upon the pre-programmed prices of items ordered and applicable tax rates determine the amount of change due to customers based on the amount of cash collected prepare a sales receipt upon completion of a sales transaction transfer order details to the food preparation stations so that the items can be prepared and assembled prepare a daily summary for each cash register at the end of the shift 57. Business processes at department stores. a. Describe any necessary supporting processes that precede the sale of a product to you. Some of the supporting processes that precede a sale to a customer include acquiring, pricing and display of the merchandise, hiring and training sales personnel and cashiers, preparation of cash register drawers with adequate change, and programming the system to recognize the items when they are read by a bar code scanner. b. Describe any necessary supporting processes that occur after a sale to you. Some of the supporting processes that occur after a sale to a customer include handling customer returns, summarization of the sales data, reconciling the cash registers with the computerized data from the registers, preparation of a bank deposit, periodic sales reporting, and reconciliation of the bank statements. 58. Business processes at Cooper’s Cues Co. a. What are the business processes that apply to this business? The business processes described include the expenditure process involved in purchasing materials needed to manufacture pool cues and disbursing cash to suppliers for materials purchased. The case also describes revenues processes for sales of pool cues over the internet, customer collections, and sales returns (replacements). This business would also include subprocesses for payroll expenditures to pay Rob and Stacy Cooper for their time worked, and fixed asset processes to handle any capital assets acquired (such the workshop, office space, furniture and computers, tools and equipment, delivery vehicle, etc.). In addition, conversion processes would involve planning of the manufacturing Page 1-13
Chapter 1 Solutions
Introduction to AIS
process, planning and managing materials and resources needed for production, and logistics (movement of the manufactured goods through the production process through delivery to a customer). b. How would the business processes change if Cooper’s Cues expanded to a regional focus? If Cooper’s Cues expanded to a regional focus, it is likely that its business would grow. Rob and Stacy Cooper may have difficulty managing a regional business on their own, so they would likely need to hire and train employees to join their business. As more people became involved in the business processes, they would need to determine how responsibilities would be divided and how to implement internal controls in the processes. Rob Cooper may no longer be able to personally handle all deliveries. The company’s website may also need to be enhanced to handle the additional volume anticipated in connection with the business expansion. c. How would the business processes change if Cooper’s Cues began selling pool balls and other billiard equipment in addition to cues? If Cooper’s Cues began selling pool balls and other billiard equipment in addition to its pool cues, its business processes would change. If Cooper’s acquired this type of merchandise, it would have to enhance its expenditures processes to include the types of suppliers of these billiard accessories. It would also need to consider the logistics of inventory storage. In addition, its revenue processes would need to be enhanced to differentiate sales of manufactured cues versus other billiard merchandise. Its website would need to be updated to handle the additional product lines.
Page 1-14
Chapter 2 Solutions
Foundational Concepts of AIS
Turner/Accounting Information Systems, 5e Solutions Manual Chapter2 Concept Check 1. d 2. c 3. b 4. c 5. a 6. b 7. b 8. c 9. c 10. c 11. b 12. d
Discussion Questions 13. (SO 1) What is the relationship between business processes and the accounting information system? As the systematic steps are undertaken within a business processes, the corresponding data generated must be captured and recorded by the accounting information system. 14. (SO 1) Why is it sometimes necessary to change business processes when IT systems are applied to business processes? When IT systems are applied to business processes, some of the detailed transaction data may no longer be taken from paper-based source documents, and manual processing may no longer be needed to summarize and post that data. Accordingly, some of the related manual steps within the business process can be eliminated or changed. 15. (SO 2) Are manual systems and processes completely outdated? No, manual systems and business processes are not completely outdated. Manual records and tasks may still be involved in the business processes of even the largest and most sophisticated accounting information systems. 16. (SO 2) What is the purpose of source documents? Source documents capture the key data of a transaction, including date, purpose, entity, quantities, and dollar amounts.
Page 2-1
Chapter 2 Solutions
Foundational Concepts of AIS
17. (SO 2) What are some examples of turnaround documents that you have seen? An example of a turnaround document, as described in the chapter, is a credit card statement, where the statement itself (as received in the mail by the credit card holder) represents the output of the credit card company’s accounting information system. When the credit card holder returns the top portion of the statement with his or her payment, it then becomes an input to the company’s cash collection process. 18. (SO 2) Why would the training of employees be an impediment to updating legacy systems? One of the advantages of legacy systems is that they are well supported and understood by existing personnel who are already trained to use the system. Since those legacy systems are not generally based on user-friendly interfaces and they tend to be use software written in older computer languages, there is likely to be a significant investment of time and human resources required to maintain the system. In addition, legacy systems are often difficult to modify. Employees may be reluctant to forego their investment or to commit additional time in support of an updated system that becomes more challenging to maintain. 1. 19. (SO 2) Why is it true that the accounting software in and of itself is not the entire accounting information system? The accounting software is not the entire accounting information system; rather, it is a tool that supports the organization’s unique business processes. The software must often be customized to meet the needs of the organization and to integrate well with the manner in which transactions are processed. The human resources and/or manual records and documents that are part of the business processes are also an integral part of the accounting information system. 20. (SO 2) How is integration across business processes different between legacy systems and modern, integrated systems? Integration across business processes within a legacy system is extremely challenging and costly, as those systems are usually not based on user-friendly interfaces that are difficult to modify. It is also difficult to find programmers to perform such tasks. The result is that organizations which integrate business processes between legacy systems typically must resort to enhancements to their existing software or bridging their existing software to new systems or interfaces. On the other hand, modern, integrated systems are based on a single software system that integrates many or all of the business processes within the organization, thus eliminating the coordination and updating efforts required by the older systems. 21. (SO 3) How does client-server computing divide the processing load between the client and server? In client-server computing, the processing load is assigned to either the server or the client on the basis of which one can handle each task most efficiently. The server is more efficient in managing large databases, extracting data from databases, and running high-volume transaction processing software applications. The client is more efficient at manipulating subsets of data and presenting data in a user-friendly, graphical-interface environment.
Page 2-2
Chapter 2 Solutions
Foundational Concepts of AIS
22. (SO 3) Why do you think the client computer may be a better computer platform for presentation of data? The client computer is better for presentation of data because it manipulates subsets of data without being bogged down by the processing load of the entire data set. In addition, the client computer maintains presentation software in a user-friendly format for reporting purposes.
23. (S04) What are the distinguishing characteristics of cloud computing? Cloud computing is a centralized approached to computing, whereby computing services are outsourced to a third party provider. Accordingly, a company’s software and data may reside on the server of the provider. This offers many advantages, including the ability to scale the level of service to the needs of the company, as well as cost savings associated with the reduced infrastructure. 24. (S04) Why do you think a company would benefit from using cloud computing rather than client server computing? The primary benefits of cloud computing are in the areas of access, scalability, and cost savings. Companies are likely to benefit from using cloud computing when their employees may need to access and read data from many different locations while using different types of computing devices. In addition, since cloud computing is a pay-for-service model, companies only pay for the level of service they need, so it is not necessary to invest in capacity that may not yet be required. Also, the cost savings result from the reduced infrastructure (including equipment, hardware, software, maintenance, and technical employees). 25. (SO4) If your personal data were stored on a computer in cloud computing, would you have any concerns about it? Student responses may vary, and although the risks of cloud computing are discussed in a later chapter, students may identify concerns about security of private data stored in the cloud and access to data in the event of a service interruption. 26. (SO 5) Why do you think there are different market segments for accounting software? There are different market segments for accounting software to support the different needs of organizations depending on their size and the complexities of their business processes. 27. (SO 5) How would accounting software requirements for large corporations differ from requirements for small companies? Larger companies tend to need more power and functionality from their software systems because of their size and the complexities of their business processes. This may especially be true of large, multinational corporations which need to integrate business processes located all around the globe. Small companies are not likely to need such extensive power and functionality from their systems. 28. (SO 5) What are some of the differences between ERP systems and accounting software for small companies? ERP systems are multimodule software systems designed to manage all aspects of an enterprise. The modules (financials, sales,
Page 2-3
Chapter 2 Solutions
Foundational Concepts of AIS
purchasing, inventory management, manufacturing, and human resources) are based on a relational database system that provides extensive set-up options to facilitate customization to specific business needs. Thus, the modules work together to provide a consistent user interface. These systems are also extremely powerful and flexible. Many of the software systems in the small and mid market categories are not true ERP systems with fully integrated modules; however, these systems assimilate many of the features of ERP systems. 29. (SO 5) Why would accounting software development companies be interested in expanding their software products into other market segments? Software development companies and software vendors often attempt to increase the appeal of their software products to more than one market segment when the features of their products may fit the needs of different sized organizations. In addition, there is a trend toward increasing the functionality of existing systems to offer increased flexibility and functionality to meet such diverse needs. Since business organizations make considerable investments in the software products that comprise their accounting information systems, it is not surprising that there is much competition among the companies that provide these systems. 30. (SO 6) Given the business and accounting environment today, do you think it is still important to understand the manual input of accounting data? Manual input of data is still important to understand in today’s accounting environment. Many business organizations still use some manual processes for reading source documents and keying the relevant information into the accounting information system. Even hightech point of sale systems require manual processes to input the accounting data contained on bar codes. 31. (SO 6) What are the advantages to using some form of IT systems for input, rather than manual input? Using IT systems for input has the advantages of reducing the time, cost, and errors that tend to occur with manual data input. 32. (SO 6) Why would errors be reduced if a company switched input methods from manual keying of source documents to a bar code system? With manual input, human efforts are required to write on the source documents and to manually key in the data. Errors tend to occur from time-to-time with such a system. On the other hand, the manual steps of writing and keying are eliminated when using a bar code system, thus reducing the likelihood of error. 33. (SO 7) In general, what types of transactions are well suited to batch processing? Batch processing is best suited to applications having large volumes of similar transactions that can be processed at regular intervals, such as payroll. 34. (SO 7) Why might the time lag involved in batch processing make it unsuitable for some types of transaction processing? By necessity, batch systems involve a time lag while all transactions in the batch are collected. This means that available information in files will not always be current, as it would be in real-time systems.
Page 2-4
Chapter 2 Solutions
Foundational Concepts of AIS
Therefore, when constantly up-to-date information is needed by users on a timely basis, batch processing is likely to be unsuitable for transaction processing. 35. (SO 7) How would real-time processing provide a benefit to managers overseeing business processes? Real-time processing is beneficial for business managers because it provides for system checks for input errors. Therefore, errors can be corrected immediately, thus increasing the quality of the information for which the manager is held accountable. In addition, real-time systems enhance the efficiency of information availability. 36. (SO 8) How do internal reports differ from external reports? Although internal and external reports are both forms of output from an accounting information system, they have different purposes. Internal reports provide feedback to managers to assist them in running the business processes under their control. On the other hand, external reports (such as the financial statements) are used by external parties to provide information about the business organization. 37. (SO 8) What are some examples of outputs generated for trading partners? Invoices and account statements are examples of outputs generated for customers; whereas checks and remittance advices are examples of outputs sent to vendors. 38. (SO 8) Why might it be important to have internal documents produced as an output of the accounting information system? It is important to produce internal documents as an output of an accounting information system because internal documents provide feedback needed by managers assist them in running the business processes under their control. These internal documents can be customized to allow a manger to “drill down” into the details of the process being managed. 39. (SO 9) How does documenting a system through a pictorial representation offer benefits? A pictorial representation of an accounting information system is beneficial because it provides a concise and complete way for accountants to analyze and understand the procedures, processes, and the underlying systems that capture and record the accounting data.
Brief Exercises 40. (SO 1) Think about your most recent appointment at the dentist’s office. Describe the business process that affected you as the patient/customer. In addition, describe the administrative and accounting processes that are likely to support this business. As a patient, you would experience the revenue processes as you receive services from the hygienist and dentist. You would also be affected by the billing and
Page 2-5
Chapter 2 Solutions
Foundational Concepts of AIS
collections processes when you receive an invoice for services rendered and submit payment for those services. The dental office would need to have specific steps in place for recording the services provided to each patient so that they can be properly billed and reported. These steps may be very detailed, especially in instances where patient fees must be allocated between dental insurance companies and the patients themselves. There would also need to processes in place for purchasing, as a dentist’s office is expected to make regular purchases of supplies as well as to handle the other operating costs of the business. Payroll processes would also be needed to account for the time and pay of each employee in the dentist’s office, and fixed asset processes would be needed to support the investments in and depreciation of office furniture and equipment, fixtures, and dental equipment. Finally, it is possible that the business may have administrative processes in place to handle investment, borrowing, and capital transactions. Once these transactions are recorded, the business must have processes in place to post the related data to the general ledger and summarize it in a manner that facilitates the preparation of financial statements and other accounting reports. 41. (SO 2) Describe the purpose of each of the following parts of a manual system: a. source document – captures the key data of a transaction, including the date, purpose, entity, quantities, and dollar amounts. b. turnaround document – provides a connection between different parts of the accounting system by serving as the output of one system and the input to another system in a subsequent transaction. c. general ledger – provides details for the entire set of accounts used in the organization’s accounting systems. d. general journal – captures the original transactions for non routine transactions, adjusting entries, and closing entries. e. special journal – captures the original transactions for routine transactions such as sales, purchases, payroll, cash receipts, and cash disbursements. f. subsidiary ledger – maintains detailed information regarding routine transactions, with an account established for each trading partner. 42. (SO 2) Consider the accounting information system in place at an organization where you have worked. Do you think that it was a manual system, legacy system, or an integrated IT system? Describe one or two characteristics of that accounting information system that lead you to your conclusion. Student responses are likely to vary greatly, as they may refer to any work experience. Characteristics of manual systems may include paper-based documents and records, and manual processes performed by humans. Characteristics of legacy systems may include older technology including a mainframe computer and the use of software languages such as COBOL, RPG, Basic, and PL1. Characteristics of an integrated IT system include powerful,
Page 2-6
Chapter 2 Solutions
Foundational Concepts of AIS
technologically advanced computer systems with Internet interfaces, which are typically marked by efficiencies in terms of limited paperwork and user-friendly interfaces. 43. (SO 2) Suppose that a company wants to upgrade its legacy system, but cannot afford to completely replace it. Describe two approaches that can be used. One approach to updating a legacy system is to use screen scrapers, or frontware, which add modern, user-friendly screen interfaces to an existing system. Another approach is to bridge the legacy system to new hardware and software using enterprise application integration, or EAI. 44. (SO 4) Both Gmail and iCloud for iTunes were mentioned as examples of cloud computing. Can you describe any other examples of cloud computing? Student responses are likely to vary greatly, but may include examples such as the following: video and photo storage in the cloud, as well as document storage; online collaboration tools to facilitate groups who hold meetings and/or work on projects requiring participation from multiple locations; online data sharing between trading partners; virtual office space for people who travel or telecommute. 45. (SO 5, 7) Consider the real world example of Cole Haan presented in this chapter. a. Use Exhibits 2-3 and 2-4 to help you determine the approximate range of Cole Haan’s annual revenues. Since Cole Haan’s ERP system, falls in the High End or Tier 1 market segment, the company’s revenues must be over $100 million. b. What are the advantages Cole Haan likely realized as a result of having real-time data available? The advantages to real-time data processing include: reduced errors, since the system checks inputs and corrects errors immediately more timely information constantly up-to-date data files integrated business processes into a single database so that a single system can be achieved. 46. (SO 6) Using IT systems to input accounting data can reduce costs, time, and errors. Give an example showing how you think IT systems can lead to these reductions (cost, time, and errors). Student responses may vary. The responses below apply to the savings a company would be expected to realize upon implementation of a bar code system as a method of inputting data. Using IT systems to input data can help reduce costs, such as when bar code systems at a self-checkout line eliminate the human resource costs of using a checkout clerk.
Page 2-7
Chapter 2 Solutions
Foundational Concepts of AIS
Using IT systems to input data can help save time, such as when bar code systems at a checkout line can reduce the checkout time to a fraction of the time required to manually record the transaction. This is because it eliminates the manual processes involved in writing data on a source document and/or keying the data into the software system. Using IT systems to input data can help reduce errors, such as when bar code systems eliminate the duplicate manual processes involved in writing data on a source document and later keying the data into the software system. 47. (SO 8) Identify whether the following reports would be categorized as trading partner documents, internal documents, internal reports, or external reports: a. daily cash receipts listing – internal document b. accounts receivable aging – internal report c. wire transfer of funds to a vendor – trading partner document d. customer price list – trading partner document e. general ledger – internal report f. statement of cash flows – external report g. sales invoice – trading partner document h. production schedule – internal document i. customer address list – internal document j. payroll journal – internal report 48. (SO 8) Which type of accounting information system reports would likely be prepared most frequently by financial accountants? By managerial accountants? Financial accounts are most likely to prepare external reports (such as financial statements and other reports provided to external users of the company’s accounting information); whereas managerial accountants are most likely to prepare internal reports (such as journals and other reports that provide feedback to managers about their areas of responsibility). 49. (SO 9) Identify which of the cardinal relationships apply, from the following: a. component part – product b. customer – product c. employee ID badge – employee d. employee – supervisor e. vendor – check
Problems
Page 2-8
Many to many Many to many One to one One to many One to many
Chapter 2 Solutions
Foundational Concepts of AIS
50. (SO 2) Suppose that a large company is considering replacing a legacy system that is nearing obsolescence. Describe any aspects of this decision that the company should consider. When considering whether or not to replace a legacy system, a company should conduct a cost-benefit analysis. A business organization may decide to maintain a legacy system if it determines that the replacement costs would be too high. In such cases, the organization would likely place strong emphasis on the advantages of its legacy system, including its degree of customization and the extent of historical data that it contains which would be difficult to integrate into a new system. On the other hand, if the organization decided to replace its legacy system, it is likely that its reasons included such things as difficulty in supporting the older hardware, software, and programming language of its legacy system, difficulty in integrating the legacy system with newer business applications, and lack of user-friendly interfaces and supporting documentation from the legacy system. 51. (SO 1, 9) Visit the campus bookstore at your university. From what you see happening at the bookstore, try to draw a process map of how the processes at that store serve students, the customers. Refer to the separate Microsoft Excel file “Chapter 2 Solutions Pictorial Representations.xls 52. (SO 5) Look at Exhibit 2-4 and pick one accounting software product from the midmarket segment and one software product from the tier 1 ERP segment. Using those brand names of software, search the Internet for information about those products. Based on your investigation, what are the differences between the two software products you chose? (Hint: To begin your search, you might try examining the following websites. www.accounting-software 411.com , www.findaccountingsoftware.com, and www.2020software.com) Student responses are likely to vary greatly, depending upon the software brands selected. However, the modules within the midmarket products may not be fully integrated or may be less complex than the Tier 1 ERP systems. 53. (SO 6) Using the Internet or other research tool, search for the term “RFID.” From the results you find, describe how RFID will be used as an input method. RFID stands for radio-frequency identification. RFID technology helps companies identify and manage large lots of goods, typically received and stored in cartons or on skids. The cartons or skids include tags that are encoded with identifying information about the items, their supplier, and their purchase transaction. RFID is used as an input method whereby the tags can be instantly read and recorded by using antennae or battery-operated transmitters and radio waves.
Page 2-9
Chapter 2 Solutions
Foundational Concepts of AIS
54. (SO 3) Using the Internet or other research tool, search for the terms “client-server” and “scalable.” From the results you find, explain why client-server systems are scalable. Scalable systems have the ability to handle growth or increased capabilities. Thus, client-server systems are deemed to be scalable because of the manner in which tasks are divided. Since client PCs normally accomplish local processing tasks, additional client PCs could be added to the network to handle new or growing subsets of data from the server.
55. (SO 4) Using the Internet or other research tool, search for the terms “Amazon elastic cloud.” Describe what you find. Why do you believe it is called elastic? Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides resizable compute capacity in the cloud. It is designed to make web-scale computing easier for developers. Amazon EC2’s simple web service interface allows users to obtain and configure capacity with minimal friction. It provides complete control of users’ computing resources and allows users to run on Amazon’s computing environment. Amazon EC2 reduces the time required to obtain and boot new server instances to minutes, allowing users to quickly scale capacity as their computing requirements change. Amazon EC2 provides developers the tools to build failure resilient applications and isolate themselves from common failure scenarios. The term “elastic” likely refers to the ability for users to quickly scale capacity both up and down as their computing requirements change. Thus, users can create, launch, and terminate server instances as needed.
Cases 56. Pictorial representations of a drive-through window at a fast food chain. Student responses are likely to vary, but may be similar to those shown in the Microsoft Excel file “Chapter 2 Solutions Pictorial Representations.xls” 57. Pictorial representations of a college’s parking services processes. Student responses are likely to vary, but may be similar to those shown in the Microsoft Excel file “Chapter 2 Solutions Pictorial Representations.xls”
Page 2-10
Chapter 3 Solutions
Fraud, Ethics, and Internal Control
Turner/Accounting Information Systems, 5e Solutions Manual Chapter 3
Concept Check 1. b 2. c 3. a 4. d 5. d 6. b 7. b 8. a 9. a 10. d 11. c 12. b 13. c 14. d
Discussion Questions 15. (SO 1) Management is held accountable to various parties, both internal and external to the business organization. To whom does management have a stewardship obligation and to whom does it have reporting responsibilities? Management has a stewardship obligation to the shareholders, investors, and creditors of the company, i.e., any parties who have provided funds or invested in the company. Management has a reporting responsibility to business organizations and governmental units with whom the company interacts. 16. (SO 2, 4) If an employee made a mistake that resulted in a loss of company funds and misstated financial reports, would the employee be guilty of fraud? Discuss. No, a mistake, or unintentional error, does not constitute fraud. In this situation, there is no theft or concealment, so fraud does not exist. 17. (SO 2, 3) Do you think it is possible that a business manager may perpetrate fraud and still have the company’s best interest in mind? Discuss. Student responses may vary. Those agreeing that it is possible may refer to the fraud triangle and note that the incentive may be job-related (such as opportunities to produce enhanced
Page 3-1
Chapter 3 Solutions
Fraud, Ethics, and Internal Control
financial statements, which may increase the company’s stock price, increase compensation, avoid firings, enhance promotions, and delay bankruptcy) and the rationalization may involve plans to make restitution. On the other hand, some students may reject the notion that management fraud could be in a company’s best interest, as it puts the company at great risk. When frauds are discovered, they are often devastating due to the financial restatements and loss of trust. 18. (SO 7) Distinguish between internal and external sources of computer fraud. Employees are the source of internal computer fraud. When employees misuse the computer system to commit fraud (through manipulation of inputs, programs, or outputs), this is known as internal computer fraud. On the other hand, external sources of computer fraud are people outside the company or employees of the company who conduct computer network break-ins. When an unauthorized party gains access to the computer system to conduct hacking or spoofing, this is known as external computer fraud. 19. (SO 7) Identify and explain the three types of internal source computer fraud. The three types of internal source computer fraud are input manipulation, program manipulation, and output manipulation. Input manipulation involves altering data that is input into the computer. Program manipulation involves altering a computer program through the use of a salami technique, Trojan horse program, trap door alteration, etc. Output manipulation involves altering reports or other documents generated from the computer system. 20. (SO 7) Describe three popular program manipulation techniques. The salami technique accomplishes a fraud by altering small “slices” of computer information. These slices of fraud are difficult to detect because they are so small, but they may accumulate to a considerable amount if they are carried out consistently across many accounts. This is often accomplished by rounding or applying minor adjustments. The perpetrator typically steals the amounts represented by these slices or uses them to his or her benefit. A Trojan horse program is a small, unauthorized program within a larger, legitimate program, used to manipulate the computer system to conduct a fraud. For example, a customer account may be automatically written off upon the processing of a new batch of transactions. A trap door alteration involves misuse of a valid programming tool, a trap door, to commit fraud. Trap doors are unique hidden entrances to computer programs that are written into the software applications to provide a manner of testing the systems. Although they should be removed prior to implementation, they may remain to provide a tool for misusing the system to perpetrating fraud. 21. (SO 7) Distinguish between Internet spoofing and e-mail spoofing. Internet spoofing involves a person working through the Internet to access a computer network while pretending to be a trusted source. The packet of data containing the Internet
Page 3-2
Chapter 3 Solutions
Fraud, Ethics, and Internal Control
protocol (IP) address contains malicious data such as viruses or programs that capture passwords and log-in names. E-mail spoofing bombards employee e-mail accounts with junk mail intended to scam the recipients. 22. (SO 10) What are the objectives of a system of internal control? The objectives of an internal control system are as follows:
To safeguard assets from fraud or errors To maintain accuracy and integrity of accounting data To promote operational efficiency To ensure compliance with management directives
23. (SO 10) Name and distinguish among the three types of internal controls. The three types of internal controls are preventative controls, detective controls, and corrective controls. Preventative controls are designed to avoid fraud and errors by stopping any undesired acts before they occur. Detective controls help employees uncover or discover problems that may exist. Corrective controls involve steps undertaken to correct existing problems. 24. (SO 10) Identify the COSO report’s five interrelated components of internal controls. According to the COSO report, there are five interrelated components of internal control: the control environment, risk assessment, control activities, information and communication, and monitoring. 25. (SO 10) Name the COSO report’s five internal controls activities. According to the COSO report, there are five internal control activities: authorization of transactions, segregation of duties, adequate records and documents, security of records and documents, and independent checks and reconciliations. 26. (SO 10) Distinguish between general and specific authorization. General authorization is a set of guidelines that allows transactions to be completed as long as they fall within established parameters. Specific authorization means that explicit approval is needed for that single transaction to be completed. 27. (SO 10) Due to cost/benefit considerations, many business organizations are unable to achieve complete segregation of duties. What else could they do to minimize risks? Close supervision may serve as a compensating control to lessen the risk of negative effects when other controls, especially segregation of duties, are lacking. 28. (SO 10) Why is a policies and procedures manual considered an element of internal control? Formally written and thorough documentation on prescribed policies and procedures should establish clarity and promote compliance within a business organization, thus providing an important element of internal control. The policies and procedures should cover both manual and automated processes and control measures, and must be communicated to all responsible parties within the company.
Page 3-3
Chapter 3 Solutions
Fraud, Ethics, and Internal Control
29. (SO 10) Why does a company need to be concerned with controlling access to its records? Securing and protecting company records is important to ensure that they are not misused or stolen. Unauthorized access or use of records and documents allows the easy manipulation of those records and documents, which can result in fraud or a concealment of fraud. 30. (SO 10) Many companies have mandatory vacation and periodic job rotation policies. Discuss how these practices can be useful in strengthening internal controls. Mandatory vacations and periodic job rotation policies provide for independent monitoring of the internal control systems. Internal control responsibilities can be rotated so that someone is monitoring the procedures that are typically performed by someone else, which enhances the effectiveness of those procedures. 31. (SO 10) Name the objectives of an effective accounting system. An effective accounting system must accomplish the following four objectives:
Identify all relevant financial transactions of the organization. Capture the important data of these transactions. Record and process the data through appropriate classification, summarization, and aggregation. Report the summarized and aggregated information to managers.
32. (SO 10) What does it mean when information flows “down, across, and up the organization”? A business organization must implement procedures to assure that its information and reports are communicated to the appropriate management level. This communication is described by COSO as “flowing down, across, and up that organization”. Such a communication flow assists management in properly assessing operations and making changes to operations as necessary. 33. (SO 10) Provide examples of continuous monitoring and periodic monitoring. Any ongoing review activity may be an example of continuous monitoring, such as a supervisor’s examination of financial reports and a computer system’s review modules. An example of periodic monitoring is an annual audit performed by a CPA firm or a cyclical review performed by internal auditors. 34. (SO 10) What are the factors that limit the effectiveness of internal controls? It is not possible for an internal control system to provide absolute assurance because of the following factors that limit the effectiveness of internal controls:
Flawed judgments Human error Circumventing or ignoring established controls
In addition, excessive costs may prevent the implementation of some controls.
Page 3-4
Chapter 3 Solutions
Fraud, Ethics, and Internal Control
35. (SO 11) Identify and describe the five categories of the AICPA Trust Services Principles. The AICPA Trust Services Principles are divided into the following five categories of risks and controls:
Security. Security is concerned with the risk of unauthorized physical and logical access, such as breaking into the company’s facilities or computer network. Availability. Availability is concerned with the risk of system interruptions or failures due to hardware of software problems such as a virus. Processing integrity. Processing integrity is concerned with the risk of inaccurate, incomplete, or improperly authorized information due to error or fraud. Online privacy. Online privacy is concerned with the risk of inappropriate access or use of a customer’s personal information. Confidentiality. Confidentiality is concerned with the risk of inappropriate access or use of company information.
36. (SO 11) Distinguish between the Trust Services Principles of privacy and confidentiality. Both privacy and confidentiality are concerned with the risk of in appropriate access or use of information. However, privacy is focused on protecting the privacy of a customer’s personal information; whereas confidentiality is focused private information about the company itself and its business partners. 37. (SO 12) What does section 404 of the Sarbanes-Oxley Act require of management regarding internal control systems? The following was outlined by the SEC: Section 404 of the Sarbanes-Oxley Act of 2002, requires publically held companies (companies subject to the reporting requirements of the Securities Exchange Act of 1934, other than registered investment companies), to include in their annual reports: a report of management on the company's internal control over financial reporting. The internal control report must include: o a statement of management's responsibility for establishing and maintaining adequate internal control over financial reporting for the company; o management's assessment of the effectiveness of the company's internal control over financial reporting as of the end of the company's most recent fiscal year; o a statement identifying the framework used by management to evaluate the effectiveness of the company's internal control over financial reporting; and o a statement that the registered public accounting firm that audited the company's financial statements included in the annual report has issued an attestation report on management's assessment of the company's internal control over financial reporting.
Page 3-5
Chapter 3 Solutions
Fraud, Ethics, and Internal Control
Under the new rules, a company is required to file the registered public accounting firm's attestation report as part of the annual report. Management must also evaluate any change in the company's internal control over financial reporting that occurred during a fiscal quarter that has materially affected, or is reasonably likely to materially affect, the company's internal control over financial reporting.
Brief Exercises 38. (SO 2, 3) What possible motivation might a business manager have for perpetrating fraud? Management might be motivated to perpetrate fraud in order to improve the financial statements, which may have the result of increasing the company’s stock price and increasing incentive-based compensation. Altered financial information might also have the effect of delaying cash flow problems and/or bankruptcy, as well as improving the potential for business transactions such as mergers, borrowing, stock offerings, etc. 39. (SO 5) Discuss whether any of the following can be examples of customer fraud:
An employee billed a customer twice for the same transaction. This is not an example of customer fraud; rather, the customer is being defrauded in this scenario. This is an example of employee fraud (assuming that the double-billing was intentional and the resulting cash receipts are stolen by employees). A customer remitted payment in the wrong amount. This may be an example of customer fraud, assuming that the payment was made as a deceptive tactic to avoid the full amount of the customer’s liability. A customer received merchandise in error, but failed to return it or notify the sender. Although this scenario involves a customer’s improper receipt of goods, it would not be considered customer fraud since it was the result of an error. Regardless of whether the error was committed by the company or the customer, deception is a required element of fraud. 40. (SO 7) Explain the relationship between computer hacking and industrial espionage. Give a few additional examples of how hacking could cause damage in a business. Computer hacking is the term commonly used for computer network break-ins. Hacking may be undertaken for various purposes, including theft of proprietary information, credit card theft, destruction or alteration of data, or merely thrillseeking. Industrial espionage is the term used for theft of proprietary company information. Although computer hacking provides one method of conducting industrial espionage, a computer is not always required to steal company information. Fraudsters trying to conduct industrial espionage may also resort to digging through the trash in order to gain information about a target company. 41. (SO 9) What are some ways in which a business could promote its code of ethics? The best way for a company to promote its code of ethics is for its top managers to live by it on a day-to-day basis. If the code is well documented and adhered to by
Page 3-6
Chapter 3 Solutions
Fraud, Ethics, and Internal Control
management, others in the organization are likely to recognize its importance. Furthermore, if discipline and/or discharges are applied to those who violate the code, this will serve as a strong message regarding the importance of the code. 42. (SO 10) Describe why the control environment is regarded as the foundation of a business’s system of internal control. The control environment is regarded as the foundation of a system of internal controls because it sets the tone of an organization and influences the control consciousness of its employees. Thus, the tone at the top flows through the whole business organization and affects behavior at every level. It also provides the discipline and structure of all other components of internal control. COSO identifies the tone set by management as the most important factor related to providing accurate and complete financial reports. 43. (SO 10) Think of a job you have held, and consider whether the control environment was risky or conservative. Describe which you chose and why. Student responses will vary. Characteristics of a risky control environment include absence of a code or ethics or lack of enforcement of a code of ethics, aggressive management philosophy and operating style, overlapping duties and vague lines of authority, lack of employee training, and an inactive board of directors. On the other hand, a conservative control environment is characterized by a rigidly enforced code of ethics, a conservative management philosophy and operating style, clearly established job descriptions and lines of authority, a focus on employee training and organizational development, and an accountable and attentive board of directors. 44. (SO 10) Identify the steps involved in risk assessment. Do you think it would be effective for an organization to hire external consultants to develop its risk assessment plan? The steps involved in risk assessment include:
Identify the sources of risk, both internal and external. Determine the impact of such risks in terms of finances and reputation. Estimate the likelihood of such risks occurring. Develop an action plan to reduce the impact and probability of identified risks. Execute the action plan on an ongoing basis.
It would not likely be effective for an organization to hire consultants to develop its risk assessment plan because company-specific experience and expertise are needed in order to do this work effectively. For instance, members of management who are actively involved in day-to-day operations and reporting will likely have the best ability to identify risks, determine the impact of those risks, and estimate the likelihood of occurrence of such risks. Although a consultant may be useful in assisting with the development and implementation of the action plan, the first three steps of the risk assessment process would likely depend upon the working knowledge of members of the company’s management. 45. (SO 10, 11) Discuss the accuracy of the following statements regarding internal control:
Page 3-7
Chapter 3 Solutions
Fraud, Ethics, and Internal Control
The more computerized applications within a company’s accounting system, the lower the risk will be that fraud or errors will occur. It is not necessarily true that extensive computerized application will lower a company’s risk of fraud. This is because computerized systems also increase vulnerabilities such as unauthorized access, business interruptions, and inaccuracies. The technological complexities that accompany sophisticated computer applications call attention to the need for extensive internal controls to reduce the risk of fraud and errors. The more involved top management is in the day-to-day operations of the business, the lower the risk will be that fraud or errors will occur. It is certainly true that the tone at the top (the tone set by top management) is the most important factor of internal control. Accordingly, it can be implied that involved managers would promote strong internal controls. However, although this is often true, it will be true only when top management acts with integrity, exemplifying and enforcing its code of ethics, maintaining a conservative approach to operations and financial reporting, and cultivating clear communications and responsibilities. 46. The main point is that after 20 years of Sarbanes Oxley requirement experience, there are still controversies and debates about section 404 on internal controls within companies. Section 404a requires companies to assess the effectiveness of internal controls over financial reporting in section 404b requires the auditor to issue an attestation report internal control. The first covered by the article is the cost/benefit ratio of section 404. The consensus is that benefits do exceed costs, or will in the future. The second controversy is whether section 404 strengthens internal controls and therefore, reduces the chance of earnings management by a company. Most of the studies indicated that the strengthened internal controls do lead to firms less likely to engage in earnings management.
Problems 47. (SO 10) Identify whether each of the following accounting positions or duties involves authorization, recording, or custody:
cashier - Custody payroll processor - Recording credit manager - Authorization mailroom clerk - Custody data entry clerk - Recording deliver paychecks - Custody deliver the bank deposit - Custody prepare the bank reconciliation - Recording check signer - Authorization inventory warehouse supervisor - Custody
Page 3-8
Chapter 3 Solutions
Fraud, Ethics, and Internal Control
staff accountant - Recording
48. (SO 10) Identify whether each of the following activities represents preventative controls, detective controls, or corrective controls:
job rotation - Detective preparation of a bank reconciliation - Corrective segregation of duties - Preventative recalculating totals on computer reports - Detective use of passwords - Preventative preparing batch totals for check processing - Detective establishing a code of ethics - Preventative use of a security guard - Preventative verifying source documents before recording transactions - Preventative matching supporting documents before paying an invoice - Preventative independent review of accounting reports - Detective performing comparisons of financial statement items - Detective
49. (SO 10) Shown is a list of selected sources of internal control guidelines, given in order of issuance, followed by a list of primary purposes. Match each guideline with its primary purpose. I. Foreign Corrupt Practices Act – b. Prevented bribery and established internal control guidelines. II. COSO – d. Established internal control concepts based on comprehensive study. III. SAS 99 – a. Required auditors to focus on risks and controls and to conduct audits with skepticism. IV. Sarbanes-Oxley Act – c. Curbed fraud by requiring additional internal control reporting within annual reports. V. Trust Services Principles – e. Established essential criteria for evaluating reliability of business systems. a. Required auditors to focus on risks and controls and to conduct audits with skepticism. b. Prevented bribery and established internal control guidelines. c. Curbed fraud by requiring additional internal control reporting within annual reports. d. Established internal control concepts based on comprehensive study. e. Established essential criteria for evaluating reliability of business systems. 50. (SO 1, 3, 10) Using a search engine on the Internet, find articles or descriptions of the collapse of Enron. The collapse began in November 2001, and many articles appeared over the next two to three years. Required: a. Briefly describe the fraud that occurred. Student responses are likely to vary, but should focus on the accounting frauds which attempted to hide the company’s debt and losses. For instance, Enron created special purpose entities (related partnerships) for the purpose of off-balance sheet Page 3-9
Chapter 3 Solutions
Fraud, Ethics, and Internal Control
financing. Other deceptive transactions are known to have taken place for the sole purpose of creating false financial results, such as transactions involving the sale and buy-back of barges near year-end and prepaid commodities deals that were never delivered. b. Discuss what you see as weaknesses in the control environment. It is likely that students will focus on the tone at the top, and conclude that management did not set a good example of the company’s code of ethics. They may also provide evidence of aggressive management practices. 51. (SO 3) Using a search engine on the Internet, search for articles on fraud that occurred in 2000 to 2002 in the following companies: Adelphia Enron Global Crossing WorldCom Xerox Try to locate articles or information about stock prices, how the fraud was conducted. You might wish to look at the following websites: edgar.sec.gov, www.hoovers.com and www.forbes.com Required: a. Find information to help you complete the following table: Students are not likely to find all of this information, but what they do find may help them better understand the massive size and scope of these frauds. Some of the stock prices or loss to investors can be found by web searches. For example, the Xerox stock prices can be found by searching on Xerox, fraud and “stock price”. Position of Brief Those Description of Conducting Fraud Fraud Company Name Off balance sheet financing, inflated CEO, CFO, VP earnings, of Operations improper use of (Rigas family Adelphia company funds members) Off balance CEO (Ken sheet financing Lay), CFO through special (Andrew purpose Fastow), entities, inflated Pres./CEO (Jeff Enron earnings Skilling) Global Crossing Inflated revenue Founder (Gary through networkWinnick), CEO, capacity swaps,CFO, and Pres. misOf Finance
Stock Price when fraud was uncovered
Page 3-10
Stock Price one year Shares Loss to later outstanding Investors
~$750 mil.
$90
$0.70
Chapter 3 Solutions
WorldCom
Xerox
Fraud, Ethics, and Internal Control
management and excessive spending Off-balance sheet credit, inflated earnings through improper capitalization of CFO & Controller operating expenses (possibly CEO) Accelerated revenue recognition on Senior leased assets executives
$60
$0.20
$11.24
$4.30
b. Discuss the common characteristics that you see in each of these examples. Most of these frauds involved misstated financial statements involving inflated earnings and off-balance sheet financing. Most of these frauds were perpetrated by members of top management, including top ranking financial executives. 52. (SO 3) Using a search engine on the Internet, search for information on the following two companies, which were paying bribes in foreign countries: Student responses are likely to vary, but the information below highlights the main facts of these cases. Siemens: a. How it was discovered. The Siemens frauds were discovered after being exposed by a middleman/consultant who helped carry out some of the transactions to pay bribes and kickbacks to government officials in exchange for being awarded contracts in foreign countries. These types of bribery transactions were being carried out for years and in countries all over the globe. It was only a matter of time before investigators began examining the suspicious transactions. b. The end result of the investigation. In 2008, Siemens pleaded guilty to criminal violations of the corrupt practices act, and has paid over $1.6 billion in fines and settlements. In late 2011, civil bribery charges were brought against several former Siemens executives. c. What you think the company might have done to prevent this, or lessen the impact. These frauds involved high-ranking company officials, so internal controls should have been enhanced through practicing tone at the top. All of the funds and bank accounts that were established to carry out these acts should have been under the supervision of top executives. Senior managers at Siemens assumed that they would be supported by top executives, but they found out that they were wrong. After the bribes were discovered, Siemens worked hard to quickly remove many senior managers and reform company policies; however, there should have been controls in place to prevent these actions much sooner; it should have
Page 3-11
Chapter 3 Solutions
Fraud, Ethics, and Internal Control
provided more thorough corporate governance and management oversight. d. What you learned about the Foreign Corrupt Practices Act. The FCPA is enforced by the SEC and seeks to root out companies who engage in corrupt practices. Johnson & Johnson: a. How it was discovered. The J&J frauds were discovered internally and were reported to the SEC. Most of the frauds involved paying bribes to European doctors and hospital administrators in exchange for using J&J medical devices. It also paid kickbacks to Iraq to obtain contracts under the United Nations Oil for Food Program. b. The end result of the investigation. J&J paid over $70 million in civil and criminal fines. Its penalties were reduced because of the level of cooperation the company provided throughout the investigation. c. What you think the company might have done to prevent this, or lessen the impact. Like Siemens, top management should have had better controls in place from the beginning, rather than having to work so hard on damage control and subsequent compliance efforts. In particular, if the cash payments had been more closely monitored, these bribes and kickbacks could have been detected and stopped at a much earlier point in time. d. What you learned about the Foreign Corrupt Practices Act. The FCPA is enforced by the SEC and seeks to root out companies who engage in corrupt practices.
Cases 53.
Fraud at Weston’s city hall. Required: a. Which internal control activity was violated in order for Mr. Kaufmann to perpetrate this fraud? A case could be made for any or all of the internal control activities were violated in this scenario. With regard to authorization, it can be said that Mr. Kaufmann abused his authority by circumventing the established controls in order to carry out these transactions on his own. His interference in the mailroom procedures made it impossible for any segregation of duties to occur. There was apparently inadequate security and documentation for the assets and transactions with which he was involved, and there was no one willing to come forward to review or reconcile these transactions. b. Do you consider this case to be an example of management fraud or employee fraud? Although it involves misappropriation of assets, which is typically an employee fraud, this was conducted by the chief financial officer. Accordingly, it would be considered a management fraud. It is not likely that Mr. Kaufmann would have been able to carry out his fraud if it Page 3-12
Chapter 3 Solutions
Fraud, Ethics, and Internal Control
had not been for his high-ranking position, which apparently prevented anyone from stopping him. c. Was the city’s procedural manual adequate for prescribing internal controls to prevent this type of fraud? Why or why not? Although the case states that written guidelines were in place regarding the mailroom and bank deposit policies, requirements for logging checks received and performing an independent verification of receipts, these guidelines were obviously not followed when Mr. Kaufmann stepped in. Rather than being a problem with the documented policies, this case seems to present a situation marked by circumvention of controls. d. Why do you think no one reported the unusual mailroom practices of Mr. Kaufmann? To whom would such a violation be reported? Since Mr.Kaufmann was the highest ranking financial officer in the organization, employees who suspected misconduct likely believed that there was no one with authority over Mr. Kaufmann to whom the problem could be reported. If management is involved in fraud, it should be brought to the attention of the board of directors. In the case of a municipality, the problem could be reported to the chief administrator, mayor, or the city’s advisory council. e. Do you think a business in Weston could be guilty of customer fraud if it agreed to deliver its payments to Mr. Kaufmann personally rather than send them to the city’s mailing address? A business that agreed to deliver its payments to Mr. Kaufmann personally would not likely be guilty of fraud. Customer fraud requires the intent to deceive, so unless the business had knowledge or was otherwise involved in Mr. Kaufmann’s fraud scheme, it would not be guilty of customer fraud. f. The comments made by the neighbor CFO express which type of limitation of internal control systems discussed in this chapter? The limitation of small staff size typically means that the business organization does not have sufficient resources to accomplish segregation of duties. Accordingly, controls can be easily circumvented. The comment regarding the tight operating budget reflects upon the cost/benefit limitations of internal controls. 54.
Coupon accounting abuse. Required: a. Discuss whether the situation described can happen to a company with a good control environment. This situation would not be likely to happen to a company with a good control environment. In a conservative control environment, management would not place so much emphasis on profitability, would not likely tie compensation to profitability and then give employees responsibility for preparing their own profitability reports, and would have likely provided for other controls (such as supervision and review of Gary’s figures). b. Describe any steps a company could take to prevent such abuse. If the firm was going to compensate brand managers based on profitability of
Page 3-13
Chapter 3 Solutions
Fraud, Ethics, and Internal Control
their brands, then those managers should not have responsibility for preparing their own profitability reports. Rather, an independent accounting function should be in place to account for Gary’s brands. In addition, independent reconciliations should be performed with specific emphasis on risky financial items such as coupon drops. c. List those parties who might be harmed by this situation. The following parties are likely to be harmed as a result of Gary’s fraud: investors and creditors who rely upon the fair presentation of the firm’s financial statements as a basis for business decisions shareholders to whom the firms owes a stewardship obligation, especially as they are deceived with respect to the firm’s current financial status fellow employees in the firm who will begin the next year with an inflated expense for the coupon drop (and whose compensation will be tied to financial performance) fellow employees who share in Gary’s bonus pool, whose bonuses would have been larger had Gary’s figures been accurate d. Do you consider this example to be management fraud or employee fraud? Describe how it fits the definition of your choice. This case describes management fraud, as it involves misstatement of financial records, which is typically perpetrated by managers who are attempting to realize benefits (such as increased compensation). 55.
Ethical dilemma involving a CEO. Required: a. Discuss whether Mr. Bell’s violation of corporate ethics policy affects or reflects the control environment of the company. Yes, Mr. Bell’s actions affect the control environment of Missouri Motor Company. As its CEO, Mr. Bell has primary responsibility for setting the tone at the top and living by the code of ethics. If others in the organization are aware of this violation, it sends the message that the code of ethics is not important. This is likely to lead to other problems, including fraud. b. Since the violation is personal in nature, should Mr. Bell have been forced to resign? Since the code of ethics specifically prohibits personal relationships between managers and members of their management chain, then Mr. Bell should be held accountable for his actions. Even though it could be argued that the relationship did not affect his ability to perform his job effectively, the company must have thought otherwise when it established its code of ethics. c. Should Mountain State have hired him to teach business strategy courses? Student responses are likely to vary and may provide the basis for an interesting class discussion. Some students may agree that someone who violated a company ethics policy should not be teaching students about the proper management of organizations. Others may agree that faculty members are not questioned about their personal lives and that Mr. Bell’s wealth of experience is beneficial to students.
Page 3-14
Chapter 3 Solutions
56.
Fraud, Ethics, and Internal Control
Ethical dilemma involving mail order fraud. Required: a. Discuss which type of fraud is involved in this case, from the perspective of the mail order company. This case presents an example of customer fraud, as Lynn deceived the mail order company. She obtained property and lied about it in order to avoid the corresponding liability. b. Which of the AICPA Trust Services Principles most closely related to this situation? Processing integrity is the Trust Services Principle that most closely relates to this situation. Since Lynn provided false information and the company had no way to substantiate it, inaccurate information was processed and became part of the financial records of the company. c. Describe a preventative control that could be performed by the carrier to avoid the possible recurrence of this type of fraud. If the carrier had documented the address where the package was dropped off or obtained a signature from Lynn’s neighbor at the time of delivery, the deception would have been prevented. This would have provided documentation of the delivery, which could have been investigated.
57.
Ethical dilemma involving charitable fundraiser. Required: a. Do you think Cody’s actions were justified? What would you have advised him to do in this situation? No, Cody’s actions were not justified because he did not use the donated funds for their intended purpose. Since Cody represented to the donors that the monies were to be used for a charitable purpose, he had an ethical obligation to fulfill that commitment. Even though he invested more time than he planned, he knew that his efforts were not to be compensated. This is a variation of an employee fraud. As a representative of a charitable cause, he carried out a cash receipts theft for his personal gain. b. What internal control activities could the fraternity have implemented in order to prevent Cody’s actions? The fraternity should have required its treasurer to handle the cash receipts related to this fundraising campaign. This would separate the custody of the cash receipts from the recordkeeping that Cody was conducting. c. Can you think of a detective control that could uncover the omission of the $200 check? A review of all receipts – or in this case, acknowledgement letters – could be performed and reconciled to the cash contributions records. Unless Cody concealed the letter written to the donor of the $200 that he stole, such a reconciliation procedure would uncover the difference.
Page 3-15
Chapter 4 Solutions
Internal Controls and Risks in IT Systems
Turner/Accounting Information Systems, 5e Solutions Manual Chapter 4
Concept Check 1. d 2. b 3. c 4. a 5. a 6. a 7. b 8. d 9. c 10. d 11. a 12. b 13. b
Discussion Questions 14. (SO 1) What is the difference between general controls and application controls? General controls are internal controls that apply overall to the IT accounting systems; they are not restricted to any particular accounting application. Application controls apply within accounting applications to control inputs, processing, and outputs. They are intended to ensure that inputs and processing are accurate and complete and that outputs are properly distributed, controlled, and disposed. 15. (SO 1) Is it necessary to have both general controls and application controls to have a strong system of internal controls? Yes, it is necessary to have both types of controls in a strong system of internal controls. Since they cover different aspects of the IT accounting systems and serve different purposes, both are important and necessary. An IT system would not have good internal control if it lacked either general or application controls. 16. (SO 2) What kinds of risks or problems can occur if an organization does not authenticate users of its IT systems? If an organization does not authenticate users of its IT systems, a security breach may occur in which an unauthorized user may be able to gain access to the computer system. If hackers or other unauthorized users
Page 4-1
Chapter 4 Solutions
Internal Controls and Risks in IT Systems
gain access to information to which they are not entitled, the organization may suffer losses due to exposure of confidential information. Unauthorized users may gain access to the system for the purpose of browsing, altering, or stealing company data. They could also record unauthorized transactions, shut down systems, alter programs, sabotage systems, or repudiate existing transactions. 17. (SO 2) Explain the general controls that can be used to authenticate users. In order to authenticate users, organizations must limit system log-ins exclusively to authorized users. This can be accomplished by requiring login procedures, including user IDs and passwords. Stronger systems use biometric identification or security tokens to authenticate users. In addition, once a user is logged in, the system should have established access levels and authority tables for each user. These determine which parts of the IT system each user can access. The IT system should also maintain a computer log to monitor log-ins and follow up on unusual patterns. 18. (SO 2) What is two-factor authentication with regard to smart cards or security tokens? Two-factor authentication limits system log-ins to authorized users by requiring them to have possession of a security device such as a smart card or token, and also have knowledge of a user ID and/or password. Both are needed to gain access to the system. 19. (SO 2) Why should an organization be concerned about repudiation of sales transactions by the customer? Repudiation is the attempt to claim that the customer was not part of a sales transaction that has taken place. Organizations may suffer losses if customers repudiate sales transactions. If companies do not have adequate controls to prevent repudiation, they may not be able to collect amounts due from customers. However, organizations may reduce the risk of such losses if they require log-in of customers and if they maintain computer logs to establish undeniably which users take particular actions. This can provide proof of online transactions. 20. (SO 2) A firewall should inspect incoming and outgoing data to limit the passage of unauthorized data flow. Is it possible for a firewall to restrict too much data flow? Yes, it is possible for a firewall to restrict legitimate data flow as well as unauthorized data flow. This may occur if the firewall establishes limits on data flow that are too restrictive. In order to prevent blocking legitimate network traffic, the firewall must examine data flow and attempt to determine which data is authorized or unauthorized. The packets of information that pass through the firewall must have a proper ID to allow it to pass through the firewall. 21. (SO 2) How does encryption assist in limiting unauthorized access to data? Encryption is the process of converting data into secret codes referred to as cipher text. Encrypted data can only be decoded by those who possess the encryption key or password. It therefore renders the data useless to any unauthorized user who does not possess the encryption key. Encryption alone does not prevent access to data, but it does prevent an unauthorized user from reading or using the data.
Page 4-2
Chapter 4 Solutions
Internal Controls and Risks in IT Systems
22. (SO 2) What kinds of risk exist in wireless networks that can be limited by WEP, WPA, and proper use of SSID? WPA, and SSIDs can limit the risk of unauthorized access to wireless networks, which transmit network data as high frequency radio signals through the air. Since anyone within range of these radio signals can receive the data, protecting data is extremely important within a wireless network. This can be accomplished through encryption and user authentication via wireless protected access (WPA), and through password protection of the network sending and receiving nodes via service set identifiers (SSIDs). 23. (SO 2) Describe some recent news stories you have seen or heard regarding computer viruses. Student responses will vary greatly depending upon the date this is discussed, but should describe situations of computer malfunctions caused by network break-ins where damaging actions were upon an organization’s programs and data. 24. (SO 2) What is the difference between business continuity planning and disaster recovery planning? How are these two concepts related? Business continuity planning is a proactive program for considering risks to the continuation of business and developing plans and procedures to reduce those risks so that continuation of the IT system is always possible. On the other hand, disaster recovery planning is a reactive program for restoring business operations, including IT operations, to normal after a catastrophe occurs. These two concepts are related in that they are both focused on maintaining IT operations at all times in order to minimize business disruptions. 25. (SO 2) How can a redundant array of independent disks (RAID) help protect the data of an organization? RAID accomplishes redundant data storage by setting up two or more disks as exact mirror images. This provides an automatic backup of all data. If one disk drive fails, the other (maintained on another disk drive) can serve in its place. 26. (SO 2) What kinds of duties should be segregated in IT systems? In an IT system, the duties to be segregated are those of systems analysts who analyze and design the systems, programmers who write the software, operators who process data, and database administrators who maintain and control the database. No single person should develop computer programs and also have access to data. 27. (SO 2) Why do you think the uppermost managers should serve on the IT governance committee? An IT governance committee should be comprised of top management in order to ensure that appropriate priority is assigned to the function of governing the overall development and operation of the organization’s IT systems. Since the committee’s functions include aligning the IT systems to business strategy and to budget funds and personnel for the effective use of IT systems, it is important that high-ranking company officials be aware of these priorities and involved in their
Page 4-3
Chapter 4 Solutions
Internal Controls and Risks in IT Systems
development. Only top management has the power to undertake these responsibilities. 28. (SO 3,4) Why should accountants be concerned about risks inherent in a complex software system such as the operating system? Accountants need to be concerned about the risks inherent in the organization’s software systems because all other software runs on top of the operating system. These systems may have exposure areas that contain entry points for potential unauthorized access to software and/or data. These entry points must be controlled by the proper combination of general controls and application controls. 29. (SO 4) Why is it true that increasing the number of LANs or wireless networks within an organization increases risks? Increasing the number of LANs or wireless networks within an organization increases exposure areas, or entry points through which a user can gain access to the network. Each LAN or wireless access point is another potential entry point for an unauthorized user. The more entry points, the more security risk the organization faces. 30. (SO 4) What kinds of risks are inherent when an organization stores its data in a database and database management system? Since a database management system involves multiple use groups accessing and sharing a database, there are multiple risks of unauthorized access. Anyone who gains access to the database may be able to retrieve data that they should not have. This multiples the number of people who potentially have access to the data. In addition, availability, processing integrity, and business continuity risks are also important due to the fact that so many different users rely on the system. Proper internal controls can help to reduce these inherent risks. 31. (SO 4) How do telecommuting workers pose IT system risks? The network equipment and cabling that enables telecommuting can be an entry point for hackers or other break-ins, and the teleworker’s computer is another potential access point that is not under the company’s direct control. Therefore, it is difficult for the company to monitor whether telecommuters’ computers is properly protected from viruses and other threats. These entry points pose security, confidentiality, availability, and processing integrity risks. 32. (SO 4) What kinds of risks are inherent when an organization begins conducting business over the Internet? The Internet connection required to conduct web-based business can expose the company network to unauthorized use. The sheer volume of users of the World Wide Web dramatically increases the potential number of unauthorized users who may attempt to access an organization’s network of computers. An unauthorized user can compromise security and confidentiality, and affect availability and processing integrity by altering data or software or by inserting virus or worm programs. In addition, the existence of e-commerce in an organization poses online privacy risks.
Page 4-4
Chapter 4 Solutions
Internal Controls and Risks in IT Systems
33. (SO4) How does the use of public cloud computing reduce costs? Since cloud computing is usually a pay-for-service model, it means that companies need to pay only for the level of service needed. There is no need to maintain (and incur the costs associated with) a large IT system to accommodate peak demand periods. In addition, cloud computing allows a company to reduce its investment in IT hardware and personnel. 34. (SO4) Why is a private cloud less risky than a public cloud? A private cloud is developed, owned, maintained, and used by the user company; therefore, the company controls the security, availability, processing integrity, and confidentiality of its data. Accordingly, there is significantly less risk of losing data and applications. 35. (SO 4) Why is it true that the use of EDI means that trading partners may need to grant access to each other’s files? EDI involves transferring electronic business documents between companies. Because EDI involves the use of a network or the Internet, risks of unauthorized access are prevalent. In order to authenticate trading partner users to accomplish the transfer of business documents, other company data files may be at risk of unauthorized use. 36. (SO 5) Why is it critical that source documents be easy to use and complete? Source documents should be easy to use and complete in order minimize the potential for errors, incomplete data, or unauthorized transactions are entered from those source documents into the company’s IT systems. Since source documents represent the method of collecting data in a transaction, they need to be easy to use in order to reduce the risk of incorrect or missing data in the accounting system. 37. (SO 5) Explain some examples of input validation checks that you have noticed when filling out forms on websites you have visited. Student responses are likely to vary, but may include field checks, validity checks, limit checks, range checks, reasonableness checks, completeness checks, or sign checks. Although sequence checks and self-checking digits are additional input validation checks, they are not likely to be cited because they are applicable to transactions processed in batches, which is not likely to apply to students’ web transactions. 38. (SO 5) How can control totals serve as input, processing, and output controls? Control totals can be used as input controls when they are applied as record counts, batch totals, or hash totals to verify the accuracy and completeness of data that is being entered into the IT system. These same control totals can be used as processing controls when they are reconciled during stages of processing to verify the accuracy and completeness of processing. Finally, to ensure accuracy and completeness, the output from an IT system can be reconciled to control totals, thus serving as an output control. Therefore, totals at any stage can be compared against the initial control total to help ensure the accuracy of input, processing, or output. 39. (SO 5) What dangers exist related to computer output such as reports? Output reports contain data that should not fall into the wrong hands, as the information
Page 4-5
Chapter 4 Solutions
Internal Controls and Risks in IT Systems
contained in reports is often confidential or proprietary and could help someone commit fraud. Therefore, the risk of unauthorized access must be controlled through strict policies and procedures regarding report distribution, retention, and disposal.
Brief Exercises 40. (SO 2,5) Categorize each of the following as either a general control or an application control: a. validity check – application control (input) b. encryption – general control c. security token – general control d. batch total – application control (input, processing, and output) e. output distribution – application control (output) f. vulnerability assessment – general control g. firewall – general control h. antivirus software – general control 41. (SO 5) Each of the given situations is independent of the other. For each, list the programmed input validation check that would prevent or detect the error. a. The zip code field was left blank on an input screen requesting a mailing address. – Completeness check b. A state abbreviation of “NX” was entered in the state field. – Validity check c. A number was accidentally entered in the last name field. – Field check d. For a weekly payroll, the hours entry in the “hours worked field was 400. – Limit check or range check e. A pay rate of $50.00 per hour was entered for a new employee. The job code indicates an entry-level receptionist. – Reasonableness check 42. (SO 3) For each AICPA Trust Services Criteria category shown, list a potential risk and a corresponding control that would lessen the risk. An example is provided. In a similar manner, list a risk and control in each of the following categories: a. Security. Risk: an unauthorized user could record an invalid transaction. Control: security token to limit unauthorized users. b. Availability. Risk: An unauthorized user may shut down a program. Control: intrusion detection to find instances of unauthorized users. c. Processing Integrity. Risk: environmental problems such as temperature can cause glitches in the system. Control: temperature and humidity controls. d. Confidentiality. Risk: an unauthorized user could browse data. Control: encryption.
Page 4-6
Chapter 4 Solutions
Internal Controls and Risks in IT Systems
43. (SO 4) For each of the following parts of an IT system of a company, write a onesentence description of how unauthorized users could use this as an “entry point”: a. A local area network (LAN). Each workstation or the network wiring on the LAN are access points where someone could tap into the system. b. A wireless network. The wireless signals broadcast into the air could be intercepted to gain access to the system. c. A telecommuting worker. The telecommuter’s computer may be infected with a virus that allows a perpetrator to see the login ID and password. d. A company website to sell products. A hacker may try to break through the web server firewall to gain access to company data. 44. (SO 5) Explain the risk categories for cloud computing and how these risks may differ from a company that maintains its own IT hardware, software, and data. Security – All processing, storing, and reading data occur over the Internet under a cloud computing model; therefore, the third party provider must maintain good security controls. For a company that maintains its own data, it is responsible for its own security. Availability – In a cloud computing model, any service interruptions are under the control of a third party provider; whereas, a company that maintains its own data would need to implement its own backups, business continuity, and disaster recovery plans. Processing Integrity – All control of software installation, testing, and upgrading is transferred to the third-party provider of cloud computing services; whereas, a company that maintains its own data is responsible for the accuracy and completeness of its own processing. Confidentiality – Under cloud computing, the control of maintaining confidentiality is transferred to the third-party provider rather than resting in the hands of the user company. 45. (SO 5) Application controls include input, processing, and output controls. One type of input control is source document controls. Briefly explain the importance of each of the following source document controls: a. Form design. A well-designed form will reduce the chance of erroneous or incomplete data. It could also increase the speed at which the form is completed. b. Form authorization and control. Forms should have a signature line to indicate that the underlying transaction was approved by the correct person. Blank documents should be properly controlled to limit access to them. c. Retention of source documents. Source documents should be maintained as part of the audit trail. They also serve as a way to look up data when queries are raised.
Page 4-7
Chapter 4 Solutions
Internal Controls and Risks in IT Systems
46. (SO 5) Explain how control totals such as record counts, batch totals, and hash totals serve as input controls, processing controls, and output controls. Control totals serve as expected results after input, processing, or output has occurred. At each stage, the current totals can be compared against the initial control total to help ensure the accuracy of input, processing, or output. 47. (SO 6) Briefly explain a situation at your home, university, or job in which you think somebody used computers unethically. Be sure to include an explanation of why you think it was unethical. Student responses will vary significantly. Some possibilities include copyrighted music or video downloading from an unauthorized source, viewing pornography on computers at work, shopping or other browsing while at work, using a work computer to store personal files or process personal work, using company e-mail systems for personal e-mail (some companies may not consider this as problematic as other potential unethical acts).
Problems 48. (SO 1, 2) Explain why an organization should establish and enforce policies for its IT systems in the following areas regarding the use of passwords for log-in: a. Length of password. Passwords should be at least eight characters in length. This would make it difficult for a hacker to guess the password in order to gain unauthorized access to the system. b. The use of numbers or symbols in passwords. Passwords should contain a mix of alphanumeric digits as well as other symbols. There may also be a mix of case sensitive letters. This would make it difficult for a hacker to guess the password. c. Using common words or names as passwords. Names, initials, and other common names should be avoided as passwords, as they tend to be easy to guess. d. Rotation of passwords. Passwords should be changed periodically, approximately every 90 days. This will limit the access of a hacker who has gained unauthorized access. e. Writing passwords on paper or sticky notes. Passwords should be committed to the user’s memory and should not be written down. If they are documented, this increases the likelihood that an unauthorized user may find the password and use it to gain access to the system. 49. (SO 2) The use of smart cards or tokens is called two-factor authentication. Answer the following questions, assuming that the company you work for uses smart cards or tokens for two-factor authentication. Required:
Page 4-8
Chapter 4 Solutions
Internal Controls and Risks in IT Systems
a. What do you think the advantages and disadvantages would be for you as a user? As a user, the advantages of two-factor authentication would be the security of the information in the system that I am using. I would know that it would be difficult for an unauthorized user to alter a system that uses two-factor authentication, so I have more confidence in the data within such a system. In addition, it is relatively easy to remember a password and to transport a smart card or security token. On the other hand, I might consider the use of two-factor authentication to be a disadvantage because it places more responsibility on me, the user. For instance, in order to access the system, I have to remember my password and maintain control of a security device. It might be considered an inconvenience to a user to maintain a smart card or security token and remember to keep it accessible at all times that I may need to access the system. It might also be susceptible to loss, similar to a set of keys. b. What do you think the advantages and disadvantages would be for the company? From the company’s perspective, the advantage of two-factor authentication is the strength of the extra level of security. The company has additional protection against unauthorized access, which makes it difficult for a hacker to access the system. The disadvantage is the cost of the additional authentication tools that comprise the dual layer of security. 50. (SO 4) Many IT professionals feel that wireless networks pose the highest risks in a company’s network system. Required: a. Why do you think this is true? Wireless networks pose the highest risks in a company’s network computer system because the network signals are transported through the air (rather than over cables). Therefore, anyone who can receive radio signals could potential intercept the company’s information and gain access to its network. This exposure is considered greater than in traditional WANs and LANs. b. Which general controls can help reduce these risks? A company can avoid its exposure to unauthorized wireless network traffic by implementing proper controls, such as wired equivalency privacy (WEP) ore wireless protected access (WPA), station set identifiers (SSIDs), and encrypted data. 51. (SO 5) Control totals include batch totals, hash totals, and record counts. Which of these totals would be useful in preventing or detecting IT system input and processing errors or fraud described as follows? a. A payroll clerk accidentally entered the same time card twice. Any of the three control totals could be used: A batch total could detect that too many hours were entered; A hash total could detect that an employee number summation was overstated; A record count could detect that too many time cards were entered.
Page 4-9
Chapter 4 Solutions
Internal Controls and Risks in IT Systems
b. The accounts payable department overlooked an invoice and did not enter it into the system because it was stuck to another invoice. Any of the three control totals could be used: A batch total could detect the missing amount; A hash total could detect that the vendor number summation was misstated; A record count could detect that too few invoices were entered. c. A systems analyst was conducting payroll fraud by electronically adding to his “hours worked” field during the payroll computer run. A batch total could detect this fraud by revealing that the hours worked on the inputs did not agree with the hours worked on the output reports. d. To create a fictitious employee, a payroll clerk removed a time card for a recently terminated employee and inserted a new time card with the same hours worked. A record count could detect this fraud only if there was a control in place to compare the number of records processed with the number of active employees and the number of active employees had been updated to reflect a reduction for the recently terminated employee. 52. (SO 5) Explain how each of the following input validation checks can prevent or detect errors: a. A field check examines a field to determine whether the appropriate type of data was entered. This will detect mistakes in input, such as erroneous input of numeric information in an alpha field. b. A validity check examines a field to ensure that the data entry in the field is valid compared with a preexisting list of acceptable values. This will detect mistakes in input, such as nonsense entries caused by the input personnel striking the wrong key. c. A limit check verifies field inputs by making sure that they do not exceed a pre-established limit. This prevents gross overstatements of the data beyond the acceptable limit. d. A range check verifies field inputs by making sure that they fall within a pre-established range limit. This prevents gross overstatements and understatements of the data beyond the acceptable limits. e. A reasonableness check compares the value in a field with similar, related fields to determine whether the value seems reasonable. This can detect possible errors by identifying “outliers”. f. A completeness check assesses the critical fields in an input screen to make sure that an entry has been input in those fields. This detects possible omissions of critical information. g. A sign check examines a field to determine that it has the appropriate positive or negative sign. This can prevent misstatements caused by misinterpretation of information. h. A sequence check ensures that a batch of transactions is sorted and processed in sequential order. This ensures that a batch will be in the same order as the master file. This may prevent errors in the master file by ensuring that the sequence is appropriate to facilitate an accurate update of the master file.
Page 4-10
Chapter 4 Solutions i.
Internal Controls and Risks in IT Systems
A self-checking digit is an extra digit added to a coded identification number, determined by a mathematical algorithm. This detects potential errors in input data.
53. (SO 2) The IT governance committee should comprise top level managers. Describe why you think that is important. What problems are likely to arise with regard to IT systems if the top level managers are not involved in IT governance committees? It is important for an IT governance committee to be comprised of members of top management so it can appropriately align IT investments with the company’s overall business strategies. If top level managers were not involved in this committee, it is likely that IT changes could be approved which do not enhance the company’s overall goals and strategies. In addition, it is possible that IT changes could be discussed and developed without receiving proper approval or funding. 54. (SO 2) Using the Internet or other research tool, look up the term “penetration testing.” Describe the software tools you find that are intended to achieve penetration testing. Describe the types of systems that penetration testing is conducted upon. Software tools that perform penetration tests must be able to replicate a successful unauthorized access attempt or recreate an attack on a company’s security, but it must be able to do so without altering of damaging the systems upon which these tests are conducted. This will reveal weaknesses in the system so that the company can implement controls to strengthen the security of its system. Penetration testing is typically conducted upon network systems. 55. (SO 2) Visit the following link on the AICPA website: https://www.aicpa.org/content/dam/aicpa/interestareas/frc/assuranceadvisoryservice s/downloadabledocuments/trust-services-criteria.pdf. Read the section "Notice to Readers" and the section titled "Background". Both sections are on page 1. After reading those sections, summarize the purposes of the Trust Services Criteria. The purposes of the Trust Services Criteria are to provide for audit (attestation) and consulting services of IT systems. The Trust Services Criteria are the guidelines to use when evaluating and reporting on the controls of security, availability, processing integrity, confidentiality, and privacy within IT systems. The guidelines can be applied to an entire organization, or within a subdivision or unit of the organization. 56. (SO 5) Go to any website that sells goods. Examples would be BestBuy, Staples, and J.Crew. Pretend that you wish to place an order on the site you choose and complete the order screens for your pretend order. Do not finalize the order; otherwise, you will have to pay for the goods. As you complete the order screens, attempt to enter incorrect data for fields or blanks that you complete. Describe the programmed input validation checks that you find that prevent or detect the incorrect data input. Student’s responses are likely to vary significantly, as different Web sites have different input validation checks. However, most Web sites have a warning message that will appear if invalid information is entered. (For instance, the message “The billing city, state, zip code, and country entered do not match up. Please revise your selections below” was encountered on jcrew.com when bogus
Page 4-11
Chapter 4 Solutions
Internal Controls and Risks in IT Systems
city and zip code information was entered.) The warning message will typically prevent the user from proceeding to the next step in the transaction until the error is corrected. 57. (SO4) Using the Internet or other research tool, search “cloud computing” and create a list of at least five companies that provide cloud computing services. List the names of the companies and a brief description of the cloud computing services provided by each company. Student’s responses are likely to vary significantly but are likely to include companies such as
Microsoft Azure Cloud Dell Cloud Computing Services Google Apps, Microsoft Office 365, Amazon EC2, Google Cloud Computing, Hewlett Packard Enterprise,
Cases 58. Authentication and hacking controls at an environmental consulting company. Required: a. From the list of general controls shown in Exhibit 4-5, list each authentication and hacking control that you think the GreenAdvice Company should have in place. Any of the Authentication controls could be used, including user IDs, passwords, security tokens or smart cards, biometric devices, login procedures, access levels, computer logs, and authority tables. In addition, any of the hacking controls could be used, including a firewall, security policies, security breach resolution, secure socket layers, a virtual private network, wired equivalency privacy, service set identifiers, antivirus software, vulnerability assessments, penetration testing, and intrusion detection. Encryption is also likely to be necessary in order to protect the confidential data of the companies throughout the US that GreenAdvice serves. b. Explain how each control that you list can prevent IT related risks for GreenAdvice. Login procedures, including passwords, security tokens or smart cards, and biometric devices, are needed to limit access to the system to authorized users. Login procedures should always include passwords, and may be strengthened to include two-factor authentication by requiring a security token or smart card in addition to the password. In addition, the company’s system policies should be documented and administered consistently, including authority tables and establishment of appropriate access levels and securities breach resolutions, and the maintenance of computer logs. This will provide for limiting access to Page 4-12
Chapter 4 Solutions
Internal Controls and Risks in IT Systems
authorized employees, monitoring and resolving problems, and recording access times so as to establish accountability. Regarding hacking controls, firewalls are needed to block unauthorized external network traffic. Encryption will convert the data into cipher text, or secret codes that will be deemed useless to any hacker who intercepts it. SSL can be built into the Web server to encrypt data transferred on the Web site. A VPN is needed for authentication and encryption of Internet traffic, which is important for the GreenAdvice consultants working offsite who need to access the company’s database. For the wireless network, WEP would also be useful for encrypting the data and unique SSIDs would require passwords between the network’s sending and receiving nodes. Antivirus software is needed to scan the system for viruses or worms and delete them before they infect the data or system. Finally, vulnerability assessments, penetration testing, and intrusion detection testing could each be used to locate weaknesses in the company’s systems so that they can be controlled to prevent unauthorized access. c. Are there any general controls that you think would not be cost-beneficial? Biometric devices, such as fingerprint or retina scans or voice recognition software is probably not cost beneficial in the case of GreenAdvice, as other forms of two-factor authentication could be used just as effectively at a lower cost. 59. Consideration of Internet EDI in a plastics manufacturing company. Required: a. Describe the extra IT system risks that Jeckovich, Inc. should consider as it evaluates whether to buy or develop an Internet EDI system. As Jeckovich converts to an Internet EDI system, it will become susceptible to a wide range of risks concerning the security, availability, processing integrity, and confidentiality of its system. As new business partners may be granted access to Jeckovich’s systems, the potential exists for those users to browse, alter, destroy, or steal data or programs, make unauthorized transactions, or otherwise sabotage the systems in order to make them inoperable or unavailable. These risks are increased if the company does not implement controls to detect and prevent them. b. Describe the IT internal controls that should be incorporated into an Internet EDI system. In a well-controlled Internet EDI system, the external users should be required to log with a user ID and password. Security tokens, smart cards, or biometric devices may also be used. Authority tables should limit the access level of the user and computer logs should monitor the activity of the user. A firewall should be installed to limit access to recognized external users, and data should be encrypted to ensure that its privacy is protected. The standard form of encryption used to protect Internet exchange of data is SSL. 60. Fraud at PT&T. Required: List and describe internal controls from this chapter that may helped prevent or detect Jerry Schneider’s fraud. Keep in mind that this case occurred before there was an Internet and large company computer networks.
Page 4-13
Chapter 4 Solutions
Internal Controls and Risks in IT Systems
PT&T’s authority tables should have limited Schneider’s computer access levels to selected vendor information. He should not have been able to access the entire files and program code for the company’s inventories and ordering systems. In addition, he should not have had the authority to alter programming in order to erase evidence of his activities. If access had been properly limited, the company’s computer logs would have been able to detect the types of activities that Schneider had performed while accessing PT&T’s systems. Finally, a simple physical control should have prevented the issuance of keys to suppliers.
Page 4-14
Chapter 5 Solutions
IT Governance
Turner/Accounting Information Systems, 5e Solutions Manual Chapter 5
Concept Check 1. b 2. b 3. c 4. a 5. d 6. a 7. b 8. d 9. d 10. a 11. c 12. d
Discussion Questions 13. (SO 3) At the beginning of the chapter, the real world example of Allstate’s IT expenditure is mentioned. Prior to the implementation of their IT governance committee, "whoever spoke the loudest or whoever had the biggest checkbook," got to select IT projects. What do you think the problems were with this kind of approach? There would be no long-term strategy in how they spent money on IT projects. Therefore, it would be less likely that the company is buying and using the type of IT systems that support what the company wished to accomplish in the long-term. 14. (SO 1) Why is it important that IT systems be aligned with the business strategy? IT systems are critical systems that support and enhance business processes and business strategy. If the IT systems do not support the business strategy, the company will find it much more difficult to achieve the long-term goals.
Page 5-1
Chapter 5 Solutions
IT Governance
15. (SO 1) Why would IT governance include measuring the performance of IT Systems? IT governance is the proper management of IT. Without monitoring the performance of IT, there is no feedback to determine whether it is meeting the needs of the company, and meeting the objectives it was intended to achieve. 16. (SO 3) What is the difference between technical feasibility and operational feasibility? Technical feasibility examines whether technology exists to accomplish the objectives in a proposed IT system. Operational feasibility is an examination of whether the organization could operate the proposed IT systems, given the limitations of the personnel and resources within the company. 17. (SO 3) How does the analysis of feasibilities in the systems planning phase help to prioritize system changes? A feasibility analysis may eliminate some proposed IT systems as not feasible. Of those remaining under consideration, the feasibility analysis helps determine which proposed IT systems are most feasible. Thus, those that are more feasible would have a higher priority and those that are less feasible have a lower priority. 18. (SO 4) What is the advantage of studying the current system within the systems analysis phase? It is easier to determine how to improve the efficiency and effectiveness of a system if that system is well understood. A study of the current system helps determine which areas need improvement. 19. (SO 4) During the systems analysis phase, which two data collection methods help determine user requirements? Interviews and questionnaires both solicit information or opinions from users. These methods allow users to have input in determining system requirements. 20. (SO 5) What are the advantages of purchased software when compared with software developed in-house? Purchased software is usually less costly, more reliable, and has a shorter implementation time. 21. (SO 5) Why might it be important follow some or all of the SDLC phases for purchased software? Even when software is purchased, it often must be modified or customized. The SDLC phases help organize and manage those steps to modify or customize the software. 22. (SO 5) How is conceptual design different from detailed design? The detailed design is much later in the process and creates the entire set of specifications necessary to build and implement the system. The conceptual design is earlier and is much more general in nature. It establishes alternative conceptual designs.
Page 5-2
Chapter 5 Solutions
IT Governance
23. (SO 5)Within the system design phase, what are the purposes of evaluation and selection? The purpose is to assess the feasibility of each alternative conceptual design and to select the alternative design that best fits the organization’s needs. 24. (SO 5) Which part of the system design phase would include designing rows and columns of output reports? Why is it important to design reports? The detailed design part of system design includes creating the details of output reports. Output reports include the information that users need to accomplish their jobs and without properly designed outputs, they cannot efficiently do these jobs. 25. (SO 6) What is the purpose of software testing? The purpose is to uncover problems in the system that would lead to erroneous accounting data. 26. (SO 6) How are accountants involved in data conversion? Accountants should do two things in data conversion. The first is to oversee the data conversion to make sure all data are completely and accurately converted. Accountants should also reconcile the converted data with the old data to insure it was accurately converted. They would compare control totals of the old and converted data to accomplish the reconciliation. 27. (SO 6) Why is a direct cutover conversion risky? It is risky because the old system is no longer in operation, and therefore, the old system cannot be used as a backup system in the event of errors or problems with the new system. 28. (SO 6) Why is parallel conversion costly? It consumes more time and money because it requires running two systems at the same time. 29. (SO 6) Why is user acceptance important? The project team is more likely to solicit and use feedback from users if they know that users must sign off on the new system. In other words, the project team cannot say their job is finished until the user sign off occurs. 30. (SO 6) Why is post-implementation review undertaken? It is undertaken to help those involved in the SDLC to learn from any mistakes they made during the process. 31. (SO 8) How does the SDLC serve as an internal control? It is an internal control in the sense that it helps ensure that IT systems meet organizational needs and that the development and implementation of new IT systems is properly controlled. 32. (SO 9) What ethical obligations do employees have as IT systems are revised? Employees should make an honest effort to participate as requested in the SDLC, learn new system processes that result, and properly use the new systems and processes.
Page 5-3
Chapter 5 Solutions
IT Governance
Brief Exercises 33. (SO 1) Describe the role that the Board of Directors should play in IT governance. The board must oversee all aspects of IT within the organization. They must articulate and communicate the direction for IT, stay aware of development, investments, and costs in IT. They should receive and review reports on major IT projects and regular performance reports, and ensure that there are suitable resources and infrastructure available. 34. (SO 3, 5) Two feasibility studies occur during the SDLC: one during systems planning, and one during systems design. Describe the differences between these two feasibility studies. In the systems design phase, the feasibility study is more detailed and the scope is different. At this part of the system design phase, the alternative system conceptual designs have been narrowed to one alternative. Thus, the feasibility study focuses on the details of that one design. The estimates of the technology needed, the operational requirements, the costs, and the implementation schedule can be more precise. In the systems planning phase, the purpose is to assess the feasibility of several alternative conceptual designs and to narrow the alternative conceptual designs. 35. (SO 4) There are four methods of data collection used in the study of the current system: observation, documentation review, interviews, and questionnaires. Compare and contrast these four methods. In observation and documentation review, the project team views strengths and weaknesses of the system from their own perspective and they are not asking for user feedback. Interviews and questionnaires are methods to ask for user input. Interviews are faceto-face and verbal in the collection of user feedback. Questionnaires can be anonymous and written. Both interviews and questionnaires can be structured or unstructured. 36. (SO 4) Describe the purpose of Business Process Reengineering during the System Design phase. During the system design phase, the changes inherent in a new IT system may require changes in the underlying business processes. BPR is as radical rethinking and redesign of a business process to take advantage of the speed and
Page 5-4
Chapter 5 Solutions
IT Governance
efficiency of computers. BPR allows the company to make sure they are leveraging the capabilities of IT to improve the efficiency of the business processes. 37. (SO 6) There are four methods of system conversion: parallel, direct cutover, pilot, and phase-in. Describe these four methods and how they differ. A parallel conversion is the operation of both the old system and the new system for a limited period of time. A direct cutover occurs when the new system begins as of a certain date and the old system is discontinued on that same date. In a pilot conversion, the new system is implemented in a subunit or subunits within the organization. The old system would continue in other parts of the organization. In a phase-in conversion, the new system is introduced in modules, rather than the entire system at once. In comparing the four methods, the direct cutover is the most risky and the parallel is least risky. The pilot and phase-in approaches may take a longer total time to achieve a conversion to the entire new system across the organization. 38. (SO 7) Operation and maintenance is the longest and costliest part of the SDLC. Explain why this is true. When a company has completed the SDLC and implemented a new system, the intent is to operate it for a few years to capture the benefits of the new system. Therefore maintaining and operating the system may last for several years and therefore, be the most costly part also. 39. (SO 7) Describe how IT performance reports are important in IT governance. Regular monitoring of IT systems is necessary to ensure that the systems are meeting their objectives and performing as expected. If management never received performance reports, it would be difficult to know whether systems improvements or revisions were needed. 40. (SO 9) What is the underlying purpose of the restrictions on CPA firms in Section 201 of the Sarbanes Oxley Act? These restrictions are intended to increase the independence of CPA firms that provide audit services for companies. The concern was that if a company receives fees from a client for consulting work, they may be less independent of the client’s wishes and more likely to allow clients to provide misleading accounting information to the investing public.
Page 5-5
Chapter 5 Solutions
IT Governance
Problems 41. (SO 1) Brazleton Corporation just became a public corporation when shares of stock were sold to the public three months ago. A new board of directors has been appointed to govern the corporation. Assume that you will be giving a presentation to the board members on their responsibilities for IT systems. Write a report that could be delivered to the board. The board of directors of a company has a set of very important responsibilities related to IT systems. As top management of the company, the board must take responsibility to ensure that the organization has processes that align IT systems to the strategies and objectives of the company. To carry out this responsibility, the board must do certain functions, or ensure there are processes to carry out the following functions: * Align IT strategy with the business strategy * Cascade strategy and goals down to lower levels of the organization * Provide structures that facilitate implementation of strategy and goals * Insist that an IT control framework be adopted and implemented * Measure and review IT performance The more detailed activities needed to carry out these board responsibilities are as follows: * Articulate and communicate long-term strategy * Stay aware of latest developments in IT * Insist that IT be a regular agenda item at board meetings * Stay aware of the company’s investments, and competitors investments in IT * Ensure the senior IT official’s reporting level is appropriate to the role of IT. * Ensure the board has a clear view of the risks and returns of current or proposed IT systems * Receive and review regular reports on the progress of IT projects, and on IT performance. * Ensure adequate resources, skills, and infrastructures to meet strategic goals for IT systems If the board of directors focuses on these activities, it will help the
Page 5-6
Chapter 5 Solutions
IT Governance
board to ensure that IT systems do support long-term strategic objectives of the company. 42. (SO 2) SuperTech Stop is a regional retailer of consumer electronics, with warehouses and stores located in several large cities in California. The board and top management of Millennium are considering updating their accounting, inventory, and retail sales software and hardware. The current systems are approximately 15 years old. Assume that you have been hired as a consultant to guide them through the process of upgrading their systems. Write a document that could be presented to the board of directors that summarizes the SDLC. Memorandum To: Board of Directors From: Jennifer Starnes, IT Consultant Re: Systems Development Life Cycle This memo is intended to provide an executive summary on the System Development Life Cycle (SDLC) and the importance of it for your company. IT systems are crucial to the success and profitability of Millennium. To enhance long-term performance, the company must choose and use the IT systems that best support the company’s goals and objectives. To ensure you are selecting and using the most effective IT systems, you should follow a systematic and formal process to select, design, and implement IT systems. A failure to follow a systematic and formal process in selecting and implementing IT systems is likely to lead to a mismatch between Millennium’s strategic objectives and the capabilities of its IT systems. One popular way of using a systematic and formal process is to follow a SDLC method. The SDLC is a set of systematic phases and steps to follow in selecting, designing, and implementing IT systems. Given limited funds and time, following an SDLC process is a planned and controlled method of ensuring a proper match between Millennium’s IT needs and the IT system implemented.
Page 5-7
Chapter 5 Solutions
IT Governance
The phases of the SDLC are: systems planning; systems analysis; systems design; systems implementation; and operation and maintenance. These phases occur in the sequence given as a planned and controlled approach to implementing new IT systems. The following are brief descriptions of each of these phases. Systems planning involves examining the long-term objectives of your company and based on these objectives, planning and prioritizing the type of IT systems that can help you achieve those objectives. For example, if your company’s objective is to minimize inventory levels in your warehouses, you are likely to need IT systems that give you realtime and accurate information about inventory levels, and you are likely to need IT systems that help you predict or forecast sales of the various inventory items. Systems analysis is the study of the current IT system to determine its strengths and weakness, and to get user feedback about the needs in a new IT system. Systems design is the creation of the system that meets user needs as and improves the weaknesses of the old IT system. In other words, the data collected and analyzed in the systems analysis phase will guide the design of the new IT system. Systems implementation is the set of steps undertaken to program, test, and activate the IT system that was designed during the systems design phase. Operation and maintenance is the regular, ongoing functioning of the IT system and the process to fix smaller errors or problems in the IT system. Following these phases, in this order, will help you to have IT systems that best match your company’s needs. 43. (SO 4) Assume that you are the project team manager that is engaged in a systems analysis. The company is a large, national retailer with several stores and warehouses located throughout the United States. The corporate headquarters are in Atlanta, and all major accounting takes place at the corporate headquarters. Describe how you would
Page 5-8
Chapter 5 Solutions
IT Governance
use the various data collection techniques of observation, documentation review, interviews, and questionnaires. Observation and documentation review are both methods that allow a project team to better understand the IT system without soliciting input from users. That is, these methods do not interrupt the work of users, but they only uncover strengths and weaknesses in the IT systems that are evident to the project team. These two methods would be used at the corporate headquarters by the project team. It may be necessary for the project team to also visit and observe at a couple of stores and a couple of warehouses. However, it would not be necessary, nor would it be cost effective, to visit all stores and all warehouses. Interviews and questionnaires both solicit feedback from users. Due to the number of stores and warehouses, it would be more effective to send surveys to these locations for certain users to complete. At the corporate headquarters, it would be possible to use both interviews and questionnaires. Because of the time consuming nature of interviews, they would be used on the smaller set of managers who use the IT system. The questionnaires would be used to survey the larger group of users who are not managers. 44. (SO 5) CEEMCO Corp. is a small, privately owned manufacturing company in Cincinnati. CEEMCO manufactures custom products as well as store display products to sell to other companies such as retailers. Using an Internet search engine, do a search using the search terms “CEEMCO” and “Cincinnati.” Examine the kind of manufacturing the company does. Once you have completed that, examine an accounting software site such as www.2020software.com or www.accountingsoftware411.com. Complete the following: a. Describe the process Ceemco should undertake to determine which accounting software might be the best fit for the company. For a small company, CEEMCO is not likely to have an IT staff that could assist with an SDLC process to develop specifications for any software systems needed. The more likely approach would be to hire a consulting firm to help select and install an accounting software system. b. Although you do not know much about the company, develop a list of requirements you believe any accounting software should have for CEEMCO to consider the software as a viable alternative. Since it produces many different categories of products (store displays, metal
Page 5-9
Chapter 5 Solutions
IT Governance
fabrication, plastic parts fabrication, medical case carts, HVAC products such as radiators, and retail products such as window ornaments), the company is very likely to have an extensive array of raw material inventories and the need to track many different types of work-in-process. Therefore, the most critical need may be for manufacturing and inventory tracking modules. The software would also need basic accounting modules such as accounts receivable, accounts payable, and general ledger. It is not possible to determine whether CEEMCO does its own payroll or whether it outsources payroll. If payroll is handled in-house, CEEMCO would need a payroll module. In addition, since the company sells the window-ornament products online, there would be a need for an e-commerce module. There is no mention of locations other than two in Cincinnati. Therefore, there is not likely to be any need for a system that handles international currencies. c. Choose an accounting software from your Web search, and describe why you believe it is a good match for CEEMCO. There is no single correct answer to this question, but there are some answers that would be incorrect. For example, Quickbooks would not have the power necessary for this business. Also, enterprise level systems such as SAP or Oracle would be too expensive for a small company such as CEEMCO. Products such as Sage 100, Sage 300, Dynamics GP, or Cloud-based such as Netsuite would be more appropriate. 45. (SO 2) There are several approaches to applying an SDLC methodology to IT system change. Using an Internet search engine, search for these terms: SDLC, waterfall, JAD (joint application development), RAD (rapid application development), build and fix, and spiral model. For example, you might try entering these search terms: SDLC waterfall. Write a brief definition of these various approaches to the system development life cycle. The student answers to this will vary depending on which web sites they use and when they access web sites. A sample answer is provided. The SDLC waterfall approach is the oldest approach to system development. In a waterfall approach, there is a sequence of steps and the output of one sequence becomes the input for the next step. The method described in this chapter is a waterfall approach. Joint application development (JAD) is intended to reduce
Page 5-10
Chapter 5 Solutions
IT Governance
development time and to increase customer (end user) satisfaction with the system. It is a method that involves a series of meetings with the end users or clients that will use the system. These meetings with end users are called JAD sessions. Rapid application development (RAD) usually involves object-oriented programming, a method that encourages the reuse of programmed modules. RAD includes: 1) workshops or focus groups to gather requirements, 2) Protoyping, and testing of those prototypes, 3) Strict time limits on each development phase that delays immediate fixes and defers these improvements to the next prototype, and 4) Less formality in team communications. The build and fix method is very open-ended and can be very risky. The method does not have formal steps such as in the waterfall method. In this method, a system is simply built (code is written) and then it is fixed until the customer is happy with it. In the spiral approach, an initial model of the system is developed and then successively refined with input from end users. The development of each successive version of the system is undertaken using the carefully controlled steps in the SDLC waterfall approach. In addition, after each development of each successive version, a risk assessment is undertaken to determine whether it is worthwhile to move to the next development version, or to stop. The web sites used for this solution are: http://searchsoftwarequality.techtarget.com/sDefinition/0,,sid92_gci214 246,00.html http://www.ctg.albany.edu/publications/reports/survey_of_sysdev/surve y_of_sysdev.pdf
46. (SO 9) Tad Griffin is an accounting software consultant at Tann and Associates Consulting. Farno is a value-added reseller of accounting software for midsize companies, which normally have revenue between 50 million and 500 million dollars. One of Griffin’s responsibilities is to solicit new client companies and to meet with their management to recommend the best accounting software system for
Page 5-11
Chapter 5 Solutions
IT Governance
them. Midmarket accounting software typically offers several modules that the client may choose from. For example, not all clients would need an e-business module for their accounting software. Since part of Griffin’s compensation is a percentage of software sales and consulting revenue that he generates, what are the ethical conflicts he faces when soliciting new clients and recommending software and software modules? The nature of a consultant’s business can cause ethical issues to be raised because there can be a conflict between what is best for the client and what is best for the consultant. There are at least three important ethical traps that a consultant could easily fall into: excessive billing of hours; recommending only software products that have a high profit margin for the consultant; and recommending unnecessary modules. All three of these ethical issues have a common thread. In each of these situations, the consultant is trying to maximize his own wealth and is not putting the highest priority on the client’s needs. A consultant could inflate hours worked and/or bill for extra hours not really worked for that client. In both cases, the consultant is dishonest and unethical. These fictitious billing acts are also fraudulent and illegal. The other two ethical issues mentioned above are not as easily proven to be illegal, but they are unethical. If a consultant feels two different software systems may meet the customer’s needs, but chooses the one with the higher profit margin solely for the higher profit, he is acting unethically. Also if a consultant recommends additional software modules that are not really needed by the client, he is acting unethically.
Cases 47. The NewTech Depot is a retailer of electronics such as cell phones, satellite radios, and high-end LED TVs. The NewTech Depot is a large chain with stores in strip shopping centers throughout the United States. However, each store is small, with generally five to six employees and a manager. Each store sells much less volume than large electronic retailers such as Best Buy or Circuit City. Top management has recently become concerned with what appears to be an excessive amount of inventory loss (shrinkage) at
Page 5-12
Chapter 5 Solutions
IT Governance
many of its stores. At this point, the management team is uncertain as to whether the excessive loss is due to weaknesses in its IT system that tracks inventory or to customer and employee theft at the stores. Top managers are concerned that the IT system may be a contributing factor to the loss and would like to study whether a new system should be implemented. Through their industry contacts, they know that large retailers such as Best Buy and Circuit City use much more sophisticated inventory management systems than The NewTech Depot does. A systems analysis would require a cost benefit analysis and a feasibility study. Describe steps that The NewTech Depot should undertake to complete a cost-benefit analysis and a feasibility study for a new IT system to track inventory. A feasibility study assesses feasibility in four areas: technical, operational, economic, and scheduling feasibility. To conduct the technical feasibility, The NewTech Depot should determine the kind of inventory management software systems that are available in the market. For example, some companies are now using Radio Frequency Identification systems (RFID). These newer technology systems are the kind of inventory systems that The NewTech Depot should investigate during the technical feasibility study. The company should try to determine the latest technology in tracking inventory systems. That is, what does current technology allow the company to achieve in tracking inventory? The company could also consider whether it could build an inventory system internally, but this is not a likely option. To examine operational feasibility, The NewTech Depot should compare its current system hardware and personnel to the system hardware and personnel needed to operate the new inventory systems identified in the technical feasibility study. The NewTech Depot will find that some systems are more likely to be the type that the company could operate given the hardware and personnel available to them. Of course, some new hardware could be purchased and new personnel hired, but the more of this activity is required for a particular system, the less feasible it is from an operational standpoint. An examination of economic feasibility is a cost-benefit analysis. To
Page 5-13
Chapter 5 Solutions
IT Governance
conduct economic feasibility, The NewTech Depot should compare cost estimates for each potential system to the monetary benefits expected for each system. Usually, the monetary benefits are cost savings that result from efficiencies of the new system. The NewTech Depot would need to estimate the costs of new systems and the cost savings of those systems. Those potential systems in which benefits are greater than costs are more feasible. To assess schedule feasibility, The NewTech Depot must try to estimate the time required to implement each of the potential systems. As the length of time to implementation increases, a system becomes less feasible. A very long implementation period may mean that the system will take too long to begin recognizing benefits and it may also mean that the hardware and software could be out of date by the time it is implemented. 48. Harbridge Global is in the process of purchasing a new accounting software system. Harbridge is in a very specialized industry, with an international market. The company manufactures specialized parts to sell to companies in the oil exploration and drilling industry. The corporate headquarters are in Fort Worth, Texas, and a significant number – approximately one-half – of their operations are U.S.-based. They also maintain production plants and a sales and support staff in most oil-producing countries. Explain the factors that Harbridge should consider when determining which software system will best suit its needs. The items mentioned in the question are some of the important factors. For example, the accounting system must have the capability to work with various international currencies. The software must also have the capability to use a large account numbering system to easily identify the various locations and purposes of the various accounts. The chart of accounts will likely have a large number of accounts that are subdivided by location and purpose. Harbridge also must consider its specialized industry. Therefore the software must be able to match to the special processes or information needs of the industry. In addition to the unique factors that Harbridge should consider, it should examine the same kinds of feasibility that any company should consider. Therefore, for any accounting software under consideration, Harbridge should assess technical, operational,
Page 5-14
Chapter 5 Solutions
IT Governance
economic, and schedule feasibility. 49. Refer to case 48. Describe which parts of the design phase Harbridge should undertake to ensure that the purchased software matches with the business processes that it will use. First, Harbridge must determine whether it should employ a consulting firm to assist in the purchase and implementation of the software. If a consulting firm is hired, Harbridge should interview, request bids, and select a consulting firm early in the process. The consulting firm would then assist with all steps in selecting and implementing the software. If so desired, Harbridge could also bring in a consulting firm for the later stages of the design. Request for proposals (RFPs) must be sent to any software firm under consideration. The returned RFP (bid) will include details about the software, the support provided for the software, and the price. The project team or IT governance committee should review each RFP in detail to select the best software system. The things that should be considered while reviewing the RFPs are: * The price of the software * The match of the software to user needs * The technical, operational, economic, and schedule feasibility * Technical support provided by the vendor * Reputation and reliability of the vendor * Usability and user friendliness of the software * Testimonials from customers currently using the software If the software selected must be modified to meet any specific needs of the company, the project team should develop design specifications for those modifications. If those modifications are extensive, the entire detailed design phase should be undertaken to design outputs, inputs, processes, and controls.
Page 5-15
Chapter 6 Solutions
Enterprise Resource Planning (ERP) Systems
Turner/Accounting Information Systems, 5e Solutions Manual Chapter 6 Concept Check 1. a 2. d 3. b 4. c 5. b 6. b 7. a 8. c 9. d 10. c 11. b 12. a
Discussion Questions 13. (S.O. 1) Describe how ERP systems enhance efficiency in a business organization.
ERP systems enhance efficiency by controlling all business processes in one software system. That is, a single system collects, processes, stores, and reports data resulting from all sales, purchase, conversion, and administrative processes. In addition, ERP systems enable e-commerce and e-business, thus further enhancing efficiencies. 14. (S.O. 1) Why is real-time processing essential in an ERP system? Real-time processing is essential in an ERP system because all employees in the organization need to use the same information. Since data is stored in a single database, it is important that the most up-to-date information is available because of its usefulness in so many areas of the organization. 15. (S.O. 1) How has ERP increased the responsibilities of customer service representatives? Since customer services representatives have access to complete and timely information through the ERP system, they are able to answer important questions pertaining to availability of stock, timing of production, purchases, deliveries, and shipments, as well as historical information about customer orders and buying habits. The ERP’s ability to integrate company-wide information enables customer service representatives to deliver better service, thus facilitating a higher level of customer satisfaction.
1
Chapter 6 Solutions
Enterprise Resource Planning (ERP) Systems
16. (S.O. 1) What is an MRP II system and how is it different than the ERP systems in
use today? Manufacturing Resource Planning (MRP II) software systems is focused on the movement and use of resources needed by a manufacturing company, such as purchasing, warehousing, and the scheduling of deliveries, production, and shipping. MRP II systems evolved into ERP systems when the system’s functionality increased to include processes related to marketing, distribution, human resources, etc. 17. (S.O. 1) What are the two databases used by ERP systems? The ERP system often utilizes two different databases. These two databases are the operational database and the data warehouse. The operational database contains the data necessary to conduct day-to-day operations and produce management reports. It is continually updated as transactions are processed. The data warehouse contains non-volatile historical information that is used to support management decision-making. 18. (S.O. 1) Differentiate between the “enterprise-wide” and “non-volatile” features of a company’s data warehouse. Data is enterprise-wide when it is pulled from the operational database (which pertains the operations of the entire organization), and is then maintained in the data warehouse for many periods. Data is non-volatile because it does not change rapidly in the same way that operational data changes. Periodically, new enterprisewide data from the operational database is uploaded to the data warehouse, but other than the updating process, the data in a data warehouse does not change. 19. (S.O. 2) What was unique about SAP’s first ERP system? SAP’s first ERP system was unique in that it integrated all business processes (not just manufacturing) and that it made data available in real time. 20. (S.O. 2,5) Differentiate between the features of SAP’s R/1, R/2, and R/3. What does the “R” stand for in this name? SAP differentiated new versions of its software by coding them as R/1, R/2, and R/3, where the “R” stands for “real-time processing” and the number relates to the version. SAP R/1 was SAP’s first release, which integrated all business processes and made data available in real time. R/2 allowed for interactivity between modules and added more features (such as order tracking). R/3 used client-server hardware that allowed the system to run on a variety of computer platforms and allowed for third-party companies to develop software that will integrate with SAP R/3. 21. (S.O. 3) How do ERP II systems allow for businesses to improve efficiencies with respect to sharing information with trading partners? ERP II systems allow for businesses to improve efficiencies with respect to sharing information with trading partners by using EDI, Internet EDI, or extranets to connect with suppliers and customers. Exhibit 15-2 depicts a view of an ERP II system. 22. (S.O. 3) How did the tragic events of September 11, 2001 affect the market for ERP systems? The events of September 11, 2001 caused drastic reductions in sales of ERP systems, as nearly all companies reduced IT spending. The economy experienced a downturn and all most businesses were cutting expenses, including IT expenditures.
2
Chapter 6 Solutions
Enterprise Resource Planning (ERP) Systems
23. (S.O. 4) What are some of the activities included in an ERP module for supply chain
management? Supply chain management (SCM) is the management and control of all materials, funds, and related information in the logistics process from the acquisition of raw material to the delivery of finished products to the customer. The supply chain involves trading processes from a supplier to a business, as well as trading processes between the business and its customers and other intermediaries. Similar to internal processes, these trading processes can experience improved efficiency by using ERP systems to initiate, record, store, and report these processes. 24. (S.O.4) What are some of the features of an ERP module for customer relationship management? Customer relationship management (CRM) allows organizations to manage customer relationships in an organized manner by providing a database of detailed customer information that management, salespeople, and customer service representatives can readily access. This database generally includes historical information regarding customer purchases, which can be used to match customer needs with products, inform customers of service requirements, and analyze customer buying behavior. 25. (S.O.5) Which company is today’s top-seller of ERP systems in the U.S.? SAP is the top-selling tier one manufacturer of ERP systems in the U.S. (through 2007). 26. (S.O.5) Differentiate between Oracle’s “back office” and “front office” modules. Back office modules are the ERP modules such as financial, manufacturing, supply chain, procurement, and human resources applications that typically do not involve interaction with the customer. The front office modules are for sales, marketing, service and call center functions that are visible to customers. 27. (S.O.5) Which tier one company introduced the first ERP system that was “pure internet,” requiring no programming code to reside on the client computer? Peoplesoft is the tier one company that introduced the first “pure internet” ERP system that required no programming code to reside on the client computer. 28. (S.O. 5, 6) Which of the tier one ERP companies is likely to provide the “best fit” for a manufacturing firm? For a human resources placement company? SAP is the tier one ERP company that is likely to provide the “best fit” for a manufacturing firm because its systems evolved from MRP II systems. For a human resources placement company, Peoplesoft is likely to be the “best fit” because it evolved from a human resources software system. 29. (S.O.6) Why is business process reengineering an important aspect of ERP implementation? Business process reengineering (BPR) an important aspect of ERP implementation because it aligns business processes with the underlying IT systems used to record processes. In addition, it improves efficiency and effectiveness of these processes. When technology is introduced intro business processes, BPR and IT can have a mutually-enhancing relationship: IT capabilities support the business processes and the business processes can be redesigned to match the capabilities of the IT
3
Chapter 6 Solutions
Enterprise Resource Planning (ERP) Systems
system. Therefore, BPR is important because of its role in improving process efficiencies. 30. (S.O.6) Why should customization of an ERP system be limited? Customization of an ERP system should be limited because of issues with cost and upgrading. Any customizations may require changing or writing new programming code and this can be a very expensive and time-consuming task. The cost of customization can easily exceed the cost of packaged ERP software. Second, any customizations cannot be automatically incorporated when the ERP vendor provides an upgraded version of the ERP software. Therefore, upgrading to the new version may mean losing any customizations. 31. (S.O.6) Differentiate between location-wise and modular implementation approaches to the conversion to an ERP system. In a location-wise implementation of an ERP system, the organization chooses a specific location or sub-unit of the organization and implements the ERP system in that location only. This approach can be considered a “pilot” approach in which the ERP is first carried out in a sub-unit of the larger organization. This means that any resulting problems will be isolated within the pilot unit so that the entire organization is not impacted. In a modular implementation, the ERP system is implemented one module at a time. The implementation team will normally focus on the most critical module first and complete the implementation of modules in descending order. This allows the organization to take advantage of the new features of the module in the ERP system without affecting all processes in the organization. 32. (S.O.7) Which method of conversion to an ERP system is sometimes referred to as a “pilot” method? Why is this name appropriate? The location-wise implementation method is considered a “pilot” approach because the ERP is first implemented in a single location or sub-unit of the organization before it is implemented across the entire organization. This allows any problems to be worked out in an isolated area without impacting the entire organization. Thus, the changes and resolutions experiences in this pilot area can be used to guide the subsequent implementations. 33. (S.O.8) How can an ERP system assist a company in its efforts to comply with the Sarbanes-Oxley Act of 2002? ERP systems assist a company in its efforts to comply with the Sarbanes-Oxley Act of 2002 by providing real-time financial information to facilitate the reporting requirements of the Act. For instance, enhanced financial modules of an ERP system may provide feedback information to management regarding internal controls, which is important for complying with the reporting requirements of section 404 of the Act. In addition, ERP systems can enhance internal controls by providing for the proper segregation of duties and establishment of authority, as well as the real-time monitoring and reporting of exceptions.
Brief Exercises 34. (S.O. 2) Why was there so much growth in the sales of ERP systems in the late
1990s?
4
Chapter 6 Solutions
Enterprise Resource Planning (ERP) Systems
There are two major contributing factors to the rapid growth in sales of ERP software in the late 1990s. One factor was the explosive growth of e-commerce and the dotcom boom that occurred during this time period. To enable e-commerce and accelerate business processes in order to meet the demands of e-commerce sales, companies needed integrated systems such as ERP. A second factor was the valid concern about Y2K compatibility of existing software systems in companies. Many companies were rapidly trying to replace legacy software systems in the late 1990s before the year 2000 changeover occurred. Many were facing uncertainty as to whether their legacy software would work after 1999. System professionals were concerned that older legacy systems would “blow up” when faced with a date of 2000 or later. 35. (S.O. 3) What are the five most common reasons for increased spending on ERP systems in the early 2000s? Which of these reasons was the impetus for Viper’s ERP implementation in 2003? Some of the reasons for this increased ERP spending are: a. The need to improve customer service through standardizing and combining business processes. This necessitates ERP software that can support standardized and combined processes. b. Global companies that operate in several countries may have separate ERP systems in various countries. Many of these companies decide to replace these various ERP systems with one centrally managed ERP system for the entire company. c. Aging ERP systems that were installed prior to Y2K need replacement to meet competitive demands faced by companies. d. Bigger IT budgets in 2005 replaced leaner budgets between 2001 and 2004. Companies began increasing overall IT spending, including spending on ERP systems. e. To enhance compliance with the Sarbanes-Oxley Act. Viper Motorcycle Company implemented an ERP system primarily to enhance compliance with the Sarbanes-Oxley Act of 2002. 36. (S.O. 4) Match the ERP modules on the left with the purpose of the related processes on the right: Financials b. Maintenance of the general ledger and supporting journals and sub-ledgers. Human Resources d. Accounting for personnel and payroll activities. Procurement and c. Keeping track of purchasing and movement of goods and Logistics materials. Manufacturing f. Planning and scheduling of conversion activities. Sales and Services a. Taking customer orders and preparing for the impending revenue and cash collection. Analytics e. Data mining and other processes for obtaining feedback and supporting managerial decision-making.
5
Chapter 6 Solutions
Enterprise Resource Planning (ERP) Systems
37. (S.O.6) What potential advantages and disadvantages exist with respect to
engaging a consultant for an ERP implementation? Discuss. The primary advantages of hiring a consulting firm include: a. Experience. The use of consultants may provide for a more effective implementation, as long as it is performed by professionals having experience with similar implementations. The experience of a consultant may be translated into savings for the company, particularly with respect to the avoidance of costly and time-consuming mistakes. b. Efficiency. Due to the experience of professional consultants, time savings may be realized in terms of avoidance of unproductive time spent on training, trial-and-error, etc. c. Less strain on employees. The company’s human resources may be relieved so they can engage in their normal activities with minimal disruption to the normal routine. The most significant disadvantages of hiring a consulting firm include: a. Cost. Consultants may be expensive, and can significantly increase the cost of the overall ERP implementation. b. Limited availability. Consultants are typically hired to perform a certain function or are retained for a limited period of time. The ongoing need for the implementation team to address issues may create problems for the company who used consultants that are no longer accessible. 38. (S.O.7) What are the primary benefits of an ERP system? What are the primary
risks? The primary benefits of an ERP system are the following: a. The interactive nature of the modules that allows processes to interact with each other. For example, the ordering and receiving processes can automatically trigger payment processes. b. The real-time nature of processing that decreases the total processing time and allows more immediate feedback to management. c. The “best practices” nature of the processes in ERP systems. ERP systems have evolved from many years of software experience with various companies and the software reflects tried and true practices. d. The single database that enhances sharing of information between the business’ functional areas and between processes. e. The capability to analyze large amounts of data in a single database. Analytical tools are incorporated in ERP systems that allow detailed analysis of the data. f. The capability to enhance e-commerce and e-business. The ERP systems of today incorporate modules to fully incorporate e-commerce and e-business. g. The capability to interact in real-time with trading partners. ERP systems are built to interact with the IT systems of trading partners such as customers and suppliers. h. The capability of ERP systems to be scalable. Scalable means the system can grow with the business.
6
Chapter 6 Solutions
Enterprise Resource Planning (ERP) Systems
The primary risks of an ERP system are the following: a. The large size, scope, and complexity of ERP systems cause their implementation to be very costly, time consuming, and potentially disruptive to operations. (Implementation risk) b. The potential for failure of the system may cause business disruption across the entire enterprise. (Operation risk) 39. (S.O.7) What are Shang and Seddon’s five dimensions of ERP benefits? The five dimensions of ERP benefits are: a. Operational benefits, including reductions in time and costs, and improvements in productivity, quality, and customer service. b. Managerial benefits, including improvements in resource management, planning, decision-making, and performance. c. Strategic benefits, including support for various aspects of business growth. d. IT infrastructure benefits, including increased flexibility and infrastructure capability, as well as cost reductions. e. Organizational benefits, including the facilitation of organizational learning, change management, and employee morale. 40. (S.O.7) Name the AICPA Services Trust Principles’ five operations risks? Why are these risks greater for ERP systems than for other IT systems? The five areas of operations risks are as follows: a. Security. The system is protected against unauthorized (physical and logical) access. b. Availability. The system is available for operation and use as committed or agreed. c. Processing integrity. System processing is complete, accurate, timely, and authorized. d. Online privacy. Personal information obtained as a result of e-commerce is collected, used, disclosed, and retained as committed or agreed. e. Confidentiality. Information designated as confidential is protected as committed or agreed. These risks are greater for ERP systems than for other IT systems because of its size and complexity. Security becomes a greater risk because the
processes are integrated, and often automatically triggered in ERP systems. Therefore, any unauthorized user can affect more processes than would be true in an older, legacy system. For example, unauthorized access to a purchase module in an ERP system could allow an unauthorized user to trigger not only purchase activities, but the related payment within Accounts Payable. Availability risks are also magnified in ERP systems because of the integrated nature of processes. The failure of an ERP system has the potential to stop or disrupt all processes across the entire enterprise. Processing integrity risks are more significant in ERP systems due to the interconnected nature of an enterprise-wide system. Incorrect data generated in a given process can automatically trigger other processes 7
Chapter 6 Solutions
Enterprise Resource Planning (ERP) Systems
and post flawed data to other processes. Processes may be triggered at the wrong time and incorrect data can be spread over several processes and ERP modules. It is important to understand that such processing integrity problems are possible in any IT system. But they have the potential to be more damaging in an ERP system. Online privacy and confidentiality risks are also magnified in ERP systems. ERP systems often have sales and customer relationship management modules in an e-commerce mode. This means that sales and customer data is exchanged via the Web or EDI. In ERP systems these front-office systems of e-commerce and sales are automatically integrated into the back-office systems of an ERP system. The back-office modules are the financials, supply chain management, and human resources modules. Therefore, in an ERP system, the e-commerce activity of customers often automatically integrates into the general ledger and related processes. This interconnectivity causes more potential areas for private or confidential information to be available. 41. (S.O.8) Explain how an ERP system can enhance internal controls? Specifically, how can it facilitate the separation of duties? Since the passage of the Sarbanes-Oxley Act of 2002, ERP systems have been improved to include enhancements to internal controls. These enhancements include functions that assist management in complying with sections of the Act by providing feedback information to management regarding internal controls. For processes tracked by the ERP software, a report can be generated that identifies which employees are authorized to initiate and conduct processes. Based on each employee’s ID and password, audit trails can be constructed and reported that indicate which employees initiated or conducted individual processes. This module within the ERP system can map processes to assist management in understanding whether duties are appropriately segregated within the process. Segregation of duties is an important part of internal control that can help prevent errors and fraud. ERP systems can be used to properly segregate duties. The ERP system can incorporate a matrix of tasks that are incompatible duties. For each employee ID and password, the system can check the employee’s access to various tasks to insure that no employee can initiate or conduct incompatible tasks. The ERP system electronically segregates duties by limiting the types of transactions each employee can perform. For example, a single employee should not have system access to initiate a purchase and record it as received. In an ERP system in which integrated modules often automatically trigger events, recording the receipt can automatically initiate a check for payment. Thus, it is important that a single employee not have authorization in the ERP system to initiate a purchase and also record the receipt. In addition to the preventative nature of attempting to restrict incompatible duties, an ERP system also allows real-time monitoring and reporting of exceptions. As
8
Chapter 6 Solutions
Enterprise Resource Planning (ERP) Systems
processes and transactions occur that may be exceptions to what was expected, they can be reported to management in real-time. Therefore, an ERP system can assist management in monitoring internal control, monitoring errors and problems, and monitoring exceptions to internal controls.
Problems 42. (S.O. 1) Describe the ERP’s modular interface that is necessary in a typical
manufacturing environment. An ERP system is a multi-module software system that integrates all business processes and functions of the entire organization into a single software system, using a single database. Each of the software modules of an ERP system is intended to collect, process, and store data of a functional area of the organization and to integrate with related processes. For example, a module may be designed to process purchase transactions and record all data about purchase orders. This module must integrate with accounts payable and inventory since the vendor must be paid and inventory increased as the purchased goods arrive. Each module automates business activities of a functional area within an organization. Information is updated real-time in the ERP database, so that employees in all business units are using the same information, and all information is up-to-date. Since the data is stored in a single database, each functional area can easily share information with other areas of the organization. 43. (S.O. 2) Identify and describe the first generation of ERP systems used in the 1970s, and the second generation of ERP systems used in the 1980s. The first generation of ERP software was called Materials Requirements Planning (MRP) software. MRP software of the 1970s allowed plant managers to coordinate the planning of production and raw material requirements. MRP software determined order size and timing of raw materials based on sales forecasts and factoring in lead times for order and delivery of materials. The typical computer hardware of the 1970s that was used to enable an MRP system was mainframe computers, sequential file processing, and electronic data interchange (EDI). The EDI allowed up-to-date information about inventories and status of orders to be processed quickly. As mainframe computers improved in speed and power during the 1980’s, MRP software evolved into Manufacturing Resource Planning (MRP II) systems. MRP II was much more broad and encompassing than MRP software. MRP software was intended to provide for the purchase of raw materials to support manufacturing needs. The purpose of MRP II was to integrate manufacturing, engineering, marketing, and finance units to run on the same information system and to use a single database for these functions. As MRP and MRP II systems became more popular in large manufacturing companies, early pioneers of ERP systems were working on a broader concept of information system software. Five former IBM systems analysts began work on an early version of ERP software in 1972. These five formed a company that was to become Systems, Applications and Products in Data Processing (SAP). SAP
9
Chapter 6 Solutions
Enterprise Resource Planning (ERP) Systems
designed the first true ERP system that was called SAP. SAP was intended to integrate all business processes, not just manufacturing, and to make data available in real time. To the financial accounting system, they added modules for Materials Management, Purchasing, Inventory Management and Invoice Verification. SAP release 2, or SAP R/2 was released in 1978. The new version took full advantage of the current mainframe computer technology, allowing for interactivity between modules and additional capabilities like order tracking. 44. (S.O. 4) Compare and contrast the functionality of the Logistics module and Supply Chain Management activities. The logistics function manages all processes related to the purchase and movement of materials and finished goods. This module incorporates the purchase processes, as well as the processes and data resulting from the movement inventories. It is a subset of the functions included in the supply chain management activities. Supply chain management (SCM) activities encompass the planning and management of all sourcing, procurement, conversion, and logistics functions. SCM also includes coordination and collaboration with suppliers, intermediaries, third party service providers, and customers. 45. (S.O.7,8) Suppose a company is experiencing problems with omitted transactions in the conversion processes: i.e., inventory transactions are not always being recorded as they occur. How can an ERP system help to alleviate such a problem? An ERP system could help alleviate problems with omitted transactions through its internal control enhancements. For example, ERP systems allow real-time monitoring and reporting of exceptions. As processes and transactions occur that may be exceptions to what is expected (as in the case of omitted transactions), they can be reported to management immediately. In addition, the system can identify employees involved with the recording of specific transactions, which may help identify the source of a problem so that it may be corrected quickly. 46.
(S.O.6) Using the Internet or other research tool, search for the terms “best of breed” + ERP. Locate information that addresses the debate/dilemma faced by many companies regarding the decision implementing best of breed technology versus new applications from an ERP vendor. Write a brief memo to discuss this issue. Answers to this questions may vary. Following is a sample response: An ERP system is an integrated system of modules intended to cover the entire range of company activities. But in some cases, there may be advantages to purchasing and using a module from another vendor if that vendor provides the best software module for that activity. Such a module is called the “best of breed”. The best of breed approach is probably most advantageous when the industry specific processes of a company do not match well with an ERP system that is based on the most common processes. An example of best of breed would be purchasing a separate Customer Relationship Management module instead of using a CRM module within the ERP system. ERP modules have CRM modules that allow you to pull up and manipulate customer data at will. The view of the customer may contain summarizations of activities conducted
10
Chapter 6 Solutions
Enterprise Resource Planning (ERP) Systems
elsewhere in the system that relate to that customer. For example, if a customer places an order with your company, a sales person that is looking at that customer in the hopes of penetrating the account more deeply can see that there is already an outstanding order. This may trigger him/her to offer an appropriate discount on another product or offer add-on product to the one just sold. The ERP approach is, in most cases, the most seamless solution. ERP companies like Peoplesoft either developed or acquired CRM modules and integrated them into the larger suite. The downside to this approach is that their CRM modules may not have all the functionality you need in areas like marketing and decision analysis. This approach may require you to spend money extending their baseline functionality to meet your specific business needs. This is true in general for any best of breed module such as fixed asset management, HR, order fulfillment, etc. The best of breed approach aims to integrate a feature-rich system that can integrate into the ERP system. The vendors of these applications often provide outof-the-box connectors to popular ERP systems to ease the difficulties of integration into the ERP system. The advantages of choosing a best of breed approach include: 1) deeper and more industry specific functions, 2) not being tied to a single vendor, 3) fewer changes to industry specific processes within the company. The disadvantages to best of breed include: 1) a greater total cost of purchasing and maintaining the system, 2) it creates a more complex IT environment because of the need to integrate a separate module into the ERP system. The advantages to using an existing ERP module (not best of breed) includes: 1) simpler IT environment, 2) smaller total cost to purchase and maintain, 3) quicker and simpler implementation, 4) better integration into the entire ERP system. The disadvantages to using the existing ERP module include: 1) a greater change in business processes to match with the ERP system, 2) potential gaps between company needs and software functionality 47. (S.O.6) Using the Internet or other research tool, search for the terms “big bang” +
ERP. Identify at least one company that represents a success story with regard to this ERP implementation method (other than Marathon, as described in the Real World Example). Also identify at least one company that experienced problems with this approach (other than the city of Tacoma, as described in the Real World Example). Answers may vary for this question. Complete the search to arrive at the most up to date scenarios in your country. The big bang approach means that all users, modules and locations go live at the same time. Some companies have done this effectively. This approach minimizes the reconciliation of data that results from different locations or modules being brought on line at different intervals. To do this effectively requires strong project management and planning and an experienced consulting firm or other leader that has effectively brought companies live using the big bang approach.
11
Chapter 6 Solutions
Enterprise Resource Planning (ERP) Systems
The text provides an example of Tacoma Washington’s big bang approach that did not go well. 48. Using the Internet or other research tool, search for the terms “SAP” and “SME”.
Describe why a small to medium-sized entity might choose SAP as its ERP system. Responses will vary. The following provides an example of a SAP’s outline for the benefits of its product for SMEs (Small to Medium sized entities). http://go.sap.com/solution/sme-business-software.html Run all aspects of your small business or midmarket company with SAP SME software – on-premise or in the cloud. Our scalable business management software supports ERP, HR, e-commerce, analytics, reporting, and more. As more than 250,000 SME customers have discovered, you’ll never outgrow SAP – no matter where your business takes you. a. Many SME’s anticipate, or at least hope for explosive growth in their business. Such growth will make their companies larger, more complicated, and more distributed. An ERP system can help them better track and maintain operations and ERP systems are scalable as the company grows. ERP systems allow them to better manage the growth. b. ERP software solutions are not as expensive as they used to be, particularly if a company uses SaaS (Software as a Service) in which they do not necessarily need to buy expensive hardware to run ERP software on site. c. ERP systems allow them to better track and serve customers. They improve customer response time and allow the company to provide timely and effective customer service. For example, order tracking and service scheduling are more streamlined. In many cases, an ERP system can enhance the systems so that customers can easily do order tracking or service scheduling as a self-service. It cuts cost for the company and better serves the customers. d. They are better able to keep track of strategic partnerships (such as vendors) e. ERP systems allow them to better “assess demand, react to changes more quickly, provide accurate and consistent data, and engage customers and employees”. f. Their study of 300 SME’s with ERP systems in the top 20% experienced: i. A shorter number of days to close the accounting records at the end of the month (2.69 days average). ii. A shorter time period of days sales outstanding (33.11 days), a measure of cash collection speed. iii. More on-time delivery of products or services (96% complete ontime delivery)
12
Chapter 6 Solutions
Enterprise Resource Planning (ERP) Systems
iv. A 21% growth in operating margin g. By using ERP systems, they: i. Lowered operating and administrative costs ii. Improved on-time delivery iii. Increased the speed of decision making iv. Increased customer satisfaction v. Gained better knowledge of day-to-day operations. 49. (SO 6) Using the Internet or other research tool, search for “ERP software in the
cloud” and outline (a) PROs (b) CONS and (c) considerations of adopting cloud deployment for an ERP system. There can be a variety of Pros and Cons of ERP cloud adoption identified. Some of these include: PROs Investment in hardware and software is reduced- Companies do not need to invest in or upgrade their servers, operating systems, databases, data centers, backup equipment, or programming environments. IT staff to maintain and service the hardware and software is reduced. Data and applications are stored remotely, so disaster recovery and ERP business continuity requirements are addressed. Can access applications. Some applications (Salesforce.com (CRM) and Netsuite (ERP) are only available via the cloud. Budgeting for future costs is simplified. The delivery model, software as a service (SaaS), is easier to budget, since the periodic payments are known in advance. ERP cloud implementations can be accomplished quicker than on-premise because of the time saved in not having to procure and install the IT infrastructure. Easier to scale up or down as business grows and contracts. Some articles will say that cloud deployment is less costly. Often this is not the case if you look at the total cost of ownership for the full period covered. CONs Hardware and software are never paid for. Monthly fee until no longer using the system. Tax advantages of purchasing the hardware and software are forfeited. Less control of data, reliant on cloud firm for service. Reliant on cloud firm for service. Reliant on cloud firm for security. Considerations include how each of the pros and cons will impact a company specifically.
13
Chapter 6 Solutions
Enterprise Resource Planning (ERP) Systems
50. (SO 6) Using the Internet or other research tool, search for “Total Cost of
Ownership and ERP Software” and describe cost to consider when calculating the total cost of ownership for an ERP system. Responses will vary. http://www.calszone.com/documents/whitepapers/aberdeen-erp-roi-tco.pdf http://www.socius1.com/understanding-the-tco-and-roi-of-4-top-erp-softwaresolutions/ What is 'Total Cost Of Ownership – TCO – The total cost a company incurs to put as asset into use and utilize the asset through its life. The following comments are provided from Socius with regard to TCO and ROI. http://www.socius1.com/understanding-the-tco-and-roi-of-4-top-erp-softwaresolutions/ Total cost of ownership (TCO) is the purchase price of an asset plus the costs of operation. When choosing among alternatives in a purchasing decision, buyers should look not just at an item's short-term price, which is its purchase price, but also at its long-term price, which is its total cost of ownership. The item with the lower total cost of ownership is the better value in the long run. 1. Cost to consider when implementing an ERP system: 2. Purchase price (hardware and software) or ongoing SaaS fee 3. Implementation and training cost 4. Annual maintenance 5. Professional fees (internal or external) to keep the asset in operation. Total Cost of Ownership (TCO) TCO is the calculation all of the costs of purchasing, implementing, supporting, and using a product over its lifetime. TCO is used to budget for projects and compare similar products or services. It should be noted, however that TCO does not weigh the benefits that the software brings to a company, so it should not be used as the only criteria to select a software application or prioritize projects. Nucleus Research compared the TCO for companies that implemented four highly competitive ERP solutions: Microsoft Dynamics GP, Oracle, SAP, and PeopleSoft. The study revealed that of the four software solutions, Microsoft Dynamics GP had the lowest TCO. The reason for the lower TCO is that Microsoft Dynamics GP takes less time to deploy and fewer resources to support than the other solutions. The results of the Nucleus study are provided below.
14
Chapter 6 Solutions
Enterprise Resource Planning (ERP) Systems
Return on Investment (ROI) is a related concept. ROI is a calculation that divides the average total savings, over 3 years, by the initial cost. (Three years is the accepted operational threshold for technological innovation and product usability). An ROI calculation will account for both direct benefits (explicitly quantifiable cost savings or revenue increases) as well as indirect benefits (returns that are not clearly observable, but whose effects can be measured through investigation). Nucleus Research studied the ROI gained by the same four ERP aoftward products: Microsoft Dynamics GP, Oracle, SAP, and PeopleSoft. They studied benefits in the following areas:
Reduced staff / increased productivity Reduced IT or other direct costs Improved customer / partner relations Improved operations / visibility Reduced accounting / auditing costs or improved financial management / compliance
Per the Nucleus study: Microsoft Dynamics GP users were the only study participants to report gains in all five of these benefit areas. They were also the able to achieve a positive ROI faster than users of any of the four competing products:
15
Chapter 6 Solutions
Enterprise Resource Planning (ERP) Systems
51. (SO 6) Using the Internet or other research tool, search for “compare ERP
software” and describe PROS and CONS of two Midmarket/Tier II ERP systems. Responses will vary depending on the midmarket solutions selected. The following outline three of the most common midmarket products as described by Techtarget.com. http://searchmanufacturingerp.techtarget.com/tutorial/Buying-ERP-Top-10midmarket-ERP-systems NetSuite: NetSuite is an exclusively cloud-based ERP suite. As a SaaS system, NetSuite allows users to avoid many of the hassles of upgrading to newer versions, as the system is kept current by the vendor. Some of the applications it offers are financials, CRM, inventory management and e-commerce. NetSuite can support from 10 to an unlimited number of users. Industry-specific versions are available, including wholesale distribution, manufacturing and software. The One World version of NetSuite is designed for global, multicompany organizations with many assets to manage. The package runs from $10,000 to $100,000. Oracle E-Business Suite: The E-Business Suite is a good fit for midmarket manufacturers looking for an ERP system that will support a wide range of business applications without the need for much customization. It brings together enterprise performance management, business intelligence (BI) and performance management functions. It also covers applications such as supply chain management, CRM, asset management, product lifecycle management and procurement, and works for either discrete or process manufacturing environments. This package can be implemented on-premises or in the cloud or a hybrid of both. E-Business provides support for 25 to 1,000-plus users and costs between $12,000 and $350,000, depending on the implementation. Oracle also offers JD Edwards EnterpriseOne, which targets larger businesses and can be deployed on-premises or SaaS. This ERP suite covers 15 to 1,000 users and sells for $15,000 to $400,000. Microsoft Dynamics NAV (365BC), GP and AX(365FO): Microsoft's three variations of Dynamics can all handle the needs of manufacturers and distributors. NAV is designed for growing small and midsize companies that require fast and flexible ERP support for their changing business needs. On the plus side, it has a user interface that can be tailored to the specific roles of each user. On the minus side, it's the only Dynamics system that can't be hosted in the cloud. NAV can cover five to 750 users and goes for $8,000 to $250,000. GP is for slightly larger midmarket companies, with support for 25 to 500 users. It can be launched on-premises or in the cloud. GP supports processes such as reporting, forecasting, BI, consolidation and budgeting. Its price ranges from $10,000 to $100,000. Finally, Dynamics AX is for larger midmarket to enterpriselevel companies. It covers processes such as financial management, CRM,
16
Chapter 6 Solutions
Enterprise Resource Planning (ERP) Systems
supply chain management, human resources, project management and analytics. AX can support five to 1,000 users and comes in both SaaS and onpremises packages. It costs between $20,000 and $750,000. 52. (SO 6) Using the Internet or other research tool, search for “SAP software” and describe the type of company where SAP would be a good choice for an ERP system. Source of SAP companies http://go.sap.com/about/customer-testimonials/featured-customer-stories.a-c.html
City of Boston City of Buenos Aires City of Cape Town Coca-Cola HBC AG Colorado Department of Transportation (CDOT) ConAgra Foods, Inc. Kraft Foods Group, Inc. National Football League (NFL) National Hockey League (NHL) The Hillshire Brands Company The Kellogg Company University of Amsterdam University of Kentucky Companies that are a good fit for SAP are larger companies with more complex processes, that require a more robust solution. SAP is more costly to purchase and implement. Larger companies have higher IT budgets and can justify the higher spend on an ERP system if this is required to support a more complex business model. 53. (SO 6) Using the Internet or other research tool, search for “Microsoft Dynamics GP software” and describe the type of company where Great Plains would be a good choice for an ERP system. Microsoft Dynamics GP is a good selection for small to midsize companies that require rich functionality. Microsoft Dynamics GP is feature rich, easy to use and to implement. The following examples outline why some companies adopted MS Dynamics GP over other software products. These examples are provided by CAL a Microsoft Dynamics GP implementer. http://www.calszone.com/microsoft-dynamics-gp/compare-gp/
17
Chapter 6 Solutions
Enterprise Resource Planning (ERP) Systems
Dynamics GP vs. Sage MAS 90/200 Microsoft Dynamics GP provides more advanced reporting, integration with Microsoft Office, a stronger foundation, advanced functionality, and a continually improving application. With Microsoft Dynamics GP, your business can benefit from: Integration with Microsoft Office Real-time, actionable business intelligence Robust functionality that’s easy to use Smooth interoperability with your existing applications A high level of scalability and flexibility Microsoft’s commitment to innovation and technology 6 Reasons Real Companies Made the Switch From Sage MAS 90/200 to Microsoft Dynamics GP This insightful report is based on experiences from users who have chosen to convert from MAS 90/200 to Microsoft Dynamics GP and the business partners that have assisted in those conversions. This report aims to compare “life with MAS 90/200” to “life with Dynamics GP” and consolidate the differences into specific categories to focus on the major benefits of making the change. Microsoft Dynamics GP vs Sage Competitive Analysis As a result of an analysis performed in August 2008 utilizing The Accounting Library, one of the most respected software selection tools serving the needs of middle market companies, Microsoft Dynamics GP was ranked higher in terms of functionality than Sage MAS 90 ERP, Sage MAS 200 ERP and Sage MAS 500 ERP. Read more at: Microsoft Dynamics GP Verses Sage MAS 90/200 Accounting Software http://www.calszone.com/microsoft-dynamics-gp/compare-gp/gp-vs-sagemas90200/#ixzz4M0AgpVKn
Other links http://www.calszone.com/documents/erp-in-smb-outgrow-quickbooks.pdf http://www.softwareadvice.com/accounting/microsoft-dynamics-gp-profile/
Cases
18
Chapter 6 Solutions
Enterprise Resource Planning (ERP) Systems
54. ERP Implementation at Mancini Industries.
a. An ERP system could improve performance at Mancini in many ways. Because an ERP uses a single, shared database, information sharing and integration of the various processes would occur. This would lead to more efficient processes. Also. Management could receive more real-time feedback about operations and this can lead to improved decision making. Also, analytical tools are available in ERP systems to help managers do more detailed analysis of operations. The time involved in entering data separately into the various systems will be saved and the time and cost of maintaining legacy systems can be reduced. With an ERP system, Mancini would have the capability to automatically interact with IT systems of trading partners and to enhance e-business or e-commerce. All of these aspects improve the efficiency of business processes. Finally, ERP systems are scalable and can grow if Mancini grows. b. A ‘big bang” approach implements all modules of the ERP system across the entire organization at the same time. Because of the scope and complexity of a big bang implementation, there are many risks that can cause a failure. ERP implementation usually requires business process reengineering. So at the same time the new software is implemented, there are many changes to processes. Thus, there is much complexity and employees are unfamiliar with new processes. This means mistakes or omissions within processes are likely. The chapter mentions problems with a big bang implementation in Tacoma, Washington. However, if the big bang approach is well-planned and implemented correctly, it offers the advantage of reducing the time and cost of implementation. A modular approach, in which modules are implemented one at a time, could take more time and money. There is less risk than a big bang approach because focusing on one module at a time reduces the scope and complexity of the implementation. A simple analogy might be to compare remodeling every room of a house at the same time (big bang), or doing one room at a time (modular). Using this analogy, it is easier to see that the whole house approach is more likely to cause problems, delays, and chaos. c. To choose the order of implementing modules, Mancini should analyze and determine which modules more closely relate to their strategic objectives. Those modules most closely related to achieving strategic objectives should be implemented first. 55.
Chacon University potential problems in ERP Implementation. There are several areas of potential problems. Those identified or implied are: d. Universities have a different environment than corporations. Corporations are managed top-down with the chief executives holding much influence over everything. Universities are much more decentralized and subunits operate with more autonomy. e. The IT staff at universities are not usually experienced with ERP systems and tend to rush implementation and not test the systems.
19
Chapter 6 Solutions
Enterprise Resource Planning (ERP) Systems
f. Too many “home-grown” legacy systems that may be difficult to convert into ERP systems. The article does mention that middleware can be used to integrate the legacy systems into an ERP system. g. University presidents or administrators may have too high expectations for ERP systems and try to implement too many modules. h. The ERP systems costs more to support than the legacy systems. i. It is difficult to get “buy-in” from everyone across campus for different processes that match the ERP system. This is difficult in universities because of the autonomy mentioned in (a) above. j. Universities have lean staffs and tight budgets which leads to lack of staff training and less testing of the system. k. In some cases the load on the system of all the returning students in the fall caused the web portal to crash. (for example at Massachusetts) l. ERP vendors, such as PeopleSoft did not have as much experience in University implementations and often were unable to provide answers. m. In the Montclair University lawsuit against Oracle, both sides claim the other party is to blame. The project was named the ”Bell Tower Initiative” and it was to take 25 months and cost $15.75 million. Montclair claimed that the Oracle IT staff were subcontractors who were unprepared to conduct the implementation and were constantly rotated on and then off the project. Oracle claimed the university did not have a competent IT staff who understood the technology. The Montclair staff could not properly assist Oracle’s staff.
http://www.informationweek.com/applications/oracle-montclair-stateuniversity-settle-bitter-contract-dispute/d/d-id/1109019?
20
Chapter 7 Solutions Processes
Auditing Information Technology-Based
Turner/Accounting Information Systems, 5e Solutions Manual Chapter 7
Concept Check 1. b 2. b 3. d 4. c 5. b 6. a 7. c 8. b 9. d 10. a 11. a 12. c 13. c 14. d 15. c 16. a 17. c 18. a 19. a 20. c 21. d
Discussion Questions 22. (SO 1) What are assurance services? What value do assurance services provide? What are assurance services? Assurance services are accounting services that improve the quality of information and are usually performed by an accountant or CPA. The accountant’s purpose of reviewing financial reports is to certify and bring creditability to the information in the reports for financial users. The most common type of assurance service is an audit. What value do assurance services provide?
Chapter 7 Solutions Processes
Auditing Information Technology-Based
The value that assurance services provide is reducing information risks, by firm’s hiring an external auditor for unbiased auditing, which certifies to financial users that the company’s reports are accurate and complete. 23. (SO 2) Differentiate between a compliance audit and an operational audit. A compliance audit is a form of assurance service that involves accumulating and analyzing information to determine whether a company has complied with regulations and policies established by contractual agreements, governmental agencies, company management, or other high authority. Operational audits assess operating policies and procedures for efficiency and effectiveness. 24. (SO 2) Which type of audit is most likely to be performed by government auditors? Which type of audit is most likely to be performed by internal auditors? Governmental auditors are most likely to perform compliance audits, and internal auditors are most likely to perform operational audits. 25. (SO 2) Identify the three areas of an auditor’s work that are significantly impacted by the presence of IT accounting systems. The IT environment plays a key role in how auditors conduct their work in the following three areas: 1. Consideration of risk. Auditors must now consider a lack of paper trail for some transactions that are directly entered into the system. Other considerations also include figuring out whether there might have been a past system failure or database destruction that could have possibly eliminated/altered possible transactions of the company being audited. 2. Audit procedures used to obtain knowledge of the accounting and internal control systems. Audits must now have procedures that test both general and application controls of an IT system to test how reliable these controls are. Auditors also have the option of auditing through the computer that allows the auditors to actually test the internal controls of the IT system. 3. Design and performance of audit tests. Auditors must design tests that are specific to the accounts and information systems in place at the company being audited. A company’s IT system can be unique with different features that can influence the manner in which an audit is completed. 26. (SO 3) Describe the three causes of information risk. Information risk: Information risk is the possibility of the decision maker using inaccurate information. There are three causes of information risk: remoteness of information, volume and complexity of underlying data, and motive of the preparer. 1) Remoteness of information: A decision maker must trust others to provide needed information. If the source of information is removed from the decision maker, the information stands a greater chance of being inaccurate. Geographic distance may cause a remoteness of information. Remoteness makes verification of information difficult. Due to distance, a decision maker may be unaware of important information. 2) Volume and complexity of the underlying data: When a business grows, so does the volume and complexity of the business. The number of transactions
Chapter 7 Solutions Processes
Auditing Information Technology-Based
increases. The company can become overloaded with information. The risk of an overload can lead to inaccurate information. 3) Motive of the preparer: The person who prepares the information may have different objectives for the company than the decision maker. Due to variations in viewpoints or incentives of the preparer, the information may be deemed inaccurate. The inaccurate information can impact the decision. 27. (SO 3) Explain how an audit trail might get “lost” within a computerized system. Loss of an audit trail occurs when there is a lack of physical evidence to view to support a transaction. This may occur when the transaction details are entered directly into the computer system, with no supporting paper documents. If there is a system failure, database destruction, unauthorized access, or environmental damage, the information processed under such a system may be lost or altered. 28. (SO 3) Explain how the presence of IT processes can improve the quality of information that management uses for decision making. IT processes tend to provide information in a timely and efficient manner. This enhances management’s ability to make effective decisions, which is the essence of quality of information. 29. (SO 4) Distinguish among the focuses of the GAAS principles of performance and reporting. The principle of performance requires that auditors obtain reasonable assurance about whether the financial information is free of material misstatement. The principle of reporting addresses the auditor’s requirement to express an opinion on the financial information based on the evaluation of evidence. Thus, reporting must have a foundation on the performance of the audit. 30. (SO 4) Which professional standard-setting organization provides guidance on the conduct of an IT audit? The Information Systems Audit and Control Association (ISACA) is responsible for issuing Information Systems Auditing Standards (ISASs), which provide guidelines for conducting an IT audit. Professional Standard-setting organization: The Information Systems Audit and Control Association (ISACA) provides guidance on the conduct of an IT audit. Responsibilities: ISACA establishes Information Systems Auditing Standards. Those standards pertain to unique aspects of the business’s information systems environment, namely control and security. 31. (SO 5) If management is responsible for its own financial statements, why are auditors important? Auditors are important because they are responsible for analyzing financial statements to decide whether they are fairly stated and presented in accordance with GAAP. Since the financial statements are prepared by managers of the company, the role of auditors is to reduce information risk associated with those financial statements. To accomplish this, auditors design tests to analyze information supporting the financial statements in order to determine whether management’s assertions are valid. 32. (SO 6) List the techniques used for gathering evidence. The techniques used for gathering evidence include the following:
Chapter 7 Solutions Processes
Auditing Information Technology-Based
physically examining or inspecting assets or supporting documentation obtaining written confirmation from an independent source rechecking or recalculating information observing activities making inquiries of company personnel analyzing financial relationships and making comparisons to determine reasonableness 33. (SO 6) During which phase of an audit would an auditor consider risk assessment and materiality? Risk Considered during Planning Phase of an Audit: An auditor must consider risk assessment and materiality during the planning phase of an audit, because both of these characteristics determine the types of auditing tests necessary and the extent to which they should be applied while conducting an audit. Risk and materiality are both very subjective and require an experienced auditor. Risk assessment involves evaluating the risks, both internal and external, that a business faces. This involves taking a close look at the internal controls of an organization to make sure that the business is taking as many precautions as necessary to prevent problems. Materiality is determining what amount of money is significant enough to make a difference in decision making. For example, a $1,000 expense would be relatively insignificant to a giant company like Amazon or Apple, but the same amount could make quite a difference in a small family-owned restaurant. Both of these characteristics are important to the auditor's planning process, to make sure that he is conducting an audit appropriate for the scope of the organization. 34. (SO 7) Distinguish between auditing through the computer and auditing with the computer. When are auditors required to audit through the computer as opposed to auditing around the computer? Auditing through the computer involves directly testing internal controls within the IT system, which requires the auditors to understand the computer system logic. Auditing through the computer is necessary when the auditor tests computer controls as a basis for evaluating risk and reducing the amount of audit testing required, and when supporting documents are available only in electronic form. Auditing with the computer involves auditors using their own systems, software, and computer-assisted audit techniques to help conduct an audit. 35. (SO 8) Explain why it is customary to complete the testing of general controls before testing application controls. Since general controls are the automated controls that affect all computer applications, the reliability of general controls must be established before application controls are tested. The effectiveness of general controls is considered the foundation for the IT control environment. If there are problems with the effectiveness of general controls, auditors will not devote attention to the testing of application controls; rather, they will reevaluate the audit approach with reduced reliance on controls. 36. (SO 8) Identify four important aspects of administrative control in an IT environment. Four important aspects of administrative control include:
Chapter 7 Solutions Processes
Auditing Information Technology-Based
personal accountability and segregation of incompatible responsibilities job descriptions and clear lines of authority computer security and virus protection IT systems documentation 37. (SO 8) Explain why Benford’s Law is useful to auditors in the detection of fraud. Benford’s Law recognizes non-uniform patterns in the frequency of numbers occurring in a list, so it is useful to auditors in the identification of fabricated data within account balances such as sales, accounts receivable, accounts payable, cash disbursements, income taxes, etc. If fraudulent data are presented, they would not likely follow the natural distribution that Benford’s Law sets forth. 38. (SO 8) Think about a place you have worked where computers were present. What are some physical and environmental controls that you have observed in the workplace? Provide at least two examples of each from your personal experience. Student’s responses are likely to vary greatly. Examples of physical controls may include card keys and configuration tables, as well as other physical security features such as locked doors, etc. Environmental controls may include temperature and humidity controls, fire, flood, earthquake controls, or measures to ensure a consistent power supply. 39. (SO 8) Batch totals and hash totals are common input controls. Considering the fact that hash totals can be used with batch processing, differentiate between these two types of controls. Both batch totals and hash totals are mathematical sums of data that can be used to determine whether there may be missing data. However, batch totals are meaningful because they provide summations of dollar amounts or item counts for a journal entry used in the financial accounting system, whereas hash totals are not relevant to the financial accounting system (i.e., the hash totals are used only for their control purpose and have no other numerical significance). 40. (SO 8) The test data method and an integrated test facility are similar in that they are both tests of applications controls and they both rely on the use of test data. Explain the difference between these two audit techniques. The test data method tests the processing accuracy of software applications by using the company’s own computer system to process fictitious information developed by the auditors. The results of the test must be compared with predicted results. An integrated test facility also tests processing applications, but can accomplish this without disrupting the company’s operations. An integrated test facility inputs fictitious data along with the company’s actual data, and tests it using the client’s own computer system. The testing occurs simultaneously with the company’s actual transaction processing. 41. (SO 9) Explain the necessity for performing substantive testing even for audit clients with strong internal controls and sophisticated IT systems. Since substantive testing determines whether financial information is accurate, it is necessary for all financial statement audits. Control testing establishes whether the system promotes accuracy, while substantive testing verifies the monetary amounts of transactions and account balances. Even if controls are found to be effective, there still needs to be some testing to make sure that the amounts of transactions and account balances have actually been recorded fairly. 42. (SO 9) What kinds of audit tools are used to perform routine tests on electronic data files taken from databases? List the types of tests that can be performed with these
Chapter 7 Solutions Processes
Auditing Information Technology-Based
tools. CPA firms use generalized audit software (GAS) or data analysis software (DAS) to perform audit tests on electronic data files taken from commonly used database systems. These tools help auditors perform routine testing in an efficient manner. The types of tests that can be performed using GAS or DAS include: mathematical and statistical calculations data queries identification of missing items in a sequence stratification and comparison of data items selection of items of interest from the data files summarization of testing results into a useful format for decision making 43. (SO 10) Which of the four types of audit reports is the most favorable for an audit client? Which is the least favorable? An unqualified audit report is the most favorable because it expresses reasonable assurance that the underlying financial statements are fairly stated in all material respects. On the other hand, an adverse opinion is the least favorable report because it indicates the presence of material misstatements in the underlying financial statements. 44. (SO 10) Why is it so important to obtain a letter of representations from an audit client? The letter of representations is so important because it is management’s acknowledgement of its primary responsibility for the fair presentation of the financial statements. In this letter, management must declare that it has provided complete and accurate information to its auditors during all phases of the audit. This serves as a significant piece of audit evidence. 45. (SO 11) How can auditors evaluate internal controls when their clients use IT outsourcing? When a company uses IT outsourcing, auditors must still evaluate internal controls. This may be accomplished by relying upon a third-party report from the independent auditor of the outsourcing center, or it can audit around the computer, or it can test controls at the outsourcing center. 46. (SO 12) An auditor’s characteristic of professional skepticism is most closely associated with which ethical principle of the AICPA Code of Professional Conduct? Professional skepticism is most closely associated with the principle of Objectivity and Independence. Professional skepticism means that auditors should have a questioning mind and a persistent approach for evaluating financial information for the possibility of misstatements. This is closely related to the notion of objectivity and independence in its requirements for being free of conflicts of interest.
Brief Exercises 47. (SO 2) Why is it necessary for a CPA to be prohibited from having financial or personal connections with a client? Provide an example of how a financial connection to a company would impair an auditor’s objectivity. Provide an example of how a personal relationship might impair an auditor’s objectivity. An auditor should not have any financial or personal connections with a client company because they could impair his/her objectivity. It would be difficult for an auditor to be free of bias if he/she were to have a financial or personal relationship with the company or one of its associates. For example, if an auditor owned stock in a client
Chapter 7 Solutions Processes
Auditing Information Technology-Based
company, the auditor would stand to benefit financially if the company’s financial statements included and unqualified audit report, as this favorable opinion could lead to favorable results for the company such as paying a dividend, obtaining financing, etc. Additionally, if an auditor had a family member or other close personal relationship with someone who works for the company, the auditor’s independence may be impaired due to the knowledge that the family member or other person may be financially dependent upon the company or may have played a significant role in the preparation of the financial statements. 48. (SO 3) From an internal control perspective, discuss the advantages and disadvantages of using IT-based accounting systems. The advantages of using ITbased accounting systems are the improvements in internal control due to the reduction of human error and increase in speed. The disadvantages include the loss of audit trail visibility, increased likelihood of lost or altered data, lack of segregation of duties, and fewer opportunities for authorization and review of transactions. 49. (SO 4) Explain why the principle of performance for GAAS is not particularly helpful to an auditor who is trying to determine the types of testing to be used on an audit engagement. GAAS provides a general framework that is not detailed enough to provide specific guidance on how to actually perform an audit. It does not set forth specific testing to be performed; rather, it establishes the foundational ideals for audits. For more detailed guidance, auditors rely upon standards issued by the PCAOB, the ASB, the IAASB, the ISB, and ISACA. 50. (SO 5) Porter and Sly are assigned to perform the audit of Core Beliefs Yoga Company. During the audit, it was discovered that the amount of sales reported on Core Belief’s income statement was understated because one week’s sales transactions were not recorded due to a computer glitch. Porter claims that this problem represents a violation of the management assertion regarding existence, because the reported account balance was not real. Sly argues that the completeness assertion was violated, because relevant data was omitted from the records. Which auditor is correct? Explain your answer. Which Auditor is Correct? Sly Definitions: Existence/Occurrence: “Determine that recorded transactions, events, and related account balances are real and have been properly authorized” (Turner 224). The completeness assertion is concerned with possible omissions from the accounting records and the related understatements of financial information; in other words, it asserts that all valid transactions have been recorded. Completeness: “Determine that all existing transactions and related accounted balances are recorded - i.e. , that none have been omitted" (Turner 224). Existence is concerned with the possibility of fictitious transactions and related overstated financial information. Explanation: Sly’s argument that the completeness assertion was violated is correct because, by definition, ensuring that the purchasing transactions are recorded falls under the category of completeness. The computer glitch allowed for purchase transactions to be omitted, which is in direct violation of the definition of completeness.
Chapter 7 Solutions Processes
Auditing Information Technology-Based
Porter’s logic that the problem relates to the category of existence is faulty because that category relates more specifically to ensuring that all transactions that occur are authentic and are authorized. Porter states that the account balance was not real, however, the purchases are indicated to be real - they just weren’t recorded. If the auditors had discovered that the purchases were not authorized, or that they were not authentic, then Porter would have been correct. Overall, the problem indicates that the purchase transactions were not recorded due to a computer glitch - this glitch does not indicate that the purchase transactions were not real, or that they were not authorized. Rather, it simply malfunctioned and did not record the purchases in the period that it should have recorded them. To meet the completeness category, management was responsible to ensure that all transactions and balances were recorded properly. As the purchases were not recorded, this problem is a violation of the management assertion regarding completeness. 51. (SO 6) One of the most important tasks of the planning phase is for the auditor to gain an understanding of internal controls. How does this differ from the tasks performed during the tests of controls phase? During the planning phase of an audit, auditors must gain an understanding of internal controls in order to determine whether the controls can be relied upon as a basis for reducing the extent of substantive testing to be performed. Understanding of internal controls is the basis for the fundamental decision regarding the strategy of the audit. It also impacts the auditor’s risk assessment and establishment of materiality. During the tests of controls phase, the auditor goes beyond the understanding of the internal controls and actually evaluates the effectiveness of those controls. 52. (SO 8) How is it possible that a review of computer logs can be used to test for both internal access controls and external access controls? Other than reviewing the computer logs, identify and describe two types of audit procedures performed to test internal access controls, and two types of audit procedures performed to test external access controls. 1) Internal access control computer log review: Internal computer logs are important to review because they can show an auditor login failures, gauge access times for reasonableness, or detect unusual activity. The tests can also show if the company is segregating the duties of employees. If an auditor found one or more faulty login attempts, more tests would be needed. Computer logs can show if an internal unauthorized employees accessed data that they should not have. 2) External access control computer log review: Computer logs can be used to review any unauthorized users or failed access attempt. When companies expand into new technology and share information over the web, the possibility of an external access increases. 3) Internal access control audit procedures: Two audit procedures performed to test internal access controls are authenticity tests and access privileges. Authenticity tests are performed to make sure authorized employees have access to only the data needed for their job. Auditor perform test to ensure employees who know longer work for the company are denied access. Auditor also need to ensure employees who have changed job responsibility have the correct access.
Chapter 7 Solutions Processes
Auditing Information Technology-Based
4) External access control audit procedure: Two audit procedures performed to test external access controls are penetration tests and vulnerability tests. Penetration tests is when an auditor attempts to access the computer system through different methods. This method tells if controls are working as the system is intended. In a vulnerability assessment a company’s control environment is assessed for weaknesses. 53. (SO 9) Explain why continuous auditing is growing in popularity. Identify and describe a computer-assisted audit technique useful for continuous auditing. Continuous auditing has increased in popularity due to the increase in e-commerce. Real-time financial reporting has created the need for continuous auditing, whereby auditors continuously analyze evidence and provide assurance on the related financial information as soon as it occurs or shortly thereafter. The embedded audit module is a computer-assisted audit technique that accomplishes continuous auditing. The embedded audit module approach involves placing special audit testing programs within a company’s operating system. These test modules search the data and analyze transactions or account balances that meet specified conditions of interest to the auditor. 54. (SO 11) Distinguish between the various service organization controls (SOC) reporting options available to auditors who evaluate cloud computing service providers. The SOC 1 report addresses internal controls over financial reporting. A SOC 1Type I report contains management’s assessment and the auditor’s opinion on the operating design of internal controls over financial reporting. A SOC 1 Type II report is an extension of the Type I report in that it also evaluates the operating effectiveness of those internal controls. A SOC 2 report considers controls over compliance and operations, including the Trust Services Criteria. Similar to SOC 1 reports, SOC 2 reporting options also allow for a Type I or Type II conclusion depending upon whether the auditor consider suitability of design or operating effectiveness of those controls, respectively. Finally, a SOC 3 report is an unaudited report that is available to the general public containing a CPA firm’s conclusion on the elements of the Trust Services Criteria.
Problems 55. (SO 4) Given is a list of standard-setting bodies and a description of their purpose. Match each standard-setting body with its purpose. I. c. The PCAOB was created by the Sarbanes-Oxley Act of 2002 to establish guidelines for public companies and their auditors. II. a. The ASB was established by the AICPA to issue SASs. III. d. The IAASB issues ISAs to promote uniformity of worldwide auditing practices. IV. b. ISACA issues ISASs to provide guidelines to IT audits. 56. (SO 8) Identify whether audit tests are used to evaluate internal access controls (I), external access controls (E), or both (B).
Chapter 7 Solutions Processes
Auditing Information Technology-Based
Authenticity tests (B) Penetration tests (E) Vulnerability assessments (E) Review of access logs (B) Review of policies concerning the issuance of passwords and security tokens (I)
57. (SO 9) Refer to the notes payable audit program excerpt presented in Exhibit 7-3. If an auditor had a copy of his client’s data file for its notes receivable, how could a general audit software or data analysis software package be used to assist with these audit tests? GAS and DAS could assist auditors in testing notes payable by performing mathematical calculations of interest amounts, stratification of amounts into current and long-term categories according to maturity dates, and performing ratio calculations as may be needed to assess compliance with restrictions. 58. (SO 11) To preserve auditor independence, the Sarbanes-Oxley Act of 2002 restricts the types of nonaudit services that auditors can perform for their public-company audit clients. The list includes nine types of services that are prohibited because they are deemed to impair an auditor’s independence. Included in the list are the following: financial information systems design and implementation internal audit outsourcing Describe how an auditor’s independence could be impaired if she performed IT design and implementation functions for her audit client. Likewise, how could an auditor’s involvement with internal audit outsourcing impair her independence with respect to auditing the same company? Both of these scenarios would place the auditor in a position of auditing his/her own work. Auditors could not maintain independence if they are involved in both the IT design and implementation as well as the financial statement audit. To the extent that the IT system impacts financial reporting, an auditor could not possibly be unbiased with respect to a system that he/she had designed and implemented. Likewise, auditors are not likely to be unbiased with respect to performing a financial statement audit for the same company as he/she performed internal audit work. Any evaluations performed during the internal audit engagement are likely to have a bearing on the auditor’s professional attitude while performing the financial statement audit. 59. (SO 2) Visit the AICPA website at www.aicpa.org and select the tab for Career Paths. Click on “Choosing a career in accounting” to locate information on audit careers. The AICPA website presents information on the profession, including 01. Types of employers (public accounting versus business/industry/government), 02. Size of the company (large, mid-sized, small), .03 Industry (goods, services, government, non-profit), 04. Practice areas (financial accounting, management accounting, internal audit, tax), 05. Specializations (financial reporting, mergers & acquisitions, business valuation, international, education, triple bottom line reporting, forensics & fraud, compliance, personal financial planning, information technology), and .06 Beyond.
Chapter 7 Solutions Processes
Auditing Information Technology-Based
60. (SO 4, 9) Visit the ISACA website at www.isaca.org and click on the Knowledge and Insights tab, then select Research and click on the ISACA Innovation Insights tab to find summaries of various reports covering new technology trends. Answer these questions: a. List the current technology trends, then read the summaries to obtain an understanding of each item. The following reports are currently available for access: Innovation Insights Big Data Analytics Mobile Technologies Cloud Computing Machine Learning Scoring Calculations b. According to the report summary, what is machine learning and how is it different from Big Data analytics? Machine learning includes predictive analytics and cognitive systems that go beyond Big Data analytics, giving companies the ability to discover patterns and trends from increasingly large and diverse datasets, enabling them to automate analysis that was traditionally done by humans, etc. 61. (SO 8) Locate the stock tables for the two major stock exchanges in any issue of the Wall Street Journal. Beginning from any point within the table, prepare a list of the first digits of the daily volume for 100 stocks. Determine whether the listed numbers conform to Benford’s Law. Student responses will vary depending upon the timing of carrying out this requirement and the starting point used. However, students should determine whether the number 1 is represented as the first digit of the volume figures for approximately 33% of the items within the list. If so, then the data conforms to Benford’s Law. 62. (SO 12) Perform an Internet search to determine the nature of Xerox Corporation’s management fraud scheme and to find out what happened to the company after the problems were discovered. Xerox’s fraud involved earnings management or manipulation of the financial statements in order to boost earnings. This occurred at Xerox to the tune of hundreds of millions of dollars and involved various accounting tricks to hide the company’s true financial performance so that it would meet or beat Wall Street expectations. The most significant trick was the premature recording of revenues. Upon discovery of the fraud, the SEC filed a $10 million civil suit against Xerox, the largest fine in SEC history. In addition, Xerox had to restate its earnings from 1997 through 2001.
Cases
Chapter 7 Solutions Processes
Auditing Information Technology-Based
63. (SO 8) Internal Controls and CAATs for a Wholesale client. a. What tests of controls would be effective in helping Raven determine whether World’s vendor database was susceptible to fraud? The following tests of controls could be used: Verify that the database is physically secure and that programs and data files are password protected to prevent unauthorized access. Since this case involves an internal breach of authority, access logs should be reviewed for activity at unusual times (non-business hours). Make sure that system programmers do not have access to database operations so that there is no opportunity to alter source code and the related operational data. Ascertain that database inputs are being compared with systemgenerated outputs. Determine whether run-to-run totals are being generated and reviewed to evaluate the possibility of lost or altered data. Ascertain that computer-generated reports are reviewed by management. Determine whether the client’s field checks, validity checks, and reasonableness checks are all working effectively. b. What computer-assisted audit technique would be effective in helping Raven determine whether World’s vendor database had actually been falsified? Raven could use GAS or DAS to perform audit testing on electronic data files taken from World’s database system. Several types of audit tests commonly performed by GAS or DAS systems could be used, including data queries, stratification and comparison of data items, and selection of items of interest. Also, the following can be performed to test the propriety of system inputs: Financial control totals can be used to determine whether total dollar amounts or item counts are consistent with journal entry amounts. This can detect whether additions have been made during processing. Validation checks can be performed to scan entries for bogus information. Depending on the type of IT system, a validity check of the vendor number field may prevent the entry of fictitious vendors. Field checks can be performed to identify unrecognized data. If the bogus transactions are being entered during processing, Raven may use program tracing to evaluate program logic for possible points of entering fraudulent data. Run-to-run totals may also be used to determine whether data has been altered during processing. In addition, Raven can perform output controls such as reasonableness tests to review the output against authorized inputs, and/or audit trail tests to trace transactions through the system to determine if changes occurred along the way. 64. (SO 10)Issues with the client representation letter. a. Would it be appropriate for Abbott to reopen the audit testing phases in order to expand procedures, in light of the lack of representative evidence from management? Why or why not? No, Abbott should not expand testing procedures. The purpose of the client’s representations letter is for management to acknowledge its primary responsibility for the fair
Chapter 7 Solutions Processes
Auditing Information Technology-Based
presentation of the financial statements and the accuracy of evidence provided to the auditors. It is considered the most significant piece of audit evidence. Obtaining additional evidence would not compensate for a failure to secure a letter of representations; in fact, it is likely that additional testing would be meaningless unless management represents that the evidence it supplies is accurate. b. Will Abbott’s firm still be able to issue an unqualified audit report if it does not receive the representations letter? Research the standard wording to be included in an unqualified audit report, as well as the typical wording included in a client representations letter. Base your answer on your findings. No, an unqualified report is no longer possible due to the failure to obtain written representations from management. This constitutes a limitation in the scope of the audit. Abbott’s firm may either withdraw from the engagement or issue a disclaimer. The standard regarding a client’s representations letter can be found in AU-C section 580. The standard for the auditor’s opinion can be found in AU-C section 700.
Chapter 8 Solutions
Revenue and Cash Collection Processes
Turner/Accounting Information Systems, 45e Solutions Manual Chapter 8 Concept Check 1. a 2. c 3. a 4. c 5. d 6. a 7. c 8. d 9. c 10. a 11. d 12. b 13. a 14. d 15. c 16. d
Discussion Questions 17. (SO 2) Why is it important to establish and monitor credit limits for customers? Allowing customers to order an excess over what they are able to pay poses a large risk for companies. It is important to review a customer’s credit worthiness and then establish a credit limit based on that credit worthiness. Once the limit is established, the company should have processes or methods in place to ensure the credit limit is not exceeded. Without a limit, or monitoring that limit, the company runs the risk of not being paid for goods or services purchased by customers. 18. (SO 2) Distinguish between a pick list and a packing slip. Although the information on these two documents is essentially the same, they are used for different purposes. Both documents contain the items and quantities for a particular customer order. However, a pick list is used in the warehouse to pull items from the warehouse shelves, while a packing slip is included in the box or boxes shipped to the customer. The packing slip tells the customer which items are in the shipment. 19. (SO 2) How can an effective system of internal controls lead to increased sales revenue? When an effective systems of internal controls is in place, managers may be able to spend less time overseeing operations and can therefore spend more time on revenue growth strategies and activities. For example, with a proper set of Page 8-1
Chapter 8 Solutions
Revenue and Cash Collection Processes
general authorization procedures for sales, a manager would not need to approve each sale individually. This gives the manager more time to focus on activities that could lead to increased revenue. 20. (SO 2) Why should the person responsible for shipping goods to customers not also have responsibility for maintaining records of customer accounts? Custody of assets and responsibility for record keeping should always be segregated. In this case, the person shipping the goods has custody and could therefore steal assets. Access to customer records would allow that person to also alter records (by deleting the sale or writing it off as a bad debt) to hide the theft. 21. (SO 3) What is the purpose of a credit memorandum? The credit memorandum documents the fact that a customer has returned goods. It is also used to reduce the customer’s receivable account balance based upon the return of goods. 22. (SO 3) How are sales invoices used (in a manual system) in the preparation of credit memos? The sales invoice is matched to the receiving report that results from returned goods. This match is necessary to verify that the merchandise was in fact sold to the customer, and to verify the selling price that should be refunded. 23. (SO 2) How can a security guard in a warehouse be considered an important component of a company’s accounting system? Internal controls over assets should include physical controls to prevent theft or misuse. For example, cash should be locked in a safe to prevent the theft of cash. Likewise, a security guard can help prevent theft or misuse of assets. This internal control would not be expected to prevent all theft, but would help reduce the occurrence of a theft. 24. (SO 3) How could fraud be perpetrated through the sales returns process? In the absence of good internal controls, there are several types of fraud that could occur in sales returns. These include: 1) customers returning goods not originally purchased from the company, 2) customers requesting a refund higher than the original sales amount, 3) customers requesting refunds for goods that were never returned by submitting false documentation of a return, and 4) theft of returned goods by an employee. 25. (SO 6,7,8) Identify and distinguish between the three types of IT systems used in the sales process. The three types of IT systems described are EDI, e-commerce or Internet EDI, and point of sale systems. EDI and Internet EDI are used in company to company sales of goods and services. In EDI systems, the buyer and seller computer systems are connected and order data is exchanged electronically. EDI typically uses a value added network (VAN), while Internet EDI uses the internet to exchange data. Internet EDI is usually much more cost effective than EDI because the exchange via the Internet can be cost free. A POS system is used in end consumer sales such as retail stores and restaurants. A POS system usually is a touch screen or bar code system at the cash register that records the sale and updates the appropriate cash, sales, and inventory accounts. All three systems are IT enablement of the sales process and they each improve the efficiency and effectiveness of sales processes. 26. (SO 6) Distinguish between B2B sales and B2C sales. Other than those presented in this chapter, name a company from your personal experience that uses B2C sales. B2B sales are IT enabled sales between two businesses. B2C sales are IT
Page 8-2
Chapter 8 Solutions
Revenue and Cash Collection Processes
enabled sales between a business and an end consumer. A student could mention any online retailer, online bank, online broker, airline, etc. as examples of B2C. 27. (SO 6) List the advantages of e-commerce systems. The advantages are reduced costs, shorter sales cycles, increased accuracy and reliability of sales data, and an increase in the potential market. 28. (SO 6) Identify two of the biggest risks to companies who use e-commerce, along with controls to prevent these risks. Two of the business risks of e-commerce would be availability and security. If a company relies on online sales extensively, any failure in the hardware or software may make the online sales system unavailable and this causes lost sales. Lost sales can at times be very large losses. Unauthorized access or hackers represent a big risk to e-commerce. Placing sales orders online opens the company to unauthorized access and hacking, and therefore potential loss or destruction of data. 29. (SO 6,7) What controls should a company implement to ensure consistency of sales information between the front end and back end of its systems? Reconciliations and verifications are important in the integration of front end and back end systems. As data moves from a front end system, such as an online sales system, to a back end system, such as warehouse systems, a reconciliation or verification can ensure the data was transmitted between systems accurately. 30. (SO 6) Why is a redundant server system needed in an e-commerce environment? Availability is extremely important in e-commerce systems. Any failure of the system represents lost sales because the system is not available for customer use. A large e-commerce company could lose thousands of dollars in sales from a two or three hour downtime. 31. (SO 6) Why should a company continuously monitor the capacity of its e-commerce system? Managers must plan for sufficient capacity in the company’s e-commerce system to ensure that it does not become overwhelmed by the volume of transactions. A slow or stalled website can result in lost sales. 32. (SO 7) What are the three components of an EDI system? The three component parts are: 1) intercompany transfer, indicating the sale/purchase is between two companies; 2) computer to computer, indicating the computer system of the two companies are connected; and 3) a standard format for business documents to facilitate the intercompany transference of electronic documents. 33. (SO 7) What are the three standard parts of an EDI data transmission? Header and trailer data, labeling interchanges, and data segments. Header data is data about the file or transmission being sent. The header identifies the beginning and end of a particular transaction data set. Trailer data is also data about the file or transmission and identifies the end of a particular transaction data set. Labeling interchanges identify the type of transactions in the set, such as a set of sales invoices. Data segments include the actual data within the invoices, such as quantities and prices. 34. (SO 7) How could it be possible for two companies to conduct EDI if they are not directly connected with each other? Two companies could use a value added network (VAN) as a third party provider of electronic inboxes for EDI exchanges. 35. (SO 7) List the advantages of an EDI system. The advantages are elimination of keying, keying errors, and the time needed for keying, the elimination of mailing time
Page 8-3
Chapter 8 Solutions
Revenue and Cash Collection Processes
and postage costs, reduction of inventory levels, and competitive advantage and/or preservation of existing business. 36. (SO 6,7,8) What is the purpose of maintaining transaction logs? Why are they especially important in IT systems? Transaction logs serve as the audit trail of transactions processed by the computer. Review of these logs can ensure that no transactions are lost or unaccounted for. The logs also help ensure a company can avoid repudiation of sales. 37. (SO 8) List some advantages of a POS system. Advantages include ease of use by employees, elimination of manually entered data, real-time access to prices and inventory levels, real-time credit card authorization, real-time update of affected accounting records, immediate summaries and reports of sales and cash, and integration with the general ledger accounts. 38. (SO 8) Why are backup systems one of the most important controls for POS systems? A system failure in a POS system would interrupt or halt sales. Such lost sales can be a large dollar amount and there could be future lost sales if customers become irritated by the system failures. To avoid these failures and the resulting lost sales, a company should maintain some type of backup system. 39. (SO 9) Describe a popular fraud scheme where company employees misuse the sales revenues cutoff. This is called leaving sales open. It inflates sales by recording sales from the first few days of the next month in the current month.
Brief Exercises 40. (SO 2,4) Describe what is likely to occur if company personnel erroneously recorded a sales transaction for the wrong customer? What if a cash receipt was applied to the wrong customer? Identify internal controls that would detect or prevent this from occurring. If the sale is attached to the wrong customer, the wrong customer would be billed and it may cause both the wrong customer and the correct customer to have a negative opinion about the company. In addition, if the company does not maintain adequate documentation, it may be difficult to determine which customer should be billed. Therefore, the company may not be able to collect the cash it should have collected. If a cash receipt is applied to the wrong customer, then two customer balances will be erroneous. The company would continue to bill the customer who paid, while not billing the correct amount to the wrong customer. Without adequate documentation, it would be difficult to correct this situation. The internal controls that would help prevent these errors are maintaining adequate documentation, including source documents such as sales orders and remittance lists; the matching of key documents before recording; reconciliations and verifications of invoices to receivables; and supervision. 41. (SO 4) Debate the logic used in the following statement: “The person responsible for handling cash receipts should also prepare the bank reconciliation because he is most familiar with the deposits that have been made to the bank account.” It is true that if a person could be absolutely trusted to do both duties, it may be more efficient. However, having both duties provides opportunity and temptation for that
Page 8-4
Chapter 8 Solutions
Revenue and Cash Collection Processes
person to steal cash and cover up the theft. In addition, a single person doing both duties might make an error affecting both the receipts and reconciliation. Segregating these duties may slightly decrease the efficiency of bank reconciliations, but the positive benefits of fraud prevention or detection and error detection outweigh any efficiencies. 42. (SO 7) Revenue systems are crucial in the healthcare industry, where hundreds of billions of dollars are spent annually reconciling revenues and billing data from the perspectives of providers (doctors and clinics, etc.) and payers (insurance companies). Briefly describe how EDI would be beneficial in this industry. Describe the purpose of the header data and trailer data. In an EDI system, the computer systems of the biller and payer are connected and they would greatly speed up the billing and paying process, as well as decrease the errors in the process. Without EDI, there would be keying errors, delays related to keying data and mailing bills and payments. The header and trailer data identify the transaction data set so that the two computer systems can ensure the correct transaction data is matched. The header and trailer also identify the beginning and end of a transaction data set. 43. (SO 2,3,4) Use the process maps in this chapter to answer the following questions: a. What would a credit manager do if a sales order received caused a customer to exceed its credit limit? The sale should be disapproved (rejected). b. What happens after the shipping department verifies that the quantities and descriptions of goods prepared for shipment are consistent with the sales order? The goods are shipped, an invoice is prepared and mailed; the following records are updated: sales, general ledger; and a month end statement is prepared and mailed to the customer. c. What would an accounts receivable clerk do if a $100 credit memo is issued to a customer whose accounts receivable balance is $1,000? The clerk should first check to make sure of the balance. Then, that customer’s balance would be decreased to $900. d. When is it necessary for an accounts receivable clerk to notify a customer? An accounts receivable clerk would not need to notify customers. 44. (SO 2) Describe how the matching of key information on supporting documents can help a company determine that its revenue transactions have not been duplicated. For any sale, return or cash transaction, only one set of matching documents should exist. Once the documents are matched and recorded for a particular transaction, they should be filed as a completed transaction. Thus, that same transaction would not be recorded again since the source documents are filed. 45. (SO 2,3) Describe how the use of pre-numbered forms for receiving reports and credit memos can help a company determine that sales return transactions have not been omitted from the accounting records. When pre-numbered forms are used, it is much easier to ensure that the entire series of transactions have been accounted for. Conversely, a missing number in the sequence of pre-numbered documents is a clear indication that a transaction has been omitted. This may be easier to
Page 8-5
Chapter 8 Solutions
Revenue and Cash Collection Processes
understand if you think about what it would mean if your own personal check book record was missing a check numbered 154. 46. (SO 8) Describe how a POS system could be useful to a company’s marketing managers. How could it be useful to production managers? A POS system can provide immediate feedback about product sales and inventory levels. Therefore, marketing managers can get immediate feedback about which products sell well, which do not, and how price changes may affect sales of individual products. Purchasing agents could use the real-time inventory level feedback to more appropriately plan when to purchase certain products. The purchasing agents may not need to purchase as frequently or in as large of batches if they are better able to monitor inventory levels on a real-time basis. They might also get better information about seasonal or weather related fluctuations in sales of certain products and this would help them better plan purchases. 47. (SO 8) Briefly describe an example from your personal experience where you purchased something from a company that uses a POS system. How might your experience have been different if the POS system did not exist in the experience you described? There are many possible experiences students could describe. Most often students see or use POS systems at fast food restaurants and retail stores. Some students may have very good examples if they have worked as employees who have used POS systems. In regards to the differences if the POS system did not exist, the checkout experience would be slower, thereby leading to longer lines and more errors (such as incorrect prices and incorrect orders) in the process.
Problems 48. (SO 6) In 1990, Luca Romano opened a pizza restaurant that he named Luca’s in Detroit, Michigan. Over the years, he opened both company and franchise locations and grew the business to include over 40 restaurants that serve the three states around the Detroit area. In 2015, Luca introduced a centralized phone ordering system with one phone number for customers to use. This meant that the customer did not need to look up the phone number of a local restaurant and call that restaurant to order. Rather, customers call one number and the employees taking the order can determine the closest Luca’s location and process the order. This system also centralized the pricing, ordering, and inventory systems for Luca’s. In 2016, Luca’s began offering online pizza orders through its website. Luca’s advertises this Web ordering as more convenient for the customer. For example, its ads suggest that a customer can examine the entire menu on the Web site prior to ordering; something that is not possible with phone orders. While there are many customer advantages of Web ordering, there are also many advantages to the company. From an accounting and internal control perspective, describe the advantages of Luca’s system and any risks that it reduces. The Web ordering system provides the advantages of: cost savings through lower
Page 8-6
Chapter 8 Solutions
Revenue and Cash Collection Processes
marketing, employee, and paperwork costs; shorter sales cycles due to reduced time to place an order, increased accuracy and reliability of the order data; and increased potential market for the company’s products. Accordingly, Luca’s Web ordering system reduces the risks of misplacing an order, filling an order incorrectly, losing a sale due to a long wait time, and recording erroneous data due to errors in manual paperwork processing. Although some of these advantages and risk reductions are also realized through the company’s centralized phone ordering system, that phone system still involves manual processes to input customer orders, so there remain some costs and risks associated with employees, accuracy, and wait times. 49. (SO 8) You are the recent heir of $75,000 cash, with which you are considering opening a sushi bar in the university community. You would accept cash and credit card payments, which would be handled primarily by your servers. You also plan to offer introductory specials to attract customers during the initial months of business. Identify some advantages and disadvantages of investing in a POS system as part of this new business venture. What internal controls should be implemented to reduce the risk of theft or error related to the handling of cash, credit card payments, and coupons? Advantages of investing in a POS system as part of a new business venture include: Ease of use and ease of training servers. This is expected to lead to fewer errors and more accurate sales and inventory data. Time savings related to the elimination of manual input processes. This includes increased efficiency and reduced fraud related to processing of credit card payments from customers. Increased accuracy due to the real-time access to inventory and price data. For instance, if the sushi bar’s daily special is sold out, a notice can be posted online immediately so that the servers can quickly inform customers of the change. Enhanced accounting features such as real-time update of cash, sales, and inventory records, immediate summaries and analyses, and the potential for integration with a general ledger system will save manual steps and provide timely information for management purposes. Despite these many advantages, a new business venture would need to be especially careful of the extensive hardware and software costs that are necessary to support a POS system. In addition, availability risks may be significant, as any hardware and software failures could make the system unavailable and interrupt efficient business processes. Therefore, it is important that a new business venture consider these risks, analyze the costs and benefits of the system, and implement backup systems to reduce the availability risk. To reduce the risk of theft or error related to the handling of cash, credit card payments, and coupons, the sushi bar should be sure that its POS system includes all relevant payment information, including options to enter the use of coupons and
Page 8-7
Chapter 8 Solutions
Revenue and Cash Collection Processes
method of payment. In addition, summaries can be provided immediately so servers should be required to reconcile their transactions at the end of their shifts. 50. (SO 2,4,6) Charlie Wenning is the owner of CW Sports, a consignment shop for used sporting goods. Charlie accepts consigned goods and offers them for sale to the general public. Charlie rents business space, including a retail store where the consigned goods are displayed and sold, with adjoining office space where an Internet site is maintained and other administrative functions are performed. The Internet site includes photos and descriptions of items available for sale worldwide. If the goods sell, Charlie’s consignment fee is 45% of the sale price, and 55% is remitted to the consignor. Shipping costs on electronic orders are paid by the customers. Identify internal control considerations for the following: a. The e-commerce portion of the business. Internal control considerations associated with e-commerce should address the risks of security and confidentiality, processing integrity, and availability. Regarding security and confidentiality, Charlie should ensure that customers accessing the website and conducting sales transactions are valid customers with valid payment authorization, and that transactions are logged so that an audit trail is established to avoid repudiation. Regarding processing integrity, Charlie should implement data input checks that verify the completeness, accuracy, and validity of the data entered on the website. In addition, he should implement back-end controls, such as reconciliations and verifications, to ensure the accuracy of information taken from this system to the company’s accounting systems. Finally, Charlie should focus on minimizing service disruptions that could reduce sales. Accordingly, he should implement controls for redundant systems, disaster recovery, testing of software changes, and capacity planning and testing. b. The retail portion of the business, assuming that the accounting systems are mostly manual and handled by Charlie and his wife. The five internal control activities should be considered with respect to the retail business and manual accounting systems involving sales and cash collections. Even though segregation of duties will be difficult considering that only Charlie and his wife are operating the business, they can perform business processes in a manner to promote good control. For instance, they can check each other’s work in instances where they are performing incompatible duties involving combinations of custody and record keeping. They can ensure that prices are properly authorized by consignors and credit card payments are authorized at the time of the sale. Thorough documentation (such as detailed sales receipts) should be maintained and accounted for purposes of performing reconciliations and supporting the general ledger. Also, physical controls should be in place at the retail store to protect the company’s assets and records. 51. (SO 2,3,4) Identify an internal control procedure that would reduce each of the risks that follow in a manual system. Also describe how (or if) an IT system could reduce these risks: Student responses may vary, as more than one control may apply to risk reduction in these circumstances. However, following are some likely answers:
Page 8-8
Chapter 8 Solutions
Revenue and Cash Collection Processes
a. Revenues may be recorded before the related shipment occurs. Shipping documentation should be matched with sales order data and presented to the billing department as the basis for recording the sale and preparing the bill. The IT system can perform an automatic match whereby shipping data is required as a basis for recording the revenue. b. Employees responsible for shipping and accounts receivable may collude to steal goods and cover up the theft by recording fictitious sales. To prevent this type of problem, sales orders should be reviewed for proper customer and authorized by an independent member of management prior to shipment. The IT system can include validity checks or other controls that require a valid customer for the transaction to be recorded. Also, reconciliation procedures can compare manual documentation with system records to determine that valid transactions are recorded. If the collusion involves recording the fictitious sale in the account of a valid, existing customer, the process of sending sales invoices and customer statements – and subsequent reconciliation procedures – are important for uncovering this type of fraud. c. Credit memos may be issued at full price, when the goods were originally sold at a discount. Original sales documentation, including key information such as original sales price, must be required as a basis for preparing credit memos. An IT system could automatically match credit memo authorizations with the original sales data so that the credit would be issued at amounts that are consistent with the original sale. d. Sales invoices may contain mathematical errors. Independent checks of sales invoices should occur before the customer is billed. This includes verification of mathematical accuracy. If an automated system is in place, the IT system can perform mathematical computations at a great time savings. e. Amounts collected on accounts receivable may be applied to the wrong customer. Customer account statements should be sent on a regular basis so that customer records can be reconciled to the company’s records. This is likely to detect a misapplication of a customer collection. An IT system could enhance the process by requiring cash receipts to be entered along with a customer account number as well as an invoice number to ensure that the receipt is applied properly. f. Duplicate credit memos may be issued for a single sales return. A comparison of the receiving log with the credit memo listing would indicate if duplicate credit memos have been issued for a single sales return. An IT system could also prevent this risk by requiring that credit memos be generated only upon entering key information from the original sale and blocking the issuance of another credit memo for an item for which credit had already been issued. g. Sales invoices may not be prepared for all shipments. Shipping records should be compared with the sales invoices records. This may be done through verification of the sequence of shipping documents to ensure that an invoice was prepared for each item shipped. An IT system may enhance this process by matching shipping document numbers with invoices and preparing a warning report for any instances of unmatched shipping documents.
Page 8-9
Chapter 8 Solutions
Revenue and Cash Collection Processes
h. Shipments may contain the wrong goods. Companies should require the matching of key information on related documents prior to shipment. This includes inventory quantities and descriptions on approved sales orders and packing lists. An IT system may make this process more efficient by performing the match automatically; it can verify whether product numbers and quantities on the sales orders match those on the shipping documents. i. All sales transactions may not be included in the general ledger. A regular reconciliation should be performed to compare the sales journal with the amounts recorded in the general ledger. An IT system may perform a periodic automatic post of the sales journal to the general ledger, thereby eliminating the potential for missing sales transactions. 52.
(SO 2) When an order for inventory items is fulfilled, in Microsoft Dynamics GP the items are reviewed to see if there is available stock to fill the order for the line item. If there no available stock, the user may select one of the following options. Describe what each of these choices would accomplish on the line item (inventory item being ordered) where there are not sufficient quantities to ship all the items ordered. Describe why companies may select to use each of these options. a. Sell the balance – Assigns the quantity available in inventory to this order. This will result in processing the sales order for a quantity less than the customer originally ordered. The company may select if the customer agrees to change its order to the reduced quantity. b. Override the shortage – Ignores the shortage and results in a negative quantity available, but may be selected if the company expects to receive the inventory items very soon. This allows the company to proceed with processing the order for its full quantity. c. Back order all – Delays the order until the full quantity can be provided. Thus, no inventory movement is reported; rather, a backorder is created for the entire quantity. This may be selected when the customer prefers to receive all items at once. d. Back order balance – Processes a partial order and backorders the shortage. This may be selected when the customer agrees to a partial order with a delayed shipment of the remaining items. e. Cancel all – Cancels the entire order. This will be selected when the customer revokes the sales order as a result of the company’s insufficient inventory level. f. Cancel balance – Processes a partial order and cancels the shortage. This will be selected when the customer agrees to a reduced quantity and cancels the portion of the shortage. g. Distribute – Substitutes inventory items or pulls items from another location to fill the order. This will be selected when the company has the items available at another site, or when the customer accepts an alternate product.
Page 8-10
Chapter 8 Solutions
Revenue and Cash Collection Processes
53. (SO 3,4,5) The following list presents various internal control strengths (S) or risks (R) that may be found in a company’s revenues and cash collection processes. Indicate whether each of these items represents a S or R related to internal controls in the revenues and cash collections processes. Alternatively, indicate whether the item is not applicable (N/A), meaning that it either has no impact on the strength of internal controls or does not pertain to the revenues and cash collection processes. S
Credit is authorized by the credit manager.
_N/A_ Checks paid in excess of $5,000 require the signatures of two authorized members of management. (Although this is viewed as an internal control strength, it is not applicable to the revenues processes.) R
A cash receipts journal is prepared by the Treasurer’s department. (This type of accounting record should be prepared by those with recordkeeping responsibilities rather than those in a position to perform reconciliations of the cash records.)
S
Collections received by check are received by the company receptionist, who has no additional recordkeeping responsibilities.
R
Collections received by check are immediately forwarded unopened to the accounting department. (This would place the accounting department in an incompatible role combining recordkeeping and custody of cash.)
S
A bank reconciliation is prepared on a monthly basis by the Treasurer’s department.
S
Security cameras are placed in the shipping dock.
S
Receiving reports are prepared on pre-printed, numbered forms.
R
The billing department verifies the amount of customer sales invoices by referring to the authorized price list. (This price authorization role should be performed before billing. An approved sales order, including verified prices, should be in place at the time the documents reach the billing department.)
S
Entries in the shipping log are reconciled with the sales journal on a monthly basis.
_N/A_ Payments to vendors are made promptly upon receipt of goods or services. (Vendor payments relate to the expenditures processes rather than the revenues processes.)
Page 8-11
Chapter 8 Solutions
Revenue and Cash Collection Processes
R Cash collections are deposited in the bank account on a weekly basis. (If cash receipts occur daily, they should be deposited promptly – preferably on a daily basis.) S
Customer returns must be approved by a designated manager before a credit memo is prepared.
S
Account statements are sent to customers on a monthly basis.
R
Customer returns are presented to the sales department for preparation of a receiving report. (Receiving reports should be prepared promptly upon receipt of returned items. This should be done in the receiving area, where the personnel have a custody function, rather than in the sales department, where the personnel initiate sales transactions.)
54. (SO 2) See the completed spreadsheet “Problem 8-54.xlsx” on the instructor website. That spreadsheet has two tabs. The first tab is a simple spreadsheet in which numbers for invoice and amount are typed into the appropriate column. This spreadsheet is probably similar to what most students would complete. If students have a higher level of spreadsheet skills, or if they are given some instructions and guidelines, they could produce a more complex spreadsheet with formulas to determine the appropriate column. The spreadsheet in the “Complex Spreadsheet” tab uses IF formulas and the AND function to place amounts in the correct aged column. 55. (SO 2) See the completed spreadsheet “Problem 8-55.xlsx” on the instructor website. There is no single correct answer to this problem. However, as a student attempts to design a spreadsheet, it will cause the student to ponder several important issues. For example, the student must consider how to handle data that appears once, such as sales order number, but would have to be repeated for each line item on the sales order. Also, some data would be in separate tables or files. Information such as bill to address, ship to address, item descriptions, and item prices are likely to be established and maintained in other tables or files. 56. (SO 2,4) Following are ten internal control failures related to the revenues and cash collection processes. d
A customer ordered 12 boxes of your product (total of 144 items) for express shipment. Your data entry clerk inadvertently entered 12 individual items.
q
You enter sales and accounts receivable data in batches at the end of each week. Several problems have resulted recently as a result of recording invoices to the wrong customer account.
f
In an effort to boost sales, you obtain some of the stock of unissued shipping reports and create a dozen fictitious shipments. You submit these documents to the billing department for invoicing.
Page 8-12
Chapter 8 Solutions
Revenue and Cash Collection Processes
g
Checks are received by the mailroom and then forwarded to the accounts receivable department for recording. The accounts receivable clerk holds the checks until the proper customer account has been identified and reconciled.
p
Several shipping reports have been misplaced en route to the billing department from the shipping department.
h
Several sales transactions were not invoiced within the same month as the related shipment.
c
A sales clerk entered a non-existent date in the computer system. The system rejected the data and the sales were not recorded.
a
Upon entering sales orders in your new computer system, a sales clerk mistakenly omitted customer numbers from the entries.
o
A computer programmer altered the electronic credit authorization function for a customer company owned by the programmer’s cousin.
n
Customer orders were lost in the mail en route from the sales office to the accounting department (located at the company’s headquarters).
Required: Select one internal control from the following list that would be most effective in the prevention of the failure. Indicate the letter of the control next to each failure above. Letters should not be used more than once and some letters may not be used at all. a. Pre-formatted data entry screens b. Pre-numbered documents c. Programmed edit checks d. 100% check for matching of customer orders and sales orders e. 100% check for matching of sales orders, pick list, and packing slips f. 100% check for matching of sales orders and invoices g. 100% check for matching of deposit slip and customer check. h. Prompt data entry immediately upon receipt of customer order i. Customer verification j. Independent authorization for shipments k. Independent authorization for billing l. Reasonableness check m. Hash totals n. Data back-up procedures o. Program change controls p. Sequence verification q. Periodic confirmation of customer account balances
Page 8-13
Chapter 8 Solutions
Revenue and Cash Collection Processes
57. (SO 2,3,4) Maxx Enterprises is a small company with four people working in the revenue processes. One of the four employees supervises the other three. Some tasks that must be accomplished within the revenue processes are the following: a. Accounts receivable record keeping b. Approving credit of customers c. Authorizing customer returns d. Authorizing new customers e. Billing customers f. Cash receipts journal posting g. Entering orders received h. Inventory record keeping i. Maintaining custody of cash j. Maintaining custody of inventory k. Reconciling records to the bank statement Required: For each of the four employees (supervisor, employee 1, employee 2, and employee 3), consider the duties you would assign to each employee. In assigning duties, no employee should have more than three tasks and there should be a proper separation of duties to achieve appropriate internal control. List the four people, the duties you assigned to each employee, and a description of why those assignments achieve proper separation of duties. Supervisor: Employee 1: Employee 2: Employee 3:
b., c., and d. (all Authorization functions) a., f., and h. (receivables, collections, and inventory Recordkeeping) e., g., and k. (sales and billing Recordkeeping and cash reconciliation) i. and j. (all Custody functions)
58. (SO 6) Refer to the Ethical Dilemma: Mail Order Case presented in Chapter 3. What term introduced in this chapter applies to the type of mail order deceit described in that case? What could the mail order company do to avoid a loss resulting from an event, assuming that it uses an e-commerce system? (This problem is referring to one of the cases (#56) presented within Chapter 3’s end of chapter material.) This type of mail order deceit is known as repudiation. The mail order company should have controls in place to make sure that each sale is to a valid customer with valid payment authorization and that an audit trail is maintained to avoid repudiation. Customer authentication through user ID and password should be used, as well as transaction logs and data trails. In this case, it may be most effective if the company uses digital signatures or digital certificates to authenticate and validate a customer. The signature verification would also be important upon delivery.
Page 8-14
Chapter 8 Solutions
Revenue and Cash Collection Processes
59. (SO 9) Visit the financial education website created by Equade Internet Ltd. at www.investopedia.com. Note the definition for channel stuffing. According to this site, what is the primary motivation for channel stuffing? Channel stuffing is a deceptive business practice used by a company to inflate its sales and earnings figures by deliberately sending retailers along its distribution channel more products that they are able to sell to the public. By channel studding, distributors temporarily inflate their accounts receivables. However, unable to sell the excess products, retailers will send the excess items (instead of cash) back to the distributor, who must adjust its accounts receivable and ultimately its net income. In other words, channel stuffing always catches up with the company, because it cannot maintain sales at the rate it is stuffing. The primary motivation for this fraudulent business practice is to raise the value of the company’s stock. 60. (SO 6) Using a search engine, locate an article written by Oliver Lindberg titled “16 Economic Trends that will Drive Sales in 2019”. Briefly describe the main point of this article. The main point is to explain trends in revenue processes that make shopping experiences easier for consumers, including: increased conversations with customers; chatbot artificial intelligence; the explosion of augmented reality; video; voice search; on-site personalization; personalized products; micro markets; web payments; flexible payment options; multi currency, language, and channel; transient brick and mortar; subscriptions; continuation of the direct-to-consumer revolution; faster, leaner e-commerce operations; and environmental impact. By focusing on these trends, companies may gain a competitive edge. 61. (SO 9) This chapter mentioned alleged fraudulent revenue reporting at BrownForman and Diageo. Using a search engine, search the phrase “SEC channel stuffing”. Give one more example of a company that was investigated, or is being investigated by the SEC. What are the facts and status of the case? The student’s answer will depend on when the search is conducted. The SEC Web site presents enforcement releases describing actions against Maxwell Technologies Inc. and OCZ Technology Group, among others.
Cases 62. (SO 2,7,8) Sales processes at Hitsville CDs. a. The sales processes in the store are very similar to any retail store. When a customer buys a CD or LP record, the product is scanned by a bar code reader, the customer pays the amount by cash, check, or credit card, and then takes the products out of the store. For online sales, Hitsville CDs must implement an IT system and a web server to process online sales. It would be necessary for a customer to browse or search the inventory online,
Page 8-15
Chapter 8 Solutions
Revenue and Cash Collection Processes
requiring a real-time inventory system integrated with the sales processes. The IT systems for the online system would be more complex. The online sales would be processed through the Web site and mailed to the customer. Payment could only be made by credit card at the time of sale. b. Usually very little, if any, data is collected from customers during in-store sales. Customers paying by cash can be completely anonymous. Even in the case of a credit card payment, customer data is only used to charge the credit card and that data is usually not kept by the company. c. Much more customer data must be collected, used, and stored for online sales, including customer name, address, phone, and credit card data. d. In addition to the data mentioned in part c, Hitsville CDs may store and analyze the CD titles purchased by individual customers. If Hitsville CDs had software capable of doing so, this data could be used to recommend other titles to customers. This system would work like the Amazon.com web site. When purchasing a book at Amazon, the customer receives suggested titles of similar books. e. (This questions is an error in that it is a repeat of d.) 63. (SO 2,4) Sales and collection processes at Waterloo Industries. a. Refer to the separate Microsoft Excel file “Chapter 8 Solutions Process Maps.xlsx”. b. Weakness: The invoice is prepared without comparison to the packing slip. This means the company could bill the customer for items or quantities different from that which was shipped. This is especially true if items are out of stock. Improvement: A copy of the packing slip should be forwarded to accountant 1 and the invoice should be based on items and quantities shipped. Furthermore, accountant 2 should file the packing slip copy with the matched invoice and approved sales order. Weakness: Customer credit is not approved until after the order is shipped. Improvement: Credit approval should occur before the documentation is forwarded to the warehouse clerk for filling the order and shipment. Weakness: Inventory records are not updated as orders are filled. Improvement: A copy of the packing slip or stamped sales order should be used by accountant 1 or 2 to update inventory records promptly upon shipment. Weakness: There is no prelisting of checks received with the amounts. Such a list helps prevent theft or accidentally misplacing a check. Improvement: A prelisting of checks received should be prepared so it can be compared to the bank deposit amount. Weakness: There is no mention of a bank reconciliation for checks received. Improvement: The bank account should be reconciled to cash records on a monthly basis. This reconciliation should be performed by someone who has not responsibility for custody, authorization, or recordkeeping for cash.
Page 8-16
Chapter 8 Solutions
Revenue and Cash Collection Processes
Weakness: There is no comparison of the check received to the original sales invoice. Under this system, it would be possible to assume an invoice is fully paid when it was not. Improvement: The checks received should be compared to the sales invoices. Weakness: The collections clerk has custody of the checks and also records the transactions in the accounts receivable subsidiary ledger. Improvement: Accountant 1 or 2 should record in the subsidiary ledger upon receiving a list of checks received. This would improve controls regarding segregation of duties, as the collections clerk should have custody responsibilities but not the related record keeping responsibilities. Weakness: There is no mention of monthly statements mailed to customers. Such a statement summarizes possibly several invoices for each customer and can show the ages (overdue status) of the amounts. Improvement: A monthly statement should be mailed to each customer. Weakness: There is no mention of performing a reconciliation of subsidiary ledgers and the general ledger. Improvement: A periodic reconciliation of the subsidiary and general ledgers should occur to help prevent or detect errors, omissions, and fraud. c. Refer to the separate Microsoft Excel file “Chapter 8 Solutions Process Maps.xlsx”. 64. (SO 2,4) Process maps and internal control considerations for Moira Inc.’s sales, billing, and collection processes a. Refer to the separate Microsoft Excel file “Chapter 8 Solutions Process Maps.xlsx”. b. Moira’s sales department personnel are preparing a sales order without an approval for the transaction and without checking the credit status of the customer. Before the sales department prepares a sales order, it should determine the relevant pricing for the items ordered and check the customer’s credit. The sales journal should not be updated at the time a sales order is prepared; rather, the sales journal should be updated upon shipment of the items to the customer. Moira’s warehouse personnel currently have incompatible duties related to both custody of inventory items and inventory recordkeeping. An inventory control function should be implemented for the purpose of inventory recordkeeping. Also, there is no indication that shipping documents are being prepared by Moira. A separate shipping function should be established for purposes of preparing a bill of lading to present to the carrier, rather than a copy of the sales order. In addition, a shipping log should be used.
Page 8-17
Chapter 8 Solutions
Revenue and Cash Collection Processes
Moira’s billing department is not preparing a billing record or maintaining records of amounts billed. It should be preparing an invoice to be sent to the customer, rather than sending a priced version of the sales order. A copy of the invoice should be retained in the billing department. The accounts receivable department is not updating the receivables records promptly upon the occurrence of a sales transaction; instead, it is delaying this recordkeeping task until the related cash is collected. The accounts receivable subsidiary ledger should be updated promptly upon the shipment of a sales order and the invoicing of that order. Cash collections should not be handled by the accounts receivable department, as this custody function is incompatible with the recordkeeping of customer accounts. A separate company employee should handle collections received in the mail, and a cash receipts department should be responsible for preparing the cash receipts journal and bank deposit. Moira’s general ledger is being updated prematurely. Rather than updating the general ledger upon receipt of a sales order from the sales department, it should be updated at the time the shipment occurs and the related billing and accounts receivable records are prepared. c. Students’ revised process maps for Moira’s sales and cash collection processes should be similar to those presented in Exhibits 8-3 and 8-13, respectively. 65. (SO 2,4) Internal control risks at Neat Creations The following memo presents internal control weaknesses or potential risks, as well as recommendations for strengthening controls: To : Natalie Peck, Owner Neat Creations Fr: AIS Student Re: Internal Control Recommendations During the course of my accounting work, the following circumstances were noted which represent internal control weaknesses and potential business risks in the company’s revenue processes. I am proposing potential enhancements to the company’s system of internal controls in order to reduce these risks. I would be pleased to discuss these items with you further.
Sales documentation is not being prepared for all sales transactions, but only for sales on account. This allows for the possibility of fraud or error in the retail store, as there is no basis for reconciling sales with cash register and credit receipts for each shift worked by a sales clerk. In addition, inventory records cannot be updated on a regular basis. If sales clerks prepare a sales
Page 8-18
Chapter 8 Solutions
Revenue and Cash Collection Processes
receipt for each sale, then a record exists for the purposes of performing daily reconciliations of the summaries of cash collections and updating the cash, accounts receivable, and inventory records. A duplicate copy of the receipt could be given to each customer as a record of the transaction. Walk-in sales on account are approved by a manager upon recognizing a credit customer. This presents a potential problem for a growing company to be able to recognize all of its customers, as well as in the event that the walkin customer may no longer be affiliated with the customer company. The supervisor in the accounts receivable department should verify charge slip information in order to approve the sale before it is transacted, rather than afterwards. The accounts receivable supervisor is not effectively utilizing the list of past due accounts. This report should be actively investigated and follow-up should be performed to maximize the likelihood of cash collection. Past due customers should be contacted promptly in order to discuss the reasons for the delay in collections and maximize the likelihood of future collection. Neat Creations should implement credit and collections functions to investigate and pursue payment on unpaid customer accounts rather than merely writing them off. A cashier should not perform the bank reconciliation because this presents a problem with segregation of duties. The person with custody of cash (who receives payments and prepares the cash receipts listings and bank deposits) should not also have responsibility for reconciling the bank account. This control activity should be performed by someone independent of the cash authorization and recordkeeping functions. The staff accountant does not currently have sufficient information to allow him or her to verify the general ledger postings. For instance, before the general ledger is updated, staff accountants should be able to determine that the cash register totals reconcile to the cash deposit and credit summary information and that the cash receipts listings agrees with the bank deposits.
66. (SO 2,4,6) Tamar LLC.’s internal control checklist. These checklist questions are expected to achieve the internal control purposes as presented in the following list:
Is the sales department separate from the credit office and the IT department? Separation of duties in important in the revenues and receivables processes, so the sales office, where initial sales records are prepared, should be separated from the authorization duties performed by the credit office and the systems programming and implementation duties performed by the IT department. Are all collections from customers received in the form of checks? Checks provide a record of collections, which can enhance the recordkeeping accuracy of the related cash, receivables, and sales accounts. On the other hand, cash collections are easier for a dishonest employee to steal.
Page 8-19
Chapter 8 Solutions
Revenue and Cash Collection Processes
Is it appropriate to program the system for general authorization of certain sales, within given limits? Authorizations are important for ensuring that only valid, approved transactions take place. However, as a cost/benefit consideration, limits may be set regarding the minimum amount for which specific authorization is required. Are product quantities monitored regularly? Independent checks of the physical versus recorded inventory quantities is an important control feature that can detect errors or fraud in inventory records. This can also be an effective tool for preventing the risk of a stock shortage which could impact customer satisfaction. Will all data entry clerks and accounting personnel have their own PCs with login IDs and password protection? If employees have their own PCs, then there should be no reason for computer sharing. Therefore, instances of unauthorized access should be minimized and each employee’s login information can be monitored so that each person is held accountable for changes made. Will different system access levels for different users be incorporated? Access controls are important for limiting access to areas of the employees’ responsibility as well as monitoring and identifying work performed by each member of personnel. This will limit sensitive information from being viewed or altered by unauthorized members of personnel. Will customer orders be received via the Internet? This will provide for prompt recording of customer orders and reduced errors that could otherwise result if customer orders had to be manually input by company personnel. Has the company identified an off-site alternative computer processing location? If computer processing is necessary for the effective and efficient operation of the business, then the company should have plans in place to minimize the risk of loss due to interruptions in computer service. Does the project budget include line items for an upgraded, uninterrupted power source and firewall? These controls protect against loss of information, loss of a computer processing source, or unauthorized access to the system, which can reduce the risk of data destruction or alteration. Will the system be thoroughly tested prior to implementation? This reduces the risk of errors in programming that can cause unreliable financial reporting. Will appropriate file backup procedures be established? Back-up procedures protect a company against a risk of loss due to destruction of data files. They also provide a means for continued processing even if company hardware and software are unavailable or destroyed. Will business continuity plans be prepared? Continuity plans ensure that the company will be able to operate even if there is a disruption in computer processing, destruction of the company’s operating facility, records and/or data, or other unforeseen circumstances. Will an off-site data storage exist? Off-site data storage allows for back-up versions of company information to be maintained in case they are needed or purposes of emergency business continuity. Will intrusion detection systems be incorporated? The company should have this electronic control to monitor for the possibility of unauthorized access to the system. This will protect the data and records within the system. Page 8-20
Chapter 8 Solutions
Revenue and Cash Collection Processes
67. (SO 2,4) Internal controls at Gramercy Health Care Evaluate the information in each of the following situations as being either an internal control (1) strength, (2) weakness, or (3) not a strength or weakness. 1. Gramercy’s office manager approves the extension of credit to patients and also authorizes write-offs of uncollectible accounts. (2) 2. Gramercy’s office manager may extend credit based on special circumstances rather than using a formal credit search and established credit limits. (2) 3. Gramercy extends credit rather than requiring cash or insurance in all cases. (3) 4. The computer software package cannot be modified by Gramercy employees. (1) 5. No Gramercy employees who generate revenues or record revenues are able to write checks. (1) 6. Computer passwords are known only by the individual employees and the managing partner, who has no recordkeeping responsibilities. (1) 7. Individual physicians document the services they perform on pre-numbered reports that are used for both recording revenues and patient receipts. (1) 8. Insurance coverage is verified by the office manager before medical services are rendered. (1) 9. The bank reconciliation is prepared by an independent CPA firm. (1) 10. The sequence of pre-numbered service reports are accounted for on a monthly basis by an independent CPA firm. (1) 11. The second accounting clerk receives cash and checks and prepares the daily deposit. (1) 12. The second accounting clerk maintains the accounts receivable records and can add or delete receivables information on the PC. (1) 13. The second clerk receives the cash and checks and also records cash receipts. (2) 14. Gramercy is involved only in medical services and does not have diversified business operations. (3) (Excerpt from Adapted CPA Simulation Problem) 68. (SO 2,4) Internal control weaknesses in cash receipts and sales processes at Handauer, Inc. a. Refer to the separate Microsoft Excel file for Chapter 8 Solutions Process Maps. b. Internal control weaknesses: The mail clerk should not forward the checks and remittance advices to departments having recordkeeping responsibilities. The mail clerk is not preparing a record of cash received in the mail.
Page 8-21
Chapter 8 Solutions
Revenue and Cash Collection Processes
Cash collections are not being deposited promptly. Furthermore, the bank deposits are being prepared by accounts receivable department personnel, who also have recordkeeping responsibilities. The sales department, accounting department, and accounts receivable personnel should not have custody of the checks because they have recordkeeping responsibilities. There is no procedure for reconciling the daily cash receipts and bank deposits. Bank reconciliations are being prepared by accounting department personnel, where employees also are responsible for reviewing the past due status of customer accounts. These employees have custody of cash for a limited period of time, which places them in a custody role. The bank statement should not be prepared by someone who has custody of cash. Cash sales should not be received by sales clerks (because it violates the segregation of duties principles), but should be directly received by the cashier. The cashier, who has a cash custody role, should not also be responsible for the incompatible authorization task of approving customer credit. The inventory control catalog should not be updated by the sales department because it violates the segregation of duties principles.
Page 8-22
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
Turner/Accounting Information Systems, 5e Solutions Manual Chapter 9 Concept Check 1. d 2. d 3. c. 4. b 5. b. 6. d 7. d 8. c 9. a 10. b 11. a 12. b 13. b 14. a 15. b 16. c 17. b 18. b
Discussion Questions 19. (SO 2) Name the first document that should be prepared when a production employee recognizes that the quantity of goods on hand is insufficient to meet customer demand. Purchase requisition. 20. (SO 2) How does the maintenance of a receiving log enhance internal controls? A receiving log is a sequential listing of all goods received. It provides an audit trail and allows the physical goods received to be matched with other documents to ensure that all goods are received. 21. (SO 2) Why should a receiving clerk be denied access to information on a purchase order? This practice is called a “blind PO” and the advantage is that it forces a physical count of goods received. A clerk cannot complete the “quantity received” field of a receiving report until
9-1
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
the goods have been counted. If the PO contained quantities ordered, the clerk could assume that the quantity received is equal to quantity purchased and therefore, skip the physical count. However, conducting the physical count is a much better practice, and the blind PO serves as a control to force such a count. 22. (SO 2) Under what circumstances would it be necessary to manually update accounts payable prior to the receipt of a vendor’s invoice? When the receipt of goods occurs at the end of a period but the invoice is not received until the next period, the liability should be recorded in the earlier period even though the invoice has not yet been received. 23. (SO 4) Which department is responsible for making sure that payments are made in time to take advantage of vendor discounts? It is the responsibility of accounts payable. 24. (SO 4) Why would some checks need to include two signatures? Large checks over a specified amount may require two signatures. Large checks entail more risk for the company, and the dual signature lessens risks by requiring the authorization of more than one company representative. 25. (SO 4) During the process of reconciling the bank account, why is it necessary to review the dates, payees, and signatures on the canceled checks? Reviewing dates, payees, and signatures on cancelled checks may help uncover unusual events. Any suspicious events can be investigated to make sure that they are not part of a fraud scheme. 26. (SO 4,6) What specifically does a cash disbursements clerk do when he or she “cancels” an invoice? How does this compare to the procedures used when computer-based matching exists? To cancel an invoice means to mark or stamp it with the date paid and check number. The purpose is to help prevent duplicate payment of an invoice. In an automated matching system, the system would be programmed to ensure that there were no previous payments that would make a new payment a duplicate payment. 27. (SO 4) Why should accountants periodically review the sequence of checks issued? To ensure there are no missing or unaccounted checks. This helps prevent errors and fraud. 28. (SO 2,4) What accounting records are used by accounts payable personnel to keep track of amounts owed to each vendor? An accounts payable subsidiary ledger is used to record the detail of amounts owed to each vendor. 29. (SO 5) Identify some inefficiencies inherent in a manual expenditures processing system. There is a physical matching of documents by
9-2
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
humans and this process is time consuming and error prone. Even if a software system such as Microsoft Dynamics GP is used, there are many human tasks that are time consuming and error prone, including: keying data for a PO; the manual process of comparing an order received to the PO; keying in the receiving report and finding the PO in the system to match it against; keying the invoice into the system and finding the PO in the system to match it against; and the human decision making process regarding which invoices to approve for payment. These inefficiencies cause a large expenditure in salaries and wages for the personnel who perform these tasks. 30. (SO 5) What are the advantages of BPR? Using BPR to design IT systems can reduce the amount of paperwork, manual processing and the costs inherent in paperwork and manual processing. The costs include wages and salaries for the time to do manual processing and to correct errors or mismatches that occur in the manual processes. 31. (SO 5,6,7,8) List three examples of BPR used in the expenditures processes. BPR can be used to change a manual match and payment system into one of three IT systems, including computer based threeway matching, Evaluated Receipt Settlement (ERS), and EDI. 32. (SO 6) Explain how system logic errors could cause cash management problems. When logic errors exist in a system, it may cause the system to make the same error repetitively. If the logic error involves approving payments, the system may repetitively approve payments at the wrong times or in the wrong amounts. Since the error is repetitive, it could quickly cause cash flow problems by paying too much cash too soon. 33. (SO 6) Explain how system availability problems could cause cash management problems. Significant amounts of downtime in the system could delay payments to vendors. In turn, vendors may delay shipping materials to the company, which would then delay sales to customers and cash collections from customers. 34. (SO 8) How is an audit trail maintained in an IT system where no paper documents are generated? Backup files and computer logs of transactions can serve as part of an audit trail. 35. (SO 6) What can a company do to protect itself from business interruptions due to power outages? A company should have a disaster recovery plan and use uninterruptible power supplies as a backup to the normal power source. 36. (SO 7) What paper document is eliminated when ERS is used? ERS is an invoiceless match system. This means the invoice is eliminated and the vendor is paid if the PO matches the goods received.
9-3
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
37. (SO 7) Identify compensating controls needed for an effective ERS system. Some of the compensating controls incude: established receiving procedures to ensure goods are only accepted when quantities and part numbers match exactly; there must be a very detailed negotiation with suppliers to establish accepted practices and firm prices; vendors must understand that substitutions and partial shipments cannot be accepted; there should be established procedures to handle exceptions (but exceptions should be rare). 38. (SO 5) What is typically the most time-consuming aspect within the expenditures process? The matching of documents in a three-way match system is very time-consuming because of the manual steps and need for reconciling mismatches of part numbers, quantities, and prices in many shipments. 39. (SO 8) Identify the category of risk that can be reduced by using authority tables, computer logs, passwords, and firewalls. The category of risk that these controls reduce is security and confidentiality risk, and more specifically, unauthorized access. 40. (SO 6) Explain why the availability of computer systems in the receiving department is such an important component of an automated expenditures process. In most automated vendor payment systems, there is a presumption that the receiving personnel must reject shipments that do not match the PO. This means that the receiving personnel must be able to look up the desired PO at the same time the delivery is at the receiving dock. The receiving personnel must be able to reject the shipment, of necessary, while the delivery person is still at the receiving dock. In this circumstance, the PO files must be online and readily accessible to receiving personnel. 41. (SO 5,8) Identify three ways that buyers and sellers may be linked electronically. EDI systems link buyers and sellers electronically in the form of private leased lines, third-party networks called value-added networks, or via the Internet. 42. (SO 8) What techniques can a company use to reveal problems concerning potential exposure to unauthorized access to its systems? Penetration testing, vulnerability assessment, and intrusion detection systems all help expose potential unauthorized access. 43. (SO 9) How are Web browsers used in e-payables systems? In many accounting systems, the accounting software has a custom designed screen to view and enter data. In e-payable systems, a web browser is used as the interface to receive and review invoices, as well as to make vendor payments. The web browser is perceived to be a more user friendly approach to the interface.
9-4
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
44. (SO 10) Explain how procurement cards provide for increased efficiencies in the accounts payable department. P-cards are used for purchasing things such as supplies, maintenance, and travel and entertainment expenses. Without p-cards, many companies find they have a large volume of these small dollar transactions that would require the regular matching process in accounts payable. The p-card eliminates this time consuming matching process for items purchased with the p-card. This eliminates soliciting bids, keying PO and invoice data, matching documents, reconciling mismatches, and writing small dollar amount checks. Instead, the company receives one monthly bill from the credit card issuer. Brief Exercises 45. (SO 2,4) Describe what is likely to occur if company personnel erroneously recorded a purchase transaction for the wrong vendor? What if a cash disbursement was posted to the wrong vendor? Identify internal controls that would detect or prevent this from occurring. If a company erroneously recorded a purchase transaction to the wrong vendor, it is likely to make a payment to the wrong party. When the correct vendor does not collect its payment, it will notify the company and demand payment. This will likely result in the company making a duplicate payment for the same transaction. If a cash disbursement was posted to the wrong vendor account, this would also likely result in the company making a duplicate payment for the same transaction. Since the first payment did not get recorded correctly, the company would not have a proper record of the payment. When it reviewed its vendor accounts, it would note that it still needed to make a payment. It would be difficult to discover an erroneous posting of a purchase transaction or cash disbursement to the wrong vendor account. (An incorrect posting of a cash disbursement is more likely to be discovered in the document matching and subsequent posting process.) The following internal controls could detect these types of problems: When invoices arrive from the vendor companies, there should be an attempt to match the invoice to the PO and receiving report before the transaction is posted to the vendor account
9-5
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
within the accounts payable subsidiary ledger. During this posting, the employee who posts should verify that the transaction is recorded in the proper vendor account. A reconciliation should be performed upon receipt of the vendor statement. This should reveal any differences in terms of purchase or payment information. A review of the vendor file should be performed periodically. The vendor to which the purchase should have been recorded or the vendor to which a payment was erroneously applied may show a negative balance (paid more than recorded purchases). The error may also be discovered when there is a reconciliation of the accounts payable subsidiary ledger to the general ledger, although this is not as likely. The reconciliation would still balance even if an amount is recorded in the wrong vendor account. It is also possible that this error would not be discovered particularly if there are always outstanding balances in vendor accounts. The best internal control to prevent these errors is the use an of automated system, rather than a manual system. An automated system would automatically post to the correct vendor as the PO is created. 46. (SO 4) Debate the logic used in the following statement: “The person responsible for approving cash disbursements should also prepare the bank reconciliation because he is most familiar with the checks that have been written on that bank account.” It may be true that this person is more familiar with the checks, but it would not represent a good internal control process. If a separate person reconciles the account, it prevents the first person from writing fraudulent checks and covering it up by altering the bank reconciliation. 47. (SO 8) Expenditure systems are crucial in the automobile manufacturing industry, where hundreds or thousands of parts must be purchased to manufacture cars. Briefly describe how EDI would be beneficial in this industry. Since there would be such a large volume of POs, invoices, and receiving reports, the physical handling of so many paper document would be inefficient. EDI would eliminate all of the manual steps in handling these paper documents, eliminate the keying of the data on these documents, and eliminate mail delays. An EDI system would be faster, more efficient, and less error prone. Therefore, it would also reduce the cost per transaction. 48. (SO 2,4) Describe how the matching of key information on supporting documents can help a company determine that purchase transactions have been properly executed. If the company has established proper segregation of duties and matches documents, it is likely that it has
9-6
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
properly insured that purchase transactions are properly executed. Purchasing would not complete a PO and place an order until they receive a purchase requisition. The PO would be forwarded to accounts payable. The receiving department would complete and forward a receiving report upon receiving the goods. The invoice comes from a separate party – the vendor. If these three separate documents match, it is a good assurance that it was a valid, authorized order, it was properly received, and the vendor billed correctly for goods ordered and received. 49. (SO 2,3) Describe how the use of pre-numbered forms for debit memos can help a company determine that purchase return transactions have not been omitted from the accounting records. It is much easier to account for all debit memos if they are pre-numbered. The sequence of numbers can be checked to ensure that all have been posted. 50. (SO 5,7) Describe how a ERS system could improve the efficiency of expenditure processes? An ERS is an invoiceless system that pays vendors if the goods received match the PO. This system replaces the document matching system that often occurs in accounts payable, thus eliminating the most time consuming aspect of paying vendors. However, it does require that purchasing agreements with vendors be much more strictly defined. Vendors must understand that the company cannot accept different prices from those negotiated, product substitutions, undershipments, overshipments, or partial shipments. 51. (SO 10) Describe how a procurement card improves the efficiency of purchasing supplies. A procurement card is often used to purchase supplies or pay for travel and entertainment. Using a p-card eliminates the typical match of PO, receiving report, and invoice. Individual users have much more control over the purchase of their supplies and central inventories of supplies need not be maintained.
Problems 52. (SO 2,5,6,7,8) Refer to the Real World Example for City Harvest and the details in the chapter. Outline the business process improvements that can occur in the inventory and purchasing processes when a manual or nonintegrated system is replaced with a fully integrated ERP system to efficiently manage the purchase and distribution of inventory. ERP business process improvements aim at efficiencies regarding: Supply chain management
9-7
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
i. Provides a dashboard and supplier prospect pipeline ii. Improved supplier relationship management Tracking freight i. Coordinated routes for drivers Real-time data i. Easily searchable and accessible data ii. Improved data visibility and sharing of information across the organization iii. Improved records help with notifications of current needs and projections of future needs iv. More accurate and detailed inventory counts and categorizations Data security i. Cloud backup, recovery, and risk avoidance Management focus i. Time savings allow managers to devote more attention to growth and other strategic goals
53. (SO 2,3,4) Identify an internal control procedure that would reduce the following risks in a manual system: a. The purchasing department may not be notified when goods need to be purchased. Require that an inventory control department monitor inventory records and request purchases (purchase requisition) when goods need to be reordered. b. Accounts payable may not be updated for items received. Require that the receiving department complete a receiving report for all goods received, and that a copy of the report is forwarded to accounts payable. c. Purchase orders may be prepared based on unauthorized requisitions. Require that the appropriate manager approve each purchase requisition by signing the requisition form. d. Receiving clerks may steal purchased goods. Require physical controls such as security cameras and supervision of receiving employees. Using a “blind” PO may also help since shortages (caused by goods being stolen) are more likely to be noticed. e. Payments may be made for items not received. Require a threeway match of the PO, receiving report, and invoice before approving the payment. f. Amounts paid may be applied to the wrong vendor account. Assuming that the payment was to the correct vendor but posted to the wrong account, it is very difficult to uncover this error. A
9-8
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
reconciliation of the subsidiary ledger to the accounts payable account may not uncover this because the total balance would be the same. It may be uncovered if someone notices that the records show payments to a vendor are in excess of amounts owed. There is no method to completely eliminate errors in posting. g. Payments may be made for items previously returned. Require a debit memorandum be completed for all returned goods, with a copy forwarded to accounts payable so that the balance owed can be changed. h. Receiving clerks may accept delivery of goods in excess of quantities ordered. First, there must be a clear policy on overshipments that receiving personnel can apply. For example, a policy may be written that overshipments under 5% can be accepted, but all others should be rejected and returned. Second, there must be a policy that all received goods are compared to a PO. Also, use a “blind” PO to force receiving personnel to count goods so they might more easily detect overshipments. i. Duplicate payments may be issued for a single purchase transaction. Require that payment documentation be “cancelled’ when payment is made. This stamp on the documents should help prevent duplicate payments. 54. (SO 2,3,4,5,6) Identify an internal control procedure that would reduce the following risks in an automated fully-integrated ERP systems such as Microsoft Dynamics GP: a. The purchasing department may not be notified when goods need to be purchased. In ERP systems, the inventory records are integrated so that the purchasing department is automatically notified when reorder points are reached. b. Accounts payable may not be updated for items received. In ERP systems, receiving reports are completed online so that the accounts payable records can be updated immediately. c. Purchase orders may be prepared on the basis of unauthorized requisitions. In ERP systems, POs require the electronic approval of the purchasing supervisor before the purchase can go forward. d. Receiving clerks may steal purchased goods. In ERP systems, an electronic invoice from a vendor would detect and signal the likely theft if there was not a match to a receiving report. e. Payments may be made for items not received. Because of the automated matching of the PO, receiving report, and vendor invoice, a payment would not be authorized if a receiving report was not present.
9-9
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
f. Amounts paid may be applied to the wrong vendor account. Because of the integrated ERP systems, vendors will not be misidentified. g. Payments may be made for items previously returned. Because of the integrated ERP systems, returns are automatically noted in the system so the invoice will be canceled. h. Receiving clerks may accept delivery of goods in excess of quantities ordered. Because the receiving report is completed online, it will be automatically and compared with the PO so that discrepancies can be identified immediately. i. Duplicate payments may be issued for a single purchase transaction. Because the vendor’s invoice and cash disbursement are maintained online in an integrated system, the invoice will be canceled once payment is made. This will prevent a duplicate payment. j. The accounts payable clerk makes a check out to himself (assume the company utilizes automated check signing functionality). Because the cash disbursements system is maintained online and integrated with the accounts payable system, a payment cannot be made to an unauthorized party. 55. (SO 2,6) Compare how a company with a manual process of matching a PO, receiving report, and vendor invoice would differ from a company that uses Microsoft Dynamics GP or other integrated ERP solution where automated (electric) matching of a PO, receiving report, and vendor invoice occurs. Explain how the audit of the manual and automated systems may differ. A company that uses an integrated ERP system for automated matching would create a PO electronically, and the purchasing supervisor would approve the PO electronically in the system. When newly-purchased inventory is received, the receiving report is completed online and automatically matched with the PO. When the vendor’s invoice is received, it is scanned into the system or received electronically, and the system’s document imaging system can retrieve the necessary information for matching the invoice with the receiving report and PO. By contrast, a manual matching process is likely to involve more time-consuming manual procedures for comparing paper documents. Auditors of ERP systems must audit within the computer, as the documents and files (and thus the audit trail) within those systems exist electronically. 56. (SO 1,10) Mary Vance’s coffee and pastry cart and p-card. Suggest some controls that should be in place. Identify some resources that need to be purchased for this business. The credit card used should
9-10
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
have a dollar amount limit as well as a daily limit. The card can also be restricted to certain kinds of vendors. For example, hotels, air fare, electronics stores, and liquor stores could all be vendors that would be prohibited purchases on this credit card. The types of resources that would be purchased are paper products such as coffee filters, paper cups, napkins, and plates; plastic utensils; ground coffee beans; creamer, sugar, sweetener, and milk; pastries; and various cleaning supplies. Finally, Mary should review all charges on the credit card each month to detect any misuse of the card. 57. (SO 1,5) Harding Company and business process reengineering project (BPR). BPR involves the radical redesign of processes, along with IT enablement of processes, to improve the efficiency and lower the cost of processes. BPR in a manual expenditure system would involve methods to convert manual processes into automated processes. Any of the IT enablement methods suggested in this chapter is a possible solution. Therefore, computer based document matching, evaluated receipt settlement, e-business or EDI, e-payables, and procurement cards are all possible. Some combination of these could also be implemented. For example, Harding could use an EDI system for purchases of inventory, but use a p-card for small supplies and travel expenditures. 58. (SO 2) Elliott Extrusion, Inc. computerization. Assume that Elliott Extrustion, Inc. is preparing to computerize the manual input processes such as completing a receiving report. Use Microsoft Excel to perform the following: a. Design an appropriate format for a data entry screen that could be used at the receiving dock to enter information from the packing slip in the company’s expenditure system. See the excel file “Problem 9-58.xlsx.” 59. (SO 2,4) The following list presents statements regarding the expenditure processes. Each statement is separate and should be considered to be from a separate company. For each statement, determine whether it is an internal control strength or weakness, then describe why. If it is an internal control weakness, provide a method or methods to improve the internal control. a. A purchasing agent updates the inventory subsidiary ledger when an order is placed. This is an internal control weakness. The purchasing agent is part of the authorization of orders.
9-11
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
Therefore, he/she should not have record keeping duties for those purchases. If one person has both duties, unauthorized purchases can be initiated and records can be altered to cover up these unauthorized purchases. These duties should be segregated, with someone who does not authorize nor have custody of purchases being assigned to the record keeping. b. An employee in accounts payable maintains the accounts payable subsidiary ledger. This is an internal control strength. The payable should be recorded when the invoice arrives and it matches a PO and receiving report. c. Purchasing agents purchase items only if they have received an approved purchase requisition. This is an internal control strength. The purchasing agents cannot initiate purchases without proper approval from a separate department or person. d. The receiving dock employee counts and inspects goods and prepares a receiving document that is forwarded to accounts payable. This is an internal control strength. Counting and inspecting goods ensures that they are not damaged and that the proper quantity was received. This prevents companies from paying full price for damaged or missing goods. e. The receiving dock employee compares the packing list to the goods received and if they match, forwards the packing list to accounts payable. This is an internal control weakness. Goods should not be compared to the packing list; they should be compared to the PO. A comparison to the packing list will not reveal any undershipments, overshipments, or product substitutions. An improvement would be to compare the goods received to the PO and forward a receiving report (not the packing list) to accounts payable. f. An employee in accounts payable matches an invoice to a receiving report before approving a payment of the invoice. This is an internal control weakness because the documentation is incomplete. The PO should also be matched to the invoice and receiving report. g. A check is prepared in the accounts payable department when the invoice is received. This represents two internal control weaknesses: 1) There is no document matching mentioned (PO, invoice, and receiving report); 2) Accounts payable should authorize the payment, but should not write the check. The matched documents should be forwarded to cash disbursements, where the check should be prepared.
9-12
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
60. (SO 4) Since the accounts payable system of matching purchase orders, invoices, and receiving reports can often be complex, organizations must routinely check to ensure they are not making a duplicate payment. The text book Web site contains a spreadsheet titled “invoices.xls”. Using your knowledge of spreadsheets and the characteristics of duplicate payments, identify any payments within the spreadsheet that appear to be duplicate or problem payments. For the following PO’s, there are duplicate payments in which the invoice amounts are exactly the same, and the same PO is referenced: PO 1514; invoices 5644 and 6871. PO 2635; invoices 7176 and 7700. PO 3477; invoices 7957 and 8340. PO 2818 was invoiced twice, but in different amounts and it could be a duplicate payment, or it could be two partial payments. We would need the amount of the purchase order to determine. 61.
(SO 2,3,4) Ammion Company is a small company with three people working in the expenditures processes. One of the three employees is the supervisor of the other two. Some tasks that must be accomplished within the expenditures processes are the following: a. Accounts payable record keeping. b. Authorization of new vendors c. Authorization of purchase returns d. Authorization of purchases e. Cash disbursements record keeping f. Check-signing authority g. Custody of inventory in the receiving area. h. Maintaining custody of cash. i. Preparation of a debit memo for a purchase return Required: For each of the three employees (supervisor, employee 1, and employee 2), consider the duties you would assign to each employee. In assigning duties, no employee should have more than three tasks and there should be a proper separation of duties to achieve appropriate internal control. List the three people, the duties you assigned to each employee and a description of why those assignments achieve proper separation of duties. There are likely to be a few possible answers that could be effective. The critical aspect is to try to segregate authorization, custody, and record keeping for
9-13
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
related events as much as possible. There is no “perfect” segregation since there are only three employees. Supervisor: duties F, G, and H. The supervisor would be the most logical person to sign checks, and as such, is responsible for custody of inventory and cash. As a supervisor, he/she can override internal controls so it is not as much a problem that there may be some incompatibility for a supervisor. Employee 1: duties A, E, I. This places all record keeping and document preparation with employee 1. He/she has no custody or authorization responsibility. Employee 2: duties B, C, and D. He/she can authorize vendors, purchases, and purchase returns, but has no custody or record keeping responsibility. 62. (SO 5,6,7,8) As noted in the chapter, increasingly companies with updated ERP systems are going paperless and documents and transactional data are being stored electronically. Outline the changes that would need to occur to ensure that there were adequate controls within the companies adopting a paperless option or any aspect of electronic storage. Business process reengineering would be needed to align business processes with the IT systems. This would facilitate computer-based matching of purchasing documents, ERS, or EDI. For computer-based matching, the PO, receiving report, and related records must be online or in databases. A. Security and Confidentiality 1. Authenticate users to reduce the risk of unauthorized access i. passwords ii. user IDs iii. biometrics iv. security tokens v. smart cards 2. Authority tables should be used to limit access to the system 3. Computer logs should be created to monitor system access B. Processing Integrity 1. Program logic must be precise with regard to appropriate identifying criteria 2. Routine system testing and management review are needed to ensure reliable processing C. Availability
9-14
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
1. Backup systems and files must be in place 2. Business continuity measures must be in place i. uninterruptible power supply ii. disaster recover plan For ERS, extensive online systems are necessary with online, purchase-related files. Extensive preparation is needed to establish close working relationships with vendors, negotiate firm pricing, and train receiving personnel to accept only exact matches. A. Security and Confidentiality – same as for computer-based matching systems B. Processing Integrity – same as for computer-based matching C. Availability – same as for computer-based matching For e-business and EDI, an electronic link must be established between buyer and seller, in the form of private leased lines, third party networks, or the Internet. A. Security and Confidentiality. In addition to the changes mentioned above, further measures should be taken to limit unauthorized access by hackers of other outsiders 1. Firewalls 2. Encryption of data 3. Monitor network weaknesses i. vulnerability testing ii. penetration testing iii. intrusion detection software B. Processing Integrity 1. Input controls i. field checks ii. validity checks iii. limit checks iv.reasonableness checks C. Availability. In addition to the availability requirements above, ebusiness and EDI systems require additional availability measures 1. Redundant server system 2. Capacity planning 3. Virus detection 63. (SO 7) Using a search engine, search the internet for information about Evaluated Receipt Settlement, or ERS. You may have more success by searching for the terms ERS and invoices together in one
9-15
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
search. Based on what you read about ERS on the web, what appears to be the difficulties encountered when a company implements ERS? The most frequent problem appears to be the reluctance of suppliers (vendors) to adopt the new processes. The switch to an ERS system is a complete change of the invoice and payment process and it requires that the company and its vendor have negotiated firm prices, and polices on shipments. Since this is such a radical change from the older way of doing business, vendors tend to resist the change. ERS does require extremely good working relationships between a company and its vendors. The company must trust the vendor to bill only “agreed upon” prices and not estimated prices. They must also have greater trust that the vendor ships the appropriate quantity and quality of goods. This would mean that they do not ship more than requested, nor do they ship lower quality items. 64. (SO 8) Ecker Manufacturing Company and EDI Controls. Required: Describe the IT controls that Ecker should include when it implements an internet EDI system. For each control you suggest, describe the intended purpose of the control. Since Ecker will be sending data electronically using a computer system, there are many general and application controls that should be a part of this IT system. Ecker may not be able to afford all of the general controls mentioned below, but it should implement as many as are cost effective. General controls include user IDs, passwords, log-in procedures, access levels, authority tables, firewalls, data encryption, vulnerability assessment, penetration testing, intrusion detection, software testing, and computer logs. These general controls limit unauthorized access to the IT system. To help prevent availability risks, general controls include business continuity planning, backup data and backup systems, firewalls, encryption of data, vulnerability assessment, intrusion detection, and penetration testing. The purchasing software and EDI translation software should also incorporate application input controls such as field checks, validity checks, limit checks, and reasonableness checks. 65. (SO 9) Using a search engine, search the internet for information about Electronic Invoice Presentment and Payment. You may have more success by searching for the terms EIPP and invoices together in one search. Based on what you read about EIPP on the web, what
9-16
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
are the advantages and disadvantages of EIPP? One of the concepts about EIPP is that is should benefit both the buying company and the selling company. What do you think the benefits are to buyer, and what are the benefits to the seller? The website Intrix Technology provides an overview of EIPP at www.intrix.com/wp-content/uploads/2010/08/EIPP.pdf This describes supplier benefits are: (1) Invoice creation and delivery which can save $7.25 per invoice as compared with traditional payment systems. In addition, invoices reach their destination faster and with fewer requests for another copy.; (2) Invoice accuracy; (3) Timely dispute resolution; (4) Online payment processing; (5) Better cash flow management; and (6) Improved customer service. Many of the advantages to the supplier are also beneficial to the buyer, including the time savings, accuracy, simplified dispute resolution, convenience of online payment processing, and improved customer service. Disadvantages to the supplier may include the financial outlay for systems and the time required for training and setup. 66. (SO 9) Using a search engine, search the Internet for an article titled “The Advantages of Customer Self-Service for B2B Electronic Invoice Presentment and Payment (EIPP)”. Briefly describe what the article calls the advantages of adopting EIPP. By capitalizing on the flexibility EIPP offers in creating customized invoices, businesses may gain a competitive advantage by offering customers choices that encourage loyalty and extend relationships. In addition, companies using EIPP can improve cash flow by shortening the time it takes to collect on invoices. At the same time, they may lower the overall cost of accounting operations, especially in the area of customer support. 67. (SO 11) You are an accounts payable clerk for a small home improvements contractor. Speculate on the type of fraud that could be in process here. What (if anything) could you do to ascertain the propriety of the transaction and still make the payment today? It is possible that the site supervisor has created a fictitious vendor name and a fictitious invoice and is seeking reimbursement for this false documentation. In an attempt to verify whether the company exists, you could examine telephone books or online listings of the address and phone number for the company. It would be important to confirm
9-17
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
that any address is not a post office box and it is not the same address as an existing employee. This approach is not a guarantee because it is easy to set up a “false storefront”. Ideally, the best controls are the approval of a vendor before any purchases occur with that vendor and payment through the existing accounts payable processes. 68. (SO 11) Two of the most common ways that employees commit fraud against their employers is the misstatement of reimbursable expense accounts and the misuse of office supplies for personal purposes. Although these schemes are usually not individually significant, their magnitude can be damaging if these practices are widespread. Develop suggestions for internal controls that could curb the occurrence of such fraudulent activities. Some useful controls would be: approval of these transactions before they occur; requiring the submission of original invoices or receipts before payment is made; and periodic audits of these expenditures.
Cases 69. (SO 2,4) Kenning Inc.’s processes related to purchasing. Required: 1. Draw a document flowchart of the purchase processes of Kenning. Refer to the separate Microsoft Excel file “Chapter 9 Solutions Process Maps.xlsx”. 2. Identify any weaknesses in internal controls within the purchase processes and indicate the improvements you would suggest. Weakness: No one person or department has been assigned responsibility to monitor inventory levels and determine when to order. Improvement: Assign responsibility to a department such as inventory control. Weakness: There is no purchase requisition completed and forwarded to purchasing to initiate the purchasing process. Improvement: Use a purchase requisition, approved by inventory control, to initiate purchases. Weakness: No copy of the purchase order is forwarded to accounts payable for a document match. Improvement: Forward a copy of the PO to accounts payable.
9-18
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
Weakness: the inventory control department updates inventory records based on a PO, not the goods received. Improvement: the inventory control department should update inventory from the receiving report. Weakness: No copy of the receiving report goes to inventory control or accounts payable. Improvement: Copies of the receiving report should be forwarded to accounts payable and inventory control so the records can be updated. Weakness: The packing slip – rather than the receiving report – is forwarded to accounts payable. Improvement: Forward the receiving report to accounts payable. Weakness: Accounts payable matches the invoice to the packing slip. Improvement: the accounts payable department should match the invoice to the PO and receiving report. Weakness: the cash disbursements department forwards a copy of the check to the general ledger department. Improvement: The cash disbursements department should send a summary journal voucher of check amounts, not a copy of each check. Subtotals – rather than individual check amounts – are posted to the general ledger. 70. (SO 2,4,5) Kacher Enterprises is a wholesaler that purchases consumer merchandise from many different suppliers. Required: 1. List any strengths and weaknesses in the internal control procedures of Kacher enterprises. STRENGTHS: * A manager in purchasing approves the PO before it is mailed. * The PO is prepared in 4 parts and these copies are forwarded to appropriate departments for future use. * If no PO exists for a shipment, it is returned. * The receiving report is prepared with three copies and those copies are forwarded to appropriate departments (one improvement would
9-19
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
be to forward a copy to a separate inventory control department; see first weakness below.) *Accounts payable does a three-way match of PO, receiving report, and invoice before approval of payment. *The matched documents are reviewed by a manager. *The check signer (treasurer) is segregated from the preparation of the check. WEAKNESSES: * There is no separate inventory control department to maintain inventory records. * The requisition should come from inventory control, not the warehouse. * The packing slip is compared to the purchase order instead of counting and inspecting the order. * The quantities on the receiving report are from the packing slip instead of a separate count by receiving employees. * If a separate inventory control department existed, a copy of the receiving report should be forwarded there. * In general, there is nothing in the description about record keeping – such as who updates inventory, accounts payable, and general ledger records. 2.
Draw a document flowchart of the expenditure processes. Refer to the separate Microsoft Excel file “Chapter 9 Solutions Process Maps.xlsx”. This would be an excellent time to reinforce to students that the process map shows processes, but not document flow. Since the document flowchart does show document flows, it is easier to see where some potential control weaknesses exist when viewing the document flowchart.
3.
Describe any benefits that Kacher may receive by installing a newer, IT system to process purchases, goods received, accounts payable, and checks. Be specific as to how IT systems could benefit each of the processes described. There are many types of IT systems for purchases, so the exact benefits would be somewhat dependent on the system chosen. However, any IT system would reduce the number of manual tasks which would improve efficiency, reduce costs, and decrease errors. For example, an IT system could:
9-20
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
* Monitor inventory levels and automatically generate a PO when quantities of individual items reach a reorder point. * Store documents such as POs or receiving reports online so that there need not be actual paper handling in forwarding documents between departments. * Match the PO, receiving, report, and invoice, leaving accounts payable personnel free to work on reconciliations of those accounts that do not match correctly. * Prepare and print checks. * Update related records in realtime as goods are ordered, received, or paid. * Provide better and more timely feedback to management about inventory levels, items on order, future expected cash flow, and details about expenditures. 71. (SO ) Maston Metals manufactures aluminum cans for the beverage industry. Required: a. Draw two process maps to reflect the business processes at Maston. One process map should depict the purchase processes and the second process map should depict the cash disbursements processes. Refer to the separate Microsoft Excel file “Chapter 9 Solutions Process Maps.xlsx”. b. Draw two document flowcharts to reflect the records and reports used by these processes at Maston. One flowchart should depict the purchase processes and the second flowchart should depict the cash disbursements processes. Refer to the separate Microsoft Excel file “Chapter 9 Solutions Process Maps.xlsx”. This would be an excellent time to reinforce to students that the process map shows processes, but not document flow. Since the document flowchart does show document, it is easier to see where potential control weaknesses exist when viewing the document flowchart. c. Describe any weaknesses in these processes or internal controls. As you identify weaknesses, also describe suggested improvements. Weakness: Inventory is ordered when it “seems low”. Improvement: There should be pre-established reorder levels for
9-21
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
each inventory item. Weakness: The inventory control department is not initiating orders by a purchase requisition. Improvement: An inventory control department should maintain inventory records and to complete purchase requisitions when inventory items reach the reorder level. Weakness: The purchase is automatically placed with the last (most recent) vendor used. Improvement: Purchasing agents should find the best price and not automatically use the last vendor. Weakness: No purchasing journal is used. Improvement: Purchasing updates the purchases journal as POs are completed. Weakness: There is no mention of rejecting goods received for which there is no PO. Improvement: Receiving should compare goods to the PO and reject shipments for which a PO does not exist. Weakness: No copy of the PO is forwarded to accounts payable. Improvement: A copy of the PO should be forwarded to accounts payable. Weakness: The receiving report is prepared from the packing slip rather than being based on a separate count and inspection. Improvement: Receiving personnel should be required to count and inspect goods and prepare the receiving report based on this count. Weakness: No copy of the receiving report is forwarded to accounts payable. Improvement: A copy of the receiving report should be forwarded to accounts payable. Weakness: No copy of the receiving report is forwarded to inventory control. Improvement: A copy of the receiving report should be forwarded to inventory control so that inventory records can be updated.
9-22
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
Weakness: Accounts payable prepares a cash disbursements voucher for all invoices and does not match the PO, invoice, and receiving report before preparing the voucher. Improvement: Match the three documents to ensure it is a valid order that was received in good condition before the voucher is approved. Weakness: the cash disbursements department forwards a copy of the check to the general ledger department. Improvement: The cash disbursements department should send a summary journal voucher of check amounts, not a copy of each check. These subtotals are to be posted to the general ledger, not each individual check. Weakness: there is no indication of who signs (authorizes) the check. Improvement: an appropriate manager should review the documentation supporting the check, ensure sufficient cash exists, and sign the check. Weakness: There is no mention of a reconciliation of the bank account. Improvement: The Treasurer should reconcile the bank account. d. Draw two new process maps that include your suggested improvements. One process map should depict the purchase processes and the second process map should depict the cash disbursement processes. Refer to the separate Microsoft Excel file “Chapter 9 Solutions Process Maps.xlsx”. 72. (SO 4) The United States General Accounting Office (GAO), Office of Special Investigations was charged with investigating a potential purchase fraud case. The man who committed the alleged fraud was a former civilian employee of the Air Force, Mark J. Krenik. Required: Describe internal controls that should be in place at the Air Force to help prevent such fraud. Internal controls that may help prevent or detect this include: A policy requiring that any special handling instructions be approved by
9-23
Chapter 9 Solutions Purchases
Expenditures Processes and Controls –
a manager above the person requesting the payment. A policy requiring that a vendor cannot be paid unless that vendor has been approved and established in the system through the regular vendor approval system. A segregation of approval so that the person requesting the payment cannot also verify that work was completed or deliveries made. A policy requiring a periodic audit of expenditures by the internal audit department so that the fraud may have been detected sooner. 73. (SO 2,4) The document flowchart shows part of the purchases and cash disbursements processes for Abbott, Inc., a small manufacturer of gadgets and widgets. Some of the flowchart symbols are labeled to indicate operations, controls, and records. Required: For each of the symbols (numbered 1. through 12.), select one response (lettered A. through T.) from the answer lists below. Each response may be selected once or not at all. 1. 2. 3. 4.
C R F L
5. 6. 7. 8.
M O P H
9. 10. 11. 12.
9-24
T N I K
Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets
Turner/Accounting Information Systems, 4e Solutions Manual Chapter 10 Concept Check 1. c 2. a 3. b 4. b 5. c 6. d 7. c 8. a 9. a 10. d 11. a 12. a 13. d 14. a 15. d 16. a 17. c 18. d
Discussion Questions 19. (SO 1) Sales and inventory purchases are routine processes that occur nearly every day in a business. How are these routine processes different from payroll or fixed asset processes? The major difference is the frequency of occurrence. As stated in the question, sales and purchases are often undertaken daily. Payroll occurs on a fixed schedule such as every week, biweekly, or at month-end. Payroll transaction volume might be large, but only at these time intervals. Some payroll events occur only when employees are hired or fired. Fixed asset processes occur on an “as needed” basis. The volume of fixed asset transactions is relatively small compared to sales or purchase transaction volume. Depreciation of fixed assets occurs on a fixed interval, such as at year-end.
10-1
Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets
20. (SO 1) Even though payroll and fixed asset processes may not be as routine as revenue processes, why are they just as important? They are important because payroll and fixed asset transactions are related to two very critical resources. An organization must have employees and facilities (fixed assets) to operate. 21. (SO 2) Why do you think management should specifically approve all employees hired? It is a nonroutine process, and therefore, the volume of hiring is usually small enough to allow specific approval of each hire. Specific approval is important because hiring the right people is one of the most important keys to success in an organization. Also, hiring unethical people – or people with criminal backgrounds – can be very detrimental to the company. 22. (SO 2) Why is it important that the human resources department maintain records authorizing the various deductions from an employee’s paycheck? First, state or federal laws require that employees authorize (allow) deductions from their salary or wages. Secondly, without adequate records, it would be difficult to ensure the correct deductions have been taken from employee wages. 23. (SO 2) Explain why an employee’s individual record is accessed frequently, but changed relatively infrequently. Typically, employees’ basic information does not change frequently. For example, name, birth date, SSN, either never change, or rarely change. Other employee information such as address, pay rate, or deductions change infrequently. However, some of this information, such as pay rate and deductions, must be accessed every time payroll checks are prepared. 24. (SO 2) Explain two things that should occur to ensure that hours worked on a time card are accurate and complete. Employees should update their individual time cards daily and a supervisor should check each time card and sign or initial it before it is forwarded to payroll for processing. If an employee does not update it daily, inaccurate information will likely result because it will be difficult to remember the specific start and end times of work. Supervisory approval serves as an independent check of the accuracy of time cards. 25. (SO 2) Explain the reasons that an organization would have a separate bank account established for payroll. A separate bank account for payroll makes it easier to account for payroll transactions and to distinguish these transactions from other cash disbursements. 26. (SO 3) What is the purpose of supervisory review of employee time cards? The supervisory approval serves as an independent check of the accuracy of the time card.
10-2
Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets
27. (SO3) Why is it important to use an independent paymaster to distribute paychecks? It is the best segregation of duties to have a separate paymaster to distribute any paper checks. A separate paymaster segregates the custody from authorization, preparation, and recording of paychecks. If these duties were combined, a person could commit payroll fraud by creating a fictitious employee. A separate paymaster helps ensure only active employees receive paychecks. 28. (SO 3) Why do payroll processes result in sensitive information and what is the sensitive information? The amount of salary or wages is sensitive, as well as the types and amounts of deductions. Also, personal information such as SSN, dependents, address and phone numbers are sensitive. 29. (SO 4) Why is batch processing well-suited to payroll processes? Because it involves transactions that can be grouped and processed at a particular time. For example, all hourly workers might be required to turn in time cards on Friday afternoon and be paid the next Tuesday. All of these time cards can be processed as a group/batch on Monday. 30. (SO 4) What are the advantages of automated time keeping such as bar code readers or ID badges that are swiped through a reader? Using these automated methods eliminates human steps that are error prone. Thus, timekeeping becomes more efficient and more accurate. 31. (SO 4) What are the advantages of outsourcing payroll? Outsourcing payroll provides increased convenience, confidentiality, and protection from risk of liability for failure to submit tax withholdings and reports. 32. (SO 5) Fixed assets are purchased and retired frequently. Given this frequent change, why are clear accounting records of fixed assets necessary? Not only must the cost and resale value be accounted for properly, but depreciation can only be calculated accurately with proper records, and any gain or loss on sale is computed based on accurate records. 33. (SO 5) Why is it important to conduct an investment analysis prior to the purchase of fixed assets? Since the dollar investment can be large and the capital budget is usually limited, there must be an orderly process to determine the best use of capital funds. 34. (SO 5) Explain why categorizing fixed asset expenditures as expenses or capital assets is important. Miscategorizing can have a dramatic impact on financial statements, and can therefore mislead the users of these statements. The amounts are usually large and therefore have a larger impact than would other transactions such as sales or inventory purchases. If a fixed asset expenditure is classified as an expense, it will understate the balances sheet assets and understate net income.
10-3
Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets
35. (SO 5) What are some of the practical characteristics of fixed assets that complicate the calculation of depreciation? For many companies, there is a large number and variety of fixed assets. These different asset types may have different service lives and different methods of depreciation. In addition, there are often additions or retirements of fixed assets. Finally, depreciation for fixed assets may require two different sets of accounting records; one for financial statement purposes, and one for tax purposes. 36. (SO 6) What is different about the nature of fixed asset purchasing that makes authorization controls important? Fixed asset purchases can involve very large amounts of money, and choosing the correct fixed assets is very important. Management should be purchasing fixed assets that have a good return on investment. For these reasons, fixed asset authorization usually requires a high level of manager approval, and usually requires an investment analysis such as net present value. 37. (SO 6) Explain the necessity of supervision over fixed assets. Fixed assets must be located throughout the company where employees have direct access to them. Employees could not do their jobs without these fixed assets. Since fixed assets are readily accessible to many employees, supervision is necessary to ensure that the assets are used for their intended purpose and that they are not stolen. 38. (SO 6) Why are some fixed assets susceptible to theft? In some cases, fixed assets are small or portable (i.e., laptop computers, tools, or vehicles). These might be easy to steal. Conversely, a large fixed asset such as a manufacturing robot would be more difficult to steal. 39. (SO 7) Explain why a real-time update of fixed asset records might be preferable to batch processing of fixed asset changes. Often, fixed asset changes are nonroutine transactions. Since the volume of these transactions may be small and any one transaction might affect only a single asset record, real-time updates may be more appropriate. 40. (SO 7) Why is the beginning of a fiscal year the best time to implement a fixed asset software system? Because it eliminates any mid-year adjustments for depreciation that would be necessary. 41. (SO 7) What negative things might occur if fixed asset software systems lack appropriate access controls? It would be easier for an employee to steal a fixed asset and alter the records to hide the theft. 42. (SO 8) Why might a supervisor collude with an employee to falsify time cards? In some cases, the supervisor might agree to the fraud so as to share in the extra money that results from the fraudulent pay. 43. (SO 8) How does the misclassification of fixed asset expenditures result in misstatement of financial statements? If something that
10-4
Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets
should have been recorded as a fixed asset gets recorded as an expenditure, assets and net income will both be understated. The opposite is true if an expenditure is misclassified as a capital asset – assets and income will be overstated.
Brief Exercises 44. (SO 2) Describe the type of information that a human resources department should maintain for each employee. Personnel records should include employee application, contract, resume, letters of recommendation, interview reports, pay authorization, and background investigation report. They should also include employee address, SSN, employment history, information about authorized deductions, vacation and sick time accrued, attendance and performance evaluation records, work schedule, and promotion or termination records. 45. (SO 2) The calculation of gross and net pay can be a complicated process. Explain the items that complicate payroll calculations. Each employee’s deductions are likely to be different. In addition, the payroll formulas must be applied to every employee in the company, one at a time. The process is further complicated the fact that the inputs tend to change constantly. Each payroll period will include some changes in the number of hours worked, pay rates or withholdings. 46. (SO 3) Explain how duties are segregated in payroll. Specifically, who or which departments conduct the authorization, timekeeping, recording, and custody functions? Authorizing, timekeeping, record keeping, and custody of the paychecks should all be separated. Namely, the human resources department, which is responsible for authorizing new employee hires and maintaining personnel files, should be separate from the payroll time reporting and record keeping functions, performed primarily by the payroll, cash disbursements, and general ledger departments. In addition, employees in each of these departments should not have check-signing authority and should not have access to the signed checks or cash account. The paymaster should not have responsibility for any of the related payroll accounting functions and should not have custody of cash. The paymaster should also be independent of the departmental supervision responsibilities, to be sure that paychecks are distributed to active employees. Finally, information systems operations and programming related to payroll processing should be separate from those having custody of payroll cash and those responsible for record keeping for payroll processes.
10-5
Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets
47. (SO 3) Explain the various reconciliation procedures that should occur in payroll. The number of hours reported on time sheets should be reconciled to the payroll register, and time sheets should be reconciled with production reports. Each of these reconciliations should be performed before paychecks are signed to ensure the accuracy of the underlying payroll information. In addition, the payroll register should be reconciled to the general ledger on a regular basis. Someone separate from the payroll processing functions should reconcile the bank statement for the payroll cash account on a monthly basis. 48. (SO 4) Explain the ways in which electronic transfer of funds can improve payroll processes. EFT can be used to directly deposit pay to employee bank accounts. This eliminates the printing and distribution of pay checks. The company can also use EFT to deposit taxes withheld and other employee withholdings. Finally, wage attachments that result from court proceedings can be transmitted via EFT. All of these EFT processes are faster and more efficient than preparing and mailing printed checks. 49. (SO 5) Explain the kinds of information that must be maintained in fixed asset records during the asset continuance phase. For each fixed assets, records must be maintained for the asset cost, estimated life and salvage value, depreciation, maintenance records, and repair or improvement costs. 50. (SO 6) The authorization to purchase fixed assets should include investment analysis. Explain the two parts of investment analysis. The first part is financial justification using a model such as net present value, payback period, or internal rate of return. The use of these models requires that dollar estimates be determined for costs and benefits of the fixed asset. The second part would be a written narrative of the benefits; especially any benefits that are difficult to quantify in dollars. A written narrative describing the need for a fixed asset investment can help justify the expenditure, especially when financial benefits do not immediately exceed costs. 51. (SO 8) Explain the types of unethical behavior that may occur in the fixed assets area. The use of estimates for useful lives and salvage values are an area where unethical managers can manipulate income statement or balance sheet amounts. Showing lower depreciation amounts can increase income and asset values above what they should be. In addition, misclassification of expenses as fixed asset expenditures can be used to show higher income and asset values.
10-6
Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets
Problems 52. (SO 2) Following is a time sheet completed by an hourly wage earner at Stephens, Inc. Use Microsoft Excel to perform the following: a. Design an appropriate format for a data entry screen that could be used in the payroll department to enter information from this time sheet in the company’s payroll software program. See the excel file Problem 10-52.xlsx. b. Prepare a payroll journal. See the Excel file Problem 10-52.xlsx. 53. (SO 2) The text book Web site has a Microsoft Excel spreadsheet titled payroll_problem.xls. This spreadsheet is used by Nieman Company to calculate its bi-weekly payroll. Using the information in that spreadsheet, calculate all details for the February 22, 2018 payroll. Hours worked by each employee are contained in the first worksheet. The following four worksheets contain details for each of the three employees and a total of the three employees. The last worksheet contains federal tax withholding tables to calculate federal tax to withhold. You will calculate gross pay and deductions for all three employees. See the excel file payroll_problem_solution.xlsx. After students have completed the spreadsheet exercise, it might be a good discussion question to ask how a payroll software program would improve the efficiency and accuracy of the payroll process. 54. (SO 5) The text book Web site has a Microsoft Excel spreadsheet titled fixed_asset.xls. The spreadsheet represents a fixed asset subsidiary ledger for Brock Corporation. On July 3, 2018, Brock purchased for the office a multifunction printer/fax/copier from Rande Office Supplies for $250. The machine has no salvage value and a four year life. Add a new ledger record for this machine and calculate and record the 2018 depreciation expense for all fixed assets. Brock uses straight-line depreciation with a half-year convention. See the Excel file fixed_asset_solution.xls. After students complete the spreadsheet exercise, it might be a good discussion to ask how a fixed asset software program would improve the efficiency and accuracy of the fixed asset processes.
10-7
Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets
55. (SO 6) Explain the process of approval of purchases for fixed assets. How does this process differ from that of purchasing raw materials? When a request to purchase a fixed asset is initiated by a manager, a formal investment analysis should occur. A cost-benefit analysis (such as net present value) should be undertaken, and it should include a written justification of the monetary benefits and costs as well as any those that are not easily quantifiable. There should also be an established capital budget, and all fixed asset purchase requests should be analyzed and compared to other requests within that budget. A determination should be made of the best use of the limited capital funds. Since fixed asset expenditures may involve large dollar amounts, there should also be specific manager authorization for the purchase. The company should have an established policy to identify the level of managerial approval needed for various expenditure levels. The processes mentioned above are most of the different processes for fixed asset purchases when compared to raw material purchases. One other difference is that requests to purchase raw materials generally originate in inventory control or production scheduling; the requests for fixed asset purchases would come from various managers of operating units within the enterprise. The other processes of the purchase – such as POs, document matching, and cash disbursements – are similar to raw material purchasing processes. 56. (SO 3) Using an Internet search engine, search for the phrase “biometric time clock” (be sure to include the quotation marks). Based on your search results, describe a biometric time recording system and its advantages. A biometric time clock system identifies employees and records time using unique physical human characteristics such as finger prints, hand prints, face, retina, or voice patterns (the most common is a finger print). In a biometric time recording system, a scanner is installed to read the finger print and record employee arrival and departure times. The advantage to the employee is its ease of use, as employees no longer need to record times on a time card or keep track of an ID badge. Employers also see advantages, as time keeping is more accurate and complete, payroll is more accurate, employees are identified with certainty, building security is increased, and “buddy punching” is eliminated (where an employee activates the time clock for a coworker who is actually absent).
10-8
Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets
57. (SO 7) Using an Internet search engine, search for the phrase “fixed asset software” (be sure to include the quotation marks). Examine the results to find companies that sell fixed asset software. List and explain some of the features of fixed asset software that these companies use as selling points for their software. One software vendor (http://www.realassetmgt.com/fixed-assetmanagement-software.html lists the following benefits: Multi-company, multi-currency, and multi-lingual capabilities. Easily access a complete audit trail with history/actions performed by all users. Calculate depreciation for one book or multiple books (state, federal and corporate). Compute and retain depreciation figures for past, current and future periods. Create ‘Parent/Child’ asset relationships to establish key dependencies and hierarchies. Produce a full range of standard and customized reports and forecasts. Set user-defined data and description fields (up to 30 levels of analysis). Conduct full and partial asset disposals, transfers, re-lifes, revaluations and splits. Upload images of assets for identification purposes. Adapt quickly to the familiar Windows® inspired interface. Comply with corporate governance regulations such as the SarbanesOxley Act. Utilize seamless links to project cost control module. Take advantage of fixed asset tracking capabilities. Directly import raw data, in a range of formats. Access the fixed asset register remotely. Establish individual or group access rights for security purposes. Quickly add new asset details in a single input screen. A simple process for depreciation calculations whether for individual assets or groups of assets. Several methods of depreciation including Straight Line, Double Straight Line, Reducing Balance, Variable Rate, Adjusted Declining, Digressive, MACRS, ACRS, adjustments and Residual, Multiple Units of Production (MUOP) and Non Depreciating The ability to forecast depreciation as far into the future as desired. The ability to recalculate the current period’s depreciation to reflect
10-9
Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets
updates in the asset register. A powerful, built-in report engine that provides more than 100 standard reports and thousands of customizable reports. A full audit history for events including disposals, transfers, asset splits, re-lifes and revaluations can be accessed in seconds. The ability to physically and financially move an asset from one cost center to another without re-keying information. The software can display asset images and associated documents such as emails, invoices, purchase orders and contracts. 58. (SO 8) Read the article at this link: http://www.offthegridnews.com/privacy/how-car-insurance-companiesare-tracking-your-every-move/ Describe any ethics considerations in using such technology. Consider both the company and employee perspectives. Also discuss whether you believe the use of this device could be an internal control for the company. Yes, it is ethical for a company to use such devices because they have a valid business related purpose. As stated in the article, they would use it to monitor driving habits. This enables the insurance company to create patterns of drivers and categorize dangerous versus safe drivers. Those placed in the safe category might realize significant savings in their auto insurance rates. Without these devices, the insurance company would rely on traffic reports for accident data and history of traffic violations to categorize its drivers. There are a number of reasons why such data may be incomplete with regard to a driver’s actual safety practices. Therefore the company has many valid reasons to monitor the use of these vehicles. Students may wish to advance an argument that such “spying” or monitoring by the company is unethical. This could be a very rich and fruitful discussion. From the customer’s perspective, the ethical behavior is to drive in a safe manner. Customers may feel that the monitoring technology is ethical as long as they are notified of its use and purpose. This line of thinking should also be an interesting and fruitful class discussion. Yes, it is an internal control to prevent or detect abuse of the service (an insurance policy) provided by the insurance company. This type of internal control is intended to safeguard the company’s assets. The tracking device helps ensure that the customer’s vehicle is not misused
10-10
Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets
and that company funds are not misused by paying out insurance claims for drivers who do not operate their vehicles safely. As is true for any internal control, the company would have to determine whether the use of this technology is cost effective. There are two types of cost: tangible, measurable costs of buying and maintaining the tracking systems; and intangible costs associated with a decrease in customer satisfaction caused by customers feeling that they are constantly monitored by “big brother. There could also be tangible costs associated with losing customers as a result of adopting this tracking policy. The company must determine if cost savings from using the tracking system offsets the tangible and intangible costs. 59. (SO 8) Using an Internet search engine, search for the terms “Patti Dale” and “theft” (be sure to include the quotation marks around the name). Explain the unethical behavior that occurred. Also, explain any internal controls that you believe were missing or not followed in this case. Patti Dale was a 20 year employee of the University of North Texas who organized a payroll fraud scheme that resulted in the theft of $255,185 from UNT. She allowed students and friends of her son to falsify payroll time sheets. She issued paychecks for work not done and received a kickback from these students. She also fraudulently hired friends of her son and paid them for work they did not do, and she submitted over $65,000 in falsified travel expenditures It appears the most important internal control missing is segregation of duties. No single person should authorize hiring and approve time cards. It appears her supervisor, the Dean, should have been approving time cards. An automated system of time keeping such as ID badge swiping or a biometric record keeping system would have reduced the falsified time records.
Cases 60. (SO 2,3,4) Florenzo Corp. is a small manufacturing firm with 60 employees in seven departments. Required: Describe any improvements you would suggest to
10-11
Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets
strengthen the payroll internal controls at Florenzo. Currently, the department managers hire employees and distribute paychecks. This gives managers the opportunity to create fictitious workers and have custody of those checks. Two noted improvements include: 1) Final hiring approvals should be in the HR department, not the department managers, and 2) Paychecks should be distributed by an independent paymaster, not the department managers. Currently, the pay rate is written on the employee W-4 by the department manager. The HR department should determine pay rates. Time cards are now kept in a holder near the door and workers keep them all day. This gives employees too much opportunity to misuse time cards. They can easily be stolen, altered, or used for “buddy punching” where an employee clocks in for a coworker. Time cards should be more secure or the company should use a more advanced solution such as automated time keeping through the use of ID badges or biometric time recording. Currently, the time cards are removed from the holder on Friday and taken to payroll by “an employee who is not busy”. Two improvements are needed: 1) the supervisor should review and approve each time card, and 2) there should be a designated person charged with delivering time cards to payroll. Rather than the manager calling the payroll department to report a pay rate change, written documentation should be required using a personnel action form. Without such documentation, there is no audit trail of rate changes. In addition, a manager may suggest rate changes, but final approval should occur in the HR department. The company should use an imprest payroll account for paychecks rather than its regular checking account. There is no mention of the cash disbursements department approving a check from the regular account to be deposited in the payroll account. This should occur if a separate payroll account exists.
10-12
Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets
61. (SO 2,3,4) Massie Enterprises has payroll processes as described in the following paragraphs. Required: a. Prepare a process map of the payroll processes at Massie. Refer to the Microsoft Excel file “ch10_solutions_process_maps.xlsx”. b. Identify both internal control strengths and internal control weaknesses of the payroll processes. STRENGTHS There is a separate HR department involved in hiring and terminations, including the completion and approval of documents related to hiring and terminations. Hiring, terminations, and pay rate changes are all initiated by HR on personnel action forms. This creates proper approval and an audit trail. Two copies of each paycheck are created: the original is forwarded to cash disbursements; a copy goes to accounts payable. Cash disbursements, not payroll signs the checks. The payroll department, the proper department to do so, is updating the payroll ledger. WEAKNESSES There is no supervisory approval of time cards. There is no reconciliation or independent check of hours worked. There is no separate payroll checking account. There is no mention of vouchers for payroll that are forwarded to cash disbursements so that a check can be written to the payroll account for the total of the payroll. There is no independent paymaster to distribute checks. Unclaimed checks are returned to payroll, not a paymaster. c. For any internal control weaknesses, describe suggested improvements. Purchase and use an automated time keeping system, as it would be more accurate and less susceptible to fraud. Supervisors should approve time cards before forwarding them to payroll. There should be a reconciliation to job cards or an independent verification of hours worked.
10-13
Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets
Use a separate bank account for payroll. Accounts payable should prepare a voucher for the total payroll amount and cash disbursements would write a check to be deposited in the payroll account. An independent paymaster should distribute checks. Unclaimed checks should go to a department not involved in the authorization or preparation of paychecks. For example, they could be returned to internal audit. 62. (SO 5,6,7) Gemma Company is a mid-size manufacturing company with 120 employees and approximately $45 million in sales. Required: a. Identify any internal control strengths and weaknesses in the fixed asset processes at Gemma. Explain why each of those that you identify are strengths or weaknesses. STRENGTHS A cost-benefits process exists for new asset requests. There is an independent review of costs and benefits of proposed assets by the finance department. A discounted cash flow analysis is undertaken before purchase. There is a pre-established capital budget. A high level manager must approve asset purchases. Payment is not made until the PO, receiving report, and invoice are matched. The accounts payable department updates the accounts payable subsidiary ledger and fixed asset records. WEAKNESSES A set of levels of approval, dependent on the amount of the asset, have not been established. The VP of operations may not necessarily need to exhaust all funds. If there are not enough asset proposals with acceptable cost-benefit, then it would be better to not spend all funds. Buyers should receive bids on assets, especially those assets with very high purchase price. Assets are always delivered to a user department, rather than receiving.
10-14
Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets
b. For each internal control weakness, describe improvement(s) in the processes to address the weakness. Establish higher levels of managerial approval for assets with higher costs. Establish a policy that assets must meet some minimum level of discounted cash flow return before the purchase can be approved. Establishing a bid process for assets that exceed a certain dollar amount. When practical, fixed assets should be delivered to receiving for count and inspection. This may not be possible for fixed assets such as those that must be installed at the user location. 63.( SO 5,6,7) The Sominnay Company has the following processes related to fixed assets. Required: Describe any improvements you would suggest to strengthen the fixed asset internal controls at Sominnay There should be a more formal approval process that would include: identification of costs and benefits, a discounted cash flow analysis, a specific authorization from a high level manager. There should be established expectations of return on investment that assets must be expected to achieve before purchase is approved. A bid process should be established for assets of high value. When practical, fixed assets should be delivered to the receiving department. This may not be possible for fixed assets such as those that must be installed at the user location. Expected life and salvage values should be estimated for each asset instead of using the same values as the previous purchase. 64. (SO 5,6)(CMA Adapted) Kandace Co. makes automobile parts for sale to major automobile manufacturers in the United States. Required: Identify any internal control weaknesses and suggest improvements to strengthen the internal controls over machinery and equipment at Kandace. Weakness: The asset purchase approval process lacks many important processes. Improvement: There should be a more formal approval process that
10-15
Chapter 10 Solutions Expenditures Processes and Controls – Payroll and Fixed Assets
would include: identification of costs and benefits, a discounted cash flow analysis, a specific authorization from a high level manager. Weakness: Asset purchases are approved as long as funds exist. Improvement: An established threshold should be set for return on investment; assets must be expected to achieve this level of return before a purchase is approved. Weakness: There is no bid process, or a process to find the best price on the asset. Improvement: A bid process should be established for assets of high value. Lower-cost assets may not need a bid process, but prices from two or more vendors should be compared to find the best pricing. Weakness: Assets are not inspected at the receiving dock. Improvement: When practical, fixed assets should be delivered to the receiving department and inspected for damage before delivery to the user department. This may not be possible for fixed assets such as those that must be installed at the user location. Weakness: Depreciation methods, rates, and salvage values have not been changed for 10 years. Improvement: Depreciation methods, rates, and salvage values should be reviewed each year. Weakness: It appears the characteristics of each assets are not evaluated in setting salvage values and life. Improvement: Expected lives and salvage values should be estimated for each asset. Weakness: The plant manager notifies property accounting of retirements, but it does not indicate that any documents are prepared, or that approval is necessary. Improvement: Formal documents should be prepared for asset disposals and retirements, with proper managerial approval and established policies for handling disposals and retired assets. Weakness: There is no reconciliation of the fixed asset records. Improvement: a yearly count of fixed assets and reconciliation to the fixed asset records should occur.
10-16
Chapter 11 Solutions
Conversion Processes and Controls
Turner/Accounting Information Systems, 4e Solutions Manual Chapter 11
Concept Check 1. d 2. d 3. c 4. c 5. a 6. c 7. c 8. a 9. c 10. d 11. c 12. b 13. b 14. d 15. d
Discussion Questions 16. (SO1) What are the three resources that an organization must have to conduct a conversion (or transformation) process? The three resources are materials, labor, and overhead. 17. (SO1) Does a conversion process occur in manufacturing companies only? Why or why not? All companies have a conversion process. That is, all companies use resources to provide an output for customers. Even in the case of service companies or non-profit organizations, there are conversion processes. Manufacturing entities typically have more complex conversion processes. 18. (SO1) Why are conversion activities typically considered routine data processes? Within conversion processes, there are daily, routine processes that occur. For example, laborers may assemble parts every day. Since these processes occur daily and repetitively, they are routine. 19. (SO2) Differentiate between a bill of materials and an operations list. The bill of materials lists the materials and components that are ingredients to manufacture a particular product. The operations list is the set of steps or operations, in the necessary sequence, to manufacture a product. The operations list includes the locations, resources, and standard timings.
11-1
Chapter 11 Solutions
Conversion Processes and Controls
20. (SO2) Differentiate between the role of engineering and the research and development department. Engineering designs the detailed specifications for each product to be manufactured. Research and development (R&D) focuses on improvement of products or product lines. It is intended to develop new products or improvements to existing products, so it has more of a future focus that engineering. 21. (SO2) What are the two types of documents or reports that are likely to trigger the conversion process? A sales order or a sales forecast would trigger the conversion process. Manufacturing would not be started until a need for products was documented on either a sales order or sales forecast. 22. (SO2) What are the three primary components of logistics? They are planning, resource management, and operations. Planning is concerned with which products will be made, how many of each of these products will be made, which resources are required, and the timing of production. Resource management is the monitoring and control of the use of resources such as the facilities, human resources, and inventory. Operations is the day-to-day performance of production activities. 23. (SO2) What types of information must be taken into consideration when scheduling production? The information that should be considered includes all open sales orders, inventory needs, and resources available. 24. (SO2) Differentiate between a routing slip and an inventory status report. A routing slip documents materials removed from the storeroom and placed into production. An inventory status report documents the extent of work completed and the levels of inventory at the various stages of completion. 25. (SO2) What are the conversion responsibilities of the maintenance and control, inventory control, inventory stores, and human resources departments? Maintenance and control maintains the fixed assets such as production facilities, machinery, equipment, and vehicles. Inventory control manages and records the movement of materials and inventory. Inventory stores maintains the raw materials held in storage that will eventually be used to produce goods. Human resources manages the placement and development of personnel. 26. (SO2) What is the purpose of an inventory status report? An inventory status report documents the extent of work completed and the levels of inventory at their various stages of completion. 27. (SO2) What is the overall goal of the inventory control department? Its purpose is to manage and record the movement of materials and inventory throughout the production process. 28. (SO2) What is the purpose of the Quality Control department? Its purpose is to inspect products and to allow products that meet quality standards to be moved to a warehouse or shipping area. Products that do not meet quality standards are returned to production for rework or they are scrapped. 29. (SO3) What is the purpose of determining standard costs? Standard costs are used as benchmarks. Comparing actual costs to standard costs allows managers to determine whether excessive resources are being used in production. 30. (SO3) What should be done when unfavorable variances are discovered? These differences (variances) help pinpoint problem areas in production. Since unfavorable variances result from actual costs that exceed standard costs, they may indicate that
11-2
Chapter 11 Solutions
Conversion Processes and Controls
excessive resources are being used in production. This information could be used to improve logistics in the conversion processes. 31. (SO3) Why would perpetual inventory records be preferable to periodic inventory records in a manufacturing company? Perpetual inventory records provide management with the most up-to-date information about inventory levels, which improves the ability to plan production schedules and plan materials purchases. 32. (SO4) Which three activities in the conversion process should require specific authorization before they are begun? The three processes that should require specific authorization are: initiation of production orders; issuance of materials to production; and transfer of finished goods. 33. (SO4) Why is it important to separate the functions of inventory control and the production stations? What could go wrong if these functions were not separated? Inventory control maintains records of inventory, while production stations have custody of materials during production. Custody duties and recording duties for raw materials and good being produced should always be segregated. If these duties are not segregated, one person has both custody and record keeping duties. That person could steal materials or goods and alter records to cover up the theft. 34. (SO4) Why is it so important that variance reports be prepared in a timely manner? Variances serve as independent checks on the accuracy and completeness of production costs. They also indicate to management where changes may be needed to improve the production processes. If variances are not examined on a timely basis, they are much less effective in serving the functions of independent checks. 35. (SO4) Explain how a physical inventory count would be used differently by a company using a perpetual inventory system versus a periodic inventory system. In a perpetual inventory system, a physical inventory count is used to verify the accuracy of inventory records. If a difference exists between the inventory balances and a physical count, perpetual inventory records are adjusted to ensure that the recorded balances equal the physical count. In a periodic system of inventory, there is no ending balance in the records and the physical count is used to determine the balance to record in the inventory control records. 36. (SO5) When IT systems are used in conversion processes, what are some of the resulting advantages to the organization? There are often gains in productivity and flexibility, with reductions in time and cost. Also, IT systems often integrate processing applications, planning, resource management, operations, and cost accounting. This increases workforce efficiency and reduces paperwork and costs. 37. (SO5) How can programmed controls within the IT system for conversion processes enhance internal controls? There are several ways that programmed controls enhance internal control. First, validation of data can detect input errors before actions are initiated. Also, the system may be programmed to issue error reports for errors or unauthorized events in production. As examples, the system could issue error reports if a work-in-process record is not generated for a production order, or if the same operation is performed at multiple work stations, or when an employee performs incompatible operations. 38. (SO5) What is the difference between CAD, CAM, and CIM? CAD is computer aided design. By using the computer in the design process, it becomes more effective and efficient. CAM is computer aided manufacturing. It usually involves
11-3
Chapter 11 Solutions
Conversion Processes and Controls
computer controlled robotics to perform production procedures. CIM is computer integrated manufacturing. It encompasses more than CAM because it integrates financial and cost accounting, along with computer controlled manufacturing. That is, the computer controls robotic manufacturing, and also captures, records, and maintains accounting information about production processes. 39. (SO6) Provide examples of warning messages that ERP systems can provide to help managers better monitor the conversion process. Examples include email alerts sent to managers as notification of problem areas such as when available raw materials reach a prescribed reorder point or when shipments of raw materials have not arrived when expected. 40. (SO6) How can conversion processes be manipulated to show higher earnings? Cost accounting uses absorption costing in which fixed overhead is applied to units produced. When excess units are produced, the excess units become part of ending inventory and the fixed overhead attached to those units is included in ending inventory. Therefore, as more units are added to ending inventory, more fixed overhead is deferred and net income grows. Thus, income can be manipulated by producing more units than needed and putting those units in ending inventory.
Brief Exercises 41. (SO1) Consider a company that is in the business of producing canned fruits for grocery stores. (It is not in the business of growing the fruit.) List the items that would likely be included as this company’s direct materials, direct labor, indirect materials, and other overhead. Direct materials would include many different kinds of fruits such as pineapple, peaches, grapes, cherries, pears, and mandarin oranges. The direct materials could also include sugar or fructose. The indirect materials might be water. Direct labor would include the costs of employees who work directly in the cleaning, peeling, slicing, and packaging of the fruit. Even if these processes are automated rather than manual, the workers who operate the slicing or packaging machinery are direct labor. Other overhead includes other indirect costs of running the canning operation that are not direct materials or direct labor, including utilities, rent, depreciation, machine maintenance, and supplies. 42. (SO2) Give some examples of manufacturing processes that would fit into each of the three different types of production processes: continuous processing, batch processing, and custom made-to-order. Continuous processing examples: Soft drink bottling, beer bottling, frozen meal processing (Lean Cuisine, Banquet), cereal, toy making such as dolls, electronics manufacturing such as i-pads, power generation as in coal-fired plants. Examples of batch manufacturing might be: wine making, gasoline production, prescription pill production. Many things that could be continuous production might
11-4
Chapter 11 Solutions
Conversion Processes and Controls
also be made in batches for convenience or efficient use of machinery. For example, equipment to bottle soft drinks might be used for a few hours to bottle a batch of Pepsi, then be cleaned and set to produce a batch of Mountain Dew. Examples of custom, made-to-order manufacturing would include consumer products identified as customized. For example, BeyondBikes.com makes custom mountain bikes using specific parts chosen by the customer. Also, many companies make custom manufactured products for other companies. Examples include specially machined parts or components, custom made manufacturing machinery or tools, and print shops that print custom made printed material. 43. (SO2) List and describe each activity within the planning component of the logistics function. Planning includes research and development, capital budgeting, engineering, and scheduling. Research and development is the design of new products, or the redesign of existing products to improve the existing products. Capital budgeting is the planning needed in the outlay of funds to acquire capital assets. Capital assets include the facilities and equipment needed to conduct operations. Engineering develops the product specifications for each product, to include the bill of materials and the operations list. Scheduling sets the timing for production activities and is responsible for minimizing idle time and scheduling products to meet the demands of the sales forecast or inventory needs. 44. (SO2) Some companies use the same facility for both inventory stores and warehousing. Describe the difference between these two inventory control activities, and how the respective areas might be distinguished within the facility. Inventory stores usually is the term used for storing raw materials or components used as inputs to manufacture products. A warehouse is the storage location for finished products. Thus, inventory stores is the storage for inputs, while the warehouse is storage for the out puts. Since both are physical storage locations for manufacturing facilities, they have common needs for security and physical controls, as well as proper and accurate record keeping. 45. (SO2) For the following activities within the conversion process, place them in sequence that indicates the order in which they would normally be performed: Preparation of a production schedule Preparation of a bill of materials Materials issuance Preparation of time sheets Inspection of goods Preparation of an inventory status report 46. (SO 2, 3) Describe the purpose of each of the following cost accounting records or reports:
11-5
Chapter 11 Solutions
Conversion Processes and Controls
a. Work-in-process and finished goods inventory accounts. Both are inventory accounts to track the amount of goods in process and the quantity of completed goods respectively. b. Bill of materials. It specifies the quantities needed of each raw material or component to manufacture a particular product. c. Variance reports. Show differences between actual costs and standard costs (expected costs). These reports are used to pinpoint problem areas that may require logistics changes to improve the manufacturing process. d. Routing slips. Used to track and document the physical movement of materials in the conversion process. 47. (SO3) Describe how a cost accountant would cancel a production order upon completion of the related product. Why is this important? The documentation for the order, called the production order, should be marked in a manner to show it is complete. For example, a cost accountant might sign a particular line to show it is completed, or stamp the production order with the word “Completed”. This cancelling of the document is important so that the exact status of the order is clear and the document may not be misused to commit fraud. (A production order that has not been cancelled could be used to fraudulently begin a new production run so that the products could be stolen.) 48. (SO4) When taking a physical inventory count at a typical manufacturing facility, which category of inventory (raw materials, work-in-process, or finished goods) is likely to be the most time-consuming to count and determine the relevant costs? Why? Work-in-process is likely to be the most time consuming. This is because the workin-process includes all units in production at various stages of completion and these units could be located at many different work stations or work centers. Tracking the location, quantity, and stage of completion for each work-in-process unit would be more complex than tracking units of raw materials or finished goods. 49. (SO4) Identify several factors that indicate the need for more extensive internal controls covering conversion processes. Risk factors include: number of products made; value or size of products (valuable or small products are more likely to be stolen), high levels of inventory movement, inventory held at multiple locations, and inventories that are difficult to value.
11-6
Chapter 11 Solutions
Conversion Processes and Controls
50. (SO5) Using the table below, match the IT systems on the left with their definitions on the right: CAD – b CAM – g MRP – f MRP-II – c RFID - h ERP – e CIMs – a JIT – d.
a. A network including production equipment, computer terminals, and accounting systems. b. Electronic workstation including advanced graphics and 3-D modeling of production processes. c. Automated scheduling of manufacturing resources, including scheduling, capacity, and forecasting functions. d. The minimization of inventory levels by controlling production so products are produced on a tight schedule in time for their sale. e. A single software system that includes all manufacturing and related accounting applications. f. Automated scheduling of production orders and materials movement. g. Production automation, including use of computers and robotics. h. The use of tiny tags affixed to inventory items to automatically monitor movement and to account for the various stages of processing.
11-7
Chapter 11 Solutions
Conversion Processes and Controls
Problems 51. (SO2) Suppose a company has 1,000 units of a raw material part on hand. If 750 of these units are routed into production, should the company place an order to stock up on more of these parts? To answer this question, determine the economic order quantity (EOQ) for this part assuming that: a. the company plans to use 10,000 units during the coming year b. the company orders this part in lots of 1,000 units, and each order placed carries a processing cost of $2.50 c. each unit of inventory carries an annual holding cost of $6.40. To calculate the reorder point, take the square root of (2 x 10,000 x .0025)/6.4 = 2.795 batches; round to 3 batches of 1,000. Since the company’s materials on hand is reduced to 250 units after the current production run, it is time to reorder. More products should be ordered whenever a production run causes inventory levels to fall below three batches or 3,000 units. 52. (SO4) Suppose a company is experiencing problems with omitted transactions in the conversion process; i.e., inventory transactions are not always being recorded as they occur. Use Exhibit 11-8 to describe at least three internal controls that should be in place to help alleviate such problems. To better ensure that all inventory transactions that occur are properly recorded, these three controls would be important: 1) All production orders and routing forms should be on pre-numbered forms. This reduces the risk that a transaction will be overlooked because the entire sequence of documents must be accounted for when recording the inventory movement; 2) There should be a segregation of duties involving those who maintain inventory custody and those who maintain records. If these duties are not segregated, someone could authorize extra production without recording it, therefore creating the ability to steal this excess inventory; 3) Each inventory production order transaction must be authorized in the manner prescribed by management. Without clearly defined authorization procedures, extra production can be initiated that is never recorded in inventory records.
11-8
Chapter 11 Solutions
Conversion Processes and Controls
53. (SO5) Using an Internet search engine, search for the terms “CAD” + “industrial robots”. Identify a company (name and location) that provides manufacturing automation using robotics. Describe some of the robotic operations that are featured on the company’s website. FANUC Robotics America is the leading supplier of robotic automation in the US. This company provides robotics for assembly, packing, parts transfer, material removal, welding, and painting. There are too many robotics to explain each, but as an example, FANUC sells a P-10 door opener that is a vertically articulated robot designed specifically for opening automobile and truck doors to facilitate robotic interior painting. There are other companies that provide industrial robots, including KUKA, Epson Robotics, Denso, and Yaskawa Motoman, to name a few. There are many other companies and a student might find names other than these. 54. (SO5) Using an Internet search engine, search for the terms “just in time” + “automotive”. Based on the results you find, explain why just in time inventory systems are such an important factor in the competitive automotive industry. Just-in-time production systems are intended to be efficient methods to produce cars, yet maintain smaller inventories of the various parts and pieces needed to produce a car. Under a just-in-time system, the parts are delivered to the production floor right at the time they are needed. It saves companies the cost of storing and moving these parts and can save related costs such as insurance and taxes on inventories. It is part of the entire philosophy of “lean manufacturing” that increases manufacturing efficiency and reduces costs. In the automotive industry, Toyota developed the use of JIT in the 1970s, and other auto manufacturers adopted it soon thereafter. However, many auto manufacturers have begun to rethink the use of JIT. In March of 2011, Japan experienced a large earthquake that shut down auto manufacturers and many of the companies that supply parts. The sales of Japanese manufactured cars were greatly reduced because auto assembly lines had to be shut down due to lack of parts. In addition, the manufacture of auto parts is a very competitive market. Many automotive part makers have shut down, leaving only a few suppliers of some types of parts. If a natural disaster occurs that affects one or more of those few plants, the auto manufacturers are at risk of running out of parts. For example, one German plant made one-fourth of the world-wide supply of a nylon component used in plastic fuel lines. An explosion at the plant interrupted production and the impact on auto manufacturers could be drastic.
11-9
Chapter 11 Solutions
Conversion Processes and Controls
55. (SO6) Explain how the over-production of inventories can be seen as unethical in an absorption costing environment. In absorption costing, fixed overhead is allocated to each unit of inventory. Thus, overproduction that leads to increased levels of finished goods inventory results in more fixed overhead in the ending inventory valuations. A higher ending inventory valuation leads to lower cost of goods sold and thereby, higher net income. If the only purpose for this overproduction is to manipulate net income, it is unethical because it misleads those who use the financial statements. 56. (SO6) Price discounts are commonly used in the business world as incentives for customers. How is it that this practice (or its misuse) may be deemed unethical? If it is used as a coercive tactic to lure customers into purchasing early, and therefore increasing profit in a given year, it can be unethical. This is true if the major intent is to inflate profits. Certainly, there are legitimate reasons to grant discounts, but it becomes unethical when the intent is to use discounts to inflate sales. 57. SO3) Austin Bar Supply manufactures equipment for bars and lounges. While the company manufactures several different products, one product is a blender that bartenders use to make certain kinds of drinks. Using information in a spreadsheet template provided, complete the requisition form to calculate the quantity and cost of the parts needed to manufacture a batch of 500 bar blenders. From the book Web site http://www.wiley.com/college/turner, you can download a spreadsheet template named requisition.xls. To look up the cost from the price list sheet, you will use a spreadsheet function called VLOOKUP. Be sure to design your formulas in a way that will incorporate changes in the batch size or changes to costs of individual parts. See “requisition solution.xls” on the book’s website. 58. (SO 5) Using an Internet search engine, locate a publication entitled “RFID Journal”. Find a recent article that describes the use of RFID in manufacturing. Briefly describe the example(s) discussed in the article. This answer will vary tremendously depending on the article chosen by the student. At the time this solution was written, a current article on the web is the following: http://blog.atlasrfidstore.com/what-is-rfid-used-for-in-applications. It identifies logistics and supply chain management, inventory tracking, materials management, and fixed asset tracking as typical uses. However, it also provides other uses outside of these areas that are innovative. These uses include tool tracking, selfserve kiosks such as DVD rental, laundry management, and interactive marketing. In a July 2012 article, typical RFID tags use at New Sunshine is described. New Sunshine is a manufacturer and distributor of tanning lotion products sold to tanning salons. These are expensive lotions with selling prices up to $140 per bottle. New Sunshine had been searching for a way to reduce product diversion and
11-10
Chapter 11 Solutions
Conversion Processes and Controls
counterfeiting. Product diversion is the, “rerouting of items for sale through unauthorized, unofficial or unintended channels.” Such diversion damages the brand and customer loyalty. These RFID tags monitor the bottle during shipping to the customer (the tanning salons). A summary paragraph from the article best describes the use of the RFID tags. In this way, the lotion company can maintain a record of when each specific carton and bottle packed within that carton was shipped, as well as its intended recipient, such as a distributor or a salon. If the product then appears within another supply chain stream, such as being sold by an unauthorized merchant, a record has been established as to when that product was initially shipped, and to whom, thereby enabling New Sunshine to more easily trace the diversion.
Cases 59. (SO 2,3,4,5) Holloway Enterprises documentation and internal controls. Required: a. Draw a process map of the conversion processes at Holloway Enterprises. Refer to the separate Microsoft Excel file “Chapter 11 Solutions Documentation.xls”. b. Draw a document flowchart showing the records used in Holloway’s conversion processes. Refer to the separate Microsoft Excel file “Chapter 11 Solutions Documentation.xls”. c. List any strengths and weaknesses in Holloway’s internal control procedures. For each weakness, suggest an improvement. STRENGTHS When a production schedule is prepared, the quantities of raw materials are checked and, if needed, a purchase requisition is prepared. The initiation of the purchase requisition is segregated from Purchasing. Cost accounting is segregated from authorization and custody functions. Standard costs are used and variances are calculated and monitored. The general ledger responsibility is segregated from all other authorization, custody, and record keeping functions. The general ledger is only updated based on journal vouchers received from other departments. WEAKNESSES In the stores department, Bryan Lewis has custody of inventory and he has record keeping responsibility for inventory. Record keeping responsibility should be assigned to someone who is not responsible for authorization or
11-11
Chapter 11 Solutions
Conversion Processes and Controls
custody of inventory. In production planning, Kate Betton orders materials from stores based on a sales forecast and material requisition forms. However, it is not possible to know how much material is needed until the bill of materials is analyzed. As the case reads, she prepares the bill of materials after ordering materials. These steps should take place in the opposite order. She should take the sales forecast, then analyze the bill of materials for that product, multiply the number of units to be produced times the quantities on the bill of materials, and then prepare a materials requisition based on these quantities. Kate Betton has custody of inventory as the supervisor, and she is also responsible for authorization of production. These two duties should be segregated. Ideally, production planning should be completely segregated from the production room activities. An inventory subsidiary ledger is mentioned, but there is no mention of a reconciliation to the general ledger. There should be a periodic reconciliation of the subsidiary ledger to the general ledger. Job cards are not reconciled to time cards. Cost accounting should reconcile to lessen the chances or errors or fraud. d. Describe any benefits that Holloway may receive by installing newer IT systems within its conversion processes. Be specific as to how IT systems could benefit each of the processes described, or how they could eliminate any weakness identified per c. above. IT systems could enhance Holloway’s IT system. If the conversion process components were integrated, the related inventory and personnel records could be maintained online. This would enable job cards to be automatically prepared from time cards, so the reconciliation would be conducted by the system. In addition, an inventorygeneral ledger interface would eliminate the need for a manual reconciliation of the two records. Furthermore, this would ease Kate Betton’s responsibility for ordering materials, as she could easily access the bill of materials to facilitate accuracy of her ordering. These features would greatly enhance efficiencies in the conversion processes at Holloway. Some IT systems could even monitor inventory levels and automatically order and dispatch materials as needed. These systems, such as ERP systems, may be too expensive for this size company. 60. (SO 2,3,4) Snow Sport, Inc. documentation and internal control weaknesses. Required: a. Draw a process map of the conversion processes at Snow Sport. Refer to the separate Microsoft Excel file “Chapter 11 Solutions Documentation.xls”.
11-12
Chapter 11 Solutions
Conversion Processes and Controls
b. Draw a document flowchart showing the records used in Snow Sport’s conversion processes. Refer to the separate Microsoft Excel file “Chapter 11 Solutions Documentation.xls”. c. List any strengths and weaknesses in Snow Sport’s internal control procedures. For each weakness, suggest an improvement. i. Weakness: In the storeroom, Lynn Jonns has physical custody of inventory and also maintains inventory records. Improvement: Assign the maintenance of inventory records to a person who does not have access to inventory. ii. Weakness: Amie Trolley prepares authorization documents such as production schedules and production orders, and she also manages the production process. Improvement: Ideally, the authorization to begin production should be segregated from those doing or managing the production. iii. Weakness: Lynn Jonns forwards copies of the bill of materials and routing slips to cost accounting. Since these are the only copies that are forwarded to cost accounting, and since Lynn has custody of inventory, he could steal inventory and alter these documents to hide the theft. Improvements: segregation of duties as mentioned in (i) above, as well as separate copies of the bill of materials and routing slips could be forwarded to cost accounting from production planning. iv. Weakness: Job cards are not reconciled to time cards. Improvement: Cost accounting should reconcile to lessen the chances or errors or fraud. v. Weakness: There is no mention of an inventory subsidiary ledger. Improvement: An inventory subsidiary ledger should be maintained by someone who does not have authorization or custody functions within inventory. Ideally, an Inventory Control department would maintain such records, but this company may not be large enough to have a separate inventory control department. vi. Weakness: There is no mention of a reconciliation of the subsidiary ledgers to the general ledger. Improvement: An inventory subsidiary ledger should be reconciled to the general ledger. 61. (SO 2,3,4,5) RightLine, Inc. and automated systems. Required: a. List the problems with the existing system at Sole. The problems are late deliveries to customers, delayed production, out-of-stock and backordered materials, inventory and production records that are not up-todate, and an inability to accurately predict delivery dates for customers. b. Identify the relevant information that the production and inventory managers need to accumulate in order to support the decision to automate the conversion process. The relevant information would be proposed automated systems that would lessen these problems, the
11-13
Chapter 11 Solutions
Conversion Processes and Controls
estimated costs and benefits of these systems, and the time necessary to implement these systems. There are probably several alternative types of automated systems and this data should be collected for all viable alternatives. As an example, the company could choose a very new type of system such as RFID systems (Radio frequency ID), or slightly older technology based on bar coding systems. To make the best decision about the best fit for RightLine, management would need the information suggested above. Ideally, when investigating and implementing new systems, the company should follow the process described in chapter 6, the System Development Life Cycle (SDLC). Such a process involves feasibility studies and cost-benefit analyses for all alternatives considered. c. List specific items that could be provided by an automated system, and describe how this would be essential to the company’s continued success. The items that could be provided by an automated system are: i. A record-keeping system that could be in real-time. Changes in inventory could be recorded as they occur. This single feature would dramatically lessen all the problems described in the case. Out-of-stock materials, delayed production and delivery, and inaccurate estimates would all improve if the company had realtime inventory information. Real-time inventory levels allow purchases and usage to be properly planned and production flow to be improved with better material flow. These improvements would reduce delays in production, out-of-stock material, and the inability to predict delivery dates. ii. Fewer human errors in an automated system. Inventory records will become more accurate with an automated system. There are many reasons that an automated system would reduce errors. First, manual record keeping and posting would be eliminated. Second, certain types of IT systems could eliminate keying of information and any keying errors. For example, bar code or RFID systems would eliminate or reduce keying of information because the system would read the bar codes or ID chips. These advanced IT systems could also reduce human errors inherent in physically counting inventory or tracking its movement. More accuracy in inventory records will also improve the problems with delays and inability to accurately predict delivery dates. iii. Labor savings from eliminating or reducing manual steps. iv. More accurate, timely, and flexible feedback information to management. Automated systems will provide more timely reports and these reports could be more easily customized to management needs. The case mentions the week backlog in clerks updating accounting records. The elimination of this backlog, as well as the real-time aspect of automated systems, will allow much more timely feedback information about inventory status and flows. v. The ability to integrate inventory transactions directly into related modules such as production planning, accounts payable, and
11-14
Chapter 11 Solutions
Conversion Processes and Controls
general ledger. This would eliminate manual recording or rekeying of information into the related modules. 62. (SO 7,8)(CMA Adapted) Bold Automation, Inc. and ethical issues. Required: a. What should Paul Duffy do? Explain your answer and discuss the ethical considerations that she should recognize in this situation. (Since this is adapted from a CMA question, you might wish to direct students to the “Resolution of Ethical Conflict” section of the IMA Statement of Ethical professional Practice at www.imanet.org). The ethical conflict arises because of the competing interests involved. There is a disclosure issue that might suggest that the board should know about the defects. There is also the opposite side that it is not possible or practical to bring every defect issue to the board of directors. The ethical conflict involves how and who should decide which issues are important enough to bring to the board. There are always two sides to any story and in this case, there are two sides to the chip defect story. Paul believes his report should be presented to the board of directors, while the plant manager and the controller believe it would be too alarming to the board. From the brief description in the case, it is not possible to know which of these two views is most defensible. That is, it may be possible that Paul is correctly concerned about this issue. It could just as well be true that the plant manager is correct. Thus, Paul must exercise care in how he proceeds. While he may be an expert in the cost aspect of manufacturing the chips, he would know less about how the board of directors is informed of things and the impact the negative report could have on the board of directors. Thus, he may need to further investigate the negative impact of the defects. Once he is clear that he has correct information, his first step should be to meet with his supervisor, the controller, to discuss why he believes the board should have his report. He should provide a fully documented report of why he believes the board should be informed. If he does not believe the ethical conflict has been resolved, he should inform the controller that he will meet with the next level of management, the plant manager, to discuss the issue. If there is no satisfactory resolution of the issue with the plant manager, Paul should continue up the chain of management, but he should always inform each manager that he is planning to meet with the next level of management. Going up the chain of management allows those who have the responsibility to decide which information to report to the board to make the decision. Paul is not the correct person to be making the decision about which information the board should have, but he can be an advocate for his report as he works up the chain of management. The IMA guidelines do not support taking any such ethical conflict to parties outside the company unless there is a clear violation of the law. In addition, Paul can call the IMA’s confidential ethics counselors for guidance on how to proceed. If the company has a less ethical environment, Paul could face retaliation for pushing to bring this information before the
11-15
Chapter 11 Solutions
Conversion Processes and Controls
board. So, Paul should be aware of the implications within the environment of his company. If, in fact, the company management is unethical and would retaliate, he may find it would be better to work elsewhere. Leaving the company may be in his best interest if he would rather work in an ethical company and it may also best protect him from future blame if things go wrong in the company. Often, unethical people will try to shift blame to others. b. What corporate governance functions are missing at Bold’s? Be specific and describe the facts of the case and their relevance to corporate governance. There is no mention in the case of a code of ethics. A good code of ethics might help guide the upper management, or Paul, as they consider these ethical issues. The case does not give enough detail to truly assess the aspect of tone at the top. The ethical tone or example set by the board of directors and upper managers is a very important part. It is possible that plant manager’s behavior could be ethically suspect, but we cannot know for certain. It is also possible he raises very real concerns that the report is more alarming than it need be. So without knowing the tone at top, we can only suggest that an ethical tone at the top is one of the most important aspects. If the board of directors and top management had set out some objectives and guidelines of how they wish to operate ethically, it would help all involved in the ethical conflict to know how to proceed. It may also set an environment in which lower level managers such as the plant manager would know that upper level managers would be disappointed in his performance if he did not bring forth such issues. That is, what kind of behavior does the board and top management encourage and reward? The tone at the top sets the expectations of lower level managers as to whether they are more likely to be rewarded for open disclosure, or not disclosing problems. There have been companies that have a culture of hiding information, such as the Enron example. All other aspects such as management oversight, internal controls, and financial stewardship are not addressed in the case so it is difficult to know whether these corporate governance functions are missing. Each of these should be in place if the company had a good corporate governance structure.
11-16
Chapter 12 Solutions
Administrative Processes and Controls
Turner/Accounting Information Systems, 4e Solutions Manual Chapter 12
Concept Check 1. c 2. d 3. b 4. b 5. b 6. b 7. a 8. d 9. b 10. a
Discussion Questions 11. (SO 1) What characteristics of administrative processes are different from the characteristics of revenue, expenditure, or conversion processes? The characteristics of administrative processes that are different from revenue, expenditure, or conversion processes are the frequency of occurrence and the extent of management authorization. Whereas revenue, expenditure, and conversion processes typically occur on a regular, recurring basis (usually daily), administrative processes occur on a non-regular basis, either as the need arises or on a periodic basis. Therefore, revenue, expenditure, and conversion processes usually involve established procedures and controls that allow these processes to occur without intervention or specific authorization by management. Administrative processes, on the other hand, typically require that specific authorization for each transaction would be necessary. 12. (SO) How do other processes (revenue, expenditure, conversion) affect the general ledger? Revenue, expenditure and conversion processes affect the general ledger periodically through the administrative processes of financial reporting. This is the process of funneling all of the transactions into the general ledger accounts so they can be included in various financial reports. 13. (SO 2) How would you describe capital?
12-1
Chapter 12 Solutions
Administrative Processes and Controls
Capital can be described as the funds used to acquire the long-term capital assets of an organization. Capital usually comes from long-term debt or equity. 14. (SO 2) Describe the nature of the authorization of Financial capital processes. Financial capital processes are those processes that authorize the raising of capital, the execution of raising capital, and the proper accounting of that capital. Because of the magnitude and importance of these methods of raising capital, these financial instruments should be used only when necessary. The transactions and resulting processes related to loans, bonds, and stock should be executed only when management authorizes, and the use of the resulting capital must be properly controlled and used. 15. (SO 2) How does the specific authorization and management oversight of Financial capital processes affect internal controls? Since top management authorizes and controls the capital transaction processes, there is inherent control. The fact that these transactions and processes cannot occur without specific authorization and oversight by top management is a strong internal control. 16. (SO 3) Describe when an organization would have a need to undertake investment processes. An organization would need to undertake investment processes when it finds that it has more funds on hand than necessary to operate the business. The proper performance of the stewardship function would suggest that management should park (or invest) the excess funds in a place that it can earn a return. 17. (SO 3) Why is the monitoring of funds flow an important underlying part of investment processes? The monitoring of funds flow is an important part of the investment process because funds should be invested only if management has no immediate plans for their use. Therefore, future cash needs of the organization should be monitored regularly in comparison with cash balances to determine if there are excess funds available for investment. 18. (SO 3) How are IT systems potentially useful in monitoring funds flow? IT systems can help management to monitor the organization’s cash needs by forecasting future cash payments and collections. The system can continually compare current cash balances to forecasted needs and sources and provide feedback to top management about potential excess funds that would be available for investing. 19. (SO 4) Explain how cash resulting from Financial capital processes may be handled differently than in revenue processes. The cash resulting from Financial capital processes is likely to be handled differently than in revenue processes because of the large sums of money involved in Financial capital transactions. Whereas collections from revenue processes are typically
12-2
Chapter 12 Solutions
Administrative Processes and Controls
handled by the organization’s employees, these employees are not likely to handle the large sums of cash that tend to result from stock sales or other Financial capital transactions. Instead the funds are usually transferred electronically between brokers and banks. 20. (SO 4) What advantages would motivate management to conduct fraud related to Financial capital processes? Management may be motivated to conduct fraud through the Financial capital processes because of the large sums of money that tend to result from these transactions. In addition, there is a lack of traditional controls covering this process; there are no other employees responsible for reporting or controlling these transactions. Internal controls are not as effective in this area because of their nonregular occurrence and their dependence on close scrutiny by top management and the auditors. The opportunity is greater for management to perpetrate fraud in this process than for other more routine processes. 21. (SO 4) Why are internal controls less effective in capital and investment processes? Internal controls are not as effective in this area because of their non-regular occurrence and their dependence on close scrutiny by top management and the auditors. The opportunity is greater for management to perpetrate fraud in this process than for other more routine processes. 22. (SO 5) How is a special journal different from a general journal? A special journal is a chronological record of specific types of transactions (such as a sales journal, purchases journal, cash receipts journal, etc.); whereas a general journal records irregular, non-recurring transactions that are not included in a special journal. 23. (SO 5) How is a subsidiary ledger different from a general ledger? A subsidiary ledger is a detailed record of routine transactions, with an account established for each entity; whereas a general ledger is a summary of information from special journals, with specific accounts established for each type of transaction. A subsidiary ledger is updated whenever new transactions occur. A general ledger is updated periodically for the summarization of the special journal details. 24. (SO 5) In what way are subsidiary ledgers and special journals replicated in accounting software? Subsidiary ledgers and special journals are replicated in accounting software as they are summarized for the general ledger postings at the end of the period. Although transaction recording in the special journals and subsidiary ledgers takes place at the time the transaction occurs, their replication in the general ledger is an end-ofperiod summarization process. 25. (SO 6) Within accounting software systems, what is the purpose of limiting the number of employees authorized to post to the general ledger?
12-3
Chapter 12 Solutions
Administrative Processes and Controls
Limiting the number of employees authorized to post to the general ledger allows management to give general authority to certain employees to post to the general ledger. Through the assignment of limited access to the general ledger module, management can limit the capability of general ledger posting to selected employees. When an employee with the appropriate access level logs into the accounting system, he can process the general ledger posting. Employees who have not been given access to general ledger posting will be unable to post to the general ledger. In this manner, management may be able to prevent the recording of unauthorized general ledger transactions. 26. (SO 6) In a complex IT system, how may a customer actually “authorize” a sale? A customer may actually authorize a sale in a complex IT environment when their inventory systems interact. For example, When a customer’s inventory levels fall below an establish reorder point, the IT system may authorize a transfer of products from the supplier to the customer. This means that the sale and subsequent update of sales and receivable accounts are triggered by the customer’s computer system. Therefore, these systems require pre-existing and negotiated relationships between buyer and seller companies. Both parties must have already approved these processes and established IT systems that execute the processes. 27. (SO 6) To properly segregate duties, what are the three functions that general ledger employees should not do? Three important segregations should be in place in a manual general ledger system. The three segregations are that the general ledger employees should record journal vouchers, but they should not (1.) authorize journal vouchers, (2.) have custody of assets, or (3.) have responsibility for recording the transactions in the subsidiary ledgers. 28. (SO 6) In an IT accounting system, which IT controls assure the security of the general ledger? In an IT accounting system where the records are electronic file images, access to the system is limited through the use of user IDs, passwords, and resource authority tables. These general controls establish which employees have access to specific records or files. 29. (SO 7) Describe the nature of reports for external users. Since external users do not need detailed balance information on every existing account in the general ledger, certain accounts may be combined or “rolled up” into a single line item that appears on a financial statement. This summary process may occur for all of the line items on the general purpose financial statements. The four general purpose financial statements, the balance sheet, income statement, statement of cash flows, and statement of retained earnings, are each derived from general ledger account balances. These general ledger balances are rolled up in such a manner as to provide summarized information that is useful to evaluate business performance.
12-4
Chapter 12 Solutions
Administrative Processes and Controls
30. (SO 7) Does the general ledger provide all information necessary for internal reports? The general ledger does not provide all information necessary for internal reports. Internal reports often rely on information from various parts of the organization. For instance, manufacturing, retail, service, and charitable organizations would each use different types of information to manage the details of their revenue and expenditure processes. In each of these scenarios, non-financial information is often useful to managers in order to supplement the financial information derived from the general ledger. In addition, there may be detailed financial and non-financial information in an organization’s accounting system that is useful for internal reporting purposes but may not be readily apparent in the general ledger. In addition, internal reports may contain past or future information that is not included in the current period’s general ledger. 31. (SO 7) How would operational internal reports differ from financial internal reports? Operational internal reports focus on non-financial details of operations, such as machine hours, down-time, inventory and sales units, headcounts for human resources, etc. These types of operational reports may not be prepared from data in the general ledger. However, as transactions are recorded in the accounting processes, financial as well as non-financial data is accumulated. Therefore, the accounting system often records both financial and operational data that can be used in reports. Financial reports, on the other hand, are prepared directly from ledgers, journals, and other accounting records. 32. (SO 7) How does time horizon affect the type of information in internal reports? In day-to-day management, managers are more likely to use unit measures and physical counts. For time horizons of one month or longer, however, managers are more likely to use financial measures such as those generated by information in the general ledger. 33. (SO 8) Why are managers, rather than employees, more likely to engage in unethical behavior in capital and investment processes? There are three main reasons why management may be more likely to engage in unethical behavior in the capital and investment processes: Employees typically do not have access to the assets or records in the capital and investment processes. These assets and records are controlled by management because of their non-routine nature and because of the high amounts of related funds. Internal controls for these processes are dependent upon the close scrutiny and specific authorization of top management, whereas employees typically have no authority over these types of transactions. However, managers are most likely to be tempted to alter or hide financial information in an effort to improve the appearance of the organization’s financial results for investors and creditors. The non-routine nature of these transactions makes it more difficult to hide fraudulent transactions. Fraud as committed by employees would be
12-5
Chapter 12 Solutions
Administrative Processes and Controls
much easier to hide within the volumes of transactions in the routine processes like revenues, expenditures, etc. 34. (SO 8) How do processes with large volumes of transactions make fraudulent behavior easier? The routine nature and large volumes of transactions in the processes for sales, purchases, payroll, etc. make it easier for employees to hide fraudulent transactions or unethical behavior. Fraud may be hidden in the large masses of transactions within these processes. 35. (SO 8) Explain the importance of full disclosure in Financial capital processes. Full disclosure is extremely important in the Financial capital processes so that creditors can be fully informed of all relevant information in making credit decisions. Accordingly, financial reports and other disclosures must be complete and accurate in order to avoid misleading any current or potential creditors.
Brief Exercises 36. (SO 2) Describe the steps in Financial capital processes and explain how top management is involved. When the need for capital arises, the Board of Directors is consulted for approval and for determination of whether debt of equity capital will be pursued. If equity capital is chosen, a stock underwriter will be contracted to sell the shares of stock and collect the proceeds. The company will need to determine whether or not to pay dividends. If debt capital is chosen, the company will need to decide whether it should issue bonds or borrow the funds. If bonds are chosen, the company will contract with a bond underwriter, who will sell the bonds and collect the proceeds, as well as handle the periodic payment of interest. If funds are borrowed, arrangements must be made for the bank loan by contracting with creditors. The proceeds will be collected and periodic interest will be paid. Throughout this process, management is involved in most of these steps. Management would present the need for capital to the Board of Directors. Depending on the Financial capital determined by the Board, management would then be responsible for contracting with the appropriate party (stock or bond underwriter or bank creditor). Finally, management would be involved in the arrangements for collecting proceeds from the Financial capital processes as well as the payment of interest or dividends. 37. (SO 3) Describe the steps in investment processes and explain how top management is involved. When excess funds are identified, they are to be evaluated in comparison with upcoming needs of the organization. If it is decided that the excess should be invested, the type of investment must be determined. The company may invest in marketable securities, in which case it would contract with a stock broker to buy stocks or bonds (and sell these securities as necessary). Alternatively, the company may invest in treasury stock, in which case it would contract with a stock broker to buy the treasury shares and reissue shares as desired. Throughout this process,
12-6
Chapter 12 Solutions
Administrative Processes and Controls
management involvement occurs at many points. Management is responsible for monitoring cash flows to determine if excess funds exist and if they are available for investment or needed for upcoming operations. Management would also be responsible for contracting with a stock broker for the purchase of stocks, bonds, or treasury stock (as well as the subsequent sale of these investments, as needed). 38. (SO 4) Explain the internal control environment of Financial capital and investment processes. For both Financial capital and investment processes, the important control is the specific authorization and oversight by top management. The very close supervision of these transactions helps prevent risks related to the theft or misuse of the cash that is related to capital and investment processes. In addition, the large sums of money involved in capital and investment decisions usually dictates that the cash not be handled by the regular company employees. Instead, the funds are likely to be transferred electronically between brokers and banks. Because of the high risk of management fraud in these processes and the potential for management circumvention of controls, typical internal controls such as segregation of duties and reconciliations are not as effective in the prevention or detection of fraud surrounding these processes. As an added control feature, auditors are often urged to carefully examine capital and investment transactions. 39. (SO 5) Describe the steps in a manual accounting cycle. When a transaction occurs, it must be identified as either routine or non-routine. Routine transactions are recorded in a special journal and subsidiary ledger; nonroutine transactions are recorded in the general journal. At the end of the day, week, or other period, the journals and ledgers are summarized and posted to the general ledger. General ledger totals are summarized in a trial balance, and end-of-period adjusting entries are prepared. The adjusted general ledger is used to prepare financial statements. Once the financial statements are completed, closing entries are prepared, then the cycle may begin anew. 40. (SO 6) Describe why it is true that there may be two authorizations related to sales, revenue, and conversion processes before they are posted to the general ledger. In a properly controlled accounting system, transactions within the revenue and conversion processes must be authorized before they are carried out. In addition, another authorization is needed to begin the process of posting entries from the special journals and subsidiary ledgers to the general ledger. Thus, there may be two authorizations related to these routine processes. 41. (SO 8) For each report below, indicate whether the report is likely to be for internal or external users (some reports may be both), and whether data would come exclusively from the general ledger. The format would be: Report Name
Internal or External
Exclusively G/L Data?
The reports are: Income statement
External
Yes
12-7
Chapter 12 Solutions Aged accounts receivable Inventory stock status Open purchase orders Machine down-time Cash flow statement Production units produced
Administrative Processes and Controls Both Internal Internal Internal External Internal
No No No No No No
Problems 42. (SO 1, SO 2) Compare the Financial capital processes to sales processes in terms of: a. The frequency of transactions b. The volume of transactions c. The magnitude in dollars of a single transaction d. The manner of authorization Compared with the sales processes, (a. and b.) Financial capital processes occur much less frequently and in smaller volumes. Whereas sales transactions typically occur on a daily basis (and may even occur several times per day), Financial capital transactions tend to occur in small volumes and on an irregular basis. Often, there may be only a few times within any given annual period that a Financial capital transaction occurs. In addition, (c.) the magnitude of an individual Financial capital transaction tends to be much greater than for an individual sales transaction. Finally, (d.) whereas routine sales transactions are usually authorized by employees having general authorization privileges, Financial capital transactions require specific authorization of management. 43. (SO 1, SO 3) Compare the investment processes to sales processes in terms of: a. The frequency of transactions b. The volume of transactions c. The magnitude in dollars of a single transaction d. The manner of authorization Compared with the sales processes, (a. and b.) investment processes occur much less frequently and in smaller volumes. Whereas sales transactions typically occur on a daily basis (and may even occur several times per day), investment transactions tend to occur in small volumes and on an irregular basis. Often, there may be only a few times within any given annual period that an investment transaction occurs. In addition, (c.) the magnitude of an individual investment transaction tends to be much greater than for an individual sales transaction. Finally, (d.) whereas routine sales transactions are usually authorized by employees having general authorization privileges, investment transactions require specific authorization of management. 44. Exhibit 12-8 shows a screen capture from Great Plains accounting software. The following modules in Great Plains are shown:
12-8
Chapter 12 Solutions
Administrative Processes and Controls
Financial Sales Purchasing Inventory Payroll Manufacturing Fixed Assets For each of the transactions listed, explain which module would you choose and why. a. Entering an invoice received from a supplier. b. Entering the receiving of materials at the shipping dock. c. Enter a check received in payment of an account receivable. d. Posting a batch of sales invoices to the general ledger. e. Enter hours worked by employees. f. Print checks for suppliers a. Entering an invoice received from a supplier- this would fall under the Purchasing module. The purchasing module is appropriate because it would record the purchase or expenditure in the purchases journal, as well as the related payable to the supplier in an accounts payable subsidiary ledger. b. Entering the receipt of material at the shipping dock – this would fall under the Inventory module. The inventory module is appropriate because it would record the items on hand and the movement of goods available for production. c. Entering a check received in payment of an account receivable – this would fall under the Sales module. The sales module is appropriate because it would include collections of sales in the cash receipts journal and the related customer accounts in the accounts receivable subsidiary ledger. d. Posting a batch of sales invoices to the general ledger – this would fall under the Financial module. The financial module is appropriate because it includes all accounting cycle functions, including the summarization of special journals and their posting to the general ledger. e. Entering hours worked by employees – this would fall under the Payroll module. The payroll module is appropriate because it records all periodic workforce activities in a payroll journal. f. Printing checks for suppliers – this would fall under the Purchasing module. The purchasing module is appropriate because it would record the payment to the supplier in an accounts payable subsidiary ledger as well as the related release of funds in a cash disbursements journal.
12-9
Chapter 12 Solutions
Administrative Processes and Controls
45. Incredible Sound, Inc. internal control weaknesses. Weakness 1: Steve prepares and posts journal vouchers. Journal vouchers should be prepared by the personnel in the other processes of revenue, expenditures, payroll, and conversion. Those journal vouchers should be forwarded to Steve for posting. Weakness 2: The journal vouchers are not prenumbered. Journal vouchers should be prenumbered and the sequence should be accounted for. Any missing numbers in sequence should be reconciled or explained. Weakness 3: Journal vouchers are frequently voided or revised. While it may not be possible to completely eliminate such errors, voided and revised journal vouchers should occur rarely. Weakness 4: Journal vouchers are posted biweekly. Ideally, they should be posted more frequently, and at least weekly. Weakness 5: The voucher log is chronological. It should be in order of the prenumbered sequence. Weakness 6: Steve reconciles the subsidiary accounts to the control accounts in the general ledger. Reconciliation is a good internal control, but ideally, someone other than Steve should do this reconciliation. Weakness 7; The general journal reconciliation occurs bimonthly. It should be reconciled at the end of each month.
12-10
Chapter 13 Solutions
Turner/Accounting Information Systems, 5e Solutions Manual Chapter 13
Concept Check 1. b 2. a 3. c 4. b 5. d 6. a 7. c 8. c 9. c 10. b 11. c 12. b 13. a
Discussion Questions 14. (SO 1) How does data differ from information? Data is the basic facts collected from a transaction. Information is data that has been manipulated by summarizing, categorizing, or analyzing to make that data useful to a decision maker. 15. (SO 1) Why is it important for companies to store transaction data? There are four reasons that a company must collect and store transaction data. Those reasons are: 1) to complete transactions; 2) for follow-up on later transactions or for reference regarding future transactions with the same entity; 3) to prepare external reports such as financial statements; and 4) to provide information to management as they attempt to run the organization efficiently and effectively. 16. (SO 2) Which type of data storage media is most appropriate when a single record of data must be accessed frequently and quickly? Random access storage works best for situations in which a single record must be accessed quickly and easily.
Page 13-1
Chapter 13 Solutions 17. (SO 3) Identify one type of business that would likely use real-time data processing rather than batch processing. Describe the advantages of realtime processing to this type of business. A business that sells items on a web site, such as Amazon, would be likely to use real-time data processing. This is true because the system must be able to determine information such as whether an item ordered is currently in stock. The main advantage of realtime processing is its ability to provide information immediately. There are many examples of the need for real-time data processing. Airline reservation systems are another example. 18. (SO 4) Differentiate between data redundancy and concurrency. Data redundancy occurs when the same data are stored in more than one file. Thus, there is redundant, or repeated data. Concurrency means that all of the multiple instances of the same data are exactly the same. It is harder to achieve concurrency when there is much data redundancy. 19. (SO 4) What is the term for the software program(s) that monitors and organizes the database and controls access and use of data? Describe how this software controls shared access. This software system is called a Database Management System, or DBMS. The DBMS manages the access of users or processes to the online database. The DBMS manages the data sharing by updating the data available to users immediately upon recording any changes. 20.
(SO 4) Describe the trade-offs of using the hierarchical model of database storage. A hierarchical model database is very efficient for processing large volumes of similar transactions. It is not efficient for accessing or processing a single record from a large database. Therefore, it works well with batch processing, but would not be efficient in those situations where accessing a single record, or answering flexible queries, is necessary.
21. (SO 4) Describe the organization of a flat file database. Flat file records are two dimensional tables with rows and columns. The records are stored in text format in sequential order, and all processing must occur sequentially. No relationships are defined between records. These systems must use batch processing only and batches must be processed in sequence. The system makes the processing of large volumes of similar transactions very efficient. 22. (SO 4) What four conditions are required for all types of databases? 1) Items in a column must all be the same data type. 2) Each column must be uniquely named. 3) Each row must be unique in at least one column. 4) Each intersection of a row and column must contain only one data item.
Page 13-2
Chapter 13 Solutions 23. (SO 4) Within a hierarchical database, what is the name for the built-in linkages in data tables? Which data relationships can be contained in a hierarchical database? Record pointers are used to link a record to the next record having the same attribute. Using a record pointer system, one-to-one and one-to-many relationships can be represented in a hierarchical database. 24. (SO 4) Which database models are built on the inverted tree structure? What are the disadvantages of using the inverted tree structure for a database? Both the hierarchical database model and the network database model are based on an inverted tree structure. The network model is more complex because it uses more than one inverted tree structure. This allows two or more paths into the data. Two disadvantages are that new data cannot be added until all related information is known, and deleting a parent record can delete all child records. 25. (SO 4) Which database model is used most frequently in the modern business world? Why do you believe it is frequently used? The relational database model is now used most frequently. It is frequently used because it is the most flexible database model. An English-like query language, SQL, can be used to retrieve data from the database in a very flexible manner. In addition, the increasing computer power and decreasing cost of computing power have made any inefficiencies in a relational database less significant. 26. (SO 5) How is the primary key used in a relational database? The primary key is the unique identifier for each record in the table and it is used to sort, index, and access records from that table. 27. (SO 5) What language is used to access data from a relational database? Why is the language advantageous when accessing data? Structured Query Language, SQL, is the language used to access data in a relational database. Its advantage is its English-like query language that allows easy access to the data in the database and presentation in a manner most useful to the user. 28. (SO 5) Which type of database model has the most flexibility for querying? How does this flexibility assist management? The relational database model is the most flexible database model for querying. It provides important assistance to managers through its flexibility in answering an unlimited number of queries about customers, products, vendors, or any other information in the database.
Page 13-3
Chapter 13 Solutions 29. (SO 5) What are the first three rules of normalization? What is meant by the statement that the rules of normalization are additive? 1) Eliminate repeating groups. 2) Eliminate redundant data. 3) Eliminate columns not dependent on the primary key. Additive means that if a table meets the third rule, it has also met the preceding rules: one and two. 30. (SO 6) Differentiate between a data warehouse and an operational database. An operational database is the database in which data is continually updated as transactions are processed. The operational database includes data for the current fiscal year and it supports day-to-day operations and record keeping for the transaction processing systems. The data warehouse is an integrated collection of enterprise-wide data that includes five to 10 years of non-volatile data, and it is used to support management in decision making and planning. Periodically, new data is uploaded to the data warehouse from the operational data, but other than this updating process, the data in the data warehouse does not change. 31. (SO 7) How is data mining different than data warehousing? Data mining is the use of data analysis tools to analyze data in a data warehouse. Tools such as OLAP are used in data mining. An example of data mining is analyzing sales data to determine customer buying patterns. The data warehouse is the database in which the data to be analyzed is stored. 32. (SO 7) How has Anheuser-Busch used data warehousing and data mining successfully? Anheuser-Busch has used a data warehouse and data mining to analyze sales history, price-to-consumer, holidays and special events, daily temperature, and forecasted data such as anticipated temperature to create forecasts of sales by store and by product. Data are used by salespeople and distributors to rearrange displays, rotate stock, and inform stores of promotion campaigns. Using these buying trends, Anheuser-Busch creates promotional campaigns, new products, and local or ethnic target marketing. 33. (SO 7) Identify and describe the analytical tools in OLAP. The analytical tools that are usually part of OLAP are: drill-down, consolidation, pivoting, time-series analysis, exception reports, and what-if simulations. Drill down is the successive expansion of data into more detail, going from high-level data to successively lower levels of data. Consolidation is the aggregation or collection of similar data; it is the opposite of drill down in that consolidation takes detailed data and summarizes it into larger groups. Pivoting is examining data from different perspectives. Time series analysis is the comparison of figures over several successive time periods to uncover trends. Exception reports present variances from expectations. What-if simulations use changing variables to examine interactions between different parts of the business.
Page 13-4
Chapter 13 Solutions 34. (SO 8) Differentiate between centralized data processing and distributed data processing. In centralized data processing, data processing and databases are stored and maintained in a central location. In distributed data processing, the processing and the databases are dispersed to different geographic locations of the organization. A distributed database is actually a collection of smaller databases dispersed across several computers on a computer network. 35. (SO 9) Why would a small company with 400 employees find it advantageous to use a cloud database (DaaS)? A cloud database (Database as a Service) is a database that is hosted by a third party. That third party takes responsibility for the hardware, software, and security measures necessary to store, use, and access the data. For a small company, this would be a more cost effective way to maintain a database since it would not have to purchase the hardware and software necessary to maintain the database. In addition, it would not need a large IT staff to manage the data, hardware, and software for the database. Since the third party assumes responsibility for the security and backup of the database, the small company would not have to establish and maintain the internal controls over the database. Finally, a DaaS is more easily scaled in size if the company grows. The company would simply purchase more data storage from the provider and would not need to expand any internal hardware or software. DaaS, like other cloud services is a service that is paid depending on the use. Therefore, a small company could avoid the cost of buying hardware and software that could meet the extra capacity if the company grows. Instead, it would simply buy more space from the third party. 36. (SO 10) Explain the terms Big Data and data analytics. Big Data is a data base so large and complex that the usual software and tools are not adequate to handle it. Big Data has extremely large volume, variety, and velocity. These terms mean that the quantity is data is extremely large, it changes or is added to very rapidly, and the type of data stored varies greatly. Data analytics is using large-scale software tools to analyze the data to allow a company to better forecast or predict future events. 37. (SO 11) Why is control over unauthorized access so important in a database environment? Data are valuable resources that must be protected with good internal controls such as those that prevent unauthorized access. Access controls help prevent unauthorized users from accessing, altering, or destroying data in the database. The database is such a critical resource for most organizations that they must insure the data is accurate and complete.
Page 13-5
Chapter 13 Solutions 38. (SO 11) What are some internal control measures that could prevent a hacker from altering data in your company’s database? Measures that prevent hackers from accessing and altering data include authentication and hacking controls such as login procedures, passwords, security tokens, biometric controls, firewalls, encryption, intrusion detection, and vulnerability assessment. In addition to these controls, the database management system (DBMS) must be set up so that each authorized user has a limited view (schema) of the database. 39. (SO 11) Why is data considered a valuable resource that is worthy of extensive protection? The database of an organization is a critically important component of the organization. Data are a valuable resource that must be protected with good internal controls. Missing or incorrect data can have a negative impact on the ability to conduct the necessary business processes.
Brief Exercises 40. (SO 2) Arrange the following data storage concepts in order from smallest to largest, in terms of their size: File, Record, Database, Character, and Field. The hierarchy of terms is character, field, record, file, and database. 41. (SO 2) Think of a database that would be needed at a professional service firm to maintain the contact list of clients or patients at the office of a CPA, attorney or medical doctor. Identify the fields likely to be used in this database. If you were constructing this database, how many spaces would you allow for each field? The fields and suggested sizes that usually be needed are: last name (24), first name (24), middle initial or name (24), address line 1 (50), address line 2 (50), apartment number (12), city (24), state (2), zip code (9), home telephone number (10), office telephone number (10), mobile telephone number (10). Some field sizes could be more or fewer spaces. Of course, fields sizes for fields such as zip code and phone number are more certain. It is important that the field size must be slightly larger than the longest item to appear in that field. In the case of items for which we know the size precisely, the field size can be set accordingly. For example, zip codes will never include more than 9 digits. These fields would represent a minimal number of necessary fields. Depending on the type of firm, there may be many other fields that would be needed. For example, a doctor’s office would need emergency contact information, while a CPA firm would not need this information. In addition, there would be many other fields to be designed if the company desired more than contact information.
Page 13-6
Chapter 13 Solutions 42.
(SO 3) Suppose that a large company uses batch processing for recording its inventory purchases. Other than its slow response time, what would be the most significant problem with using a batch processing system for recording inventory purchases? A company would not know its true inventory balance until the batch of transactions was processed. There would be no online, current balance of inventory to be used to respond to inquiries from managers, employees, or customers. Therefore, purchases and sales of inventory might need to be delayed until the batch processing occurs and new balances are known. This delay can cause the company to maintain higher or lower levels of inventory than may be desired. With a longer time to place an order, the company might need to maintain higher inventory levels to avoid a stock out.
43.
(SO 4) Arrange the following database models in order from earliest development to most recent: Network Databases, Hierarchical Databases, Flat File Databases, and Relational Databases. The historical order is flat file, hierarchical, network, and relational databases.
44.
(SO 4) Categorize each of the following as one-toone, one-to-many, or many-to-many relationships. Subsidiary ledgers and general ledgers. This is best categorized as a one- to-many relationship. A general ledger account, such as accounts receivable, could have many supporting sub-accounts in the accounts receivable subsidiary ledger. It is also true that a general ledger would have many subsidiary ledgers (accounts receivable, accounts payable, inventory, payroll). Transactions and special journals. This is best categorized as a one- tomany relationship. A special journal, such as sales journal, would have many supporting transactions recorded in the special journal. General ledgers to trial balances. This is best categorized as a one-toone relationship. For each time period, one set of general ledger balances would result in one trial balance.
45.
(SO 6) How might a company use both an operational database and a data warehouse in the preparation of its annual report? A company would use the operational database for the current fiscal year reports, but may need past information from the data warehouse to prepare comparative financial statements from previous years. The company might also use the data warehouse to examine and report important trends in financial information.
Page 13-7
Chapter 13 Solutions 46.
(SO 7) Using Anheuser-Busch’s BudNet example presented in this chapter, think about the list queries that might be valuable if a company like Gap Inc. used data mining to monitor its customers’ buying behavior. The Gap could use queries related to: the effects of promotional pricing; dates or holiday buying patterns; dates when seasonal style updates should be introduced in stores; regional clothing preferences; ethic group clothing patterns; and GAP sales in relation to competitors.
Problems 47. (SO 3) Differentiate between batch processing and real-time processing. What are the advantages and disadvantages of each form of data processing? Which form is more likely to be used by a doctor’s office in preparing the monthly patient bills? Batch processing occurs when similar transactions are grouped into a batch and that batch is processed as a group. The alternative to batch processing is real time processing. Real-time processing occurs when transactions are processed as soon as they are entered. Real-time processing is interactive because the transaction is processed immediately. The advantages of batch processing are that it is an efficient way to process a large volume of like transactions, it is less complex than real-time systems, it is easier to control and maintain an audit trail; and the data can be stored in less complex, sequential storage. The major disadvantage of batch processing is the slow response time. Balances are not updated in real-time and therefore, management does not have current information at all times. The major advantage of real-time processing is the rapid response time. Since balances are updated in real-time, management always has current information. The disadvantages of real-time processing are that it is less efficient for processing large volumes of like transactions; it is more complex than batch systems; it is more difficult to control and maintain an audit trail; and data must be stored in random access databases. Monthly processing of patient bills could be batch processing. There would be a high volume of like transactions at month-end.
Page 13-8
Chapter 13 Solutions 48. (SO 4) Marcello Company does not use a database system; rather, it maintains separate data files in each of its departments. Accordingly, when a sale occurs, the transaction is initially recorded in the sales department. Next, documentation is forwarded from the sales department to the accounting department so that the transaction can be recorded there. Finally, the customer service group is notified so its records can be updated. Describe the data redundancy and concurrency issues that are likely to arise under this scenario at Marcello. There would be much data redundancy in this system. For example, customer name, address, and other contact information must be maintained in separate files in both the sales department and the customer service department. Customer service and the sales department would have nearly identical fields in their data, but maintained in separate files. It may take hours our days for the sale documentation to move from one department to the next. Therefore not all departments have the same information stored in their files at the same time. After a sale is recorded in the sales department, it may be days before that sale is recognized in the customer service department. Therefore on any given day, managers in the two departments will be operating with feedback from data sets that do not match. If someone in the sales department needs to check with customer service regarding a particular sale, it is possible that the customer service department has not yet received information for that sale. This lengthens response time in answering queries or following up on orders. 49. (SO 6) List and describe the steps involved in building a data warehouse. The steps are: identify the important data to be stored in the data warehouse; standardize that data across the enterprise; scrub or cleanse the data; and upload that data to the data warehouse. Identifying the proper data requires examining user needs and high-impact processes (HIPs). HIPs are the processes that are critically important and that must be executed correctly if the organization is to survive and thrive. Data needed by users and data from HIPs should be in the data warehouse. The data must then be standardized across the enterprise. Various subunits within the enterprise might have conflicting definitions or field names for the same type of data. The designers of the data warehouse must design a standard format for the data. The data must also be scrubbed or cleansed to remove errors and inconsistencies in the data. The data must then be uploaded to the data warehouse. Also there should be a periodic upload of data from the operational databases into the data warehouse.
Page 13-9
Chapter 13 Solutions 50. (SO 8) Describe the advantages and disadvantages of using a distributed database and distributed data processing. Do you think the advantages are worthwhile? Explain your answer. The advantages are: 1) Reduced hardware cost. Distributed systems use networks of smaller computers rather than a single mainframe computer. This configuration is much less costly to purchase and maintain. 2) Improved Responsiveness. Access is faster since data can be located at the site of the greatest demand for that data. Processing speed is improved since the processing workload is spread over several computers. 3) Easier incremental growth. As the organization grows or requires additional computing resources, new sites can be added quickly and easily. Adding smaller, networked computers is easier and less costly than adding a new mainframe computer. 4) Increased user control and user involvement. If data and processing are distributed locally, the local users have more control over the data. This control also allows users to be more involved in the maintenance of the data and users are therefore more satisfied. 5) Automatic integrated backup. When data and processing are distributed across several computers, the failure of any single site is not as harmful. Other computers within the network can take on extra processing or data storage to make up for the loss of any single site. The disadvantages are: 1) Increased difficulty of managing, controlling, and maintaining integrity of the data. 2) Increased likelihood of concurrency problems. Yes, I think it is worthwhile to have distributed, local control of the data and automated, integrated backup of a distributed system. However, greater attention must be paid to controls that ensure the security and concurrency of the data in a distributed system. 51. (SO 6) Read an online article from http://www.xconomy.com/boston/2010/09/20/netezza-sold-to-ibm-for-1-7bwill-help-big-blue-tackle-big-data/. Describe the services that Netezza offered and why IBM decided to purchase the company. This article indicates that IBM announced a purchase of Netezza in September, 2010. Netezza, “makes hardware and software used by big companies like Amazon and Nieman Marcus to combine their storage, server, and database functions in one system.” This acquisition helps IBM expand its offerings in the field of business analytics. Specifically, Netezza helps IBM “make products for analyzing huge amounts of complicated data and finding trends in the data.”
Page 13-10
Chapter 13 Solutions 52. (SO 10) Big Data is increasingly important to companies and to accountants. Using a web search on Google or other search sites, find an article within the last 12 months on “Big Data” and accounting. Summarize how the article describes the use of Big Data in an accounting context. The answer to this will vary greatly depending upon the article each student finds on the Internet. As of the writing of this edition of the text, one of the best articles is from an Accounting Horizons article by Warren, Moffet, and Byrnes. The synopsis summarizes various ways it will be used in accounting. The synopsis says: “Big Data will have increasingly important implications for accounting, even as new types of data become accessible. The video, audio, and textual information made available via Big Data can provide for improved managerial accounting, financial accounting, and financial reporting practices. In managerial accounting, Big Data will contribute to the development and evolution of effective management control systems and budgeting processes. In financial accounting, Big Data will improve the quality and relevance of accounting information, thereby enhancing transparency and stakeholder decision making. In reporting, Big Data can assist with the creation and refinement of accounting standards, helping to ensure that the accounting profession will continue to provide useful information as the dynamic, realtime, global economy evolves.” 53. (SO 10) Explain how a healthcare organization, such as a hospital or medical clinic, may use Big Data and data analytics as compared to a manufacturing firm. A manufacturing firm would likely use data analytics to forecast customer demand and any patterns in customer demand so that they can better plan the purchase and supply of materials and labor to manufacture products in a way to match quantity purchased to what would be demanded by customers. A healthcare organization would probably use data analytics to look for large scale trends in diseases to find patterns as to how frequently various kinds of diseases or conditions are experienced. This would allow them to better forecast the needed supply of appropriate medicines, treatments, nursing and physician staffing, and other capacity needs. They could also better plan emergency room staffing. For example, would data analytics show patterns a to when traffic accident injuries are more likely to occur and need emergency room treatment. These are some samples of how a healthcare organization could benefit from data analytics of Big Data.
Page 13-11
Chapter 13 Solutions 54.
(SO 10) Explain how CPA firms are using Big Data and data analytics in the audits of their client firms. CPA firms can use the data analytics tools in Big Data software to analyze the full population of transactions (all transactions) rather than only a sample of transactions. This reduces or eliminates the audit risk called sample risk. By chance, a sample of transactions may not include any errors or fraud even if there is underlying errors or fraud in the entire set of transactions. Using the entire population of transactions is much more likely to reveal the true extent of errors, misstatements, or fraud. In addition, data analytics tools allow auditors to do continuous auditing by analyzing large volumes of transactions on a continuous basis. Chapter 7 of this text lists the following potential uses of Big Data and data analytics: Examining social media to anticipate issues such as inventory obsolescence and warranty claims; Obtaining data about weather patterns or stock market performance to predict sales activity; Viewing surveillance camera footage to corroborate the existence of a new fleet of vehicles; Using radiofrequency identifiers to monitor inventory movements; Using the global positioning system (GPS) location of company delivery trucks to determine the status of sales transactions; Performing an electronic match of key transaction information, such as customer orders, shipping reports, and sales invoices.
Page 13-12
Chapter 13 Solutions 55.
(SO 10) Consider how auditing has changed by comparing audit techniques prior to the 1980s when many firms prepared manual accounting records and there were manual audits, versus audits today that use computerized techniques to analyze data. First, the Big Data related answer from question number 54 is one of the recent differences in audits that has occurred in the last five to ten years. In addition to these changes, there are many others. As the accounting systems have become much more computerized, automated, and online since the 1980s, the auditing process has been able to mirror those changes. With CAATs and Generalized Audit Software (GAS), the computer can be used to do many audit steps that were completed manually in the era before 1980. GAS software can recalculate amounts to check accuracy, select samples and create confirmations. Prior to the 1980’s many of the audit tasks and processes were manually completed. The following are some examples of some differences that have resulted from the introduction of Big Data and computerized audit tools. Sample selection: Selection of samples were often completed manually, for example every nth cash disbursement or all cash disbursements over a certain dollar threshold. The samples were selected manually by the auditor or the individual creating the audit schedule. Computerized auditing allows a sample to automatically be selected. It also allows for 100% auditing which means that all the data is reviewed (not just a sample) and unusual trends or anomalies identified for follow up. One auditor from KPMG commented how the client was surprised that the auditors knew more about their inventory transactions than the company. Examination of manual records: With the exception of larger companies that were computerized, many companies kept manual records. Audit techniques for most companies were completed manually. For example, an auditor that examined the Work in Process monthly adjustment for Xerox’s copier manufacturing facility examined and recalculated a manual spreadsheet that was used to support the adjustment. Analytical review of last year’s balances and current year’s balances had to be manually calculated. When completing steps manually the volume of data that could be analyzed was significantly less. Computerized auditing techniques: The introduction of computerized audit techniques has significantly changed how auditors analyze data in the audit. Most notably, significantly more data can be analyzed when utilizing computerized audit techniques. Two examples are: Analytical review procedures: during the time of a manual audit, a financial statement category, such as sales, cost of sales, interest expense may have been compared year over year with large, more significant variances being analyzed. After the introduction of computerized auditing techniques, every Page 13-13
Chapter 13 Solutions account can be compared electronically and large variances in a particular account analyzed. 100% auditing verses sample selection: The introduction of computerized auditing techniques, allow large volumes of data to be analyzed. In some cases, instead of selecting a sample and examining the sample, the entire population of data can be analyzed, examined for unusual transactions and recomputed. These are just a few examples of the significant transformation that has occurred as a result of automated accounting and auditing and the emergence of Big Data. 56. (SO 10) What are some benefits and outcomes that can result from examining Big Data with regard to a firm’s inventory processing? Examining Big Data with regard to a firm's inventory processing can result in - Uncovering slow moving inventory - Identifying obsolete inventory where transactions have not been processed over a period of time -Identifying inventory items with inconsistent sales prices or cost -Identifying inventory transactions that are outside the norm with respect to timing of the transaction, size of the transaction and sales price or purchase cost. 57. (SO 10) What are some benefits and outcomes that can result from examining Big Data with regard to a firm’s purchasing transaction processing? - Identifying inventory items with inconsistent cost - Identifying purchases from vendors that cannot be verified externally - Identifying transactions that are outside the norm with respect to timing of the transaction, size of the transaction or purchase cost. 58. (SO 10) What are some benefits and outcomes that can result from examining Big Data with regard to a firm’s revenue transaction processing? - Identifying inconsistent sales prices - Identifying sales to customers that cannot be verified externally or do not match other records within the system (shipping, etc) - Identifying transactions that are outside the norm with respect to timing of the transaction, size of the transaction or sales price.
Page 13-14
Chapter 13 Solutions 59. (SO 12) Describe the ethical obligations of companies to their online customers. A company must put processes and safeguards into place to protect the privacy and confidentiality of customer data. The nine privacy practices described by the AICPA Trust Services Principles are a good source of the guidelines a company should follow. A summary of those principles would be to notify customers of the data that will be collected, how it will be used and retained, how the customer may edit the data, and how the customer may consent, or not consent, to such use of the data. 60. (SO 10) Explain data visualization and the features of some of the data visualization products available. MK Copeland to answer.
Page 13-15
Chapter 13 Solutions
Cases 61. The following relationships appear in the screen capture. a. Suppliers table is related to Products table. It is a one-to-many relationship. The linked field is SupplierID. b. Categories table is related to Products table. It is a one-to-many relationship. The linked field is CategoryID. c. Products table is related to Order Details table. It is a one-to-many relationship. The linked field is ProductID. d. Order Details table is related to Orders table. It is a one-to-many relationship. The linked field is OrderID. e. Employees table is related to Orders table. It is a one-to-many relationship. The linked field is EmployeeID. f. Customers table is related to Orders table. It is a one-to-many relationship. The linked field is CustomerID. g. Shippers table is related to Orders table. It is a one-to-many relationship. The linked field is ShipperID. 62. Shuttle-Eze operates airport shuttle vans in twelve large cities. Those cities are Los Angeles, San Diego, San Francisco, Phoenix, Las Vegas, Houston, Dallas, Chicago, New York City, Washington D.C., Miami, and Orlando. Shuttle-Eze operates passenger vans to shuttle travelers to and from the airports for a $25 fee per person. Required: a. Design the tables that the company would need in its database to operate these shuttles. Remember that they must collect, record, and track information about customers, payments, flights, gates, vans, drivers, pick up and delivery addresses. There may be other types of data not mentioned in the previous sentence that you would wish to add. The tables you design should have attributes (columns) for each critical piece of data. See Exhibit 13-4 for the concept of the table layouts. The tables you design should meet the first three rules of data normalization.
Page 13-16
Chapter 13 Solutions b. Describe the advantages and disadvantages of using a centralized database for Shuttle-Eze. There is no single correct answer to this question. Also, student responses are not likely to be comprehensive enough to represent the entire set of data needed. The question will, however, generate thought and discussion about which data to keep and how to store it in tables. It also illustrates how complex a database can be with the full scope of data required and the interrelationships between data. A sample answer follows. Part a: The tables proposed are: Customer table, including fields for Customer ID; first name; last name; address line 1; address line 2, city; state, zip code; home phone; business phone; cell phone; fax number; billing address line 1; billing address line 2, billing city; billing state, billing zip code; credit card number; credit card expiration date Reservation table, including fields for Reservation ID; Customer ID; Arrival date; arrival time; arrival flight airline; arrival flight number; arrival gate; departure date; departure time; departure flight airline; departure flight number; departure gate; deliver to address; deliver to city; deliver to city; deliver to state; deliver to phone; pick up address; pick up city; pick up state; pick up zip; pick up; phone number Employee tables, including Employee ID, first name; last name; address line 1; address line 2; city; state; zip code; SSN; birth date; hire date; review date; pay rate; federal exemptions; state exemptions; fields for all other pay deductions Driver table, including fields for Employee ID; city assigned to; license type; Van table, including fields for VanID; Van make; van model; van VIN; city assigned to; current driver assigned; last service date; mileage at last service Part b: A centralized database could be advantageous for several reasons. First, it avoids the need to keep several distributed databases concurrent. If each location maintains a separate database, it would be more difficult to share customer information between locations. A single customer may use the company’s services in Miami and Chicago. With a single, centralized database, once the customer’s basic data is entered, it need not be reentered when that customer uses the services in another city. Additionally, vans might be shuttled between cities if needed. For Page 13-17
Chapter 13 Solutions example, a shortage of vans in Orlando might be fixed by driving a van or vans from Miami. A centralized database could easily be changed to reflect the new location of the van. If separate databases were maintained, the van details would have to be reentered at the new location.
63.
Kroger, a large, nation-wide grocery company, maintains a customer reward system titled the “Kroger Plus Shopper’s Card”. Customers who enroll in this system are entitled to discounts on products at Kroger stores and Kroger gasoline. To earn discounts and other rewards, the shopper must use the “Kroger Plus” card at the time of checkout. The card has a bar code that identifies the customer. For Kroger, the system allows the opportunity to determine customer buying patterns and to use this data for data mining. Required: Using a Web search engine, search for “data mining’ and grocery. Describe what type of information grocery stores collect that they can use for data mining purposes. Also, describe how grocery chains use data mining to improve performance. Grocery stores use these customer reward systems, sometimes called “loyalty cards”, to induce customer loyalty and to track purchases. A grocery store could collect data such as products and brands purchased. So as an example, if a customer’s buying habits include frequent purchase of Tyson chicken products, the store’s system can be set to print chicken or Tyson coupons at the time of check-out. Such data mining can assist the grocery chain in identifying customer buying habits and thereby increase sales through targeted promotions. See this article as an example of the type of article available. https://expressanalytics.com/analytics/data-analytics/top-5-uses-of-predictiveanalytics-for-supermarkets-and-retail-grocers
Page 13-18
Chapter 13 Solutions
This article describes five areas where this data mining and analysis can assist grocers. The first is promotion. Based on what customers buy, when they buy, and how they pay, the grocer can target promotional efforts, such as coupons, toward customers most likely to buy the promoted products. A second area is shopper targeting. Based on the demographics of current shoppers, the grocer can target both single and groups of certain types of shoppers. A third area is advertising campaign management. The data analysis allows grocers to segment customers and then design advertising campaigns aimed at appropriate segments of consumers. The fourth area is product pricing. Based on analysis of historical sales patterns, a grocer can determine appropriate pricing to maximize sales revenue. The fifth area is inventory management. Analysis of the data can allow grocers the appropriate inventory levels and the best timing to restock products of inventory. Many grocers hire a firm named Catalina to assist in the data mining. One article says the following: “Catalina collects loyalty and bulk sales data from more than 20,000 stores, then uses it to create pictures of shoppers over time, says CEO L. Dick Buell. The picture gets clearer the more data stores collect. For example, Catalina can help retailers determine that someone lives in an upscale area, buys diapers, and may be interested in high-end baby food.” (http://www.usatoday.com/tech/news/internetprivacy/2006-07-11-datamining_x.htm). This is an older article about Catalina and retailers. There appear to be many web sites online that discuss that one Midwest chain found a connection between men who buy diapers on Thursday and increased purchase of beer by those men. Other web sites suggest that is an urban myth, but it appears unresolved as to whether it is true. This data collection has also caused privacy concerns. Some have suggested that grocery chains do not need loyalty cards to collect data about sales of products. They believe grocers could collect such data by analyzing sales in general and inventory levels.
Page 13-19
Chapter 14 Solutions
E-commerce and E-business
Turner/Accounting Information Systems, 5e Solutions Manual Chapter 14
Concept Check 1. b 2. c 3. c 4. b 5. c 6. d 7. a 8. d 9. a 10. b 11. e 12. a 13. c
Discussion Questions 13.
(SO 1) How do e-commerce and e-business differ? E-business is a very broad concept that includes any electronically enabled business process. E-business can include electronic enhancements of processes with trading partners, as well as internal processes. E-commerce is a subset of e-business and it includes electronic sales between a retail business and an end consumer. E-commerce is conducted via the Internet, while e-business could use the Internet as well as other electronic means. 14. (SO 2) Which types of costs can be reduced when a company decides to engage in B2B e-commerce on the Internet? Marketing costs, order processing costs, and distribution costs can be reduced by engaging in B2C sales. 15. (SO 2) What are the differences between brick and mortar retailers and clicks and mortar retailers? Brick and mortar refers to retailers that sell in traditional forms in a building that customers visit to make a purchase. Clicks and mortar refers to retailers who have traditional sales in a building, but also sell to customers via the Internet. 16. (SO 3) According to the Online Privacy section of the AICPA Trust Services Principles, what types of personal information should be protected? All information collected from customers should remain private unless the customer has given
Page14-1
Chapter 14 Solutions
E-commerce and E-business
implicit or explicit permission to share such information with third parties. In addition, companies should collect only data necessary to conducting the transaction. 17. (SO 3) If you could condense the ten areas of Online Privacy in the AICPA Trust Principles, into a shorter list (three, four, or five point list), how would you word that list? Collect only necessary data, keep that data private unless the customer gives permission to share it, make sure you have enforced policies to store and use the data as the customer intends you to use it, notify the customer of how you intend to use the data. 18. (SO 3) What is meant by “monitoring and enforcement” regarding online privacy practices? It means that a company should continuously monitor how well it follows its privacy practices and that they must put processes in place to ensure privacy practices are followed. 19. (SO 4) How is E-business a broader concept than e-commerce? E-commerce refers to web-based sales between a business and an end consumer. E-business is a much broader concept that includes electronic forms of process improvement throughout the supply chain. Thus it can include processes between a business and its suppliers, a business and its customers, or internal processes. It also includes many forms of electronic enhancement beyond web-based. 20. (SO 4) Describe the concept of a supply chain. It is the set of linked activities from the acquisition and delivery of raw materials, through the manufacture, distribution, and delivery to a customer. 21. (SO 4) Why is it important to insure an efficient flow of goods throughout the supply chain? Any slow-down or bottle neck in the supply chain can slow or stop the entire supply chain. 22. (SO 4) Which functions within the supply chain can be enhanced through the use of e-business? Virtually any process within the supply chain can be enhanced through e-business. 23. (SO 4) How are activities in the supply chain interdependent? They are interdependent in that one step in the supply chain drives the following step. For example, a secondary supplier must provide products to a supplier, who then converts it to a product to be sold to the manufacturer. 24. (SO 4) In what ways are the characteristics of e-business different from ecommerce? E-business is often business to business, while e-commerce is business to consumer. In an e-business order, it is likely to be a large dollar order, with many line items, and with a business that we have a pre-existing relationship. An ecommerce order may be from an unknown customer and each order may be a small dollar amount, but a large volume of orders. E-commerce transactions are likely to be credit card transactions while e-business transactions are likely to involve purchase orders and invoices. 25. (SO5) Komatsu and Kenworth are two truck manufacturers that have both used ebusiness technology to improve customer service. Compare and contrast the enhancements deployed at these two companies. Add answer. 26. (SO 6) What are some similarities and differences when comparing the time periods of IT Enablement and Digital Transformation? Both time periods include the use of the most current technology of the time to enhance efficiency and reduce costs of business operations. The IT enhancement time frame consisted in large part as
Page14-2
Chapter 14 Solutions
E-commerce and E-business
internet enhanced business (e-commerce and e-business) and new or upgraded ERP systems. This often involved a change process called business process reengineering. The digital transformation time frame involved more radical changes not only to business operations, but also in society of government. The new technology used included cloud computing, big data, data analytics, blockchain, artificial intelligence, machine learning, internet of things, and robotic process automation. 27. (SO 7) What are the three levels of network platforms that are utilized in ebusiness and which groups use each level? The Internet is used by internal and external users, potentially including anyone in the world. Extranets are used by trading partners and are not available to the entire world. Intranets are used by employees within the company. 28. (SO 7) Which type of users should have access to an intranet? Only those inside the company. 29. (SO 7) Which type of users should have access to an extranet? Trading partners such as suppliers, secondary suppliers, and distributors. 30. (SO 8) What types of controls should be used to properly limit access in intranets and extranets? Authentication controls should be used, including controls such as user Ids, passwords, access levels, computer logs, and authority tables. Also, hacking and break-in controls should be used. These include controls such as firewalls, encryption, security policies, VPN, vulnerability assessment, penetration testing, and intrusion detection. 31. (SO 9) Why is the use of XML advantageous in Internet EDI? XML allows a more rich exchange of data than traditional EDI. For example, it could allow the exchange of product descriptions, pictures, or even databases of information regarding products. 32. (SO 9) In what ways are XBRL financial statements advantageous when compared to traditional paper financial statements? XBRL statements can be viewed by a browser, or printed. In addition, the viewing of an XBRL statement on a web browser could be much more interactive. For example a reader of the statements could click on an item such as sales to see more underlying detail of the sales total. 33. (SO 10) What are some of the ethical obligations of companies related to ecommerce? Companies have an obligation to collect, store, and use customer data in a ethical manner. These obligations are described in the ten privacy practices of the AICPA Trust Services Principles. 34. (SO 10) Is there a difference between ethical obligations and legal obligations in regards to online privacy? Yes, for example, there is no legal obligation to have a privacy policy displayed on the company web site. However, companies that wish to be very ethical should display privacy practices.
Brief Exercises 35.
(SO 1) Much of the e-business and e-commerce conducted by companies uses the Internet as the form of electronic communication. Describe other electronic
Page14-3
Chapter 14 Solutions
E-commerce and E-business
means to conduct e-business or e-commerce. Electronic Data interchange (EDI) and Electronic Funds Transfer (EFT) are other communication means. 36.
(SO 2) Describe the benefits to the consumer of B2C sales. Customers benefit in through increased access, speed, convenience, and information sharing inherent in B2C sales. They have access to a broader market, 24 hours a day, every day, and therefore more product choices. B2C also often results in lower prices, q2uicker deliver, and marketing targeted specifically to the customers needs. Customers also sometimes have the opportunity to conduct live chats with company representatives, or can view FAQs about the products.
37.
(SO 2) Describe the benefits to the company of B2C sales. Benefits to the company are: a broader market of customers beyond the geographic area of any stores they maintain; reduced marketing, order processing, and distribution costs; higher profits; the ability to conduct richer marketing; and the ability to react quickly to market changes.
38.
(SO 3) Describe the benefits to a company that engages in B2B transactions via the Internet. They are a wider potential market, reduced transaction cost, higher profits, faster cycle times for product purchase or sale and cash flow, reduction in keying of information and reduced data errors.
39.
(SO 3) What are the eight areas of privacy practices described in the Online Privacy section of the AICPA Trust Services Principles? The ten areas are: management, notice, choice and consent, collection, use and retention, access, disclosure to third parties, security for privacy, quality, monitoring and enforcement.
40.
(SO 4) Describe the activities that take place in the supply chain of a manufacturing firm. Before a manufacturer can produce goods, it must buy raw materials from suppliers. Often those suppliers also need to purchase raw materials, so there are secondary suppliers in the supply chain. The internal processes of manufacturing are also part of the supply chain. Upon completion, products must be distributed through warehouses or distributors to retailers, who then sell these goods to customers.
41.
(SO 4) Describe the differences between B2C and B2B. B2C is a sale between a company and an end consumer. B2B is a sale or purchase between two companies. The differences in these types of transactions causes many differences in the characteristics of the transactions. A B2B sale is likely to be ordered via a purchase order, with many line items on the purchase order, with a relatively high total dollar amount. These B2B sales are between companies with preexisting relationships in which they have negotiated specific shipping instructions or prices. B2C sales are relatively smaller dollar amounts, but with a larger volume of sales transactions. It may be a sale to a customer with no preexisting relationship to the company and it is likely to be a credit card sale.
Page14-4
Chapter 14 Solutions
E-commerce and E-business
42. (SO6) Use the table below to match the digital transformation technologies on the left with their definitions on the right. Add answer 43. (SO 6) Describe Internet of Things (IoT) and some examples of things that would qualify as an IoT. Add answer 44.
(SO 8) Explain the importance of user authentication and network break-in controls in extranets. Only trading partners such as suppliers, secondary suppliers, distributors, or retailers should have access to an extranet. That is, it should not allow any user on the web to log in. Thus, there must be extensive authentication controls. These controls in include user Id, password, log in procedures, biometric devises or security tokens, computer logs, and authorization tables. Since the extranet often uses internet network facilities, it can be susceptible to hackers or other network break-ins. Controls such as firewalls, encryption, SSL, vulnerability assessments, penetration testing, and intrusion detection must be used.
45.
(SO 9) What are the advantages of Internet EDI over traditional EDI? The Internet allows cost-free exchanges of data. In traditional EDI, the companies usually pay a VAN for network capabilities and communication. The software and systems for Internet EDI are also simpler and cheaper than those for traditional EDI. Even very small companies can afford hardware and software to conduct Internet EDI.
Problems 46.
(SO 2) Sweet Susanna’s is a local chain of bakeries in Austin. The chain has 30 locations throughout the city and its suburbs. The management is considering opening a Web site to conduct e-commerce with customers. Describe any benefits that might be derived from this move. A move to sales on the web site may not increase the geographic area from which Sweet Susanna’s draws customers. This is because the delivery area is not likely to change. However, it may experience increased sales due to the convenience of placing bakery orders online. It will also be likely to increase the accuracy of orders and reduce the costs of filling bakery orders. Sweet Susanna’s may also see a benefit to the marketing available on the web site, For examples, they could put pictures of bakeris on “special” and perhaps increase the sales of promotional items. If these benefits do occur, the company will experience increased profits.
47.
(SO 3) Using your favorite search website, enter the term “privacy seal” and search. Answer the following questions: a. What is the purpose of a Web privacy seal? The purpose of a privacy seal is to inform customers that the company web site adheres to high standards of privacy of data. When a company displays a privacy seal, they are alerting customers that the company can be trusted to maintain the privacy of customer data.
Page14-5
Chapter 14 Solutions
E-commerce and E-business
b. Which organizations provide Web privacy seals to web-based companies? Providers include the Better Business Bureau (BBBOnLine), TRUST-e, CPA WebTrust (AICPA), and The Electronic Frontier Foundation and CommerceNet Consortium, Inc. (TRUSTe). c. What are the advantages to a company that maintains a Web privacy seal? Those parties that provide privacy seals indicated that having a privacy seal leads to increased customer confidence and higher revenue. d. What are the benefits to a consumer of shopping a website that has a privacy seal? The consumer should feel a greater sense of confidence that their data is private. There should also be fewer concerns about negative consequences such as a customers contact information being sold, or identity theft. 48.
(SO 5) Using a search website, search for two 2018 online articles titled "What digital transformation looks like for today’s CPA firms" and "The Digital Transformation Of Accounting And Finance - Artificial Intelligence, Robots And Chatbots". Summarize what these articles tell you about the effect of digital transformation on accounting and CPA firms. The first article describes that CPA firms must take advantage of digital transformation to automate their invoicing, data collection, and reporting functions so as to stay competitive. However, there are some obstacles to doing so. First, the majority of CPA firms are smaller firms and they do not have resources to buy the technology and they may not have the time to modify processes. Secondly, the workforce in most CPA firms consists of mostly older workers and they have to deal with older systems such as the U.S. Tax Code. However, the author concludes with the thought that there is a large up-front cost to incorporate digital transformation, but it would reap large benefits in the future. The second article suggests that digital transformation can automate manual repetitive tasks and allow professionals to spend more of their time on higher level analysis and counseling clients. The areas that the author suggests could be transformed into less manual and more automated are accounts receivable, accounts payable, procurement (purchasing), supplier onboarding, auditing, and monthly or quarterly closing.
49.
SO 6) The section on Digital Transformation describes how these newer technologies work together to dramatically reform business operations. For example, there is a description of how IoT technology collects data to be analyzed through data analysis. Using a search website, search for an article website describing the advantage of Big Data in Cloud computing. If you are unable to find an article, try using this website: https://www.computer.org/publications/technews/trends/big-data-and-cloud-computing. Add answer 50. SO 6) The section on Digital Transformation describes how these newer technologies work together to dramatically reform business operations. For example, there is a description of how IoT technology collects data to be analyzed through data analysis. Using a search website, search for an article website describing the combination of Robotic Process Automation and Artificial Intelligence.
Page14-6
Chapter 14 Solutions
E-commerce and E-business
If you are unable to find an article, try using this website: https://www.ibm.com/cloud/blog/intelligent-automation-how-combining-rpa-and-aican-digitally-transform-your-organization. Add answer 51. (SO 3) Enter the Web site of a popular retail company that sells a large volume of goods or services on the Internet. Search for company “Privacy Policies” on that Web site. If you do not find any privacy policies, continue visiting other company Web sites until you do find privacy policies. Once you have found a company with privacy policies, describe how the company policies do or do not meet the privacy practices in the AICPA Trust Principles. The solution will depend on which company the student uses in their answer. For any company, the student answer should compare the privacy practices against those in the AICPA Trust services Principles privacy practices. The following sample answer is based on Target ®, the retail department store, www.target.com, accessed on February 15, 2008. The Target web site has privacy practices at http://www.target.com/c/targetprivacy-policy/-/N-4sr7p and it is divided into several areas: a. What information is collected? b. Third party automated collection c. How is this information used? d. How is this information shared? e. What choices do you have? f. How do you access and update your information? g. How is this information protected? Target identifies the information it collects such as name, address, e-mail address, phone number, drivers’ license number, credit card number, and purchase/return/exchange information. Target also indicates that any information that a customer submits in a public forum, “can be read, collected, or used by us and others, and could be used to personalize your experience.” The site indicates there are several parties they may share information with. Those uses include: use by Target and Target subsidiaries such as Target National Bank, Target Bank, and Target Commercial Interiors to offer products or services; service providers that help them market products and services; and other companies for their marketing purposes. The site also discloses how a customer can limit use of data provided. It appears that when information is collected by Target, customers are giving implicit consent to use information as outlined in the privacy practices. Within the privacy policy, there are several instances in which Target identifies a toll free number that a customer must call to opt out. This would include the ability to opt out of receiving postal mail, telephone calls, e-mails, and the sharing of information with other companies.
Page14-7
Chapter 14 Solutions
E-commerce and E-business
Thus, the Target site does include some of the privacy practices in the AICPA Trust Services Principles, but not all. It does seem to include adequate notice, consent, and disclosure to third parties as described above. However, the site describes little, if any, information about management, collection, access, security for privacy, quality, or monitoring and enforcement. The site does briefly describe use of the information, such as for offering special promotions. There is no information about the retention of data. Therefore, the Target site partially describes use and retention.
52.
(SO 7) TrueCommerce is an Internet EDI solution for small to mid-size companies. View the Web page at https:www.truecommerce.com. Click on the link called “Customers”. Examine two or three company names you recognize. Describe how this EDI system might be advantageous for a small or mid-size company seeking to be a vendor to a large corporation such as Coca-Cola. TrueCommerce is an Internet EDI system for small and mid-size entities that allows them to sell products or services to large corporations via an EDI system. It is a simple user system that is based on a web browser and it gives the company an “Inbox” showing all received EDI purchase orders (POs), and “Outbox” showing all pending outbound documents (i.e. 810 Invoices, 856 Advance Ship Notices, 855 Purchase Order Acknowledgements, and 997 Functional Acknowledgments), and logs for sent, received, and deleted documents. It includes the capability to import the PO information directly into the company’s accounting system. This would eliminate the need to manually key purchase order information into the accounting system. This would save time, costs, and reduce errors. Since the software is webbased and works on a browser, it can be accessed from a computer and very little training is necessary for employees.
53.
(SO 9) In your library or library database, locate and read an article titled "XBRL and the cloud: A CASE STUDY" published in Strategic Finance in 2017. Briefly describe how XBRL and the Cloud were used in conjunction to the benefit of the company in this case. To complete its financial reports for the SEC, the company was using Word documents, spreadsheets, and converting these documents to XBRL, often with the help of a consultant. But this meant they had to maintain three documents with the same information: the word-processing document, the XBRLtagged document, and the document to be filed in the SEC’s EDGAR system. Revisions to a document meant that much time had to be spent making sure that all three documents included all revisions. Version control was also a problem. Several departments were working on the documents at the same time and the process of making sure all people working on the document had the same revisions from the various departments. Switching to cloud-based storage meant that the documents are stored in one place and multiple authors can collaborate on that same document. This eliminates the problem of synchronizing versions across several people.
Page14-8
Chapter 14 Solutions
E-commerce and E-business
54. (SO 3) List and describe the privacy practices recommended by the AICPA Trust services Principles Privacy Framework. If you have ever made a purchase online, you have likely seen these practices in use. Provide any examples from your own personal experience.
Notice and communication objectives. Notice implies that companies provide their privacy policy to customers. In many cases, the privacy policy is posted on the website. The notice should inform customers of the purpose for collecting the information and how it will be used. Choice, consent, and disposal. The company should tell customers of any choices the customer might have to opt out of providing information. Also, the online company should gain consent from the customer to collect, use, and retain the information. Consent can be implicit or explicit. It should include choices regarding use, retention, disclosure, and disposal of personal information. Collection. The company should limit collection of customer data to that data that meets their objectives related to privacy. Use, retention, and disposal. The company should only use, retain, and dispose customer data as needed to meet its objectives related to privacy. Access. The company should provide access that would allow the customer to view, edit, or delete personal information. Disclosure and notification. Any data collected from customers should not be shared with third parties unless the customer has given consent prior to disclosure. Quality. Protection and controls should exist to ensure that the data has quality. Quality means it is up-to-date, complete, and relevant. Monitoring and enforcement. Privacy practices should be continuously monitored to insure they are followed. There should be procedures to address privacy-related inquiries. Examples that students provide will differ from student to student. Examples would be things such as viewing the privacy policies on the web site, granting consent for data collected, etc.
55.
(SO 3) Describe the ethical obligations of companies to their online customers. When a company sells online via the Web, the customer may have much more difficulty determining whether the company is bona fide and trustworthy. The company has the same duty that any company has to conduct business ethically. However, the inability of the customer to know a Web-based business in the same way they know a local business adds an additional layer of ethical obligation. Thus it would be in the interest of the company, and the proper ethical behavior, to follow the kind of practices in the AICPA Trust Services Principles that deal with privacy of customer information. Those principles define preferable privacy practices in ten categories. A summary of the policies would be that the company should notify the customers of the data they will collect, how it will be used, shared, stored, and how a
Page14-9
Chapter 14 Solutions
E-commerce and E-business
customer may modify the data. They should also clearly define how they will keep the data secure and what choices the customer may have to either consent or deny access to certain parts of information.
Cases 56.
Gretchen’s Glamorous Garbs (GGG) and delivery problems. Required: a. Speculate as to potential causes of this problem. It appears that Alex and possibly other sales representatives are making date entry errors as they enter the delivery information. Damon’s original sales order files specify delivery to the retail stores and this would indicate that customers are not making the error as they e-mail sales orders, but that Aaron is making data errors as he enters delivery information. b. What additional information would be needed to determine the actual cause of this problem? A computer log of the transactions may help determine the errors. c. What controls could be implemented to avoid repeated instances of this problem? It is probably not possible to avoid some errors, but not all. BBI could possibly reduce these errors by instituting a few policies or practices. One practice might be to sales reps to choose delivery ocati0n via a drop-down box rather than keying in delivery data. Another useful practice would be to require sales reps to print the order data as entered, and compare it to the original sales order before confirming the order in the online system. Another option may be to eliminate one step in the sales order process. Rather than having sales reps enter order information in a web browser, the customer could enter the data. This would eliminate the steps of the customer e-mailing the order and the sales rep entering the order. The customer could also make data entry errors, but typically, removing extra human steps reduces the total number of errors.
57. Stanger Analytics and XBRL. Required: Perform an online research of Inline XBRL and determine whether or not Inline XBRL would be appropriate for Stanger’s business. Would Inline XBRL be more effective and reliable? Why, or why not? What advantages does it offer. If students have trouble finding good answers to this case, you may find it useful to give them a hint to Youtube link: https://www.youtube.com/watch? v=zTyhOvE79DQ
Page14-10
Chapter 14 Solutions
E-commerce and E-business
Software that creates Inline XBRL documents is definitely more effective and reliable. Inline XBRL documents are both human readable and machinereadable. The big advantage is the creation of the one document serves both purposes. Due to the embedded HTML, the machine-readable function of the document allows a reader to click links to see underlying definitions or detail. For example, clicking on a sales dollar value in an income statement could cause a drill-down sales by segment. Thus, Stanger would find Inline XBRL more effective and reliable. There may, of course, be extra costs involved to implement the hardware and software needed to use inline XBRL
Page14-11
Chapter 1 (Online): Introduction to AIS Continuing Case Solutions: Robatelli's Pizzeria Do not make these Teaching Notes available for the general public. Please do not post Teaching Notes on an open website where they can be scanned by Google. When the Teaching Notes have been posted openly online in the past, it has caused problems for faculty at other institutions who are using the Teaching Notes in their classes. 1. After reading the Robatelli’s case information, list and briefly describe (two to three sentences) each business process included in the case description. Revenue processes: Sales processes are described, including the customer’s options for ordering in-store, by telephone, or online. Although there are some differences in these methods of ordering, each option involves recording a customer order in the computer system; this is handled by a company representative for in-store and telephone sales, or by the customer for online sales. Orders received by phone or online must be confirmed and forwarded to the restaurant location where the order will be filled. Cash collection processes may occur in person at the restaurant or upon delivery. Customer credit card information may be collected at the time of the sale for telephone and Internet customers; however, credit card information is forwarded to the store that will handle the sale. Administrative processes: General ledger processes are described, whereby restaurant managers use the Internet to submit daily sales summaries to the administrative offices. These summaries are reconciled to reports obtained from the transaction processing system, and then a journal entry is prepared. 2. Think about, list, and briefly describe other business processes that probably occur at Robatelli’s. Expenditure processes: Robatelli’s would have purchasing processes to handle the purchase of food items and restaurant supplies. It would need to maintain supplier information for sources of these items, and implement cash disbursements processes to handle payments to these suppliers. In addition, Robatelli’s would need to have payroll processes to handle payroll for employees in its restaurant locations, commissary, and administrative offices. Finally, fixed asset processes would occur whenever the company has expenditures for items such as restaurant furniture and fixtures, kitchen equipment, computer equipment, etc. Conversion processes: Robatelli’s must have conversion processes in place to convert the flour, tomato sauce, and toppings into pizzas and other food products that are sold to customers.
It must plan for effective and efficient operations and the use of resources (restaurants and employees), and it must manage the logistics of food items moved from the commissary to the stores as well as the finished menu items from the stores to the delivery customers. Administrative processes: In addition to the general ledger processes described in the case, Robatelli’s must have capital processes that raise funds to buy fixed assets, and it must have investment processes to manage and invest any extra cash flow.
Chapter 2 (Online): Foundational Concepts of the AIS Continuing Case Solutions: Robatelli’s Pizzeria Do not make these Teaching Notes available for the general public. Please do not post Teaching Notes on an open website where they can be scanned by Google. When the Teaching Notes have been posted openly online in the past, it has caused problems for faculty at other institutions who are using the Teaching Notes in their classes. Describe how each of the following types of orders at Robatelli’s differs from the processes and document flow mentioned in Exhibits 2-10 through 2-12. 1. In-store orders. A process map for Robatelli’s in-store orders will look essentially the same as is depicted in Exhibit 2-10. See Chapter8processmaps.xls. The only difference is that, after preparing an order ticket, Robatelli’s servers enter the order information into the company’s point of sales system through computer terminals. A document flowchart for Robatelli’s in-store orders would differ from Exhibit 2-11 in that there is no need for multiple copies of an order ticket, since the order is entered into the POS system. Accordingly, Robatelli’s Kitchen and Accounting Department would not obtain a hard copy of the order ticket; rather, the order information would be viewed through the POS system. A data flow diagram for Robatelli’s in-store orders would differ from Exhibit 212 only in that a process (task) should be added for the input of the order information into the company’s POS system. 2. Telephone orders A process map for Robatelli’s telephone orders will differ from Exhibit 2-10 in that the Order Center and Deliverer will replace the role of the Server. An Operator at the Order Center will take the customer order and enter the order information in the company’s POS system. A delivery employee will deliver the order and collect cash payments. Another difference that applies to Robatelli’s phone ordering system is that the customer’s payment process will depend upon the method of payment: credit card payment information is obtained and verified by the Operator at the Order Center; whereas, cash payments are collected by the delivery employee. See Chapter8processmaps.xls. A document flowchart for Robatelli’s telephone ordering system will differ significantly from Exhibit 2-11 because Robatelli’s system generates few documents. When orders are received, they are entered directly into the computer terminal while the Operator speaks with the customer. The first hard copy document to be printed is the order ticket after it is received at the
restaurant location. The ticket is then forwarded to the delivery employee, who takes it on the delivery run and uses it to confirm the amount to be collected from the customer (for cash payments). A data flow diagram for Robatelli’s telephone orders would differ from Exhibit 2-12 in that a process (task) should be added for the input of the order information into the company’s POS system. This should occur before the order ticket is written. In addition, the customer’s payment data should be obtained at the time the order is received; i.e., there is no “billing” of the customer unless the customer indicates that a cash payment will be made upon delivery. Then the order ticket presented to the customer will serve as the “bill”. 3. Internet orders. A process map for Robatelli’s Internet orders will differ from Exhibit 2-10 in that the Order Center and delivery employee will replace the role of the Server. The Order Center captures the customer’s order as entered online, then the order information is forwarded to the restaurant location. The order is prepared at the restaurant and a delivery employee will deliver the order and collect cash payments. Like for telephone orders, another difference that applies to Robatelli’s Internet ordering system is that the customer’s payment process will depend upon the method of payment: credit card payment information is obtained and verified at the Order Center; whereas, cash payments are collected by the delivery employee. See Chapter8processmaps.xls. A document flowchart for Robatelli’s Internet ordering system will differ from Exhibit 2-11 in much the same manner as for the telephone ordering system because Robatelli’s system generates few documents. When orders are received, they are entered directly into the computer system by the customer. The first hard copy document to be printed is the order ticket after it is received at the restaurant location. The ticket is then forwarded to the delivery employee, who takes it on the delivery run and uses it to confirm the amount to be collected from the customer (for cash payments). A data flow diagram for Robatelli’s Internet orders differs from Exhibit 2-12 in that a process (task) should be added for the direct input of the order information by the customer. This should occur before the order ticket is written. In addition, the customer’s payment data should be obtained at the time the order is received; i.e., there is no “billing” of the customer unless the customer indicates that a cash payment will be made upon delivery. Then the order ticket presented to the customer will serve as the “bill”.
Chapter 3 (Online): Fraud, Ethics, and Internal Control Continuing Case Solutions: Robatelli’s Pizzeria Do not make these Teaching Notes available for the general public. Please do not post Teaching Notes on an open website where they can be scanned by Google. When the Teaching Notes have been posted openly online in the past, it has caused problems for faculty at other institutions who are using the Teaching Notes in their classes. a. Considering the nature of the relationship between Robatelli’s home office and its franchise owners, the company may be quite vulnerable to theft or fraudulent financial reporting committed by these franchise owners. Describe the three components of the fraud triangle and how each would relate to a franchise owner’s likelihood to defraud Robatelli’s. The three components of the fraud triangle are as follows: Incentive to commit the fraud. A franchise owner may be under financial pressure (cash flow problems) or may have job-related pressures (bonus options) that create the motivation to steal cash and/or falsify company reports. Opportunity to commit the fraud. Since Robatelli’s Pizzerias generate a lot of cash and since cash is susceptible to theft, franchise owners may find themselves in a position with access to a significant amount of cash. Also, since there tends to be a lack of segregation of duties (i.e., franchise owners have access to cash and are also responsible for daily reporting), an opportunity exists for franchise owners to commit theft and falsify the records in attempt to conceal it. Rationalization of the fraudulent action. Franchise owners may try to justify a fraudulent act against Robatelli’s by claiming that the company requires too much of the restaurant’s profits. For instance, a franchise owner is likely to believe that the restaurant’s profits were earned as a result of the efforts of the franchise owner and his or her staff and should therefore be retained by the franchisor rather than by the company. b. Identify three types of fraud to which Robatelli’s may be susceptible. For each response, indicate whether the fraud is classified as management fraud, employee fraud, vendor fraud, customer fraud, or computer fraud. In addition, for each response, suggest an internal control that could be implemented to prevent or detect the potential fraud. Example of management fraud to which Robatelli’s may be susceptible: As described in part a. above, there may be a risk of falsification of records by the franchise owner. This can be prevented or detected by performing reconciliations of the transaction processing system and the daily sale summaries. Company managers may also perform detailed
analysis of trends in these summary reports and investigate unusual activity. Example of employee fraud to which Robatelli’s may be susceptible: Although skimming would be difficult for an individual employee to pull off (due to the requirement for an entry to the POS system in order to generate an order, and the need for an order to generate a cash receipt from a customer), it may be possible when collusion occurs. In such a situation, one person may collude with someone in the Kitchen to prepare an order without entering it in the POS system. When cash is collected from the customer, it may be stolen without being readily detected, as there would be no record to facilitate a reconciliation. However, close monitoring of the physical quantities of food items could indicate if there is a problem in this area. If a franchise shows high levels of food usage without corresponding high sales and profits, it may indicate that a skimming scheme has occurred. Examples of customer fraud to which Robatelli’s may be susceptible: Credit card fraud or check fraud may occur if customers use stolen or fraudulent credit cards or checks to pay for their orders. This may be prevented through an immediate verification of all credit card collections and by requiring identification for any checks received from customers. Refund fraud may occur if a restaurant manager issues a refund to a customer who deceptively complains about an order. This may be prevented by requiring Servers to verify the order before it is entered in the POS system and by promptly confirming the order upon its delivery to the customer. Example of vendor fraud to which Robatelli’s may be susceptible: A vendor may submit duplicate or incorrect invoices or may send incorrect shipments to the company’s commissary. This may be prevented by performing a vendor audit. Examples of computer fraud to which Robatelli’s may be susceptible: Input manipulation may occur whereby an employee enters altered information into the POS system in order to cover up a theft or falsify the financial reports. This would be considered internal computer fraud. A form of industrial espionage may occur, perhaps involving the theft and unauthorized use of the pizzeria’s famous recipes by a hacker. This would be considered external computer fraud. c. First, a faculty member should make it clear to students as to whether they can copy, or cut and paste from existing ethics codes of other companies. That is, some faculty may allow just finding existing codes that would apply. Other faculty may ask students to write a completely new code of ethics. In this type of assignment, students are likely to search and use
parts of other codes of ethics. It could e interesting to have a discussion with students about the ethics of using a code of ethics, or parts of that code from an example that they found online. Each student’s code of ethics would vary depending on the companies that they review online before they write a code of ethics. Bright students may recognize that Robatelli’s is a restaurant franchise business, and more specifically, a pizza restaurant. Therefore, they could search for codes of ethics for similar types of organizations. As an example, Pizza Hut is an international pizza chain owned by Yum Brands. Yum Brands has a very long code of conduct, but the relevant portions appear below. We offer this as copied from the Yum Brands website as an example of an answer if students are permitted to find other codes and present them as a good fit for Robatelli’s. PRODUCT QUALITY & FOOD SAFETY At Yum!, product quality and food safety are a cornerstone of our founding truths and a promise we make everyday to our customers. QUALITY Quality embodies our basic philosophy of doing business and that is why it is in our founding truths. Our goal is to put a YUM on people's faces around the world, therefore, we must exceed our customers' expectations every day in every one of our restaurants by providing the highest quality products and service, in surroundings that are clean, attractive and comfortable. We continually monitor our products and services, and work hard to improve them. We expect all our employees to assist in this process by reporting anything which might compromise our quality. FOOD SAFETY Food safety is a primary responsibility of Yum!, and nothing, including cost, is allowed to interfere with this responsibility. To ensure that our customers receive safe, wholesome food, and "food you crave," Yum!: Maintains strict specifications for raw products including specifications which meet or exceed government requirements. Adheres to a strict food safety testing program. Follows rigid food handling and preparation procedures in the restaurants. Trains management and crews in proper food-handling procedures and personal hygiene practices. Continually monitors and improves its procedures and practices to ensure food safety. The responsibility for food safety is shared by everyone in our system:
As an employee you are expected to immediately report any problem with food safety to your supervisor or the next level of management. Any product suspected to be unsafe must immediately be pulled from distribution until safety can be assured. If, at any time, your own health or that of anyone serving the restaurant might negatively impact food safety, you should immediately notify your supervisor and determine the proper course of action.
RELATIONSHIP WITH FRANCHISEES Our positive strategic relationship with our franchisees is an important and highly valued element of Yum! success. Franchisees are our most important partners. With this mindset, our goal is to operate as one system, drive sales and operate the best restaurant system in the world. Our relationship is characterized by: Fairness and honesty in our dealings with franchisees and potential franchisees. Open communication between Yum! and its franchisees. An objective assessment of their performance. Additionally, Yum! respects its franchisees and protects their confidential information. Franchisees and prospective franchisees provide confidential personal and business financial information to Yum! in the course of obtaining or expanding their Yum! business. This information should be kept strictly confidential and used only for legitimate business purposes.
Chapter 4 (Online): Internal Controls and Risks in IT Systems Continuing Case Solutions: Robatelli’s Pizzeria Do not make these Teaching Notes available for the general public. Please do not post Teaching Notes on an open website where they can be scanned by Google. When the Teaching Notes have been posted openly online in the past, it has caused problems for faculty at other institutions who are using the Teaching Notes in their classes. 1. Describe the new risks of Internet orders that Robatelli’s management should have considered. The risks you describe should be specific to the Internet order system. The Internet poses risks in the following areas: Security Confidentiality Availability Processing Integrity Online privacy The volume of users on the World Wide Web vastly increases the potential number of hackers or unauthorized users who might attempt to access Robatelli’s computer network. An unauthorized user could compromise security and confidentiality by gaining access to restricted data files, and affect availability and processing integrity by altering data or software or by inserting virus or worm programs. In addition, online privacy of Robatelli’s customers could be compromised by an unauthorized user who browses through or steals confidential information (such as credit card numbers or other identifying information required from a registered Internet customer. 2. Describe internal controls that Robatelli’s should have implemented to lessen the risks you identify in part 1. Exhibit 4-5 presents internal controls and the related risks. Of particular interest to Robatelli’s should be the user authentication controls and the hacking controls. The use of a firewall is to ensure that only the intended data flows through a given process would be an important control for Robatelli’s. Having more than one firewall provides greater data integrity. The first firewall provides protection for the Web server from potential hacker attacks and denial-ofservice attacks. However, no firewall is completely effective. Since there is a chance that a hacker could break through the first firewall, a second firewall is necessary to isolate the internal IT systems from attack. The ordering,
inventory, payroll, accounting, and transaction processing systems are isolated fro the Web server in this dual firewall system. In addition, it may be worthwhile for Robatelli’s to provide online customers with a few security questions in order to reduce the risk of fictitious orders or other unauthorized use of the company’s computer systems. Since there is no mention of the use of a secured Web site, using a Secured Socket Layer (SSL) for secure Internet communication would enhance customer confidence in transmission of personal information, including credit card numbers. 3. If Robatelli’s decides to move its data and software to a public cloud computing model, what additional risks should it consider? If Robatelli’s moves its data and software to a public cloud computing model, it would effectively transfer control of its data and software to a third party provider. Accordingly, additional risks would be introduced, including security, availability, processing integrity, and confidentiality risks. Robatelli’s would need to have confidence that its cloud provider would keep Robatelli’s data secure and confidential, and that it will not have service interruptions.
Chapter 5 (Online): IT Governance Continuing Case Solutions: Robatelli’s Pizzeria Do not make these Teaching Notes available for the general public. Please do not post Teaching Notes on an open website where they can be scanned by Google. When the Teaching Notes have been posted openly online in the past, it has caused problems for faculty at other institutions who are using the Teaching Notes in their classes. a. Do you think Robatelli’s business strategy is driving the development of its information systems, or vice versa? Use points from the case to support your answer. While it is apparent that there is a critical link between Robatelli’s information system and its long-term strategic planning, the case clearly gives the indication that the business strategy drives the information systems development. Several points are made in the case to bring this point across, including: 1. In the Introduction, a point is made that “the company’s aggressive growth strategies were forcing increased emphasis on the system’s ability to derive detailed customer information that could be translated into increased sales opportunities.” 2. In addition, the conversation between Robatelli’s CIO, CFO and database administrator centered on the “features of the company’s accounting information systems, and whether or not data extracted from these systems could facilitate the multiple needs of the company.” 3. The case points out that Elaine realized that her IT department had to be proactive in developing a state-of-the-art system to allow the company to be well positioned to execute its growth plans. 4. The case also mentions that the business is changing frequently and that systems maintenance is an ongoing activity meant to keep up with the business changes. It is clear from these statements that the company sets its business strategy and then develops an information system that can support such strategies in order to provide Robatelli’s with a competitive advantage. b. Describe the steps Robatelli’s should take (according to the SDLC stages) to ensure that its IT systems are aligned with its business strategy. To ensure that IT systems are chosen and implemented to enhance Robatelli’s ability to meet its strategic objectives, a steering committee and a SDLC methodology should be used. These two processes will allow Robatelli’s to match IT systems to company strategy. The steering committee is comprised of senior management such as the Chief Executive Officer, Chief Financial Officer, Chief Information Officer, and senior managers within user departments. The Steering Committee should oversee the strategic management of IT. The formal process used to select, design, and implement IT systems is the SDLC, which is a systematic process to manage the acquisition, design, implementation and use of IT systems. The oversight and management of the
SDLC is the responsibility of the steering committee. Both of these management processes, the steering committee and the SDLC, are necessary in the strategic management of IT systems. A major function of the Steering Committee is to constantly assess the long-term strategy of the company and determine the type of IT systems to purchase, develop, and implement that enhance the progress toward the company’s strategic objectives. The steering committee determines the priority of various IT systems, and the SDLC is the process that manages the development, implementation, and use of those IT systems. The need to match IT systems to organizational objectives requires that the steering committee include top management such as the CEO, CFO, CIO, and other key managers. This group of top managers establishes strategic company objectives, as they are in the best position to assess the fit of IT systems to those objectives. In addition, this top management group has the authority to allocate resources and time to these IT change projects. Lower level managers would not have the authority or standing within the organization to push through IT changes. If the steering committee determines that the IT system is not sufficiently enhancing the company’s ability to meet strategic objectives, it should begin the SDLC process. The first phase of the SDLC is systems planning. Systems planning is undertaken to study and evaluate the feasibility of changing or updating the IT system. The Steering committee must manage this IT change process to ensure that the new IT system will enhance the ability to meet strategic company objectives. The systems planning phase prioritizes potential changes to IT systems. Generally, the systems planning phase involves assessing strategic objectives of the company and how well particular IT systems match those strategic objectives. The systems planning phase usually also includes feasibility analysis. A feasibility analysis is an assessment of the technical, economic, and operational feasibility of the proposed IT changes. If a proposed change is not feasible technically, economically, or operationally, it should not be undertaken. By assessing strategic company objectives and conducting feasibility analyses, decisions can be made about whether a proposed IT change matches company strategy and whether it is feasible to buy, implement, and operate a proposed system. If the proposed IT change meets strategic objectives and is feasible, the remaining phases of the SDLC should be undertaken. Generally, these phases include systems analysis, system design, system implementation, and system operation. These phases are systematic steps to ensure that the proposed IT system is properly developed, implemented, and operated. This controlled set of steps helps ensure that the company implements a system to enhance its ability to meet strategic objectives. The end result of applying the methods of a steering committee and an SDLC is that the best IT systems are chosen and implemented. The best IT systems are those that match company strategy. c. Describe whether any parts of Robatelli’s IT system could be adapted to cloud computing. Student responses are likely to vary, but most students should recognize that Robatelli’s could utilize a cloud computing model, which would be reasonably adaptable in its order processing and accounting functions. For its telephone and Internet orders, maintaining
cloud computing applications for software and data storage could enhance the company’s ability to process orders and transmit those orders to its various restaurant locations. In addition, cloud computing applications could enhance the restaurant managers’ ability to transmit sales summaries to the accounting department. In essence, a third party could provide the services that are currently available through Robatell’s intranet. Since scalability is a primary advantage of cloud computing, the ability to purchase additional capacity during peak times would alleviate Elaine Black’s fears regarding the capacity of Robatelli’s current system. In addition, since Robatelli’s has multiple locations, the use of cloud computing can improve employees’ and customers’ abilities to access the systems. Finally, Elaine’s concerns regarding internal controls would be addressed by the third party provider. Overall, there could be cost savings realized by Robatelli’s, especially in terms of reduced infrastructure. As described in this chapter, Robatelli’s should follow the steps within the SDLC if it intends to revise its current systems and adopt a cloud computing model.
Chapter 6 (Online): Enterprise Resource Planning (ERP) Systems Continuing Case Solutions: Robatelli’s Pizzeria Do not make these Teaching Notes available for the general public. Please do not post Teaching Notes on an open website where they can be scanned by Google. When the Teaching Notes have been posted openly online in the past, it has caused problems for faculty at other institutions who are using the Teaching Notes in their classes. a. What advantages could Robatelli’s expect by upgrading to an ERP system? The general advantages described in chapter 15 would be applicable. That is, there would be advantages related to: a. The interaction of modules so that recording of sales might automatically trigger new orders of the ingredients needed. b. The real time nature of an ERP system that would provide timely feedback to management. c. The “best practices” inherent in an ERP system. Robatelli’s might need to change their processes to match the ERP system, but such a change should increase the effectiveness and efficiency of those processes. d. The single data base that allows sharing of information across functional areas. e. The ability to analyze data such as sales patterns. f. The ability to enhance the web sales that Robatelli’s is engaged in. g. The capability of an ERP system to interact with trading partners. For example, Internet EDI might increase the efficiency and effectiveness of the purchase of ingredients. h. The scalability of the ERP system that would allow the system to grow if Robatelli’s grows. There are some specific advantages related to the specific information described in the case. For example, the current software does not automatically post sales to the general ledger. An ERP system would have automatic and real-time posting to the general ledger and the ability to analyze sales patterns. b. As Robatelli’s considers modules to purchase, which four or five modules do you believe would be most critical? Why? There could be many different answers to this because various software vendors use different terminology regarding modules. The following answer uses generic, high level terminology for modules. Robatelli’s should consider purchasing and using the following modules: financial, human resources, procurement and logistics, sales and services, and analytics. The need for financials and HR are somewhat obvious. Procurement and logistics would
help Robatelli’s manage the various ingredients and supplies they purchase, and the movement of those purchased items to the various restaurants. Sales and services would provide a powerful module to handle sales and e-commerce sales. An analytics module would give Robatelli’s the opportunity to analyze several kinds of operational aspects. For example, data mining could be used (see chapter 13) to analyze sales patterns and improve decisions about pricing, promotions, and inventory levels of ingredients. There are some answers that might be obviously wrong. For example, Robatelli’s might not have as great a need modules related to manufacturing. c. Which method of implementation of an ERP system do you suggest for Robatelli’s? Why? Although any method could be the argued to be the correct answer, the “big bang” is probably the least desirable for a company like Robatelli’s. The company is not large enough to have a large, highly competent IT staff that could accomplish a “big bang” implementation. The modular approach may be the best for Robatelli’s as it would allow them to implement little parts of the system at a time. This would probably be the least risky. A location-wise would probably not work as well for Robatelli’s because most of the ERP system would affect the headquarters and only a few things could be implemented at the various restaurants (locations). Since much of the accounting, purchasing, logistics, and analysis is an the headquarters, there would be little gained by trying to do a location-wise method. d. Recommend two or three ERP systems that would be appropriate for Robatelli’s. Be specific with respect to the name of the ERP software system and the provider company. When making these recommendations, consider the size of Robatelli’s and, therefore, what it might be able to afford. This answer will vary widely because there has been much activity by the vendors of ERP systems to attract all types of businesses. For example, tier one systems such as SAP or Oracle would not have been appropriate selections for small to mid-size businesses in the past. But now even the tier one vendors have products that they market to small to mid-size businesses. For example, SAP sells an ERP system called SAP Business One. Some ERP systems that are appropriate for small or midsize enterprises would be: a. Microsoft Dynamics GP or Dynamics 365 b. Sage 300c c. Oracle Netsuite ERP d. Epicor. Accounting software that would not be appropriate for Robatelli would be the software such as Quickbooks or Sage 50c. Robtelli’s would be too large aa business these simpler accounting systems.
Chapter 7 (Online): Auditing Information TechnologyBased Processes Continuing Case Solutions: Robatelli’s Pizzeria Do not make these Teaching Notes available for the general public. Please do not post Teaching Notes on an open website where they can be scanned by Google. When the Teaching Notes have been posted openly online in the past, it has caused problems for faculty at other institutions who are using the Teaching Notes in their classes. Imagine that you have been hired to perform the financial statement audit for Robatelli’s Pizzeria. This is the first time the company has had an external audit. a. What steps would your firm go through in the planning phase for this initial audit engagement? The steps in the audit planning process include: 1. The auditor must gain a thorough understanding of Robatelli’s major business processes and the related financial reporting systems. This will occur through interviews with company personnel, reading documented policies and procedures, and observation of the company’s various processes and locations. With respect to Robatelli’s computer systems, the auditor must determine how transactions are entered into the computer system and how journal entries are initiated, recorded, and processes. 2. The auditor must gather evidence about internal controls within the major business processes, including controls within computer resources and the related functions. Key members of the accounting and IT staff will be interviewed, user manuals and system flowcharts will be reviewed, and the results should be documented in questionnaires, memos, or narratives. 3. Based on the evidence gathered in step 2 above, the auditor must make a determination about whether or not the internal controls are reliable. In other words, auditors must decide if the controls are strong enough to prevent, detect, and correct significant errors or fraud that could occur within the business. This will determine the testing strategy to be used on the audit engagement. 4. Auditors must assess risks and establish materiality limits to be used on the audit engagement in determining the nature and extent of tests to be applied. In determining materiality, a threshold is set for establishing the amounts that are considered significant enough to influence the decisions of the company’s stakeholders. This will help auditors decide how much evidence is needed during the audit, as the auditor will concentrate on transactions and account balances that exceed the established materiality level. In assessing risk, auditors
need to consider the types of risk inherent in the Robatelli’s business caused by such things as the nature of operations and related controls, the economy, or management’s strategies. For Robatelli’s there is a considerable amount of cash transactions at the restaurant locations, which means that the company is susceptible to the risk of theft. 5. After performing step 4, an audit approach can be developed. The nature, timing, and extent of audit tests must be documented in an audit program. If the auditor has determined that the company’s internal controls are reliable, a Reliance Strategy will be used whereby the emphasis is on tests of controls. On the other hand, if the auditor has determined that the company’s internal controls are not reliable or that it is not cost effective to test those controls, a Substantive Strategy will be used whereby the emphasis is on detailed tests of transactions and account balances. 6. Once the audit approach has been established, then the auditor needs to determine the resources needed to perform the audit engagement. Audit team members will need to be scheduled within the appropriate time frame so that testing can be performed as planned. These steps are presented in the text in Exhibit 7-5. These steps apply to an initial audit engagement as well as an audit engagement for an existing client company. However, for an initial audit engagement, the process of understanding and documenting the company’s major business processes is expected to be particularly time consuming. This is because the auditor will have little or no prior knowledge of the company and its systems. In the case of Robatelli’s, the auditors must gain a thorough understanding of each of the ordering systems (in-store, telephone, and Internet), as well as operations at the restaurant locations, commissary, customer center, and administrative offices. b. What computer-assisted audit techniques could you use in conducting this audit? Use details from the case to explain why you believe these techniques would be appropriate for Robatelli’s. The test data method could be used to assist in conducting the audit of Robatelli’s Pizzeria’s sales and transaction processing system. Fictitious information can be developed by the auditors and entered in the company’s transaction processing system and processed under normal daily operating conditions. This method would be well-suited for Robatelli’s because it works well with batch systems, and Robatelli’s processes sales information for each restaurant location in daily batches. Since the daily sales from the transaction processing system are reconciled to the restaurant manager’s daily summaries, this process should isolate fictitious data if controls are in place. Program tracing could also be used, whereby bits of actual data are processed through the application on another (nonclient) computer system.
This verifies the accuracy of the application’s processing without the risk of contaminating Robatelli’s data. Parallel simulation is another CAAT that could be used at Robatelli’s. A parallel simulation involves the processing of company data under different systems to determine whether the same results are realized under both systems. This process could be applied to Robatelli’s transaction processing system and compared with the daily sales summaries. The reconciliation process could then be compared with the actual results as determined at Robatelli’s home office. Robatelli’s telephone and Internet ordering (“one-number”) systems could be tested using an integrated test facility. Test data can be input directly into the company’s system along with actual data, but the system would be programmed to exclude the test data from its master files. This would work well at Robatelli’s since it is not disruptive to operations at the call center and would not dilute information transferred to the restaurant locations. The embedded audit module approach involves placing special audit test modules within the company’s operating system. This approach could be used to test Robatelli’s one-number system by searching for certain transactions (such as large dollar orders) and determining whether the system is properly capturing these transactions. It could also be used to test the transaction processing system by searching for special transactions, such as restaurant bill adjustments, to determine that they are being recorded properly.
Chapter 8 (Online): Revenue and Cash Collection Processes and Controls Continuing Case Solutions: Robatelli’s Pizzeria Do not make these Teaching Notes available for the general public. Please do not post Teaching Notes on an open website where they can be scanned by Google. When the Teaching Notes have been posted openly online in the past, it has caused problems for faculty at other institutions who are using the Teaching Notes in their classes. a. Briefly describe the differences in Robatelli’s three order-entry systems (in-store, telephone, and Internet). For each method, specifically identify the employees needed and describe the tasks performed by these employees. Obviously, the major differences are the manner in which the order is taken. During the in-store sales, the customer is physically present and the order is taken and written down manually before it is entered into the system. In the case of telephone orders, the order is taken by a call center and entered into the computer as the order is taken. Online orders are entered directly by customers through a web page. Thus, all three order types are entered into the IT system, but in a different manner. Since telephone and online orders are likely to be delivered, more data must be collected from the customer; including address, phone number, and expected delivery time. This data is not collected for in-store sales. The preparation of food ordered is essentially the same under all three, except that telephone and online orders must be prepared for delivery or pick-up. If they are to be delivered, then a delivery person must have be given the details of customer name, address and phone number, as well as the food ordered. Payment methods are also somewhat different. For in-store sales, the server collects cash or a credit card and processes the payment through a cash register. For telephone orders, the customer has the option to pick up the pizza, or have it delivered. If the order is for pick-up, the customer will pay at the cash register with cash or credit card. If the order is to be delivered, the customer can pay with a credit card on the phone or online; or the customer can pay the deliverer with cash. In all three types of orders, the general ledger must be updated to reflect changes to sales and cash accounts. The case indicates that for each of the three types of orders, the general ledger is updated manually based on daily sales summaries. b. Draw three process maps of the ordering and sales processes at Robatelli’s. One process map should depict in-store sales, one should depict phone orders, and one should depict online sales. See the process maps in the file “Chapter 8 Solutions Process maps.xls” on the instructor web site. c. Separately identify at least one internal control strength and/or weakness for each of the three ordering systems (in-store, telephone, and Internet).
What is the control purpose of the drop-down boxes in the Internet ordering system? The answers below are divided into a separate part for each type of order. In-Store orders: Strengths: 1. Data entry errors are greatly reduced because walk-in orders are entered directly into the computer terminals located at the counters. In addition, since the customer is present, it allows for easy verification of the order. Weaknesses: 1. Tableside orders are taken manually, then re-entered into the computer system at the food preparation station. This duplication of effort is costly because it is time-consuming and it allows for the possibility of error in reentering the information. Telephone orders: Strengths: 1. Data entry errors are greatly reduced by having the operators enter the order information while customer is still on the phone. It also allows for easy verification of several items including the address, the order itself, and even the credit card information. 2. Time is saved by having the system store and automatically be able to retrieve a customer’s favorite order. Entry errors are also reduced. 3. Having the streets database provide a link between the customer’s address and the closest restaurant greatly reduces errors and possibly lost sales in case a wrong location is incorrectly selected. 4. Having all calls being processed in one central location enhances the order-taking process due to reduced interruptions such as noises within restaurant locations and possibly customer interruptions. Weaknesses: 1. Credit card numbers and any other sensitive information should probably not be sent to the various restaurants. Credit cards should be processed at point of entry to enhance confidentiality of customer information. The order can be sent to the various restaurants with instructions to the effect that payment had already been made. 2. When an order is sent to the various restaurants, additional work of processing the credit card takes place. This creates chances for introduction of errors into the system. Additional human intervention should be reduced as much as possible. Internet orders: Strengths: 1. Once a customer has placed an initial order, that customer’s information is stored in the database in order to reduce/eliminate re-keying of that
information for subsequent orders. This enhances data accuracy and efficiency, which boosts customer satisfaction. 2. The use of drop-down menu boxes reduces data entry errors – in this case the customer only clicks on items to be ordered rather than keying in the item name or numbers. 3. Confirmation of the menu items and restaurant location before completion of the order placement ensures order integrity. Weaknesses: 1. No mention is made of the need to provide a customer with a few questions to eliminate fictitious orders. 2. No mention is made of the use of a secured website. The use of Secure Socket Layer (SSL) for secure internet communication would enhance customer confidence in transmission of personal information including credit card numbers. 3. There is potential for an incomplete order due to the myriad of menu possibilities. However, the case does make it clear that every field must be completed even when the choice is “none”. 4. Customers are limited to the menu combinations in the drop-down box. Although there are many menu selections, there may be reduced flexibility for a “mix-n-match” of various items (like sauces) or other special orders.
Chapter 9 (Online): Expenditures Processes and Controls – Purchases Continuing Case Solutions: Robatelli’s Pizzeria Do not make these Teaching Notes available for the general public. Please do not post Teaching Notes on an open website where they can be scanned by Google. When the Teaching Notes have been posted openly online in the past, it has caused problems for faculty at other institutions who are using the Teaching Notes in their classes.
a. Describe how you believe an efficient and effective purchasing system should be organized at Robatelli’s. Include details such as: There is no single correct response to these questions, but they should generate much discussion among groups within or outside the class. In a smaller company such as Robatelli’s, it would be most reasonable to conduct purchases at the corporate headquarters, or in the commissary. It would not be very likely to have purchasing agents in various locations. All would work at corporate headquarters, or the commissary, whichever has appropriate office space to accommodate them. There may be more efficiency if they were located very close to the accounts payable process location. It is obvious that there would be no need for any purchasing agents to work at any of the restaurant locations. The purchasing system should be organize very much like that described in the chapter. This would include requisitions from the commissary as various ingredients reach the reorder point. Either a software system, or assigned personnel in inventory control should monitor inventory levels and determine when to place orders for various ingredients or supplies. The requisition would be forwarded to purchasing agents. The purchasing agents would solicit bids from two or three vendors, select the best vendor, and prepare a purchase order. The purchase order would be mailed to the vendor, and copies would be forwarded to receiving, accounts payable, and the requisitioner. As goods are received at the receiving dock of the commisary, they should be counted, inspected, and then a receiving report prepared. The receiving report should be forward to accounts payable and inventory control. Goods are stored at the commissary until needed to produce subassemblies (dough, sauce, salads), or needed at the restaurants. Inventory control would update inventory records. Accounts payable would approve payment if the purchase order, invoice, and receiving report match. The subassemblies and ingredients will be delivered to each restaurant as needed. a. How many purchasing agents should be employed? My suggestion would be five purchasing agents. b. Where will these purchasing agents be located? The most effective location is probably corporate headquarters.
c. How will the necessary information for purchasing flow between restaurants and these purchasing agents? The sales at each restaurant should be monitored by the software system. Based on menu items sold, the software can determine food ingredients used. The restaurant manager should also provide information to the commissary about any food items that are lower than the records would indicate. Inventory of items in the restaurant will not always match the records due to mistakes, theft, and shrinkage. The purchasing agents will receive information about what should be purchased via requisitions. d. How will IT systems be used in purchasing? The IT system should have the capability to monitor inventory levels, inventory usage as sales occur, and be able to predict future needs based on sales history. Ideally, the software would have integrated sales, inventory, receiving, and payables modules so that the appropriate information sharing is automatic. e. How and when will purchased items be delivered to the restaurants? (Remember that all 49 locations are within the Pittsburgh area and none would be more than a one-hour drive from the Corporate Headquarters). Each day, a fleet of about ten trucks should load ingredients and supplies needed at a set of restaurants, and the truck driver will deliver to approximately three restaurants during the day. The driver would then have a second set of restaurants to deliver to on the second day. In this system, ea h restaurant receives a truck load at least every other day. (this is a suggested method only. Answers can vary much, but should be reasonable). b. Draw a process map of your proposed purchasing system. See the last page of this document. c. Describe any IT controls that would be necessary or desirable in your purchasing system. The system must have user authentication controls (user ID, password, authority tables) to ensure that only authorized users have access, and that only appropriate personnel are authorizing or initiating orders. A computer log should also be maintained so as to monitor and identify any instances of unauthorized use. The system should also have data validation controls to help minimize input and processing errors. The software system should also be regularly tested to ensure it correctly initiates orders when necessary. That is, it should not trigger purchases at the wrong time, or in the wrong amount. There should be backup files and backup systems to avoid system availability issues. Many other IT controls could be mentioned, but these are the controls mentioned in the chapter. Other controls that might be mentioned by students would include the IT controls from chapter 4.
Spatelli's Purchasing Process Map
Receive puchase
Reject request
Receive and inspect goods
Receive invoice from vendor
Authorize purchase requisition
Accept delivery?
Reject goods
Match?
Reconcile with vendor
Select vendor
Update accounts payable records
Prepare receiving records Prepare Purchase Order and send to vendor Store goods or initiate production
Prepare Purchases Journal
Update inventory records
Update general ledger
Chapter 10 (Online): Expenditures Processes and Controls – Payroll and Fixed Assets Continuing Case Solutions: Robatelli’s Pizzeria Do not make these Teaching Notes available for the general public. Please do not post Teaching Notes on an open website where they can be scanned by Google. When the Teaching Notes have been posted openly online in the past, it has caused problems for faculty at other institutions who are using the Teaching Notes in their classes.
a. Describe how you believe an efficient and effective payroll system should be organized at Robatelli’s. This answer can vary depending on the type of payroll system recommends. An inhouse payroll system can have various levels of IT integration. Many companies of a similar size choose to outsource payroll. The suggested answer in parts a to c assume an in-house payroll system. Since most restaurants with several locations use point of sale software at the cash register, this solution assumes employees at the restaurants clock in and clock out using the point of sale software. First, there should be a separate human resources department and this department provides the authorization for who is in the payroll system and can receive pay checks. In addition, human resources maintains personnel records that include employee name, address, social security number, birth date, pay rate, withholding information and authorizations, and performance review information. Timekeeping will be a little different for different types of employees. Restaurant employees would use the Point of sale software at the restaurant to clock in and clock out. Thus, timekeeping at the restaurant is automated. At the commissary and headquarters, hourly employees could use a time clock or written time cards for timekeeping. A time clock is preferable as it increases the accuracy and internal control of timekeeping. Supervisor approval of time worked at both the restaurants and the commissary and office locations should occur as an internal control. All time keeping information would be forwarded to headquarters and a payroll department would calculate gross pay, deductions, and net pay based on time keeping records and personnel records regarding deductions. If the company has instituted such a policy, it would pay based on direct deposit rather than paper checks. Direct deposit is more efficient, effective, and less subject to fraud. If the company does not require direct deposit, it should institute such a policy. If paper checks are written, they would have to be distributed by the appropriate managers. This is less effective as an internal control, but it would not be practical to have an independent paymaster visit the various restaurants, commissary, and office. That is why direct deposit is a more desirable approach.
If payroll is in-house, Robatelli’s should use the payroll module of their accounting software to input time and calculate payroll. An alternative would be a stand-alone payroll software system. The payroll module within the accounting system is preferable because it would automatically integrate with other modules such as general ledger. A separate payroll bank account should be used and accounts payable should authorize a check for the total amount of the payroll. This check would be deposited in the payroll bank account and payroll direct deposits to employees (or pay checks) are drawn from this account. The payroll software should complete reports and schedules such as reports for deductions from employee pay. These reports are used to determine the amounts to be paid to the various withholding entities. Some reports must be filed with Federal, state, and local governments. The appropriate deposits for taxes and other withholdings should be prepared by payroll and deposited in the appropriate accounts. Include details such as: a. What types of payroll documentation should be prepared at the restaurant locations? Ideally, there would be very little paper documentation. Each new employee would complete a paper W-4 form to indicate tax exemptions. Time keeping should be as automated as possible. Thus, time cards would not be prepared at the restaurants. Employees would very likely log into a cash register upon arrival at work to clock in and then log out from the cash register when they leave. Therefore, time keeping is automated. b. How will the necessary information for payroll flow between restaurants and the home office? At the restaurants, the POS software can record hours work as employees clock in and clock out at the cash register. Thus, only summary information needs to be forwarded to the payroll department by each restaurant. The method of forwarding summary time information would depend on how sophisticated the IT systems are at Robatelli’s. Each restaurant manager could e-mail a summary report, or ideally, the manager would log into the software at corporate headquarters and file a time keeping report for the restaurant online. This would reduce the chance for data input errors and would increase the efficiency of payroll. Headquarters should provide periodic summary reports to each restaurant that provides labor cost information to each manager.
c. How should IT systems be used in the payroll processes? IT systems should be employed to the full extent that is possible. IT systems of payroll increase the accuracy, efficiency, and reporting capability in payroll. As mentioned above, time keeping, payroll processing, check distribution (direct deposit), and reporting should be in the IT systems and not done manually. b. How could Robatelli’s prevent the occurrence of a ghost employee at one of its restaurant locations? The best protection is to segregate timekeeping from check distribution. If a manager at a restaurant had the authority to record employee time, and to distribute checks, he could create a ghost employee. If checks are distributed by someone else, that opportunity is lessened. Because of the 53 different restaurant locations, it is not practical to have a paymaster visit each restaurant on pay day. Therefore, direct deposit of employee pay is a much more effective approach. Since it is difficult to establish a bank account for fictitious person, this reduces the chances of ghost employees. Outsourcing payroll, such as to ADP, can also reduce the risk of ghost employees. c. From a cost/benefit perspective, what risks factors exist in Robatelli’s payroll processes that make it worthwhile to implement thorough internal controls? Generally, restaurant employees are paid weekly. This frequency is a risk factor. Also, restaurants such as Robatelli’s tend to have high turnover in employees. Describe the related internal control that could help detect or prevent each risk. As described above, Robatelli’s should use IT systems for payroll as much as possible. These IT systems have built-in internal controls. For example, the clock in and clock out of employees through the POS software decreases the chance that employees can clock in for a friend who is absent. The efficiency and accuracy of IT systems would also lessen risks associated with frequent pay periods. A separate human resource department that authorizes hiring and performs appropriate background checks can lessen the risks associated with high turnover. d. If Robatelli’s wished to reduce the payroll risks identified above, it could consider outsourcing much of the payroll processing. (ADP is an example of a payroll processing company.) Search the Web site of a payroll processing firm to determine the benefits to Robatelli’s of outsourcing a substantial portion of its payroll processing. Describe these benefits, the risks avoided by outsourcing, and the risks still borne by Robatelli’s after outsourcing. Also, describe the payroll record keeping functions that Robatelli’s must still maintain even if it outsources a substantial portion of its payroll processing. The risks, benefits, and record keeping borne by Robatelli’s and the outsourcing
company are dependent on how much Robatelli’s wishes to outsource. ADP’s website indicates that it can be contracted to handle all payroll and human resources functions. If Robatelli’s outsources both payroll and human resources, most of the risks are transferred to ADP. Risks of errors in payroll, ghost employees, and employee character are transferred to ADP. If we assume that Robatelli’s outsources payroll, but not HR, then Robatelli’s assumes the risks inherent in hiring employees. For example, an employee who has a criminal background can cause very large legal risks for a company, and can also be a risk for fraud or a risk to other employees. The benefits to outsourcing are that the time, costs, and risks of payroll are reduced. ADP’s website lists the following benefits of outsourcing payroll: Outsourcing your payroll can provide your small business with a number of important benefits: Save time Using an outsourced payroll solution is typically more efficient for a small business than processing payroll internally. Leaving payroll to experts frees up hours that you can devote to other important parts of your business. Whether it is your time, staff time, or a combination, chances are the hours could be better spent winning more business, improving customer service, fine-tuning business operations or launching a new product line. Among the areas where outsourcing will save time are: Processing payroll Cutting and distributing paychecks Calculating and paying withholding and employment taxes Preparing and distributing W-2s and 1099s at year-end Handling employee payroll inquiries Save money Many business owners underestimate the cost of processing payroll internally by failing to account for all hours spent and resources allocated to pay employees and maintain payroll paperwork. A thorough cost assessment usually proves that a small business saves money by outsourcing the processing, tracking and filing of payroll documents. To assess your own internal payroll costs, consider: How much the time spent is actually worth: consider the cost of your time and the time of anyone who processes or "touches" payroll. Often, many people in a small company are involved in the various parts of payroll processing. What savings would outsourcing provide: since an outside provider can handle all the responsibilities involved in managing payroll and answering employee questions, a small business can often eliminate or reallocate an internal payroll resource.
Avoid penalties Calculating federal, state, and local employment taxes and filing payroll-related tax paperwork can be more than just a hassle. If it's done incorrectly, your small business may face penalties and even interest on money owed since the mistake was made. In fact, it is estimated that one in three small businesses receive a tax penalty costing over $800 each year. Outsourcing payroll does away with the risk of many of these costs and hassles because: An outsourced payroll provider calculates payroll taxes, based on its expertise and close tracking of regulation changes Monthly or quarterly employment tax reports are managed by the payroll service, ensuring they are submitted correctly and on time Payroll providers may assume penalties that come as a result of incorrect tax calculations End-of-year paperwork — such as W-2s and 1099s — are handled directly by the payroll provider, so they are sent out on time (From: http://www.smallbusiness.adp.com/outsource/index.asp) e. Describe how you believe an efficient and effective system of fixed assets accounting should be organized at Robatelli’s. Robatelli’s should ensure they have proper procedures to authorize the purchase and retirement of fixed assets. This would include policies that require a cost benefit analysis of asset purchases, approval of fixed asset purchases by high level managers, appropriate approval for retirement of fixed assets, and procedures for the proper sale or disposal of retired fixed assets. The cost benefit analysis prior to a purchase should include a discounted cash flow analysis and a narrative description of the benefits of the fixed asset. In addition, top management should develop a yearly capital budget and fixed assets should be purchased only after a high level manager has compared the request to the capital budget and ensured adequate funding in the capital budget. The ordering, receiving, and record keeping of fixed assets should be segregated so as to reduce the chance of fraud and to reduce errors in fixed asset purchasing or record keeping. The purchase of a fixed asset should follow typical purchase procedures that include a requisition, purchase order, receiving and inspection. Adequate records of fixed assets should be maintained that include purchase price, estimated life, salvage value, location of the asset, and repair and maintenance records. Such records should include a fixed asset subsidiary ledger to maintain detailed information about each asset. These records should be used to accurately calculate depreciation expense for fixed assets. When assets are to be retired and disposed, depreciation must be recorded to date, the assets should be removed from the fixed asset subsidiary ledger, and any gains or losses recorded.
Be sure to include the following issues in your response: a. How should the fixed assets accounting department maintain control over fixed assets in the various restaurant locations? The best control over fixed assets at the restaurants is supervision. Each restaurant manager must be responsible for the supervision of fixed assets at his/her restaurant. Any change in fixed assets such as break down or theft should be reported to the home office so that records can be changed and appropriate steps taken to repair or replace the asset. b. How should IT systems be used in the fixed assets process? IT systems should be used to the full extent possible. The number of fixed assets, and the high dollar value of these assets are reasons that the fixed asset accounting system should be as efficient and effective as possible. IT systems provide a much better method of maintaining fixed asset accounting than manual systems or spreadsheets. If Robatelli’s accounting software includes a fixe asset module that meets their needs, it should be used. If not, Robatelli’s should purchase a separate fixed asset software system to maintain fixed asset accounting.
Chapter 11 (Online): Conversion Processes and Controls Continuing Case Solutions: Robatelli’s Pizzeria Do not make these Teaching Notes available for the general public. Please do not post Teaching Notes on an open website where they can be scanned by Google. When the Teaching Notes have been posted openly online in the past, it has caused problems for faculty at other institutions who are using the Teaching Notes in their classes. a. Briefly describe Robatelli’s conversion processes, i.e., what gets converted, how is it done, and where are the underlying processes performed (at which Robatelli’s location(s))? In general, the conversion process is a two stage conversion process to convert raw food into prepared meals for customers in the restaurant, take-out, and delivery orders. The first stage would be to convert certain raw food ingredients are converted into “subassemblies”. For example, both pizza dough and pizza sauce and made in a commissary using food ingredients such as flour, tomatoes, salt, sugar, etc. Salads are also assembled at the commissary and treated as a subassembly. These subassemblies, and other meal ingredients such as meats, vegetables, buns, and cheese are delivered to each individual restaurant for stage two of the conversion process. The final conversion (food preparation) takes place at each individual restaurant. As an example, the subassemblies of dough and sauce are combined with meat, vegetables, and cheese to create and bake a large deluxe pizza. These meals are then delivered to tables within the restaurant by servers, or to take-out customers at the cash register, or to customers by delivery drivers. A similar process occurs for sandwiches, spaghetti, calzones, and other menu items. Soft drinks, wine, and beer are most likely delivered directly to each individual restaurant from distributors. There would be very little conversion processes for these drinks except to pour them into glasses and deliver to customers in the restaurant. b. What procedures and internal controls would you recommend to Robatelli’s to minimize the risk of lost sales due to stock-outs, i.e., running out of ingredients, and the resulting idle time that may be incurred while awaiting delivery from the commissary. The ideal solution would be to use as sophisticated IT system, such as an ERP, that would included internal controls and integrated sales, inventory, and purchasing systems that would continuously monitor inventory levels, automatically decrease inventory levels as deliveries are made to restaurants, and purchases are automatically triggered as predicted sales levels and current inventory levels indicate a need to purchase ERP systems can include the appropriate internal controls within the system to segregate duties and make sure the correct people and events are triggering purchases at the appropriate time. Without a sophisticated IT systems, there would be some manual processes in the
inventory and purchasing systems. There must be internal control policies and procedures to monitor and control inventory levels. First, there must be clear policies as to who is assigned responsibility accomplish tasks such as monitoring inventory, authorizing purchases, and receiving goods. In addition there must be clear policies about which persons can authorize the vendors to use. Unreliable vendors who do not deliver on time can affect inventory levels negatively. Someone must be assigned responsibility to select new vendors and go monitor the performance of current vendors. This is true in both IT and manual purchasing systems. The chance of stockouts can also be reduced by internal controls that ensure the accuracy of inventory records. If receiving includes internal controls that ensure counts and inspections of all goods received, the inventory records should be more accurate. Periodic physical counts can also improve the accuracy of inventory levels. c. Following is an example of the structure of a bill of materials. Revise this example to show details of the sub-assembly of the dough and the various components (sauce, toppings, and cheese) and underlying materials (ingredients) that would likely be included on Robatelli’s bill of materials for a large deluxe pizza. See the last page of this document.
Parmesan Cheese
Chapter 12 (Online): Administrative Processes and Controls Continuing Case Solutions: Robatelli’s Pizzeria Do not make these Teaching Notes available for the general public. Please do not post Teaching Notes on an open website where they can be scanned by Google. When the Teaching Notes have been posted openly online in the past, it has caused problems for faculty at other institutions who are using the Teaching Notes in their classes. a. Refer to the process map showing accounting cycle processes in Exhibit 12-5. Which typical special journals and subsidiary ledgers would be needed at Robatelli’s? Which ones would not be needed and why? The special journals that are probably needed are: Sales Purchases Cash disbursements Payroll The subsidiary ledgers that are probably needed are: Accounts payable Inventory Payroll Robatelli’s purchase, accounts payable, and inventory systems are likely to be similar to what most companies have. They purchase, pay for, and maintain a vast inventory of food items, ingredients, and other supplies. Thus, they should have need of purchases, cash disbursements, and payroll special journals, as well as accounts payable, inventory, and payroll subsidiary ledgers. Robatelli’s would maintain detailed information about sales, such as in a sales special journal. It is not likely to be a paper based sales journal. As a retail restaurant, the sales occur within the individual 53 restaurants, from online, and telephone orders. Thus, there may be different forms of sales records. Sales in the restaurant are likely to be collected by the Point of Sale software used at the cash registers. As stated in the case, the sales summaries from each restaurant would be forwarded to the home office and recorded in the general ledger. Online and telephone orders are taken by phone operators at the home office, using the one number ordering system. Online sales are transacted via the website. Therefore the collection and recording of sales data from telephone and online orders are in different software systems. In all of these cases, sales summaries are posted to the general ledger software. Each of these special journals and subsidiary ledgers would be part of the IT systems, and would not be in paper form. Robatelli’s would not need an accounts receivable subsidiary ledger, nor a cash
receipts journal. Robatelli’s does not have sales that are paid at a later date. Sales are cash or credit card transactions. The cash registers record and track cash collections. b. How do the daily close procedures and summarizations that are the responsibility of Robatelli’s restaurant managers fit into the company’s overall accounting cycle process? Use information from the chapter to describe this scenario. These daily close and forwarding of sales summaries serves as the journal voucher to record sales and cash in the general ledger. These summaries are manually keyed into the accounting software.
Chapter 13 (Online): Data and Databases Continuing Case Solutions: Robatelli’s Pizzeria Do not make these Teaching Notes available for the general public. Please do not post Teaching Notes on an open website where they can be scanned by Google. When the Teaching Notes have been posted openly online in the past, it has caused problems for faculty at other institutions who are using the Teaching Notes in their classes. a. Describe the purpose of a data warehouse and describe how Annheuser-Busch uses data warehousing. A data warehouse is a collection of enterprise wide data and external data gathered into a large database. The data warehouse is used by management to support decision-making. As an example, the Anheuser-Busch article regarding BudNet describes a data warehouse of Anheuser-Busch sales data and sales of its competitors. Anheuser-Busch collects detailed data about sales at convenience and grocery stores. When this data is collected into a data warehouse, it can be analyzed to help predict future customer behavior and can allow Anheuser-Busch to better predict sales and inventory stocking levels. b. Describe the purpose and use of data mining and describe how Anheuser-Busch uses data mining. Data mining is the process of analyzing the data in a data warehouse to determine trends, patterns, or relationships in the data. For example, Anheuser-Busch uses data mining to analyze sales of its beer products and its competitors. This analysis helps the company determine stock levels in various stores or neighborhoods. Sales can be compared based on weather conditions, holidays, or other important factors. Such analysis can allow the company to predict future sales of its products on certain days or by location. Anheuser-Busch uses this data to determine sales promotions and can then refine sales promotions based on data mining. c. Describe how data warehousing and data mining can facilitate reporting and analysis at Robatelli’s. A data warehouse and data mining could be similarly used Robatelli’s. Robatelli’s would first need to build a data warehouse that would include detailed sales data by source: store, phone and web. In addition to this internal sales data, the company may be able to buy or develop external data such as weather, neighborhood demographics, sales of competitors, or general local economic conditions. The analysis of this data would help Robatelli’s predict future sales and determine sales promotions that would be effective. For example, Robatelli’s could gain a better understanding of sales volume for certain weather conditions, certain holidays, and various promotional pricing structures. This could possibly be done without data mining, but it would be a much
more time consuming and labor intensive task. Data mining uses the power of the computer to analyze large volumes of data to search for sales patterns or trends.
Chapter 14 (Online): E-Commerce and E-Business Continuing Case Solutions: Robatelli’s Pizzeria Do not make these Teaching Notes available for the general public. Please do not post Teaching Notes on an open website where they can be scanned by Google. When the Teaching Notes have been posted openly online in the past, it has caused problems for faculty at other institutions who are using the Teaching Notes in their classes. a. Discuss whether Robatelli’s Internet order activities can be termed e-commerce. Yes, Robatelli’s is engaged in e-commerce. E-commerce is generally considered to be internet sales between a business and end-user consumers. b. Given the privacy practices described in the AICPA Trust Principles, describe the kind of customer data that Robatelli’s could reasonably collect and store, and also describe some data that Robatelli’s should not collect and store. Explain the reasons for these differences. Robatelli’s must have name, address, and phone number at a minimum. If the customer pays by credit card, they would also need credit card type, number, expiration date, and the name as it appears on the card. Robatelli’s does not need personal information or characteristics about the customer such as age, birth date, height, weight, social security number, marital status, drivers’ license number, or family income. The are two major differences in the types of data above. The first set is absolutely necessary to complete the transaction, while the second set is not needed. In addition, the second set is more personal and people are more often unwilling to share that information with businesses. There is also a “behind the scenes” data collection. If desired, Robatelli’s could maintain data about customers’ order history. As described in chapter 13, Robatelli’s might use such data for data mining and analysis. c. Describe the internal controls related to Internet orders that Robatelli’s should have in place. The entire set of hacking and network break-in controls would be beneficial to Robatelli’s. This would include firewall, encryption, security policies, security breach resolution policies, secure socket layers (SSL), anti-virus software, vulnerability assessment, penetration testing, and intrusion detection. There is no indication in the case that a wireless network is used and therefore, the wireless network controls may not be necessary. Most businesses that sell via the Internet do ask the customer to log-in using a user ID and password, but it would not be practical to use other authentication controls such as biometric devices, security tokens, access levels, or authority tables.
In addition, the software that Robatelli’s uses to process e-commerce orders should have data validation controls in place. These controls would help lessen data input errors as customers place orders. These would include field check, validity check, limit check, and completeness check. The use of drop-down boxes for customer choices can also reduce input errors.